From ebd93e9389e630450e5b052a18a6a6fc8d05f611 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 28 May 2018 16:40:30 +0200
Subject: refactore code to use EAAF core components

---
 .../moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java | 6 +++---
 .../modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java    | 6 +++---
 .../modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java   | 6 +++---
 3 files changed, 9 insertions(+), 9 deletions(-)

(limited to 'id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src')

diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
index 0cef4cb41..2e09bf55c 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
@@ -29,12 +29,12 @@ import javax.annotation.PostConstruct;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
-import at.gv.egovernment.moa.id.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks.FirstBKAMobileAuthTask;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
index 43043ddd6..37ee3f201 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
@@ -53,12 +53,12 @@ import com.google.gson.JsonObject;
 import com.google.gson.JsonParseException;
 import com.google.gson.JsonParser;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
index 4b18e7112..5c70b2628 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
@@ -31,11 +31,11 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-- 
cgit v1.2.3


From cd5cef47db73c85cbb2defdec3b283655fdc859b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 5 Jun 2018 10:46:41 +0200
Subject: update SL20 implementation

---
 .../VerifyXMLSignatureResponseValidator.java       |   7 +-
 .../moa/id/moduls/AuthenticationManager.java       |  18 +-
 .../pvp2x/utils/AssertionAttributeExtractor.java   |   1 -
 .../moa/id/auth/AuthenticationServer.java          |   6 +-
 .../bkamobileauthtests/BKAMobileAuthModule.java    |  19 +-
 .../tasks/FirstBKAMobileAuthTask.java              |   2 +-
 .../src/main/resources/BKAMobileAuth.process.xml   |  14 +-
 .../main/resources/moaid_bka_mobileauth.beans.xml  |   2 +-
 .../moa-id-module-sl20_authentication/pom.xml      |   5 +
 .../sl20_auth/SL20AuthenticationModulImpl.java     |  26 +-
 .../modules/sl20_auth/sl20/JsonSecurityUtils.java  |  15 +-
 .../auth/modules/sl20_auth/sl20/SL20Constants.java |   8 +-
 .../sl20_auth/sl20/SL20HttpBindingUtils.java       |   6 +-
 .../sl20_auth/sl20/SL20JSONBuilderUtils.java       |  15 +-
 .../sl20_auth/sl20/SL20JSONExtractorUtils.java     |  89 +++--
 .../sl20/verifier/QualifiedeIDVerifier.java        |  76 ++++-
 .../sl20_auth/tasks/CreateQualeIDRequestTask.java  |  79 +++--
 .../sl20_auth/tasks/ReceiveQualeIDTask.java        |  41 ++-
 .../sl20_auth/tasks/VerifyQualifiedeIDTask.java    |  62 +---
 .../modules/sl20_auth/EIDDataVerifier_ATrust.java  |  42 +++
 .../modules/sl20_auth/EIDDataVerifier_OwnTest.java |  41 +++
 .../sl20_auth/dummydata/DummyAuthConfig.java       | 376 +++++++++++++++++++++
 .../auth/modules/sl20_auth/dummydata/DummyOA.java  | 264 +++++++++++++++
 .../modules/sl20_auth/eIDDataVerifierTest.java     | 105 ++++++
 .../src/test/resources/SpringTest-context.xml      |  13 +
 .../src/test/resources/tests/eIDdata_atrust.json   |  14 +
 .../src/test/resources/tests/eIDdata_own_test.json |   8 +
 27 files changed, 1167 insertions(+), 187 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json

(limited to 'id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 832aa58c6..407454c2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -57,12 +57,12 @@ import java.util.Set;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import iaik.asn1.structures.Name;
 import iaik.security.ec.common.ECPublicKey;
@@ -113,7 +113,8 @@ public class VerifyXMLSignatureResponseValidator {
   public void validate(IVerifiyXMLSignatureResponse verifyXMLSignatureResponse,
                        List<String> identityLinkSignersSubjectDNNames, 
                        String whatToCheck,
-                       IOAAuthParameters oaParam)
+                       IOAAuthParameters oaParam,
+                       AuthConfiguration authConfig)
     throws ValidateException, ConfigurationException {
 
     if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0)
@@ -140,7 +141,7 @@ public class VerifyXMLSignatureResponseValidator {
     }
     
     //check QC 
-    if (AuthConfigurationProviderFactory.getInstance().isCertifiacteQCActive() &&
+    if (authConfig.isCertifiacteQCActive() &&
     		!whatToCheck.equals(CHECK_IDENTITY_LINK) &&
     		!verifyXMLSignatureResponse.isQualifiedCertificate()) {
     	    	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index a24683545..e093ce1e2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -317,9 +317,10 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 	 * @param httpReqParam http parameter name, but never null
 	 */
 	public void addParameterNameToWhiteList(String httpReqParam) {
-		if (MiscUtil.isNotEmpty(httpReqParam))
-			reqParameterWhiteListeForModules.add(httpReqParam);
-		
+		if (MiscUtil.isNotEmpty(httpReqParam)) {
+			if (!reqParameterWhiteListeForModules.contains(httpReqParam))
+				reqParameterWhiteListeForModules.add(httpReqParam);
+		}
 	}
 	
 	/**
@@ -328,8 +329,11 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 	 * @param httpReqParam http header name, but never null
 	 */
 	public void addHeaderNameToWhiteList(String httpReqParam) {
-		if (MiscUtil.isNotEmpty(httpReqParam))
-			reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase());
+		if (MiscUtil.isNotEmpty(httpReqParam)) {
+			if (!reqHeaderWhiteListeForModules.contains(httpReqParam.toLowerCase()))
+				reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase());
+			
+		}
 		
 	}
 	
@@ -439,8 +443,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 			while(reqHeaderNames.hasMoreElements()) { 
 				String paramName = reqHeaderNames.nextElement();
 				if (MiscUtil.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) ) {
-					executionContext.put(paramName, 
-							StringEscapeUtils.escapeHtml(httpReq.getHeader(paramName)));				
+					executionContext.put(paramName.toLowerCase(), 
+							StringEscapeUtils.escapeHtml(httpReq.getHeader(paramName.toLowerCase())));				
 				}
 			}			
 		}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index 5b1d952ff..4a0cec6e4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -309,7 +309,6 @@ public class AssertionAttributeExtractor {
 	}
 	
 	private void internalInitialize() {
-		internalInitialize();
 		if (assertion.getAttributeStatements() != null &&
 				assertion.getAttributeStatements().size() > 0) {
 			AttributeStatement attrStat = assertion.getAttributeStatements().get(0);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index a67b27315..7ea4ee436 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -311,7 +311,8 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 				verifyXMLSignatureResponse,
 				authConfig.getIdentityLinkX509SubjectNames(),
 				VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK,
-				oaParam);
+				oaParam,
+				authConfig);
 
 		session.setIdentityLink(identityLink);
 		// now validate the extended infoboxes
@@ -1001,7 +1002,8 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		// validates the <VerifyXMLSignatureResponse>
 		VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp,
 				null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK,
-				oaParam);
+				oaParam,
+				authConfig);
 
 		// Compare AuthBlock Data with information stored in session, especially
 		// date and time
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
index 0cef4cb41..853d1b6a4 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
@@ -45,7 +45,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  */
 public class BKAMobileAuthModule implements AuthModule {
 
-	private int priority = 1;
+	private int priority = 2;
 	
 	@Autowired(required=true) protected AuthConfiguration authConfig;
 	@Autowired(required=true) private AuthenticationManager authManager;
@@ -67,7 +67,6 @@ public class BKAMobileAuthModule implements AuthModule {
 	public void setPriority(int priority) {
 		this.priority = priority;
 	}
-
 	
 	@PostConstruct
 	public void initialDummyAuthWhiteList() {
@@ -84,6 +83,8 @@ public class BKAMobileAuthModule implements AuthModule {
 		
 		//parameter to whiteList
 		authManager.addParameterNameToWhiteList(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW);
+//		authManager.addHeaderNameToWhiteList("SL2ClientType");
+//		authManager.addHeaderNameToWhiteList("X-MOA-VDA");
 	}
 	
 	/* (non-Javadoc)
@@ -92,12 +93,22 @@ public class BKAMobileAuthModule implements AuthModule {
 	@Override
 	public String selectProcess(ExecutionContext context) {		
 		String spEntityID = (String) context.get(MOAIDAuthConstants.PROCESSCONTEXT_UNIQUE_OA_IDENTFIER);
-		if (MiscUtil.isNotEmpty(spEntityID)) {				
-			if (uniqueIDsDummyAuthEnabled.contains(spEntityID)) {
+		String sl20ClientTypeHeader = (String) context.get("SL2ClientType".toLowerCase());
+		String sl20VDATypeHeader = (String)  context.get("X-MOA-VDA".toLowerCase());				
+		if (MiscUtil.isNotEmpty(spEntityID)) {
+			Logger.trace("Check dummy-auth for SP: " + spEntityID);
+			
+			
+			if ( (uniqueIDsDummyAuthEnabled.contains(spEntityID))) {
 				String eIDBlob = (String)context.get(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW);
 				if (eIDBlob != null && MiscUtil.isNotEmpty(eIDBlob.trim())) {				
 					return "BKAMobileAuthentication";
 					
+				} else if (MiscUtil.isNotEmpty(sl20ClientTypeHeader) 
+						&& MiscUtil.isNotEmpty(sl20VDATypeHeader) && sl20VDATypeHeader.equals("0")) {
+					Logger.info("Find dummy-auth request for oe.gv.at demos ... ");
+					return "BKAMobileAuthentication";
+					
 				} else {
 					Logger.debug("Dummy-auth are enabled for " + spEntityID + " but no '"
 							+ FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW + "' req. parameter available.");
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
index 43043ddd6..15cf298f1 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
@@ -112,7 +112,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 			}
 								
 			parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession(), eIDBlobRawB64);
-			
+		
 		} catch (MOAIDException e) {
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
 			
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml
index 6f41f347a..07faeae88 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml
@@ -5,17 +5,17 @@
 	STORK authentication both with C-PEPS supporting xml signatures and with C-PEPS not supporting xml signatures.
 -->
 	<pd:Task id="firstStep"                            class="FirstBKAMobileAuthTask" />
-	<pd:Task id="secondStep"                           class="SecondBKAMobileAuthTask" async="true" />
-	<pd:Task id="finalizeAuthentication" 							 class="FinalizeAuthenticationTask" />
+	<pd:Task id="secondStep"                           class="SecondBKAMobileAuthTask" />
+	<pd:Task id="finalizeAuthentication" 			   class="FinalizeAuthenticationTask" />
 
 	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
 	<pd:StartEvent id="start" />
 	
-	<pd:Transition from="start" to="firstStep" />	
-	<!-- pd:Transition from="firstStep" to="secondStep"/>			
-	<pd:Transition from="secondStep" to="finalizeAuthentication" /-->
-	
-	<pd:Transition from="firstStep" to="finalizeAuthentication" />
+	<pd:Transition from="start" to="secondStep" />				
+	<pd:Transition from="secondStep" to="finalizeAuthentication" />
+
+<!-- 	<pd:Transition from="firstStep" to="secondStep"/> -->	
+	<!-- <pd:Transition from="firstStep" to="finalizeAuthentication" /> -->
 	
 	<pd:Transition from="finalizeAuthentication"    to="end" />
 	
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml
index ef13b0348..79f29e08c 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml
@@ -10,7 +10,7 @@
 		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
 
 	<bean id="BKAMobileAuthModule" class="at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.BKAMobileAuthModule">
-		<property name="priority" value="1" />
+		<property name="priority" value="4" />
 	</bean>
  						
 
diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml
index d08e0f0ec..5b682538c 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml
+++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml
@@ -58,6 +58,11 @@
   	</dependency>
   
   
+  	<dependency>
+		<groupId>org.springframework</groupId>
+		<artifactId>spring-test</artifactId>
+		<scope>test</scope>
+	</dependency>
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
index a4044ce21..367e7b604 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
@@ -22,6 +22,9 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.sl20_auth;
 
+import java.util.Arrays;
+import java.util.List;
+
 import javax.annotation.PostConstruct;
 
 import org.apache.commons.lang3.StringUtils;
@@ -38,10 +41,10 @@ import at.gv.egovernment.moa.logging.Logger;
  * @author tlenz
  *
  */
-public class SL20AuthenticationModulImpl implements AuthModule {
-
+public class SL20AuthenticationModulImpl implements AuthModule {	
 	private int priority = 3;
-
+	public static final List<String> VDA_TYPE_IDS = Arrays.asList("1", "2", "3", "4");
+	
 	@Autowired(required=true) protected AuthConfiguration authConfig;
 	@Autowired(required=true) private AuthenticationManager authManager;
 	
@@ -62,6 +65,7 @@ public class SL20AuthenticationModulImpl implements AuthModule {
 	protected void initalSL20Authentication() {
 		//parameter to whiteList
 		authManager.addHeaderNameToWhiteList(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE);
+		authManager.addHeaderNameToWhiteList(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE);
 		
 	}
 	
@@ -71,17 +75,23 @@ public class SL20AuthenticationModulImpl implements AuthModule {
 	 */
 	@Override
 	public String selectProcess(ExecutionContext context) {
-		if (StringUtils.isNotBlank((String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase())) ||
-				StringUtils.isNotBlank((String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE))) { 
-			Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE +  "' header found");
+		String sl20ClientTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase());
+		String sl20VDATypeHeader = (String)  context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
+		
+		if ( StringUtils.isNotBlank(sl20ClientTypeHeader) 
+//				&& (
+//						StringUtils.isNotBlank(sl20VDATypeHeader) 
+//						//&& VDA_TYPE_IDS.contains(sl20VDATypeHeader.trim())
+//				   ) 
+				) {
+			Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE +  "' header found");			
 			return "SL20Authentication";
 			
 		} else {
 			Logger.trace("No '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE +  "' header found");
 			return null;
 			
-		}
-		
+		}		
 	}
 
 	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
index 2563c7f7d..c95e0b731 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
@@ -1,9 +1,11 @@
 package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20;
 
+import java.io.IOException;
 import java.security.Key;
 import java.security.KeyStore;
 import java.security.PrivateKey;
 import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -36,6 +38,7 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoPars
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.utils.X509Utils;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.KeyStoreUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -143,8 +146,11 @@ public class JsonSecurityUtils implements IJOSETools{
 			//set signing information
 			jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
 			jws.setKey(signPrivKey);
-			jws.setCertificateChainHeaderValue(signCertChain);
-		
+			
+			//TODO:
+			//jws.setCertificateChainHeaderValue(signCertChain);
+			jws.setX509CertSha256ThumbprintHeaderValue(signCertChain[0]);
+						
 			return jws.getCompactSerialization();
 			
 		} catch (JoseException e) {
@@ -181,6 +187,11 @@ public class JsonSecurityUtils implements IJOSETools{
 				} else {
 					Logger.info("Can NOT find JOSE certificate in truststore.");
 					Logger.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString());
+					try {
+						Logger.debug("Cert: " + Base64Utils.encode(sortedX5cCerts.get(0).getEncoded()));
+					} catch (CertificateEncodingException | IOException e) {
+						e.printStackTrace();
+					}
 					
 				}
 				
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java
index 33bb4fe36..658384578 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java
@@ -8,7 +8,7 @@ import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers;
 import org.jose4j.jws.AlgorithmIdentifiers;
 
 public class SL20Constants {
-	public static final String CURRENT_SL20_VERSION = "10";
+	public static final int CURRENT_SL20_VERSION = 10;
 	
 	//http binding parameters
 	public static final String PARAM_SL20_REQ_COMMAND_PARAM = "slcommand";
@@ -18,6 +18,7 @@ public class SL20Constants {
 	public static final String PARAM_SL20_REQ_TRANSACTIONID = "slTransactionID";
 	
 	public static final String HTTP_HEADER_SL20_CLIENT_TYPE = "SL2ClientType";
+	public static final String HTTP_HEADER_SL20_VDA_TYPE = "X-MOA-VDA";
 	public static final String HTTP_HEADER_VALUE_NATIVE = "nativeApp";
 	
 	
@@ -129,8 +130,9 @@ public class SL20Constants {
 	public static final String SL20_COMMAND_PARAM_EID_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; 
 	public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES = "attributes";
 	public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE = "MANDATE-REFERENCE-VALUE";
-	public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID = "SP-FRIENDLYNAME";
-	public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME = "SP-UNIQUEID";
+	public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID = "SP-UNIQUEID";
+	public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME = "SP-FRIENDLYNAME";
+	public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE = "SP-COUNTRYCODE";
 	public static final String SL20_COMMAND_PARAM_EID_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE;
 	public static final String SL20_COMMAND_PARAM_EID_RESULT_IDL = "EID-IDENTITY-LINK";
 	public static final String SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK = "EID-AUTH-BLOCK";
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java
index cc7137a0f..169cb8e73 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java
@@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20;
 
 import java.io.IOException;
 import java.io.StringWriter;
-import java.io.UnsupportedEncodingException;
 import java.net.URISyntaxException;
 
 import javax.servlet.http.HttpServletRequest;
@@ -10,6 +9,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.apache.http.client.utils.URIBuilder;
 import org.apache.http.entity.ContentType;
+import org.jose4j.base64url.Base64Url;
 
 import com.google.gson.JsonObject;
 
@@ -33,7 +33,9 @@ public class SL20HttpBindingUtils {
 		} else {
 			Logger.debug("Client request containts is no native client ... ");
 			URIBuilder clientRedirectURI = new URIBuilder(redirectURL);
-			clientRedirectURI.addParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, sl20Forward.toString());
+			clientRedirectURI.addParameter(
+					SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, 
+					Base64Url.encode(sl20Forward.toString().getBytes()));
 			response.setStatus(307);
 			response.setHeader("Location", clientRedirectURI.build().toString());
 			
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java
index 52d7e1e67..d5dec1fe1 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java
@@ -387,7 +387,7 @@ public class SL20JSONBuilderUtils {
 	 */
 	public static JsonObject createGenericRequest(String reqId, String transactionId, JsonElement payLoad, String signedPayload) throws SLCommandoBuildException {
 		JsonObject req = new JsonObject();
-		addSingleStringElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true);
+		addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true);
 		addSingleStringElement(req, SL20Constants.SL20_REQID, reqId, true);
 		addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false);		
 		addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, 
@@ -411,7 +411,7 @@ public class SL20JSONBuilderUtils {
 			JsonElement payLoad, String signedPayload) throws SLCommandoBuildException {
 		
 		JsonObject req = new JsonObject();
-		addSingleStringElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true);
+		addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true);
 		addSingleStringElement(req, SL20Constants.SL20_RESPID, respId, true);
 		addSingleStringElement(req, SL20Constants.SL20_INRESPTO, inResponseTo, true);
 		addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false);		
@@ -568,6 +568,17 @@ public class SL20JSONBuilderUtils {
 		
 	}
 	
+	private static void addSingleIntegerElement(JsonObject parent, String keyId, Integer value, boolean isRequired) throws SLCommandoBuildException {
+		validateParentAndKey(parent, keyId);
+		
+		if (isRequired && value == null)
+			throw new SLCommandoBuildException(keyId + " has an empty value");
+		
+		else if (value != null)
+			parent.addProperty(keyId, value);
+		
+	}
+	
 	private static void addSingleJSONElement(JsonObject parent, String keyId, JsonElement element, boolean isRequired) throws SLCommandoBuildException {
 		validateParentAndKey(parent, keyId);
 		
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
index 6949b7a18..2e81d9c64 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
@@ -1,7 +1,6 @@
 package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20;
 
 import java.io.InputStreamReader;
-import java.net.URLDecoder;
 import java.util.Base64;
 import java.util.HashMap;
 import java.util.Iterator;
@@ -13,6 +12,7 @@ import org.apache.http.HttpEntity;
 import org.apache.http.HttpResponse;
 import org.apache.http.client.utils.URIBuilder;
 import org.apache.log4j.Logger;
+import org.jose4j.base64url.Base64Url;
 
 import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
@@ -107,45 +107,64 @@ public class SL20JSONExtractorUtils {
 	}
 	
 	/**
-	 * Extract Map of Key/Value pairs from a JSON Array 
+	 * Extract Map of Key/Value pairs from a JSON Element
 	 * 
-	 * @param input
-	 * @param keyID
+	 * @param input parent JSON object
+	 * @param keyID KeyId of the child that should be parsed
 	 * @param isRequired
 	 * @return
 	 * @throws SLCommandoParserException
 	 */
 	public static Map<String, String> getMapOfStringElements(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException {
 		JsonElement internal = getAndCheck(input, keyID, isRequired);
+		return getMapOfStringElements(internal);
 		
+	}
+	
+	/**
+	 * Extract Map of Key/Value pairs from a JSON Element 
+	 * 
+	 * @param input
+	 * @return
+	 * @throws SLCommandoParserException
+	 */
+	public static Map<String, String> getMapOfStringElements(JsonElement input) throws SLCommandoParserException {		
 		Map<String, String> result = new HashMap<String, String>();
 				
-		if (internal != null) {
-			if (!internal.isJsonArray())
-				throw new SLCommandoParserException("JSON Element IS NOT a JSON array");
-
-			Iterator<JsonElement> arrayIterator = internal.getAsJsonArray().iterator();
-			while(arrayIterator.hasNext()) {
-				//JsonObject next = arrayIterator.next().getAsJsonObject();
-				//result.put(
-				//		next.get(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_KEY).getAsString(), 
-				//		next.get(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_VALUE).getAsString());
-				JsonElement next = arrayIterator.next();				
-				Iterator<Entry<String, JsonElement>> entry = next.getAsJsonObject().entrySet().iterator();
-				while (entry.hasNext()) {
-					Entry<String, JsonElement> el = entry.next();
-					if (result.containsKey(el.getKey()))
-						log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... ");
-						
-					result.put(el.getKey(), el.getValue().getAsString());
+		if (input != null) {
+			if (input.isJsonArray()) {			
+				Iterator<JsonElement> arrayIterator = input.getAsJsonArray().iterator();
+				while(arrayIterator.hasNext()) {
+					JsonElement next = arrayIterator.next();				
+					Iterator<Entry<String, JsonElement>> entry = next.getAsJsonObject().entrySet().iterator();
+					entitySetToMap(result, entry);
 					
-				}				
-			}						
+				}
+				
+			} else if (input.isJsonObject()) {
+				Iterator<Entry<String, JsonElement>> objectKeys = input.getAsJsonObject().entrySet().iterator();
+				entitySetToMap(result, objectKeys);
+				
+			} else
+				throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON object");
+			
 		}
 		
 		return result;
 	}
 	
+	private static void entitySetToMap(Map<String, String> result, Iterator<Entry<String, JsonElement>> entry) {
+		while (entry.hasNext()) {
+			Entry<String, JsonElement> el = entry.next();
+			if (result.containsKey(el.getKey()))
+				log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... ");
+			
+			result.put(el.getKey(), el.getValue().getAsString());
+		
+		}
+		
+	}
+	
 	
 	public static JsonElement extractSL20Result(JsonObject command, IJOSETools decrypter, boolean mustBeEncrypted) throws SL20Exception {
 		JsonElement result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT);
@@ -207,19 +226,21 @@ public class SL20JSONExtractorUtils {
 		if (sl20Payload == null && sl20SignedPayload == null)
 			throw new SLCommandoParserException("NO payLoad OR signedPayload FOUND.");		
 		
-		else if (sl20Payload == null && sl20SignedPayload == null) 
-			throw new SLCommandoParserException("payLoad AND signedPayload FOUND. Can not used twice");
-		
+		//TODO:
+		//else if (sl20Payload != null && sl20SignedPayload != null) { 
+		    //log.warn("Find 'signed' AND 'unsigned' SL2.0 payload");
+			//throw new SLCommandoParserException("payLoad AND signedPayload FOUND. Can not used twice");
+		//}
 		else if (sl20SignedPayload == null && mustBeSigned)
 			throw new SLCommandoParserException("payLoad MUST be signed.");
+
+		else if (joseTools != null && sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) {	
+			return joseTools.validateSignature(sl20SignedPayload.getAsString());
 		
-		else if (sl20Payload != null)
+		} else if (sl20Payload != null)
 			return new VerificationResult(sl20Payload.getAsJsonObject());
 		
-		else if (sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) {	
-			return joseTools.validateSignature(sl20SignedPayload.getAsString());
-						
-		} else
+		 else
 			throw new SLCommandoParserException("Internal build error");
 			
 		
@@ -242,10 +263,10 @@ public class SL20JSONExtractorUtils {
 					throw new SLCommandoParserException("Find Redirect statuscode but not Location header");
 			
 				String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue();
-				sl20Resp = new JsonParser().parse(URLDecoder.decode(sl20RespString)).getAsJsonObject();
+				sl20Resp = new JsonParser().parse(Base64Url.encode((sl20RespString.getBytes()))).getAsJsonObject();
 			
 			} else if (httpResp.getStatusLine().getStatusCode() == 200) {
-				if (!httpResp.getEntity().getContentType().getValue().equals("application/json;charset=UTF-8"))
+				if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json"))
 					throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue());					
 				sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity());
 		
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
index d07d7a78a..a7253c2c6 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
@@ -1,14 +1,22 @@
 package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier;
 
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
+import java.util.Arrays;
 import java.util.Date;
 import java.util.List;
 
 import org.jaxen.SimpleNamespaceContext;
+import org.opensaml.Configuration;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
 import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
 
 import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
-import at.gv.egovernment.moa.id.auth.exception.ValidateException;
 import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20eIDDataValidationException;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
@@ -22,10 +30,12 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
 
 
 public class QualifiedeIDVerifier {
@@ -69,21 +79,22 @@ public class QualifiedeIDVerifier {
 			verifyXMLSignatureResponse,
 			authConfig.getIdentityLinkX509SubjectNames(),
 			VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK,
-			oaParam);
+			oaParam,
+			authConfig);
 
 				
 	}
 	
 	public static IVerifiyXMLSignatureResponse verifyAuthBlock(String authBlockB64, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException, IOException {
 		String trustProfileId = authConfig.getMoaSpAuthBlockTrustProfileID(oaParam.isUseAuthBlockTestTestStore());
-		List<String> verifyTransformsInfoProfileID = null;
+		List<String> verifyTransformsInfoProfileID = Arrays.asList("SL20Authblock_v1.0");
 		
 		SignatureVerificationUtils sigVerify = new SignatureVerificationUtils();
 		IVerifiyXMLSignatureResponse sigVerifyResult = sigVerify.verify(Base64Utils.decode(authBlockB64, false), trustProfileId , verifyTransformsInfoProfileID);
 						
 		// validates the <VerifyXMLSignatureResponse>
 		VerifyXMLSignatureResponseValidator.getInstance().validate(sigVerifyResult,
-					null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, oaParam);
+					null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, oaParam, authConfig);
 
 		return sigVerifyResult;
 				
@@ -120,7 +131,7 @@ public class QualifiedeIDVerifier {
 			// date and time
 			validateSigningDateTime(sigVerifyResult, authBlockExtractor);
 			
-		} catch ( ValidateException e) {
+		} catch ( Exception e) {
 			Logger.warn("Validation of eID information FAILED. ", e);
 			throw new SL20eIDDataValidationException(new Object[] {
 					SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL,
@@ -134,6 +145,59 @@ public class QualifiedeIDVerifier {
 		
 	}
 	
+	public static Assertion parseAuthBlockToSaml2Assertion(String authblockB64) throws SL20eIDDataValidationException {
+		try {
+			//parse authBlock into SAML2 Assertion
+			byte[] authBlockBytes = Base64Utils.decode(authblockB64, false);			
+			Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authBlockBytes));			
+				
+			//A-Trust workarounda
+//			Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authblockB64.getBytes()));
+//			Element authBlockDOM = DOMUtils.parseXmlNonValidating(new ByteArrayInputStream(authblockB64.getBytes()));
+			
+			DefaultBootstrap.bootstrap();
+			UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
+			Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDOM);			 
+			XMLObject samlAssertion = unmarshaller.unmarshall(authBlockDOM);
+			
+			//validate SAML2 Assertion
+			SAML2Utils.schemeValidation(samlAssertion);
+			
+			if (samlAssertion instanceof Assertion)			
+				return (Assertion) samlAssertion;			
+			else 
+				throw new SL20eIDDataValidationException(
+						new Object[] {
+							SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+							"AuthBlock is NOT of type SAML2 Assertion"
+						});
+				
+		} catch (SL20eIDDataValidationException e) {
+			throw e;
+				
+		} catch (SAXException e) {
+			Logger.info("Scheme validation of SAML2 AuthBlock FAILED. Reason: " + e.getMessage());
+			throw new SL20eIDDataValidationException(
+					new Object[] {
+						SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+						e.getMessage()
+					}, 
+					e);
+			
+		} catch (Exception e) {
+			Logger.info("Can not parse AuthBlock. Reason: " + e.getMessage());
+			Logger.trace("FullAuthBlock: " + authblockB64);
+			throw new SL20eIDDataValidationException(
+					new Object[] {
+						SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+						e.getMessage()
+					}, 
+					e);
+		
+		}
+						
+	}
+	
 	private static void validateSigningDateTime( IVerifiyXMLSignatureResponse sigVerifyResult, AssertionAttributeExtractor authBlockExtractor) throws SL20eIDDataValidationException {
 		Date signingDate = sigVerifyResult.getSigningDateTime();
 		Date notBefore = authBlockExtractor.getAssertionNotBefore();
@@ -163,7 +227,7 @@ public class QualifiedeIDVerifier {
 				+ " NotBefore:" + notBefore.toString() 
 				+ " NotOrNotAfter:" + notOrNotAfter.toString());
 		
-		if (signingDate.after(notBefore) || signingDate.before(notOrNotAfter))
+		if (signingDate.after(notBefore) && signingDate.before(notOrNotAfter))
 			Logger.debug("Signing date validation successfull");
 		
 		else {
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
index 763454639..26283cab2 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
@@ -4,7 +4,6 @@ import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.Map.Entry;
 
 import javax.net.ssl.SSLSocketFactory;
 import javax.servlet.http.HttpServletRequest;
@@ -17,6 +16,7 @@ import org.apache.http.client.methods.HttpPost;
 import org.apache.http.client.utils.URIBuilder;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.message.BasicNameValuePair;
+import org.jose4j.base64url.Base64Url;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
@@ -39,7 +39,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.util.SSLUtils;
@@ -62,7 +61,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 				IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
 				
 				//get basic configuration parameters
-				String vdaQualeIDUrl = extractVDAURLForSpecificOA(oaConfig);				
+				String vdaQualeIDUrl = extractVDAURLForSpecificOA(oaConfig, executionContext);				
 				if (MiscUtil.isEmpty(vdaQualeIDUrl)) {
 					Logger.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ")");
 					throw new SL20Exception("sl20.03", new Object[]{"NO VDA URL for qualified eID"});
@@ -83,17 +82,21 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 				//build qualifiedeID command
 				Map<String, String> qualifiedeIDParams = new HashMap<String, String>();
 				qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID, oaConfig.getPublicURLPrefix());
-				qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME, oaConfig.getFriendlyName());			
+				qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME, oaConfig.getFriendlyName());
+				qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE, "AT");
 				//qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE, UUID.randomUUID().toString());
 
+				//TODO:
 				JsonObject qualeIDCommandParams = SL20JSONBuilderUtils.createQualifiedeIDCommandParameters(
 						authBlockId, 
 						dataURL, 
 						qualifiedeIDParams, 
-						joseTools.getEncryptionCertificate());
+						//joseTools.getEncryptionCertificate());
+						null);
 								
 				//String qualeIDReqId = UUID.randomUUID().toString();
-				String qualeIDReqId = SAML2Utils.getSecureIdentifier();
+				//TODO: work-Around for A-trust
+				String qualeIDReqId = SAML2Utils.getSecureIdentifier().substring(0, 12);
 				String signedQualeIDCommand = SL20JSONBuilderUtils.createSignedCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID, qualeIDCommandParams, joseTools);
 				JsonObject sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand);
 								
@@ -105,19 +108,21 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 						sslFactory,
 						authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
 				
-				//build post request
+				//build http POST request
 				HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build());								
-				httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE);
 				List<NameValuePair> parameters = new ArrayList<NameValuePair>();;
-				
-				//correct one
-				//parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes())));
-				
-				//A-Trust current version
-				parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM_OLD, sl20Req.toString()));
+				parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes())));
 				httpReq.setEntity(new UrlEncodedFormEntity(parameters ));				
 				
+				//build http GET request
+//				URIBuilder sl20ReqUri = new URIBuilder(vdaQualeIDUrl);
+//				sl20ReqUri.addParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes()));
+//				HttpGet httpReq = new HttpGet(sl20ReqUri.build());
 				
+				//set native client header
+				httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE);
+
+				Logger.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes()));
 				
 				//request VDA
 				HttpResponse httpResp = httpClient.execute(httpReq);
@@ -190,26 +195,40 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 			
 	}
 	
-	private String extractVDAURLForSpecificOA(IOAAuthParameters oaConfig) {		
-		Map<String, String> listOfVDAs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
-		Map<String, String> listOfSPs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_SP_LIST);
+	private String extractVDAURLForSpecificOA(IOAAuthParameters oaConfig, ExecutionContext executionContext) {		
 		
-		for (Entry<String, String> el : listOfSPs.entrySet()) {
-			List<String> spEntityIds = KeyValueUtils.getListOfCSVValues(el.getValue());
-			if (spEntityIds.contains(oaConfig.getPublicURLPrefix())) {
-				Logger.trace("Select VDA endPoint with Id: " + el.getKey());
-				if (listOfVDAs.containsKey(el.getKey()))					
-					return listOfVDAs.get(el.getKey());
-				
-				else
-					Logger.info("No VDA endPoint with Id: " + el.getKey());
-				
-			} else
-				Logger.trace("SP list: " + el.getKey() + " does not contain OAIdentifier: " + oaConfig.getPublicURLPrefix());
+		//selection based on EntityID
+//		Map<String, String> listOfVDAs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
+//		Map<String, String> listOfSPs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_SP_LIST);
+//		
+//		for (Entry<String, String> el : listOfSPs.entrySet()) {
+//			List<String> spEntityIds = KeyValueUtils.getListOfCSVValues(el.getValue());
+//			if (spEntityIds.contains(oaConfig.getPublicURLPrefix())) {
+//				Logger.trace("Select VDA endPoint with Id: " + el.getKey());
+//				if (listOfVDAs.containsKey(el.getKey()))					
+//					return listOfVDAs.get(el.getKey());
+//				
+//				else
+//					Logger.info("No VDA endPoint with Id: " + el.getKey());
+//				
+//			} else
+//				Logger.trace("SP list: " + el.getKey() + " does not contain OAIdentifier: " + oaConfig.getPublicURLPrefix());
+//			
+//		}
+
+		//selection based on request Header
+		String sl20VDATypeHeader = (String)  executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
+		if (MiscUtil.isNotEmpty(sl20VDATypeHeader)) {
+			String vdaURL = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST + sl20VDATypeHeader);
+			if (MiscUtil.isNotEmpty(vdaURL))
+				return vdaURL.trim();
 			
+			else
+				Logger.info("Can NOT find VDA with Id: " + sl20VDATypeHeader + ". Use default VDA");
+						
 		}
 		
-		Logger.debug("NO SP specific VDA endpoint found. Use default VDA");
+		Logger.info("NO SP specific VDA endpoint found. Use default VDA");
 		return authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT);
 		
 	}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index b7fe579a3..357ecb6ec 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -12,6 +12,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.http.entity.ContentType;
+import org.jose4j.base64url.Base64Url;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
@@ -37,6 +38,7 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.StreamUtils;
 import at.gv.egovernment.moaspss.logging.Logger;
 
 
@@ -55,17 +57,30 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 			try {
 				//get SL2.0 command or result from HTTP request
 				Map<String, String> reqParams = getParameters(request);
-				String sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); 			
+				String sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM);
+				
 				if (MiscUtil.isEmpty(sl20Result)) {
-					Logger.info("NO SL2.0 commando or result FOUND.");
-					throw new SL20Exception("sl20.04", null);
+					
+					//TODO: remove
+					//Workaround for SIC Handy-Signature, because it sends result in InputStream
+					String test = StreamUtils.readStream(request.getInputStream(), "UTF-8");					
+					if (MiscUtil.isNotEmpty(test)) {
+						Logger.info("Use SIC Handy-Signature work-around!");
+						sl20Result = test.substring("slcommand=".length());
+						
+					} else {					
+						Logger.info("NO SL2.0 commando or result FOUND.");
+						throw new SL20Exception("sl20.04", null);
+					}
 					
 				}
-							
+
+				Logger.trace("Received SL2.0 result: " + sl20Result);
+				
 				//parse SL2.0 command/result into JSON			
 				try {
 					JsonParser jsonParser = new JsonParser();
-					JsonElement sl20Req = jsonParser.parse(sl20Result);
+					JsonElement sl20Req = jsonParser.parse(Base64Url.decodeToUtf8String(sl20Result));
 					sl20ReqObj = sl20Req.getAsJsonObject();
 					
 				} catch (JsonSyntaxException e) {
@@ -111,16 +126,13 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 					JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result(
 							payLoad, joseTools, 
 							authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_ENCRYPTION, true));
-					
+
 					//extract attributes from result
-					String idlB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), 
-											SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, true);
-					String authBlockB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), 
-							SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, true);
-					String ccsURL = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), 
-							SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, true);
-					String LoA = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), 
-							SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, true);
+					Map<String, String> eIDData = SL20JSONExtractorUtils.getMapOfStringElements(qualeIDResult);
+					String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL);					
+					String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK);
+					String ccsURL  = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL);					
+					String LoA = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA);
 					
 					//cache qualified eID data into pending request
 					pendingReq.setGenericDataToSession(
@@ -233,6 +245,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				redirectTwoCommand, 
 				null); 
 		
+		//workaround for SIC VDA
 		if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && 
 				request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) {					
 			Logger.debug("Client request containts 'native client' header ... ");												
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
index b5c84d315..cc74bb11a 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
@@ -6,14 +6,8 @@ import java.util.Calendar;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.opensaml.Configuration;
 import org.opensaml.saml2.core.Assertion;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
 import org.springframework.stereotype.Component;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
 
 import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -28,9 +22,7 @@ import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.DateTimeUtils;
 import at.gv.egovernment.moaspss.logging.Logger;
 
@@ -75,7 +67,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 			IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink();
 			IVerifiyXMLSignatureResponse authBlockVerificationResult = null;
 			try {				
-				Assertion authBlock = parseAuthBlockToSaml2Assertion(authBlockB64);
+				Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64);
 				AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock);
 
 			
@@ -126,55 +118,5 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 			TransactionIDUtils.removeSessionId();
 			
 		}
-	}
-
-	private Assertion parseAuthBlockToSaml2Assertion(String authblockB64) throws SL20eIDDataValidationException {
-		try {
-			//parse authBlock into SAML2 Assertion
-			byte[] authBlockBytes = Base64Utils.decode(authblockB64, false);			
-			Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authBlockBytes));
-			UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
-			Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDOM);			 
-			XMLObject samlAssertion = unmarshaller.unmarshall(authBlockDOM);
-			
-			//validate SAML2 Assertion
-			SAML2Utils.schemeValidation(samlAssertion);
-			
-			if (samlAssertion instanceof Assertion)			
-				return (Assertion) samlAssertion;			
-			else 
-				throw new SL20eIDDataValidationException(
-						new Object[] {
-							SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
-							"AuthBlock is NOT of type SAML2 Assertion"
-						});
-				
-		} catch (SL20eIDDataValidationException e) {
-			throw e;
-				
-		} catch (SAXException e) {
-			Logger.info("Scheme validation of SAML2 AuthBlock FAILED. Reason: " + e.getMessage());
-			throw new SL20eIDDataValidationException(
-					new Object[] {
-						SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
-						e.getMessage()
-					}, 
-					e);
-			
-		} catch (Exception e) {
-			Logger.info("Can not parse AuthBlock. Reason: " + e.getMessage());
-			Logger.trace("FullAuthBlock: " + authblockB64);
-			throw new SL20eIDDataValidationException(
-					new Object[] {
-						SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
-						e.getMessage()
-					}, 
-					e);
-		
-		}
-						
-	}
-
-	
-	
+	}	
 }
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java
new file mode 100644
index 000000000..49c11ea05
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java
@@ -0,0 +1,42 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth;
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+
+import org.apache.commons.io.IOUtils;
+import org.junit.Before;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/SpringTest-context.xml")
+public class EIDDataVerifier_ATrust extends eIDDataVerifierTest {
+
+	@Before
+	public void init() throws SLCommandoParserException, IOException {
+		String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_atrust.json")));
+		JsonParser jsonParser = new JsonParser();		
+		JsonObject qualeIDResult = jsonParser.parse(eIDDataString).getAsJsonObject();
+		
+		JsonObject payLoad = SL20JSONExtractorUtils.getJSONObjectValue(qualeIDResult, "payload", true);
+		JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad, "result", true);
+		
+		
+		eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result);
+		if (eIDData == null || eIDData.isEmpty())
+			throw new SLCommandoParserException("Can not load eID data");
+			
+	}
+
+	@Override
+	protected String getSl20ReqId() {
+		return "_28ab8536d068a153e1a";
+	}
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java
new file mode 100644
index 000000000..65460439e
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth;
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+
+import org.apache.commons.io.IOUtils;
+import org.junit.Before;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({	"/SpringTest-context.xml" })
+public class EIDDataVerifier_OwnTest extends eIDDataVerifierTest {
+
+	@Before
+	public void init() throws SLCommandoParserException, IOException {
+		String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_own_test.json")));
+		JsonParser jsonParser = new JsonParser();		
+		JsonElement payLoad = jsonParser.parse(eIDDataString).getAsJsonObject();	
+		JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getAsJsonObject(), "result", true);
+				
+		eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result);
+		if (eIDData == null || eIDData.isEmpty())
+			throw new SLCommandoParserException("Can not load eID data");
+			
+	}
+
+	@Override
+	protected String getSl20ReqId() {
+		return "_57010b7fcc93cc4cf3f2b764389137c2";
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java
new file mode 100644
index 000000000..93e046797
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java
@@ -0,0 +1,376 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata;
+
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IStorkConfig;
+import at.gv.egovernment.moa.id.commons.api.data.ProtocolAllowed;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.util.config.EgovUtilPropertiesConfiguration;
+
+public class DummyAuthConfig implements AuthConfiguration {
+
+	@Override
+	public String getRootConfigFileDir() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getDefaultChainingMode() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getTrustedCACertificates() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isTrustmanagerrevoationchecking() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String[] getActiveProfiles() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Properties getGeneralPVP2ProperiesConfig() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Properties getGeneralOAuth20ProperiesConfig() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public ProtocolAllowed getAllowedProtocols() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Map<String, String> getConfigurationWithPrefix(String Prefix) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getConfigurationWithKey(String key) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getBasicMOAIDConfiguration(String key) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getBasicMOAIDConfiguration(String key, String defaultValue) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public int getTransactionTimeOut() {
+		// TODO Auto-generated method stub
+		return 0;
+	}
+
+	@Override
+	public int getSSOCreatedTimeOut() {
+		// TODO Auto-generated method stub
+		return 0;
+	}
+
+	@Override
+	public int getSSOUpdatedTimeOut() {
+		// TODO Auto-generated method stub
+		return 0;
+	}
+
+	@Override
+	public String getAlternativeSourceID() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getLegacyAllowedProtocols() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public IOAAuthParameters getOnlineApplicationParameter(String oaURL) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException {
+		if (useTestTrustStore)
+			return "MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten";
+		else
+			return "MOAIDBuergerkarteAuthentisierungsDaten";
+	}
+
+	@Override
+	public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public ConnectionParameterInterface getMoaSpConnectionParameter() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public ConnectionParameterInterface getForeignIDConnectionParameter(IOAAuthParameters oaParameters)
+			throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public ConnectionParameterInterface getOnlineMandatesConnectionParameter(IOAAuthParameters oaParameters)
+			throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException {
+		if (useTestTrustStore)			
+			return "MOAIDBuergerkartePersonenbindungMitTestkarten";
+		else
+			return "MOAIDBuergerkartePersonenbindung";
+	}
+
+	@Override
+	public List<String> getTransformsInfos() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getSLRequestTemplates() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getSLRequestTemplates(String type) throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getDefaultBKUURLs() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getDefaultBKUURL(String type) throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getSSOTagetIdentifier() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getSSOFriendlyName() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getSSOSpecialText() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMOASessionEncryptionKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMOAConfigurationEncryptionKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isIdentityLinkResigning() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String getIdentityLinkResigningKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isMonitoringActive() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String getMonitoringTestIdentityLinkURL() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMonitoringMessageSuccess() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isAdvancedLoggingActive() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public List<String> getPublicURLPrefix() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isVirtualIDPsEnabled() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isPVP2AssertionEncryptionActive() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isCertifiacteQCActive() {
+		return true;
+	}
+
+	@Override
+	public IStorkConfig getStorkConfig() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public EgovUtilPropertiesConfiguration geteGovUtilsConfig() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getDocumentServiceUrl() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isStorkFakeIdLActive() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public List<String> getStorkFakeIdLCountries() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getStorkNoSignatureCountries() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getStorkFakeIdLResigningKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isPVPSchemaValidationActive() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public Map<String, String> getConfigurationWithWildCard(String key) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<Integer> getDefaultRevisionsLogEventCodes() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isHTTPAuthAllowed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String[] getRevocationMethodOrder() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
new file mode 100644
index 000000000..2df20edb4
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
@@ -0,0 +1,264 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata;
+
+import java.security.PrivateKey;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
+import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+
+public class DummyOA implements IOAAuthParameters {
+
+	@Override
+	public Map<String, String> getFullConfiguration() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getConfigurationValue(String key) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getFriendlyName() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getPublicURLPrefix() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException {
+		return false;
+	}
+
+	@Override
+	public boolean hasBaseIdTransferRestriction() throws ConfigurationException {
+		return false;
+	}
+
+	@Override
+	public String getAreaSpecificTargetIdentifier() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isInderfederationIDP() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isSTORKPVPGateway() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isRemovePBKFromAuthBlock() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String getKeyBoxIdentifier() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public SAML1ConfigurationParameters getSAML1Parameter() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getTemplateURL() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getAditionalAuthBlockText() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getBKUURL(String bkutype) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getBKUURL() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean useSSO() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean useSSOQuestion() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public List<String> getMandateProfiles() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isShowMandateCheckBox() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isOnlyMandateAllowed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isShowStorkLogin() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String getQaaLevel() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isRequireConsentForStorkAttributes() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public Collection<StorkAttribute> getRequestedSTORKAttributes() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public byte[] getBKUSelectionTemplate() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public byte[] getSendAssertionTemplate() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Collection<CPEPS> getPepsList() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getIDPAttributQueryServiceURL() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isInboundSSOInterfederationAllowed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isInterfederationSSOStorageAllowed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isOutboundSSOInterfederationAllowed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isTestCredentialEnabled() {
+		return true;
+	}
+
+	@Override
+	public List<String> getTestCredentialOIDs() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isUseIDLTestTrustStore() {
+		return true;
+	}
+
+	@Override
+	public boolean isUseAuthBlockTestTestStore() {
+		return true;
+	}
+
+	@Override
+	public PrivateKey getBPKDecBpkDecryptionKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isPassivRequestUsedForInterfederation() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isPerformLocalAuthenticationOnInterfederationError() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public Collection<StorkAttributeProviderPlugin> getStorkAPs() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<Integer> getReversionsLoggingEventCodes() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
new file mode 100644
index 000000000..52743c9da
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
@@ -0,0 +1,105 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth;
+
+import java.io.ByteArrayInputStream;
+import java.util.Map;
+
+import org.junit.Test;
+import org.opensaml.saml2.core.Assertion;
+
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyAuthConfig;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyOA;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier.QualifiedeIDVerifier;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.Configurator;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moaspss.logging.LoggingContext;
+import at.gv.egovernment.moaspss.logging.LoggingContextManager;
+import iaik.security.ec.provider.ECCelerate;
+import iaik.security.provider.IAIK;
+
+public abstract class eIDDataVerifierTest {
+	 
+	protected Map<String, String> eIDData = null;
+		
+	@Test
+	public void dummyTest() throws Exception {
+		
+		
+	}
+	
+	@Test
+	public void parseIdl() throws Exception {
+		String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL);
+		if (MiscUtil.isEmpty(idlB64))
+			throw new Exception("NO IDL found");
+		
+		IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink();
+		
+		if (idl == null) 
+			throw new Exception("IDL parsing FAILED");
+		
+	}
+	
+	@Test
+	public void parseAuthBlock() throws Exception {
+		String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK);
+		if (MiscUtil.isEmpty(authBlockB64))
+			throw new Exception("NO AuthBlock found");
+		
+		Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64);
+		new AssertionAttributeExtractor(authBlock);
+				
+	}
+	
+	@Test
+	public void checkIDLAgainstAuthblock() throws Exception {
+		String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK);
+		String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL);
+		if (MiscUtil.isEmpty(idlB64))
+			throw new Exception("NO IDL found");	
+		if (MiscUtil.isEmpty(authBlockB64))
+			throw new Exception("NO AuthBlock found");
+		
+		IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink();
+		Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64);
+		AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock);
+				
+		IOAAuthParameters dummyOA = new DummyOA();
+		AuthConfiguration dummyAuthConfig = new DummyAuthConfig();
+		
+		Logger.info("Loading Java security providers.");
+		System.setProperty("moa.spss.server.configuration", "F:\\Projekte\\configs\\moa-spss\\MOASPSSConfiguration.xml");
+
+	    IAIK.addAsProvider();                
+	    ECCelerate.addAsProvider(); 
+        try {
+        	LoggingContextManager.getInstance().setLoggingContext(
+                    new LoggingContext("startup"));
+        	Logger.debug("Starting MOA-SPSS initialization process ... ");
+        	Configurator.getInstance().init();        	
+        	Logger.info("MOA-SPSS initialization complete ");
+        	                       
+         } catch (MOAException e) {
+        	 Logger.error("MOA-SP initialization FAILED!", e.getWrapped()); 
+             throw new ConfigurationException("config.10", new Object[] { e
+                      .toString() }, e);
+		}
+	    				
+		QualifiedeIDVerifier.verifyIdentityLink(idl, dummyOA , dummyAuthConfig);
+		IVerifiyXMLSignatureResponse authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, dummyOA , dummyAuthConfig);
+		QualifiedeIDVerifier.checkConsistencyOfeIDData(getSl20ReqId(), idl, authBlockExtractor, authBlockVerificationResult);
+		
+	}
+	
+	protected abstract String getSl20ReqId();
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml
new file mode 100644
index 000000000..011d1ed64
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:aop="http://www.springframework.org/schema/aop"
+	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+															
+</beans>
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json
new file mode 100644
index 000000000..09190574d
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json
@@ -0,0 +1,14 @@
+{
+  "v": 10,
+  "respID": "Cl6uQjZlOWFjUEbtyXb0",
+  "inResponseTo": "_28ab8536d068a153e1a",
+  "payload": {
+    "name": "qualifiedeID",
+    "result": {
+      "EID-IDENTITY-LINK": "PHNhbWw6QXNzZXJ0aW9uIEFzc2VydGlvbklEPSJzenIuYm1pLmd2LmF0LUFzc2VydGlvbklEMTUyNzY2OTEwMDU5MTI3NDQiIElzc3VlSW5zdGFudD0iMjAxOC0wNS0zMFQxMDozMTo0MCswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOmVjZHNhPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSMiIHhtbG5zOnNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSI+Cgk8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+CgkJPHNhbWw6U3ViamVjdD4KCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KCQkJCTxzYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjA6Y206c2VuZGVyLXZvdWNoZXM8L3NhbWw6Q29uZmlybWF0aW9uTWV0aG9kPgoJCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+CgkJCQkJPHByOlBlcnNvbiBzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU+dHFDUUVDNytBcUdFZWVMMzkwVjVKZz09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5NYXg8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3Rlcm1hbm48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTQwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZHNpZzpSU0FLZXlWYWx1ZT48ZHNpZzpNb2R1bHVzPnMwWmhkR2E4REgwSW1iTlU3aTRxdDRtR25CUEFlTDk5Q0dkZmRCOEhWWE5CNWd3d2VMY1o5WE1TWUJvUHFHdFVqemh6S29zRkN5M0sNCmpsSEVrejB0L3JQemhOVGRsVjJRN0FGWEZlT2g3M3dPajQ3R1B2T2lVNzdwQjE3WnJaOHlObW1JTTEyUVE5MVN0RGFWRkUra0dxUEkNCmNFZHZiZk94blU4aGNpa3lYcWVheFZVV3oxbVdXTnRveUwyWG5wa1U0QkZVQnU1NWg5S2tYVEFQcnBUbEFMZjkvRDFKamZWb05tamwNCnBLWXh6Q3JBSmE4Sno4Ui9sNis0U0U3YXc3dGZuazNZUXkxcFVmNWZmellkeXZQS2ZxVTBUTUVKLzdpOW1ORHFCZlVwcVhBRWowdWUNCkpvRWs0UC9pa2Q5UnZuVUlsU0V1NzFHMyt1VEluSXBaaTd2UG93PT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJPGRzaWc6U2lnbmF0dXJlPgoJCTxkc2lnOlNpZ25lZEluZm8+CgkJCTxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+CgkJCTxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIgLz4KCQkJPGRzaWc6UmVmZXJlbmNlIFVSST0iIj4KCQkJCTxkc2lnOlRyYW5zZm9ybXM+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQk8ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6cHI6SWRlbnRpZmljYXRpb24pPC9kc2lnOlhQYXRoPgoJCQkJCTwvZHNpZzpUcmFuc2Zvcm0+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+CgkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCTxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIiAvPgoJCQkJPGRzaWc6RGlnZXN0VmFsdWU+QmVIdUFyYXUzSFVQcXg5dHV3QTRGaDNOSDB3PTwvZHNpZzpEaWdlc3RWYWx1ZT4KCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPgoJCQkJPGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiIC8+CgkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5mVEUrMjRnRHlkUlgvd0p2QlAxOUlucU54Rkk9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQk8L2RzaWc6UmVmZXJlbmNlPgoJCTwvZHNpZzpTaWduZWRJbmZvPgoJCTxkc2lnOlNpZ25hdHVyZVZhbHVlPgogICAgUHpLMWR2N2JFMGhQcGxlc1ZaRFhHSWxhbTlUK0JxWkd4ZWs5RHVuYkhNK21GWWI3a1NaZTN2eEszUmhRZjNBV3djbXFtVWZPRlJObg0KWndxYnovNGRZd2hJRld6VGdMelVmMlZkR0JsN2szbS8wSmJXSkV1bEtobE5vV2ZSTkRrdTRZcmI2THVrWjdaQzJFcWd2UXYxa1BRTg0Kb1BvQ1I5d3hUc1RKWFNCaHdLc0lERG9vZHY3aUVpWGFCM0xmVHQrQWdYdEdvbWRRaktjby9WamJSSzRUUEkvQUVNVU1KWm9zZlJYMg0KdmE2U1BaUnV4QjBlWkwwVGVzYittRjlFaUlOVnNTSU9nbTVSRE95V1ZRZkJnVG9nYjNoWmlLVmh0a1IvaWlSNmhZNlA2b1cwTDh4ag0KMG5ZVldPRHAxSlJML3Z0ZDFhUklVYzNCQTJQaFkrRmdJR1FHTUE9PQogIDwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlGdXpDQ0JLT2dBd0lCQWdJREdTa2VNQTBHQ1NxR1NJYjNEUUVCQlFVQU1JR2ZNUXN3Q1FZRFZRUUdFd0pCDQpWREZJTUVZR0ExVUVDZ3cvUVMxVWNuVnpkQ0JIWlhNdUlHWXVJRk5wWTJobGNtaGxhWFJ6YzNsemRHVnRaU0JwDQpiU0JsYkdWcmRISXVJRVJoZEdWdWRtVnlhMlZvY2lCSGJXSklNU0l3SUFZRFZRUUxEQmxoTFhOcFoyNHRZMjl5DQpjRzl5WVhSbExXeHBaMmgwTFRBeU1TSXdJQVlEVlFRRERCbGhMWE5wWjI0dFkyOXljRzl5WVhSbExXeHBaMmgwDQpMVEF5TUI0WERURTFNRGN5T0RFMU5Ea3dOVm9YRFRJd01EY3lPREV6TkRrd05Wb3dnYll4Q3pBSkJnTlZCQVlUDQpBa0ZVTVI0d0hBWURWUVFLREJWRVlYUmxibk5qYUhWMGVtdHZiVzFwYzNOcGIyNHhJakFnQmdOVkJBc01HVk4wDQpZVzF0ZW1Gb2JISmxaMmx6ZEdWeVltVm9iMlZ5WkdVeExqQXNCZ05WQkFNTUpWTnBaMjVoZEhWeWMyVnlkbWxqDQpaU0JFWVhSbGJuTmphSFYwZW10dmJXMXBjM05wYjI0eEZUQVRCZ05WQkFVVERETXlOVGt5T0RNeU16azVPREVjDQpNQm9HQ1NxR1NJYjNEUUVKQVF3TlpITnJRR1J6YXk1bmRpNWhkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEDQpnZ0VQQURDQ0FRb0NnZ0VCQU4rZEJTRUJHajJqVVhJSzFNcDNsVnhjL1phK3BKTWl5S3JYM0cxWnhnWC9pa3g3DQpEOXNjc1BZTXQ0NzNMbEFXbDljbUNiSGJKSytQVjJYTk5kVVJMTVVDSVgrNHZVTnMyTUhlRFRRdFg4QlhqSkZwDQp3SllTb2FSSlEzOUZWUy8xcjVzV2NyYTlIaGRtN3c1R3R4LzJ1a3lEWDBrZGt4YXdraFA0RVFFemkvU0krRnVnDQpuK1dxZ1ExbkFkbGJ4Yi9kY0J3NXcxaDliM2xtdXdVZjR6M29vUVdVRDJEZ0Eva0tkMUtlak5SNDNtTFVzbXZTDQp6ZXZQeFQ5enM3OHBPUjFPYWNCN0lzelRWSlBYZU9FYWFOWkhubkIvVWVPM2c4TEVWLzNPa1hjVWdjTWtiSUlpDQphQkhsbGw3MVBxMENPajlrcWpYb2U3T3JSakxZNWkzS3dPcGE2VE1DQXdFQUFhT0NBZVV3Z2dIaE1CRUdBMVVkDQpEZ1FLQkFoTUNBNmVHdlMxdWpBT0JnTlZIUThCQWY4RUJBTUNCTEF3RGdZSEtpZ0FDZ0VIQVFRREFRSC9NQk1HDQpBMVVkSXdRTU1BcUFDRWtjV0RwUDZBMERNQWtHQTFVZEV3UUNNQUF3RkFZSEtpZ0FDZ0VCQVFRSkRBZENVMEl0DQpSRk5MTUg4R0NDc0dBUVVGQndFQkJITXdjVEJHQmdnckJnRUZCUWN3QW9ZNmFIUjBjRG92TDNkM2R5NWhMWFJ5DQpkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTFqYjNKd2IzSmhkR1V0YkdsbmFIUXRNREpoTG1OeWREQW5CZ2dyDQpCZ0VGQlFjd0FZWWJhSFIwY0RvdkwyOWpjM0F1WVMxMGNuVnpkQzVoZEM5dlkzTndNRlFHQTFVZElBUk5NRXN3DQpTUVlHS2lnQUVRRVNNRDh3UFFZSUt3WUJCUVVIQWdFV01XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrDQpiMk56TDJOd0wyRXRjMmxuYmkxQmJYUnpjMmxuYm1GMGRYSXdnWjRHQTFVZEh3U0JsakNCa3pDQmtLQ0JqYUNCDQppb2FCaDJ4a1lYQTZMeTlzWkdGd0xtRXRkSEoxYzNRdVlYUXZiM1U5WVMxemFXZHVMV052Y25CdmNtRjBaUzFzDQphV2RvZEMwd01peHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wDQpQMkpoYzJVL2IySnFaV04wWTJ4aGMzTTlaV2xrUTJWeWRHbG1hV05oZEdsdmJrRjFkR2h2Y21sMGVUQU5CZ2txDQpoa2lHOXcwQkFRVUZBQU9DQVFFQUhRM1pDTXRBYmF6ZU1IbVdBMnpoWWxIcUhnS1ZvY1ZYRURnbU5tV0xHcUZlDQo4RUFERklzOHVHcmt0Qm1XQ1VJWGJYczdUSGNmeHMySjQ3dkh1Y29wc2RrYWJObFhFanpuZFJmbmMrMVZJbmJvDQp6TXJZZDdqZUROVEsvdElqaU9FWWRyeUlwZWtWOUNmYXc3eXU2bWVmTXpldTFhQXdmN0JuSy9odWl3SlduZW5wDQpCN2lEL1B2WittenVDN1JOZkpmRisrU3RpQlR4aTNWWXhOR01qTTFjVThHdzlWV2MwUjNFdWpPYVhXZ0NDOGk1DQpGR2hWdk9ZaE5YZnN4SlhiTnhld0VDanBBTHZEbEZMTCtpQzQ5RytBRFNvUnYwU2s5MU9QdStjSW1DajNyczNRDQp0YXNJL3A5TFlhY0c2Yy9nSTN0RTBpaHFnOVJic0tIWFFsM1BPdkVSSkE9PTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPgoJCTxkc2lnOk9iamVjdD4KCQkJPGRzaWc6TWFuaWZlc3QgSWQ9Im1hbmlmZXN0Ij4KCQkJCTxkc2lnOlJlZmVyZW5jZSBVUkk9IiI+CgkJCQkJPGRzaWc6VHJhbnNmb3Jtcz4KCQkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQkJPGRzaWc6WFBhdGg+bm90KGFuY2VzdG9yLW9yLXNlbGY6OmRzaWc6U2lnbmF0dXJlKTwvZHNpZzpYUGF0aD4KCQkJCQkJPC9kc2lnOlRyYW5zZm9ybT4KCQkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCQk8ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIgLz4KCQkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5wM1pwS1BvK0ZYT3ZXdEhidFJzR2VLWm9lSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPC9kc2lnOk1hbmlmZXN0PgoJCTwvZHNpZzpPYmplY3Q+Cgk8L2RzaWc6U2lnbmF0dXJlPgo8L3NhbWw6QXNzZXJ0aW9uPg==",
+      "EID-CITIZEN-QAA-LEVEL": "substantial",
+      "EID-CCS-URL": "https://www.a-trust.at/todo",
+      "EID-AUTH-BLOCK": "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?><saml2:Assertion xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_28ab8536d068a153e1a\" IssueInstant=\"2018-06-04T17:20:13+02:00\" Version=\"2.0\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\"><saml2:Issuer Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:entity\">https://www.a-trust.at/todo</saml2:Issuer><saml2:Conditions NotBefore=\"2018-06-04T17:20:13+02:00\" NotOnOrAfter=\"2018-06-04T17:35:13+02:00\"><saml2:AudienceRestriction><saml2:Audience>https://demo.egiz.gv.at/demoportal_moaid-2.0/sl20/dataUrl?pendingid=862482318004000902</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><dsig:Signature xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\" Id=\"signature-1-1\"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><dsig:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\" /><dsig:Reference Id=\"reference-1-1\" URI=\"\"><dsig:Transforms><dsig:Transform Algorithm=\"http://www.w3.org/TR/1999/REC-xslt-19991116\"><xsl:stylesheet xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" exclude-result-prefixes=\"saml2\" version=\"1.0\" xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\"><xsl:output method=\"xml\" xml:space=\"default\" /><xsl:template match=\"/\" xmlns=\"http://www.w3.org/1999/xhtml\"><html xmlns=\"http://www.w3.org/1999/xhtml\"><head><title>Signatur der Anmeldedaten</title><style media=\"screen\" type=\"text/css\">\n              \t\t\t\t\t.normalstyle { font-size: medium; } \n              \t\t\t\t\t.italicstyle { font-size: medium; font-style: italic; }\n\t\t\t\t\t\t\t\t.titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } \n\t\t\t\t\t\t\t\t.h4style { font-size: large; }                                                                                      \n\t\t\t\t\t\t\t\t.hidden {display: none; } \n              \t\t\t\t</style></head><body><h4 class=\"h4style\">Anmeldedaten:</h4><p class=\"titlestyle\">Daten zur Person</p><table class=\"parameters\"><xsl:if test=\"string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)\"><tr><td class=\"italicstyle\">Vorname: </td><td class=\"normalstyle\"><xsl:value-of select=\"/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue\" /></td></tr></xsl:if><xsl:if test=\"string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)\"><tr><td class=\"italicstyle\">Nachname: </td><td class=\"normalstyle\"><xsl:value-of select=\"/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue\" /></td></tr></xsl:if><xsl:if test=\"string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)\"><tr><td class=\"italicstyle\">Geburtsdatum: </td><td class=\"normalstyle\"><xsl:value-of select=\"/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue\" /></td></tr></xsl:if><xsl:if test=\"/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue\"><tr><td class=\"italicstyle\">Vollmacht: </td><td class=\"normalstyle\"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class=\"titlestyle\">Daten zur Anwendung</p><table class=\"parameters\"><tr><td class=\"italicstyle\">Identifikator: </td><td class=\"normalstyle\"><xsl:value-of select=\"/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://securitylayer.vda.at/eID/authblock/attributes/ServiceProviderUniqueId']/saml2:AttributeValue\" /></td></tr><xsl:if test=\"string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://securitylayer.vda.at/eID/authblock/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)\"><tr><td class=\"italicstyle\">Name: </td><td class=\"normalstyle\"><xsl:value-of select=\"/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://securitylayer.vda.at/eID/authblock/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue\" /></td></tr></xsl:if><xsl:if test=\"string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://securitylayer.vda.at/eID/authblock/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)\"><tr><td class=\"italicstyle\">Staat: </td><td class=\"normalstyle\"><xsl:value-of select=\"/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://securitylayer.vda.at/eID/authblock/attributes/ServiceProviderCountryCode']/saml2:AttributeValue\" /></td></tr></xsl:if></table><p class=\"titlestyle\">Technische Parameter</p><table class=\"parameters\"><tr><td class=\"italicstyle\">Datum:</td><td class=\"normalstyle\"><xsl:value-of select=\"substring(/saml2:Assertion/@IssueInstant,9,2)\" /><xsl:text>.</xsl:text><xsl:value-of select=\"substring(/saml2:Assertion/@IssueInstant,6,2)\" /><xsl:text>.</xsl:text><xsl:value-of select=\"substring(/saml2:Assertion/@IssueInstant,1,4)\" /></td></tr><tr><td class=\"italicstyle\">Uhrzeit:</td><td class=\"normalstyle\"><xsl:value-of select=\"substring(/saml2:Assertion/@IssueInstant,12,2)\" /><xsl:text>:</xsl:text><xsl:value-of select=\"substring(/saml2:Assertion/@IssueInstant,15,2)\" /><xsl:text>:</xsl:text><xsl:value-of select=\"substring(/saml2:Assertion/@IssueInstant,18,2)\" /></td></tr><tr><td class=\"italicstyle\">TransaktionsTokken: </td><td class=\"normalstyle\"><xsl:value-of select=\"/saml2:Assertion/@ID\" /></td></tr><xsl:if test=\"/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue\"><tr><td class=\"italicstyle\">\n\t\t\t\t\t\t\t\t\t\t\tVollmachten-Referenz: </td><td class=\"normalstyle\"><xsl:value-of select=\"/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue\" /></td></tr></xsl:if><tr class=\"hidden\"><td class=\"italicstyle\">DataURL: </td><td class=\"normalstyle\"><xsl:value-of select=\"/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience\" /></td></tr><xsl:if test=\"/saml2:Assertion/saml2:Conditions/@NotOnOrAfter\"><tr class=\"hidden\"><td class=\"italicstyle\">AuthBlockValidTo: </td><td class=\"normalstyle\"><xsl:value-of select=\"/saml2:Assertion/saml2:Conditions/@NotOnOrAfter\" /></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments\" /></dsig:Transforms><dsig:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\" /><dsig:DigestValue>9YAYcxkIWv1Zzdhli5Mjk6Nz8ZJjVQTxU/u71fF5StA=</dsig:DigestValue></dsig:Reference><dsig:Reference Id=\"etsi-data-reference-1-1\" Type=\"http://uri.etsi.org/01903#SignedProperties\" URI=\"#etsi-signedproperties-1-1\"><dsig:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\" /><dsig:DigestValue>F7ye8qqVpognWOY8JAZVHk7X+AzH/5OStZWYSSbKgH4=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue Id=\"signaturevalue-1-1\">WVqZ8I9HaPIerCh1DIh6FnNQODSmWkxSecxTrcSL79ooWPYRB8DPbNoMT39rT+eRgYPjcAxjiNegbo0+lE51ZauWNr3jq2USaVY3nBpnmVDfBlnkFMdovaVVJPyegtGTYMMeN3+EQaZRSy13bvJS1U36bFUgv2i8KeXdftFzxeNheJqyXvrGzvmVuJV4dB8fOUm2VXgKepvelpRQZ+U6Jpyq1yVE9gz4frqVLetdUSGQhKJ0VRgYVVqa4FQ+YpyFgWwJQF/lOuUWli0jZ73HC7rIuVZ5Y0LEqaB+GUwthQk4qM3BsIfxPAxeh7a1Z915h0Ilzjkbk9kwt5Z2yZ8qXQ==</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIF1jCCBL6gAwIBAgIEfgS3/TANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBgwCQVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVByZW1pdW0tVGVzdC1TaWctMDIxIzAhBgNVBAMMGmEtc2lnbi1QcmVtaXVtLVRlc3QtU2lnLTAyMB4XDTE4MDUzMDA4MzIyOVoXDTIzMDUzMDA4MzIyOVowYDELMAkGA1UEBgwCQVQxFzAVBgNVBAMMDk1heCBNdXN0ZXJtYW5uMRMwEQYDVQQEDApNdXN0ZXJtYW5uMQwwCgYDVQQqDANNYXgxFTATBgNVBAUMDDUxNzY2MDcxODk5MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNGYXRmvAx9CJmzVO4uKreJhpwTwHi/fQhnX3QfB1VzQeYMMHi3GfVzEmAaD6hrVI84cyqLBQstyo5RxJM9Lf6z84TU3ZVdkOwBVxXjoe98Do+Oxj7zolO+6Qde2a2fMjZpiDNdkEPdUrQ2lRRPpBqjyHBHb23zsZ1PIXIpMl6nmsVVFs9ZlljbaMi9l56ZFOARVAbueYfSpF0wD66U5QC3/fw9SY31aDZo5aSmMcwqwCWvCc/Ef5evuEhO2sO7X55N2EMtaVH+X382Hcrzyn6lNEzBCf+4vZjQ6gX1KalwBI9LniaBJOD/4pHfUb51CJUhLu9Rt/rkyJyKWYu7z6MCAwEAAaOCAlQwggJQMIGDBggrBgEFBQcBAQR3MHUwRQYIKwYBBQUHMAKGOWh0dHA6Ly93d3cuYS10cnVzdC5hdC9jZXJ0cy9hLXNpZ24tcHJlbWl1bS1tb2JpbGUtMDNhLmNydDAsBggrBgEFBQcwAYYgaHR0cDovL29jc3AtdGVzdC5hLXRydXN0LmF0L29jc3AwEwYDVR0jBAwwCoAIRgafjkGOFb0wcgYIKwYBBQUHAQMEZjBkMAoGCCsGAQUFBwsCMAgGBgQAjkYBATAIBgYEAI5GAQQwEwYGBACORgEGMAkGBwQAjkYBBgEwLQYGBACORgEFMCMwIRYbaHR0cHM6Ly93d3cuYS10cnVzdC5hdC9wZHMvEwJFTjARBgNVHQ4ECgQIQWyS5dXk/tYwDgYDVR0PAQH/BAQDAgbAMAkGA1UdEwQCMAAwYAYDVR0gBFkwVzAIBgYEAIswAQEwSwYGKigAEQEUMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cuYS10cnVzdC5hdC9kb2NzL2NwL2Etc2lnbi1wcmVtaXVtLW1vYmlsZTCBrgYDVR0fBIGmMIGjMIGgoIGdoIGahoGXbGRhcDovL2xkYXAtdGVzdC5hLXRydXN0LmF0L291PWEtc2lnbi1QcmVtaXVtLVRlc3QtU2lnLTAyIChTSEEtMjU2KSxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAQEAyEmgODt02xaxHb4E+O9XgImEC0AoH4Q97Pq7Bd4v+Pqqd6i5RodvwfTgIaW1J+fvH8KUTzI0XX9wpUWwImVEGMH63VAJcXVH0y9ifEWIHdhOLtRYVif0SQK9YRachvJDmF5hLwAQREeGsX2iNmP7dYe4xiNKAtQn0phvlPqgha6oKDGMQ8FNAfRz3kAtXJwPbFg6QE4kIhkTgd32uOiAJW7G2TaJZXWfK9TpV5LQ13+11FJ2S3KQc8ub/+1GdgirKSW4J1zhsfT+WCr/OayU2MzQXKv8OWb0SxWIJHiMTexH7r9muGk/ZLkaQQV2CtSOYqTAN8AweCiJ11uVFHeLpQ==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id=\"etsi-signed-1-1\"><etsi:QualifyingProperties xmlns:etsi=\"http://uri.etsi.org/01903/v1.3.2#\" Target=\"#signature-1-1\"><etsi:SignedProperties Id=\"etsi-signedproperties-1-1\"><etsi:SignedSignatureProperties><etsi:SigningTime>2018-06-04T15:20:13Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><dsig:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\" /><dsig:DigestValue>6aTkha/Y9xYS4bQMZbwIX8TFsD2CezdhuqHpTtCI3f0=</dsig:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-Premium-Test-Sig-02,OU=a-sign-Premium-Test-Sig-02,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>2114238461</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied /></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference=\"#reference-1-1\"><etsi:MimeType>application/xhtml+xml</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature><saml2:AttributeStatement><saml2:Attribute FriendlyName=\"PVP-VERSION\" Name=\"urn:oid:1.2.40.0.10.2.1.1.261.10\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">2.1</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"PRINCIPAL-NAME\" Name=\"urn:oid:1.2.40.0.10.2.1.1.261.20\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">Mustermann</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"GIVEN-NAME\" Name=\"urn:oid:2.5.4.42\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">Max</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"BIRTHDATE\" Name=\"urn:oid:1.2.40.0.10.2.1.1.55\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">1940-01-01</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"ServiceProvider-UniqueId\" Name=\"http://securitylayer.vda.at/eID/authblock/attributes/ServiceProviderUniqueId\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">labda - Development</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"ServiceProvider-FriendlyName\" Name=\"http://securitylayer.vda.at/eID/authblock/attributes/ServiceProviderFriendlyName\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">https://labda.iaik.tugraz.at:5553/demologin/</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"ServiceProvider-CountryCode\" Name=\"http://securitylayer.vda.at/eID/authblock/attributes/ServiceProviderCountryCode\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">AT</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion>"
+    }
+  }
+}
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json
new file mode 100644
index 000000000..a75535da1
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json
@@ -0,0 +1,8 @@
+{"result": 
+	{
+      "EID-IDENTITY-LINK": "PHNhbWw6QXNzZXJ0aW9uIEFzc2VydGlvbklEPSJzenIuYm1pLmd2LmF0LUFzc2VydGlvbklEMTUyNzY2OTEwMDU5MTI3NDQiIElzc3VlSW5zdGFudD0iMjAxOC0wNS0zMFQxMDozMTo0MCswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOmVjZHNhPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSMiIHhtbG5zOnNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSI+Cgk8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+CgkJPHNhbWw6U3ViamVjdD4KCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KCQkJCTxzYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjA6Y206c2VuZGVyLXZvdWNoZXM8L3NhbWw6Q29uZmlybWF0aW9uTWV0aG9kPgoJCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+CgkJCQkJPHByOlBlcnNvbiBzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU+dHFDUUVDNytBcUdFZWVMMzkwVjVKZz09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5NYXg8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3Rlcm1hbm48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTQwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZHNpZzpSU0FLZXlWYWx1ZT48ZHNpZzpNb2R1bHVzPnMwWmhkR2E4REgwSW1iTlU3aTRxdDRtR25CUEFlTDk5Q0dkZmRCOEhWWE5CNWd3d2VMY1o5WE1TWUJvUHFHdFVqemh6S29zRkN5M0sNCmpsSEVrejB0L3JQemhOVGRsVjJRN0FGWEZlT2g3M3dPajQ3R1B2T2lVNzdwQjE3WnJaOHlObW1JTTEyUVE5MVN0RGFWRkUra0dxUEkNCmNFZHZiZk94blU4aGNpa3lYcWVheFZVV3oxbVdXTnRveUwyWG5wa1U0QkZVQnU1NWg5S2tYVEFQcnBUbEFMZjkvRDFKamZWb05tamwNCnBLWXh6Q3JBSmE4Sno4Ui9sNis0U0U3YXc3dGZuazNZUXkxcFVmNWZmellkeXZQS2ZxVTBUTUVKLzdpOW1ORHFCZlVwcVhBRWowdWUNCkpvRWs0UC9pa2Q5UnZuVUlsU0V1NzFHMyt1VEluSXBaaTd2UG93PT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJPGRzaWc6U2lnbmF0dXJlPgoJCTxkc2lnOlNpZ25lZEluZm8+CgkJCTxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+CgkJCTxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIgLz4KCQkJPGRzaWc6UmVmZXJlbmNlIFVSST0iIj4KCQkJCTxkc2lnOlRyYW5zZm9ybXM+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQk8ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6cHI6SWRlbnRpZmljYXRpb24pPC9kc2lnOlhQYXRoPgoJCQkJCTwvZHNpZzpUcmFuc2Zvcm0+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+CgkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCTxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIiAvPgoJCQkJPGRzaWc6RGlnZXN0VmFsdWU+QmVIdUFyYXUzSFVQcXg5dHV3QTRGaDNOSDB3PTwvZHNpZzpEaWdlc3RWYWx1ZT4KCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPgoJCQkJPGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiIC8+CgkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5mVEUrMjRnRHlkUlgvd0p2QlAxOUlucU54Rkk9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQk8L2RzaWc6UmVmZXJlbmNlPgoJCTwvZHNpZzpTaWduZWRJbmZvPgoJCTxkc2lnOlNpZ25hdHVyZVZhbHVlPgogICAgUHpLMWR2N2JFMGhQcGxlc1ZaRFhHSWxhbTlUK0JxWkd4ZWs5RHVuYkhNK21GWWI3a1NaZTN2eEszUmhRZjNBV3djbXFtVWZPRlJObg0KWndxYnovNGRZd2hJRld6VGdMelVmMlZkR0JsN2szbS8wSmJXSkV1bEtobE5vV2ZSTkRrdTRZcmI2THVrWjdaQzJFcWd2UXYxa1BRTg0Kb1BvQ1I5d3hUc1RKWFNCaHdLc0lERG9vZHY3aUVpWGFCM0xmVHQrQWdYdEdvbWRRaktjby9WamJSSzRUUEkvQUVNVU1KWm9zZlJYMg0KdmE2U1BaUnV4QjBlWkwwVGVzYittRjlFaUlOVnNTSU9nbTVSRE95V1ZRZkJnVG9nYjNoWmlLVmh0a1IvaWlSNmhZNlA2b1cwTDh4ag0KMG5ZVldPRHAxSlJML3Z0ZDFhUklVYzNCQTJQaFkrRmdJR1FHTUE9PQogIDwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlGdXpDQ0JLT2dBd0lCQWdJREdTa2VNQTBHQ1NxR1NJYjNEUUVCQlFVQU1JR2ZNUXN3Q1FZRFZRUUdFd0pCDQpWREZJTUVZR0ExVUVDZ3cvUVMxVWNuVnpkQ0JIWlhNdUlHWXVJRk5wWTJobGNtaGxhWFJ6YzNsemRHVnRaU0JwDQpiU0JsYkdWcmRISXVJRVJoZEdWdWRtVnlhMlZvY2lCSGJXSklNU0l3SUFZRFZRUUxEQmxoTFhOcFoyNHRZMjl5DQpjRzl5WVhSbExXeHBaMmgwTFRBeU1TSXdJQVlEVlFRRERCbGhMWE5wWjI0dFkyOXljRzl5WVhSbExXeHBaMmgwDQpMVEF5TUI0WERURTFNRGN5T0RFMU5Ea3dOVm9YRFRJd01EY3lPREV6TkRrd05Wb3dnYll4Q3pBSkJnTlZCQVlUDQpBa0ZVTVI0d0hBWURWUVFLREJWRVlYUmxibk5qYUhWMGVtdHZiVzFwYzNOcGIyNHhJakFnQmdOVkJBc01HVk4wDQpZVzF0ZW1Gb2JISmxaMmx6ZEdWeVltVm9iMlZ5WkdVeExqQXNCZ05WQkFNTUpWTnBaMjVoZEhWeWMyVnlkbWxqDQpaU0JFWVhSbGJuTmphSFYwZW10dmJXMXBjM05wYjI0eEZUQVRCZ05WQkFVVERETXlOVGt5T0RNeU16azVPREVjDQpNQm9HQ1NxR1NJYjNEUUVKQVF3TlpITnJRR1J6YXk1bmRpNWhkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEDQpnZ0VQQURDQ0FRb0NnZ0VCQU4rZEJTRUJHajJqVVhJSzFNcDNsVnhjL1phK3BKTWl5S3JYM0cxWnhnWC9pa3g3DQpEOXNjc1BZTXQ0NzNMbEFXbDljbUNiSGJKSytQVjJYTk5kVVJMTVVDSVgrNHZVTnMyTUhlRFRRdFg4QlhqSkZwDQp3SllTb2FSSlEzOUZWUy8xcjVzV2NyYTlIaGRtN3c1R3R4LzJ1a3lEWDBrZGt4YXdraFA0RVFFemkvU0krRnVnDQpuK1dxZ1ExbkFkbGJ4Yi9kY0J3NXcxaDliM2xtdXdVZjR6M29vUVdVRDJEZ0Eva0tkMUtlak5SNDNtTFVzbXZTDQp6ZXZQeFQ5enM3OHBPUjFPYWNCN0lzelRWSlBYZU9FYWFOWkhubkIvVWVPM2c4TEVWLzNPa1hjVWdjTWtiSUlpDQphQkhsbGw3MVBxMENPajlrcWpYb2U3T3JSakxZNWkzS3dPcGE2VE1DQXdFQUFhT0NBZVV3Z2dIaE1CRUdBMVVkDQpEZ1FLQkFoTUNBNmVHdlMxdWpBT0JnTlZIUThCQWY4RUJBTUNCTEF3RGdZSEtpZ0FDZ0VIQVFRREFRSC9NQk1HDQpBMVVkSXdRTU1BcUFDRWtjV0RwUDZBMERNQWtHQTFVZEV3UUNNQUF3RkFZSEtpZ0FDZ0VCQVFRSkRBZENVMEl0DQpSRk5MTUg4R0NDc0dBUVVGQndFQkJITXdjVEJHQmdnckJnRUZCUWN3QW9ZNmFIUjBjRG92TDNkM2R5NWhMWFJ5DQpkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTFqYjNKd2IzSmhkR1V0YkdsbmFIUXRNREpoTG1OeWREQW5CZ2dyDQpCZ0VGQlFjd0FZWWJhSFIwY0RvdkwyOWpjM0F1WVMxMGNuVnpkQzVoZEM5dlkzTndNRlFHQTFVZElBUk5NRXN3DQpTUVlHS2lnQUVRRVNNRDh3UFFZSUt3WUJCUVVIQWdFV01XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrDQpiMk56TDJOd0wyRXRjMmxuYmkxQmJYUnpjMmxuYm1GMGRYSXdnWjRHQTFVZEh3U0JsakNCa3pDQmtLQ0JqYUNCDQppb2FCaDJ4a1lYQTZMeTlzWkdGd0xtRXRkSEoxYzNRdVlYUXZiM1U5WVMxemFXZHVMV052Y25CdmNtRjBaUzFzDQphV2RvZEMwd01peHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wDQpQMkpoYzJVL2IySnFaV04wWTJ4aGMzTTlaV2xrUTJWeWRHbG1hV05oZEdsdmJrRjFkR2h2Y21sMGVUQU5CZ2txDQpoa2lHOXcwQkFRVUZBQU9DQVFFQUhRM1pDTXRBYmF6ZU1IbVdBMnpoWWxIcUhnS1ZvY1ZYRURnbU5tV0xHcUZlDQo4RUFERklzOHVHcmt0Qm1XQ1VJWGJYczdUSGNmeHMySjQ3dkh1Y29wc2RrYWJObFhFanpuZFJmbmMrMVZJbmJvDQp6TXJZZDdqZUROVEsvdElqaU9FWWRyeUlwZWtWOUNmYXc3eXU2bWVmTXpldTFhQXdmN0JuSy9odWl3SlduZW5wDQpCN2lEL1B2WittenVDN1JOZkpmRisrU3RpQlR4aTNWWXhOR01qTTFjVThHdzlWV2MwUjNFdWpPYVhXZ0NDOGk1DQpGR2hWdk9ZaE5YZnN4SlhiTnhld0VDanBBTHZEbEZMTCtpQzQ5RytBRFNvUnYwU2s5MU9QdStjSW1DajNyczNRDQp0YXNJL3A5TFlhY0c2Yy9nSTN0RTBpaHFnOVJic0tIWFFsM1BPdkVSSkE9PTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPgoJCTxkc2lnOk9iamVjdD4KCQkJPGRzaWc6TWFuaWZlc3QgSWQ9Im1hbmlmZXN0Ij4KCQkJCTxkc2lnOlJlZmVyZW5jZSBVUkk9IiI+CgkJCQkJPGRzaWc6VHJhbnNmb3Jtcz4KCQkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQkJPGRzaWc6WFBhdGg+bm90KGFuY2VzdG9yLW9yLXNlbGY6OmRzaWc6U2lnbmF0dXJlKTwvZHNpZzpYUGF0aD4KCQkJCQkJPC9kc2lnOlRyYW5zZm9ybT4KCQkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCQk8ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIgLz4KCQkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5wM1pwS1BvK0ZYT3ZXdEhidFJzR2VLWm9lSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPC9kc2lnOk1hbmlmZXN0PgoJCTwvZHNpZzpPYmplY3Q+Cgk8L2RzaWc6U2lnbmF0dXJlPgo8L3NhbWw6QXNzZXJ0aW9uPg==",
+      "EID-CITIZEN-QAA-LEVEL": "substantial",
+      "EID-CCS-URL": "https://www.a-trust.at/todo",
+      "EID-AUTH-BLOCK": "PHNhbWwyOkFzc2VydGlvbiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il81NzAxMGI3ZmNjOTNjYzRjZjNmMmI3NjQzODkxMzdjMiIgSXNzdWVJbnN0YW50PSIyMDE2LTAzLTI5VDA4OjUwOjU2LjQ1MFoiIFZlcnNpb249IjIuMCIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIj4NCgk8c2FtbDI6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5odHRwczovL2RlbW8tdmRhLmF0L3ZkYS1zZXJ2aWNlPC9zYW1sMjpJc3N1ZXI+PGRzaWc6U2lnbmF0dXJlIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIElkPSJzaWduYXR1cmUtMS0xIj48ZHNpZzpTaWduZWRJbmZvPjxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSIvPjxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI2VjZHNhLXNoYTI1NiIvPjxkc2lnOlJlZmVyZW5jZSBJZD0icmVmZXJlbmNlLTEtMSIgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHNsdC0xOTk5MTExNiI+PHhzbDpzdHlsZXNoZWV0IHhtbG5zOnhzbD0iaHR0cDovL3d3dy53My5vcmcvMTk5OS9YU0wvVHJhbnNmb3JtIiBleGNsdWRlLXJlc3VsdC1wcmVmaXhlcz0ic2FtbDIiIHZlcnNpb249IjEuMCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjx4c2w6b3V0cHV0IG1ldGhvZD0ieG1sIiB4bWw6c3BhY2U9ImRlZmF1bHQiLz48eHNsOnRlbXBsYXRlIG1hdGNoPSIvIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCI+PGh0bWwgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiPjxoZWFkPjx0aXRsZT5TaWduYXR1ciBkZXIgQW5tZWxkZWRhdGVuPC90aXRsZT48c3R5bGUgbWVkaWE9InNjcmVlbiIgdHlwZT0idGV4dC9jc3MiPg0KICAgICAgICAgICAgICAJCQkJCS5ub3JtYWxzdHlsZSB7IGZvbnQtc2l6ZTogbWVkaXVtOyB9IA0KICAgICAgICAgICAgICAJCQkJCS5pdGFsaWNzdHlsZSB7IGZvbnQtc2l6ZTogbWVkaXVtOyBmb250LXN0eWxlOiBpdGFsaWM7IH0NCgkJCQkJCQkJLnRpdGxlc3R5bGUgeyB0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lOyBmb250LXdlaWdodDpib2xkOyBmb250LXNpemU6IG1lZGl1bTsgfSANCgkJCQkJCQkJLmg0c3R5bGUgeyBmb250LXNpemU6IGxhcmdlOyB9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCgkJCQkJCQkJLmhpZGRlbiB7ZGlzcGxheTogbm9uZTsgfSANCiAgICAgICAgICAgICAgCQkJCTwvc3R5bGU+PC9oZWFkPjxib2R5PjxoNCBjbGFzcz0iaDRzdHlsZSI+QW5tZWxkZWRhdGVuOjwvaDQ+PHAgY2xhc3M9InRpdGxlc3R5bGUiPkRhdGVuIHp1ciBQZXJzb248L3A+PHRhYmxlIGNsYXNzPSJwYXJhbWV0ZXJzIj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6Mi41LjQuNDInXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5Wb3JuYW1lOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6Mi41LjQuNDInXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjIwJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+TmFjaG5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuNTUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5HZWJ1cnRzZGF0dW06IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+Vm9sbG1hY2h0OiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dGV4dD5JY2ggbWVsZGUgbWljaCBpbiBWZXJ0cmV0dW5nIGFuLiBJbSBuw6RjaHN0ZW4gU2Nocml0dCB3aXJkIG1pciBlaW5lIExpc3RlIGRlciBmw7xyIG1pY2ggdmVyZsO8Z2JhcmVuIFZlcnRyZXR1bmdzdmVyaMOkbHRuaXNzZSBhbmdlemVpZ3QsIGF1cyBkZW5lbiBpY2ggZWluZXMgYXVzd8OkaGxlbiB3ZXJkZS48L3hzbDp0ZXh0PjwvdGQ+PC90cj48L3hzbDppZj48L3RhYmxlPjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5EYXRlbiB6dXIgQW53ZW5kdW5nPC9wPjx0YWJsZSBjbGFzcz0icGFyYW1ldGVycyI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPklkZW50aWZpa2F0b3I6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJVbmlxdWVJZCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYW1lOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyRnJpZW5kbHlOYW1lJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+U3RhYXQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjwvdGFibGU+PHAgY2xhc3M9InRpdGxlc3R5bGUiPlRlY2huaXNjaGUgUGFyYW1ldGVyPC9wPjx0YWJsZSBjbGFzcz0icGFyYW1ldGVycyI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkRhdHVtOjwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsOSwyKSIvPjx4c2w6dGV4dD4uPC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCw2LDIpIi8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEsNCkiLz48L3RkPjwvdHI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlVocnplaXQ6PC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxMiwyKSIvPjx4c2w6dGV4dD46PC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxNSwyKSIvPjx4c2w6dGV4dD46PC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxOCwyKSIvPjwvdGQ+PC90cj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+VHJhbnNha3Rpb25zVG9ra2VuOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL0BJRCIvPjwvdGQ+PC90cj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPg0KCQkJCQkJCQkJCQlWb2xsbWFjaHRlbi1SZWZlcmVuejogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx0ciBjbGFzcz0iaGlkZGVuIj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5EYXRhVVJMOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkNvbmRpdGlvbnMvc2FtbDI6QXVkaWVuY2VSZXN0cmljdGlvbi9zYW1sMjpBdWRpZW5jZSIvPjwvdGQ+PC90cj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9ATm90T25PckFmdGVyIj48dHIgY2xhc3M9ImhpZGRlbiI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+QXV0aEJsb2NrVmFsaWRUbzogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL0BOb3RPbk9yQWZ0ZXIiLz48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48L2JvZHk+PC9odG1sPjwveHNsOnRlbXBsYXRlPjwveHNsOnN0eWxlc2hlZXQ+PC9kc2lnOlRyYW5zZm9ybT48ZHNpZzpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSNXaXRoQ29tbWVudHMiLz48L2RzaWc6VHJhbnNmb3Jtcz48ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHNpZzpEaWdlc3RWYWx1ZT5tY0xFdXNpMmMySFZsZWJXZWJnK1VUVVVCVDRHSUxIVDdhN1ZGaDFNZ1YwPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjxkc2lnOlJlZmVyZW5jZSBJZD0iZXRzaS1kYXRhLXJlZmVyZW5jZS0xLTEiIFR5cGU9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMvdjEuMS4xI1NpZ25lZFByb3BlcnRpZXMiIFVSST0iIj48ZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDIvMDYveG1sZHNpZy1maWx0ZXIyIj48eHBmOlhQYXRoIHhtbG5zOnhwZj0iaHR0cDovL3d3dy53My5vcmcvMjAwMi8wNi94bWxkc2lnLWZpbHRlcjIiIEZpbHRlcj0iaW50ZXJzZWN0IiB4bWxuczpldHNpPSJodHRwOi8vdXJpLmV0c2kub3JnLzAxOTAzL3YxLjEuMSMiPi8vKltASWQ9J2V0c2ktc2lnbmVkLTEtMSddL2V0c2k6UXVhbGlmeWluZ1Byb3BlcnRpZXMvZXRzaTpTaWduZWRQcm9wZXJ0aWVzPC94cGY6WFBhdGg+PC9kc2lnOlRyYW5zZm9ybT48L2RzaWc6VHJhbnNmb3Jtcz48ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHNpZzpEaWdlc3RWYWx1ZT5xMWdMWm9lTDZLOVZaZHkzM3lPdVRFaTJGVDFTaDBqRDJSZGMzRXJ0WmNvPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjwvZHNpZzpTaWduZWRJbmZvPjxkc2lnOlNpZ25hdHVyZVZhbHVlPmpjV2YrejljckIvVU1COTVPR2ZlMys5U2pESXRrMUZWSGRFZWNGSnhnbVJndWRjMWxmc1V2Z21BTzhxYlBHcGpEMDJhMi9pNmowTlJFR1l4dU5aVGtBPT08L2RzaWc6U2lnbmF0dXJlVmFsdWU+PGRzaWc6S2V5SW5mbz48ZHNpZzpYNTA5RGF0YT48ZHNpZzpYNTA5Q2VydGlmaWNhdGU+TUlJRm1qQ0NBNEtnQXdJQkFnSUVPTkd1bWpBTkJna3Foa2lHOXcwQkFRc0ZBRENCblRFTE1Ba0dBMVVFQmhNQ1FWUXhTREJHQmdOVkJBb01QMEV0VkhKMWMzUWdSMlZ6TGlCbUxpQlRhV05vWlhKb1pXbDBjM041YzNSbGJXVWdhVzBnWld4bGEzUnlMaUJFWVhSbGJuWmxjbXRsYUhJZ1IyMWlTREVoTUI4R0ExVUVDd3dZWVMxemFXZHVMWEJ5WlcxcGRXMHRiVzlpYVd4bExUQTFNU0V3SHdZRFZRUUREQmhoTFhOcFoyNHRjSEpsYldsMWJTMXRiMkpwYkdVdE1EVXdIaGNOTVRnd05ERXlNRFl4T0RVd1doY05Nak13TkRFeU1EWXhPRFV3V2pCbU1Rc3dDUVlEVlFRR0V3SkJWREVhTUJnR0ExVUVBd3dSVkdodmJXRnpJRWRsYjNKbklFeGxibm94RFRBTEJnTlZCQVFNQkV4bGJub3hGVEFUQmdOVkJDb01ERlJvYjIxaGN5QkhaVzl5WnpFVk1CTUdBMVVFQlJNTU9ESXdNVGd3TnpjM01qZzNNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVmMmFZaTM5UlRPd3VHbHZqbWwwNms0eEdnSUZIOU8rajUrdms0bDdjbzVYRVNkYUYvK1FFQmJpcUIxQjlIcGZFOVJIZjdiYkc2WjdlZjh4VXhkdjMzYU9DQWVFd2dnSGRNSDBHQ0NzR0FRVUZCd0VCQkhFd2J6QkVCZ2dyQmdFRkJRY3dBb1k0YUhSMGNEb3ZMM2QzZHk1aExYUnlkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTF3Y21WdGFYVnRMVzF2WW1sc1pTMHdOUzVqY25Rd0p3WUlLd1lCQlFVSE1BR0dHMmgwZEhBNkx5OXZZM053TG1FdGRISjFjM1F1WVhRdmIyTnpjREFUQmdOVkhTTUVEREFLZ0FoSTgvMmNJdzZIZHpCeUJnZ3JCZ0VGQlFjQkF3Um1NR1F3Q2dZSUt3WUJCUVVIQ3dJd0NBWUdCQUNPUmdFQk1BZ0dCZ1FBamtZQkJEQVRCZ1lFQUk1R0FRWXdDUVlIQkFDT1JnRUdBVEF0QmdZRUFJNUdBUVV3SXpBaEZodG9kSFJ3Y3pvdkwzZDNkeTVoTFhSeWRYTjBMbUYwTDNCa2N5OFRBa1ZPTUJFR0ExVWREZ1FLQkFoS1F2Z2VFZTdPaURBT0JnTlZIUThCQWY4RUJBTUNCc0F3Q1FZRFZSMFRCQUl3QURCZ0JnTlZIU0FFV1RCWE1BZ0dCZ1FBaXpBQkFUQkxCZ1lxS0FBUkFSUXdRVEEvQmdnckJnRUZCUWNDQVJZemFIUjBjRG92TDNkM2R5NWhMWFJ5ZFhOMExtRjBMMlJ2WTNNdlkzQXZZUzF6YVdkdUxYQnlaVzFwZFcwdGJXOWlhV3hsTUVNR0ExVWRId1E4TURvd09LQTJvRFNHTW1oMGRIQTZMeTlqY213dVlTMTBjblZ6ZEM1aGRDOWpjbXd2WVMxemFXZHVMWEJ5WlcxcGRXMHRiVzlpYVd4bExUQTFNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUFyL1Z0T3hVaU5aTVVjeHJISG9yM0FYWnlqcVVmdTRWTTFkbkt3Zjl1d1hRa3NVcnF2b1Jzc3AyakhDbnpIM2FaV2plQ3U5UFVDSmV3NXgxUnBNeEUwaFZZanEzNzVrdjM4d1ZXUjM4WmE3eVl5ME45cTBVbjBOSmlTUHpuaklUa3RweWZkcHNGSkluTDIrM1h5Z2FZZU51dGU5NjA0WTMwK3JGSCtKck85UjgzWmFwbTZjdGs4ai8xSHBxb0c0NXlJbTZtS3AvWGhndGJnVk13OHptUjBQWGpBaW5FaTYrUmEzL1Z0cUV4ZVlHaUt5WS9SdWU1TWZQRGhiMmRBQjByd1ozVWtRakU0TWFyMFRDVzR0cHZKR0hiakhuQkwyMVY4SVNMZkUxb1NYcGJZWVNqTFh4TENmcmJrZUdSbkhTUTVENUUwU1ZqTzdsU3NQazFtaVErcExGR1FTNTZKS3VFWTBoVzRKYzlkUGRRc29Qc2FEVCtQZW1WQXIzcVZGTEQ1QSt0cm5GMFpqQ3A2RHVhYVdnT0hQajFweE05V0tVRFpXa1hUQWdDZVZhN3RLMlFjMlZWUUUvc3ZGS1I1OWlGTWlSdGpZQXpjTS9OZ215bE9DYUc1a01UZmlXOWhnbGo5QjNSdVVackZHWFNhY0ptcGM4ZWppRTl4a3B5UTVadDlpK3FDVE40ajdIOWdpRHMydkNnMDFwYnp3b0txc05zWGlFc2JzM3NVeTVTUFYyRzg4a055Vm9DTkVKVVZka0ZBZXBqQkcwbDJ5SkxaVkRtdHBucjlFbzc2LzRWSGhGeWJIYU84aWxabXJaQTRqMitMaGRBSFg3a3ZhVE1YbHQxSVphaWdOZE9YYVAwT3d2d3BWUGtSTG9LOHJ1UDRObzE4VGRvQVc0MTVpUT09PC9kc2lnOlg1MDlDZXJ0aWZpY2F0ZT48L2RzaWc6WDUwOURhdGE+PC9kc2lnOktleUluZm8+PGRzaWc6T2JqZWN0IElkPSJldHNpLXNpZ25lZC0xLTEiPjxldHNpOlF1YWxpZnlpbmdQcm9wZXJ0aWVzIHhtbG5zOmV0c2k9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMvdjEuMS4xIyIgVGFyZ2V0PSIjc2lnbmF0dXJlLTEtMSI+PGV0c2k6U2lnbmVkUHJvcGVydGllcz48ZXRzaTpTaWduZWRTaWduYXR1cmVQcm9wZXJ0aWVzPjxldHNpOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDVUMDY6MzI6MjZaPC9ldHNpOlNpZ25pbmdUaW1lPjxldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpDZXJ0PjxldHNpOkNlcnREaWdlc3Q+PGV0c2k6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZXRzaTpEaWdlc3RWYWx1ZT5JZE1yc2VxMHNXczl5UStFRDN3UWpIOHcxeDg9PC9ldHNpOkRpZ2VzdFZhbHVlPjwvZXRzaTpDZXJ0RGlnZXN0PjxldHNpOklzc3VlclNlcmlhbD48ZHNpZzpYNTA5SXNzdWVyTmFtZT5DTj1hLXNpZ24tcHJlbWl1bS1tb2JpbGUtMDUsT1U9YS1zaWduLXByZW1pdW0tbW9iaWxlLTA1LE89QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJILEM9QVQ8L2RzaWc6WDUwOUlzc3Vlck5hbWU+PGRzaWc6WDUwOVNlcmlhbE51bWJlcj45NTMyNjU4MTg8L2RzaWc6WDUwOVNlcmlhbE51bWJlcj48L2V0c2k6SXNzdWVyU2VyaWFsPjwvZXRzaTpDZXJ0PjwvZXRzaTpTaWduaW5nQ2VydGlmaWNhdGU+PGV0c2k6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48ZXRzaTpTaWduYXR1cmVQb2xpY3lJbXBsaWVkLz48L2V0c2k6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48L2V0c2k6U2lnbmVkU2lnbmF0dXJlUHJvcGVydGllcz48ZXRzaTpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48ZXRzaTpEYXRhT2JqZWN0Rm9ybWF0IE9iamVjdFJlZmVyZW5jZT0iI3JlZmVyZW5jZS0xLTEiPjxldHNpOk1pbWVUeXBlPmFwcGxpY2F0aW9uL3hodG1sK3htbDwvZXRzaTpNaW1lVHlwZT48L2V0c2k6RGF0YU9iamVjdEZvcm1hdD48L2V0c2k6U2lnbmVkRGF0YU9iamVjdFByb3BlcnRpZXM+PC9ldHNpOlNpZ25lZFByb3BlcnRpZXM+PC9ldHNpOlF1YWxpZnlpbmdQcm9wZXJ0aWVzPjwvZHNpZzpPYmplY3Q+PC9kc2lnOlNpZ25hdHVyZT4NCgk8c2FtbDI6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTYtMDMtMjlUMDg6NTA6NTYuNDUwWiIgTm90T25PckFmdGVyPSIyMDE2LTAzLTI5VDA4OjU1OjU2LjQ1MFoiPg0KCQk8c2FtbDI6QXVkaWVuY2VSZXN0cmljdGlvbj4NCgkJCTxzYW1sMjpBdWRpZW5jZT5odHRwczovL2RlbW8uZWdpei5ndi5hdC9kZW1vLVNQL3B2cC9wb3N0PC9zYW1sMjpBdWRpZW5jZT4NCgkJPC9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KCTwvc2FtbDI6Q29uZGl0aW9ucz4NCgk8c2FtbDI6QXR0cmlidXRlU3RhdGVtZW50Pg0KCQk8c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iUFZQLVZFUlNJT04iIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjEwIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+DQoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+Mi4xPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJQUklOQ0lQQUwtTkFNRSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5NdXN0ZXJtYW5uPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJHSVZFTi1OQU1FIiBOYW1lPSJ1cm46b2lkOjIuNS40LjQyIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+DQoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+TWF4PC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJCSVJUSERBVEUiIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuNTUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4wMS4wMy4xOTk4PC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItVW5pcXVlSWQiIE5hbWU9Imh0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyVW5pcXVlSWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5odHRwczovL2RlbW8uZWdpei5ndi5hdC9kZW1vLVNQL3B2cC9tZXRhZGF0YTwvc2FtbDI6QXR0cmlidXRlVmFsdWU+DQoJCTwvc2FtbDI6QXR0cmlidXRlPg0KCQk8c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iU2VydmljZVByb3ZpZGVyLUZyaWVuZGx5TmFtZSIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5EZW1vbG9naW4gU2VydmljZSBwcm92aWRlZCBieSBFR0laPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItQ291bnRyeUNvZGUiIE5hbWU9Imh0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyQ291bnRyeUNvZGUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5BVDwvc2FtbDI6QXR0cmlidXRlVmFsdWU+DQoJCTwvc2FtbDI6QXR0cmlidXRlPg0KCQk8c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iTUFOREFURS1SRUZFUkVOQ0UtVkFMVUUiIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjkwIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+DQoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+X2FzZGZhZGZhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhczwvc2FtbDI6QXR0cmlidXRlVmFsdWU+DQoJCTwvc2FtbDI6QXR0cmlidXRlPg0KCTwvc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50Pg0KPC9zYW1sMjpBc3NlcnRpb24+"
+    }
+}
\ No newline at end of file
-- 
cgit v1.2.3


From 3b26a365d832d4b0664777d2c348606247022564 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 14 Jun 2018 13:55:39 +0200
Subject: some more stuff

---
 .../configuration/struts/action/BasicOAAction.java |   2 +-
 .../moa/id/advancedlogging/MOAReversionLogger.java |  11 +-
 .../moa/id/advancedlogging/StatisticLogger.java    |   8 +-
 .../id/auth/builder/AuthenticationDataBuilder.java | 143 +++--------
 .../builder/DynamicOAAuthParameterBuilder.java     |  13 +-
 .../StartAuthentificationParameterParser.java      |   2 +-
 .../id/auth/servlet/IDPSingleLogOutServlet.java    |  33 ++-
 .../moa/id/auth/servlet/LogOutServlet.java         |   2 +-
 .../UniqueSessionIdentifierInterceptor.java        |   6 +-
 .../id/config/auth/OAAuthParameterDecorator.java   |  24 +-
 .../PropertyBasedAuthConfigurationProvider.java    |   2 +-
 .../config/auth/data/DynamicOAAuthParameters.java  |  10 +-
 .../moa/id/data/MOAAuthenticationData.java         |   4 +-
 .../moa/id/data/SLOInformationContainer.java       |  45 ++--
 .../moa/id/data/SLOInformationImpl.java            |   2 +
 .../moa/id/data/SLOInformationInterface.java       |  70 -----
 .../moa/id/moduls/AuthenticationManager.java       | 282 ++------------------
 .../gv/egovernment/moa/id/moduls/SSOManager.java   |  55 ++--
 .../builder/attributes/BPKAttributeBuilder.java    |  71 -----
 .../attributes/EIDSectorForIDAttributeBuilder.java |  55 ----
 .../builder/attributes/EIDSignerCertificate.java   |  12 +-
 .../attributes/EncryptedBPKAttributeBuilder.java   |  22 +-
 .../protocols/builder/attributes/HolderOfKey.java  |   4 +-
 .../MandateFullMandateAttributeBuilder.java        |  38 +--
 ...MandateLegalPersonFullNameAttributeBuilder.java |  56 ++--
 ...andateLegalPersonSourcePinAttributeBuilder.java |  14 +-
 ...teLegalPersonSourcePinTypeAttributeBuilder.java |  60 +++--
 .../MandateNaturalPersonBPKAttributeBuilder.java   |  78 +++---
 ...dateNaturalPersonBirthDateAttributeBuilder.java |  58 +++--
 ...ateNaturalPersonFamilyNameAttributeBuilder.java |  64 ++---
 ...dateNaturalPersonGivenNameAttributeBuilder.java |  59 +++--
 ...dateNaturalPersonSourcePinAttributeBuilder.java |  62 +++--
 ...NaturalPersonSourcePinTypeAttributeBuilder.java |  56 ++--
 .../MandateProfRepDescAttributeBuilder.java        |  63 +++--
 .../MandateProfRepOIDAttributeBuilder.java         |  37 +--
 .../MandateReferenceValueAttributeBuilder.java     |  15 +-
 .../attributes/MandateTypeAttributeBuilder.java    |  41 +--
 .../attributes/MandateTypeOIDAttributeBuilder.java |  26 +-
 .../id/protocols/pvp2x/AttributQueryAction.java    | 144 +++++++++--
 .../id/protocols/pvp2x/AuthenticationAction.java   |  10 +-
 .../moa/id/protocols/pvp2x/MetadataAction.java     |   8 +-
 .../moa/id/protocols/pvp2x/PVP2XProtocol.java      | 153 +++++------
 .../id/protocols/pvp2x/PVPAssertionStorage.java    |  10 +-
 .../id/protocols/pvp2x/PVPTargetConfiguration.java | 138 +++++-----
 .../moa/id/protocols/pvp2x/SingleLogOutAction.java |  56 ++--
 .../pvp2x/builder/AttributQueryBuilder.java        |   3 +-
 .../pvp2x/builder/PVPAttributeBuilder.java         |  18 +-
 .../pvp2x/builder/PVPAuthnRequestBuilder.java      |   4 +-
 .../pvp2x/builder/SingleLogOutBuilder.java         | 216 +++++++++++++++-
 .../builder/assertion/PVP2AssertionBuilder.java    |  65 ++---
 .../builder/attributes/SamlAttributeGenerator.java |   2 +-
 .../protocols/pvp2x/config/PVPConfiguration.java   |  10 +-
 .../NameIDFormatNotSupportedException.java         |   2 +-
 .../pvp2x/metadata/MOAMetadataProvider.java        |  35 +--
 .../pvp2x/metadata/SimpleMOAMetadataProvider.java  |  37 ++-
 .../pvp2x/signer/AbstractCredentialProvider.java   |   4 +-
 .../pvp2x/signer/IDPCredentialProvider.java        |   9 +-
 .../pvp2x/verification/EntityVerifier.java         |   9 +-
 .../pvp2x/verification/SAMLVerificationEngine.java |  18 +-
 .../storage/DBAuthenticationSessionStoreage.java   |  84 +++---
 .../moa/id/storage/DBTransactionStorage.java       |  19 +-
 .../id/storage/IAuthenticationSessionStoreage.java |  28 +-
 .../moa/id/storage/RedisTransactionStorage.java    |   6 +-
 .../gv/egovernment/moa/id/util/LoALevelMapper.java | 174 +++++++++++++
 .../egovernment/moa/id/util/PVPtoSTORKMapper.java  | 174 -------------
 .../egovernment/moa/id/util/QAALevelVerifier.java  |  22 +-
 ....protocols.builder.attributes.IAttributeBuilder |   2 -
 .../moa/id/module/test/TestRequestImpl.java        | 285 ---------------------
 .../spring/test/DummyTransactionStorage.java       | 147 -----------
 .../spring/test/ExpressionContextAdapter.java      |  52 ----
 .../moa/id/process/spring/test/SimplePojo.java     |  41 ---
 .../SpringExpressionAwareProcessEngineTest.java    | 154 -----------
 .../spring/test/SpringExpressionEvaluatorTest.java |  54 ----
 .../spring/test/task/CreateSAML1AssertionTask.java |  63 -----
 .../spring/test/task/GetIdentityLinkTask.java      |  59 -----
 .../id/process/spring/test/task/SelectBKUTask.java |  37 ---
 .../spring/test/task/SignAuthBlockTask.java        |  61 -----
 .../spring/test/task/ValidateIdentityLinkTask.java |  46 ----
 .../test/task/ValidateSignedAuthBlockTask.java     |  51 ----
 .../test/BooleanStringExpressionEvaluator.java     |  24 --
 .../moa/id/process/test/HalloWeltTask.java         |  24 --
 .../moa/id/process/test/HelloWorldTask.java        |  24 --
 .../process/test/ProcessDefinitionParserTest.java  | 137 ----------
 .../moa/id/process/test/ProcessEngineTest.java     | 146 -----------
 .../id/storage/test/DBTransactionStorageTest.java  |   6 +-
 .../moa/id/commons/api/IOAAuthParameters.java      |  19 +-
 ...roviderSpecificGUIFormBuilderConfiguration.java |  14 +-
 .../DefaultGUIFormBuilderConfiguration.java        |   2 +-
 ...PSpecificGUIBuilderConfigurationWithDBLoad.java |   7 +-
 ...cGUIBuilderConfigurationWithFileSystemLoad.java |   4 +-
 .../moa/id/auth/frontend/utils/FormBuildUtils.java |   4 +-
 .../moa/id/auth/MOAIDAuthSpringInitializer.java    |   2 +-
 .../bkamobileauthtests/BKAMobileAuthModule.java    |  14 +-
 .../tasks/FirstBKAMobileAuthTask.java              |  25 +-
 .../tasks/SecondBKAMobileAuthTask.java             |  24 +-
 .../attributes/OAuth20AttributeBuilder.java        |  29 ++-
 .../attributes/OpenIdAudiencesAttribute.java       |  17 +-
 .../OpenIdAuthenticationTimeAttribute.java         |  17 +-
 .../attributes/OpenIdExpirationTimeAttribute.java  |  15 +-
 .../attributes/OpenIdIssueInstantAttribute.java    |  15 +-
 .../oauth20/attributes/OpenIdIssuerAttribute.java  |  17 +-
 .../oauth20/attributes/OpenIdNonceAttribute.java   |  20 +-
 .../OpenIdSubjectIdentifierAttribute.java          |  15 +-
 .../attributes/ProfileDateOfBirthAttribute.java    |  15 +-
 .../attributes/ProfileFamilyNameAttribute.java     |  15 +-
 .../attributes/ProfileGivenNameAttribute.java      |  15 +-
 .../oauth20/protocol/OAuth20AuthRequest.java       |  86 +++----
 .../oauth20/protocol/OAuth20BaseRequest.java       |  15 +-
 .../oauth20/protocol/OAuth20Protocol.java          |   2 +-
 .../tasks/CreateAuthnRequestTask.java              |   4 +-
 110 files changed, 1725 insertions(+), 3163 deletions(-)
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/ExpressionContextAdapter.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SimplePojo.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/BooleanStringExpressionEvaluator.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessDefinitionParserTest.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java

(limited to 'id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src')

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
index 32368bab9..7d411b161 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -538,7 +538,7 @@ public class BasicOAAction extends BasicAction {
 			
 		} catch (ConfigurationStorageException | at.gv.egiz.components.configuration.api.ConfigurationException e) {
 			log.warn("MOAID Configuration can not be stored in Database", e);
-			throw new MOADatabaseException(e);
+			throw new MOADatabaseException(e.getMessage(), e);
 			
 		}
     	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 0090bf3d3..322686c21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -123,7 +123,6 @@ public class MOAReversionLogger implements IRevisionLogger {
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egiz.eaaf.core.api.IRequest, int)
 	 */
-	@Override
 	public void logEvent(ISPConfiguration oaConfig, IRequest pendingRequest, 
 			int eventCode) {		
 			if (selectOASpecificEventCodes(oaConfig).contains(eventCode))
@@ -136,7 +135,6 @@ public class MOAReversionLogger implements IRevisionLogger {
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egiz.eaaf.core.api.IRequest, int, java.lang.String)
 	 */
-	@Override
 	public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest, 
 			int eventCode, String message) {		
 		if (selectOASpecificEventCodes(oaConfig).contains(eventCode))
@@ -251,11 +249,14 @@ public class MOAReversionLogger implements IRevisionLogger {
 		
 	}
 	
-	private List<Integer> selectOASpecificEventCodes(IOAAuthParameters oaConfig) {
+	private List<Integer> selectOASpecificEventCodes(ISPConfiguration oaConfig) {
 		List<Integer> OASpecificEventCodes = null;
-		if (oaConfig != null && oaConfig.getReversionsLoggingEventCodes() != null)
-			OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes();
+		if (oaConfig != null && oaConfig instanceof IOAAuthParameters) {
+			if (((IOAAuthParameters)oaConfig).getReversionsLoggingEventCodes() != null)
+				OASpecificEventCodes = ((IOAAuthParameters)oaConfig).getReversionsLoggingEventCodes();
 			
+		}
+		
 		else
 			OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes();
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index e12b1372e..ea796d974 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -46,6 +46,7 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBod
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.ServiceException;
 import at.gv.egovernment.moa.id.client.SZRGWClientException;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
@@ -286,10 +287,10 @@ public class StatisticLogger implements IStatisticLogger{
 				}
 				
 				IAuthenticationSession moasession = null;
-				if (MiscUtil.isNotEmpty(errorRequest.getInternalSSOSessionIdentifier())) {
+				if (MiscUtil.isNotEmpty(errorRequest.getSSOSessionIdentifier())) {
 					Logger.debug("Use MOA session information from SSO session for ErrorLogging");
 					try {
-						moasession = authenticatedSessionStorage.getInternalSSOSession(errorRequest.getInternalSSOSessionIdentifier());
+						moasession = authenticatedSessionStorage.getInternalSSOSession(errorRequest.getSSOSessionIdentifier());
 						
 					} catch (MOADatabaseException e) {
 						Logger.error("Error during database communication", e);
@@ -298,7 +299,8 @@ public class StatisticLogger implements IStatisticLogger{
 										
 				} else {
 					Logger.debug("Use MOA session information from pending-req for ErrorLogging");
-					moasession = errorRequest.getMOASession();
+					moasession = new AuthenticationSessionWrapper(errorRequest.genericFullDataStorage()); 
+
 					
 				}
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index efe28c900..738f733a8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -36,11 +36,6 @@ import java.util.List;
 import javax.naming.ldap.LdapName;
 import javax.naming.ldap.Rdn;
 
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.ws.soap.common.SOAPException;
-import org.opensaml.xml.XMLObject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.DOMException;
@@ -49,10 +44,12 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
 import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -71,7 +68,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
@@ -80,17 +76,9 @@ import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
@@ -112,9 +100,6 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
 	@Autowired protected AuthConfiguration authConfig;
-	@Autowired private AttributQueryBuilder attributQueryBuilder;
-	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
-	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	
 	@Override
 	public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
@@ -193,82 +178,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 		
 		return authdata;								
 	}
-	
-	/**
-	 * Get PVP authentication attributes by using a SAML2 AttributeQuery
-	 * 
-	 * @param reqQueryAttr List of PVP attributes which are requested
-	 * @param userNameID SAML2 UserNameID of the user for which attributes are requested
-	 * @param idpConfig Configuration of the IDP, which is requested 
-	 * @return 
-	 * @return PVP attribute DAO, which contains all received information
-	 * @throws MOAIDException
-	 */
-	public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List<Attribute> reqQueryAttr,
-			String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException{
-		String idpEnityID = idpConfig.getPublicURLPrefix();
-		
-		try {		
-			Logger.debug("Starting AttributeQuery process ...");
-			//collect attributes by using BackChannel communication
-			String endpoint = idpConfig.getIDPAttributQueryServiceURL();			
-			if (MiscUtil.isEmpty(endpoint)) {
-				Logger.error("No AttributeQueryURL for interfederationIDP " + idpEnityID);
-				throw new ConfigurationException("config.26", new Object[]{idpEnityID});
-				
-			}
-				
-			//build attributQuery request
-			AttributeQuery query = attributQueryBuilder.buildAttributQueryRequest(spEntityID, userNameID, endpoint, reqQueryAttr);
-			
-			//build SOAP request				
-			List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
-		
-			if (xmlObjects.size() == 0) {
-				Logger.error("Receive emptry AttributeQuery response-body.");
-				throw new AttributQueryException("auth.27", 
-						new Object[]{idpEnityID, "Receive emptry AttributeQuery response-body."});
-			
-			}
-		
-			Response intfResp;
-			if (xmlObjects.get(0) instanceof Response) {
-				intfResp = (Response) xmlObjects.get(0);
-			
-				//validate PVP 2.1 response
-				try {
-					samlVerificationEngine.verifyIDPResponse(intfResp, 
-							TrustEngineFactory.getSignatureKnownKeysTrustEngine(
-									metadataProvider));
-			
-					//create assertion attribute extractor from AttributeQuery response
-					return new AssertionAttributeExtractor(intfResp);
-		
-				} catch (Exception e) {
-					Logger.warn("PVP 2.1 assertion validation FAILED.", e);
-					throw new AssertionValidationExeption("auth.27", 
-							new Object[]{idpEnityID, e.getMessage()}, e);
-				}
-											
-			} else {
-				Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
-				throw new AttributQueryException("auth.27", 
-						new Object[]{idpEnityID, "Receive AttributeQuery response-body include no PVP 2.1 response"});
 			
-			}
-				 										
-		} catch (SOAPException e) {
-			throw new BuildException("builder.06", null, e);
-			
-		} catch (SecurityException e) {
-			throw new BuildException("builder.06", null, e);
-					
-		} catch (org.opensaml.xml.security.SecurityException e1) {
-			throw new BuildException("builder.06", null, e1);
-			
-		}
-	}
-		
 	private void buildAuthDataFormMOASession(MOAAuthenticationData authData, IAuthenticationSession session, 
 			IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {
 
@@ -372,32 +282,43 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 			//####################################################
 			//set QAA level
 			includedToGenericAuthData.remove(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME);
+			String currentLoA = null;
 			if (MiscUtil.isNotEmpty(session.getQAALevel()))
-				authData.setQAALevel(session.getQAALevel());
-			
+				currentLoA = session.getQAALevel();			
 			else {
-				String qaaLevel = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class);
-				if (MiscUtil.isNotEmpty(qaaLevel)) {
-					Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + qaaLevel
+				currentLoA = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class);
+				if (MiscUtil.isNotEmpty(currentLoA)) {
+					Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA
 							+ " --> Parse QAA-Level from that attribute.");
-						
-					if (qaaLevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
-						authData.setQAALevel(qaaLevel);
-						
-					} else {
-						Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");				
-						String mappedQAA = PVPtoSTORKMapper.getInstance().mapToQAALevel(qaaLevel);
-						if (MiscUtil.isNotEmpty(mappedQAA))
-							authData.setQAALevel(mappedQAA);
-											
-					}
+					
 				}
 			}
+				
+			if (MiscUtil.isNotEmpty(currentLoA)) {					
+				if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
+					authData.setQAALevel(currentLoA);
+					authData.seteIDASLoA(LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(currentLoA));
+
+				} else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) {
+					authData.setQAALevel(LoALevelMapper.getInstance().mapeIDASQAAToSTORKQAA(currentLoA));
+					authData.seteIDASLoA(currentLoA);
+										
+				} else {
+					Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");				
+					String mappedStorkQAA = LoALevelMapper.getInstance().mapToQAALevel(currentLoA);
+					if (MiscUtil.isNotEmpty(mappedStorkQAA)) {
+						authData.setQAALevel(currentLoA);
+						authData.seteIDASLoA(LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(currentLoA));
+						
+					}										
+				}
+			}		
 			
 			//if no QAA level is set in MOASession then set default QAA level  
 			if (MiscUtil.isEmpty(authData.getQAALevel())) {														
-				Logger.info("No QAA level found. Set to default level " + PVPConstants.STORK_QAA_PREFIX + "1");
+				Logger.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_QAA_LOW);
 				authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + "1");
+				authData.seteIDASLoA(EAAFConstants.EIDAS_QAA_LOW);
 						
 			}
 	
@@ -810,7 +731,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 				try {
 					authData.setGenericData(elementKey, session.getGenericDataFromSession(elementKey));
 						
-				} catch (SessionDataStorageException e) {
+				} catch (EAAFStorageException e) {
 					Logger.warn("Can not add generic authData with key:" + elementKey, e);
 						
 				}				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
index e9e217137..a1d31f5ae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
@@ -29,7 +29,6 @@ import org.opensaml.saml2.core.Attribute;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.PVPAttributeConstants;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -89,16 +88,8 @@ public class DynamicOAAuthParameterBuilder {
 		
 		DynamicOAAuthParameters dynOAParams = new DynamicOAAuthParameters();
 		dynOAParams.setApplicationID(oaParam.getPublicURLPrefix());
-		try {
-			dynOAParams.setHasBaseIdProcessingRestriction(oaParam.hasBaseIdInternalProcessingRestriction());
-			dynOAParams.setHasBaseIdTransfergRestriction(oaParam.hasBaseIdTransferRestriction());
-			
-		} catch (EAAFConfigurationException e) {
-			Logger.warn("Can not resolve baseID restrications! Set to privacy friendly configuration", e);
-			dynOAParams.setHasBaseIdProcessingRestriction(true);
-			dynOAParams.setHasBaseIdTransfergRestriction(true);
-			
-		}
+		dynOAParams.setHasBaseIdProcessingRestriction(oaParam.hasBaseIdInternalProcessingRestriction());
+		dynOAParams.setHasBaseIdTransfergRestriction(oaParam.hasBaseIdTransferRestriction());
 		
 		Object storkRequst = null;
 		try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index e0d65e103..10c271b6a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -186,7 +186,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 	    			&& MiscUtil.isNotEmpty(templateURLList.get(0)) ) {	    	
 	    		templateURL = FileUtils.makeAbsoluteURL(
 	    				oaParam.getTemplateURL().get(0),
-	    				authConfig.getRootConfigFileDir());
+	    				authConfig.getRootConfigFileDir()); 
 	    		Logger.info("No SL-Template in request, load SL-Template from OA configuration (URL: " + templateURL + ")");
 
 	    	} else if ( (defaulTemplateURLList.size() > 0) && MiscUtil.isNotEmpty(defaulTemplateURLList.get(0))) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 0e9db3964..f9aa1b83c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -36,12 +36,14 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -50,6 +52,7 @@ import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
@@ -66,7 +69,7 @@ import at.gv.egovernment.moa.util.URLEncoder;
 public class IDPSingleLogOutServlet extends AbstractController {
 	
 	@Autowired SSOManager ssoManager;
-	@Autowired AuthenticationManager authManager;
+	@Autowired IAuthenticationManager authManager;
 	@Autowired IAuthenticationSessionStoreage authenicationStorage;
 	@Autowired SingleLogOutBuilder sloBuilder;
 	
@@ -127,6 +130,9 @@ public class IDPSingleLogOutServlet extends AbstractController {
 			} catch (MOADatabaseException e) {
 				handleErrorNoRedirect(e, req, resp, false);
 				
+			} catch (EAAFException e) {
+				handleErrorNoRedirect(e, req, resp, false);
+				
 			}
 			
 			return;			
@@ -135,10 +141,13 @@ public class IDPSingleLogOutServlet extends AbstractController {
 			try {
 				if (ssoManager.isValidSSOSession(ssoid, null)) {
 				
-					AuthenticationSession authSession = authenicationStorage.getInternalMOASessionWithSSOID(ssoid);
+					String internalSSOId = authenicationStorage.getInternalSSOSessionWithSSOID(ssoid);
 					
-					if(authSession != null) {
-						authManager.performSingleLogOut(req, resp, authSession, authURL);
+					if(MiscUtil.isNotEmpty(internalSSOId)) {
+						ISLOInformationContainer sloInfoContainer = authManager.performSingleLogOut(req, resp, null, internalSSOId);
+						
+						Logger.debug("Starting technical SLO process ... ");
+						sloBuilder.toTechnicalLogout(sloInfoContainer, req, resp, authURL);						
 						return;
 							
 					}
@@ -159,11 +168,12 @@ public class IDPSingleLogOutServlet extends AbstractController {
 							sloContainer.putFailedOA("differntent OAs");
 							
 						String redirectURL = null;
-						if (sloContainer.getSloRequest() != null) {
+						IRequest sloReq = sloContainer.getSloRequest();
+						if (sloReq != null && sloReq instanceof PVPTargetConfiguration) {
 							//send SLO response to SLO request issuer
-							SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(sloContainer.getSloRequest());
-							LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
-							redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, sloContainer.getSloRequest().getRequest().getRelayState());
+							SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPTargetConfiguration)sloContainer.getSloRequest());
+							LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPTargetConfiguration)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
+							redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, ((PVPTargetConfiguration)sloContainer.getSloRequest()).getRequest().getRelayState());
 															
 						} else {
 							//print SLO information directly
@@ -205,6 +215,9 @@ public class IDPSingleLogOutServlet extends AbstractController {
 					} catch (MOAIDException e) {
 						Logger.warn("Build SLO respone FAILED.", e);
 						
+					} catch (EAAFException e) {
+						Logger.warn("Build SLO respone FAILED.", e);
+						
 					}
 					
 					try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 21d329145..0285dd75b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -98,7 +98,7 @@ public class LogOutServlet {
 				
 			}
 			
-			if (ssomanager.destroySSOSessionOnIDPOnly(req, resp))
+			if (ssomanager.destroySSOSessionOnIDPOnly(req, resp, null))
 				Logger.info("User with SSO is logged out and get redirect to "+ redirectUrl);				
 			else
 				Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
index 752f54139..07b5242e0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
@@ -29,9 +29,9 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
 
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
-import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -56,10 +56,10 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor {
 		//search for unique session identifier
 		String uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);											
 		if (MiscUtil.isEmpty(uniqueSessionIdentifier))
-			uniqueSessionIdentifier = Random.nextRandom();
+			uniqueSessionIdentifier = Random.nextHexRandom16();
 		
 		TransactionIDUtils.setSessionId(uniqueSessionIdentifier);		
-		request.setAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier);
+		request.setAttribute(EAAFConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier);
 		
 		return true; 
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
index f0477c1fb..89e543209 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
@@ -60,7 +60,6 @@ import java.util.Set;
 import org.apache.commons.lang.SerializationUtils;
 
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -104,7 +103,7 @@ public class OAAuthParameterDecorator implements IOAAuthParameters, Serializable
 
       
   @Override
-  public boolean hasBaseIdInternalProcessingRestriction() throws EAAFConfigurationException {
+  public boolean hasBaseIdInternalProcessingRestriction() {
 	  String targetAreaIdentifier = getAreaSpecificTargetIdentifier();
 	  for (String el : spConfiguration.getTargetsWithNoBaseIdInternalProcessingRestriction()) {
 		  if (targetAreaIdentifier.startsWith(el))
@@ -116,7 +115,7 @@ public class OAAuthParameterDecorator implements IOAAuthParameters, Serializable
   }
 
   @Override
-  public boolean hasBaseIdTransferRestriction() throws EAAFConfigurationException {
+  public boolean hasBaseIdTransferRestriction() {
 	  String targetAreaIdentifier = getAreaSpecificTargetIdentifier();
 	  for (String el : spConfiguration.getTargetsWithNoBaseIdTransferRestriction()) {
 		  if (targetAreaIdentifier.startsWith(el))
@@ -688,13 +687,7 @@ public boolean isInterfederationSSOStorageAllowed() {
 }
 
 public boolean isIDPPublicService() throws ConfigurationException {
-	try {
-		return !hasBaseIdTransferRestriction();
-		
-	} catch (EAAFConfigurationException e) {
-		throw new ConfigurationException("internal.00", new Object[] {}, e);
-		
-	}
+	return !hasBaseIdTransferRestriction();
 	
 }
 
@@ -947,11 +940,14 @@ public List<String> getTargetsWithNoBaseIdTransferRestriction() {
 
 
 @Override
-/**
- * THIS METHODE IS NOT SUPPORTED IN THIS IMPLEMENTATION 
- */
 public String getUniqueIdentifier() {
-	return null;
+	return getPublicURLPrefix();
+}
+
+
+@Override
+public String getMinimumLevelOfAssurence() {
+	return getQaaLevel();
 }
 
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index db2499ad5..a0a34336c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -96,7 +96,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 		Map<String, String> oa = getActiveOnlineApplication(spIdentifier);
 		if (oa == null) {			
 			return null;
-		}
+		} 
 
 		return new OAAuthParameterDecorator(new SPConfigurationImpl(oa, this));
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index f401db8bf..11932f52a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -75,7 +75,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 	 * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifier()
 	 */
 	@Override
-	public String getAreaSpecificTargetIdentifier() throws ConfigurationException {
+	public String getAreaSpecificTargetIdentifier() {
 		return this.oaTargetAreaIdentifier;
 	}
 
@@ -551,8 +551,12 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 
 	@Override
 	public String getUniqueIdentifier() {
-		// TODO Auto-generated method stub
-		return null;
+		return getPublicURLPrefix();
+	}
+
+	@Override
+	public String getMinimumLevelOfAssurence() {
+		return getQaaLevel();
 	}
 
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index 0e8a988ce..ba3eba2e6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -33,7 +33,7 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -76,7 +76,7 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	public String getQAALevel() {
 		if (this.QAALevel != null && 
 				this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
-			String mappedQAA = PVPtoSTORKMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
+			String mappedQAA = LoALevelMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
 			if (MiscUtil.isNotEmpty(mappedQAA))
 				return mappedQAA;
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
index 20588ad0b..b1f123bbc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
@@ -30,7 +30,9 @@ import java.util.List;
 import java.util.Map.Entry;
 import java.util.Set;
 
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 
 /**
  * @author tlenz
@@ -40,9 +42,9 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
  	
 	private static final long serialVersionUID = 7148730740582881862L;
 	
-	private PVPTargetConfiguration sloRequest = null;
-	private LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs;
-	private LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs;
+	private IRequest sloRequest = null;
+	private LinkedHashMap<String, SLOInformationInterface> activeFrontChannalOAs;
+	private LinkedHashMap<String, SLOInformationInterface> activeBackChannelOAs;
 	private List<String> sloFailedOAs = null;
 	private String transactionID = null;
 	private String sessionID = null;
@@ -51,8 +53,8 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 	 * 
 	 */
 	public SLOInformationContainer() {
-		this.activeBackChannelOAs = new LinkedHashMap<String, SLOInformationImpl>(); 
-		this.activeFrontChannalOAs = new LinkedHashMap<String, SLOInformationImpl>(); 
+		this.activeBackChannelOAs = new LinkedHashMap<String, SLOInformationInterface>(); 
+		this.activeFrontChannalOAs = new LinkedHashMap<String, SLOInformationInterface>(); 
 		this.sloFailedOAs = new ArrayList<String>();
 		
 	}
@@ -61,28 +63,28 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 	/**
 	 * @return the activeFrontChannalOAs
 	 */
-	public LinkedHashMap<String, SLOInformationImpl> getActiveFrontChannalOAs() {
+	public LinkedHashMap<String, SLOInformationInterface> getActiveFrontChannalOAs() {
 		return activeFrontChannalOAs;
 	}
 
 	/**
 	 * @param activeFrontChannalOAs the activeFrontChannalOAs to set
 	 */
-	public void setActiveFrontChannalOAs(LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs) {
+	public void setActiveFrontChannalOAs(LinkedHashMap<String, SLOInformationInterface> activeFrontChannalOAs) {
 		this.activeFrontChannalOAs = activeFrontChannalOAs;
 	}
 
 	/**
 	 * @return the activeBackChannelOAs
 	 */
-	public LinkedHashMap<String, SLOInformationImpl> getActiveBackChannelOAs() {
+	public LinkedHashMap<String, SLOInformationInterface> getActiveBackChannelOAs() {
 		return activeBackChannelOAs;
 	}
 
 	/**
 	 * @param activeBackChannelOAs the activeBackChannelOAs to set
 	 */
-	public void setActiveBackChannelOAs(LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs) {
+	public void setActiveBackChannelOAs(LinkedHashMap<String, SLOInformationInterface> activeBackChannelOAs) {
 		this.activeBackChannelOAs = activeBackChannelOAs;
 	}
 
@@ -98,7 +100,7 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 	 * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#getFrontChannelOASessionDescriptions()
 	 */
 	@Override
-	public Set<Entry<String, SLOInformationImpl>> getFrontChannelOASessionDescriptions() {
+	public Set<Entry<String, SLOInformationInterface>> getFrontChannelOASessionDescriptions() {
 		return activeFrontChannalOAs.entrySet();
 	}
 	
@@ -122,7 +124,7 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 	 * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#getBackChannelOASessionDescripten(java.lang.String)
 	 */
 	@Override
-	public SLOInformationImpl getBackChannelOASessionDescripten(String oaID) {
+	public SLOInformationInterface getBackChannelOASessionDescripten(String oaID) {
 		return activeBackChannelOAs.get(oaID);
 	}
 	
@@ -134,19 +136,12 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 		activeBackChannelOAs.remove(oaID);
 	}
 	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#getSloRequest()
-	 */
-	@Override
-	public PVPTargetConfiguration getSloRequest() {
-		return sloRequest;
-	}
-	
+
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#setSloRequest(at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration)
 	 */
 	@Override
-	public void setSloRequest(PVPTargetConfiguration sloRequest) {
+	public void setSloRequest(IRequest sloRequest) {
 		this.sloRequest = sloRequest;
 		
 	}
@@ -197,7 +192,11 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 	public void setSessionID(String sessionID) {
 		this.sessionID = sessionID;
 	}
-	
-	
+
+
+	@Override
+	public IRequest getSloRequest() {
+		return this.sloRequest;
+	}
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
index 1d1e2f36a..5ff923bce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
@@ -26,6 +26,8 @@ import java.io.Serializable;
 
 import org.opensaml.saml2.metadata.SingleLogoutService;
 
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+
 
 /**
  * @author tlenz
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
deleted file mode 100644
index 31fdaacfd..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-
-/**
- * @author tlenz
- *
- */
-public interface SLOInformationInterface{
-	
-
-	/**
-	 * get AssertionID which was used for Service Provider Single LogOut request 
-	 * 
-	 * @return
-	 * SessionID (SessionIndex in case of SAML2)
-	 */
-	public String getSessionIndex();
-	
-	/**
-	 * get user identifier which was used
-	 * 
-	 * @return
-	 * bPK / wbPK (nameID in case of SAML2)
-	 */
-	public String getUserNameIdentifier();
-	
-	
-	/**
-	 * get protocol type which was used for authentication
-	 * 
-	 * @return
-	 * return authentication protocol type
-	 */
-	public String getProtocolType();
-
-	/**
-	 * @return
-	 */
-	public String getUserNameIDFormat();
-	
-	/**
-	 * Get the unique entityID of this Service-Provider
-	 * 
-	 * @return unique identifier, but never null
-	 */
-	public String getSpEntityID();
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 2e1af43e4..c05a271f6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -22,12 +22,8 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.moduls;
 
-import java.util.ArrayList;
-import java.util.Collection;
 import java.util.Enumeration;
-import java.util.Iterator;
 import java.util.List;
-import java.util.Map.Entry;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -35,46 +31,31 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.opensaml.saml2.core.LogoutRequest;
-import org.opensaml.saml2.core.LogoutResponse;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.metadata.SingleLogoutService;
-import org.opensaml.ws.soap.common.SOAPException;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
-import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -92,7 +73,7 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 	public static final String MOA_SESSION = "MoaAuthenticationSession";
 	public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
 
-	public static final int SLOTIMEOUT = 30 * 1000; //30 sec
+	
 	
 
 	@Autowired private ITransactionStorage transactionStorage;
@@ -105,87 +86,33 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 	
 	
 	@Override
-	public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq)
-			throws EAAFException {
-		// TODO Auto-generated method stub
-		
-	}
-
-	@Override
-	public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq, String arg3)
+	public ISLOInformationContainer performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq, String internalSSOId)
 			throws EAAFException {
-		// TODO Auto-generated method stub
-		
-	}
-	
-	
-	
-	public void performSingleLogOut(HttpServletRequest httpReq,
-	HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
-		performSingleLogOut(httpReq, httpResp, session, pvpReq, null);
-		
-	}
-	
-	public void performSingleLogOut(HttpServletRequest httpReq,
-	HttpServletResponse httpResp, IAuthenticationSession session, String authURL) throws MOAIDException {
-		performSingleLogOut(httpReq, httpResp, session, null, authURL);
-		
-	}
-	
-	
-	public void performOnlyIDPLogOut(HttpServletRequest request,
-			HttpServletResponse response, String internalMOASsoSessionID) {
-		Logger.info("Remove active user-session");
-
-		if(internalMOASsoSessionID == null) {
-			internalMOASsoSessionID = StringEscapeUtils.escapeHtml((String) request.getParameter(PARAM_SESSIONID));
-		}
-		
-		if(internalMOASsoSessionID == null) {
-			Logger.info("NO MOA Session to logout");
-			return;
-		}
-		
-		AuthenticationSession authSession;
-		try {
-			authSession = authenticatedSessionStore.getInternalSSOSession(internalMOASsoSessionID);
-
-			if(authSession == null) {
-				Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID);
-				return;
-			}
-						
-			performOnlyIDPLogOut(authSession);
-					
-		} catch (MOADatabaseException e) {
-			Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID);
-			return;
-		}
-
-	}
-		
-	
-	private void performSingleLogOut(HttpServletRequest httpReq,
-	HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException {		
 		String pvpSLOIssuer = null;
-		String inboundRelayState = null;
 		String uniqueSessionIdentifier = "notSet";
 		String uniqueTransactionIdentifier = "notSet";
-		
+		PVPTargetConfiguration pvpReq = null;		
 		Logger.debug("Start technical Single LogOut process ... ");
 		
-		if (pvpReq != null) {
-			MOARequest samlReq = (MOARequest) pvpReq.getRequest();
-			LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
-			pvpSLOIssuer = logOutReq.getIssuer().getValue();
-			inboundRelayState = samlReq.getRelayState();
-			uniqueSessionIdentifier = pvpReq.getUniqueSessionIdentifier();
-			uniqueTransactionIdentifier = pvpReq.getUniqueTransactionIdentifier();
+		
+		if (pendingReq != null) {
+			uniqueSessionIdentifier = pendingReq.getUniqueSessionIdentifier();
+			uniqueTransactionIdentifier = pendingReq.getUniqueTransactionIdentifier();
+			
+			if (pendingReq instanceof PVPTargetConfiguration) {
+				pvpReq = ((PVPTargetConfiguration)pendingReq);
+				MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+				LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
+				pvpSLOIssuer = logOutReq.getIssuer().getValue();
+			}
 			
+			if (MiscUtil.isEmpty(internalSSOId))
+				internalSSOId = pendingReq.getSSOSessionIdentifier();
+						
 		} else {			
 			AuthenticationSessionExtensions sessionExt;
 			try {
-				sessionExt = authenticatedSessionStore.getAuthenticationSessionExtensions(session.getSessionID());
+				sessionExt = authenticatedSessionStore.getAuthenticationSessionExtensions(internalSSOId);
 				if (sessionExt != null)
 					uniqueSessionIdentifier = sessionExt.getUniqueSessionId();
 				
@@ -199,8 +126,8 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 		}
 		
 		//store active OAs to SLOContaine
-		List<OASessionStore> dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(session);
-		List<InterfederationSessionStore> dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(session);
+		List<OASessionStore> dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(internalSSOId);
+		List<InterfederationSessionStore> dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(internalSSOId);
 		SLOInformationContainer sloContainer = new SLOInformationContainer();		
 		sloContainer.setTransactionID(uniqueTransactionIdentifier);
 		sloContainer.setSessionID(uniqueSessionIdentifier);
@@ -213,13 +140,13 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 				 + " BackChannel:" + sloContainer.getActiveBackChannelOAs().size()
 				 + " FrontChannel:" + sloContainer.getActiveFrontChannalOAs().size()
 				 + " NO_SLO_Support:" + sloContainer.getSloFailedOAs().size());
-		
+
+
 		//terminate MOASession
 		try {			
-			authenticatedSessionStore.destroyInternalSSOSession(session.getSessionID());
-			ssoManager.deleteSSOSessionID(httpReq, httpResp);
+			authenticatedSessionStore.destroyInternalSSOSession(internalSSOId);
+			ssoManager.destroySSOSessionOnIDPOnly(httpReq, httpResp, pendingReq);
 			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier);
-
 			Logger.debug("Active SSO Session on IDP is remove.");
 						
 		} catch (MOADatabaseException e) {
@@ -228,165 +155,8 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 			
 		}
 		
-		Logger.trace("Starting Service-Provider logout process ... ");		
-		revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_STARTED);		
-		//start service provider back channel logout process		
-		Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA();	
-		while (nextOAInterator.hasNext()) {
-			SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next());
-			LogoutRequest sloReq = sloBuilder.buildSLORequestMessage(sloDescr);
-
-			try {
-				Logger.trace("Send backchannel SLO Request to " + sloDescr.getSpEntityID());
-				List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq);
-				
-				LogoutResponse sloResp = null;						
-				for (XMLObject el : soapResp) {
-					if (el instanceof LogoutResponse)
-						sloResp = (LogoutResponse) el;							
-				}
-				
-				if (sloResp == null) {
-					Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
-							+ " FAILED. NO LogOut response received.");
-					sloContainer.putFailedOA(sloDescr.getSpEntityID());
-					
-				} else {
-					samlVerificationEngine.verifySLOResponse(sloResp, 
-							TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
-					
-				}
-								
-				sloBuilder.checkStatusCode(sloContainer, sloResp);
-										
-			} catch (SOAPException e) {
-				Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
-						+ " FAILED.", e);
-				sloContainer.putFailedOA(sloDescr.getSpEntityID());
-				
-			} catch (SecurityException | InvalidProtocolRequestException e) {
-				Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
-						+ " FAILED.", e);
-				sloContainer.putFailedOA(sloDescr.getSpEntityID());
-				
-			}					
-		}
-						
-		//start service provider front channel logout process
-		try {
-			if (sloContainer.hasFrontChannelOA()) {
-				String relayState = Random.nextRandom();
-				
-				Collection<Entry<String, SLOInformationImpl>> sloDescr = sloContainer.getFrontChannelOASessionDescriptions();
-				List<String> sloReqList = new ArrayList<String>();
-				for (Entry<String, SLOInformationImpl> el : sloDescr) {
-					Logger.trace("Build frontChannel SLO Request for " + el.getValue().getSpEntityID());
-					
-					LogoutRequest sloReq = sloBuilder.buildSLORequestMessage(el.getValue());
-					try {
-						sloReqList.add(sloBuilder.getFrontChannelSLOMessageURL(el.getValue().getServiceURL(), el.getValue().getBinding(), 
-								sloReq, httpReq, httpResp, relayState));
-						
-					} catch (Exception e) {
-						Logger.warn("Failed to build SLO request for OA:" + el.getKey());
-						sloContainer.putFailedOA(el.getKey());
-						
-					}														
-				}
-				
-				//put SLO process-information into transaction storage
-				transactionStorage.put(relayState, sloContainer, -1);
-				
-				if (MiscUtil.isEmpty(authURL))
-					authURL = pvpReq.getAuthURL();
-				
-				String timeOutURL = authURL
-						+ "/idpSingleLogout"
-						+ "?restart=" + relayState;
-				
-				DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
-						authURL, 
-						DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
-						null);
-				
-				config.putCustomParameterWithOutEscaption("redirectURLs", sloReqList);
-				config.putCustomParameterWithOutEscaption("timeoutURL", timeOutURL);
-				config.putCustomParameter("timeout", String.valueOf(SLOTIMEOUT));
-		        
-		        guiBuilder.build(httpResp, config, "Single-LogOut GUI");
-		        
-								
-			} else {
-				if (pvpReq != null) {
-					//send SLO response to SLO request issuer
-					SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
-					LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
-					sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq);
-					
-				} else {
-					//print SLO information directly
-					DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
-							authURL, 
-							DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
-							null);
-					
-			        if (sloContainer.getSloFailedOAs() == null || 
-			        		sloContainer.getSloFailedOAs().size() == 0) {
-			        	revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
-			        	config.putCustomParameter("successMsg", 
-			        			MOAIDMessageProvider.getInstance().getMessage("slo.00", null));
-			        	
-			        } else {
-			        	revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
-			        	config.putCustomParameterWithOutEscaption("errorMsg", 
-			        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
-			        	
-			        }
-			        guiBuilder.build(httpResp, config, "Single-LogOut GUI");
-										
-				}
-									
-			}	
+		return sloContainer;
 		
-		} catch (GUIBuildException e) {
-			Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
-			throw  new MOAIDException("builder.09", new Object[]{e.getMessage()}, e);
-			
-		} catch (MOADatabaseException e) {
-			Logger.error("MOA AssertionDatabase ERROR", e);
-			if (pvpReq != null) {
-				SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
-				LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
-				sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq);
-
-				revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
-				
-			}else {
-				//print SLO information directly
-				DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
-						authURL, 
-						DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
-						null);
-				
-				revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
-				config.putCustomParameterWithOutEscaption("errorMsg", 
-	        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
-	        	
-	        	try {
-					guiBuilder.build(httpResp, config, "Single-LogOut GUI");
-					
-				} catch (GUIBuildException e1) {
-					Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
-					throw  new MOAIDException("builder.09", new Object[]{e.getMessage()}, e);
-					
-				}
-									
-			}
-			
-		} catch (Exception e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}				
 	}
 	
 	@Override
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index bded1943b..d3d7a9456 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -72,11 +72,15 @@ public class SSOManager implements ISSOManager {
 	
 	private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec
 
+	public static final String DATAID_INTERFEDERATIOIDP_URL = "INTERFEDERATIOIDP_URL";
+	
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
 	@Autowired private AuthConfiguration authConfig;
 	@Autowired private IRevisionLogger revisionsLogger;
 	
 	
+	
+	
 	//@Autowired private MOASessionDBUtils moaSessionDBUtils;
 	
 	
@@ -113,7 +117,7 @@ public class SSOManager implements ISSOManager {
 			return isSSOValid;
 						
 			
-		} catch (SessionDataStorageException | ConfigurationException | MOADatabaseException e) {
+		} catch (SessionDataStorageException | ConfigurationException | EAAFStorageException e) {
 			Logger.warn("Cann not process SSO session. Reason: " + e.getMessage(), e);
 			Logger.info("All SSO session will be ignored.");
 			
@@ -151,8 +155,9 @@ public class SSOManager implements ISSOManager {
 	
 	public void populatePendingRequestWithSSOInformation(IRequest pendingReq) throws EAAFSSOException {				
 		//populate pending request with eID data from SSO session if no userConsent is required
-		try {
-			AuthenticationSession ssoMOASession = getInternalMOASession(pendingReq.getSSOSessionIdentifier());
+		try {			
+			String ssoSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(pendingReq.getSSOSessionIdentifier());						
+			AuthenticationSession ssoMOASession = authenticatedSessionStore.getInternalSSOSession(ssoSessionId);
 			
 			if (ssoMOASession == null)
 				Logger.info("No MOASession FOUND with provided SSO-Cookie.");
@@ -192,25 +197,26 @@ public class SSOManager implements ISSOManager {
 			if (isValidSSOSession(ssoid, null)) {
 		
 				//delete SSO session and MOA session
-				AuthenticationSession ssoSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoid);
+				String ssoSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoid);						
+				AuthenticationSession ssoMOASession = authenticatedSessionStore.getInternalSSOSession(ssoSessionId);
 		
-				if (ssoSession == null) {
+				if (ssoMOASession == null) {
 					Logger.info("No internal MOA SSO-Session found. Nothing to destroy");
 					return false;
 				
 				}
 			
 													
-				ssoSession.setAuthenticated(false);
+				ssoMOASession.setAuthenticated(false);
 
 				//log Session_Destroy to reversionslog
 				AuthenticationSessionExtensions sessionExtensions = 
-						authenticatedSessionStore.getAuthenticationSessionExtensions(ssoSession.getSSOSessionID());
+						authenticatedSessionStore.getAuthenticationSessionExtensions(ssoMOASession.getSSOSessionID());
 				revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
-				authenticatedSessionStore.destroyInternalSSOSession(ssoSession.getSSOSessionID());
+				authenticatedSessionStore.destroyInternalSSOSession(ssoMOASession.getSSOSessionID());
 			}
 			
-		} catch (MOADatabaseException | ConfigurationException | SessionDataStorageException e) {
+		} catch (ConfigurationException | SessionDataStorageException | EAAFStorageException e) {
 			Logger.info("NO MOA Authentication data for ID " + ssoid);
 			return false;
 			
@@ -235,14 +241,15 @@ public class SSOManager implements ISSOManager {
 	 * @param httpResp HttpServletResponse
 	 * @param protocolRequest Authentication request which is actually in process
 	 * @throws SessionDataStorageException 
+	 * @throws EAAFStorageException 
 	 * 
 	 **/
 	public void checkInterfederationIsRequested(HttpServletRequest httpReq, HttpServletResponse httpResp,
-			IRequest protocolRequest) throws SessionDataStorageException {
+			IRequest protocolRequest) throws SessionDataStorageException, EAAFStorageException {
 		String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP);
 
 		String interfederationIDP = 
-				protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class);
+				protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class);
 		if (MiscUtil.isNotEmpty(interfederationIDP)) {
 			Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + interfederationIDP);
 			return;
@@ -254,14 +261,14 @@ public class SSOManager implements ISSOManager {
 			RequestImpl moaReq = (RequestImpl) protocolRequest;
 			if (MiscUtil.isNotEmpty(interIDP)) {
 				Logger.info("Receive SSO request for interfederation IDP " + interIDP);
-				moaReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, interIDP);
+				moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, interIDP);
 				
 			} else {
 				//check if IDP cookie is set
 				String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION);
 				if (MiscUtil.isNotEmpty(cookie)) {
 					Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie);
-					moaReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, cookie);
+					moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, cookie);
 				
 					deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);									
 				}				
@@ -283,7 +290,7 @@ public class SSOManager implements ISSOManager {
 		Logger.debug("Add SSO information to MOASession.");
 
 		//Store SSO information into database
-		String newSSOSessionId = createSSOSessionInformations(moaSession.getSessionID(), 
+		String newSSOSessionId = createSSOSessionInformations(moaSession.getSSOSessionID(), 
 				pendingReq.getSPEntityId());
 
 		//set SSO cookie to response
@@ -298,7 +305,7 @@ public class SSOManager implements ISSOManager {
 		return newSSOSessionId;
 	}
 	
-	public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException, SessionDataStorageException {
+	public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException, SessionDataStorageException, EAAFStorageException {
 		
 		// search SSO Session
 		if (ssoSessionID == null) {
@@ -328,7 +335,7 @@ public class SSOManager implements ISSOManager {
 				//in case of federated SSO session, jump to federated IDP for authentication
 				
 				String interfederationIDP = 
-						protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class);
+						protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class);
 				
 				if (MiscUtil.isEmpty(interfederationIDP)) {
 					InterfederationSessionStore selectedIDP = authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid());
@@ -337,7 +344,7 @@ public class SSOManager implements ISSOManager {
 						//no local SSO session exist -> request interfederated IDP
 						Logger.info("SSO Session refer to federated IDP: " + selectedIDP.getIdpurlprefix());
 						protocolRequest.setGenericDataToSession(
-								RequestImpl.DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix());
+								DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix());
 						
 					} else {
 						Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
@@ -360,18 +367,18 @@ public class SSOManager implements ISSOManager {
 		
 	}
 	
-	public AuthenticationSession getInternalMOASession(String ssoSessionID) throws MOADatabaseException {
-		return authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID);
-		
-	}
+//	public String getInternalSSOSession(String ssoSessionID) throws MOADatabaseException {
+//		return authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoSessionID);
+//		
+//	}
 	
 	//TODO: refactor for faster DB access
 	public String getUniqueSessionIdentifier(String ssoSessionID) {
 		try {
 			if (MiscUtil.isNotEmpty(ssoSessionID)) {			
-				AuthenticationSession moaSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID);
-				if (moaSession != null) {
-					AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSession.getSSOSessionID());
+				String ssoSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoSessionID);
+				if (MiscUtil.isNotEmpty(ssoSessionId)) {
+					AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(ssoSessionId);
 						return extSessionInformation.getUniqueSessionId();
 			
 				}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java
deleted file mode 100644
index 9262e97c2..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class BPKAttributeBuilder implements IPVPAttributeBuilder {
-	
-	public String getName() {
-		return BPK_NAME;
-	}
-	
-	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		String bpk = authData.getBPK();
-		String type = authData.getBPKType();
-		
-		if (MiscUtil.isEmpty(bpk))
-			throw new UnavailableAttributeException(BPK_NAME);
-			
-		if (type.startsWith(Constants.URN_PREFIX_WBPK))
-			type = type.substring((Constants.URN_PREFIX_WBPK + "+").length());
-		
-		else if (type.startsWith(Constants.URN_PREFIX_CDID)) 
-			type = type.substring((Constants.URN_PREFIX_CDID + "+").length());
-		
-		else if (type.startsWith(Constants.URN_PREFIX_EIDAS)) 
-			type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length());
-		
-		if (bpk.length() > BPK_MAX_LENGTH) {
-			bpk = bpk.substring(0, BPK_MAX_LENGTH);
-		}
-		
-		Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type);
-		
-		return g.buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk);
-	}
-	
-	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
-		return g.buildEmptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME);
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java
deleted file mode 100644
index 783e044f8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder {
-
-	public String getName() {
-		return EID_SECTOR_FOR_IDENTIFIER_NAME;
-	}
-
-	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeBuilderException {		
-		String bpktype = authData.getBPKType();
-		
-		if (MiscUtil.isEmpty(authData.getBPKType()))
-			throw new UnavailableAttributeException(EID_SECTOR_FOR_IDENTIFIER_NAME);
-				
-		return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
-				EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype);
-	}
-	
-	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
-		return g.buildEmptyAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
-				EID_SECTOR_FOR_IDENTIFIER_NAME);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
index 2f18c78e2..7c2207d1d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.logging.Logger;
 
 public class EIDSignerCertificate implements IPVPAttributeBuilder {
@@ -43,11 +44,14 @@ public class EIDSignerCertificate implements IPVPAttributeBuilder {
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		
 		try {
-			byte[] signerCertificate = authData.getSignerCertificate();
-			if (signerCertificate != null) {
-				return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, 
+			if (authData instanceof IMOAAuthData) {
+				byte[] signerCertificate = ((IMOAAuthData)authData).getSignerCertificate();
+				if (signerCertificate != null) {
+					return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, 
 						Base64Utils.encodeToString(signerCertificate));
-			}
+				}
+			} else
+				Logger.info(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME + " is only available in MOA-ID context");
 			
 		}catch (Exception e) {
 			Logger.info("Signer certificate BASE64 encoding error");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
index e91bc90d6..090cf6b21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
@@ -28,6 +28,8 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.logging.Logger;
 
 public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
 	
@@ -38,16 +40,20 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 
-		if (authData.getEncbPKList() != null &&
-				authData.getEncbPKList().size() > 0) {
-			String value = authData.getEncbPKList().get(0);
-			for (int i=1; i<authData.getEncbPKList().size(); i++)
-				value += ";"+authData.getEncbPKList().get(i);			
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).getEncbPKList() != null &&
+					((IMOAAuthData)authData).getEncbPKList().size() > 0) {
+				String value = ((IMOAAuthData)authData).getEncbPKList().get(0);
+				for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++)
+					value += ";"+((IMOAAuthData)authData).getEncbPKList().get(i);			
 			
-			return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, 
-					value);
+				return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, 
+						value);
 			
-		} 
+			}
+			
+		} else
+			Logger.info(ENC_BPK_LIST_FRIENDLY_NAME + " is only available in MOA-ID context");
 		
 		throw new UnavailableAttributeException(ENC_BPK_LIST_NAME);
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
index e1e7440e6..c65199dd6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
@@ -24,13 +24,13 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
 import java.io.IOException;
 
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 
@@ -45,7 +45,7 @@ public class HolderOfKey implements IPVPAttributeBuilder {
 		
 		try {
 			byte[] certEncoded = authData.getGenericData(
-					MOAIDAuthConstants.MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE, 
+					EAAFConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE, 
 					byte[].class);
 			
 			if (certEncoded != null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
index 007f7403a..171dfe2d9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -33,6 +33,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
@@ -45,25 +46,30 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {
-			//only provide full mandate if it is included. 
-			//In case of federation only a short mandate could be include 
-			if (authData.getMandate() != null) {
-				String fullMandate;
-				try {
-					fullMandate = DOMUtils.serializeNode(authData
-							.getMandate());
-					return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
-							MANDATE_FULL_MANDATE_NAME, Base64Utils.encodeToString(fullMandate.getBytes()));
-				} catch (TransformerException e) {
-					Logger.error("Failed to generate Full Mandate", e);
-				} catch (IOException e) {
-					Logger.error("Failed to generate Full Mandate", e);
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {
+				//only provide full mandate if it is included. 
+				//In case of federation only a short mandate could be include 
+				if (((IMOAAuthData)authData).getMandate() != null) {
+					String fullMandate;
+					try {
+						fullMandate = DOMUtils.serializeNode(((IMOAAuthData)authData)
+								.getMandate());
+						return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
+								MANDATE_FULL_MANDATE_NAME, Base64Utils.encodeToString(fullMandate.getBytes()));
+					} catch (TransformerException e) {
+						Logger.error("Failed to generate Full Mandate", e);
+					} catch (IOException e) {
+						Logger.error("Failed to generate Full Mandate", e);
+					}
 				}
+				throw new NoMandateDataAttributeException();
+				
 			}
-			throw new NoMandateDataAttributeException();
 			
-		}
+		} else
+			Logger.info(MANDATE_FULL_MANDATE_FRIENDLY_NAME + " is only available in MOA-ID context");			
+			
 		return null;
 
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
index e41a5ccf1..26ea1823e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -44,34 +45,39 @@ public class MandateLegalPersonFullNameAttributeBuilder implements IPVPAttribute
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {
-			
-			//get PVP attribute directly, if exists 
-			String fullName = authData.getGenericData(MANDATE_LEG_PER_FULL_NAME_NAME, String.class);
-			
-			if (MiscUtil.isEmpty(fullName)) {
-				Element mandate = authData.getMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
-					
-				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if (mandateObject == null) {
-					throw new NoMandateDataAttributeException();
-					
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {
+				
+				//get PVP attribute directly, if exists 
+				String fullName = authData.getGenericData(MANDATE_LEG_PER_FULL_NAME_NAME, String.class);
+				
+				if (MiscUtil.isEmpty(fullName)) {
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
+						
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if (mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+						
+					}
+					CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+					if (corporation == null) {
+						Logger.info("No corporation mandate");
+						throw new NoMandateDataAttributeException();
+						
+					}
+					fullName = corporation.getFullName();
 				}
-				CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
-				if (corporation == null) {
-					Logger.info("No corporation mandate");
-					throw new NoMandateDataAttributeException();
-					
-				}
-				fullName = corporation.getFullName();
+				return g.buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, MANDATE_LEG_PER_FULL_NAME_NAME,
+						fullName);
+				
 			}
-			return g.buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, MANDATE_LEG_PER_FULL_NAME_NAME,
-					fullName);
 			
-		}
+		} else
+			Logger.info(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME + " is only available in MOA-ID context");			
+			
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
index e20cf6684..cad8416b4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -44,11 +45,14 @@ public class MandateLegalPersonSourcePinAttributeBuilder  implements IPVPAttribu
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if(authData.isUseMandate()) {				
-			return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, 
-					MANDATE_LEG_PER_SOURCE_PIN_NAME, getLegalPersonIdentifierFromMandate(authData));
+		if (authData instanceof IMOAAuthData) {
+			if(((IMOAAuthData)authData).isUseMandate()) {				
+				return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, 
+					MANDATE_LEG_PER_SOURCE_PIN_NAME, getLegalPersonIdentifierFromMandate(((IMOAAuthData)authData)));
 			
-		}
+			}
+		} else
+			Logger.info(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME + " is only available in MOA-ID context");
 		
 		return null;
 		
@@ -59,7 +63,7 @@ public class MandateLegalPersonSourcePinAttributeBuilder  implements IPVPAttribu
 	}
 	
 	
-	protected String getLegalPersonIdentifierFromMandate(IAuthData authData) throws NoMandateDataAttributeException {
+	protected String getLegalPersonIdentifierFromMandate(IMOAAuthData authData) throws NoMandateDataAttributeException {
 		//get PVP attribute directly, if exists 
 		String sourcePin = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class);
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
index 098ecf68f..5fa0a5c48 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -44,39 +45,44 @@ public class MandateLegalPersonSourcePinTypeAttributeBuilder implements IPVPAttr
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {
-			//get PVP attribute directly, if exists 
-			String sourcePinType = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class);
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {
+				//get PVP attribute directly, if exists 
+				String sourcePinType = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class);
+							
+				if (MiscUtil.isEmpty(sourcePinType)) { 
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
 						
-			if (MiscUtil.isEmpty(sourcePinType)) { 
-				Element mandate = authData.getMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
-					
-				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if (mandateObject == null) {
-					throw new NoMandateDataAttributeException();
-					
-				}
-				CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
-				if (corporation == null) {
-					Logger.info("No corporate mandate");
-					throw new NoMandateDataAttributeException();
-					
-				}
-				if (corporation.getIdentification().size() == 0) {
-					Logger.info("Failed to generate IdentificationType");
-					throw new NoMandateDataAttributeException();
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if (mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+						
+					}
+					CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+					if (corporation == null) {
+						Logger.info("No corporate mandate");
+						throw new NoMandateDataAttributeException();
+						
+					}
+					if (corporation.getIdentification().size() == 0) {
+						Logger.info("Failed to generate IdentificationType");
+						throw new NoMandateDataAttributeException();
+						
+					}
+					sourcePinType = corporation.getIdentification().get(0).getType();
 					
 				}
-				sourcePinType = corporation.getIdentification().get(0).getType();
 				
+				return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME,
+						sourcePinType);
 			}
 			
-			return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME,
-					sourcePinType);
-		}
+		} else
+			Logger.info(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context");
+	
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index ebec019ae..9160ef453 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -107,46 +108,49 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
 	protected Pair<String, String> internalBPKGenerator(IOAAuthParameters oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException {		
 		//get PVP attribute directly, if exists 
 		Pair<String, String> calcResult = null;
-		
-		if (authData.isUseMandate()) {	
-			String bpk = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class);
-		
-			if (MiscUtil.isEmpty(bpk)) {
-				//read bPK from mandate if it is not directly included
-				Element mandate = authData.getMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if (mandateObject == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
-				if (physicalPerson == null) {
-					Logger.debug("No physicalPerson mandate");
-					throw new NoMandateDataAttributeException();
-				}
-				IdentificationType id = null;
-				id = physicalPerson.getIdentification().get(0);
-				if (id == null) {
-					Logger.info("Failed to generate IdentificationType");
-					throw new NoMandateDataAttributeException();
-				}
-			
-								
-				if (id.getType().equals(Constants.URN_PREFIX_BASEID))									
-					calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(), 
-							oaParam.getAreaSpecificTargetIdentifier());								
-				else
-					calcResult = Pair.newInstance(id.getValue().getValue(), id.getType());
-
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {	
+				String bpk = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class);
 			
-			} else {
-				Logger.info("Find '" + MANDATE_NAT_PER_BPK_NAME + "' in AuthData. Use it what is is.");
-				calcResult = Pair.newInstance(bpk, null);
+				if (MiscUtil.isEmpty(bpk)) {
+					//read bPK from mandate if it is not directly included
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if (mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+					if (physicalPerson == null) {
+						Logger.debug("No physicalPerson mandate");
+						throw new NoMandateDataAttributeException();
+					}
+					IdentificationType id = null;
+					id = physicalPerson.getIdentification().get(0);
+					if (id == null) {
+						Logger.info("Failed to generate IdentificationType");
+						throw new NoMandateDataAttributeException();
+					}
+				
+									
+					if (id.getType().equals(Constants.URN_PREFIX_BASEID))									
+						calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(), 
+								oaParam.getAreaSpecificTargetIdentifier());								
+					else
+						calcResult = Pair.newInstance(id.getValue().getValue(), id.getType());
+	
 				
+				} else {
+					Logger.info("Find '" + MANDATE_NAT_PER_BPK_NAME + "' in AuthData. Use it what is is.");
+					calcResult = Pair.newInstance(bpk, null);
+					
+				}
 			}
-		}
+			
+		} else
+			Logger.info(MANDATE_NAT_PER_BPK_FRIENDLY_NAME + " is only available in MOA-ID context");
 		
 		return calcResult;
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
index 0b8263ffb..e91087484 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
@@ -37,6 +37,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -65,41 +66,44 @@ public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttrib
 	
 	
 	protected String internalAttributGeneration(ISPConfiguration oaParam, IAuthData authData) throws InvalidDateFormatAttributeException, NoMandateDataAttributeException {		
-		if (authData.isUseMandate()) {
+		if (((IMOAAuthData)authData).isUseMandate()) {
 			
 			//get PVP attribute directly, if exists 
 			String birthDayString = authData.getGenericData(MANDATE_NAT_PER_BIRTHDATE_NAME, String.class);
 			
 			if (MiscUtil.isEmpty(birthDayString)) {
-				//read bPK from mandate if it is not directly included
-				Element mandate = authData.getMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if (mandateObject == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
-				if (physicalPerson == null) {
-					Logger.info("No physicalPerson mandate");
-					throw new NoMandateDataAttributeException();
-				}
+				if (authData instanceof IMOAAuthData) {
+					//read bPK from mandate if it is not directly included
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if (mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+					if (physicalPerson == null) {
+						Logger.info("No physicalPerson mandate");
+						throw new NoMandateDataAttributeException();
+					}
 				
-				String dateOfBirth = physicalPerson.getDateOfBirth();
-				try {
-					DateFormat mandateFormat = new SimpleDateFormat(MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT);
-					mandateFormat.setLenient(false);
-					Date date = mandateFormat.parse(dateOfBirth);
-					DateFormat pvpDateFormat = new SimpleDateFormat(MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN);
-					birthDayString = pvpDateFormat.format(date);
+					String dateOfBirth = physicalPerson.getDateOfBirth();
+					try {
+						DateFormat mandateFormat = new SimpleDateFormat(MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT);
+						mandateFormat.setLenient(false);
+						Date date = mandateFormat.parse(dateOfBirth);
+						DateFormat pvpDateFormat = new SimpleDateFormat(MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN);
+						birthDayString = pvpDateFormat.format(date);
 							
-				}
-				catch (ParseException e) {
-					Logger.warn("MIS mandate birthday has an incorrect formt. (Value:" + dateOfBirth, e);
-					throw new InvalidDateFormatAttributeException();
+					}
+					catch (ParseException e) {
+						Logger.warn("MIS mandate birthday has an incorrect formt. (Value:" + dateOfBirth, e);
+						throw new InvalidDateFormatAttributeException();
 					
-				}
+					}					
+				} else
+					Logger.info(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME + " is only available in MOA-ID context");
 				
 			} else {
 				try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
index 38a520298..9261ba063 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
@@ -34,6 +34,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -47,40 +48,45 @@ public class MandateNaturalPersonFamilyNameAttributeBuilder  implements IPVPAttr
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if(authData.isUseMandate()) {
+		if (authData instanceof IMOAAuthData) {
+			if(((IMOAAuthData)authData).isUseMandate()) {
 			
-			//get PVP attribute directly, if exists 
-			String familyName = authData.getGenericData(MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class);
-			
-			if (MiscUtil.isEmpty(familyName)) {
-				//read mandator familyName from mandate if it is not directly included
-				Element mandate = authData.getMandate();
-				if(mandate == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if(mandateObject == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
-				if(physicalPerson == null) {
-					Logger.debug("No physicalPerson mandate");
-					throw new NoMandateDataAttributeException();
-				}
-				
-				StringBuilder sb = new StringBuilder();
-				Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator();
+				//get PVP attribute directly, if exists 
+				String familyName = authData.getGenericData(MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class);
 				
-				while(fNamesit.hasNext())
-					sb.append(" " + fNamesit.next().getValue());
-
-				familyName = sb.toString();
+				if (MiscUtil.isEmpty(familyName)) {
+					//read mandator familyName from mandate if it is not directly included
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if(mandate == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if(mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+					if(physicalPerson == null) {
+						Logger.debug("No physicalPerson mandate");
+						throw new NoMandateDataAttributeException();
+					}
+					
+					StringBuilder sb = new StringBuilder();
+					Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator();
+					
+					while(fNamesit.hasNext())
+						sb.append(" " + fNamesit.next().getValue());
+	
+					familyName = sb.toString();
+					
+				}
 				
+				return g.buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, 
+						MANDATE_NAT_PER_FAMILY_NAME_NAME, familyName);
 			}
 			
-			return g.buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, 
-					MANDATE_NAT_PER_FAMILY_NAME_NAME, familyName);
-		}
+		} else
+			Logger.info(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
index be8e761e0..fe952253d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
@@ -33,6 +33,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -46,37 +47,41 @@ public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttrib
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {			
-			//get PVP attribute directly, if exists 
-			String givenName = authData.getGenericData(MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class);
-			
-			if (MiscUtil.isEmpty(givenName)) {
-				Element mandate = authData.getMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if (mandateObject == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
-				if (physicalPerson == null) {
-					Logger.debug("No physicalPerson mandate");
-					throw new NoMandateDataAttributeException();
-				}
+		if (authData instanceof IMOAAuthData) {	
+			if (((IMOAAuthData)authData).isUseMandate()) {			
+				//get PVP attribute directly, if exists 
+				String givenName = authData.getGenericData(MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class);
 				
-				StringBuilder sb = new StringBuilder();
-				Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator();
-				
-				while (gNamesit.hasNext())
-					sb.append(" " + gNamesit.next());
-				
-				givenName = sb.toString();
+				if (MiscUtil.isEmpty(givenName)) {
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if (mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+					if (physicalPerson == null) {
+						Logger.debug("No physicalPerson mandate");
+						throw new NoMandateDataAttributeException();
+					}
+					
+					StringBuilder sb = new StringBuilder();
+					Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator();
+					
+					while (gNamesit.hasNext())
+						sb.append(" " + gNamesit.next());
+					
+					givenName = sb.toString();
+					
+				}
 				
+				return g.buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_GIVEN_NAME_NAME, givenName);
 			}
 			
-			return g.buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_GIVEN_NAME_NAME, givenName);
-		}
+		} else
+			Logger.info(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME + " is only available in MOA-ID context");
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
index 2890b72d9..3c0a2cc94 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -33,6 +33,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.AttributePolicyException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -45,36 +46,41 @@ public class MandateNaturalPersonSourcePinAttributeBuilder  implements IPVPAttri
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if(authData.isUseMandate()) {
-			Element mandate = authData.getMandate();
-			if(mandate == null) {
-				throw new NoMandateDataAttributeException();
-			}
-			Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-			if(mandateObject == null) {
-				throw new NoMandateDataAttributeException();
-			}
-			PhysicalPersonType physicalPerson = mandateObject.getMandator()
-					.getPhysicalPerson();
-			if (physicalPerson == null) {
-				Logger.debug("No physicalPerson mandate");
-				throw new NoMandateDataAttributeException();
-			}
-			IdentificationType id = null;
-			id = physicalPerson.getIdentification().get(0);
-			
-			if(authData.isBaseIDTransferRestrication()) {
-				throw new AttributePolicyException(this.getName());
-			}
-			
-			if(id == null) {
-				Logger.info("Failed to generate IdentificationType");
-				throw new NoMandateDataAttributeException();
+		if (authData instanceof IMOAAuthData) {
+			if(((IMOAAuthData)authData).isUseMandate()) {
+				Element mandate = ((IMOAAuthData)authData).getMandate();
+				if(mandate == null) {
+					throw new NoMandateDataAttributeException();
+				}
+				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+				if(mandateObject == null) {
+					throw new NoMandateDataAttributeException();
+				}
+				PhysicalPersonType physicalPerson = mandateObject.getMandator()
+						.getPhysicalPerson();
+				if (physicalPerson == null) {
+					Logger.debug("No physicalPerson mandate");
+					throw new NoMandateDataAttributeException();
+				}
+				IdentificationType id = null;
+				id = physicalPerson.getIdentification().get(0);
+				
+				if(authData.isBaseIDTransferRestrication()) {
+					throw new AttributePolicyException(this.getName());
+				}
+				
+				if(id == null) {
+					Logger.info("Failed to generate IdentificationType");
+					throw new NoMandateDataAttributeException();
+				}
+				
+				return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME,
+						MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue());
 			}
 			
-			return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME,
-					MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue());
-		}
+		} else
+			Logger.info(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
index 6b3ed6768..0d9009778 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -32,6 +32,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -44,31 +45,36 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAt
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if(authData.isUseMandate()) {
-			Element mandate = authData.getMandate();
-			if(mandate == null) {
-				throw new NoMandateDataAttributeException();
-			}
-			Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-			if(mandateObject == null) {
-				throw new NoMandateDataAttributeException();
-			}
-			PhysicalPersonType physicalPerson = mandateObject.getMandator()
-					.getPhysicalPerson();
-			if (physicalPerson == null) {
-				Logger.debug("No physicalPerson mandate");
-				throw new NoMandateDataAttributeException();
-			}
-			IdentificationType id = null;
-			id = physicalPerson.getIdentification().get(0);
-			if(id == null) {
-				Logger.info("Failed to generate IdentificationType");
-				throw new NoMandateDataAttributeException();
-			}
-			
-			return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
-					MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType());
-		}
+		if (authData instanceof IMOAAuthData) {
+				if(((IMOAAuthData)authData).isUseMandate()) {
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if(mandate == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if(mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					PhysicalPersonType physicalPerson = mandateObject.getMandator()
+							.getPhysicalPerson();
+					if (physicalPerson == null) {
+						Logger.debug("No physicalPerson mandate");
+						throw new NoMandateDataAttributeException();
+					}
+					IdentificationType id = null;
+					id = physicalPerson.getIdentification().get(0);
+					if(id == null) {
+						Logger.info("Failed to generate IdentificationType");
+						throw new NoMandateDataAttributeException();
+					}
+					
+					return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
+							MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType());
+				}
+				
+		} else
+			Logger.info(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
index d8804d395..3cd9ef3e2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -31,8 +31,10 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder {
@@ -43,42 +45,47 @@ public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if(authData.isUseMandate()) {						
-			String profRepName = authData.getGenericData(MANDATE_PROF_REP_DESC_NAME, String.class);
-			
-			if (MiscUtil.isEmpty(profRepName)) {			
-				IMISMandate misMandate = authData.getMISMandate();
-				
-				if(misMandate == null) {
-					throw new NoMandateDataAttributeException();
-				}
-			
-				profRepName = misMandate.getTextualDescriptionOfOID();
+		if (authData instanceof IMOAAuthData) {
+			if(((IMOAAuthData)authData).isUseMandate()) {						
+				String profRepName = authData.getGenericData(MANDATE_PROF_REP_DESC_NAME, String.class);
 				
-				//only read textual prof. rep. OID describtion from mandate annotation
-				// if also OID exists
-				if (MiscUtil.isEmpty(profRepName) 
-						&& MiscUtil.isNotEmpty(misMandate.getProfRep())) {			
-					Element mandate = authData.getMandate();
-					if (mandate == null) {
+				if (MiscUtil.isEmpty(profRepName)) {			
+					IMISMandate misMandate = ((IMOAAuthData)authData).getMISMandate();
+					
+					if(misMandate == null) {
 						throw new NoMandateDataAttributeException();
 					}
 				
-					Mandate mandateObject = MandateBuilder.buildMandate(authData.getMandate());
-					if (mandateObject == null) {
-						throw new NoMandateDataAttributeException();
-					}
-	
-					profRepName = mandateObject.getAnnotation();
+					profRepName = misMandate.getTextualDescriptionOfOID();
+					
+					//only read textual prof. rep. OID describtion from mandate annotation
+					// if also OID exists
+					if (MiscUtil.isEmpty(profRepName) 
+							&& MiscUtil.isNotEmpty(misMandate.getProfRep())) {			
+						Element mandate = ((IMOAAuthData)authData).getMandate();
+						if (mandate == null) {
+							throw new NoMandateDataAttributeException();
+						}
 					
+						Mandate mandateObject = MandateBuilder.buildMandate(((IMOAAuthData)authData).getMandate());
+						if (mandateObject == null) {
+							throw new NoMandateDataAttributeException();
+						}
+		
+						profRepName = mandateObject.getAnnotation();
+						
+					}
 				}
+				
+				if(MiscUtil.isNotEmpty(profRepName)) 
+					return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, 
+							MANDATE_PROF_REP_DESC_NAME, profRepName);
+											
 			}
 			
-			if(MiscUtil.isNotEmpty(profRepName)) 
-				return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, 
-						MANDATE_PROF_REP_DESC_NAME, profRepName);
-										
-		}
+		} else
+			Logger.info(MANDATE_PROF_REP_DESC_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
index 555f92fe0..6cdf64dc3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
@@ -28,7 +28,9 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
+import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
@@ -39,25 +41,30 @@ public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {			
-			String profRepOID = authData.getGenericData(MANDATE_PROF_REP_OID_NAME, String.class);			
-			
-			if (MiscUtil.isEmpty(profRepOID)) {			
-				IMISMandate mandate = authData.getMISMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {			
+				String profRepOID = authData.getGenericData(MANDATE_PROF_REP_OID_NAME, String.class);			
+				
+				if (MiscUtil.isEmpty(profRepOID)) {			
+					IMISMandate mandate = ((IMOAAuthData)authData).getMISMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
+					}
+							
+					profRepOID = mandate.getProfRep();
+					
 				}
-						
-				profRepOID = mandate.getProfRep();
+							
+				if(MiscUtil.isEmpty(profRepOID)) 
+					return null;				
+				else			
+					return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, profRepOID);
 				
 			}
-						
-			if(MiscUtil.isEmpty(profRepOID)) 
-				return null;				
-			else			
-				return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, profRepOID);
 			
-		}
+		} else
+			Logger.info(MANDATE_PROF_REP_OID_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
index 45cce5852..f609117a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
@@ -27,6 +27,8 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.logging.Logger;
 
 public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder {
 	
@@ -36,11 +38,16 @@ public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuild
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {
+			
+				return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME,
+						((IMOAAuthData)authData).getMandateReferenceValue());
+			}
+			
+		} else
+			Logger.info(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME + " is only available in MOA-ID context");
 		
-			return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME,
-					authData.getMandateReferenceValue());
-		}
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
index 3bc7d5a2d..5471c5a13 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
@@ -30,8 +30,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder {
@@ -42,27 +44,32 @@ public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder {
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {						
-			//get PVP attribute directly, if exists 
-			String mandateType = authData.getGenericData(MANDATE_TYPE_NAME, String.class);
-			
-			if (MiscUtil.isEmpty(mandateType)) {
-				Element mandate = authData.getMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {						
+				//get PVP attribute directly, if exists 
+				String mandateType = authData.getGenericData(MANDATE_TYPE_NAME, String.class);
+				
+				if (MiscUtil.isEmpty(mandateType)) {
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
+						
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if (mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+						
+					}
+					mandateType = mandateObject.getAnnotation();
 					
 				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if (mandateObject == null) {
-					throw new NoMandateDataAttributeException();
 					
-				}
-				mandateType = mandateObject.getAnnotation();
-				
+				return g.buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateType);
 			}
-				
-			return g.buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateType);
-		}
+			
+		} else
+			Logger.info(MANDATE_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
index d5c89fc97..88f5bc2f7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
@@ -27,6 +27,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -38,18 +39,23 @@ public class MandateTypeOIDAttributeBuilder implements IPVPAttributeBuilder {
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {						
-			//get PVP attribute directly, if exists 
-			String mandateType = authData.getGenericData(MANDATE_TYPE_OID_NAME, String.class);
-			
-			if (MiscUtil.isEmpty(mandateType)) {
-				Logger.info("MIS Mandate does not include 'Mandate-Type OID'.");
-				return null;
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {						
+				//get PVP attribute directly, if exists 
+				String mandateType = authData.getGenericData(MANDATE_TYPE_OID_NAME, String.class);
 				
+				if (MiscUtil.isEmpty(mandateType)) {
+					Logger.info("MIS Mandate does not include 'Mandate-Type OID'.");
+					return null;
+					
+				}
+					
+				return g.buildStringAttribute(MANDATE_TYPE_OID_FRIENDLY_NAME, MANDATE_TYPE_OID_NAME, mandateType);
 			}
-				
-			return g.buildStringAttribute(MANDATE_TYPE_OID_FRIENDLY_NAME, MANDATE_TYPE_OID_NAME, mandateType);
-		}
+			
+		} else
+			Logger.info(MANDATE_TYPE_OID_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index cc48873af..c17f1a4dd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -37,36 +37,50 @@ import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.core.AttributeQuery;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;
 
-import at.gv.egiz.eaaf.core.api.IAction;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * @author tlenz
@@ -76,12 +90,15 @@ import at.gv.egovernment.moa.logging.Logger;
 public class AttributQueryAction implements IAction {
 
 	@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
-	@Autowired private AuthenticationDataBuilder authDataBuilder;
+	@Autowired private IAuthenticationDataBuilder authDataBuilder;
 	@Autowired private IDPCredentialProvider pvpCredentials;
 	@Autowired private AuthConfiguration authConfig;
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	@Autowired(required=true) ApplicationContext springContext;
 	
+	@Autowired private AttributQueryBuilder attributQueryBuilder;
+	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+	
 	private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
 			new String[]{PVPConstants.EID_STORK_TOKEN_NAME});	
 	
@@ -109,14 +126,14 @@ public class AttributQueryAction implements IAction {
 			try {
 				//get Single Sign-On information for the Service-Provider
 				// which sends the Attribute-Query request
-				AuthenticationSession moaSession = authenticationSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
+				AuthenticationSession moaSession = authenticationSessionStorage.getInternalSSOSession(pendingReq.getSSOSessionIdentifier());
 				if (moaSession == null) {
-					Logger.warn("No MOASession with ID:" + pendingReq.getInternalSSOSessionIdentifier() + " FOUND.");
-					throw new MOAIDException("auth.02", new Object[]{pendingReq.getInternalSSOSessionIdentifier()});
+					Logger.warn("No MOASession with ID:" + pendingReq.getSSOSessionIdentifier() + " FOUND.");
+					throw new MOAIDException("auth.02", new Object[]{pendingReq.getSSOSessionIdentifier()});
 				}
 												
 				InterfederationSessionStore nextIDPInformation = 
-						authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSessionID());
+						authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSSOSessionID());
 			
 				AttributeQuery attrQuery = 
 						(AttributeQuery)((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest();
@@ -157,9 +174,9 @@ public class AttributQueryAction implements IAction {
 				throw new MOAIDException("pvp2.01", null, e);
 
 			} catch (MOADatabaseException e) {
-				Logger.error("MOASession with SessionID=" + pendingReq.getInternalSSOSessionIdentifier() 
+				Logger.error("MOASession with SessionID=" + pendingReq.getSSOSessionIdentifier() 
 					+ " is not found in Database", e);
-				throw new MOAIDException("init.04", new Object[] { pendingReq.getInternalSSOSessionIdentifier() });
+				throw new MOAIDException("init.04", new Object[] { pendingReq.getSSOSessionIdentifier() });
 				
 			}
 			
@@ -195,7 +212,7 @@ public class AttributQueryAction implements IAction {
 					((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest &&
 					((PVPTargetConfiguration) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) {				
 				
-				authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(session, pendingReq.getOAURL(), pendingReq.requestedModule());
+				authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(session, pendingReq.getSPEntityId(), pendingReq.requestedModule());
 			}
 			
 			//build OnlineApplication dynamic from requested attributes (AttributeQuerry Request) and configuration
@@ -208,15 +225,18 @@ public class AttributQueryAction implements IAction {
 					+ " for authentication information.");
 	
 				//load configuration of next IDP
-				IOAAuthParameters idpLoaded = authConfig.getOnlineApplicationParameter(nextIDPInformation.getIdpurlprefix());
-				if (idpLoaded == null || !(idpLoaded instanceof OAAuthParameter)) {
+				IOAAuthParameters idpLoaded = 
+						authConfig.getServiceProviderConfiguration(
+								nextIDPInformation.getIdpurlprefix(),
+								OAAuthParameterDecorator.class);
+				if (idpLoaded == null || !(idpLoaded instanceof IOAAuthParameters)) {
 					Logger.warn("Configuration for federated IDP:" + nextIDPInformation.getIdpurlprefix() 
 						+ "is not loadable.");
 					throw new MOAIDException("auth.32", new Object[]{nextIDPInformation.getIdpurlprefix()});
 					
 				}
 
-				OAAuthParameter idp = (OAAuthParameter) idpLoaded;
+				IOAAuthParameters idp = idpLoaded;
 				
 				//check if next IDP config allows inbound messages
 				if (!idp.isInboundSSOInterfederationAllowed()) {
@@ -227,7 +247,7 @@ public class AttributQueryAction implements IAction {
 				}
 				
 				//check next IDP service area policy. BusinessService IDPs can only request wbPKs 
-				if (!spConfig.hasBaseIdTransferRestriction() && !idp.isIDPPublicService()) {
+				if (!spConfig.hasBaseIdTransferRestriction() && idp.hasBaseIdTransferRestriction()) {
 					Logger.error("Interfederated IDP " + idp.getPublicURLPrefix() 
 							+ " is a BusinessService-IDP but requests PublicService attributes.");
 					throw new MOAIDException("auth.34", new Object[]{nextIDPInformation.getIdpurlprefix()});
@@ -239,7 +259,7 @@ public class AttributQueryAction implements IAction {
 				 * 'pendingReq.getAuthURL() + "/sp/federated/metadata"' is implemented in federated_authentication module 
 				 *  but used in moa-id-lib. This should be refactored!!!  
 				 */
-				AssertionAttributeExtractor extractor = authDataBuilder.getAuthDataFromAttributeQuery(reqAttributes, 
+				AssertionAttributeExtractor extractor = getAuthDataFromAttributeQuery(reqAttributes, 
 						nextIDPInformation.getUserNameID(), idp, pendingReq.getAuthURL() + "/sp/federated/metadata");
 								
 				//mark attribute request as used
@@ -262,7 +282,7 @@ public class AttributQueryAction implements IAction {
 								
 			} else {													
 				Logger.debug("Build authData for AttributQuery from local MOASession.");							
-				IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq, session, spConfig);
+				IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq);
 				
 				//add default attributes in case of mandates or STORK is in use
 				List<String> attrList = addDefaultAttributes(reqAttributes, authData);
@@ -270,12 +290,19 @@ public class AttributQueryAction implements IAction {
 				//build Set of response attributes
 				List<Attribute> respAttr = PVPAttributeBuilder.buildSetOfResponseAttributes(authData, attrList);
 				
-				return Trible.newInstance(respAttr, authData.getSsoSessionValidTo(), authData.getQAALevel());
+				return Trible.newInstance(respAttr, authData.getSsoSessionValidTo(), authData.getEIDASQAALevel());
 				
 			}
 										
 		} catch (MOAIDException e) {
 			throw e;
+			
+		} catch (EAAFAuthenticationException e) {
+			throw new MOAIDException(e.getErrorId(), e.getParams(), e);
+			
+		} catch (EAAFConfigurationException e) {
+			throw new MOAIDException(e.getErrorId(), e.getParams(), e);
+			
 		}
 	}
 	
@@ -307,7 +334,8 @@ public class AttributQueryAction implements IAction {
 		}
 		
 		//add default mandate attributes if it is a authentication with mandates
-		if (authData.isUseMandate() && !reqAttributeNames.containsAll(DEFAULTMANDATEATTRIBUTES)) {
+		if (authData instanceof IMOAAuthData)
+		if (((IMOAAuthData)authData).isUseMandate() && !reqAttributeNames.containsAll(DEFAULTMANDATEATTRIBUTES)) {
 			for (String el : DEFAULTMANDATEATTRIBUTES) {
 				if (!reqAttributeNames.contains(el))
 					reqAttributeNames.add(el);
@@ -317,4 +345,76 @@ public class AttributQueryAction implements IAction {
 		return reqAttributeNames;
 	}
 	
+	/**
+	 * Get PVP authentication attributes by using a SAML2 AttributeQuery
+	 * 
+	 * @param reqQueryAttr List of PVP attributes which are requested
+	 * @param userNameID SAML2 UserNameID of the user for which attributes are requested
+	 * @param idpConfig Configuration of the IDP, which is requested 
+	 * @return 
+	 * @return PVP attribute DAO, which contains all received information
+	 * @throws MOAIDException
+	 */
+	public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List<Attribute> reqQueryAttr,
+			String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException{
+		String idpEnityID = idpConfig.getPublicURLPrefix();
+		
+		try {		
+			Logger.debug("Starting AttributeQuery process ...");
+			//collect attributes by using BackChannel communication
+			String endpoint = idpConfig.getIDPAttributQueryServiceURL();			
+			if (MiscUtil.isEmpty(endpoint)) {
+				Logger.error("No AttributeQueryURL for interfederationIDP " + idpEnityID);
+				throw new ConfigurationException("config.26", new Object[]{idpEnityID});
+				
+			}
+				
+			//build attributQuery request
+			AttributeQuery query = attributQueryBuilder.buildAttributQueryRequest(spEntityID, userNameID, endpoint, reqQueryAttr);
+			
+			//build SOAP request				
+			List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
+		
+			if (xmlObjects.size() == 0) {
+				Logger.error("Receive emptry AttributeQuery response-body.");
+				throw new AttributQueryException("auth.27", 
+						new Object[]{idpEnityID, "Receive emptry AttributeQuery response-body."});
+			
+			}
+		
+			Response intfResp;
+			if (xmlObjects.get(0) instanceof Response) {
+				intfResp = (Response) xmlObjects.get(0);
+			
+				//validate PVP 2.1 response
+				try {
+					samlVerificationEngine.verifyIDPResponse(intfResp, 
+							TrustEngineFactory.getSignatureKnownKeysTrustEngine(
+									metadataProvider));
+			
+					//create assertion attribute extractor from AttributeQuery response
+					return new AssertionAttributeExtractor(intfResp);
+		
+				} catch (Exception e) {
+					Logger.warn("PVP 2.1 assertion validation FAILED.", e);
+					throw new AssertionValidationExeption("auth.27", 
+							new Object[]{idpEnityID, e.getMessage()}, e);
+				}
+											
+			} else {
+				Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
+				throw new AttributQueryException("auth.27", 
+						new Object[]{idpEnityID, "Receive AttributeQuery response-body include no PVP 2.1 response"});
+			
+			}
+				 										
+		} catch (SOAPException e) {
+			throw new BuildException("builder.06", null, e);
+			
+		} catch (SecurityException e) {
+			throw new BuildException("builder.06", null, e);
+					
+		}
+	}
+	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index a8adc9ca0..43c860488 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -38,10 +38,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;
 
-import at.gv.egiz.eaaf.core.api.IAction;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
@@ -60,7 +60,7 @@ import at.gv.egovernment.moa.logging.Logger;
 
 @Service("PVPAuthenticationRequestAction")
 public class AuthenticationAction implements IAction {
-	@Autowired IDPCredentialProvider pvpCredentials;
+	@Autowired IDPCredentialProvider pvpCredentials; 
 	@Autowired AuthConfiguration authConfig;
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	@Autowired(required=true) ApplicationContext springContext;
@@ -123,7 +123,7 @@ public class AuthenticationAction implements IAction {
 
 			//set protocol type
 			sloInformation.setProtocolType(req.requestedModule());
-			sloInformation.setSpEntityID(req.getOnlineApplicationConfiguration().getPublicURLPrefix());
+			sloInformation.setSpEntityID(req.getServiceProviderConfiguration().getUniqueIdentifier());
 			return sloInformation;
 			
 		} catch (MessageEncodingException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index baaf8b681..76956b5a8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -30,10 +30,10 @@ import org.springframework.stereotype.Service;
 
 import com.google.common.net.MediaType;
 
-import at.gv.egiz.eaaf.core.api.IAction;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -48,7 +48,7 @@ public class MetadataAction implements IAction {
 
 	
 
-	@Autowired private IRevisionLogger revisionsLogger;
+	@Autowired private IRevisionLogger revisionsLogger; 
 	@Autowired private IDPCredentialProvider credentialProvider;
 	@Autowired private PVPMetadataBuilder metadatabuilder;
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 038e384f3..591aaa7cc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -22,6 +22,8 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x;
 
+import java.net.MalformedURLException;
+import java.net.URL;
 import java.util.Arrays;
 import java.util.List;
 
@@ -57,14 +59,15 @@ import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.exceptions.NoPassivAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
@@ -80,7 +83,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
@@ -90,16 +92,14 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
-
+ 
 @Controller
 public class PVP2XProtocol extends AbstractAuthProtocolModulController implements IModulInfo {
 
@@ -107,6 +107,8 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 	@Autowired SAMLVerificationEngineSP samlVerificationEngine;
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	
+	@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
+	
 	public static final String NAME = PVP2XProtocol.class.getName();
 	public static final String PATH = "id_pvp2x";
 
@@ -137,16 +139,17 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 	
 	public PVP2XProtocol() {
 		super();
-	}
+	} 
 		
 	//PVP2.x metadata end-point
 	@RequestMapping(value = "/pvp2/metadata", method = {RequestMethod.POST, RequestMethod.GET})
-	public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
-		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-			Logger.info("PVP2.1 is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-			
-		}
+	public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
+//			Logger.info("PVP2.1 is deaktivated!");
+//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+//			
+//		}
+		
 		//create pendingRequest object
 		PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
 		pendingReq.initialize(req);
@@ -166,12 +169,12 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 	
 	//PVP2.x IDP POST-Binding end-point
 	@RequestMapping(value = "/pvp2/post", method = {RequestMethod.POST})
-	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
-		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-			Logger.info("PVP2.1 is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-			
-		}
+	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
+//			Logger.info("PVP2.1 is deaktivated!");
+//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+//			
+//		}
 		
 		PVPTargetConfiguration pendingReq = null;
 		
@@ -206,7 +209,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if (pendingReq != null)
 				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
 			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
 			
 		} catch (SecurityException e) {
 			String samlRequest = req.getParameter("SAMLRequest");			
@@ -216,7 +219,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if (pendingReq != null)
 				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
 			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
 		
 		} catch (MOAIDException e) {
 			
@@ -240,10 +243,10 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 	
 	//PVP2.x IDP Redirect-Binding end-point
 	@RequestMapping(value = "/pvp2/redirect", method = {RequestMethod.GET})
-	public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
+	public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
 		if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) {
 			Logger.info("PVP2.1 is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
 			
 		}
 		PVPTargetConfiguration pendingReq = null;
@@ -278,7 +281,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if (pendingReq != null)
 				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
 			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
 			
 		} catch (SecurityException e) {
 			String samlRequest = req.getParameter("SAMLRequest");			
@@ -288,7 +291,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if (pendingReq != null)
 				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
 			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
 			
 		} catch (MOAIDException e) {
 			String samlRequest = req.getParameter("SAMLRequest");			
@@ -315,12 +318,12 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 	
 	//PVP2.x IDP SOAP-Binding end-point
 	@RequestMapping(value = "/pvp2/soap", method = {RequestMethod.POST})
-	public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
-		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-			Logger.info("PVP2.1 is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-			
-		}
+	public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
+//			Logger.info("PVP2.1 is deaktivated!");
+//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+//			
+//		}
 				
 		PVPTargetConfiguration pendingReq = null;
 		try {
@@ -354,7 +357,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if (pendingReq != null)
 				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
 			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
 			
 		} catch (SecurityException e) {
 			String samlRequest = req.getParameter("SAMLRequest");			
@@ -364,7 +367,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if (pendingReq != null)
 				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
 			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
 		
 		} catch (MOAIDException e) {			
 			//write revision log entries
@@ -393,7 +396,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			InboundMessage msg = pendingReq.getRequest();
 		
 			if (MiscUtil.isEmpty(msg.getEntityID())) {
-				throw new InvalidProtocolRequestException("pvp2.20", new Object[] {});
+				throw new InvalidProtocolRequestException("pvp2.20", new Object[] {}, "EntityId is null or empty");
 				
 			}
 			
@@ -425,8 +428,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 				throw new MOAIDException("Unsupported PVP21 message", new Object[] {});
 			}
 			
-			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-					pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH);
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH);
 			
 			//switch to session authentication
 			performAuthentication(request, response, pendingReq);								
@@ -451,7 +453,6 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
 		StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
 		
-		ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
 		String moaError = null;
 		
 		if(e instanceof NoPassivAuthenticationException) {
@@ -473,12 +474,12 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if(statusMessageValue != null) {
 				statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue));
 			}						
-			moaError = errorUtils.mapInternalErrorToExternalError(ex.getMessageId());
+			moaError = statusMessager.mapInternalErrorToExternalError(ex.getMessageId());
 			
 		} else {
 			statusCode.setValue(StatusCode.RESPONDER_URI);
 			statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
-			moaError = errorUtils.getResponseErrorCode(e);
+			moaError = statusMessager.getResponseErrorCode(e);
 		}
 		
 		
@@ -544,10 +545,11 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 	 * @param response
 	 * @param msg
 	 * @return
+	 * @throws EAAFException 
 	 * @throws MOAIDException 
 	 */
 	private void preProcessLogOut(HttpServletRequest request,
-			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws MOAIDException {
+			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws EAAFException {
 
 		InboundMessage inMsg = pendingReq.getRequest();		
 		MOARequest msg;
@@ -564,11 +566,11 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 
 			String oaURL = metadata.getEntityID();
 			oaURL = StringEscapeUtils.escapeHtml(oaURL);
-			IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL);
+			ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
 			
 			Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
 						
-			pendingReq.setOAURL(oaURL);
+			pendingReq.setSPEntityId(oaURL);
 			pendingReq.setOnlineApplicationConfiguration(oa);
 			pendingReq.setBinding(msg.getRequestBinding());
 			
@@ -584,17 +586,25 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			
 			Logger.debug("PreProcess SLO Response from " + resp.getIssuer());
 			
-			List<String> allowedPublicURLPrefix = 
-					AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
-			boolean isAllowedDestination = false;
+//			List<String> allowedPublicURLPrefix = authConfig.getIDPPublicURLPrefixes();
+//					AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
 			
-			for (String prefix : allowedPublicURLPrefix) {
-				if (resp.getDestination().startsWith(
-					prefix)) {
-					isAllowedDestination = true;
-					break;
-				}
+			boolean isAllowedDestination = false;			
+			try {
+				isAllowedDestination = MiscUtil.isNotEmpty(authConfig.validateIDPURL(new URL(resp.getDestination())));
+				
+			} catch (MalformedURLException e) {
+				Logger.info(resp.getDestination() + " is NOT valid. Reason: " + e.getMessage());
+				
 			}
+			
+//			for (String prefix : allowedPublicURLPrefix) {
+//				if (resp.getDestination().startsWith(
+//					prefix)) {
+//					isAllowedDestination = true;
+//					break;
+//				}
+//			}
 						
 			if (!isAllowedDestination) {
 				Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL");
@@ -607,7 +617,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 						
 						
 		} else 
-			throw new MOAIDException("Unsupported request", new Object[] {});
+			throw new EAAFException("Unsupported request");
 		
 		
 		pendingReq.setRequest(inMsg);
@@ -641,13 +651,8 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			
 		}
 
-		//check if Issuer is an interfederation IDP
-		// check parameter
-		if (!ParamValidatorUtils.isValidOA(moaRequest.getEntityID()))
-			throw new WrongParametersException("StartAuthentication",
-					PARAM_OA, "auth.12");
-		
-		IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(moaRequest.getEntityID());
+		//check if Issuer is an interfederation IDP		
+		IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(moaRequest.getEntityID(), IOAAuthParameters.class);
 		if (!oa.isInderfederationIDP()) {
 			Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs.");
 			throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null);
@@ -671,7 +676,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		
 		//set preProcessed information into pending-request
 		pendingReq.setRequest(moaRequest);
-		pendingReq.setOAURL(moaRequest.getEntityID());
+		pendingReq.setSPEntityId(moaRequest.getEntityID());
 		pendingReq.setOnlineApplicationConfiguration(oa);
 		pendingReq.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
 		
@@ -682,7 +687,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		pendingReq.setAction(AttributQueryAction.class.getName());
 
 		//add moasession
-		pendingReq.setInternalSSOSessionIdentifier(session.getSessionID());
+		pendingReq.setSSOSessionIdentifier(session.getSSOSessionID());
 				
 		//write revisionslog entry
 		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
@@ -717,13 +722,15 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		
 		if (authnRequest.getIssueInstant() == null) {
 			Logger.warn("Unsupported request: No IssueInstant Attribute found.");
-			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {});
+			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {}, 
+					"Unsupported request: No IssueInstant Attribute found", pendingReq);
 			
 		}
 		
 		if (authnRequest.getIssueInstant().minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) {
 			Logger.warn("Unsupported request: No IssueInstant DateTime is not valid anymore.");
-			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {});
+			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {},
+					"Unsupported request: No IssueInstant DateTime is not valid anymore.", pendingReq);
 			
 		}
 			
@@ -790,22 +797,22 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq;
 		AuthnRequestValidator.validate(authReq);
 		
-		String useMandate = request.getParameter(PARAM_USEMANDATE);
-		if(useMandate != null) {
-			if(useMandate.equals("true") && attributeConsumer != null) {
-				if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
-					throw new MandateAttributesNotHandleAbleException();
-				}
-			}
-		}
+//		String useMandate = request.getParameter(PARAM_USEMANDATE);
+//		if(useMandate != null) {
+//			if(useMandate.equals("true") && attributeConsumer != null) {
+//				if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
+//					throw new MandateAttributesNotHandleAbleException();
+//				}
+//			}
+//		}
 						
 		String oaURL = moaRequest.getEntityMetadata(metadataProvider).getEntityID();
 		oaURL = StringEscapeUtils.escapeHtml(oaURL);
-		IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL);
+		ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
 		
 		Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());		
 
-		pendingReq.setOAURL(oaURL);
+		pendingReq.setSPEntityId(oaURL);
 		pendingReq.setOnlineApplicationConfiguration(oa);
 		pendingReq.setBinding(consumerService.getBinding());
 		pendingReq.setRequest(moaRequest);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
index 46e5b83f6..67cbafe90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
@@ -29,7 +29,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion;
 
 @Service("PVPAssertionStorage")
@@ -47,11 +47,11 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
 				relyingPartyId,
 				issuerId,
 				samlMessage);
-		
-		try {
+		 
+		try { 
 			transactionStorage.put(artifact, assertion, -1);
 			
-		} catch (MOADatabaseException e) {
+		} catch (EAAFException e) {
 			// TODO Insert Error Handling, if Assertion could not be stored
 			throw new MarshallingException("Assertion are not stored in Database.",e);
 		}
@@ -61,7 +61,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
 		try {
 			return transactionStorage.get(artifact, SAMLArtifactMapEntry.class);
 			
-		} catch (MOADatabaseException e) {
+		} catch (EAAFException e) {
 			// TODO Insert Error Handling, if Assertion could not be read
 			e.printStackTrace();
 			return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index 060a5fcc2..95a2d8715 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -22,31 +22,24 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x;
 
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import javax.servlet.http.HttpServletRequest;
 
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.impl.AuthnRequestImpl;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.logging.Logger;
 
 @Component("PVPTargetConfiguration")
 @Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
 public class PVPTargetConfiguration extends RequestImpl {
 
+	@Autowired(required=true) IConfiguration authConfig;
+	
 	public static final String DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP = "useMinimalFrontChannelResponse";
 	public static final String DATAID_INTERFEDERATION_NAMEID = "federatedNameID";
 	public static final String DATAID_INTERFEDERATION_QAALEVEL = "federatedQAALevel";	
@@ -55,10 +48,17 @@ public class PVPTargetConfiguration extends RequestImpl {
 	
 	private static final long serialVersionUID = 4889919265919638188L;
 	
+	
+	
 	InboundMessage request;
 	String binding;
 	String consumerURL;
 	
+	public void initialize(HttpServletRequest req) throws EAAFException {
+		super.initialize(req, authConfig);
+		
+	}
+	
 	public InboundMessage getRequest() {
 		return request;
 	}
@@ -84,61 +84,61 @@ public class PVPTargetConfiguration extends RequestImpl {
 		
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
-	 */
-	@Override
-	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-
-		Map<String, String> reqAttr = new HashMap<String, String>();
-		for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
-			reqAttr.put(el, "");
-						
-		try {			
-			SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-			if (spSSODescriptor.getAttributeConsumingServices() != null && 
-					spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-							
-				Integer aIdx = null;
-				if (getRequest() instanceof MOARequest && 
-						((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) {					
-					AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest();					
-					aIdx = authnRequest.getAttributeConsumingServiceIndex();
-					
-				} else {
-					Logger.error("MOARequest is NOT of type AuthnRequest");
-				}
-				
-				int idx = 0;
-
-				AttributeConsumingService attributeConsumingService = null;
-				
-				if (aIdx != null) {
-					idx = aIdx.intValue();
-					attributeConsumingService = spSSODescriptor
-							.getAttributeConsumingServices().get(idx);
-					
-				} else {
-					List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
-					for (AttributeConsumingService el : attrConsumingServiceList) {
-						if (el.isDefault())
-							attributeConsumingService = el;
-					}				
-				}
-				
-				for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes())
-					reqAttr.put(attr.getName(), "");
-			}
-			
-			//return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
-			return reqAttr.keySet();
-			
-		} catch (NoMetadataInformationException e) {
-			Logger.warn("NO metadata found for Entity " + getRequest().getEntityID());
-			return null;
-					
-		}
-		
-	}
+//	/* (non-Javadoc)
+//	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+//	 */
+//	@Override
+//	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
+//
+//		Map<String, String> reqAttr = new HashMap<String, String>();
+//		for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
+//			reqAttr.put(el, "");
+//						
+//		try {			
+//			SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+//			if (spSSODescriptor.getAttributeConsumingServices() != null && 
+//					spSSODescriptor.getAttributeConsumingServices().size() > 0) {
+//							
+//				Integer aIdx = null;
+//				if (getRequest() instanceof MOARequest && 
+//						((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) {					
+//					AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest();					
+//					aIdx = authnRequest.getAttributeConsumingServiceIndex();
+//					
+//				} else {
+//					Logger.error("MOARequest is NOT of type AuthnRequest");
+//				}
+//				
+//				int idx = 0;
+//
+//				AttributeConsumingService attributeConsumingService = null;
+//				
+//				if (aIdx != null) {
+//					idx = aIdx.intValue();
+//					attributeConsumingService = spSSODescriptor
+//							.getAttributeConsumingServices().get(idx);
+//					
+//				} else {
+//					List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
+//					for (AttributeConsumingService el : attrConsumingServiceList) {
+//						if (el.isDefault())
+//							attributeConsumingService = el;
+//					}				
+//				}
+//				
+//				for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes())
+//					reqAttr.put(attr.getName(), "");
+//			}
+//			
+//			//return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
+//			return reqAttr.keySet();
+//			
+//		} catch (NoMetadataInformationException e) {
+//			Logger.warn("NO metadata found for Entity " + getRequest().getEntityID());
+//			return null;
+//					
+//		}
+//		
+//	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index 2d8d0f66f..6b945d692 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -35,20 +35,20 @@ import org.opensaml.saml2.metadata.SingleLogoutService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egiz.eaaf.core.api.IAction;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.ISLOInformationContainer;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
-import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -71,7 +71,7 @@ import at.gv.egovernment.moa.util.URLEncoder;
 public class SingleLogOutAction implements IAction {
 
 	@Autowired private SSOManager ssomanager;
-	@Autowired private AuthenticationManager authManager;
+	@Autowired private IAuthenticationManager authManager;
 	@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
 	@Autowired private ITransactionStorage transactionStorage;
 	@Autowired private SingleLogOutBuilder sloBuilder;
@@ -84,7 +84,7 @@ public class SingleLogOutAction implements IAction {
 	@Override
 	public SLOInformationInterface processRequest(IRequest req,
 			HttpServletRequest httpReq, HttpServletResponse httpResp,
-			IAuthData authData) throws MOAIDException {
+			IAuthData authData) throws EAAFException {
 
 		PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req;  
 
@@ -94,12 +94,12 @@ public class SingleLogOutAction implements IAction {
 			MOARequest samlReq = (MOARequest) pvpReq.getRequest();
 			LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
 
-			IAuthenticationSession session = 
-					authenticationSessionStorage.searchMOASessionWithNameIDandOAID(
+			String ssoSessionId = 
+					authenticationSessionStorage.searchSSOSessionWithNameIDandOAID(
 							logOutReq.getIssuer().getValue(), 
 							logOutReq.getNameID().getValue());
 
-			if (session == null) {
+			if (MiscUtil.isEmpty(ssoSessionId)) {
 				Logger.warn("Can not find active SSO session with nameID " 
 						+ logOutReq.getNameID().getValue() + " and OA " 
 						+ logOutReq.getIssuer().getValue());
@@ -116,10 +116,10 @@ public class SingleLogOutAction implements IAction {
 
 				} else {						
 					try {
-						session = ssomanager.getInternalMOASession(ssoID);
+						ssoSessionId = authenticationSessionStorage.getInternalSSOSessionWithSSOID(ssoID);
 
-						if (session == null)
-							throw new MOADatabaseException();
+						if (MiscUtil.isEmpty(ssoSessionId))
+							throw new MOADatabaseException("");
 						
 					} catch (MOADatabaseException e) {
 						Logger.info("Can not find active Session. Single LogOut not possible!");
@@ -134,8 +134,13 @@ public class SingleLogOutAction implements IAction {
 				}					
 			}
 
-			authManager.performSingleLogOut(httpReq, httpResp, session, pvpReq);
-
+			pvpReq.setSSOSessionIdentifier(ssoSessionId);
+			ISLOInformationContainer sloInformationContainer 
+				= authManager.performSingleLogOut(httpReq, httpResp, pvpReq, ssoSessionId);
+			
+			Logger.debug("Starting technical SLO process ... ");
+			sloBuilder.toTechnicalLogout(sloInformationContainer, httpReq, httpResp, null);
+													
 		} else if (pvpReq.getRequest() instanceof MOAResponse &&
 				((MOAResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
 			Logger.debug("Process Single LogOut response");
@@ -178,7 +183,7 @@ public class SingleLogOutAction implements IAction {
 						//						AssertionStore element = (AssertionStore) result.get(0);					
 						//						Object data = SerializationUtils.deserialize(element.getAssertion());
 						Logger.debug("Current Thread getAssertionStore: "+Thread.currentThread().getId());
-						Object o = transactionStorage.getAssertionStore(relayState);
+						Object o = transactionStorage.getRaw(relayState);
 						if(o==null){
 							Logger.trace("No entries found.");
 							throw new MOADatabaseException("No sessioninformation found with this ID");
@@ -202,12 +207,12 @@ public class SingleLogOutAction implements IAction {
 									//									session.saveOrUpdate(element);							
 									//									tx.commit();
 									Logger.debug("Current Thread putAssertionStore: "+Thread.currentThread().getId());
-									transactionStorage.putAssertionStore(element);
+									transactionStorage.putRaw(element.getArtifact(), element);
 
 									//sloContainer could be stored to database
 									storageSuccess = true;
 
-								} catch(MOADatabaseException e) {
+								} catch(EAAFException e) {
 									//tx.rollback();
 
 									counter++;									
@@ -230,11 +235,12 @@ public class SingleLogOutAction implements IAction {
 
 								storageSuccess = true;
 								String redirectURL = null;
-								if (sloContainer.getSloRequest() != null) {
-									//send SLO response to SLO request issuer
-									SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(sloContainer.getSloRequest());
-									LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
-									redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, sloContainer.getSloRequest().getRequest().getRelayState());
+								IRequest sloReq = sloContainer.getSloRequest();
+								if (sloReq != null && sloReq instanceof PVPTargetConfiguration) {
+									//send SLO response to SLO request issuer									
+									SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPTargetConfiguration)sloReq);
+									LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPTargetConfiguration)sloReq, sloContainer.getSloFailedOAs());
+									redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, ((PVPTargetConfiguration)sloReq).getRequest().getRelayState());
 
 								} else {
 									//print SLO information directly
@@ -276,7 +282,7 @@ public class SingleLogOutAction implements IAction {
 						}						
 					}
 				}
-			} catch (MOADatabaseException e) {
+			} catch (EAAFException e) {
 				Logger.error("MOA AssertionDatabase ERROR", e);
 				throw new SLOException("pvp2.19", null);
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
index c662a0af5..f3af12a2c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
@@ -49,11 +49,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.Document;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
index 6beaee92b..07da57d2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -32,15 +32,15 @@ import java.util.ServiceLoader;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
@@ -97,13 +97,13 @@ public class PVPAttributeBuilder {
 		
 	}
 	
-	public static Attribute buildAttribute(String name, IOAAuthParameters oaParam,
-			IAuthData authData) throws PVP2Exception, AttributeException {
+	public static Attribute buildAttribute(String name, ISPConfiguration  oaParam,
+			IAuthData authData) throws PVP2Exception, AttributeBuilderException {
 		if (builders.containsKey(name)) {
 			try {
 				return builders.get(name).build(oaParam, authData, generator);
 			}
-			catch (AttributeException e) {
+			catch (AttributeBuilderException e) {
 				if (e instanceof UnavailableAttributeException) {
 					throw e;
 				} else if (e instanceof InvalidDateFormatAttributeException) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
index be8c2abdf..a55e873b5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
@@ -95,7 +95,7 @@ public class PVPAuthnRequestBuilder {
 			
 			// use POST binding as default if it exists 
 			if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { 
-				endpoint = sss;
+				endpoint = sss; 
 				
 			} else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) 
 					&& endpoint == null )
@@ -215,7 +215,7 @@ public class PVPAuthnRequestBuilder {
 		
 		//encode message
 		binding.encodeRequest(null, httpResp, authReq, 
-				endpoint.getLocation(), pendingReq.getRequestID(), config.getAuthnRequestSigningCredential(), pendingReq);
+				endpoint.getLocation(), pendingReq.getPendingRequestId(), config.getAuthnRequestSigningCredential(), pendingReq);
 	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index d11d57ab8..a1d7f5d3a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -23,8 +23,12 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
 
 import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
 import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.Map.Entry;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -52,6 +56,8 @@ import org.opensaml.saml2.metadata.SingleLogoutService;
 import org.opensaml.saml2.metadata.impl.SingleLogoutServiceBuilder;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.io.Marshaller;
 import org.opensaml.xml.security.SecurityException;
 import org.opensaml.xml.security.x509.X509Credential;
@@ -63,12 +69,23 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.Document;
 
-import at.gv.egiz.eaaf.core.api.data.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
@@ -85,8 +102,12 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformation
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * @author tlenz
@@ -98,6 +119,181 @@ public class SingleLogOutBuilder {
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	@Autowired(required=true) ApplicationContext springContext;
 	@Autowired private IDPCredentialProvider credentialProvider;
+	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+	@Autowired private IGUIFormBuilder guiBuilder;
+	@Autowired(required=true) protected IRevisionLogger revisionsLogger;
+	@Autowired private ITransactionStorage transactionStorage;
+
+	public static final int SLOTIMEOUT = 30 * 1000; //30 sec
+	
+	public void toTechnicalLogout(ISLOInformationContainer sloContainer, 
+			HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws MOAIDException {		
+		Logger.trace("Starting Service-Provider logout process ... ");		
+		revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_STARTED);		
+		
+		//start service provider back channel logout process		
+		Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA();	
+		while (nextOAInterator.hasNext()) {
+			SLOInformationInterface sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next());
+			LogoutRequest sloReq = buildSLORequestMessage(sloDescr);
+
+			try {
+				Logger.trace("Send backchannel SLO Request to " + sloDescr.getSpEntityID());
+				List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq);
+				
+				LogoutResponse sloResp = null;						
+				for (XMLObject el : soapResp) {
+					if (el instanceof LogoutResponse)
+						sloResp = (LogoutResponse) el;							
+				}
+				
+				if (sloResp == null) {
+					Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+							+ " FAILED. NO LogOut response received.");
+					sloContainer.putFailedOA(sloDescr.getSpEntityID());
+					
+				} else {
+					samlVerificationEngine.verifySLOResponse(sloResp, 
+							TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+					
+				}
+								
+				checkStatusCode(sloContainer, sloResp);
+										
+			} catch (SOAPException e) {
+				Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+						+ " FAILED.", e);
+				sloContainer.putFailedOA(sloDescr.getSpEntityID());
+				
+			} catch (SecurityException | InvalidProtocolRequestException e) {
+				Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+						+ " FAILED.", e);
+				sloContainer.putFailedOA(sloDescr.getSpEntityID());
+				
+			}					
+		}
+						
+		IRequest pendingReq = null;		
+		PVPTargetConfiguration pvpReq = null;
+		//start service provider front channel logout process
+		try {
+			if (sloContainer.hasFrontChannelOA()) {
+				String relayState = Random.nextRandom();
+				
+				Collection<Entry<String, SLOInformationInterface>> sloDescr = sloContainer.getFrontChannelOASessionDescriptions();
+				List<String> sloReqList = new ArrayList<String>();
+				for (Entry<String, SLOInformationInterface> el : sloDescr) {
+					Logger.trace("Build frontChannel SLO Request for " + el.getValue().getSpEntityID());
+					
+					LogoutRequest sloReq = buildSLORequestMessage(el.getValue());
+					try {
+						sloReqList.add(getFrontChannelSLOMessageURL(el.getValue().getServiceURL(), el.getValue().getBinding(), 
+								sloReq, httpReq, httpResp, relayState));
+						
+					} catch (Exception e) {
+						Logger.warn("Failed to build SLO request for OA:" + el.getKey());
+						sloContainer.putFailedOA(el.getKey());
+						
+					}														
+				}
+				
+				//put SLO process-information into transaction storage
+				transactionStorage.put(relayState, sloContainer, -1);
+				
+				if (MiscUtil.isEmpty(authUrl))
+					authUrl = sloContainer.getSloRequest().getAuthURL();
+				
+				String timeOutURL = authUrl
+						+ "/idpSingleLogout"
+						+ "?restart=" + relayState;
+				
+				DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+						authUrl, 
+						DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
+						null);
+				
+				config.putCustomParameterWithOutEscaption("redirectURLs", sloReqList);
+				config.putCustomParameterWithOutEscaption("timeoutURL", timeOutURL);
+				config.putCustomParameter("timeout", String.valueOf(SLOTIMEOUT));
+		        
+		        guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+		        
+								
+			} else {
+				pendingReq = sloContainer.getSloRequest();
+				if (pendingReq != null && pendingReq instanceof PVPTargetConfiguration) {
+					//send SLO response to SLO request issuer
+					pvpReq = (PVPTargetConfiguration)pendingReq;
+					SingleLogoutService sloService = getResponseSLODescriptor(pvpReq);
+					LogoutResponse message = buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
+					sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq);
+					
+				} else {
+					//print SLO information directly
+					DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+							authUrl, 
+							DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
+							null);
+					
+			        if (sloContainer.getSloFailedOAs() == null || 
+			        		sloContainer.getSloFailedOAs().size() == 0) {
+			        	revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
+			        	config.putCustomParameter("successMsg", 
+			        			MOAIDMessageProvider.getInstance().getMessage("slo.00", null));
+			        	
+			        } else {
+			        	revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
+			        	config.putCustomParameterWithOutEscaption("errorMsg", 
+			        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
+			        	
+			        }
+			        guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+										
+				}
+									
+			}	
+		
+		} catch (GUIBuildException e) {
+			Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
+			throw  new MOAIDException("builder.09", new Object[]{e.getMessage()}, e);
+			
+		} catch (MOADatabaseException e) {
+			Logger.error("MOA AssertionDatabase ERROR", e);
+			if (pvpReq != null) {
+				SingleLogoutService sloService = getResponseSLODescriptor(pvpReq);
+				LogoutResponse message = buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
+				sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq);
+
+				revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
+				
+			}else {
+				//print SLO information directly
+				DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+						authUrl, 
+						DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
+						null);
+				
+				revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
+				config.putCustomParameterWithOutEscaption("errorMsg", 
+	        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
+	        	
+	        	try {
+					guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+					
+				} catch (GUIBuildException e1) {
+					Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
+					throw  new MOAIDException("builder.09", new Object[]{e.getMessage()}, e);
+					
+				}
+									
+			}
+			
+		} catch (Exception e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}	
+	}
+
 	
 		
 	public void checkStatusCode(ISLOInformationContainer sloContainer, LogoutResponse logOutResp) {
@@ -221,7 +417,7 @@ public class SingleLogOutBuilder {
 	}
 	
 	
-	public LogoutRequest buildSLORequestMessage(SLOInformationImpl sloInfo) throws ConfigurationException, MOAIDException {
+	public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws ConfigurationException, MOAIDException {
 		LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class);
 		
 		SecureRandomIdentifierGenerator gen;
@@ -237,17 +433,17 @@ public class SingleLogOutBuilder {
 
 		DateTime now = new DateTime();
 		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-		issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloInfo.getAuthURL()));
+		issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloDescr.getAuthURL()));
 		issuer.setFormat(NameID.ENTITY);
 		sloReq.setIssuer(issuer);		
 		sloReq.setIssueInstant(now);
 		sloReq.setNotOnOrAfter(now.plusMinutes(5));
 		
-		sloReq.setDestination(sloInfo.getServiceURL());
+		sloReq.setDestination(sloDescr.getServiceURL());
 		
 		NameID nameID = SAML2Utils.createSAMLObject(NameID.class);
-		nameID.setFormat(sloInfo.getUserNameIDFormat());
-		nameID.setValue(sloInfo.getUserNameIdentifier());
+		nameID.setFormat(sloDescr.getUserNameIDFormat());
+		nameID.setValue(sloDescr.getUserNameIdentifier());
 		sloReq.setNameID(nameID );
 
 		//sign message
@@ -435,9 +631,9 @@ public class SingleLogOutBuilder {
 	public void parseActiveOAs(SLOInformationContainer container, 
 			List<OASessionStore> dbOAs, String removeOAID) {		
 		if (container.getActiveBackChannelOAs() == null)
-			container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationImpl>());			
+			container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationInterface>());			
 		if (container.getActiveFrontChannalOAs() == null)
-			container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationImpl>());
+			container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationInterface>());
 			
 		
 		if (dbOAs != null) {
@@ -491,9 +687,9 @@ public class SingleLogOutBuilder {
 	public void parseActiveIDPs(SLOInformationContainer container,
 			List<InterfederationSessionStore> dbIDPs, String removeIDP) {		
 		if (container.getActiveBackChannelOAs() == null)
-			container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationImpl>());			
+			container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationInterface>());			
 		if (container.getActiveFrontChannalOAs() == null)
-			container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationImpl>());
+			container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationInterface>());
 		
 		if (dbIDPs != null) {
 			for (InterfederationSessionStore el : dbIDPs) {				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 40c85945f..056e2bba0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -59,23 +59,26 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
 import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.id.util.QAALevelVerifier;
 import at.gv.egovernment.moa.logging.Logger;
@@ -91,7 +94,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
 	 * @param issuerEntityID EnitiyID, which should be used for this IDP response 
 	 * @param attrQuery AttributeQuery request from Service-Provider
 	 * @param attrList List of PVP response attributes
-	 * @param now Current time
+	 * @param now Current time 
 	 * @param validTo ValidTo time of the assertion
 	 * @param qaaLevel QAA level of the authentication
 	 * @param sessionIndex SAML2 SessionIndex, which should be included	 * 
@@ -141,48 +144,51 @@ public class PVP2AssertionBuilder implements PVPConstants {
 		AuthnContextClassRef authnContextClassRef = SAML2Utils
 				.createSAMLObject(AuthnContextClassRef.class);
 		
-		IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+		ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
 		
 		if (reqAuthnContext == null) {
-			 authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+			 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
 			
 		} else {
 
-			boolean stork_qaa_1_4_found = false;
+			boolean eIDAS_qaa_found = false;
 	
 			List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
 					.getAuthnContextClassRefs();
 		
-			if (reqAuthnContextClassRefIt.size() == 0) {
-			 
-				QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), 
-						STORK_QAA_1_4);
+			if (reqAuthnContextClassRefIt.size() == 0) {			 
+				QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), EAAFConstants.EIDAS_QAA_HIGH);
 			
-				stork_qaa_1_4_found = true;
-				authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
+				eIDAS_qaa_found = true;
+				authnContextClassRef.setAuthnContextClassRef(EAAFConstants.EIDAS_QAA_HIGH);
 			 
 			} else {
 				for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
 					String qaa_uri = authnClassRef.getAuthnContextClassRef();
-					if (qaa_uri.trim().equals(STORK_QAA_1_4)
-							|| qaa_uri.trim().equals(STORK_QAA_1_3)
-							|| qaa_uri.trim().equals(STORK_QAA_1_2)
-							|| qaa_uri.trim().equals(STORK_QAA_1_1)) {
+					
+					if (qaa_uri.trim().startsWith(STORK_QAA_PREFIX)) {
+						Logger.debug("Find STORK QAA leven in AuthnRequest. Starting mapping to eIDAS level ... ");
+						qaa_uri = LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(qaa_uri.trim());
+						
+					}
+					
+					if (qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_HIGH)
+							|| qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_SUBSTANTIAL)
+							|| qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_LOW)) {
 					
 						 if (authData.isForeigner()) {
-							 QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), 
-									 STORK_QAA_PREFIX + oaParam.getQaaLevel());
+							 QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), oaParam.getMinimumLevelOfAssurence());
 							 
-							 stork_qaa_1_4_found = true;
-							 authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+							 eIDAS_qaa_found = true;
+							 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
 							 
 						 } else {
 							 
-							 QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), 
+							 QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), 
 									 qaa_uri.trim());
 							 
-							 stork_qaa_1_4_found = true;
-							 authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+							 eIDAS_qaa_found = true;
+							 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
 							 							 
 						 }
 						 break;
@@ -190,9 +196,9 @@ public class PVP2AssertionBuilder implements PVPConstants {
 				 }
 			 }
 	
-			if (!stork_qaa_1_4_found) {
-				throw new QAANotSupportedException(STORK_QAA_1_4);
-			}
+			if (!eIDAS_qaa_found)
+				throw new QAANotSupportedException(EAAFConstants.EIDAS_QAA_HIGH);
+				
 		}
 		
 
@@ -289,11 +295,12 @@ public class PVP2AssertionBuilder implements PVPConstants {
 		
 		//build nameID and nameID Format from moasession
 		//TODO: nameID generation
-		if (authData.isUseMandate()) {
+		if (authData instanceof IMOAAuthData && 
+				((IMOAAuthData)authData).isUseMandate()) {
 			String bpktype = null;
 			String bpk = null;
 			
-			Element mandate = authData.getMandate();
+			Element mandate = ((IMOAAuthData)authData).getMandate();
 			if(mandate != null) {
 				Logger.debug("Read mandator bPK|baseID from full-mandate ... ");
 				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
index e462b277e..6ccacd6c8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
@@ -31,7 +31,7 @@ import org.opensaml.xml.schema.XSString;
 import org.opensaml.xml.schema.impl.XSIntegerBuilder;
 import org.opensaml.xml.schema.impl.XSStringBuilder;
 
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 
 public class SamlAttributeGenerator implements IAttributeGenerator<Attribute> {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 64f5c7d73..81eca3765 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -44,7 +44,8 @@ import org.opensaml.saml2.metadata.OrganizationURL;
 import org.opensaml.saml2.metadata.SurName;
 import org.opensaml.saml2.metadata.TelephoneNumber;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -157,7 +158,7 @@ public class PVPConfiguration {
 				
 		try {
 			Logger.trace("Load metadata signing certificate for online application " + entityID);
-			IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID);		
+			ISPConfiguration  oaParam = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);		
 			if (oaParam == null) {
 				Logger.info("Online Application with ID " + entityID + " not found!");
 				return null;
@@ -186,6 +187,11 @@ public class PVPConfiguration {
 		} catch (IOException e) {
 			Logger.warn("Metadata signer certificate is not decodeable.", e);
 			return null;
+			
+		} catch (EAAFConfigurationException e) {
+			Logger.error("Configuration is not accessable.", e);
+			return null;
+			
 		}
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
index b1e7df014..c82e6bdf1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
@@ -29,7 +29,7 @@ import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
 public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException {
 
 	public NameIDFormatNotSupportedException(String nameIDFormat) {
-		super("pvp2.12", new Object[] {nameIDFormat});
+		super("pvp2.12", new Object[] {nameIDFormat}, "NameID format not supported");
 		statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI;
 
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 86284a2f4..7d43732a6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -49,12 +49,14 @@ import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
 import org.springframework.stereotype.Service;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.auth.IDestroyableObject;
 import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPEntityCategoryFilter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
@@ -72,7 +74,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 	
 //	private static MOAMetadataProvider instance = null;
 	MetadataProvider internalProvider = null;
-	private Timer timer = null;
+	private Timer timer = null; 
 	private static Object mutex = new Object();
 	//private Map<String, Date> lastAccess = null;
 	
@@ -110,7 +112,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 				Logger.trace("Check consistence of PVP2X metadata");	
 				addAndRemoveMetadataProvider();
 					
-			} catch (ConfigurationException e) {
+			} catch (ConfigurationException | EAAFConfigurationException e) {
 				Logger.error("Access to MOA-ID configuration FAILED.", e);
 					
 			}
@@ -156,8 +158,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 			
 			
 			//reload metadata provider 
-			IOAAuthParameters oaParam = 
-					authConfig.getOnlineApplicationParameter(entityID);
+			ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityID);
 			if (oaParam != null) {
 				String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
 				if (MiscUtil.isNotEmpty(metadataURL)) {
@@ -175,7 +176,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 						String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
 						if (MiscUtil.isNotEmpty(certBase64)) {
 						byte[] cert = Base64Utils.decode(certBase64, false);
-						String oaFriendlyName = oaParam.getFriendlyName();
+						String oaFriendlyName = oaParam.getUniqueIdentifier();
 					
 						if (timer == null)
 							timer = new Timer(true);
@@ -222,6 +223,10 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 		} catch (ConfigurationException e) {
 			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
 					+ entityID + " FAILED.", e);
+			
+		} catch (EAAFConfigurationException e) {			
+			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
+					+ entityID + " FAILED.", e);
 		}
 		
 		return false;
@@ -246,7 +251,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 	}
 	
 	
-	private void addAndRemoveMetadataProvider() throws ConfigurationException {
+	private void addAndRemoveMetadataProvider() throws ConfigurationException, EAAFConfigurationException {
 		if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
 			Logger.info("Reload MOAMetaDataProvider.");
 			
@@ -282,8 +287,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 				while (oaInterator.hasNext()) {
 					Entry<String, String> oaKeyPair = oaInterator.next();
 					
-					IOAAuthParameters oaParam = 
-							authConfig.getOnlineApplicationParameter(oaKeyPair.getValue());
+					ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
 					if (oaParam != null) {
 						String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
 						
@@ -409,7 +413,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 	 * This method is deprecated because OA metadata should be loaded dynamically 
 	 * if the corresponding OA is requested.
 	 */
-	private void loadAllPVPMetadataFromKonfiguration() {
+	private void loadAllPVPMetadataFromKonfiguration() throws EAAFConfigurationException {
 		ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
 		Logger.info("Loading metadata");		
 		Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
@@ -423,11 +427,10 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 			while (oaInterator.hasNext()) {
 				Entry<String, String> oaKeyPair = oaInterator.next();
 				
-				IOAAuthParameters oaParam = 
-						authConfig.getOnlineApplicationParameter(oaKeyPair.getValue());
+				ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
 				if (oaParam != null) {
 					String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
-					String oaFriendlyName = oaParam.getFriendlyName();
+					String oaFriendlyName = oaParam.getUniqueIdentifier();
 					MetadataProvider httpProvider = null;
 			
 					try {
@@ -489,7 +492,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 				
 	}
 		
-	private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException {
+	private PVPMetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException {
 		PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
 		filterChain.getFilters().add(new SchemaValidationFilter());
 		filterChain.getFilters().add(
@@ -497,7 +500,9 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 						AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER, 
 						false)));
 		
-		if (oaParam.isInderfederationIDP()) {
+		
+		
+		if ((new OAAuthParameterDecorator(oaParam)).isInderfederationIDP()) {
 			Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies");
 			filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oaParam.hasBaseIdTransferRestriction()));
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
index 6c2235654..c87b7515f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
@@ -23,6 +23,7 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
 
 import java.io.File;
+import java.net.MalformedURLException;
 import java.util.Timer;
 
 import javax.net.ssl.SSLHandshakeException;
@@ -57,6 +58,7 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
 	
 	
 	@Autowired 
+	//protected IConfiguration authConfig;
 	protected AuthConfiguration authConfig;
 	
 	/**
@@ -76,21 +78,30 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
 			return createNewHTTPMetaDataProvider(metadataLocation, filter, IdForLogging, timer, pool);
 		
 		else {
-			String absoluteMetadataLocation = FileUtils.makeAbsoluteURL(
-					metadataLocation,
-					authConfig.getRootConfigFileDir());
-			
-			if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
-				File metadataFile = new File(absoluteMetadataLocation);
-				if (metadataFile.exists())
-					return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool);
+			String absoluteMetadataLocation;
+			try {
+				absoluteMetadataLocation = FileUtils.makeAbsoluteURL(
+						metadataLocation,
+						authConfig.getConfigurationRootDirectory().toURL().toString());
 				
-				else {
-					Logger.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
-					return null;
-				}
+				if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
+					File metadataFile = new File(absoluteMetadataLocation);
+					if (metadataFile.exists())
+						return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool);
+					
+					else {
+						Logger.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
+						return null;
+					}
+					
+				}	
 				
-			}			
+				
+			} catch (MalformedURLException e) {
+				Logger.warn("SAML2 metadata URL is invalid: " + metadataLocation, e);
+				
+			}
+							
 		}
 		
 		Logger.warn("SAML2 metadata has an unsupported metadata location prefix: " + metadataLocation);		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
index af9ba0180..dd94e0093 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
@@ -33,6 +33,7 @@ import org.opensaml.xml.security.x509.X509Credential;
 import org.opensaml.xml.signature.Signature;
 import org.opensaml.xml.signature.SignatureConstants;
 
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.opemsaml.MOAKeyStoreX509CredentialAdapter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -55,8 +56,9 @@ public abstract class AbstractCredentialProvider {
 	 * Get KeyStore
 	 * 
 	 * @return URL to the keyStore
+	 * @throws ConfigurationException 
 	 */
-	public abstract String getKeyStoreFilePath();
+	public abstract String getKeyStoreFilePath() throws ConfigurationException;
 	
 	/**
 	 * Get keyStore password
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
index 381289824..ebaef348c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
@@ -28,6 +28,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -53,14 +54,14 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
 	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath()
 	 */
 	@Override
-	public String getKeyStoreFilePath() {
+	public String getKeyStoreFilePath() throws ConfigurationException {
 		if (props == null)
 			props = authConfig.getGeneralPVP2ProperiesConfig();
 		
+
 		return FileUtils.makeAbsoluteURL(
-					props.getProperty(IDP_JAVAKEYSTORE), 
-					authConfig.getRootConfigFileDir());
-		
+						props.getProperty(IDP_JAVAKEYSTORE), 
+						authConfig.getRootConfigFileDir());		
 	}
 
 	/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index 528d8cbb6..d89d04664 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -34,7 +34,8 @@ import org.opensaml.xml.security.x509.BasicX509Credential;
 import org.opensaml.xml.signature.SignatureValidator;
 import org.opensaml.xml.validation.ValidationException;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
@@ -52,8 +53,8 @@ public class EntityVerifier {
 	public static byte[] fetchSavedCredential(String entityID) {
 //		List<OnlineApplication> oaList = ConfigurationDBRead
 //				.getAllActiveOnlineApplications();
-		try {
-			IOAAuthParameters oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID);
+		try { 
+			ISPConfiguration oa = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);
 		
 			if (oa == null) {
 				Logger.debug("No OnlineApplication with EntityID: " + entityID);
@@ -67,7 +68,7 @@ public class EntityVerifier {
 			
 			}
 			
-		} catch (ConfigurationException e) {
+		} catch (ConfigurationException | EAAFConfigurationException e) {
 			Logger.error("Access MOA-ID configuration FAILED.", e);
 			
 		} catch (IOException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
index 870c70efe..50bc7fb68 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -62,7 +62,7 @@ public class SAMLVerificationEngine {
 	
 	public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
 		try {		
-			if (msg instanceof MOARequest && 
+			if (msg instanceof MOARequest &&  
 					((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType)
 				verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine);
 		
@@ -112,10 +112,10 @@ public class SAMLVerificationEngine {
 		    
 		} catch (ValidationException e) {
 			 Logger.warn("Signature is not conform to SAML signature profile", e);
-			 throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+			 throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature is not conform to SAML signature profile");
 		
 		} catch (SchemaValidationException e) {			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "SAML response does not fit XML scheme");
 		
 		}
 
@@ -126,11 +126,11 @@ public class SAMLVerificationEngine {
 
 		try {
 		    if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
-		    	throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+		    	throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response");
 		    }
 		} catch (org.opensaml.xml.security.SecurityException e) {
 		    Logger.warn("PVP2x message signature validation FAILED.", e);
-		    throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+		    throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response");
 		}
 	}
 	
@@ -142,10 +142,10 @@ public class SAMLVerificationEngine {
 		    
 		} catch (ValidationException e) {
 		    Logger.warn("Signature is not conform to SAML signature profile", e);
-		    throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+		    throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Scheme validation FAILED on SAML request");
 		    
 		} catch (SchemaValidationException e) {			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "Scheme verification FAILED on SAML request");
 			
 		}
 
@@ -156,11 +156,11 @@ public class SAMLVerificationEngine {
 
 		try {
 		    if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
-		        throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+		        throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request");
 		    }
 		} catch (org.opensaml.xml.security.SecurityException e) {
 			Logger.warn("PVP2x message signature validation FAILED.", e);
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request");
 		}
 	}
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index 9ae41c06c..c5f02e7de 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -40,15 +40,17 @@ import org.springframework.transaction.annotation.Transactional;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
@@ -56,6 +58,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.utils.JsonMapper;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.EncryptedData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
@@ -68,14 +71,12 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class DBAuthenticationSessionStoreage implements IAuthenticationSessionStoreage{
 
 	@PersistenceContext(unitName="session")
-	private EntityManager entityManager;
+	private EntityManager entityManager; 
 	
 	@Autowired AuthConfiguration authConfig;
 	
 	private static JsonMapper mapper = new JsonMapper();
-	
-	//@Autowired MOASessionDBUtils moaSessionDBUtils;
-	
+		
 	@Override
 	public boolean isAuthenticated(String internalSsoSessionID) {
 		
@@ -108,7 +109,8 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			sessionExt.setUniqueSessionId(target.getUniqueSessionIdentifier());
 			dbsession.setAdditionalInformation(mapper.serialize(sessionExt).getBytes("UTF-8"));
 		
-			AuthenticationSession session = new AuthenticationSession(id, now, target.getMOASession());
+			AuthenticationSession session = new AuthenticationSession(id, now, 
+					new AuthenticationSessionWrapper(target.genericFullDataStorage()));
 			encryptSession(session, dbsession);
 		
 			//store AssertionStore element to Database
@@ -123,7 +125,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			
 		} catch (JsonProcessingException | UnsupportedEncodingException e) {
 			Logger.warn("Extended session information can not be stored.", e);
-			throw new MOADatabaseException(e);
+			throw new MOADatabaseException("Extended session information can not be stored.", e);
 			
 		}
 				
@@ -180,7 +182,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			
 		} catch (MOADatabaseException e) {
 			Logger.warn("MOASession could not be stored.");
-			throw new MOADatabaseException(e);
+			throw new MOADatabaseException("MOASession could not be stored.", e);
 			
 		} catch (JsonProcessingException | UnsupportedEncodingException e) {
 			Logger.warn("Extended session information can not be stored.", e);
@@ -228,12 +230,12 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 	}
 	
 	@Override
-	public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException {
-		MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID");	  
-		Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
+	public String getInternalSSOSessionWithSSOID(String externelSSOId) throws MOADatabaseException {
+		MiscUtil.assertNotNull(externelSSOId, "SSOsessionID");	  
+		Logger.trace("Get authenticated session with SSOID " + externelSSOId + " from database.");
 		  		  
 		Query query =  entityManager.createNamedQuery("getSessionWithSSOID");
-		query.setParameter("sessionid", SSOSessionID);		  
+		query.setParameter("sessionid", externelSSOId);		  
 		List<AuthenticatedSessionStore> results = query.getResultList();
 	 		  
 	    Logger.trace("Found entries: " + results.size());
@@ -245,7 +247,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 					 
 		} else
 			try {
-				return decryptSession(results.get(0));
+				return decryptSession(results.get(0)).getSSOSessionID();
 				
 			} catch (Throwable e) {
 				Logger.warn("MOASession deserialization-exception by using internal MOASessionID=" + results.get(0).getSessionid(), e);
@@ -312,7 +314,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 		//check if OA already has an active OA session
 		if (dbsession.getActiveOAsessions() != null) {
 			for (OASessionStore el : dbsession.getActiveOAsessions()) {
-				if (el.getOaurlprefix().equals(protocolRequest.getOAURL()))
+				if (el.getOaurlprefix().equals(protocolRequest.getSPEntityId()))
 					activeOA = el;						
 			}										 
 		}
@@ -321,7 +323,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			activeOA = new OASessionStore();
 				  
 	    //set active OA applications
-	    activeOA.setOaurlprefix(protocolRequest.getOAURL());
+	    activeOA.setOaurlprefix(protocolRequest.getSPEntityId());
 	    activeOA.setMoasession(dbsession);
 	    activeOA.setCreated(new Date());
 	  
@@ -360,21 +362,21 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 		entityManager.merge(dbsession);
 					
 		if (SLOInfo != null)
-			Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL() 
+			Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getSPEntityId() 
 					+ " and AssertionID: " + SLOInfo.getSessionIndex());
 		else
-			Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL());
+			Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getSPEntityId());
 					
 	}
 
 	@Override
-	public List<OASessionStore> getAllActiveOAFromMOASession(IAuthenticationSession moaSession) {
-		MiscUtil.assertNotNull(moaSession, "MOASession");
+	public List<OASessionStore> getAllActiveOAFromMOASession(String ssoSessionId) {
+		MiscUtil.assertNotNull( ssoSessionId, "MOASession");
 
-		  Logger.trace("Get OAs for moaSession " + moaSession.getSessionID() + " from database.");
+		  Logger.trace("Get OAs for moaSession " +  ssoSessionId + " from database.");
 		  
 		  Query query =  entityManager.createNamedQuery("getAllActiveOAsForSessionID");
-		  query.setParameter("sessionID", moaSession.getSessionID());		  
+		  query.setParameter("sessionID",  ssoSessionId);		  
 		  List<OASessionStore> results = query.getResultList();
 			  
 		  Logger.trace("Found entries: " + results.size());
@@ -384,13 +386,13 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 	}
 	
 	@Override
-	public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession) {
-		MiscUtil.assertNotNull(moaSession, "MOASession");
+	public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(String ssoSessionId) {
+		MiscUtil.assertNotNull( ssoSessionId, "MOASession");
 
-		  Logger.trace("Get active IDPs for moaSession " + moaSession.getSessionID() + " from database.");
+		  Logger.trace("Get active IDPs for moaSession " +  ssoSessionId + " from database.");
 		  
 		  Query query =  entityManager.createNamedQuery("getAllActiveIDPsForSessionID");
-		  query.setParameter("sessionID", moaSession.getSessionID());		  
+		  query.setParameter("sessionID",  ssoSessionId);		  
 		  List<InterfederationSessionStore> results = query.getResultList();
 
 		  Logger.trace("Found entries: " + results.size());
@@ -399,7 +401,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 	}
 	
 	@Override
-	public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {	  
+	public String searchSSOSessionWithNameIDandOAID(String oaID, String userNameID) {	  
 		  MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
 		  MiscUtil.assertNotNull(userNameID, "userNameID");
 		  Logger.trace("Get moaSession for userNameID " + userNameID + " and OA " 
@@ -419,8 +421,10 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 		   	
 		  }
 		  
-		  try {			  		  
-			  return  decryptSession(results.get(0));
+		  try {			
+			  AuthenticationSession decrytedSession = decryptSession(results.get(0));
+			  
+			  return decrytedSession.getSSOSessionID();
 			
 		  } catch (BuildException e) {
 			  Logger.warn("MOASession deserialization-exception by using MOASessionID=" + results.get(0).getSessionid(), e);			
@@ -434,11 +438,11 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 		  MiscUtil.assertNotNull(moaSession, "MOASession");	  
 		  MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
 		  MiscUtil.assertNotNull(protocolType, "usedProtocol");
-		  Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSessionID() + " with OAID "
+		  Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSSOSessionID() + " with OAID "
 				  + oaID + " from database.");
 		  
 		  Query query =  entityManager.createNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol");
-		  query.setParameter("sessionID", moaSession.getSessionID());
+		  query.setParameter("sessionID", moaSession.getSSOSessionID());
 		  query.setParameter("oaID", oaID);
 		  query.setParameter("protocol", protocolType);		  
 		  List<AuthenticatedSessionStore> results = query.getResultList();
@@ -545,25 +549,25 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 	}
 	
 	@Override
-	public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException {		
+	public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException, EAAFConfigurationException {		
 		AuthenticatedSessionStore dbsession = null;
-		AuthenticationSession moaSession = null;
+		String ssoSessionId = null;		
 		Date now = new Date();
 		
 		//search for active session
-		if (MiscUtil.isNotEmpty(req.getInternalSSOSessionIdentifier())) {
-			Logger.debug("Internal SSO-Session object: " + req.getInternalSSOSessionIdentifier() + " used for federated SSO");
-			moaSession = getInternalMOASessionWithSSOID(req.getInternalSSOSessionIdentifier());
+		if (MiscUtil.isNotEmpty(req.getSSOSessionIdentifier())) {
+			Logger.debug("Internal SSO-Session object: " + req.getSSOSessionIdentifier() + " used for federated SSO");
+			ssoSessionId = getInternalSSOSessionWithSSOID(req.getSSOSessionIdentifier());
 			
 		} else {
 			Logger.debug("No internal SSO-Session object exists for federated SSO --> create new session object");
-			moaSession = createInternalSSOSession(req);
+			ssoSessionId = createInternalSSOSession(req).getSSOSessionID();
 			
 		}
 			
-		if (moaSession != null) {
+		if (MiscUtil.isNotEmpty(ssoSessionId)) {
 			try {
-				dbsession = searchInDatabase(moaSession.getSessionID());
+				dbsession = searchInDatabase(ssoSessionId);
 				
 			}catch (MOADatabaseException e) {
 				Logger.error("NO MOASession found but MOASession MUST already exist!");
@@ -617,7 +621,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			idp.setIdpurlprefix(idpEntityID);
 			idp.setAuthURL(req.getAuthURL());
 			
-			IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(idp.getIdpurlprefix());			
+			IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(idp.getIdpurlprefix(), OAAuthParameterDecorator.class);			
 			idp.setStoreSSOInformation(oa.isInterfederationSSOStorageAllowed());						
 			idp.setMoasession(dbsession);
 			idpList.add(idp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
index 958ef4977..27d9d394d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
@@ -241,16 +241,17 @@ public class DBTransactionStorage implements ITransactionStorage {
 		}
 	}
 
-//	public Object getAssertionStore(String key) throws MOADatabaseException{
-//		return searchInDatabase(key);
-//		
-//	}
+	@Override
+	public Object getRaw(String key) throws MOADatabaseException {
+		return searchInDatabase(key);
+		
+	}
 	
-//	@Override
-//	public void putAssertionStore(Object element) throws MOADatabaseException{
-//		entityManager.merge(element);
-//		
-//	}
+	@Override
+	public void putRaw(String key, Object element) throws MOADatabaseException {
+		entityManager.merge(element);
+		
+	}
 	
 	private void cleanDelete(AssertionStore element) {
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
index 414df1328..ff9c4e358 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
@@ -26,7 +26,8 @@ import java.util.Date;
 import java.util.List;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -110,13 +111,13 @@ public interface IAuthenticationSessionStoreage {
 	public void setAuthenticated(String internalSsoSessionID, boolean isAuthenticated);
 	
 	/**
-	 * Find the MOASessionId of an active Single Sign-On session
+	 * Find the internal SSO session identifier of an active Single Sign-On session
 	 * 
-	 * @param SSOSessionID Single Sign-On sessionID
-	 * @return internal MOA SSO-Session of the associated SSO-Session Id 
+	 * @param externelSSOId external Single Sign-On sessionID
+	 * @return internal SSO-Session identifier 
 	 * @throws MOADatabaseException 
 	 */
-	public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException;
+	public String getInternalSSOSessionWithSSOID(String externelSSOId) throws MOADatabaseException;
 	
 	/**
 	 * Check if a MOASession is an active Single Sign-On session
@@ -151,28 +152,28 @@ public interface IAuthenticationSessionStoreage {
 	/**
 	 * Get all Single Sign-On authenticated Service-Provider of a MOASession
 	 * 
-	 * @param moaSession MOASession data object
+	 * @param ssoSessionId SSO session id
 	 * @return List of Service-Provider information
 	 */
-	public List<OASessionStore> getAllActiveOAFromMOASession(IAuthenticationSession moaSession);
+	public List<OASessionStore> getAllActiveOAFromMOASession(String ssoSessionId);
 	
 	
 	/**
 	 * Get all active interfederation connections for a MOASession
 	 * 
-	 * @param moaSession MOASession data object
+	 * @param ssoSessionId SSO session id
 	 * @return List of Interfederation-IDP information
 	 */
-	public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession);
+	public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(String ssoSessionId);
 	
 	/**
-	 * Search a MOASession by using already transfered authentication information 
+	 * Search a SSO session by using already transfered authentication information 
 	 * 
 	 * @param oaID Service-Provider identifier, which has received the authentication information
 	 * @param userNameID UserId (bPK), which was send to this Service-Provider
-	 * @return MOASession, or null if no corresponding MOASession is found
+	 * @return SSO-session identifier, or null if no corresponding SSO session is found
 	 */
-	public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID);
+	public String searchSSOSessionWithNameIDandOAID(String oaID, String userNameID);
 	
 	/**
 	 * Search a active Single Sign-On session for a specific Service-Provider
@@ -220,8 +221,9 @@ public interface IAuthenticationSessionStoreage {
 	 * @throws MOADatabaseException
 	 * @throws AssertionAttributeExtractorExeption
 	 * @throws BuildException
+	 * @throws EAAFConfigurationException 
 	 */
-	public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException;
+	public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException, EAAFConfigurationException;
 	
 	/**
 	 * Search an active federation IDP which could be used for federated Single Sign-On by using an AttributeQuery
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
index f30613474..8d36e81bb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
@@ -40,6 +40,7 @@ import org.springframework.data.redis.serializer.JacksonJsonRedisSerializer;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
@@ -352,12 +353,13 @@ private AssertionStore prepareAssertion(AssertionStore element, String key, Obje
 	}
 
 @Override
-public Object getAssertionStore(String key) throws MOADatabaseException {
+public Object getRaw(String key) throws EAAFException {
 	return searchInDatabase(key);
+	
 }
 
 @Override
-public void putAssertionStore(Object element) throws MOADatabaseException {
+public void putRaw(String key, Object element) throws EAAFException {
 	// TODO Auto-generated method stub
 	AssertionStore as = (AssertionStore)element;
 	final int expTime = redisTemplate.getExpire(as.getArtifact(), TimeUnit.MILLISECONDS).intValue();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
new file mode 100644
index 000000000..3e3d9dafc
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.util;
+
+import java.io.IOException;
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.data.AuthenticationRole;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class LoALevelMapper {
+
+	private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/";
+	private static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/";
+	private static final String eIDAS_QAA_PREFIX = "http://eidas.europa.eu/";
+	
+	private static final String MAPPING_RESOURCE = 
+			"resources/properties/pvp-stork_mapping.properties";
+	
+	private static final String MAPPING_SECCLASS_PREFIX = "secclass_";
+	private static final String MAPPING_EIDAS_PREFIX = "eidas_";
+	
+	private Properties mapping = null;
+	
+	private static LoALevelMapper instance = null;
+	
+	public static LoALevelMapper getInstance() {
+		if (instance == null) {
+			instance = new LoALevelMapper();			
+		}
+		
+		return instance;
+	}
+	
+	private LoALevelMapper() {
+		try {
+			mapping = new Properties();
+			mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE));
+			Logger.debug("PVP -> STORK Role mapping initialisation finished.");
+			
+		} catch (IOException e) {
+			Logger.error("PVP -> STORK Role mapping initialisation FAILED." , e);
+			mapping = null;
+			
+		}
+		
+		
+	}
+
+	/**
+	 * Map STORK QAA level to eIDAS QAA level
+	 * 
+	 * @param storkQAA STORK QAA level
+	 * @return
+	 */
+	public String mapSTORKQAAToeIDASQAA(String storkQAA) {
+		if (mapping != null) {
+			String input = storkQAA.substring(STORK_QAA_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(MAPPING_EIDAS_PREFIX + input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map STORK-QAA " + storkQAA + " to eIDAS-QAA " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No eIDAS-QAA mapping for STORK-QAA " + storkQAA +" !");
+		return null;
+		
+	}
+	
+	/**
+	 * Map eIDAS QAA-level to STORK QAA-level
+	 * 
+	 * @param qaaLevel eIDAS QAA-level
+	 * @return STORK QAA-level
+	 */
+	public String mapeIDASQAAToSTORKQAA(String qaaLevel) {
+		if (mapping != null) {
+			String input = qaaLevel.substring(eIDAS_QAA_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map eIDAS-QAA " + qaaLevel + " to STORK-QAA " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No eIDAS-QAA mapping for eIDAS-QAA " + qaaLevel +" !");
+		return null;
+	}
+	
+	/**Map a STORK QAA level to PVP SecClass
+	 * 
+	 * @param STORK-QAA level
+	 * @return PVP SecClass pvpQAALevel
+	 */	
+	public String mapToSecClass(String storkQAALevel) {
+		if (mapping != null) {
+			String input = storkQAALevel.substring(STORK_QAA_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(MAPPING_SECCLASS_PREFIX + input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map STORK-QAA " + storkQAALevel + " to PVP SecClass " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No mapping for STORK-QAA " + storkQAALevel +" !");
+		return null;
+	}
+	
+	/**Map a PVP SecClass to STORK QAA level
+	 * 
+	 * @param PVP SecClass pvpQAALevel
+	 * @return STORK-QAA level
+	 */	
+	public String mapToQAALevel(String pvpQAALevel) {
+		if (mapping != null) {
+			String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map PVP SecClass " + pvpQAALevel + " to STORK-QAA " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No mapping for PVP SecClass " + pvpQAALevel +" !");
+		return null;
+	}
+	
+	/**Map a PVP Role attribute to STORK ECAuthenticationRole attribute values
+	 * 
+	 * @param PVP Role attribute
+	 * @return STORK ECAuthenticationRole attribute value
+	 */
+	public String map(AuthenticationRole el) {
+		if (mapping != null) {
+			//String ecRole = mapping.getProperty(el.getRawRoleString());
+			String ecRole = mapping.getProperty(el.getRoleName());
+			if (MiscUtil.isNotEmpty(ecRole)) {
+				//Logger.info("Map PVPRole " + el.getRawRoleString() + " to ECRole " + ecRole);
+				Logger.info("Map PVPRole " + el.getRoleName() + " to ECRole " + ecRole);
+				return ecRole;
+			}			
+		}
+		//Logger.warn("NO mapping for PVPRole "+ el.getRawRoleString() + " !");
+		Logger.warn("NO mapping for PVPRole "+ el.getRoleName() + " !");
+		return null;
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
deleted file mode 100644
index 099a70470..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
+++ /dev/null
@@ -1,174 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.util;
-
-import java.io.IOException;
-import java.util.Properties;
-
-import at.gv.egovernment.moa.id.data.AuthenticationRole;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public class PVPtoSTORKMapper {
-
-	private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/";
-	private static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/";
-	private static final String eIDAS_QAA_PREFIX = "http://eidas.europa.eu/";
-	
-	private static final String MAPPING_RESOURCE = 
-			"resources/properties/pvp-stork_mapping.properties";
-	
-	private static final String MAPPING_SECCLASS_PREFIX = "secclass_";
-	private static final String MAPPING_EIDAS_PREFIX = "eidas_";
-	
-	private Properties mapping = null;
-	
-	private static PVPtoSTORKMapper instance = null;
-	
-	public static PVPtoSTORKMapper getInstance() {
-		if (instance == null) {
-			instance = new PVPtoSTORKMapper();			
-		}
-		
-		return instance;
-	}
-	
-	private PVPtoSTORKMapper() {
-		try {
-			mapping = new Properties();
-			mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE));
-			Logger.debug("PVP -> STORK Role mapping initialisation finished.");
-			
-		} catch (IOException e) {
-			Logger.error("PVP -> STORK Role mapping initialisation FAILED." , e);
-			mapping = null;
-			
-		}
-		
-		
-	}
-
-	/**
-	 * Map STORK QAA level to eIDAS QAA level
-	 * 
-	 * @param storkQAA STORK QAA level
-	 * @return
-	 */
-	public String mapSTORKQAAToeIDASQAA(String storkQAA) {
-		if (mapping != null) {
-			String input = storkQAA.substring(STORK_QAA_PREFIX.length());			
-			String mappedQAA = mapping.getProperty(MAPPING_EIDAS_PREFIX + input);
-			if (MiscUtil.isNotEmpty(mappedQAA)) {
-				Logger.info("Map STORK-QAA " + storkQAA + " to eIDAS-QAA " + mappedQAA);
-				return mappedQAA;
-				
-			}						
-		}		
-		Logger.warn("No eIDAS-QAA mapping for STORK-QAA " + storkQAA +" !");
-		return null;
-		
-	}
-	
-	/**
-	 * Map eIDAS QAA-level to STORK QAA-level
-	 * 
-	 * @param qaaLevel eIDAS QAA-level
-	 * @return STORK QAA-level
-	 */
-	public String mapeIDASQAAToSTORKQAA(String qaaLevel) {
-		if (mapping != null) {
-			String input = qaaLevel.substring(eIDAS_QAA_PREFIX.length());			
-			String mappedQAA = mapping.getProperty(input);
-			if (MiscUtil.isNotEmpty(mappedQAA)) {
-				Logger.info("Map eIDAS-QAA " + qaaLevel + " to STORK-QAA " + mappedQAA);
-				return mappedQAA;
-				
-			}						
-		}		
-		Logger.warn("No eIDAS-QAA mapping for eIDAS-QAA " + qaaLevel +" !");
-		return null;
-	}
-	
-	/**Map a STORK QAA level to PVP SecClass
-	 * 
-	 * @param STORK-QAA level
-	 * @return PVP SecClass pvpQAALevel
-	 */	
-	public String mapToSecClass(String storkQAALevel) {
-		if (mapping != null) {
-			String input = storkQAALevel.substring(STORK_QAA_PREFIX.length());			
-			String mappedQAA = mapping.getProperty(MAPPING_SECCLASS_PREFIX + input);
-			if (MiscUtil.isNotEmpty(mappedQAA)) {
-				Logger.info("Map STORK-QAA " + storkQAALevel + " to PVP SecClass " + mappedQAA);
-				return mappedQAA;
-				
-			}						
-		}		
-		Logger.warn("No mapping for STORK-QAA " + storkQAALevel +" !");
-		return null;
-	}
-	
-	/**Map a PVP SecClass to STORK QAA level
-	 * 
-	 * @param PVP SecClass pvpQAALevel
-	 * @return STORK-QAA level
-	 */	
-	public String mapToQAALevel(String pvpQAALevel) {
-		if (mapping != null) {
-			String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length());			
-			String mappedQAA = mapping.getProperty(input);
-			if (MiscUtil.isNotEmpty(mappedQAA)) {
-				Logger.info("Map PVP SecClass " + pvpQAALevel + " to STORK-QAA " + mappedQAA);
-				return mappedQAA;
-				
-			}						
-		}		
-		Logger.warn("No mapping for PVP SecClass " + pvpQAALevel +" !");
-		return null;
-	}
-	
-	/**Map a PVP Role attribute to STORK ECAuthenticationRole attribute values
-	 * 
-	 * @param PVP Role attribute
-	 * @return STORK ECAuthenticationRole attribute value
-	 */
-	public String map(AuthenticationRole el) {
-		if (mapping != null) {
-			//String ecRole = mapping.getProperty(el.getRawRoleString());
-			String ecRole = mapping.getProperty(el.getRoleName());
-			if (MiscUtil.isNotEmpty(ecRole)) {
-				//Logger.info("Map PVPRole " + el.getRawRoleString() + " to ECRole " + ecRole);
-				Logger.info("Map PVPRole " + el.getRoleName() + " to ECRole " + ecRole);
-				return ecRole;
-			}			
-		}
-		//Logger.warn("NO mapping for PVPRole "+ el.getRawRoleString() + " !");
-		Logger.warn("NO mapping for PVPRole "+ el.getRoleName() + " !");
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
index 88a64bd07..ca71ad946 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
@@ -22,8 +22,9 @@
  */
 package at.gv.egovernment.moa.id.util;
 
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotAllowedException;
+import at.gv.egovernment.moa.logging.Logger;
 
 /**
  * @author tlenz
@@ -33,10 +34,23 @@ public class QAALevelVerifier {
 
 	public static void verifyQAALevel(String qaaAuth, String qaaRequest) throws QAANotAllowedException {
 		
-		Integer qaaA = Integer.valueOf(qaaAuth.substring(PVPConstants.STORK_QAA_PREFIX.length()));
-		Integer qaaR = Integer.valueOf(qaaRequest.substring(PVPConstants.STORK_QAA_PREFIX.length()));
+		if (EAAFConstants.EIDAS_QAA_LOW.equals(qaaRequest) && 
+					(EAAFConstants.EIDAS_QAA_LOW.equals(qaaAuth) || 
+							EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) ||
+									EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth))
+				) 
+			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
 		
-		if (qaaA < qaaR)
+		else if (EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaRequest) && 
+					(EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) ||
+								EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth))
+				) 
+			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
+		
+		else if (EAAFConstants.EIDAS_QAA_HIGH.equals(qaaRequest) && EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth)) 
+			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
+		
+		else 
 			throw new QAANotAllowedException(qaaAuth, qaaRequest);
 		
 	}
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
index 1e3672a0d..14d4d9fb6 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
@@ -1,8 +1,6 @@
-at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSectorForIDAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN
 at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
deleted file mode 100644
index 9b6eedb11..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
+++ /dev/null
@@ -1,285 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.module.test;
-
-import java.util.Collection;
-
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
-
-/**
- * @author tlenz
- *
- */
-public class TestRequestImpl implements IRequest {
-
-	private String processInstanceID = null; 
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedModule()
-	 */
-	@Override
-	public String requestedModule() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedAction()
-	 */
-	@Override
-	public String requestedAction() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getOAURL()
-	 */
-	@Override
-	public String getOAURL() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#isPassiv()
-	 */
-	@Override
-	public boolean isPassiv() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#forceAuth()
-	 */
-	@Override
-	public boolean forceAuth() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getGenericData(java.lang.String)
-	 */
-	@Override
-	public Object getGenericData(String key) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getGenericData(java.lang.String, java.lang.Class)
-	 */
-	@Override
-	public <T> T getGenericData(String key, Class<T> clazz) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#setGenericDataToSession(java.lang.String, java.lang.Object)
-	 */
-	@Override
-	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
-		// TODO Auto-generated method stub
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestID()
-	 */
-	@Override
-	public String getRequestID() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getUniqueTransactionIdentifier()
-	 */
-	@Override
-	public String getUniqueTransactionIdentifier() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getUniqueSessionIdentifier()
-	 */
-	@Override
-	public String getUniqueSessionIdentifier() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getProcessInstanceId()
-	 */
-	@Override
-	public String getProcessInstanceId() {
-		return processInstanceID;
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getAuthURL()
-	 */
-	@Override
-	public String getAuthURL() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getAuthURLWithOutSlash()
-	 */
-	@Override
-	public String getAuthURLWithOutSlash() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#isNeedAuthentication()
-	 */
-	@Override
-	public boolean isNeedAuthentication() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#needSingleSignOnFunctionality()
-	 */
-	@Override
-	public boolean needSingleSignOnFunctionality() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#setNeedSingleSignOnFunctionality(boolean)
-	 */
-	@Override
-	public void setNeedSingleSignOnFunctionality(boolean needSSO) {
-		// TODO Auto-generated method stub
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#isAuthenticated()
-	 */
-	@Override
-	public boolean isAuthenticated() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#setAuthenticated(boolean)
-	 */
-	@Override
-	public void setAuthenticated(boolean isAuthenticated) {
-		// TODO Auto-generated method stub
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getOnlineApplicationConfiguration()
-	 */
-	@Override
-	public IOAAuthParameters getOnlineApplicationConfiguration() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/**
-	 * @param processInstanceID the processInstanceID to set
-	 */
-	public void setProcessInstanceID(String processInstanceID) {
-		this.processInstanceID = processInstanceID;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#isAbortedByUser()
-	 */
-	@Override
-	public boolean isAbortedByUser() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#setAbortedByUser(boolean)
-	 */
-	@Override
-	public void setAbortedByUser(boolean isAborted) {
-		// TODO Auto-generated method stub
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedAttributes()
-	 */
-	@Override
-	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.commons.api.IRequest#getInternalSSOSessionIdentifier()
-	 */
-	@Override
-	public String getInternalSSOSessionIdentifier() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.commons.api.IRequest#getMOASession()
-	 */
-	@Override
-	public IAuthenticationSession getMOASession() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.commons.api.IRequest#populateMOASessionWithSSOInformation(at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession)
-	 */
-	@Override
-	public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession) {
-		// TODO Auto-generated method stub
-		
-	}
-	
-	
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java
deleted file mode 100644
index 08fb4e043..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java
+++ /dev/null
@@ -1,147 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test;
-
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.Iterator;
-import java.util.List;
-
-import javax.sql.DataSource;
-
-import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Dummy DataSource implementation for convenience in test cases where a
- * database connection will never actually be acquired.
- *
- * @see DataSource
- * @author Chris Beams
- */
-public class DummyTransactionStorage implements ITransactionStorage {
-
-	public class DummyDBEntry{
-		public DummyDBEntry(String key, Object value){
-			this.obj =value;
-			this.key = key;
-		}
-		public String getKey() {
-			return key;
-		}
-		public void setKey(String key) {
-			this.key = key;
-		}
-		public Object getObj() {
-			return obj;
-		}
-		public void setObj(Object obj) {
-			this.obj = obj;
-		}
-		private String key;
-		private Object obj;
-	}
-	
-	private ArrayList<DummyDBEntry> ds = new ArrayList<DummyDBEntry>();
-	
-
-	
-	@Override
-	public boolean containsKey(String key) {
-		// TODO Auto-generated method stub
-		Iterator<DummyDBEntry> it = ds.iterator();
-		while(it.hasNext()){
-			DummyDBEntry t = it.next();
-			if(t.getKey().equals(key))
-				return true;
-		}
-		return false;
-	}
-
-	@Override
-	public void put(String key, Object value, int timeout_ms)
-			throws MOADatabaseException {
-		// TODO Auto-generated method stub
-		this.remove(key);
-		this.ds.add(new DummyDBEntry(key, value));
-		
-	}
-
-	@Override
-	public Object get(String key) throws MOADatabaseException {
-		// TODO Auto-generated method stub
-		Iterator<DummyDBEntry> it = ds.iterator();
-		while(it.hasNext()){
-			DummyDBEntry t = it.next();
-			if(t.getKey().equals(key))
-				return t;
-		}
-		return null;
-	}
-
-	@Override
-	public <T> T get(String key, Class<T> clazz) throws MOADatabaseException {
-		
-		  DummyDBEntry o = (DummyDBEntry) get(key);
-		  if(o == null)
-			  return null;
-		  try {
-			  @SuppressWarnings("unchecked")
-			T test = (T) (clazz.cast(o.getObj()));
-			return test;
-			
-		  } catch (Exception e) {
-			Logger.warn("Sessioninformation Cast-Exception by using Artifact=" + key);
-			throw new MOADatabaseException("Sessioninformation Cast-Exception");
-			
-		  }
-	}
-
-	@Override
-	public <T> T get(String key, Class<T> clazz, long dataTimeOut)
-			throws MOADatabaseException, AuthenticationException {
-		// TODO Auto-generated method stub
-		return get(key,clazz);
-	}
-
-	@Override
-	public void changeKey(String oldKey, String newKey, Object value)
-			throws MOADatabaseException {
-		this.remove(oldKey);
-		this.put(newKey, value, -1);
-		
-	}
-
-	@Override
-	public void remove(String key) {
-		Iterator<DummyDBEntry> it = ds.iterator();
-		while(it.hasNext()){
-			DummyDBEntry t = it.next();
-			if(t.getKey().equals(key)){
-				this.ds.remove(t);
-				return;
-			}
-		}
-		
-	}
-
-	@Override
-	public List<String> clean(Date now, long dataTimeOut) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public Object getAssertionStore(String key) throws MOADatabaseException {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public void putAssertionStore(Object element) throws MOADatabaseException {
-		// TODO Auto-generated method stub
-		
-	}
-
-    
-}
\ No newline at end of file
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/ExpressionContextAdapter.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/ExpressionContextAdapter.java
deleted file mode 100644
index c26236619..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/ExpressionContextAdapter.java
+++ /dev/null
@@ -1,52 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test;
-
-
-import java.io.Serializable;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext;
-
-/**
- * Adapter class for {@link ExpressionEvaluationContext}. Intended to be used for testing purposes.
- * 
- * @author tknall
- * 
- */
-public class ExpressionContextAdapter implements ExpressionEvaluationContext {
-
-	private static final long serialVersionUID = 1L;
-
-	private Map<String, Serializable> ctxData = Collections.synchronizedMap(new HashMap<String, Serializable>());
-
-	/**
-	 * Returns a certain {@link Serializable} object associated with a certain {@code key}.
-	 * 
-	 * @param key
-	 *            The key.
-	 * @return The object or {@code null} if no object was found stored with that key or if a {@code null} value was
-	 *         stored.
-	 */
-	Serializable get(String key) {
-		return ctxData.get(key);
-	}
-
-	/**
-	 * Stores a {@link Serializable} with a certain {@code key}.
-	 * 
-	 * @param key
-	 *            The key.
-	 * @param object
-	 *            The object.
-	 */
-	void put(String key, Serializable object) {
-		ctxData.put(key, object);
-	}
-
-	@Override
-	public Map<String, Serializable> getCtx() {
-		return Collections.unmodifiableMap(ctxData);
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SimplePojo.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SimplePojo.java
deleted file mode 100644
index 89f3c0383..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SimplePojo.java
+++ /dev/null
@@ -1,41 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test;
-
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator;
-
-/**
- * A dummy pojo used to test {@link ExpressionEvaluator} with Spring EL referencing Spring beans.
- * 
- * @author tknall
- * 
- */
-public class SimplePojo {
-
-	private Boolean booleanValue;
-	private String stringValue;
-	private Integer integerValue;
-
-	public Boolean getBooleanValue() {
-		return booleanValue;
-	}
-
-	public void setBooleanValue(Boolean booleanValue) {
-		this.booleanValue = booleanValue;
-	}
-
-	public String getStringValue() {
-		return stringValue;
-	}
-
-	public void setStringValue(String stringValue) {
-		this.stringValue = stringValue;
-	}
-
-	public Integer getIntegerValue() {
-		return integerValue;
-	}
-
-	public void setIntegerValue(Integer integerValue) {
-		this.integerValue = integerValue;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
deleted file mode 100644
index c06735f9e..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
+++ /dev/null
@@ -1,154 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test;
-
-import static at.gv.egovernment.moa.id.process.ProcessInstanceState.NOT_STARTED;
-import static at.gv.egovernment.moa.id.process.ProcessInstanceState.SUSPENDED;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Properties;
-
-import org.hibernate.cfg.Configuration;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
-import at.gv.egovernment.moa.id.module.test.TestRequestImpl;
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.id.process.ProcessEngineImpl;
-import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-import at.gv.egovernment.moa.id.process.ProcessInstance;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.spring.SpringExpressionEvaluator;
-
-/**
- * Tests the process engine using processes based on Spring EL referencing the process context and further Spring beans.
- * 
- * @author tknall
- * 
- */
-@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration("/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml")
-public class SpringExpressionAwareProcessEngineTest {
-
-	@Autowired private static ProcessEngine pe;
-	@Autowired private ApplicationContext applicationContext;
-	
-	private boolean isInitialized = false;
-
-	@Before
-	public void init() throws IOException, ProcessDefinitionParserException {
-
-		if (!isInitialized) {
-
-			if (pe == null) {
-				pe = applicationContext.getBean("processEngine", ProcessEngine.class);
-				
-			}
-
-			((ProcessEngineImpl) pe).setTransitionConditionExpressionEvaluator(new SpringExpressionEvaluator());
-			try (InputStream in = SpringExpressionAwareProcessEngineTest.class.getResourceAsStream("SampleProcessDefinitionWithExpression1.xml")) {
-				((ProcessEngineImpl) pe).registerProcessDefinition(in);
-			}
-			try (InputStream in = SpringExpressionAwareProcessEngineTest.class.getResourceAsStream("SampleProcessDefinitionForSAML1Authentication.xml")) {
-				((ProcessEngineImpl) pe).registerProcessDefinition(in);
-			}
-
-		initHibernateForTesting();
-		}
-	}
-
-	private static void initHibernateForTesting() throws IOException{
-
-		InputStream in = SpringExpressionAwareProcessEngineTest.class.getResourceAsStream("/at/gv/egovernment/moa/id/process/hibernate.configuration.test.properties");
-		Properties props = new Properties();
-		props.load(in);
-
-		try {
-			//ConfigurationDBUtils.initHibernate(props);
-			Configuration config = new Configuration();
-			config.addProperties(props);
-			//config.addAnnotatedClass(ProcessInstanceStore.class);
-			config.addAnnotatedClass(AssertionStore.class);
-			//MOASessionDBUtils.initHibernate(config, props);
-		} catch (Exception e) {
-			e.printStackTrace();
-		}
-	}
-
-
-	@Test
-	public void testSampleProcessDefinitionWithExpression1() throws IOException, ProcessDefinitionParserException, ProcessExecutionException {
-
-		TestRequestImpl req =  new TestRequestImpl();
-		
-		String piId = pe.createProcessInstance("SampleProcessWithExpression1");
-		ProcessInstance pi = pe.getProcessInstance(piId);
-		assertEquals(NOT_STARTED, pi.getState());
-		
-		
-		// start process
-		req.setProcessInstanceID(piId);
-		pe.start(req);
-		
-		//processInstance should be removed when it ends
-		try {
-			pi = pe.getProcessInstance(piId);
-			throw new ProcessExecutionException("ProcessInstance should be removed already, but it was found.");
-			//assertEquals(ENDED, pi.getState());
-			
-		} catch (IllegalArgumentException e) {
-			// do nothing because processInstance should be already removed 
-			
-		}
-	}
-
-	@Test
-	public void testSampleProcessDefinitionForSAML1Authentication() throws IOException, ProcessDefinitionParserException, ProcessExecutionException {
-
-		TestRequestImpl req =  new TestRequestImpl();
-		
-		String piId = pe.createProcessInstance("SampleProcessDefinitionForSAML1Authentication");
-		ProcessInstance pi = pe.getProcessInstance(piId);
-		assertEquals(NOT_STARTED, pi.getState());
-
-		// start process
-		req.setProcessInstanceID(piId);
-		pe.start(req);		
-		pi = pe.getProcessInstance(piId);
-		assertEquals(SUSPENDED, pi.getState());
-		
-		ExecutionContext ec = pi.getExecutionContext();
-		assertNotNull(ec);
-		System.out.println(ec.keySet());
-
-		assertNotNull(ec.get("bkuURL"));
-		assertNotNull(ec.get("IdentityLink"));
-		assertNotNull(ec.get("isIdentityLinkValidated"));
-		assertNotNull(ec.get("SignedAuthBlock"));
-		assertNotNull(ec.get("isSignedAuthBlockValidated"));
-		assertNotNull(ec.get("SAML1Assertion"));
-		
-		pe.signal(req);
-		try {
-			pi = pe.getProcessInstance(piId);
-			throw new ProcessExecutionException("ProcessInstance should be removed already, but it was found.");
-			//assertEquals(ENDED, pi.getState());
-			
-		} catch (IllegalArgumentException e) {
-			// do nothing because processInstance should be already removed 
-			
-		}
-
-
-
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest.java
deleted file mode 100644
index bc9d1d399..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest.java
+++ /dev/null
@@ -1,54 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test;
-
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator;
-
-/**
- * Tests the {@link ExpressionEvaluator} using a Spring EL based implementation capable of dereferencing Spring beans.
- * 
- * @author tknall
- * 
- */
-@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration
-public class SpringExpressionEvaluatorTest {
-
-	private ExpressionContextAdapter ctx;
-
-	@Autowired
-	private ExpressionEvaluator expressionEvaluator;
-
-	@Before
-	public void prepareTest() {
-		ctx = new ExpressionContextAdapter();
-	}
-
-	@Test
-	public void testEvaluateSimpleExpression() {
-		assertTrue(expressionEvaluator.evaluate(ctx, "'true'"));
-	}
-
-	@Test
-	public void testEvaluateExpressionWithCtx() {
-		ctx.put("myProperty", false);
-		assertFalse(expressionEvaluator.evaluate(ctx, "ctx['myProperty']"));
-	}
-
-	@Test
-	public void testEvaluateExpressionWithBeanReference() {
-		assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.booleanValue"));
-		assertTrue(expressionEvaluator.evaluate(ctx, "'HelloWorld'.equals(@simplePojo.stringValue)"));
-		assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.integerValue == 42"));
-		assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10"));
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
deleted file mode 100644
index d3b9789fc..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
+++ /dev/null
@@ -1,63 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test.task;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.charset.Charset;
-import java.util.Objects;
-
-import org.apache.commons.io.IOUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * A dummy task simulating the creation of a SAML1 assertion.
- * <p>
- * Requires context data:
- * <ul>
- * <li>{@code IdentityLink}</li>
- * <li>{@code isIdentityLinkValidated}</li>
- * <li>{@code SignedAuthBlock}</li>
- * <li>{@code isSignedAuthBlockValidated}</li>
- * </ul>
- * </p>
- * <p>
- * Enriches context data with:
- * <ul>
- * <li>{@code SAML1Assertion}</li>
- * </ul>
- * </p>
- * 
- * @author tknall
- * 
- */
-@Service("CreateSAML1AssertionTask")
-public class CreateSAML1AssertionTask implements Task {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	@Override
-	public IRequest execute(IRequest penReq, ExecutionContext executionContext) throws TaskExecutionException {
-		Objects.requireNonNull(executionContext.get("IdentityLink"));
-		assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated"))));
-		Objects.requireNonNull(executionContext.get("SignedAuthBlock"));
-		assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isSignedAuthBlockValidated"))));
-
-		log.debug("Using IdentityLink and signed auth block in order to create SAML1 assertion.");
-
-		try (InputStream in = getClass().getResourceAsStream("SAML1Assertion.xml")) {
-			executionContext.put("SAML1Assertion", IOUtils.toString(in, Charset.forName("UTF-8")));
-			
-		} catch (IOException e) {
-			throw new TaskExecutionException(null, "", e);
-		}
-
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
deleted file mode 100644
index 7657f1c1f..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
+++ /dev/null
@@ -1,59 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test.task;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.charset.Charset;
-import java.util.Objects;
-
-import org.apache.commons.io.IOUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * A dummy task simulating the retrieval of an IdentityLink.
- * <p/>
- * Asynchonous
- * <p>
- * Requires context data:
- * <ul>
- * <li>{@code bkuURL}</li>
- * </ul>
- * </p>
- * <p>
- * Enriches context data with:
- * <ul>
- * <li>{@code IdentityLink}</li>
- * </ul>
- * </p>
- * 
- * @author tknall
- * 
- */
-@Service("GetIdentityLinkTask")
-public class GetIdentityLinkTask implements Task {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	@Override
-	public IRequest execute(IRequest penReq, ExecutionContext executionContext) throws TaskExecutionException {
-		Objects.requireNonNull(executionContext.get("bkuURL"));
-
-		log.debug("Using bkuURL in order to retrieve IdentityLink.");
-
-		try (InputStream in = getClass().getResourceAsStream("IdentityLink_Max_Mustermann.xml")) {
-			executionContext.put("IdentityLink", IOUtils.toString(in, Charset.forName("UTF-8")));
-			
-		} catch (IOException e) {
-			throw new TaskExecutionException(null, "", e);
-		}
-		
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java
deleted file mode 100644
index 1163a0706..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java
+++ /dev/null
@@ -1,37 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test.task;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * A dummy task simulating a bku selection.
- * <p/>
- * Asynchonous
- * <p>
- * Enriches context data with:
- * <ul>
- * <li>{@code bkuURL}</li>
- * </ul>
- * </p>
- * 
- * @author tknall
- * 
- */
-@Service("SelectBKUTask")
-public class SelectBKUTask implements Task {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	@Override
-	public IRequest execute(IRequest penReq, ExecutionContext executionContext) {
-		log.debug("Providing BKU selection.");
-		executionContext.put("bkuURL", "https://127.0.0.1:3496/https-security-layer-request");
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
deleted file mode 100644
index 1d10b08a8..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
+++ /dev/null
@@ -1,61 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test.task;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.charset.Charset;
-import java.util.Objects;
-
-import org.apache.commons.io.IOUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * A dummy task simulating the signature of an auth block.
- * <p/>
- * Asynchonous
- * <p>
- * Requires context data:
- * <ul>
- * <li>{@code IdentityLink}</li>
- * <li>{@code isIdentityLinkValidated}</li>
- * <li>{@code bkuURL}</li>
- * </ul>
- * </p>
- * <p>
- * Enriches context data with:
- * <ul>
- * <li>{@code SignedAuthBlock}</li>
- * </ul>
- * </p>
- * 
- * @author tknall
- * 
- */
-@Service("SignAuthBlockTask")
-public class SignAuthBlockTask implements Task {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	@Override
-	public IRequest execute(IRequest penReq, ExecutionContext executionContext) throws TaskExecutionException {
-		Objects.requireNonNull(executionContext.get("IdentityLink"));
-		assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated"))));
-		Objects.requireNonNull(executionContext.get("bkuURL"));
-
-		log.debug("Using validated IdentityLink and bkuURL in order to sign auth block.");
-		try (InputStream in = getClass().getResourceAsStream("SignedAuthBlock.xml")) {
-			executionContext.put("SignedAuthBlock", IOUtils.toString(in, Charset.forName("UTF-8")));
-		} catch (IOException e) {
-			throw new TaskExecutionException(null, "", e);
-						
-		}
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java
deleted file mode 100644
index 19a87d520..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java
+++ /dev/null
@@ -1,46 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test.task;
-
-import java.util.Objects;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * Dummy task simulating the validation of an IdentityLink.
- * <p>
- * Requires context data:
- * <ul>
- * <li>{@code IdentityLink}</li>
- * </ul>
- * </p>
- * <p>
- * Enriches context data with:
- * <ul>
- * <li>{@code isIdentityLinkValidated}</li>
- * </ul>
- * </p>
- * 
- * @author tknall
- * 
- */
-@Service("ValidateIdentityLinkTask")
-public class ValidateIdentityLinkTask implements Task {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	@Override
-	public IRequest execute(IRequest penReq, ExecutionContext executionContext) {
-		Objects.requireNonNull(executionContext.get("IdentityLink"));
-
-		log.debug("Validating IdentityLink.");
-
-		executionContext.put("isIdentityLinkValidated", true);
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
deleted file mode 100644
index afae6463d..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
+++ /dev/null
@@ -1,51 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test.task;
-
-import java.util.Objects;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * A dummy task simulating the validation of an auth block.
- * <p>
- * Requires context data:
- * <ul>
- * <li>{@code IdentityLink}</li>
- * <li>{@code isIdentityLinkValidated}</li>
- * <li>{@code SignedAuthBlock}</li>
- * </ul>
- * </p>
- * <p>
- * Enriches context data with:
- * <ul>
- * <li>{@code isSignedAuthBlockValidated}</li>
- * </ul>
- * </p>
- * 
- * @author tknall
- * 
- */
-@Service("ValidateSignedAuthBlockTask")
-public class ValidateSignedAuthBlockTask implements Task {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	@Override
-	public IRequest execute(IRequest penReq, ExecutionContext executionContext) throws TaskExecutionException {
-		Objects.requireNonNull(executionContext.get("IdentityLink"));
-		assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated"))));
-		Objects.requireNonNull(executionContext.get("SignedAuthBlock"));
-
-		log.debug("Using validated IdentityLink and signed auth block in order to validate signed auth block.");
-
-		executionContext.put("isSignedAuthBlockValidated", true);
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/BooleanStringExpressionEvaluator.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/BooleanStringExpressionEvaluator.java
deleted file mode 100644
index 20dfc50ef..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/BooleanStringExpressionEvaluator.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package at.gv.egovernment.moa.id.process.test;
-
-import java.util.Objects;
-
-import org.apache.commons.lang3.BooleanUtils;
-
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext;
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator;
-
-/**
- * Expression evaluator that guesses the boolean value from a String. Refer to {@link BooleanUtils#toBoolean(String)}
- * for further information.
- * 
- * @author tknall
- * 
- */
-public class BooleanStringExpressionEvaluator implements ExpressionEvaluator {
-
-	@Override
-	public boolean evaluate(ExpressionEvaluationContext expressionContext, String expression) {
-		return BooleanUtils.toBoolean(Objects.requireNonNull(expression, "Expression must not be null."));
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java
deleted file mode 100644
index d808713c1..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package at.gv.egovernment.moa.id.process.test;
-
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * Simple task that just outputs a "Hallo World" text to the console.
- * 
- * @author tknall
- * 
- */
-@Service("HalloWeltTask")
-public class HalloWeltTask implements Task {
-
-	@Override
-	public IRequest execute(IRequest pendingReq, ExecutionContext executionContext) {
-		System.out.println("Hallo Welt");
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java
deleted file mode 100644
index ee02d0030..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package at.gv.egovernment.moa.id.process.test;
-
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * Simple task that just outputs a "Hello World" text to the console.
- * 
- * @author tknall
- * 
- */
-@Service("HelloWorldTask")
-public class HelloWorldTask implements Task {
-
-	@Override
-	public IRequest execute(IRequest pendingReq, ExecutionContext executionContext) {
-		System.out.println("Hello World");
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessDefinitionParserTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessDefinitionParserTest.java
deleted file mode 100644
index df13f064b..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessDefinitionParserTest.java
+++ /dev/null
@@ -1,137 +0,0 @@
-package at.gv.egovernment.moa.id.process.test;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-import org.junit.Test;
-
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParser;
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
-import at.gv.egovernment.moa.id.process.model.EndEvent;
-import at.gv.egovernment.moa.id.process.model.ProcessDefinition;
-import at.gv.egovernment.moa.id.process.model.ProcessNode;
-import at.gv.egovernment.moa.id.process.model.StartEvent;
-import at.gv.egovernment.moa.id.process.model.TaskInfo;
-import at.gv.egovernment.moa.id.process.model.Transition;
-
-public class ProcessDefinitionParserTest {
-	
-	@Test(expected = ProcessDefinitionParserException.class)
-	public void testParseInvalidProcessDefinition_MultipleStartEvents() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_MultipleStartEvents.xml")) {
-			new ProcessDefinitionParser().parse(in);
-		}
-	}
-	
-	@Test(expected = ProcessDefinitionParserException.class)
-	public void testParseInvalidProcessDefinition_TransitionLoop() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionLoop.xml")) {
-			new ProcessDefinitionParser().parse(in);
-		}
-	}
-	
-	@Test(expected = ProcessDefinitionParserException.class)
-	public void testParseInvalidProcessDefinition_TransitionStartsFromEndEvent() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionStartsFromEndEvent.xml")) {
-			new ProcessDefinitionParser().parse(in);
-		}
-	}
-	
-	@Test(expected = ProcessDefinitionParserException.class)
-	public void testParseInvalidProcessDefinition_TransitionRefsTransition() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionRefsTransition.xml")) {
-			new ProcessDefinitionParser().parse(in);
-		}
-	}
-	
-	@Test(expected = ProcessDefinitionParserException.class)
-	public void testParseInvalidProcessDefinition_NoStartEvents() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_NoStartEvents.xml")) {
-			new ProcessDefinitionParser().parse(in);
-		}
-	}
-	
-	@Test
-	public void testParseSampleProcessDefinition() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("SampleProcessDefinition1.xml")) {
-			
-			ProcessDefinitionParser parser = new ProcessDefinitionParser();
-			ProcessDefinition pd = parser.parse(in);
-			
-			assertNotNull(pd);
-			assertEquals("SampleProcess1", pd.getId());
-			
-			// first assert tasks then transitions
-			// start event
-			StartEvent startEvent = pd.getStartEvent();
-			assertNotNull(startEvent);
-			assertEquals("start", startEvent.getId());
-			assertEquals(startEvent, pd.getProcessNode("start"));
-			// task1
-			ProcessNode processNode = pd.getProcessNode("task1");
-			assertNotNull(processNode);
-			assertTrue(processNode instanceof TaskInfo);
-			TaskInfo task1 = (TaskInfo) processNode;
-			assertEquals("task1", task1.getId());
-			assertFalse(task1.isAsync());
-			// task2 
-			processNode = pd.getProcessNode("task2");
-			assertNotNull(processNode);
-			assertTrue(processNode instanceof TaskInfo);
-			TaskInfo task2 = (TaskInfo) processNode;
-			assertEquals("task2", task2.getId());
-			assertTrue(task2.isAsync());
-			// end event
-			processNode = pd.getProcessNode("end");
-			assertNotNull(processNode);
-			assertTrue(processNode instanceof EndEvent);
-			EndEvent endEvent = (EndEvent) processNode;
-			assertEquals("end", endEvent.getId());
-			
-			// assert transitions
-			// start event
-			assertNotNull(startEvent.getIncomingTransitions());
-			assertTrue(startEvent.getIncomingTransitions().isEmpty());
-			assertNotNull(startEvent.getOutgoingTransitions());
-			assertEquals(1, startEvent.getOutgoingTransitions().size());
-			// transition from start to task1
-			Transition startToTask1 = startEvent.getOutgoingTransitions().get(0);
-			assertEquals("fromStart", startToTask1.getId());
-			assertEquals(startEvent, startToTask1.getFrom());
-			assertEquals(task1, startToTask1.getTo());
-			assertEquals("true", startToTask1.getConditionExpression());
-			// task1
-			assertNotNull(task1.getIncomingTransitions());
-			assertEquals(1, task1.getIncomingTransitions().size());
-			assertEquals(startToTask1, task1.getIncomingTransitions().get(0));
-			assertNotNull(task1.getOutgoingTransitions());
-			assertEquals(1, task1.getOutgoingTransitions().size());
-			// transition from task1 to task2
-			Transition task1ToTask2 = task1.getOutgoingTransitions().get(0);
-			assertNull(task1ToTask2.getId());
-			assertEquals(task1, task1ToTask2.getFrom());
-			assertEquals(task2, task1ToTask2.getTo());
-			assertNull(task1ToTask2.getConditionExpression());
-			// task2
-			assertNotNull(task2.getIncomingTransitions());
-			assertEquals(1, task2.getIncomingTransitions().size());
-			assertEquals(task1ToTask2, task2.getIncomingTransitions().get(0));
-			assertNotNull(task2.getOutgoingTransitions());
-			assertEquals(1, task2.getOutgoingTransitions().size());
-			// transition from task2 to end
-			Transition task2ToEnd = task2.getOutgoingTransitions().get(0);
-			assertNull(task2ToEnd.getId());
-			assertEquals(task2, task2ToEnd.getFrom());
-			assertEquals(endEvent, task2ToEnd.getTo());
-			assertNull(task2ToEnd.getConditionExpression());
-			
-		}
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
deleted file mode 100644
index 6744c0403..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
+++ /dev/null
@@ -1,146 +0,0 @@
-package at.gv.egovernment.moa.id.process.test;
-
-import static at.gv.egovernment.moa.id.process.ProcessInstanceState.NOT_STARTED;
-import static at.gv.egovernment.moa.id.process.ProcessInstanceState.SUSPENDED;
-import static org.junit.Assert.assertEquals;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Properties;
-
-import org.hibernate.cfg.Configuration;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
-import at.gv.egovernment.moa.id.module.test.TestRequestImpl;
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParser;
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.id.process.ProcessEngineImpl;
-import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-import at.gv.egovernment.moa.id.process.ProcessInstance;
-
-@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration("/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml")
-public class ProcessEngineTest {
-	
-	@Autowired private static ProcessEngine pe;
-
-	@Autowired private ApplicationContext applicationContext;
-	
-	private boolean isInitialized = false;
-	
-	@Before
-	public void init() throws IOException, ProcessDefinitionParserException {
-		
-		if (!isInitialized) {
-			ProcessDefinitionParser pdp = new ProcessDefinitionParser();
-
-			if (pe == null) {
-				pe = applicationContext.getBean("processEngine", ProcessEngine.class);
-				
-			}
-			
-			((ProcessEngineImpl) pe).setTransitionConditionExpressionEvaluator(new BooleanStringExpressionEvaluator());
-			try (InputStream in = ProcessEngineTest.class.getResourceAsStream("SampleProcessDefinition1.xml")) {
-				((ProcessEngineImpl) pe).registerProcessDefinition(pdp.parse(in));
-			}
-			try (InputStream in = ProcessEngineTest.class.getResourceAsStream("SampleProcessDefinition2.xml")) {
-				((ProcessEngineImpl) pe).registerProcessDefinition(pdp.parse(in));
-			}
-
-			initHibernateForTesting();
-			isInitialized = true;
-		}
-	}
-	
-	private static void initHibernateForTesting() throws IOException{
-
-		InputStream in = ProcessEngineTest.class.getResourceAsStream("/at/gv/egovernment/moa/id/process/hibernate.configuration.test.properties");
-		Properties props = new Properties();
-		props.load(in);
-
-		try {
-			//ConfigurationDBUtils.initHibernate(props);
-			Configuration config = new Configuration();
-			config.addProperties(props);
-			//config.addAnnotatedClass(ProcessInstanceStore.class);
-			config.addAnnotatedClass(AssertionStore.class);
-			//MOASessionDBUtils.initHibernate(config, props);
-		} catch (Exception e) {
-			e.printStackTrace();
-		}
-	}
-	
-	@Test
-	public void testSampleProcess1() throws IOException, ProcessDefinitionParserException, ProcessExecutionException {
-		
-		TestRequestImpl testReq = new TestRequestImpl();
-		
-		String piId = pe.createProcessInstance("SampleProcess1");
-		ProcessInstance pi = pe.getProcessInstance(piId);
-		assertEquals(NOT_STARTED, pi.getState());
-
-		// start process
-		testReq.setProcessInstanceID(piId);
-		pe.start(testReq);
-		pi = pe.getProcessInstance(piId);
-		assertEquals(SUSPENDED, pi.getState());
-
-		System.out.println("Do something asynchronously");
-		testReq.setProcessInstanceID(piId);
-		pe.signal(testReq);
-		try {
-			pi = pe.getProcessInstance(piId);
-			throw new ProcessExecutionException("ProcessInstance should be removed already, but it was found.");
-			//assertEquals(ENDED, pi.getState());
-			
-		} catch (IllegalArgumentException e) {
-			// do nothing because processInstance should be already removed 
-			
-		}
-	}
-	
-	@Test
-	public void testSampleProcess2() throws IOException, ProcessDefinitionParserException, ProcessExecutionException {
-
-		TestRequestImpl testReq = new TestRequestImpl();
-		
-		String piId = pe.createProcessInstance("SampleProcess2");
-		ProcessInstance pi = pe.getProcessInstance(piId);
-		assertEquals(NOT_STARTED, pi.getState());
-
-		// start process
-		testReq.setProcessInstanceID(piId);
-		pe.start(testReq);
-		pi = pe.getProcessInstance(piId);
-		assertEquals(SUSPENDED, pi.getState());
-
-		System.out.println("Do something asynchronously");
-		testReq.setProcessInstanceID(piId);
-		pe.signal(testReq);
-		try {
-			pi = pe.getProcessInstance(piId);
-			throw new ProcessExecutionException("ProcessInstance should be removed already, but it was found.");
-			//assertEquals(ENDED, pi.getState());
-			
-		} catch (IllegalArgumentException e) {
-			// do nothing because processInstance should be already removed 
-			
-		}
-		
-		
-	}
-
-	@Test(expected = IllegalArgumentException.class)
-	public void testProcessInstanceDoesNotExist() {
-		pe.getProcessInstance("does not exist");
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java
index fc415097c..0c410e966 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java
@@ -12,14 +12,14 @@ import org.w3c.dom.Element;
 import org.xml.sax.SAXException;
 
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egovernment.moa.id.storage.DBTransactionStorage;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.util.DOMUtils;
 
 public class DBTransactionStorageTest {
 
-	public static void main (String[] args) throws SAXException, IOException, ParserConfigurationException, MOADatabaseException{
+	public static void main (String[] args) throws SAXException, IOException, ParserConfigurationException, EAAFException{
 		DBTransactionStorageTest t = new DBTransactionStorageTest();
 		t.test();
 	}
@@ -32,7 +32,7 @@ public class DBTransactionStorageTest {
 	}
 
 	
-	public void test() throws SAXException, IOException, ParserConfigurationException, MOADatabaseException{
+	public void test() throws SAXException, IOException, ParserConfigurationException, EAAFException{
 
 
 		ApplicationContext context = new FileSystemXmlApplicationContext("src/test/java/testBeans.xml");
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
index 8ca65e745..67a6552ef 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -27,7 +27,6 @@ import java.util.Collection;
 import java.util.List;
 
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
@@ -64,10 +63,9 @@ public interface IOAAuthParameters extends ISPConfiguration{
 	 * 'urn:publicid:gv.at:cdid+' is allowed to receive baseIDs
 	 * 
 	 * @return true if there is a restriction, otherwise false
-	 * @throws ConfigurationException In case of online-application configuration has public and private identifies
 	 */
 	@Override
-	public boolean hasBaseIdInternalProcessingRestriction() throws EAAFConfigurationException;
+	public boolean hasBaseIdInternalProcessingRestriction();
 	
 	
 	/**
@@ -78,22 +76,11 @@ public interface IOAAuthParameters extends ISPConfiguration{
 	 * 'urn:publicid:gv.at:cdid+' is allowed to receive baseIDs
 	 * 
 	 * @return true if there is a restriction, otherwise false
-	 * @throws ConfigurationException In case of online-application configuration has public and private identifies
 	 */
 	@Override
-	public boolean hasBaseIdTransferRestriction() throws EAAFConfigurationException;
-	
-	
-	/**
-	 * Get the full area-identifier for this online application to calculate the 
-	 * area-specific unique person identifier (bPK, wbPK, eIDAS unique identifier, ...). 
-	 * This identifier always contains the full prefix 
-	 * 
-	 * @return area identifier with prefix
-	 * @throws ConfigurationException In case of online-application configuration has public and private identifies  
-	 */
-	public String getAreaSpecificTargetIdentifier() throws ConfigurationException;
+	public boolean hasBaseIdTransferRestriction();
 	
+		
 	/**
 	 * Get a friendly name for the specific area-identifier of this online application
 	 * 
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
index 8f09dc1aa..e1f995e82 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -29,10 +29,10 @@ import java.util.Map;
 
 import org.apache.commons.lang.StringEscapeUtils;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -121,10 +121,10 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
 		params.put(PARAM_BKU_LOCAL, IOAAuthParameters.LOCALBKU);
 		
 		if (pendingReq != null) {							
-			params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getRequestID()));
+			params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getPendingRequestId()));
 
 			//add service-provider specific GUI parameters
-			IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+			IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
 			if (oaParam != null) {
 				params.put(PARAM_OANAME, StringEscapeUtils.escapeHtml(oaParam.getFriendlyName()));
 
@@ -170,7 +170,7 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
 	 */
 	private void addCountrySelection(Map<String, Object> params, IOAAuthParameters oaParam) {
 		String pepslist = "";
-		try {				
+		try {				 
 			for (CPEPS current : oaParam.getPepsList()) {
 				String countryName = null;							
 				if (MiscUtil.isNotEmpty(MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getFullCountryCode().toUpperCase())))
@@ -205,14 +205,14 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
 	 */
 	@Override
 	public InputStream getTemplate(String viewName) {		
-		if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null) {
+		if (pendingReq != null && pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class) != null) {
 			
 			byte[] oatemplate = null;			
 			if (VIEW_BKUSELECTION.equals(viewName))				
-				oatemplate = pendingReq.getOnlineApplicationConfiguration().getBKUSelectionTemplate();
+				oatemplate = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getBKUSelectionTemplate();
 			
 			else if (VIEW_SENDASSERTION.equals(viewName))
-				oatemplate = pendingReq.getOnlineApplicationConfiguration().getSendAssertionTemplate();
+				oatemplate = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getSendAssertionTemplate();
 			
 			// OA specific template requires a size of 8 bits minimum
 			if (oatemplate != null && oatemplate.length > 7)
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
index a1223b093..5283089ed 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
@@ -101,7 +101,7 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo
 	public Map<String, Object> getSpecificViewParameters() {
 		Map<String, Object> params =  new HashMap<String, Object>();
 		if (pendingReq != null) {							
-			params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getRequestID()));
+			params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getPendingRequestId()));
 			
 		}		
 		if (customParameters != null)
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
index 8d5a8bf9b..8afda3c71 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
@@ -26,6 +26,7 @@ import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 
 /**
  * @author tlenz
@@ -62,14 +63,14 @@ public class SPSpecificGUIBuilderConfigurationWithDBLoad extends AbstractService
 	 */
 	@Override
 	public InputStream getTemplate(String viewName) {		
-		if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null) {
+		if (pendingReq != null && pendingReq.getServiceProviderConfiguration() != null) {
 			
 			byte[] oatemplate = null;			
 			if (VIEW_BKUSELECTION.equals(viewName))				
-				oatemplate = pendingReq.getOnlineApplicationConfiguration().getBKUSelectionTemplate();
+				oatemplate = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getBKUSelectionTemplate();
 			
 			else if (VIEW_SENDASSERTION.equals(viewName))
-				oatemplate = pendingReq.getOnlineApplicationConfiguration().getSendAssertionTemplate();
+				oatemplate = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getSendAssertionTemplate();
 			
 			// OA specific template requires a size of 8 bits minimum
 			if (oatemplate != null && oatemplate.length > 7)
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
index bb947a15f..6092c8d5d 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
@@ -81,10 +81,10 @@ public class SPSpecificGUIBuilderConfigurationWithFileSystemLoad extends Abstrac
 	 */
 	@Override
 	public InputStream getTemplate(String viewName) {		
-		if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null && 
+		if (pendingReq != null && pendingReq.getServiceProviderConfiguration() != null && 
 				configKeyIdentifier != null) {
 			try {
-				String templateURL = pendingReq.getOnlineApplicationConfiguration().getConfigurationValue(configKeyIdentifier);
+				String templateURL = pendingReq.getServiceProviderConfiguration().getConfigurationValue(configKeyIdentifier);
 				if (MiscUtil.isNotEmpty(templateURL)) {
 					String absURL = FileUtils.makeAbsoluteURL(templateURL, configRootContextDir);				
 					if (!absURL.startsWith("file:")) {
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
index 947a42345..53ec222dc 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
@@ -26,7 +26,7 @@ package at.gv.egovernment.moa.id.auth.frontend.utils;
 import java.util.HashMap;
 import java.util.Map;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -76,7 +76,7 @@ public class FormBuildUtils {
 				
 				defaultmap.put(PARAM_REDIRECTTARGET, "_top");
 			}
-	}
+	} 
 	
 	public static void customiceLayoutBKUSelection(Map<String, Object> params, IOAAuthParameters oaParam) {
 		
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
index d8146786a..d32ce972a 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
@@ -91,7 +91,7 @@ public class MOAIDAuthSpringInitializer implements WebApplicationInitializer {
 					rootContext.getEnvironment().addActiveProfile(profile);
 				}
 			}
-
+		
 			Logger.info("Spring-context was initialized with active profiles: " + 
 					Arrays.asList(rootContext.getEnvironment().getActiveProfiles()));
 			
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
index 2e09bf55c..1269229d0 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
@@ -29,13 +29,13 @@ import javax.annotation.PostConstruct;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
-import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
+import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks.FirstBKAMobileAuthTask;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -48,7 +48,7 @@ public class BKAMobileAuthModule implements AuthModule {
 	private int priority = 1;
 	
 	@Autowired(required=true) protected AuthConfiguration authConfig;
-	@Autowired(required=true) private AuthenticationManager authManager;
+	@Autowired(required=true) private IAuthenticationManager authManager;
 	
 	private List<String> uniqueIDsDummyAuthEnabled = new ArrayList<String>();
 	
@@ -71,7 +71,7 @@ public class BKAMobileAuthModule implements AuthModule {
 	
 	@PostConstruct
 	public void initialDummyAuthWhiteList() {
-		String sensitiveSpIdentifier = authConfig.getBasicMOAIDConfiguration("modules.bkamobileAuth.entityID");
+		String sensitiveSpIdentifier = authConfig.getBasicConfiguration("modules.bkamobileAuth.entityID");
 		if (MiscUtil.isNotEmpty(sensitiveSpIdentifier)) {
 			uniqueIDsDummyAuthEnabled.addAll(KeyValueUtils.getListOfCSVValues(sensitiveSpIdentifier));
 			
@@ -91,7 +91,7 @@ public class BKAMobileAuthModule implements AuthModule {
 	 */
 	@Override
 	public String selectProcess(ExecutionContext context) {		
-		String spEntityID = (String) context.get(MOAIDAuthConstants.PROCESSCONTEXT_UNIQUE_OA_IDENTFIER);
+		String spEntityID = (String) context.get(EAAFConstants.PROCESS_ENGINE_SERVICE_PROVIDER_ENTITYID);
 		if (MiscUtil.isNotEmpty(spEntityID)) {				
 			if (uniqueIDsDummyAuthEnabled.contains(spEntityID)) {
 				String eIDBlob = (String)context.get(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW);
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
index 37ee3f201..68b944814 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
@@ -29,6 +29,7 @@ import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.KeySpec;
+import java.util.Date;
 
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
@@ -54,15 +55,17 @@ import com.google.gson.JsonParseException;
 import com.google.gson.JsonParser;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
@@ -90,7 +93,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 	private static final String EIDCONTAINER_EID = "eid";
 	private static final String EIDCONTAINER_KEY_IDL = "idl";
 	private static final String EIDCONTAINER_KEY_BINDINGCERT = "cert";
-	
+	 
 	public static final String REQ_PARAM_eID_BLOW = "eidToken";
 	
 	@Autowired(required=true) private AuthConfiguration authConfig;
@@ -111,7 +114,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 				throw new MOAIDException("NO eID data blob included!", null);
 			}
 								
-			parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession(), eIDBlobRawB64);
+			parseDemoValuesIntoMOASession(pendingReq, eIDBlobRawB64);
 			
 		} catch (MOAIDException e) {
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
@@ -133,7 +136,9 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 	 * @throws MOAIDException 
 	 * @throws IOException 
 	 */
-	private void parseDemoValuesIntoMOASession(IRequest pendingReq, IAuthenticationSession moaSession, String eIDBlobRawB64) throws MOAIDException, IOException {
+	private void parseDemoValuesIntoMOASession(IRequest pendingReq, String eIDBlobRawB64) throws MOAIDException, IOException {
+		IAuthenticationSession moaSession = new AuthenticationSession("1235", new Date());
+		
 		Logger.debug("Check eID blob signature  ... ");
 		byte[] eIDBlobRaw = Base64Utils.decode(eIDBlobRawB64.trim(), false);
 		
@@ -209,6 +214,8 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 			Logger.info("Session Restore completed");
 			
 			
+			pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession());
+			
 		} catch (MOAIDException e) {
 			throw e;
 			
@@ -236,6 +243,10 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 			Logger.error("Can not extract mobile-app binding-certificate from eID blob.", e);
 			throw new MOAIDException("Can not extract mobile-app binding-certificate from eID blob.", null, e);
 						
+		} catch (EAAFStorageException e) {
+			Logger.error("Can not populate pending-request with eID data.", e);
+			throw new MOAIDException("Can not populate pending-request with eID data.", null, e);
+			
 		} finally {
 						
 		}
@@ -243,7 +254,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 	}
 	
 	private SecretKey generateDecryptionKey(byte[] salt) throws MOAIDException {
-		String decryptionPassPhrase = authConfig.getBasicMOAIDConfiguration(CONF_EID_TOKEN_ENCRYPTION_KEY, "DEFAULTPASSWORD");			
+		String decryptionPassPhrase = authConfig.getBasicConfiguration(CONF_EID_TOKEN_ENCRYPTION_KEY, "DEFAULTPASSWORD");			
 		try {
 			SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
 			KeySpec spec = new PBEKeySpec(decryptionPassPhrase.toCharArray(), salt, 2000, 128);
@@ -276,7 +287,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 		}
 		SignerInfo signerInfos = verifySigResult.getSignerInfo();
 		DateTime date = new DateTime(signerInfos.getSigningTime().getTime());
-		Integer signingTimeJitter = Integer.valueOf(authConfig.getBasicMOAIDConfiguration(CONF_SIGNING_TIME_JITTER, "5"));
+		Integer signingTimeJitter = Integer.valueOf(authConfig.getBasicConfiguration(CONF_SIGNING_TIME_JITTER, "5"));
 		if (date.plusMinutes(signingTimeJitter).isBeforeNow()) {
 			Logger.warn("CMS signature-time is before: " + date.plusMinutes(signingTimeJitter));
 			throw new MOAIDException("CMS signature-time is before: " + date.plusMinutes(signingTimeJitter), null);
@@ -290,7 +301,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 		cmsSigVerifyReq.setSignatories(VerifyCMSSignatureRequestImpl.ALL_SIGNATORIES);
 		cmsSigVerifyReq.setExtended(false);
 		cmsSigVerifyReq.setPDF(false);
-		cmsSigVerifyReq.setTrustProfileId(authConfig.getBasicMOAIDConfiguration(CONF_MOASPSS_TRUSTPROFILE, "!!NOT SET!!!"));
+		cmsSigVerifyReq.setTrustProfileId(authConfig.getBasicConfiguration(CONF_MOASPSS_TRUSTPROFILE, "!!NOT SET!!!"));
 		cmsSigVerifyReq.setCMSSignature(new ByteArrayInputStream(eIDBlobRaw));				
 		return cmsSigVerifyReq;		
 	}
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
index 5c70b2628..9ce987956 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
@@ -25,21 +25,26 @@ package at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
+import java.util.Date;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.FileUtils;
@@ -50,7 +55,9 @@ import at.gv.egovernment.moa.util.FileUtils;
  */
 @Component("SecondBKAMobileAuthTask")
 public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
-
+ 
+	@Autowired AuthConfiguration moaAuthConfig;
+	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
@@ -60,7 +67,7 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 		
 		try {
 			Logger.info("Add user credentials for BKA MobileAuth SAML2 test and finalize authentication");	
-			parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession());
+			parseDemoValuesIntoMOASession(pendingReq);
 
 			// store MOASession into database
 	    	requestStoreage.storePendingRequest(pendingReq);
@@ -78,8 +85,11 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 	 * @param pendingReq
 	 * @param moaSession
 	 * @throws MOAIDException 
+	 * @throws EAAFStorageException 
 	 */
-	private void parseDemoValuesIntoMOASession(IRequest pendingReq, IAuthenticationSession moaSession) throws MOAIDException {
+	private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException {
+		IAuthenticationSession moaSession = new AuthenticationSession("1233", new Date());
+		
 		moaSession.setUseMandates(false);
 		moaSession.setForeigner(false);
 		
@@ -87,18 +97,20 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 		moaSession.setQAALevel(PVPConstants.STORK_QAA_1_4);
 			
 		try {
-			String idlurl = FileUtils.makeAbsoluteURL(authConfig.getMonitoringTestIdentityLinkURL(), authConfig.getRootConfigFileDir());				
+			String idlurl = FileUtils.makeAbsoluteURL(moaAuthConfig.getMonitoringTestIdentityLinkURL(), moaAuthConfig.getRootConfigFileDir());				
 		  	URL keystoreURL = new URL(idlurl);					
 			InputStream idlstream = keystoreURL.openStream();
 			IIdentityLink identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink();			
 			moaSession.setIdentityLink(identityLink);
-			
+						
 		} catch (ParseException | IOException e) {
 			Logger.error("IdentityLink is not parseable.", e);
 			throw new MOAIDException("IdentityLink is not parseable.", null);
 			
 		}
 			
+		pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession());
+		
 	}
 
 }
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 6afc68161..46381fb3d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -30,23 +30,25 @@ import org.apache.commons.lang.StringUtils;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonPrimitive;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIssuingNationAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType;
 import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIssuingNationAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSectorForIDAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePIN;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePINType;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
@@ -62,7 +64,6 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceVal
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.logging.Logger;
 
 public final class OAuth20AttributeBuilder {
@@ -70,7 +71,7 @@ public final class OAuth20AttributeBuilder {
 	private OAuth20AttributeBuilder() {
 		throw new InstantiationError();
 	}
-	
+	 
 	private static IAttributeGenerator<Pair<String, JsonPrimitive>> generator = new IAttributeGenerator<Pair<String, JsonPrimitive>>() {
 		
 		public Pair<String, JsonPrimitive> buildStringAttribute(final String friendlyName, final String name, final String value) {
@@ -206,7 +207,7 @@ public final class OAuth20AttributeBuilder {
 	}
 	
 	private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject,
-			final IOAAuthParameters oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) {
+			final ISPConfiguration oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) {
 		for (IAttributeBuilder b : builders) {
 			try {
 				//TODO: better solution requires more refactoring :(
@@ -222,7 +223,7 @@ public final class OAuth20AttributeBuilder {
 					jsonObject.add(attribute.getFirst(), attribute.getSecond());
 				}
 			}
-			catch (AttributeException e) {
+			catch (AttributeBuilderException e) {
 				Logger.info("Cannot add attribute " + b.getName());
 			}
 		}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
index 076ded75a..b3586245b 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class OpenIdAudiencesAttribute implements IAttributeBuilder {
 	
@@ -35,9 +34,9 @@ public class OpenIdAudiencesAttribute implements IAttributeBuilder {
 		return "aud";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException { 
-		return g.buildStringAttribute(this.getName(), "", oaParam.getPublicURLPrefix());
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException { 
+		return g.buildStringAttribute(this.getName(), "", oaParam.getUniqueIdentifier());
 	}
 	
 	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
index 0e99a18c3..933ee8904 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder {
 	
@@ -35,9 +34,9 @@ public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder {
 		return "auth_time";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
-		return g.buildLongAttribute(this.getName(), "", ((long) (authData.getIssueInstant().getTime() / 1000)));
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+		return g.buildLongAttribute(this.getName(), "", ((long) (authData.getAuthenticationIssueInstant().getTime() / 1000)));
 	}
 	
 	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
index 05638c907..04efa3979 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
@@ -24,12 +24,11 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
 import java.util.Date;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class OpenIdExpirationTimeAttribute implements IAttributeBuilder {
 	
@@ -39,8 +38,8 @@ public class OpenIdExpirationTimeAttribute implements IAttributeBuilder {
 		return "exp";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000 + expirationTime));
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
index b40d752eb..459d2b1cd 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
@@ -24,12 +24,11 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
 import java.util.Date;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class OpenIdIssueInstantAttribute implements IAttributeBuilder {
 	
@@ -37,8 +36,8 @@ public class OpenIdIssueInstantAttribute implements IAttributeBuilder {
 		return "iat";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000));
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
index d212feb12..2f4124c32 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class OpenIdIssuerAttribute implements IAttributeBuilder {
 	
@@ -35,9 +34,9 @@ public class OpenIdIssuerAttribute implements IAttributeBuilder {
 		return "iss";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
-		return g.buildStringAttribute(this.getName(), "", authData.getIssuer());
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+		return g.buildStringAttribute(this.getName(), "", authData.getAuthenticationIssuer());
 	}
 	
 	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
index 99465bf95..66b6a2518 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
@@ -22,27 +22,27 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class OpenIdNonceAttribute implements IAttributeBuilder {
 	
-	public String getName() {
+	public String getName() { 
 		return "nonce";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException { 
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException { 
 		return g.buildStringAttribute(this.getName(), "", null);
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest,
-			IAttributeGenerator<ATT> g) throws AttributeException { 
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException { 
 		if (MiscUtil.isNotEmpty(oAuthRequest.getNonce()))
 			return g.buildStringAttribute(this.getName(), "", oAuthRequest.getNonce());
 		else
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
index 4b1219c9d..e3e717ec3 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder {
 	
@@ -35,8 +34,8 @@ public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder {
 		return "sub";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		return g.buildStringAttribute(this.getName(), "", authData.getBPK());
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
index f1b0bd108..d23877395 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class ProfileDateOfBirthAttribute implements IAttributeBuilder {
 	
@@ -35,8 +34,8 @@ public class ProfileDateOfBirthAttribute implements IAttributeBuilder {
 		return "birthdate";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		return g.buildStringAttribute(this.getName(), "", authData.getFormatedDateOfBirth());
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
index 0ea6ba643..540962a29 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class ProfileFamilyNameAttribute implements IAttributeBuilder {
 	
@@ -35,8 +34,8 @@ public class ProfileFamilyNameAttribute implements IAttributeBuilder {
 		return "family_name";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		return g.buildStringAttribute(this.getName(), "", authData.getFamilyName());
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
index e6c7fd18d..f6f774a46 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class ProfileGivenNameAttribute implements IAttributeBuilder {
 	
@@ -35,8 +34,8 @@ public class ProfileGivenNameAttribute implements IAttributeBuilder {
 		return "given_name";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		return g.buildStringAttribute(this.getName(), "", authData.getGivenName());
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 67c0aafce..1528cfb28 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -22,30 +22,22 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
 
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Map;
-
 import javax.servlet.http.HttpServletRequest;
 
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
-import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
 import at.gv.egovernment.moa.logging.Logger;
 
 @Component("OAuth20AuthRequest")
@@ -102,7 +94,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 	 *            the state to set
 	 */
 	public void setState(String state) {
-		this.state = state;
+		this.state = state; 
 	}
 	
 	/**
@@ -188,7 +180,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 		// check if client id and redirect uri are ok
 		try {
 			// OAOAUTH20 cannot be null at this point. check was done in base request
-			IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL());
+			IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getSPEntityId());
 			
 			
 			if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
@@ -206,40 +198,40 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 		
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
-	 */
-	@Override
-	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-		Map<String, String> reqAttr = new HashMap<String, String>();
-		for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
-			reqAttr.put(el, "");
-						
-		for (String s : scope.split(" ")) {
-			if (s.equalsIgnoreCase("profile")) {
-				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile())
-					reqAttr.put(el.getName(), "");
-
-			} else if (s.equalsIgnoreCase("eID")) {
-				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid())
-					reqAttr.put(el.getName(), "");
-				
-			} else if (s.equalsIgnoreCase("eID_gov")) {
-				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov())
-					reqAttr.put(el.getName(), "");
-				
-			} else if (s.equalsIgnoreCase("mandate")) {
-				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate())
-					reqAttr.put(el.getName(), "");
-				
-			} else if (s.equalsIgnoreCase("stork")) {
-				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork())
-					reqAttr.put(el.getName(), "");
-				
-			}
-		}
-		
-		//return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
-		return reqAttr.keySet();
-	}
+//	/* (non-Javadoc)
+//	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+//	 */
+//	@Override
+//	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
+//		Map<String, String> reqAttr = new HashMap<String, String>();
+//		for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
+//			reqAttr.put(el, "");
+//						
+//		for (String s : scope.split(" ")) {
+//			if (s.equalsIgnoreCase("profile")) {
+//				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile())
+//					reqAttr.put(el.getName(), "");
+//
+//			} else if (s.equalsIgnoreCase("eID")) {
+//				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid())
+//					reqAttr.put(el.getName(), "");
+//				
+//			} else if (s.equalsIgnoreCase("eID_gov")) {
+//				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov())
+//					reqAttr.put(el.getName(), "");
+//				
+//			} else if (s.equalsIgnoreCase("mandate")) {
+//				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate())
+//					reqAttr.put(el.getName(), "");
+//				
+//			} else if (s.equalsIgnoreCase("stork")) {
+//				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork())
+//					reqAttr.put(el.getName(), "");
+//				
+//			}
+//		}
+//		
+//		//return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
+//		return reqAttr.keySet();
+//	}
 }
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index d3136b43e..2ce5234ac 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -30,12 +30,13 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
@@ -49,6 +50,8 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 	
 	protected Set<String> allowedParameters = new HashSet<String>();
 		
+	@Autowired(required=true) protected IConfiguration authConfig;
+	
 	protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception {
 		String param = request.getParameter(name);
 		Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param);
@@ -70,8 +73,8 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 			if (!ParamValidatorUtils.isValidOA(oaURL)) {
 				throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 			}
-			this.setOAURL(oaURL);
-			IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL);
+			this.setSPEntityId(oaURL);
+			ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaURL);
 			
 			if (oaParam == null) {
 				throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
@@ -83,7 +86,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 				throw new OAuth20OANotSupportedException();
 			}
 		}
-		catch (ConfigurationException e) {
+		catch (EAAFConfigurationException e) {
 			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 		}
 		
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 5acb1c547..ff802136f 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -57,7 +57,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 		return PATH;
 	}
 	
-	/**
+	/** 
 	 * 
 	 */
 	public OAuth20Protocol() {
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index 4c829f6ca..4ae255d1d 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -49,7 +49,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -182,7 +182,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 					pendingReq.getClass().isInstance(storkRequst)) {
 				
 				try {									
-					secClass = PVPtoSTORKMapper.getInstance().mapToSecClass(
+					secClass = LoALevelMapper.getInstance().mapToSecClass(
 							PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass));
 				
 				} catch (Exception e) {
-- 
cgit v1.2.3


From 139926faa31ae3ed34dc0083fee503d439112281 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 20 Jun 2018 15:11:13 +0200
Subject: refactor PVP2 S-Profile implementation and perform first tests

---
 id/ConfigWebTool/pom.xml                           |  10 +
 .../auth/pvp2/AttributeListBuilder.java            |   6 +-
 .../auth/pvp2/MetaDataVerificationFilter.java      |  12 +-
 .../auth/pvp2/PVPSOAPRequestSecurityPolicy.java    |   6 +-
 .../config/ConfigurationProvider.java              |   2 +-
 .../moa/id/configuration/helper/MailHelper.java    |   2 +-
 .../configuration/struts/action/BasicOAAction.java |   2 +-
 .../configuration/struts/action/IndexAction.java   |  10 +-
 .../validation/oa/OAPVP2ConfigValidation.java      |   8 +-
 .../id/config/webgui/MOAIDWebGUIConfiguration.java |   2 +-
 id/server/idserverlib/pom.xml                      |  65 +-
 .../id/advancedlogging/MOAIDEventConstants.java    |   3 -
 .../moa/id/advancedlogging/MOAReversionLogger.java |   5 +-
 .../moa/id/auth/IDestroyableObject.java            |  36 -
 .../moa/id/auth/IGarbageCollectorProcessing.java   |  36 -
 .../moa/id/auth/IPostStartupInitializable.java     |  41 -
 .../moa/id/auth/MOAGarbageCollector.java           |   1 +
 .../id/auth/builder/AuthenticationDataBuilder.java |  31 +-
 .../moa/id/auth/builder/BPKBuilder.java            |   2 +-
 .../builder/DynamicOAAuthParameterBuilder.java     |   4 +-
 .../auth/builder/MOAIDSubjectNameIdGenerator.java  | 114 +++
 .../tasks/RestartAuthProzessManagement.java        | 108 ---
 .../StartAuthentificationParameterParser.java      |   2 +-
 .../id/auth/servlet/IDPSingleLogOutServlet.java    |  12 +-
 .../moa/id/config/ConfigurationProviderImpl.java   |   4 +-
 .../moa/id/data/ISLOInformationContainer.java      |  70 --
 .../moa/id/data/MOAAuthenticationData.java         |  10 +-
 .../java/at/gv/egovernment/moa/id/data/Pair.java   |  45 --
 .../moa/id/data/SLOInformationImpl.java            | 190 -----
 .../java/at/gv/egovernment/moa/id/data/Trible.java |  51 --
 .../moa/id/moduls/AuthenticationManager.java       |  12 +-
 .../moa/id/opemsaml/MOAIDHTTPPostEncoder.java      | 114 ---
 .../opemsaml/MOAKeyStoreX509CredentialAdapter.java |  52 --
 .../opemsaml/MOAStringRedirectDeflateEncoder.java  |  75 --
 .../MandateNaturalPersonBPKAttributeBuilder.java   |   2 +-
 .../id/protocols/pvp2x/AttributQueryAction.java    |  60 +-
 .../id/protocols/pvp2x/AuthenticationAction.java   | 151 ----
 .../moa/id/protocols/pvp2x/MetadataAction.java     |  93 ---
 .../moa/id/protocols/pvp2x/PVP2XProtocol.java      | 835 --------------------
 .../moa/id/protocols/pvp2x/PVPConstants.java       |  99 +--
 .../id/protocols/pvp2x/PVPTargetConfiguration.java | 133 ----
 .../moa/id/protocols/pvp2x/SingleLogOutAction.java |  31 +-
 .../moa/id/protocols/pvp2x/binding/IDecoder.java   |  44 --
 .../moa/id/protocols/pvp2x/binding/IEncoder.java   |  71 --
 .../id/protocols/pvp2x/binding/MOAURICompare.java  |  53 --
 .../id/protocols/pvp2x/binding/PostBinding.java    | 240 ------
 .../protocols/pvp2x/binding/RedirectBinding.java   | 244 ------
 .../id/protocols/pvp2x/binding/SoapBinding.java    | 176 -----
 .../pvp2x/builder/AttributQueryBuilder.java        |  11 +-
 .../pvp2x/builder/AuthResponseBuilder.java         | 147 ----
 .../pvp2x/builder/CitizenTokenBuilder.java         | 171 -----
 .../pvp2x/builder/PVPAttributeBuilder.java         | 207 -----
 .../pvp2x/builder/PVPAuthnRequestBuilder.java      | 221 ------
 .../pvp2x/builder/PVPMetadataBuilder.java          | 442 -----------
 .../pvp2x/builder/SingleLogOutBuilder.java         |  82 +-
 .../builder/assertion/PVP2AssertionBuilder.java    | 543 -------------
 .../builder/attributes/SamlAttributeGenerator.java |  88 ---
 .../pvp2x/config/IDPPVPMetadataConfiguration.java  |  27 +-
 .../IPVPAuthnRequestBuilderConfiguruation.java     | 162 ----
 .../config/IPVPMetadataBuilderConfiguration.java   | 238 ------
 .../pvp2x/config/MOADefaultBootstrap.java          |  64 --
 .../MOADefaultSecurityConfigurationBootstrap.java  | 152 ----
 .../config/MOAPVPMetadataConfigurationFactory.java |  21 +
 .../protocols/pvp2x/config/PVPConfiguration.java   |  87 +--
 .../AssertionAttributeExtractorExeption.java       |  50 --
 .../exceptions/AssertionValidationExeption.java    |  49 --
 .../pvp2x/exceptions/AttributQueryException.java   |  44 --
 .../exceptions/AuthnRequestBuildException.java     |  47 --
 .../AuthnResponseValidationException.java          |  48 --
 .../exceptions/BindingNotSupportedException.java   |  41 -
 .../InvalidAssertionConsumerServiceException.java  |  48 --
 .../InvalidAssertionEncryptionException.java       |  36 -
 .../exceptions/InvalidDateFormatException.java     |  39 -
 .../MandateAttributesNotHandleAbleException.java   |   2 +
 .../NOSLOServiceDescriptorException.java           |   2 +
 .../NameIDFormatNotSupportedException.java         |  42 -
 .../pvp2x/exceptions/NoCredentialsException.java   |   2 +
 .../NoMandateDataAvailableException.java           |   2 +
 .../exceptions/NoMetadataInformationException.java |  39 -
 .../protocols/pvp2x/exceptions/PVP2Exception.java  |  61 --
 .../pvp2x/exceptions/QAANotAllowedException.java   |  40 -
 .../pvp2x/exceptions/QAANotSupportedException.java |  40 -
 .../pvp2x/exceptions/RequestDeniedException.java   |  39 -
 .../pvp2x/exceptions/ResponderErrorException.java  |  44 --
 .../exceptions/SAMLRequestNotSignedException.java  |  44 --
 .../pvp2x/exceptions/SAMLRequestNotSupported.java  |  40 -
 .../protocols/pvp2x/exceptions/SLOException.java   |  41 -
 .../exceptions/SchemaValidationException.java      |  52 --
 .../UnprovideableAttributeException.java           |  37 -
 .../filter/SchemaValidationException.java          |  43 --
 .../filter/SignatureValidationException.java       |  58 --
 .../protocols/pvp2x/exceptions/loginFormFull.html  | 851 ---------------------
 .../protocols/pvp2x/messages/InboundMessage.java   | 116 ---
 .../pvp2x/messages/InboundMessageInterface.java    |  38 -
 .../id/protocols/pvp2x/messages/MOARequest.java    |  66 --
 .../id/protocols/pvp2x/messages/MOAResponse.java   |  56 --
 .../metadata/IMOARefreshableMetadataProvider.java  |  38 -
 .../pvp2x/metadata/MOAMetadataProvider.java        | 615 +++------------
 .../pvp2x/metadata/SimpleMOAMetadataProvider.java  | 257 -------
 .../pvp2x/signer/AbstractCredentialProvider.java   | 218 ------
 .../signer/CredentialsNotAvailableException.java   |  44 --
 .../pvp2x/signer/IDPCredentialProvider.java        |  10 +-
 .../moa/id/protocols/pvp2x/signer/SAMLSigner.java  |  27 -
 .../pvp2x/utils/AssertionAttributeExtractor.java   | 292 -------
 .../protocols/pvp2x/utils/MOASAMLSOAPClient.java   |   1 +
 .../moa/id/protocols/pvp2x/utils/SAML2Utils.java   | 145 ----
 .../AbstractRequestSignedSecurityPolicyRule.java   | 187 -----
 .../pvp2x/validation/AuthnRequestValidator.java    |  62 --
 .../pvp2x/validation/ChainSAMLValidator.java       |   5 +-
 .../protocols/pvp2x/validation/ISAMLValidator.java |  31 -
 .../validation/MOAPVPSignedRequestPolicyRule.java  |  81 --
 .../validation/MOASAML2AuthRequestSignedRole.java  |  49 --
 .../pvp2x/validation/SAMLSignatureValidator.java   |   9 +-
 .../pvp2x/verification/EntityVerifier.java         | 158 ++--
 .../pvp2x/verification/SAMLVerificationEngine.java | 197 -----
 .../verification/SAMLVerificationEngineSP.java     |   5 +-
 .../pvp2x/verification/TrustEngineFactory.java     |  87 ---
 .../metadata/MetadataSignatureFilter.java          | 138 +---
 .../metadata/PVPEntityCategoryFilter.java          | 230 ------
 .../metadata/PVPMetadataFilterChain.java           |  54 --
 .../metadata/SchemaValidationFilter.java           | 106 ---
 .../moa/id/saml2/MetadataFilterChain.java          |  73 --
 .../storage/DBAuthenticationSessionStoreage.java   |   4 +-
 .../id/storage/IAuthenticationSessionStoreage.java |   4 +-
 .../gv/egovernment/moa/id/util/LoALevelMapper.java |  61 +-
 .../egovernment/moa/id/util/QAALevelVerifier.java  |  57 --
 .../main/resources/moaid.authentication.beans.xml  |  36 +-
 .../src/test/java/test/MOAIDTestCase.java          |   2 +-
 .../moa/id/auth/MOAIDAuthInitialiserTest.java      |   2 +-
 .../moa/id/commons/MOAIDAuthConstants.java         |   4 +
 .../commons/api/data/BPKDecryptionParameters.java  |   2 +-
 .../moa/id/commons/utils/ssl/SSLUtils.java         |   2 +-
 .../java/at/gv/egovernment/moa/util/FileUtils.java | 146 ----
 .../at/gv/egovernment/moa/util/KeyStoreUtils.java  | 223 ------
 .../at/gv/egovernment/moa/util/StreamUtils.java    | 197 -----
 .../test/at/gv/egovernment/moa/util/FileUtils.java |   4 +-
 .../gv/egovernment/moa/util/KeyStoreUtilsTest.java |   3 +-
 .../MOAIDGuiBilderConfigurationFactory.java        |  18 +-
 .../auth/frontend/builder/GUIFormBuilderImpl.java  |   2 +-
 ...cGUIBuilderConfigurationWithFileSystemLoad.java |   2 +-
 .../auth/frontend/velocity/VelocityLogAdapter.java |  99 ---
 .../auth/frontend/velocity/VelocityProvider.java   | 121 ---
 .../moa/id/auth/MOAContextCloseHandler.java        |   1 +
 .../moa/id/auth/MOAIDAuthSpringInitializer.java    |   1 +
 .../moa/id/auth/AuthenticationServer.java          |   7 +-
 .../CertInfoVerifyXMLSignatureRequestBuilder.java  |   2 +-
 .../modules/internal/tasks/GetForeignIDTask.java   |   2 +-
 .../tasks/InitializeBKUAuthenticationTask.java     |   2 +-
 .../CreateXMLSignatureResponseValidator.java       |   2 +-
 .../moa/id/auth/validator/parep/ParepUtils.java    |   2 +-
 .../tasks/SecondBKAMobileAuthTask.java             |   4 +-
 .../moa/id/auth/modules/eidas/Constants.java       |   2 +-
 .../MOAeIDASSAMLEngineConfigurationImpl.java       |   2 +-
 .../MOAeIDASSAMLInstanceConfigurationImpl.java     |   2 +-
 .../engine/MOAeIDASChainingMetadataProvider.java   | 111 ++-
 .../engine/MOAeIDASMetadataProviderDecorator.java  |   6 +-
 .../eidas/tasks/GenerateAuthnRequestTask.java      |   4 +-
 .../auth/modules/eidas/utils/SAMLEngineUtils.java  |   2 +-
 .../modules/eidas/utils/eIDASAttributeBuilder.java |   4 +-
 .../eidas/utils/eIDASAttributeProcessingUtils.java |   2 +-
 .../moa/id/protocols/eidas/EIDASProtocol.java      |  11 +-
 .../id/protocols/eidas/EidasMetaDataRequest.java   |  11 +-
 .../eIDASAttrNaturalPersonalIdentifier.java        |   2 +-
 ...ttrRepresentativeNaturalPersonalIdentifier.java |   4 +-
 .../eidas/eIDASAuthenticationRequest.java          |   6 +-
 .../eidas/validator/eIDASResponseValidator.java    |   2 +-
 .../elgamandates/ELGAMandatesAuthConstants.java    |   2 +-
 .../config/ELGAMandatesMetadataConfiguration.java  |  25 +-
 .../ELGAMandatesRequestBuilderConfiguration.java   |   4 +-
 .../controller/ELGAMandateMetadataController.java  |   8 +-
 .../tasks/ReceiveElgaMandateResponseTask.java      |  42 +-
 .../elgamandates/tasks/RequestELGAMandateTask.java |   8 +-
 .../utils/ELGAMandateServiceMetadataProvider.java  |  58 +-
 .../utils/ELGAMandatesCredentialProvider.java      |   4 +-
 .../id/protocols/oauth20/OAuth20Configuration.java |   2 +-
 .../attributes/OAuth20AttributeBuilder.java        |   6 +-
 .../oauth20/json/OAuth20SignatureUtil.java         |   2 +-
 .../oauth20/protocol/OAuth20AuthAction.java        |   4 +-
 .../oauth20/protocol/OAuth20Protocol.java          |   5 +-
 .../gv/egovernment/moa/id/auth/oauth/CertTest.java |   3 +-
 .../modules/sl20_auth/sl20/JsonSecurityUtils.java  |   4 +-
 .../ssotransfer/servlet/SSOTransferServlet.java    |   4 +-
 .../ssotransfer/task/RestoreSSOSessionTask.java    |   2 +-
 .../ssotransfer/utils/SSOContainerUtils.java       |  33 +-
 .../src/test/java/at/gv/egiz/tests/Tests.java      |   2 +-
 .../config/FederatedAuthMetadataConfiguration.java |  29 +-
 .../FederatedAuthnRequestBuilderConfiguration.java |   2 +-
 .../FederatedAuthMetadataController.java           |   8 +-
 .../tasks/CreateAuthnRequestTask.java              |  11 +-
 .../tasks/ReceiveAuthnResponseTask.java            |  43 +-
 .../utils/FederatedAuthCredentialProvider.java     |   4 +-
 .../moa/id/protocols/saml1/GetArtifactAction.java  |   4 +-
 .../saml1/GetAuthenticationDataService.java        |   4 +-
 .../protocols/saml1/SAML1AuthenticationData.java   |   4 +-
 .../protocols/saml1/SAML1AuthenticationServer.java |   4 +-
 .../moa/id/protocols/saml1/SAML1Protocol.java      |   5 +-
 .../egovernment/moa/id/monitoring/TestManager.java |   2 +-
 pom.xml                                            |  24 +-
 198 files changed, 1060 insertions(+), 11799 deletions(-)
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java
 delete mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java
 delete mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java

(limited to 'id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src')

diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml
index 28c0a9fe4..59e03aa43 100644
--- a/id/ConfigWebTool/pom.xml
+++ b/id/ConfigWebTool/pom.xml
@@ -66,6 +66,16 @@
             <artifactId>moa-id-commons</artifactId>
         </dependency>
         
+        <dependency>
+        	<groupId>at.gv.egiz.eaaf</groupId>
+        	<artifactId>eaaf_module_pvp2_core</artifactId>
+        </dependency>
+        
+        <dependency>
+        	<groupId>at.gv.egiz.eaaf</groupId>
+  			<artifactId>eaaf-core</artifactId>
+        </dependency>
+        
         <dependency>
           	<groupId>MOA.id</groupId>
   					<artifactId>moa-id-webgui</artifactId>
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java
index f17ec82cb..0d416b8c0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java
@@ -28,16 +28,16 @@ import java.util.List;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
 import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 
-public class AttributeListBuilder implements PVPConstants{
+public class AttributeListBuilder implements PVPAttributeDefinitions{
 
 	protected static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) {
 		RequestedAttribute attribute = SAML2Utils.createSAMLObject(RequestedAttribute.class);
 		attribute.setIsRequired(required);
 		attribute.setName(name);
-		attribute.setFriendlyName(friendlyName);
+		attribute.setFriendlyName(friendlyName); 
 		attribute.setNameFormat(Attribute.URI_REFERENCE);
 		return attribute;
 	}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
index e3de84b0b..730dfe764 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
@@ -30,8 +30,8 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.x509.BasicX509Credential;
 
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egovernment.moa.id.config.webgui.exception.SignatureValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
 
 public class MetaDataVerificationFilter implements MetadataFilter {
@@ -51,9 +51,9 @@ public class MetaDataVerificationFilter implements MetadataFilter {
 				throw new SignatureValidationException("Root element of metadata file has to be signed");
 			}
 			try {
-				processEntitiesDescriptor(entitiesDescriptor);
+				processEntitiesDescriptor(entitiesDescriptor); 
 				
-			} catch (MOAIDException e) {
+			} catch (EAAFException e) {
 				throw new SignatureValidationException("Invalid signature element in EntitiesDescriptor");
 			}
 			
@@ -66,13 +66,13 @@ public class MetaDataVerificationFilter implements MetadataFilter {
 				else
 					throw new SignatureValidationException("Root element of metadata file has to be signed", null);
 				
-			} catch (MOAIDException e) {
+			} catch (EAAFException e) {
 				throw new SignatureValidationException("Invalid signature element in EntityDescriptor", null);
 			}				
 		}
 	}
 	
-	private void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException {
+	private void processEntitiesDescriptor(EntitiesDescriptor desc) throws EAAFException {
 		Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator();
 		
 		if(desc.getSignature() != null) {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java
index a25cc44ef..27673eafd 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java
@@ -32,8 +32,8 @@ import org.opensaml.ws.soap.soap11.Envelope;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.signature.SignatureTrustEngine;
 
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.AbstractRequestSignedSecurityPolicyRule;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule;
 
 /**
  * @author tlenz
@@ -42,8 +42,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSigned
 public class PVPSOAPRequestSecurityPolicy extends
 		AbstractRequestSignedSecurityPolicyRule {
 
-	/**
-	 * @param trustEngine
+	/** 
+	 * @param trustEngine 
 	 * @param peerEntityRole
 	 */
 	public PVPSOAPRequestSecurityPolicy(SignatureTrustEngine trustEngine,
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index cfb39b15c..d249fa597 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -55,6 +55,7 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.context.support.ClassPathXmlApplicationContext;
 import org.springframework.context.support.GenericApplicationContext;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead;
 import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
 import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
@@ -64,7 +65,6 @@ import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter;
 import at.gv.egovernment.moa.id.configuration.config.usermanagement.FileBasedUserConfiguration;
 import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import iaik.asn1.structures.AlgorithmID;
 import iaik.x509.X509Certificate;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
index 0fb41189d..8f3b8f479 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
@@ -43,11 +43,11 @@ import javax.mail.internet.MimeMultipart;
 import org.apache.commons.io.IOUtils;
 import org.apache.log4j.Logger;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
 import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class MailHelper {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
index 7d411b161..9e0b8b1cd 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -44,11 +44,11 @@ import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
 
 import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.frontend.builder.AbstractServiceProviderSpecificGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
index f1d1c94af..6f9d233b1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
@@ -60,6 +60,7 @@ import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
 import org.opensaml.xml.security.x509.X509Credential;
 import org.opensaml.xml.signature.Signature;
 
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
@@ -76,7 +77,6 @@ import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
 import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
 import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class IndexAction extends BasicAction {
@@ -401,19 +401,19 @@ public class IndexAction extends BasicAction {
 								{
 									String strAttributeName = attributes.get(x).getDOM().getAttribute("Name");
 									
-									if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) {
+									if (strAttributeName.equals(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME)) {
 										user.setFamilyName(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue());
 									}
 									
-									if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) {
+									if (strAttributeName.equals(PVPAttributeDefinitions.GIVEN_NAME_NAME)) {
 										user.setGivenName(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue());
 									}
 									
-									if (strAttributeName.equals(PVPConstants.MANDATE_TYPE_NAME)) {
+									if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_TYPE_NAME)) {
 										user.setIsmandateuser(true);
 									}
 									
-									if (strAttributeName.equals(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)) {
+									if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)) {
 										user.setInstitut(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue());
 									}		
 								}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 79e7e9252..8b41823e1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -47,13 +47,13 @@ import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException
 import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.SchemaValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.SignatureValidationException;
+import at.gv.egovernment.moa.id.config.webgui.validation.utils.SchemaValidationFilter;
 import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import iaik.x509.X509Certificate;
@@ -158,7 +158,7 @@ public class OAPVP2ConfigValidation {
 							
 							} catch (ConfigurationException e) {
 								log.warn("Configuration access FAILED!", e);
-							
+							 
 							}
 						
 							MetadataFilterChain filter = new MetadataFilterChain();
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java
index 0a3a9eef8..e9c8fa719 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java
@@ -35,9 +35,9 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 5d7071a19..3a0bdb8c0 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -261,11 +261,64 @@
 		<dependency>
 			<groupId>httpsclient</groupId>
 			<artifactId>httpsclient</artifactId>
-		</dependency>		
-	<dependency>
-  		<groupId>org.opensaml</groupId>
-  		<artifactId>opensaml</artifactId>
-  		<exclusions>
+		</dependency>
+		<dependency>
+  			<groupId>at.gv.egiz.eaaf</groupId>
+  			<artifactId>eaaf_module_pvp2_idp</artifactId>
+  			<exclusions>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>log4j-over-slf4j</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>log4j-over-slf4j</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.apache.xerces</groupId>
+					<artifactId>*</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>xalan</groupId>
+					<artifactId>*</artifactId>
+				</exclusion>
+				<exclusion>
+					<artifactId>bcprov-jdk15on</artifactId>
+					<groupId>org.bouncycastle</groupId>
+				</exclusion>
+  			</exclusions>
+  		</dependency>
+		<dependency>
+  			<groupId>at.gv.egiz.eaaf</groupId>
+  			<artifactId>eaaf_module_pvp2_sp</artifactId>
+  			<exclusions>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>log4j-over-slf4j</artifactId>
+				</exclusion>
+				<exclusion> 
+					<groupId>org.slf4j</groupId>
+					<artifactId>log4j-over-slf4j</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.apache.xerces</groupId>
+					<artifactId>*</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>xalan</groupId>
+					<artifactId>*</artifactId>
+				</exclusion>
+				<exclusion>
+					<artifactId>bcprov-jdk15on</artifactId>
+					<groupId>org.bouncycastle</groupId>
+				</exclusion>
+  			</exclusions>
+  		</dependency>
+						
+<!-- 		<dependency>
+  			<groupId>org.opensaml</groupId>
+  			<artifactId>opensaml</artifactId>
+  			<exclusions>
 				<exclusion>
 					<groupId>org.slf4j</groupId>
 					<artifactId>log4j-over-slf4j</artifactId>
@@ -309,7 +362,7 @@
 	<dependency>
 	    <groupId>org.apache.santuario</groupId>
 	    <artifactId>xmlsec</artifactId>
-	</dependency>
+	</dependency> -->
 
 		<!-- the core, which includes Streaming API, shared low-level abstractions (but NOT data-binding) -->
 		<dependency>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
index 54e459db1..2c1e47009 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
@@ -35,10 +35,7 @@ import at.gv.egiz.components.eventlog.api.EventConstants;
 public interface MOAIDEventConstants extends EventConstants {
 
 	//auth protocol specific information
-	public static final int AUTHPROTOCOL_TYPE = 3000;
 	
-	public static final int AUTHPROTOCOL_PVP_METADATA = 3100;
-	public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST = 3101;
 	public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE = 3102;
 	public static final int AUTHPROTOCOL_PVP_REQUEST_SLO = 3103;
 	public static final int AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY = 3104;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index e630455b4..8298b082b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -34,6 +34,7 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
+import at.gv.egiz.eaaf.modules.pvp2.PVPEventConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
@@ -63,8 +64,8 @@ public class MOAReversionLogger implements IRevisionLogger {
 			MOAIDEventConstants.TRANSACTION_DESTROYED,
 			MOAIDEventConstants.TRANSACTION_ERROR,
 			MOAIDEventConstants.TRANSACTION_IP,
-			MOAIDEventConstants.AUTHPROTOCOL_TYPE,
-			MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA,
+			IRevisionLogger.AUTHPROTOCOL_TYPE,
+			PVPEventConstants.AUTHPROTOCOL_PVP_METADATA,
 			
 			MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER,
 			MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java
deleted file mode 100644
index 6f98357e2..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth;
-
-/**
- * @author tlenz
- *
- */
-public interface IDestroyableObject {
-	/**
-	 * Manually deep destroy a Java object with all child objects like timers and threads 
-	 * 
-	 */
-	public void fullyDestroy();
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java
deleted file mode 100644
index 27d142f2c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth;
-
-/**
- * @author tlenz
- *
- */
-public interface IGarbageCollectorProcessing {
-
-	/**
-	 * This method gets executed by the MOA garbage collector at regular intervals.
-	 * 
-	 */
-	public void runGarbageCollector();
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java
deleted file mode 100644
index d918be463..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth;
-
-
-/**
- * 
- * @author tlenz
- *
- * Interface initialize a Object when the MOA-ID-Auth start-up process is fully completed
- *
- */
-public interface IPostStartupInitializable {
-
-	/**
-	 * This method is called once when MOA-ID-Auth start-up process is fully completed
-	 * 
-	 */
-	public void executeAfterStartup();
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
index 52e30a2f0..f88267ad7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
@@ -33,6 +33,7 @@ import org.springframework.scheduling.annotation.EnableScheduling;
 import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
 import at.gv.egovernment.moa.logging.Logger;
 
 @Service("MOAGarbageCollector")
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 738f733a8..998817b19 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -50,6 +50,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
 import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -73,9 +74,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
 import at.gv.egovernment.moa.id.util.LoALevelMapper;
@@ -100,6 +99,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
 	@Autowired protected AuthConfiguration authConfig;
+	@Autowired private LoALevelMapper loaLevelMapper; 
 	
 	@Override
 	public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
@@ -124,7 +124,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 		try {
 			//check if SAML1 authentication module is in Classpath
 			Class<?> saml1RequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl");
-			IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").newInstance();			
+			//IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").newInstance();
+			IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").getConstructor(LoALevelMapper.class).newInstance(loaLevelMapper);
 			if (saml1RequstTemplate != null && 
 					saml1RequstTemplate.isInstance(pendingReq)) {				
 				//request is SAML1  --> invoke SAML1 protocol specific methods 
@@ -138,12 +139,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 				authdata = (MOAAuthenticationData) saml1authdata;
 							
 			} else {			
-				authdata = new MOAAuthenticationData();
+				authdata = new MOAAuthenticationData(loaLevelMapper);
 							
 			}
 						
 		} catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) {			
-			authdata = new MOAAuthenticationData();
+			authdata = new MOAAuthenticationData(loaLevelMapper);
 			
 		}
 				
@@ -162,13 +163,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 			oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, pendingReq);
 				
 		Boolean isMinimalFrontChannelResp = pendingReq.getGenericData(
-				PVPTargetConfiguration.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class);
+				MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class);
 		if (isMinimalFrontChannelResp != null && isMinimalFrontChannelResp) {
 			//only set minimal response attributes			
 			authdata.setQAALevel(
-					pendingReq.getGenericData(PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, String.class));
+					pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, String.class));
 			authdata.setBPK(
-					pendingReq.getGenericData(PVPTargetConfiguration.DATAID_INTERFEDERATION_NAMEID, String.class));
+					pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, String.class));
 						
 		} else {
 			//build AuthenticationData from MOASession
@@ -297,18 +298,18 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 			if (MiscUtil.isNotEmpty(currentLoA)) {					
 				if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
 					authData.setQAALevel(currentLoA);
-					authData.seteIDASLoA(LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(currentLoA));
+					authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(currentLoA));
 
 				} else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) {
-					authData.setQAALevel(LoALevelMapper.getInstance().mapeIDASQAAToSTORKQAA(currentLoA));
+					authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(currentLoA));
 					authData.seteIDASLoA(currentLoA);
 										
-				} else {
-					Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");				
-					String mappedStorkQAA = LoALevelMapper.getInstance().mapToQAALevel(currentLoA);
+				} else { 
+					Logger.debug("Found PVP SecClass. QAA mapping process starts ... ");				
+					String mappedStorkQAA = loaLevelMapper.mapSecClassToQAALevel(currentLoA);
 					if (MiscUtil.isNotEmpty(mappedStorkQAA)) {
-						authData.setQAALevel(currentLoA);
-						authData.seteIDASLoA(LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(currentLoA));
+						authData.setQAALevel(mappedStorkQAA);
+						authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(mappedStorkQAA));
 						
 					}										
 				}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index a7f6e873f..4bc4a7e81 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -59,9 +59,9 @@ import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.NoSuchPaddingException;
 
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
index a1d31f5ae..e600505a2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
@@ -28,7 +28,7 @@ import java.util.List;
 import org.opensaml.saml2.core.Attribute;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.PVPAttributeConstants;
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -50,7 +50,7 @@ public class DynamicOAAuthParameterBuilder {
 				
 		for (Attribute attr : reqAttributes) {				
 			//get Target or BusinessService from request 
-			if (attr.getName().equals(PVPAttributeConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
+			if (attr.getName().equals(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
 				String attrValue = attr.getAttributeValues().get(0).getDOM().getTextContent();
 				if (attrValue.startsWith(Constants.URN_PREFIX_CDID)) {
 					//dynamicOA.setBusinessService(false);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
new file mode 100644
index 000000000..aa462c480
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
@@ -0,0 +1,114 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.stereotype.Service;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+@Service("MOASAML2SubjectNameIDGenerator")
+public class MOAIDSubjectNameIdGenerator implements ISubjectNameIdGenerator {
+	
+	@Override
+	public Pair<String, String> generateSubjectNameId(IAuthData authData, ISPConfiguration spConfig) throws PVP2Exception {
+		//build nameID and nameID Format from moasessio
+		if (authData instanceof IMOAAuthData && 
+				((IMOAAuthData)authData).isUseMandate()) {
+			String bpktype = null;
+			String bpk = null;
+			
+			Element mandate = ((IMOAAuthData)authData).getMandate();
+			if(mandate != null) {
+				Logger.debug("Read mandator bPK|baseID from full-mandate ... ");
+				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+				if(mandateObject == null) {
+					throw new NoMandateDataAvailableException();
+				}
+				CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+				PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson();
+				
+				IdentificationType id;
+				if(corporation != null && corporation.getIdentification().size() > 0)
+					id = corporation.getIdentification().get(0);
+	
+					
+				else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0)
+					id = pysicalperson.getIdentification().get(0);
+					
+				else {
+					Logger.error("Failed to generate IdentificationType");
+					throw new NoMandateDataAvailableException();		
+				}
+			
+				bpktype = id.getType();
+				bpk = id.getValue().getValue();
+								
+			} else {
+				Logger.debug("Read mandator bPK|baseID from PVP attributes ... ");
+				bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME, String.class);
+				bpktype = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, String.class);				
+				
+				if (StringUtils.isEmpty(bpk)) {
+					//no sourcePin is included --> search for bPK
+					bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class);
+					
+					try {
+						if (bpk.contains(":"))
+							bpk = bpk.split(":")[1];
+						
+					} catch (Exception e) {
+						Logger.warn("Can not split bPK from mandator attribute!", e);
+						
+					}
+					
+					//set bPK-Type from configuration, because it MUST be equal to service-provider type
+					bpktype = spConfig.getAreaSpecificTargetIdentifier();
+										
+				} else {
+					//sourcePin is include --> check sourcePinType
+					if (StringUtils.isEmpty(bpktype))
+						bpktype = Constants.URN_PREFIX_BASEID;
+					
+				}				
+			}
+			
+			if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(bpktype)) {
+				throw new NoMandateDataAvailableException();
+				
+			}
+			
+			if (bpktype.equals(Constants.URN_PREFIX_BASEID)) {				
+				try {
+					return new BPKBuilder().generateAreaSpecificPersonIdentifier(bpk, spConfig.getAreaSpecificTargetIdentifier());
+										
+				} catch (BuildException e) {
+					Logger.warn("Can NOT generate SubjectNameId." , e);
+					throw new ResponderErrorException("pvp2.01", null);
+
+				}								
+				
+			} else
+				return Pair.newInstance(bpk, bpktype);
+									
+		} else
+			return Pair.newInstance(authData.getBPK(), authData.getBPKType());
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
deleted file mode 100644
index 8def0f860..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-
-import java.util.Set;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
-import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration;
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-@Component("RestartAuthProzessManagement")
-public class RestartAuthProzessManagement  extends AbstractAuthServletTask {
-
-	@Autowired ProcessEngine processEngine;
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
-	 */
-	@Override
-	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
-			throws TaskExecutionException {
-		try {			
-			//create a new execution context and copy all elements to new context
-			ExecutionContext newec = new ExecutionContextImpl(); 
-			Set<String> entries = executionContext.keySet();
-			for (String key : entries) {
-				newec.put(key, executionContext.get(key));
-				
-			}
-			
-			Logger.debug("Select new auth.-process and restart restart process-engine ... ");
-			
-			// select and create new process instance
-			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(newec);
-			if (processDefinitionId == null) {
-				Logger.warn("No suitable authentication process found for SessionID " + pendingReq.getPendingRequestId());
-				throw new MOAIDException("process.02", new Object[] { pendingReq.getPendingRequestId() });
-			}			
-			
-			String processInstanceId = processEngine.createProcessInstance(processDefinitionId, newec);
-
-			// keep process instance id in moa session
-			((RequestImpl)pendingReq).setProcessInstanceId(processInstanceId);
-
-			// make sure pending request has been persisted before running the process
-			try {
-				requestStoreage.storePendingRequest(pendingReq);
-				
-			} catch (MOAIDException e) {
-				Logger.error("Database Error! MOASession is not stored!");
-				throw new MOAIDException("init.04", new Object[] { pendingReq.getPendingRequestId() });
-				
-			}
-			
-			Logger.info("Restart process-engine with auth.process:" + processDefinitionId);
-			
-			// start process
-			processEngine.start(pendingReq);
-			
-			
-		} catch (MOAIDException e) {
-			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
-			
-		} catch (Exception e) {
-			Logger.warn("RestartAuthProzessManagement has an internal error", e);
-			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
-			
-		}			
-		
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 10c271b6a..0e1e1bf12 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -33,6 +33,7 @@ import org.springframework.stereotype.Service;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -43,7 +44,6 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index f9aa1b83c..448e2a0f5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -44,6 +44,8 @@ import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -52,10 +54,8 @@ import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -169,11 +169,11 @@ public class IDPSingleLogOutServlet extends AbstractController {
 							
 						String redirectURL = null;
 						IRequest sloReq = sloContainer.getSloRequest();
-						if (sloReq != null && sloReq instanceof PVPTargetConfiguration) {
+						if (sloReq != null && sloReq instanceof PVPSProfilePendingRequest) {
 							//send SLO response to SLO request issuer
-							SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPTargetConfiguration)sloContainer.getSloRequest());
-							LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPTargetConfiguration)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
-							redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, ((PVPTargetConfiguration)sloContainer.getSloRequest()).getRequest().getRelayState());
+							SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPSProfilePendingRequest)sloContainer.getSloRequest());
+							LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPSProfilePendingRequest)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
+							redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, ((PVPSProfilePendingRequest)sloContainer.getSloRequest()).getRequest().getRelayState());
 															
 						} else {
 							//print SLO information directly
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
index 9380d3b64..a9be3f51d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
@@ -53,10 +53,10 @@ import java.util.Properties;
 
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.idp.conf.AbstractConfigurationImpl;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap;
 import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.SpringProfileConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.util.config.EgovUtilPropertiesConfiguration;
 
@@ -187,7 +187,7 @@ public abstract class ConfigurationProviderImpl extends AbstractConfigurationImp
 					
 			//Initialize OpenSAML for STORK
 			Logger.info("Starting initialization of OpenSAML...");
-			MOADefaultBootstrap.bootstrap();
+			EAAFDefaultSAML2Bootstrap.bootstrap();
 			//DefaultBootstrap.bootstrap();
 			Logger.debug("OpenSAML successfully initialized");	  
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
deleted file mode 100644
index 38f6948d3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map.Entry;
-import java.util.Set;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-
-/**
- * @author tlenz
- *
- */
-public interface ISLOInformationContainer {
-
-	boolean hasFrontChannelOA();
-
-	Set<Entry<String, SLOInformationImpl>> getFrontChannelOASessionDescriptions();
-
-	void removeFrontChannelOA(String oaID);
-
-	Iterator<String> getNextBackChannelOA();
-
-	SLOInformationImpl getBackChannelOASessionDescripten(String oaID);
-
-	void removeBackChannelOA(String oaID);
-
-	/**
-	 * @return the sloRequest
-	 */
-	PVPTargetConfiguration getSloRequest();
-
-	/**
-	 * @param sloRequest the sloRequest to set
-	 */
-	void setSloRequest(PVPTargetConfiguration sloRequest);
-
-	/**
-	 * @return the sloFailedOAs
-	 */
-	List<String> getSloFailedOAs();
-
-	void putFailedOA(String oaID);
-	
-	public String getTransactionID();
-	
-	public String getSessionID();
-}
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index ba3eba2e6..e0dd30db3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -29,10 +29,10 @@ import java.util.List;
 import org.w3c.dom.Element;
 
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
@@ -68,6 +68,12 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	private boolean interfederatedSSOSession;
 	private String interfederatedIDP;
 
+	private LoALevelMapper loaMapper;
+	
+	public MOAAuthenticationData(LoALevelMapper loaMapper) {	
+		this.loaMapper = loaMapper;
+		
+	}
 	
 	/**
 	 * @return
@@ -76,7 +82,7 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	public String getQAALevel() {
 		if (this.QAALevel != null && 
 				this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
-			String mappedQAA = LoALevelMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
+			String mappedQAA = loaMapper.mapeIDASQAAToSTORKQAA(this.QAALevel);
 			if (MiscUtil.isNotEmpty(mappedQAA))
 				return mappedQAA;
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java
deleted file mode 100644
index 0b46345d3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.data;
-
-public class Pair<P1, P2> {
-	private final P1 first;
-	private final P2 second;
-	
-	private Pair(final P1 newFirst, final P2 newSecond) {
-		this.first = newFirst;
-		this.second = newSecond;
-	}
-	
-	public P1 getFirst() {
-		return this.first;
-	}
-	
-	public P2 getSecond() {
-		return this.second;
-	}
-	
-	public static <P1, P2> Pair<P1, P2> newInstance(final P1 newFirst, final P2 newSecond) {
-		return new Pair<P1, P2>(newFirst, newSecond);
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
deleted file mode 100644
index 5ff923bce..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
+++ /dev/null
@@ -1,190 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-
-import java.io.Serializable;
-
-import org.opensaml.saml2.metadata.SingleLogoutService;
-
-import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
-
-
-/**
- * @author tlenz
- *
- */
-public class SLOInformationImpl implements SLOInformationInterface, Serializable {
-	
-	private static final long serialVersionUID = 295577931870512387L;
-	private String sessionIndex = null;
-	private String nameID = null;
-	private String protocolType = null;
-	private String nameIDFormat = null;
-	private String binding = null;
-	private String serviceURL = null;
-	private String authURL = null;
-	private String spEntityID = null;
-	
-	public SLOInformationImpl(String authURL, String spEntityID, String sessionID, String nameID, String nameIDFormat, String protocolType) {
-		new SLOInformationImpl(authURL, spEntityID, sessionID, nameID, nameIDFormat, protocolType, null);
-	}
-	
-	public SLOInformationImpl(String authURL, String spEntityID, String sessionID, String nameID, String nameIDFormat, String protocolType, SingleLogoutService sloService) {
-		this.sessionIndex = sessionID;
-		this.nameID = nameID;
-		this.nameIDFormat = nameIDFormat;
-		this.protocolType = protocolType;
-		this.spEntityID = spEntityID;
-		
-		if (authURL.endsWith("/"))
-			this.authURL = authURL.substring(0, authURL.length()-1);
-		else
-			this.authURL = authURL;
-		
-		if (sloService != null) {
-			this.binding = sloService.getBinding();
-			this.serviceURL = sloService.getLocation();
-			
-		}				
-	}
-	
-	
-	/**
-	 * 
-	 */
-	public SLOInformationImpl() {
-		
-	}
-
-
-	
-	/**
-	 * @return the spEntityID
-	 */
-	public String getSpEntityID() {
-		return spEntityID;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getSessionIndex()
-	 */
-	@Override
-	public String getSessionIndex() {
-		return sessionIndex;
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIdentifier()
-	 */
-	@Override
-	public String getUserNameIdentifier() {
-		return nameID;
-		
-	}
-
-
-	/**
-	 * @param sessionIndex the sessionIndex to set
-	 */
-	public void setSessionIndex(String sessionIndex) {
-		this.sessionIndex = sessionIndex;
-	}
-
-
-	/**
-	 * @param nameID the nameID to set
-	 */
-	public void setUserNameIdentifier(String nameID) {
-		this.nameID = nameID;
-	}
-
-	
-
-	/**
-	 * @param protocolType the protocolType to set
-	 */
-	public void setProtocolType(String protocolType) {
-		this.protocolType = protocolType;
-	}
-
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getProtocolType()
-	 */
-	@Override
-	public String getProtocolType() {
-		return protocolType;
-	}
-
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIDFormat()
-	 */
-	@Override
-	public String getUserNameIDFormat() {
-		return this.nameIDFormat;
-	}
-
-
-	/**
-	 * @param nameIDFormat the nameIDFormat to set
-	 */
-	public void setNameIDFormat(String nameIDFormat) {
-		this.nameIDFormat = nameIDFormat;
-	}
-
-	/**
-	 * @return the binding
-	 */
-	public String getBinding() {
-		return binding;
-	}
-
-	/**
-	 * @return the serviceURL
-	 */
-	public String getServiceURL() {
-		return serviceURL;
-	}
-
-	/**
-	 * @return the authURL from requested IDP without ending /
-	 */
-	public String getAuthURL() {
-		return authURL;
-	}
-
-	/**
-	 * @param spEntityID the spEntityID to set
-	 */
-	public void setSpEntityID(String spEntityID) {
-		this.spEntityID = spEntityID;
-	}
-	
-	
-	
-	
-	
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java
deleted file mode 100644
index 78e8be452..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.data;
-
-public class Trible<P1, P2, P3> {
-	private final P1 first;
-	private final P2 second;
-	private final P3 third;
-	
-	private Trible(final P1 newFirst, final P2 newSecond, final P3 newThird) {
-		this.first = newFirst;
-		this.second = newSecond;
-		this.third = newThird;
-	}
-	
-	public P1 getFirst() {
-		return this.first;
-	}
-	
-	public P2 getSecond() {
-		return this.second;
-	}
-	
-	public P3 getThird() {
-		return this.third;
-	}
-	
-	public static <P1, P2, P3> Trible<P1, P2, P3> newInstance(final P1 newFirst, final P2 newSecond, final P3 newThird) {
-		return new Trible<P1, P2, P3>(newFirst, newSecond, newThird);
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 72b350991..c2dd7b4ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -41,6 +41,8 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -49,9 +51,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -79,7 +79,7 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 		String pvpSLOIssuer = null;
 		String uniqueSessionIdentifier = "notSet";
 		String uniqueTransactionIdentifier = "notSet";
-		PVPTargetConfiguration pvpReq = null;		
+		PVPSProfilePendingRequest pvpReq = null;		
 		Logger.debug("Start technical Single LogOut process ... ");
 		
 		
@@ -87,9 +87,9 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 			uniqueSessionIdentifier = pendingReq.getUniqueSessionIdentifier();
 			uniqueTransactionIdentifier = pendingReq.getUniqueTransactionIdentifier();
 			
-			if (pendingReq instanceof PVPTargetConfiguration) {
-				pvpReq = ((PVPTargetConfiguration)pendingReq);
-				MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+			if (pendingReq instanceof PVPSProfileRequest) {
+				pvpReq = ((PVPSProfilePendingRequest)pendingReq);
+				PVPSProfileRequest samlReq = (PVPSProfileRequest) pvpReq.getRequest();
 				LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
 				pvpSLOIssuer = logOutReq.getIssuer().getValue();
 			}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
deleted file mode 100644
index dbfeb5e90..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.opemsaml;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStreamWriter;
-import java.io.Writer;
-
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.common.binding.SAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.transport.http.HTTPOutTransport;
-import org.opensaml.ws.transport.http.HTTPTransportUtils;
-
-import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MOAIDHTTPPostEncoder extends HTTPPostEncoder {
-
-	private VelocityEngine velocityEngine;
-	private IGUIBuilderConfiguration guiConfig;
-	private GUIFormBuilderImpl guiBuilder;
-	
-	/**
-	 * @param engine
-	 * @param templateId
-	 */
-	public MOAIDHTTPPostEncoder(IGUIBuilderConfiguration guiConfig, GUIFormBuilderImpl guiBuilder, VelocityEngine engine) {
-		super(engine, null);
-		this.velocityEngine = engine;
-		this.guiConfig = guiConfig;
-		this.guiBuilder = guiBuilder;
-		
-	}
-
-    /**
-     * Base64 and POST encodes the outbound message and writes it to the outbound transport.
-     * 
-     * @param messageContext current message context
-     * @param endpointURL endpoint URL to which to encode message
-     * 
-     * @throws MessageEncodingException thrown if there is a problem encoding the message
-     */
-    protected void postEncode(SAMLMessageContext messageContext, String endpointURL) throws MessageEncodingException {
-        Logger.debug("Invoking Velocity template to create POST body");
-        InputStream is = null;
-        try {        	
-        	//build Velocity Context from GUI input paramters
-			VelocityContext context = guiBuilder.generateVelocityContextFromConfiguration(guiConfig);
-        	
-			//load template
-			is = guiBuilder.getTemplateInputStream(guiConfig);
-						
-			//populate velocity context with SAML2 parameters
-            populateVelocityContext(context, messageContext, endpointURL);
-
-            //populate transport parameter
-            HTTPOutTransport outTransport = (HTTPOutTransport) messageContext.getOutboundMessageTransport();
-            HTTPTransportUtils.addNoCacheHeaders(outTransport);
-            HTTPTransportUtils.setUTF8Encoding(outTransport);
-            HTTPTransportUtils.setContentType(outTransport, "text/html");
-
-            //evaluate template and write content to response
-            Writer out = new OutputStreamWriter(outTransport.getOutgoingStream(), "UTF-8");                        
-            velocityEngine.evaluate(context, out, "SAML2_POST_BINDING", new BufferedReader(new InputStreamReader(is)));            
-            out.flush();
-            
-        } catch (Exception e) {
-            Logger.error("Error invoking Velocity template", e);
-            throw new MessageEncodingException("Error creating output document", e);
-            
-        } finally {
-			if (is != null) {
-				try {
-					is.close();
-					
-				} catch (IOException e) {
-					Logger.error("Can NOT close GUI-Template InputStream.", e);
-				}
-			}
-        	
-		}
-    }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java
deleted file mode 100644
index 81afcfbc1..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.opemsaml;
-
-import java.security.KeyStore;
-
-import org.opensaml.xml.security.x509.X509Credential;
-
-
-/**
- * @author tlenz
- *
- */
-public class MOAKeyStoreX509CredentialAdapter extends
-		org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter {
-
-	/**
-	 * @param store
-	 * @param alias
-	 * @param password
-	 */
-	public MOAKeyStoreX509CredentialAdapter(KeyStore store, String alias,
-			char[] password) {
-		super(store, alias, password);
-	}
-	
-	public Class<? extends X509Credential> getCredentialType() {
-		return X509Credential.class;
-	}
-	
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java
deleted file mode 100644
index acbb67b34..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.opemsaml;
-
-import org.opensaml.common.binding.SAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
-import org.opensaml.ws.message.MessageContext;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MOAStringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder {
-
-	private String redirectURL = null;
-	
-	public void encode(MessageContext messageContext)
-			throws MessageEncodingException {
-		if (!(messageContext instanceof SAMLMessageContext)) {
-			Logger.error("Invalid message context type, this encoder only support SAMLMessageContext");
-			throw new MessageEncodingException(
-					"Invalid message context type, this encoder only support SAMLMessageContext");
-		}
-
-		//load default PVP security configurations
-		MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-		
-		SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;
-
-		String endpointURL = getEndpointURL(samlMsgCtx).buildURL();
-
-		setResponseDestination(samlMsgCtx.getOutboundSAMLMessage(), endpointURL);
-
-		removeSignature(samlMsgCtx);
-
-		String encodedMessage = deflateAndBase64Encode(samlMsgCtx
-				.getOutboundSAMLMessage());
-
-		redirectURL = buildRedirectURL(samlMsgCtx, endpointURL,
-				encodedMessage);
-	}
-
-	/**
-	 * @return the redirectURL
-	 */
-	public String getRedirectURL() {
-		return redirectURL;
-	}
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index ac3828750..b2a2aad88 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -33,12 +33,12 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index c17f1a4dd..9e7f18842 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -51,6 +51,20 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.PVP2AssertionBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.SoapBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
@@ -62,22 +76,11 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Trible;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -98,6 +101,8 @@ public class AttributQueryAction implements IAction {
 	
 	@Autowired private AttributQueryBuilder attributQueryBuilder;
 	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+	@Autowired(required=true) IPVP2BasicConfiguration pvpBasicConfiguration;
+	@Autowired(required=true) PVP2AssertionBuilder assertionBuilder;
 	
 	private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
 			new String[]{PVPConstants.EID_STORK_TOKEN_NAME});	
@@ -114,11 +119,11 @@ public class AttributQueryAction implements IAction {
 	@Override
 	public SLOInformationInterface processRequest(IRequest pendingReq,
 			HttpServletRequest httpReq, HttpServletResponse httpResp,
-			IAuthData authData) throws MOAIDException {
+			IAuthData authData) throws EAAFException {
 		
-		if (pendingReq instanceof PVPTargetConfiguration && 
-				((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest && 
-				((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest() instanceof AttributeQuery) {
+		if (pendingReq instanceof PVPSProfilePendingRequest && 
+				((PVPSProfilePendingRequest) pendingReq).getRequest() instanceof PVPSProfileRequest && 
+				((PVPSProfileRequest)((PVPSProfilePendingRequest) pendingReq).getRequest()).getSamlRequest() instanceof AttributeQuery) {
 			
 			//set time reference
 			DateTime date = new DateTime();
@@ -136,7 +141,7 @@ public class AttributQueryAction implements IAction {
 						authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSSOSessionID());
 			
 				AttributeQuery attrQuery = 
-						(AttributeQuery)((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest();
+						(AttributeQuery)((PVPSProfileRequest)((PVPSProfilePendingRequest) pendingReq).getRequest()).getSamlRequest();
 													
 				//build PVP 2.1 response-attribute information for this AttributQueryRequest
 				Trible<List<Attribute>, Date, String> responseInfo = 
@@ -148,10 +153,9 @@ public class AttributQueryAction implements IAction {
 				
 				//build PVP 2.1 assertion
 								
-				String issuerEntityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(
-						pendingReq.getAuthURL());
+				String issuerEntityID = pvpBasicConfiguration.getIDPEntityId(pendingReq.getAuthURL());
 				
-				Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, 
+				Assertion assertion = assertionBuilder.buildAssertion(issuerEntityID, 
 						attrQuery, responseInfo.getFirst(), date, new DateTime(responseInfo.getSecond().getTime()), 
 						responseInfo.getThird(), authData.getSessionIndex());
 				
@@ -201,16 +205,16 @@ public class AttributQueryAction implements IAction {
 	 */
 	@Override
 	public String getDefaultActionName() {
-		return PVP2XProtocol.ATTRIBUTEQUERY;
+		return at.gv.egiz.eaaf.modules.pvp2.PVPConstants.ATTRIBUTEQUERY;
 	}
 	
 	private Trible<List<Attribute>, Date, String> buildResponseInformationForAttributQuery(IRequest pendingReq, 
-            AuthenticationSession session, List<Attribute> reqAttributes, InterfederationSessionStore nextIDPInformation) throws MOAIDException {		
+            AuthenticationSession session, List<Attribute> reqAttributes, InterfederationSessionStore nextIDPInformation) throws MOAIDException, AssertionAttributeExtractorExeption, AttributQueryException, AssertionValidationExeption {		
 		try {
 			//mark AttributeQuery as used if it exists
-			if ( pendingReq instanceof PVPTargetConfiguration && 
-					((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest &&
-					((PVPTargetConfiguration) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) {				
+			if ( pendingReq instanceof PVPSProfileRequest && 
+					((PVPSProfilePendingRequest) pendingReq).getRequest() instanceof PVPSProfileRequest &&
+					((PVPSProfilePendingRequest) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) {				
 				
 				authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(session, pendingReq.getSPEntityId(), pendingReq.requestedModule());
 			}
@@ -218,7 +222,7 @@ public class AttributQueryAction implements IAction {
 			//build OnlineApplication dynamic from requested attributes (AttributeQuerry Request) and configuration
 			IOAAuthParameters spConfig = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes);
 			
-			//search federated IDP information for this MOASession
+			//search federated IDP information for this MOASession 
 			if (nextIDPInformation != null) {				
 				Logger.info("Find active federated IDP information."
 					+ ". --> Request next IDP:" + nextIDPInformation.getIdpurlprefix() 
@@ -354,9 +358,11 @@ public class AttributQueryAction implements IAction {
 	 * @return 
 	 * @return PVP attribute DAO, which contains all received information
 	 * @throws MOAIDException
+	 * @throws AttributQueryException 
+	 * @throws AssertionValidationExeption 
 	 */
 	public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List<Attribute> reqQueryAttr,
-			String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException{
+			String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException, AttributQueryException, AssertionValidationExeption{
 		String idpEnityID = idpConfig.getPublicURLPrefix();
 		
 		try {		
@@ -407,7 +413,7 @@ public class AttributQueryAction implements IAction {
 						new Object[]{idpEnityID, "Receive AttributeQuery response-body include no PVP 2.1 response"});
 			
 			}
-				 										
+				 								 		
 		} catch (SOAPException e) {
 			throw new BuildException("builder.06", null, e);
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
deleted file mode 100644
index 43c860488..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ /dev/null
@@ -1,151 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.joda.time.DateTime;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.security.SecurityException;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.idp.IAction;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-
-@Service("PVPAuthenticationRequestAction")
-public class AuthenticationAction implements IAction {
-	@Autowired IDPCredentialProvider pvpCredentials; 
-	@Autowired AuthConfiguration authConfig;
-	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
-	@Autowired(required=true) ApplicationContext springContext;
-	
-	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
-			HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
-		
-		PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req;
-		
-		//get basic information
-		MOARequest moaRequest = (MOARequest) pvpRequest.getRequest();
-		AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
-		EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider);		
-		
-		AssertionConsumerService consumerService = 
-				SAML2Utils.createSAMLObject(AssertionConsumerService.class);
-		consumerService.setBinding(pvpRequest.getBinding());
-		consumerService.setLocation(pvpRequest.getConsumerURL());
-				
-		DateTime date = new DateTime();
-		
-		SLOInformationImpl sloInformation = new SLOInformationImpl();
-
-		//change to entity value from entity name to IDP EntityID (URL)
-//		String issuerEntityID = pvpRequest.getAuthURL();
-//		if (issuerEntityID.endsWith("/"))
-//			issuerEntityID = issuerEntityID.substring(0, issuerEntityID.length()-1);
-
-		String issuerEntityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(
-				pvpRequest.getAuthURL());
-		
-		//build Assertion
-		Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData, 
-				peerEntity, date, consumerService, sloInformation);
-		
-		Response authResponse = AuthResponseBuilder.buildResponse(
-				metadataProvider, issuerEntityID, authnRequest, 
-				date, assertion, authConfig.isPVP2AssertionEncryptionActive());
-							
-		IEncoder binding = null;
-
-		if (consumerService.getBinding().equals(
-				SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
-			binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
-						
-		} else if (consumerService.getBinding().equals(
-				SAMLConstants.SAML2_POST_BINDING_URI)) {
-			binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
-			
-		}
-
-		if (binding == null) {
-			throw new BindingNotSupportedException(consumerService.getBinding());
-		}
-		
-		try {
-			binding.encodeRespone(httpReq, httpResp, authResponse, 
-					consumerService.getLocation(), moaRequest.getRelayState(),
-					pvpCredentials.getIDPAssertionSigningCredential(), req);
-
-			//set protocol type
-			sloInformation.setProtocolType(req.requestedModule());
-			sloInformation.setSpEntityID(req.getServiceProviderConfiguration().getUniqueIdentifier());
-			return sloInformation;
-			
-		} catch (MessageEncodingException e) {
-			Logger.error("Message Encoding exception", e);
-			throw new MOAIDException("pvp2.01", null, e);
-			
-		} catch (SecurityException e) {
-			Logger.error("Security exception", e);
-			throw new MOAIDException("pvp2.01", null, e);
-
-		}
-		
-	}
-
-	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
-			HttpServletResponse httpResp) {
-		return true;
-	}
-
-	public String getDefaultActionName() {
-		return "PVPAuthenticationRequestAction";
-		
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
deleted file mode 100644
index 76956b5a8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ /dev/null
@@ -1,93 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import com.google.common.net.MediaType;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.idp.IAction;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
-import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IDPPVPMetadataConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-@Service("pvpMetadataService")
-public class MetadataAction implements IAction {
-
-	
-
-	@Autowired private IRevisionLogger revisionsLogger; 
-	@Autowired private IDPCredentialProvider credentialProvider;
-	@Autowired private PVPMetadataBuilder metadatabuilder;
-	
-	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
-			HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
-		try {
-			revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA);
-			
-			//build metadata
-			IPVPMetadataBuilderConfiguration metadataConfig = 
-					new IDPPVPMetadataConfiguration(req.getAuthURLWithOutSlash(), credentialProvider);
-			
-			String metadataXML = metadatabuilder.buildPVPMetadata(metadataConfig);			
-			Logger.debug("METADATA: " + metadataXML);
-					
-			byte[] content = metadataXML.getBytes("UTF-8");
-			httpResp.setStatus(HttpServletResponse.SC_OK);
-			httpResp.setContentLength(content.length);
-			httpResp.setContentType(MediaType.XML_UTF_8.toString());
-			httpResp.getOutputStream().write(content);			
-			return null;
-			
-		} catch (Exception e) {
-			Logger.error("Failed to generate metadata", e);
-			throw new MOAIDException("pvp2.13", null);
-		} 
-	}
-
-	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
-			HttpServletResponse httpResp) {
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
-	 */
-	@Override
-	public String getDefaultActionName() {
-		return "IDP - PVP Metadata action";
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
deleted file mode 100644
index 176b1af43..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ /dev/null
@@ -1,835 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.util.Arrays;
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.joda.time.DateTime;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.LogoutRequest;
-import org.opensaml.saml2.core.LogoutResponse;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.core.StatusMessage;
-import org.opensaml.saml2.core.impl.AuthnRequestImpl;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.ws.security.SecurityPolicyException;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.x509.X509Credential;
-import org.opensaml.xml.signature.SignableXMLObject;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egiz.eaaf.core.exceptions.NoPassivAuthenticationException;
-import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
-import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
-import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
- 
-@Controller
-public class PVP2XProtocol extends AbstractAuthProtocolModulController implements IModulInfo {
-
-	@Autowired IDPCredentialProvider pvpCredentials;
-	@Autowired SAMLVerificationEngineSP samlVerificationEngine;
-	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
-	
-	@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
-	
-	public static final String NAME = PVP2XProtocol.class.getName();
-	public static final String PATH = "id_pvp2x";
-
-	public static final String REDIRECT = "Redirect";
-	public static final String POST = "Post";
-	public static final String SOAP = "Soap";
-	public static final String METADATA = "Metadata";
-	public static final String ATTRIBUTEQUERY = "AttributeQuery";
-	public static final String SINGLELOGOUT = "SingleLogOut";
-	
-	public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
-			new String[] {
-					PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME
-			});
-	
-	static {			
-		new VelocityLogAdapter();
-		
-	}
-
-	public String getName() {
-		return NAME;
-	}
-
-	public String getPath() {
-		return PATH;
-	}
-	
-	public PVP2XProtocol() {
-		super();
-	} 
-		
-	//PVP2.x metadata end-point
-	@RequestMapping(value = "/pvp2/metadata", method = {RequestMethod.POST, RequestMethod.GET})
-	public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
-//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-//			Logger.info("PVP2.1 is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
-//			
-//		}
-		
-		//create pendingRequest object
-		PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-		pendingReq.initialize(req, authConfig);
-		pendingReq.setModule(NAME);
-		
-		revisionsLogger.logEvent(
-				pendingReq.getUniqueSessionIdentifier(), 
-				pendingReq.getUniqueTransactionIdentifier(), 
-				MOAIDEventConstants.TRANSACTION_IP, 
-				req.getRemoteAddr());
-				
-		MetadataAction metadataAction = applicationContext.getBean(MetadataAction.class);
-		metadataAction.processRequest(pendingReq, 
-				req, resp, null);
-		
-	}
-	
-	//PVP2.x IDP POST-Binding end-point
-	@RequestMapping(value = "/pvp2/post", method = {RequestMethod.POST})
-	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
-//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-//			Logger.info("PVP2.1 is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
-//			
-//		}
-		
-		PVPTargetConfiguration pendingReq = null;
-		
-		try {
-			//create pendingRequest object
-			pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-			pendingReq.initialize(req, authConfig);
-			pendingReq.setModule(NAME);
-			
-			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
-			revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
-			revisionsLogger.logEvent(
-					pendingReq.getUniqueSessionIdentifier(), 
-					pendingReq.getUniqueTransactionIdentifier(), 
-					MOAIDEventConstants.TRANSACTION_IP, 
-					req.getRemoteAddr());
-			
-			//get POST-Binding decoder implementation
-			InboundMessage msg = (InboundMessage) new PostBinding().decode(
-					req, resp, metadataProvider, false,
-					new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL())));
-			pendingReq.setRequest(msg);
-						
-			//preProcess Message
-			preProcess(req, resp, pendingReq);
-						
-		} catch (SecurityPolicyException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
-			
-		} catch (SecurityException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
-		
-		} catch (MOAIDException e) {
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw e;
-			
-		} catch (Throwable e) {			
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
-		}					
-	}
-	
-	//PVP2.x IDP Redirect-Binding end-point
-	@RequestMapping(value = "/pvp2/redirect", method = {RequestMethod.GET})
-	public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
-		if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) {
-			Logger.info("PVP2.1 is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
-			
-		}
-		PVPTargetConfiguration pendingReq = null;
-		try {
-			//create pendingRequest object
-			pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-			pendingReq.initialize(req, authConfig);
-			pendingReq.setModule(NAME);
-			
-			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
-			revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
-			revisionsLogger.logEvent(
-					pendingReq.getUniqueSessionIdentifier(), 
-					pendingReq.getUniqueTransactionIdentifier(), 
-					MOAIDEventConstants.TRANSACTION_IP, 
-					req.getRemoteAddr());
-			
-			//get POST-Binding decoder implementation
-			InboundMessage msg = (InboundMessage) new RedirectBinding().decode(
-					req, resp, metadataProvider, false,
-					new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService(pendingReq.getAuthURL())));
-			pendingReq.setRequest(msg);
-			
-			//preProcess Message
-			preProcess(req, resp, pendingReq);
-						
-		} catch (SecurityPolicyException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
-			
-		} catch (SecurityException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
-			
-		} catch (MOAIDException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.info("Receive INVALID protocol request: " + samlRequest);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw e;
-						
-		} catch (Throwable e) {			
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-						
-			throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
-		}					
-	}
-	
-	
-	//PVP2.x IDP SOAP-Binding end-point
-	@RequestMapping(value = "/pvp2/soap", method = {RequestMethod.POST})
-	public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
-//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-//			Logger.info("PVP2.1 is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
-//			
-//		}
-				
-		PVPTargetConfiguration pendingReq = null;
-		try {
-			//create pendingRequest object
-			pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-			pendingReq.initialize(req, authConfig);
-			pendingReq.setModule(NAME);
-			
-			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
-			revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
-			revisionsLogger.logEvent(
-					pendingReq.getUniqueSessionIdentifier(), 
-					pendingReq.getUniqueTransactionIdentifier(), 
-					MOAIDEventConstants.TRANSACTION_IP, 
-					req.getRemoteAddr());
-			
-			//get POST-Binding decoder implementation
-			InboundMessage msg = (InboundMessage) new SoapBinding().decode(
-					req, resp, metadataProvider, false,
-					new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL())));
-			pendingReq.setRequest(msg);
-			
-			//preProcess Message
-			preProcess(req, resp, pendingReq);
-						
-		} catch (SecurityPolicyException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-						
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
-			
-		} catch (SecurityException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
-		
-		} catch (MOAIDException e) {			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw e;
-						
-		} catch (Throwable e) {			
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
-		}					
-	}
-	
-	
-	
-	private void preProcess(HttpServletRequest request,
-			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
-			
-			InboundMessage msg = pendingReq.getRequest();
-		
-			if (MiscUtil.isEmpty(msg.getEntityID())) {
-				throw new InvalidProtocolRequestException("pvp2.20", new Object[] {}, "EntityId is null or empty");
-				
-			}
-			
-			if(!msg.isVerified()) {
-				samlVerificationEngine.verify(msg, 
-						TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
-				msg.setVerified(true);
-								
-			}
-							
-			if (msg instanceof MOARequest && 
-					((MOARequest)msg).getSamlRequest() instanceof AuthnRequest)
-				preProcessAuthRequest(request, response, pendingReq);
-			
-			else if (msg instanceof MOARequest && 
-					((MOARequest)msg).getSamlRequest() instanceof AttributeQuery)
-				preProcessAttributQueryRequest(request, response, pendingReq);
-
-			else if (msg instanceof MOARequest && 
-					((MOARequest)msg).getSamlRequest() instanceof LogoutRequest)
-				preProcessLogOut(request, response, pendingReq);
-			
-			else if (msg instanceof MOAResponse && 
-					((MOAResponse)msg).getResponse() instanceof LogoutResponse)
-				preProcessLogOut(request, response, pendingReq);
-			
-			else {
-				Logger.error("Receive unsupported PVP21 message");
-				throw new MOAIDException("Unsupported PVP21 message", new Object[] {});
-			}
-			
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH);
-			
-			//switch to session authentication
-			performAuthentication(request, response, pendingReq);								
-	}
-
-	public boolean generateErrorMessage(Throwable e,
-			HttpServletRequest request, HttpServletResponse response,
-			IRequest protocolRequest) throws Throwable {
-		
-		if(protocolRequest == null) {
-			throw e;
-		}
-		
-		if(!(protocolRequest instanceof PVPTargetConfiguration) ) {
-			throw e;
-		}
-		PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration)protocolRequest;
-		
-		Response samlResponse = 
-				SAML2Utils.createSAMLObject(Response.class);
-		Status status = SAML2Utils.createSAMLObject(Status.class);
-		StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
-		StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
-		
-		String moaError = null;
-		
-		if(e instanceof NoPassivAuthenticationException) {
-			statusCode.setValue(StatusCode.NO_PASSIVE_URI);
-			statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));	
-			
-		} else if (e instanceof NameIDFormatNotSupportedException) {
-			statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY_URI);
-			statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
-
-		} else if (e instanceof SLOException) {
-			//SLOExecpetions only occurs if session information is lost
-			return false;
-			
-		} else if(e instanceof PVP2Exception) {
-			PVP2Exception ex = (PVP2Exception) e;
-			statusCode.setValue(ex.getStatusCodeValue());
-			String statusMessageValue = ex.getStatusMessageValue();
-			if(statusMessageValue != null) {
-				statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue));
-			}						
-			moaError = statusMessager.mapInternalErrorToExternalError(ex.getMessageId());
-			
-		} else {
-			statusCode.setValue(StatusCode.RESPONDER_URI);
-			statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
-			moaError = statusMessager.getResponseErrorCode(e);
-		}
-		
-		
-		if (MiscUtil.isNotEmpty(moaError)) {
-			StatusCode moaStatusCode = SAML2Utils.createSAMLObject(StatusCode.class);
-			moaStatusCode.setValue(moaError);
-			statusCode.setStatusCode(moaStatusCode);
-		}
-		
-		status.setStatusCode(statusCode);
-		if(statusMessage.getMessage() != null) {
-			status.setStatusMessage(statusMessage);
-		}
-		samlResponse.setStatus(status);
-		String remoteSessionID = SAML2Utils.getSecureIdentifier();
-		samlResponse.setID(remoteSessionID);
-
-		samlResponse.setIssueInstant(new DateTime());
-		Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
-		nissuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(
-				pvpRequest.getAuthURL()));
-		nissuer.setFormat(NameID.ENTITY);
-		samlResponse.setIssuer(nissuer);
-		
-		IEncoder encoder = null;
-		
-		if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {			
-			encoder = applicationContext.getBean("PVPRedirectBinding", RedirectBinding.class);
-						
-		} else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI))  {
-			encoder = applicationContext.getBean("PVPPOSTBinding", PostBinding.class);
-			
-		} else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))  {
-			encoder = applicationContext.getBean("PVPSOAPBinding", SoapBinding.class);
-		}
-
-		if(encoder == null) {
-			// default to redirect binding
-			encoder = new RedirectBinding();
-		}
-
-		String relayState = null;
-		if (pvpRequest.getRequest() != null)
-			relayState = pvpRequest.getRequest().getRelayState();
-		
-		X509Credential signCred = pvpCredentials.getIDPAssertionSigningCredential();
-		
-		encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerURL(), 
-				relayState, signCred, protocolRequest);
-		return true;
-	}
-
-	public boolean validate(HttpServletRequest request,
-			HttpServletResponse response, IRequest pending) {
-		
-		return true;
-	}
-
-	
-	/**
-	 * PreProcess Single LogOut request
-	 * @param request
-	 * @param response
-	 * @param msg
-	 * @return
-	 * @throws EAAFException 
-	 * @throws MOAIDException 
-	 */
-	private void preProcessLogOut(HttpServletRequest request,
-			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws EAAFException {
-
-		InboundMessage inMsg = pendingReq.getRequest();		
-		MOARequest msg;
-		if (inMsg instanceof MOARequest && 
-				((MOARequest)inMsg).getSamlRequest() instanceof LogoutRequest) {
-			//preProcess single logout request from service provider
-			
-			msg = (MOARequest) inMsg;
-			
-			EntityDescriptor metadata = msg.getEntityMetadata(metadataProvider);
-			if(metadata == null) {
-				throw new NoMetadataInformationException();
-			}
-
-			String oaURL = metadata.getEntityID();
-			oaURL = StringEscapeUtils.escapeHtml(oaURL);
-			ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
-			
-			Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
-						
-			pendingReq.setSPEntityId(oaURL);
-			pendingReq.setOnlineApplicationConfiguration(oa);
-			pendingReq.setBinding(msg.getRequestBinding());
-			
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO);
-			
-
-						
-		} else if (inMsg instanceof MOAResponse && 
-				((MOAResponse)inMsg).getResponse() instanceof LogoutResponse) {
-			//preProcess single logour response from service provider
-						
-			LogoutResponse resp = (LogoutResponse) (((MOAResponse)inMsg).getResponse());
-			
-			Logger.debug("PreProcess SLO Response from " + resp.getIssuer());
-			
-//			List<String> allowedPublicURLPrefix = authConfig.getIDPPublicURLPrefixes();
-//					AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
-			
-			boolean isAllowedDestination = false;			
-			try {
-				isAllowedDestination = MiscUtil.isNotEmpty(authConfig.validateIDPURL(new URL(resp.getDestination())));
-				
-			} catch (MalformedURLException e) {
-				Logger.info(resp.getDestination() + " is NOT valid. Reason: " + e.getMessage());
-				
-			}
-			
-//			for (String prefix : allowedPublicURLPrefix) {
-//				if (resp.getDestination().startsWith(
-//					prefix)) {
-//					isAllowedDestination = true;
-//					break;
-//				}
-//			}
-						
-			if (!isAllowedDestination) {
-				Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL");
-				throw new AssertionValidationExeption("PVP 2.1 single logout response destination does not match to IDP URL", null);
-				
-			}
-			
-			//TODO: check if relayState exists
-			inMsg.getRelayState();
-						
-						
-		} else 
-			throw new EAAFException("Unsupported request");
-		
-		
-		pendingReq.setRequest(inMsg);
-		pendingReq.setAction(SINGLELOGOUT);
-		
-		//Single LogOut Request needs no authentication 
-		pendingReq.setNeedAuthentication(false);
-		
-		//set protocol action, which should be executed
-		pendingReq.setAction(SingleLogOutAction.class.getName());
-	}
-	
-	/**
-	 * PreProcess AttributeQuery request 
-	 * @param request
-	 * @param response
-	 * @param pendingReq
-	 * @throws Throwable
-	 */
-	private void preProcessAttributQueryRequest(HttpServletRequest request,
-			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
-		MOARequest moaRequest = ((MOARequest)pendingReq.getRequest());
-		AttributeQuery attrQuery = (AttributeQuery) moaRequest.getSamlRequest();
-		moaRequest.setEntityID(attrQuery.getIssuer().getValue());
-		
-		//validate destination
-		String destinaten = attrQuery.getDestination();
-		if (!PVPConfiguration.getInstance().getIDPSSOSOAPService(HTTPUtils.extractAuthURLFromRequest(request)).equals(destinaten)) {
-			Logger.warn("AttributeQuery destination does not match IDP AttributeQueryService URL");
-			throw new AttributQueryException("AttributeQuery destination does not match IDP AttributeQueryService URL", null);
-			
-		}
-
-		//check if Issuer is an interfederation IDP		
-		IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(moaRequest.getEntityID(), IOAAuthParameters.class);
-		if (!oa.isInderfederationIDP()) {
-			Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs.");
-			throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null);
-			
-		}
-		
-		if (!oa.isOutboundSSOInterfederationAllowed()) {
-			Logger.warn("Interfederation IDP " + oa.getPublicURLPrefix() + " does not allow outgoing SSO interfederation.");
-			throw new AttributQueryException("Interfederation IDP does not allow outgoing SSO interfederation.", null);
-			
-		}
-					
-		//check active MOASession
-		String nameID = attrQuery.getSubject().getNameID().getValue();			
-		IAuthenticationSession session = authenticatedSessionStorage.getSessionWithUserNameID(nameID);
-		if (session == null) {
-			Logger.warn("AttributeQuery nameID does not match to an active single sign-on session.");
-			throw new AttributQueryException("auth.31", null);
-			
-		}
-		
-		//set preProcessed information into pending-request
-		pendingReq.setRequest(moaRequest);
-		pendingReq.setSPEntityId(moaRequest.getEntityID());
-		pendingReq.setOnlineApplicationConfiguration(oa);
-		pendingReq.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
-		
-		//Attribute-Query Request needs authentication, because session MUST be already authenticated 
-		pendingReq.setNeedAuthentication(false);
-				
-		//set protocol action, which should be executed after authentication
-		pendingReq.setAction(AttributQueryAction.class.getName());
-
-		//add moasession
-		pendingReq.setSSOSessionIdentifier(session.getSSOSessionID());
-				
-		//write revisionslog entry
-		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
-		
-		
-	}
-	
-	/**
-	 * PreProcess Authn request
-	 * @param request
-	 * @param response
-	 * @param pendingReq
-	 * @throws Throwable
-	 */
-	private void preProcessAuthRequest(HttpServletRequest request,
-			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
-
-		MOARequest moaRequest = ((MOARequest)pendingReq.getRequest());		
-		SignableXMLObject samlReq =  moaRequest.getSamlRequest();
-
-		if(!(samlReq instanceof AuthnRequest)) {
-			throw new MOAIDException("Unsupported request", new Object[] {});
-		}
-				
-		EntityDescriptor metadata = moaRequest.getEntityMetadata(metadataProvider);
-		if(metadata == null) {
-			throw new NoMetadataInformationException();
-		}
-		SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-		
-		AuthnRequest authnRequest = (AuthnRequest)samlReq;
-		
-		if (authnRequest.getIssueInstant() == null) {
-			Logger.warn("Unsupported request: No IssueInstant Attribute found.");
-			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {}, 
-					"Unsupported request: No IssueInstant Attribute found", pendingReq);
-			
-		}
-		
-		if (authnRequest.getIssueInstant().minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) {
-			Logger.warn("Unsupported request: No IssueInstant DateTime is not valid anymore.");
-			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {},
-					"Unsupported request: No IssueInstant DateTime is not valid anymore.", pendingReq);
-			
-		}
-			
-		//parse AssertionConsumerService
-		AssertionConsumerService consumerService = null;
-		if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) && 
-				MiscUtil.isNotEmpty(authnRequest.getProtocolBinding())) {
-			//use AssertionConsumerServiceURL from request
-
-			//check requested AssertionConsumingService URL against metadata
-			List<AssertionConsumerService> metadataAssertionServiceList = spSSODescriptor.getAssertionConsumerServices();
-			for (AssertionConsumerService service : metadataAssertionServiceList) {
-				if (authnRequest.getProtocolBinding().equals(service.getBinding())
-						&& authnRequest.getAssertionConsumerServiceURL().equals(service.getLocation())) {
-					consumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);
-					consumerService.setBinding(authnRequest.getProtocolBinding());
-					consumerService.setLocation(authnRequest.getAssertionConsumerServiceURL());					
-					Logger.debug("Requested AssertionConsumerServiceURL is valid.");
-				}				
-			}
-			
-			if (consumerService == null) {				
-				throw new InvalidAssertionConsumerServiceException(authnRequest.getAssertionConsumerServiceURL());
-				
-			}
-
-
-		} else {
-			//use AssertionConsumerServiceIndex and select consumerService from metadata
-			Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
-			int assertionidx = 0;
-		
-			if(aIdx != null) {
-				assertionidx = aIdx.intValue();
-			
-			} else {				
-				assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
-				
-			}		
-			consumerService  = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
-			
-			if (consumerService == null) {			
-				throw new InvalidAssertionConsumerServiceException(aIdx);
-				
-			}			
-		}
-		
-		
-		//select AttributeConsumingService from request
-		AttributeConsumingService attributeConsumer = null;		
-		Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
-		int attributeIdx = 0;
-	
-		if(aIdx != null) {
-			attributeIdx = aIdx.intValue();
-		}
-		
-		if (spSSODescriptor.getAttributeConsumingServices() != null  && 
-				spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-			attributeConsumer  = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
-		} 
-		
-		//validate AuthnRequest
-		AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq;
-		AuthnRequestValidator.validate(authReq);
-		
-//		String useMandate = request.getParameter(PARAM_USEMANDATE);
-//		if(useMandate != null) {
-//			if(useMandate.equals("true") && attributeConsumer != null) {
-//				if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
-//					throw new MandateAttributesNotHandleAbleException();
-//				}
-//			}
-//		}
-						
-		String oaURL = moaRequest.getEntityMetadata(metadataProvider).getEntityID();
-		oaURL = StringEscapeUtils.escapeHtml(oaURL);
-		ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
-		
-		Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());		
-
-		pendingReq.setSPEntityId(oaURL);
-		pendingReq.setOnlineApplicationConfiguration(oa);
-		pendingReq.setBinding(consumerService.getBinding());
-		pendingReq.setRequest(moaRequest);
-		pendingReq.setConsumerURL(consumerService.getLocation());
-		
-		//parse AuthRequest
-		pendingReq.setPassiv(authReq.isPassive());
-		pendingReq.setForce(authReq.isForceAuthn());
-		
-		//AuthnRequest needs authentication
-		pendingReq.setNeedAuthentication(true);
-
-		//set protocol action, which should be executed after authentication
-		pendingReq.setAction(AuthenticationAction.class.getName());
-		
-		//write revisionslog entry
-		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST);
-		
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 67e7a47f3..cdd0b659e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -22,25 +22,9 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x;
 
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import org.opensaml.xml.encryption.EncryptionConstants;
-import org.opensaml.xml.signature.SignatureConstants;
-
-import at.gv.egiz.eaaf.core.api.data.PVPAttributeConstants;
-import at.gv.egovernment.moa.id.data.Trible;
-
-public interface PVPConstants extends PVPAttributeConstants {
+public interface PVPConstants extends at.gv.egiz.eaaf.modules.pvp2.PVPConstants {
 	
 	public static final String SSLSOCKETFACTORYNAME = "MOAMetaDataProvider";
-		
-	public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
-	public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
-	public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
-	public static final String DEFAULT_ASYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
-	
 	
 	public static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/citizenQAALevel/";
 	public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1";
@@ -52,84 +36,5 @@ public interface PVPConstants extends PVPAttributeConstants {
 	public static final String EIDAS_QAA_LOW = EIDAS_QAA_PREFIX + "low";
 	public static final String EIDAS_QAA_SUBSTANTIAL = EIDAS_QAA_PREFIX + "substantial";
 	public static final String EIDAS_QAA_HIGH = EIDAS_QAA_PREFIX + "high";
-	
-	public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/";
-	
-	
-	
-	
-	public static final String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category";
-	public static final String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken";
-	public static final String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken";
-	
-	/** 
-	 * 
-	 * Get required PVP attributes for egovtoken
-	 * First : PVP attribute name (OID) 
-	 * Second: FriendlyName
-	 * Third: Required
-	 * 
-	 */
-	public static final List<Trible<String, String, Boolean>> EGOVTOKEN_PVP_ATTRIBUTES = 
-			Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
-				private static final long serialVersionUID = 1L;
-				{	
-					//currently supported attributes
-					add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
-					add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
-					
-					//currently not supported attributes
-					add(Trible.newInstance(USERID_NAME, USERID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(GID_NAME, GID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(PARTICIPANT_ID_NAME, PARTICIPANT_ID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(OU_GV_OU_ID_NAME, OU_GV_OU_ID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(OU_NAME, OU_FRIENDLY_NAME, false));
-					add(Trible.newInstance(SECCLASS_NAME, SECCLASS_FRIENDLY_NAME, false));
-					
-					
-				}
-			});
-	
-	/** 
-	 * 
-	 * Get required PVP attributes for citizenToken
-	 * First : PVP attribute name (OID) 
-	 * Second: FriendlyName
-	 * Third: Required
-	 * 
-	 */
-	public static final List<Trible<String, String, Boolean>> CITIZENTOKEN_PVP_ATTRIBUTES = 
-			Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
-				private static final long serialVersionUID = 1L;
-				{	
-					//required attributes - eIDAS minimal-data set
-					add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
-					add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
-					add(Trible.newInstance(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true));
-					add(Trible.newInstance(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, true));
-					add(Trible.newInstance(BPK_NAME, BPK_FRIENDLY_NAME, true));
-					
-					
-					//not required attributes
-					add(Trible.newInstance(EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false));
-					add(Trible.newInstance(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, false));
-					add(Trible.newInstance(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_TYPE_OID_NAME, MANDATE_TYPE_OID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_NAME, MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_NAT_PER_GIVEN_NAME_NAME, MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_NAT_PER_FAMILY_NAME_NAME, MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_NAT_PER_BIRTHDATE_NAME, MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_LEG_PER_FULL_NAME_NAME, MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_PROF_REP_DESC_NAME, MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false));
-					
-					
-										
-				}
-			});
-	
+		
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
deleted file mode 100644
index 279d88860..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ /dev/null
@@ -1,133 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.context.annotation.Scope;
-import org.springframework.stereotype.Component;
-
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-
-@Component("PVPTargetConfiguration")
-@Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
-public class PVPTargetConfiguration extends RequestImpl {
-
-	
-	public static final String DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP = "useMinimalFrontChannelResponse";
-	public static final String DATAID_INTERFEDERATION_NAMEID = "federatedNameID";
-	public static final String DATAID_INTERFEDERATION_QAALEVEL = "federatedQAALevel";	
-	
-	public static final String DATAID_INTERFEDERATION_REQUESTID = "authnReqID";
-	
-	private static final long serialVersionUID = 4889919265919638188L;
-	
-	
-	
-	InboundMessage request;
-	String binding;
-	String consumerURL;
-		
-	public InboundMessage getRequest() {
-		return request;
-	}
-
-	public void setRequest(InboundMessage request) {
-		this.request = request;
-	}
-
-	public String getBinding() {
-		return binding;
-	}
-
-	public void setBinding(String binding) {
-		this.binding = binding;
-	}
-
-	public String getConsumerURL() {
-		return consumerURL;
-	}
-
-	public void setConsumerURL(String consumerURL) {
-		this.consumerURL = consumerURL;
-		
-	}
-
-//	/* (non-Javadoc)
-//	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
-//	 */
-//	@Override
-//	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-//
-//		Map<String, String> reqAttr = new HashMap<String, String>();
-//		for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
-//			reqAttr.put(el, "");
-//						
-//		try {			
-//			SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-//			if (spSSODescriptor.getAttributeConsumingServices() != null && 
-//					spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-//							
-//				Integer aIdx = null;
-//				if (getRequest() instanceof MOARequest && 
-//						((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) {					
-//					AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest();					
-//					aIdx = authnRequest.getAttributeConsumingServiceIndex();
-//					
-//				} else {
-//					Logger.error("MOARequest is NOT of type AuthnRequest");
-//				}
-//				
-//				int idx = 0;
-//
-//				AttributeConsumingService attributeConsumingService = null;
-//				
-//				if (aIdx != null) {
-//					idx = aIdx.intValue();
-//					attributeConsumingService = spSSODescriptor
-//							.getAttributeConsumingServices().get(idx);
-//					
-//				} else {
-//					List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
-//					for (AttributeConsumingService el : attrConsumingServiceList) {
-//						if (el.isDefault())
-//							attributeConsumingService = el;
-//					}				
-//				}
-//				
-//				for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes())
-//					reqAttr.put(attr.getName(), "");
-//			}
-//			
-//			//return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
-//			return reqAttr.keySet();
-//			
-//		} catch (NoMetadataInformationException e) {
-//			Logger.warn("NO metadata found for Entity " + getRequest().getEntityID());
-//			return null;
-//					
-//		}
-//		
-//	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index 6b945d692..ab88a765e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -44,7 +44,11 @@ import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.SLOException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
@@ -55,9 +59,6 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -86,12 +87,12 @@ public class SingleLogOutAction implements IAction {
 			HttpServletRequest httpReq, HttpServletResponse httpResp,
 			IAuthData authData) throws EAAFException {
 
-		PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req;  
+		PVPSProfilePendingRequest pvpReq = (PVPSProfilePendingRequest) req;  
 
-		if (pvpReq.getRequest() instanceof MOARequest &&
-				((MOARequest)pvpReq.getRequest()).getSamlRequest() instanceof LogoutRequest) {
+		if (pvpReq.getRequest() instanceof PVPSProfileRequest &&
+				((PVPSProfileRequest)pvpReq.getRequest()).getSamlRequest() instanceof LogoutRequest) {
 			Logger.debug("Process Single LogOut request");
-			MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+			PVPSProfileRequest samlReq = (PVPSProfileRequest) pvpReq.getRequest();
 			LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
 
 			String ssoSessionId = 
@@ -141,10 +142,10 @@ public class SingleLogOutAction implements IAction {
 			Logger.debug("Starting technical SLO process ... ");
 			sloBuilder.toTechnicalLogout(sloInformationContainer, httpReq, httpResp, null);
 													
-		} else if (pvpReq.getRequest() instanceof MOAResponse &&
-				((MOAResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
+		} else if (pvpReq.getRequest() instanceof PVPSProfileResponse &&
+				((PVPSProfileResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
 			Logger.debug("Process Single LogOut response");
-			LogoutResponse logOutResp = (LogoutResponse) ((MOAResponse)pvpReq.getRequest()).getResponse();
+			LogoutResponse logOutResp = (LogoutResponse) ((PVPSProfileResponse)pvpReq.getRequest()).getResponse();
 
 			//Transaction tx = null;
 
@@ -236,11 +237,11 @@ public class SingleLogOutAction implements IAction {
 								storageSuccess = true;
 								String redirectURL = null;
 								IRequest sloReq = sloContainer.getSloRequest();
-								if (sloReq != null && sloReq instanceof PVPTargetConfiguration) {
+								if (sloReq != null && sloReq instanceof PVPSProfilePendingRequest) {
 									//send SLO response to SLO request issuer									
-									SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPTargetConfiguration)sloReq);
-									LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPTargetConfiguration)sloReq, sloContainer.getSloFailedOAs());
-									redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, ((PVPTargetConfiguration)sloReq).getRequest().getRelayState());
+									SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPSProfilePendingRequest)sloReq);
+									LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPSProfilePendingRequest)sloReq, sloContainer.getSloFailedOAs());
+									redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, ((PVPSProfilePendingRequest)sloReq).getRequest().getRelayState());
 
 								} else {
 									//print SLO information directly
@@ -324,7 +325,7 @@ public class SingleLogOutAction implements IAction {
 	 */
 	@Override
 	public String getDefaultActionName() {
-		return PVP2XProtocol.SINGLELOGOUT;
+		return PVPConstants.SINGLELOGOUT;
 	}
 
 	protected static String addURLParameter(String url, String paramname,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
deleted file mode 100644
index 71c5a46a4..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.xml.security.SecurityException;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-
-public interface IDecoder {
-	public InboundMessageInterface decode(HttpServletRequest req, 
-			HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator)
-					throws MessageDecodingException, SecurityException, PVP2Exception;
-		
-	public boolean handleDecode(String action, HttpServletRequest req);
-	
-	public String getSAML2BindingName();
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
deleted file mode 100644
index 409f995fc..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-
-public interface IEncoder {
-	
-	/**
-	 * 
-	 * @param req The http request
-	 * @param resp The http response
-	 * @param request The SAML2 request object
-	 * @param targetLocation URL, where the request should be transmit
-	 * @param relayState token for session handling
-	 * @param credentials Credential to sign the request object
-	 * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
-	 * @throws MessageEncodingException
-	 * @throws SecurityException
-	 * @throws PVP2Exception
-	 */
-	public void encodeRequest(HttpServletRequest req, 
-			HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) 
-					throws MessageEncodingException, SecurityException, PVP2Exception;
-	
-	/**
-	 * Encoder SAML Response
-	 * @param req The http request
-	 * @param resp The http response
-	 * @param response The SAML2 repsonse object
-	 * @param targetLocation URL, where the request should be transmit
-	 * @param relayState token for session handling
-	 * @param credentials Credential to sign the response object
-	 * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
-	 * @throws MessageEncodingException
-	 * @throws SecurityException
-	 */
-	public void encodeRespone(HttpServletRequest req, 
-			HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) 
-					throws MessageEncodingException, SecurityException, PVP2Exception;
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
deleted file mode 100644
index 7bb64a106..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import org.opensaml.common.binding.decoding.URIComparator;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-public class MOAURICompare implements URIComparator {
-
-	/**
-	 * @param idpssoPostService
-	 */
-	
-	private String serviceURL = "";
-	
-	public MOAURICompare(String serviceURL) {
-		this.serviceURL = serviceURL;
-	}
-
-	public boolean compare(String uri1, String uri2) {				
-		if (this.serviceURL.equals(uri1))		
-			return true;
-		
-		else {
-			Logger.warn("PVP request destination-endpoint: " + uri1 
-					+ " does not match to IDP endpoint:" + serviceURL);
-			return false;
-			
-		}
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
deleted file mode 100644
index 998249028..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ /dev/null
@@ -1,240 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.security.SecurityPolicyResolver;
-import org.opensaml.ws.security.provider.BasicSecurityPolicy;
-import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
-import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.parse.BasicParserPool;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl;
-import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.opemsaml.MOAIDHTTPPostEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOAPVPSignedRequestPolicyRule;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Service("PVPPOSTBinding")
-public class PostBinding implements IDecoder, IEncoder {
-	
-	@Autowired(required=true) AuthConfiguration authConfig;
-	@Autowired(required=true) GUIFormBuilderImpl guiBuilder;
-		
-	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
-			RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)	
-			throws MessageEncodingException, SecurityException {
-	
-		try {
-//			X509Credential credentials = credentialProvider
-//					.getIDPAssertionSigningCredential();
-		
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			
-			//initialize POST binding encoder with template decoration
-			IGUIBuilderConfiguration guiConfig = 
-					new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
-							pendingReq, 
-							"pvp_postbinding_template.html", 
-							MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, 
-							null, 
-							authConfig.getRootConfigFileDir());								
-			MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder,
-					VelocityProvider.getClassPathVelocityEngine());	
-			
-			//set OpenSAML2 process parameter into binding context dao
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject();
-			service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
-			service.setLocation(targetLocation);;
-		
-			context.setOutboundSAMLMessageSigningCredential(credentials);
-			context.setPeerEntityEndpoint(service);
-			context.setOutboundSAMLMessage(request);
-			context.setOutboundMessageTransport(responseAdapter);
-			context.setRelayState(relayState);
-
-			encoder.encode(context);
-			
-//		} catch (CredentialsNotAvailableException e) {
-//			e.printStackTrace();
-//			throw new SecurityException(e);
-		} catch (Exception e) {
-			e.printStackTrace();
-			throw new SecurityException(e);
-		}
-	}
-
-	public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
-			StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
-			throws MessageEncodingException, SecurityException {
-
-		try {
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			
-			Logger.debug("create SAML POSTBinding response");
-			
-			//initialize POST binding encoder with template decoration
-			IGUIBuilderConfiguration guiConfig = 
-					new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
-							pendingReq, 
-							"pvp_postbinding_template.html", 
-							MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, 
-							null, 
-							authConfig.getRootConfigFileDir());								
-			MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder,
-					VelocityProvider.getClassPathVelocityEngine());	
-			
-			//set OpenSAML2 process parameter into binding context dao			
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			SingleSignOnService service = new SingleSignOnServiceBuilder()
-					.buildObject();
-			service.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-			service.setLocation(targetLocation);
-			context.setOutboundSAMLMessageSigningCredential(credentials);			
-			context.setPeerEntityEndpoint(service);
-			// context.setOutboundMessage(authReq);
-			context.setOutboundSAMLMessage(response);
-			context.setOutboundMessageTransport(responseAdapter);
-			context.setRelayState(relayState);
-
-			encoder.encode(context);
-//		} catch (CredentialsNotAvailableException e) {
-//			e.printStackTrace();
-//			throw new SecurityException(e);
-		} catch (Exception e) {
-			e.printStackTrace();
-			throw new SecurityException(e);
-		}
-	}
-
-	public InboundMessageInterface decode(HttpServletRequest req,
-			HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
-			SecurityException {
-
-		HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
-		BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-		messageContext
-				.setInboundMessageTransport(new HttpServletRequestAdapter(req));
-		//set metadata descriptor type
-		if (isSPEndPoint) {
-			messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-			decode.setURIComparator(comparator);
-			
-		} else {
-			messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-			decode.setURIComparator(comparator);
-		}
-							
-		messageContext.setMetadataProvider(metadataProvider);
-		
-		//set security policy context
-		BasicSecurityPolicy policy = new BasicSecurityPolicy();
-		policy.getPolicyRules().add(
-				new MOAPVPSignedRequestPolicyRule(metadataProvider,
-						TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider),
-						messageContext.getPeerEntityRole()));		
-		SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy);
-		messageContext.setSecurityPolicyResolver(secResolver);
-		
-		decode.decode(messageContext);
-		
-		InboundMessage msg = null;		
-		if (messageContext.getInboundMessage() instanceof RequestAbstractType) {			
-			RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
-					.getInboundMessage();			
-			msg = new MOARequest(inboundMessage, getSAML2BindingName());
-			msg.setEntityID(inboundMessage.getIssuer().getValue());
-			
-		} else if (messageContext.getInboundMessage() instanceof StatusResponseType){
-			StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage();
-			msg = new MOAResponse(inboundMessage);
-			msg.setEntityID(inboundMessage.getIssuer().getValue());
-			
-		} else
-			//create empty container if request type is unknown
-			msg = new InboundMessage();
-				
-		if (messageContext.getPeerEntityMetadata() != null)
-			msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
-		
-		else {
-			if (MiscUtil.isEmpty(msg.getEntityID()))
-				Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
-		}
-				
-
-		msg.setVerified(true);
-		msg.setRelayState(messageContext.getRelayState());
-		
-		return msg;
-	}
-
-	public boolean handleDecode(String action, HttpServletRequest req) {
-		return (req.getMethod().equals("POST") && action.equals(PVP2XProtocol.POST));
-	}
-	
-	public String getSAML2BindingName() {
-		return SAMLConstants.SAML2_POST_BINDING_URI;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
deleted file mode 100644
index caebd456b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ /dev/null
@@ -1,244 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
-import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
-import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.security.SecurityPolicyResolver;
-import org.opensaml.ws.security.provider.BasicSecurityPolicy;
-import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
-import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.parse.BasicParserPool;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOASAML2AuthRequestSignedRole;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Service("PVPRedirectBinding")
-public class RedirectBinding implements IDecoder, IEncoder {
-	
-	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
-			RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
-			throws MessageEncodingException, SecurityException {
-		
-//		try {
-//			X509Credential credentials = credentialProvider
-//					.getIDPAssertionSigningCredential();
-
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			
-			Logger.debug("create SAML RedirectBinding response");
-			
-			HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			SingleSignOnService service = new SingleSignOnServiceBuilder()
-					.buildObject();
-			service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			service.setLocation(targetLocation);
-			context.setOutboundSAMLMessageSigningCredential(credentials);
-			context.setPeerEntityEndpoint(service);
-			context.setOutboundSAMLMessage(request);
-			context.setOutboundMessageTransport(responseAdapter);
-			context.setRelayState(relayState);
-
-			encoder.encode(context);
-//		} catch (CredentialsNotAvailableException e) {
-//			e.printStackTrace();
-//			throw new SecurityException(e);
-//		}
-	}
-
-	public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
-			StatusResponseType response, String targetLocation, String relayState, 
-			Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException {
-//		try {
-//			X509Credential credentials = credentialProvider
-//					.getIDPAssertionSigningCredential();
-
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			
-			Logger.debug("create SAML RedirectBinding response");
-			
-			HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			SingleSignOnService service = new SingleSignOnServiceBuilder()
-					.buildObject();
-			service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			service.setLocation(targetLocation);
-			context.setOutboundSAMLMessageSigningCredential(credentials);
-			context.setPeerEntityEndpoint(service);
-			context.setOutboundSAMLMessage(response);
-			context.setOutboundMessageTransport(responseAdapter);
-			context.setRelayState(relayState);
-			
-			encoder.encode(context);
-//		} catch (CredentialsNotAvailableException e) {
-//			e.printStackTrace();
-//			throw new SecurityException(e);
-//		}
-	}
-
-	public InboundMessageInterface decode(HttpServletRequest req,
-			HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
-			SecurityException {
-
-		HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
-				new BasicParserPool());
-		
-		BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-		messageContext
-				.setInboundMessageTransport(new HttpServletRequestAdapter(req));
-		
-		//set metadata descriptor type
-		if (isSPEndPoint) {
-			messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-			decode.setURIComparator(comparator);
-			
-		} else {
-			messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-			decode.setURIComparator(comparator);
-		}
-							
-		messageContext.setMetadataProvider(metadataProvider);
-				
-		SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
-				TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
-		MOASAML2AuthRequestSignedRole signedRole = new MOASAML2AuthRequestSignedRole();
-		BasicSecurityPolicy policy = new BasicSecurityPolicy();
-		policy.getPolicyRules().add(signedRole);
-		policy.getPolicyRules().add(signatureRule);		
-		SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
-				policy);		
-		messageContext.setSecurityPolicyResolver(resolver);
-		
-		//set metadata descriptor type
-		if (isSPEndPoint)
-			messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-		else
-			messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-		
-		try {		
-			decode.decode(messageContext);		
-
-			//check signature
-			signatureRule.evaluate(messageContext);
-			
-		} catch (SecurityException e) {
-			if (MiscUtil.isEmpty(messageContext.getInboundMessageIssuer())) {
-				throw e;
-			
-			}
-			
-			if (metadataProvider instanceof IMOARefreshableMetadataProvider) {
-				Logger.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + messageContext.getInboundMessageIssuer());
-				if (!((IMOARefreshableMetadataProvider) metadataProvider).refreshMetadataProvider(messageContext.getInboundMessageIssuer()))
-					throw e;
-				
-				else {
-					Logger.trace("PVP2X metadata reload finished. Check validate message again.");
-					decode.decode(messageContext);		
-
-					//check signature
-					signatureRule.evaluate(messageContext);					
-										
-				}
-				Logger.trace("Second PVP2X message validation finished");
-				
-			} else {
-				throw e;
-				
-			}
-		}		
-					
-		InboundMessage msg = null;
-		if (messageContext.getInboundMessage() instanceof RequestAbstractType) {			
-			RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
-					.getInboundMessage();			
-			msg = new MOARequest(inboundMessage, getSAML2BindingName());
-			
-			
-		} else if (messageContext.getInboundMessage() instanceof StatusResponseType){
-			StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage();			
-			msg = new MOAResponse(inboundMessage);
-			
-		} else 
-			//create empty container if request type is unknown
-			msg = new InboundMessage();
-
-		if (messageContext.getPeerEntityMetadata() != null)
-			msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
-		
-		else
-			Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
-		
-		msg.setVerified(true);
-		msg.setRelayState(messageContext.getRelayState());
-		
-		return msg;
-	}
-
-	public boolean handleDecode(String action, HttpServletRequest req) {
-		return ((action.equals(PVP2XProtocol.REDIRECT) || action.equals(PVP2XProtocol.SINGLELOGOUT)) 
-				&& req.getMethod().equals("GET"));
-	}
-	
-	public String getSAML2BindingName() {
-		return SAMLConstants.SAML2_REDIRECT_BINDING_URI;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
deleted file mode 100644
index 2b4374a64..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.soap.soap11.Envelope;
-import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder;
-import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.parse.BasicParserPool;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.signature.SignableXMLObject;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Service("PVPSOAPBinding")
-public class SoapBinding implements IDecoder, IEncoder {
-
-	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
-	@Autowired private IDPCredentialProvider credentialProvider;
-	
-	public InboundMessageInterface decode(HttpServletRequest req,
-			HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
-			SecurityException, PVP2Exception {
-		HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool());
-		BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = 
-				new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-		messageContext
-				.setInboundMessageTransport(new HttpServletRequestAdapter(
-						req));		
-		messageContext.setMetadataProvider(metadataProvider);
-
-		//TODO: update in a futher version: 
-		//      requires a special SignedSOAPRequestPolicyRole because 
-		//		messageContext.getInboundMessage() is not directly signed
-		
-		//set security context
-//		BasicSecurityPolicy policy = new BasicSecurityPolicy();
-//		policy.getPolicyRules().add(
-//				new MOAPVPSignedRequestPolicyRule(
-//						TrustEngineFactory.getSignatureKnownKeysTrustEngine(),
-//						SPSSODescriptor.DEFAULT_ELEMENT_NAME));		
-//		SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
-//				policy);			
-//		messageContext.setSecurityPolicyResolver(resolver);
-		
-		//decode message
-		soapDecoder.decode(messageContext);
-		
-		Envelope inboundMessage = (Envelope) messageContext
-				.getInboundMessage();
-		
-		if (inboundMessage.getBody() != null) {		
-			List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects();
-		
-			if (!xmlElemList.isEmpty()) {
-				SignableXMLObject attrReq = (SignableXMLObject) xmlElemList.get(0);			
-				MOARequest request = new MOARequest(attrReq, getSAML2BindingName());				
-				
-				if (messageContext.getPeerEntityMetadata() != null)
-					request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
-				
-				else if (attrReq instanceof RequestAbstractType) {
-					RequestAbstractType attributeRequest = (RequestAbstractType) attrReq;
-					try {						
-						if (MiscUtil.isNotEmpty(attributeRequest.getIssuer().getValue()) && 
-								metadataProvider.getRole(
-										attributeRequest.getIssuer().getValue(), 
-										SPSSODescriptor.DEFAULT_ELEMENT_NAME) != null)
-							request.setEntityID(attributeRequest.getIssuer().getValue());
-						
-					} catch (Exception e) {
-						Logger.warn("No Metadata found with EntityID " + attributeRequest.getIssuer().getValue());
-					}					
-				} 
-				
-				request.setVerified(false);			
-				return request;
-						
-			} 
-		}
-		
-		Logger.error("Receive empty PVP 2.1 attributequery request.");
-		throw new AttributQueryException("Receive empty PVP 2.1 attributequery request.", null);
-	}
-
-	public boolean handleDecode(String action, HttpServletRequest req) {
-		return (req.getMethod().equals("POST") && 
-				(action.equals(PVP2XProtocol.SOAP) || action.equals(PVP2XProtocol.ATTRIBUTEQUERY)));
-	}
-
-	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
-			RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
-			throws MessageEncodingException, SecurityException, PVP2Exception {
-		
-	}
-
-	public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
-			StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
-			throws MessageEncodingException, SecurityException, PVP2Exception {
-//		try {
-//			Credential credentials = credentialProvider
-//					.getIDPAssertionSigningCredential();
-			
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			
-			HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			context.setOutboundSAMLMessageSigningCredential(credentials);
-			context.setOutboundSAMLMessage(response);
-			context.setOutboundMessageTransport(responseAdapter);
-			
-			encoder.encode(context);
-//		} catch (CredentialsNotAvailableException e) {
-//			e.printStackTrace();
-//			throw new SecurityException(e);
-//		}
-	}
-	
-	public String getSAML2BindingName() {
-		return SAMLConstants.SAML2_SOAP11_BINDING_URI;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
index f3af12a2c..b5f77ce1a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
@@ -49,14 +49,15 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.Document;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.SamlAttributeGenerator;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -104,7 +105,7 @@ public class AttributQueryBuilder {
 			String endpoint, List<Attribute> requestedAttributes) throws AttributQueryException {
 		
 		
-		try {
+		try { 
 		
 			AttributeQuery query = new AttributeQueryBuilder().buildObject();
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
deleted file mode 100644
index 78ddab488..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.EncryptedAssertion;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.encryption.Encrypter;
-import org.opensaml.saml2.encryption.Encrypter.KeyPlacement;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.security.MetadataCredentialResolver;
-import org.opensaml.security.MetadataCriteria;
-import org.opensaml.xml.encryption.EncryptionException;
-import org.opensaml.xml.encryption.EncryptionParameters;
-import org.opensaml.xml.encryption.KeyEncryptionParameters;
-import org.opensaml.xml.security.CriteriaSet;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
-import org.opensaml.xml.security.x509.X509Credential;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class AuthResponseBuilder {
-
-	public static Response buildResponse(MetadataProvider metadataProvider, String issuerEntityID, RequestAbstractType req, DateTime date, Assertion assertion, boolean enableEncryption) throws InvalidAssertionEncryptionException, ConfigurationException {
-		Response authResponse = SAML2Utils.createSAMLObject(Response.class);
-
-		Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
-		
-		nissuer.setValue(issuerEntityID);
-		nissuer.setFormat(NameID.ENTITY);
-		authResponse.setIssuer(nissuer);
-		authResponse.setInResponseTo(req.getID());
-
-		//set responseID
-		String remoteSessionID = SAML2Utils.getSecureIdentifier();
-		authResponse.setID(remoteSessionID);
-		
-		
-		//SAML2 response required IssueInstant
-		authResponse.setIssueInstant(date);
-		
-		authResponse.setStatus(SAML2Utils.getSuccessStatus());
-				
-		//check, if metadata includes an encryption key				
-		MetadataCredentialResolver mdCredResolver = 
-				new MetadataCredentialResolver(metadataProvider);
-	
-		CriteriaSet criteriaSet = new CriteriaSet();
-		criteriaSet.add( new EntityIDCriteria(req.getIssuer().getValue()) );
-		criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
-		criteriaSet.add( new UsageCriteria(UsageType.ENCRYPTION) );
-	
-		X509Credential encryptionCredentials = null;
-		try {
-			encryptionCredentials = (X509Credential) mdCredResolver.resolveSingle(criteriaSet);
-				
-		} catch (SecurityException e2) {
-			Logger.warn("Can not extract the Assertion Encryption-Key from metadata", e2);
-			throw new InvalidAssertionEncryptionException();
-			
-		}
-			
-		if (encryptionCredentials != null && enableEncryption) {
-			//encrypt SAML2 assertion
-				
-			try {
-				
-				EncryptionParameters dataEncParams = new EncryptionParameters();
-				dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE);
-								
-				List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>();
-				KeyEncryptionParameters  keyEncParam = new KeyEncryptionParameters();
-			
-				keyEncParam.setEncryptionCredential(encryptionCredentials);
-				keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE);
-				KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration()
-						.getKeyInfoGeneratorManager().getDefaultManager()
-						.getFactory(encryptionCredentials);
-				keyEncParam.setKeyInfoGenerator(kigf.newInstance());
-				keyEncParamList.add(keyEncParam);
-											
-				Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); 
-				//samlEncrypter.setKeyPlacement(KeyPlacement.INLINE);
-				samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
-				
-				EncryptedAssertion encryptAssertion = null;
-				
-				encryptAssertion = samlEncrypter.encrypt(assertion);
-				
-				authResponse.getEncryptedAssertions().add(encryptAssertion);
-				
-			} catch (EncryptionException e1) {
-				Logger.warn("Can not encrypt the PVP2 assertion", e1);
-				throw new InvalidAssertionEncryptionException();
-					
-			} 
-
-		} else {
-			authResponse.getAssertions().add(assertion);
-				
-		}
-		
-		return authResponse;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
deleted file mode 100644
index d2a63c72f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
+++ /dev/null
@@ -1,171 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeValue;
-import org.opensaml.xml.Configuration;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSInteger;
-import org.opensaml.xml.schema.XSString;
-import org.opensaml.xml.schema.impl.XSIntegerBuilder;
-import org.opensaml.xml.schema.impl.XSStringBuilder;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-
-public class CitizenTokenBuilder {
-
-	public static XMLObject buildAttributeStringValue(String value) {
-		XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
-		XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
-		stringValue.setValue(value);
-		return stringValue;
-	}
-	
-	public static XMLObject buildAttributeIntegerValue(int value) {
-		XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
-		XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
-		integerValue.setValue(value);
-		return integerValue;
-	}
-	
-	public static Attribute buildStringAttribute(String friendlyName, 
-			String name, String value) {
-		Attribute attribute = 
-				SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.getAttributeValues().add(buildAttributeStringValue(value));
-		return attribute;
-	}
-	
-	public static Attribute buildIntegerAttribute(String friendlyName, 
-			String name, int value) {
-		Attribute attribute = 
-				SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
-		return attribute;
-	}
-	
-	public static Attribute buildPVPVersion(String value) {
-		return buildStringAttribute("PVP-VERSION",
-				"urn:oid:1.2.40.0.10.2.1.1.261.10", value);
-	}
-	
-	public static Attribute buildSecClass(int value) {
-		return buildIntegerAttribute("SECCLASS",
-				"", value);
-	}
-	
-	public static Attribute buildPrincipalName(String value) {
-		return buildStringAttribute("PRINCIPAL-NAME",
-				"urn:oid:1.2.40.0.10.2.1.1.261.20", value);
-	}
-	
-	public static Attribute buildGivenName(String value) {
-		return buildStringAttribute("GIVEN-NAME",
-				"urn:oid:2.5.4.42", value);
-	}
-	
-	public static Attribute buildBirthday(String value) {
-		return buildStringAttribute("BIRTHDATE",
-				"urn:oid:1.2.40.0.10.2.1.1.55", value);
-	}
-	
-	public static Attribute buildBPK(String value) {
-		return buildStringAttribute("BPK",
-				"urn:oid:1.2.40.0.10.2.1.1.149", value);
-	}
-	
-	public static Attribute buildEID_CITIZEN_QAALEVEL(int value) {
-		return buildIntegerAttribute("EID-CITIZEN-QAA-LEVEL",
-				"urn:oid:1.2.40.0.10.2.1.1.261.94", value);
-	}
-	
-	public static Attribute buildEID_ISSUING_NATION(String value) {
-		return buildStringAttribute("EID-ISSUING-NATION",
-				"urn:oid:1.2.40.0.10.2.1.1.261.32", value);
-	}
-	
-	public static Attribute buildEID_SECTOR_FOR_IDENTIFIER(String value) {
-		return buildStringAttribute("EID-SECTOR-FOR-IDENTIFIER",
-				"urn:oid:1.2.40.0.10.2.1.1.261.34", value);
-	}
-	
-	
-//	public static AttributeStatement buildCitizenToken(MOARequest obj,
-//			AuthenticationSession authSession) {
-//		AttributeStatement statement = 
-//				SAML2Utils.createSAMLObject(AttributeStatement.class);
-//
-//		//TL: AuthData generation is moved out from VerifyAuthBlockServlet
-//		try {
-//
-//			//TODO: LOAD oaParam from request and not from MOASession in case of SSO
-//			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
-//					.getOnlineApplicationParameter(authSession.getPublicOAURLPrefix());
-//		
-//			AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession,
-//					oaParam,
-//					authSession.getTarget());
-//			
-//			Attribute pvpVersion = buildPVPVersion("2.1");
-//			Attribute secClass = buildSecClass(3);
-//			Attribute principalName = buildPrincipalName(authData.getFamilyName());
-//			Attribute givenName = buildGivenName(authData.getGivenName());
-//			Attribute birthdate = buildBirthday(authData.getDateOfBirth());
-//			
-//			//TL: getIdentificationValue holds the baseID  --> change to pBK
-//			Attribute bpk = buildBPK(authData.getBPK());
-//			
-//			Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3);
-//			Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT");
-//			Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authData.getIdentificationType());
-//			
-//			statement.getAttributes().add(pvpVersion);
-//			statement.getAttributes().add(secClass);
-//			statement.getAttributes().add(principalName);
-//			statement.getAttributes().add(givenName);
-//			statement.getAttributes().add(birthdate);
-//			statement.getAttributes().add(bpk);
-//			statement.getAttributes().add(eid_citizen_qaa);
-//			statement.getAttributes().add(eid_issuing_nation);
-//			statement.getAttributes().add(eid_sector_for_id);
-//			
-//			return statement;
-//			
-//		} catch (ConfigurationException e) {
-//			
-//			// TODO: check Exception Handling
-//			return null;
-//		} catch (BuildException e) {
-//			
-//			// TODO: check Exception Handling
-//			return null;
-//		}
-//		
-//
-//	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
deleted file mode 100644
index 07da57d2a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ /dev/null
@@ -1,207 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.ServiceLoader;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class PVPAttributeBuilder {
-	
-	private static IAttributeGenerator<Attribute> generator = new SamlAttributeGenerator();
-	
-	private static HashMap<String, IAttributeBuilder> builders;
-	
-	private static ServiceLoader<IAttributeBuilder> attributBuilderLoader = 
-			ServiceLoader.load(IAttributeBuilder.class);
-	
-	private static void addBuilder(IAttributeBuilder builder) {
-		builders.put(builder.getName(), builder);
-	}
-	
-	static {
-		builders = new HashMap<String, IAttributeBuilder>();
-		
-		Logger.info("Loading protocol attribut-builder modules:");
-		if (attributBuilderLoader != null ) {		
-			Iterator<IAttributeBuilder> moduleLoaderInterator = attributBuilderLoader.iterator();
-			while (moduleLoaderInterator.hasNext()) {
-				try {
-					IAttributeBuilder modul = moduleLoaderInterator.next();
-					Logger.info("Loading attribut-builder Modul Information: " + modul.getName());
-					addBuilder(modul);
-					
-				} catch(Throwable e) {
-					Logger.error("Check configuration! " + "Some attribute-builder modul" + 
-							" is not a valid IAttributeBuilder", e);
-				}	
-			}
-		}
-		
-		Logger.info("Loading attribute-builder modules done");
-				
-	}
-	
-	
-	/**
-	 * Get a specific attribute builder
-	 * 
-	 * @param name Attribute-builder friendly name
-	 * 
-	 * @return Attribute-builder with this name or null if builder does not exists
-	 */
-	public static IAttributeBuilder getAttributeBuilder(String name) {
-		return builders.get(name);
-		
-	}
-	
-	public static Attribute buildAttribute(String name, ISPConfiguration  oaParam,
-			IAuthData authData) throws PVP2Exception, AttributeBuilderException {
-		if (builders.containsKey(name)) {
-			try {
-				return builders.get(name).build(oaParam, authData, generator);
-			}
-			catch (AttributeBuilderException e) {
-				if (e instanceof UnavailableAttributeException) {
-					throw e;
-				} else if (e instanceof InvalidDateFormatAttributeException) {
-					throw new InvalidDateFormatException();
-				} else if (e instanceof NoMandateDataAttributeException) {
-					throw new NoMandateDataAvailableException();
-				} else {
-					throw new UnprovideableAttributeException(name);
-				}
-			}
-		}
-		return null;
-	}
-	
-	public static Attribute buildEmptyAttribute(String name) {
-		if (builders.containsKey(name)) {
-			return builders.get(name).buildEmpty(generator);
-		}
-		return null;
-	}
-
-	public static Attribute buildAttribute(String name, String value) {
-		if (builders.containsKey(name)) {
-			return builders.get(name).buildEmpty(generator);
-		}
-		return null;
-	}
-	
-	
-	
-	public static List<Attribute> buildSupportedEmptyAttributes() {
-		List<Attribute> attributes = new ArrayList<Attribute>();
-		Iterator<IAttributeBuilder> builderIt = builders.values().iterator();
-		while (builderIt.hasNext()) {
-			IAttributeBuilder builder = builderIt.next();
-			Attribute emptyAttribute = builder.buildEmpty(generator);
-			if (emptyAttribute != null) {
-				attributes.add(emptyAttribute);
-			}
-		}
-		return attributes;
-	}
-	
-	public static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) {
-		RequestedAttribute attribute = SAML2Utils.createSAMLObject(RequestedAttribute.class);
-		attribute.setIsRequired(required);
-		attribute.setName(name);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setNameFormat(Attribute.URI_REFERENCE);
-		return attribute;
-	}
-	
-	/**
-	 * Build a set of PVP Response-Attributes
-	 * <br><br>
-	 * <b>INFO:</b> If a specific attribute can not be build, a info is logged, but no execpetion is thrown.
-	 * Therefore, the return List must not include all requested attributes.    
-	 * 
-	 * @param authData AuthenticationData <code>IAuthData</code> which is used to build the attribute values, but never <code>null</code>
-	 * @param reqAttributenName List of PVP attribute names which are requested, but never <code>null</code>
-	 * @return List of PVP attributes, but never <code>null</code>
-	 */
-	public static List<Attribute> buildSetOfResponseAttributes(IAuthData authData, 
-			Collection<String> reqAttributenName) {
-		List<Attribute> attrList = new ArrayList<Attribute>();
-		if (reqAttributenName != null) {		
-			Iterator<String> it = reqAttributenName.iterator();
-			while (it.hasNext()) {
-				String reqAttributName = it.next();
-				try {
-					Attribute attr = PVPAttributeBuilder.buildAttribute(
-							reqAttributName, null, authData);
-					if (attr == null) {
-						Logger.info(
-								"Attribute generation failed! for "
-										+ reqAttributName);
-					
-					} else {
-						attrList.add(attr);
-					
-					}
-									
-				} catch (PVP2Exception e) {
-					Logger.info(
-							"Attribute generation failed! for "
-									+ reqAttributName);
-				
-				} catch (Exception e) {
-					Logger.warn(
-							"General Attribute generation failed! for "
-									+ reqAttributName, e);
-				
-				}
-			}
-		}
-		
-		return attrList;
-	}
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
deleted file mode 100644
index a55e873b5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.security.NoSuchAlgorithmException;
-
-import javax.servlet.http.HttpServletResponse;
-
-import org.joda.time.DateTime;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.NameIDPolicy;
-import org.opensaml.saml2.core.NameIDType;
-import org.opensaml.saml2.core.RequestedAuthnContext;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.security.SecurityException;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-@Service("PVPAuthnRequestBuilder")
-public class PVPAuthnRequestBuilder {
-	
-	@Autowired(required=true) ApplicationContext springContext;
-	
-	/**
-	 * Build a PVP2.x specific authentication request
-	 * 
-	 * @param pendingReq Currently processed pendingRequest 
-	 * @param config AuthnRequest builder configuration, never null
-	 * @param idpEntity SAML2 EntityDescriptor of the IDP, which receive this AuthnRequest, never null
-	 * @param httpResp
-	 * @throws NoSuchAlgorithmException 
-	 * @throws SecurityException 
-	 * @throws PVP2Exception 
-	 * @throws MessageEncodingException 
-	 */
-	public void buildAuthnRequest(IRequest pendingReq, IPVPAuthnRequestBuilderConfiguruation config, 
-			HttpServletResponse httpResp) throws NoSuchAlgorithmException, MessageEncodingException, PVP2Exception, SecurityException {
-		//get IDP Entity element from config
-		EntityDescriptor idpEntity = config.getIDPEntityDescriptor();
-		
-		AuthnRequest authReq = SAML2Utils
-				.createSAMLObject(AuthnRequest.class);
-		
-		//select SingleSignOn Service endpoint from IDP metadata
-		SingleSignOnService endpoint = null;  
-		for (SingleSignOnService sss : 
-				idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
-			
-			// use POST binding as default if it exists 
-			if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { 
-				endpoint = sss; 
-				
-			} else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) 
-					&& endpoint == null )
-				endpoint = sss;
-			
-		}
-		
-		if (endpoint == null) {
-			Logger.warn("Building AuthnRequest FAILED: > Requested IDP " + idpEntity.getEntityID() 
-					+ " does not support POST or Redirect Binding.");
-			throw new AuthnRequestBuildException("sp.pvp2.00", new Object[]{config.getSPNameForLogging(), idpEntity.getEntityID()});
-			
-		} else
-			authReq.setDestination(endpoint.getLocation());
-		
-		
-		//set basic AuthnRequest information
-		String reqID = config.getRequestID();
-		if (MiscUtil.isNotEmpty(reqID))
-			authReq.setID(reqID);
-		
-		else {
-			SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
-			authReq.setID(gen.generateIdentifier());
-			
-		}
-		
-		authReq.setIssueInstant(new DateTime());
-		
-		//set isPassive flag
-		if (config.isPassivRequest() == null)
-			authReq.setIsPassive(false);
-		else
-			authReq.setIsPassive(config.isPassivRequest());
-
-		//set EntityID of the service provider
-		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-		issuer.setFormat(NameIDType.ENTITY);
-		issuer.setValue(config.getSPEntityID());
-		authReq.setIssuer(issuer);
-
-		//set AssertionConsumerService ID
-		if (config.getAssertionConsumerServiceId() != null)
-			authReq.setAssertionConsumerServiceIndex(config.getAssertionConsumerServiceId());
-		
-		//set NameIDPolicy
-		if (config.getNameIDPolicyFormat() != null) {
-			NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class);
-			policy.setAllowCreate(config.getNameIDPolicyAllowCreation());
-			policy.setFormat(config.getNameIDPolicyFormat());
-			authReq.setNameIDPolicy(policy);
-		}
-		
-		//set requested QAA level
-		if (config.getAuthnContextClassRef() != null) {
-			RequestedAuthnContext reqAuthContext = SAML2Utils.createSAMLObject(RequestedAuthnContext.class);		
-			AuthnContextClassRef authnClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
-		
-			authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRef());
-			
-			if (config.getAuthnContextComparison() == null)
-				reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
-			else
-				reqAuthContext.setComparison(config.getAuthnContextComparison());
-			
-			reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);					
-			authReq.setRequestedAuthnContext(reqAuthContext);
-		}
-						
-		//set request Subject element
-		if (MiscUtil.isNotEmpty(config.getSubjectNameID())) {
-			Subject reqSubject = SAML2Utils.createSAMLObject(Subject.class);
-			NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
-			
-			subjectNameID.setValue(config.getSubjectNameID());
-			if (MiscUtil.isNotEmpty(config.getSubjectNameIDQualifier()))
-				subjectNameID.setNameQualifier(config.getSubjectNameIDQualifier());
-			
-			if (MiscUtil.isNotEmpty(config.getSubjectNameIDFormat()))
-				subjectNameID.setFormat(config.getSubjectNameIDFormat());
-			else
-				subjectNameID.setFormat(NameID.TRANSIENT);
-			
-			reqSubject.setNameID(subjectNameID);
-						
-			if (config.getSubjectConformationDate() != null) {
-				SubjectConfirmation subjectConformation = SAML2Utils.createSAMLObject(SubjectConfirmation.class);
-				SubjectConfirmationData subjectConformDate = SAML2Utils.createSAMLObject(SubjectConfirmationData.class);			
-				subjectConformation.setSubjectConfirmationData(subjectConformDate);
-				reqSubject.getSubjectConfirmations().add(subjectConformation );
-							
-				if (config.getSubjectConformationMethode() != null)
-					subjectConformation.setMethod(config.getSubjectConformationMethode());
-								
-				subjectConformDate.setDOM(config.getSubjectConformationDate());
-								
-			}
-						
-			authReq.setSubject(reqSubject );
-						
-		}
-		
-		//TODO: implement requested attributes
-		//maybe: config.getRequestedAttributes();
-		
-		//select message encoder
-		IEncoder binding = null;
-		if (endpoint.getBinding().equals(
-				SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
-			binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
-														
-		} else if (endpoint.getBinding().equals(
-				SAMLConstants.SAML2_POST_BINDING_URI)) {
-			binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
-			
-		}
-		
-		//encode message
-		binding.encodeRequest(null, httpResp, authReq, 
-				endpoint.getLocation(), pendingReq.getPendingRequestId(), config.getAuthnRequestSigningCredential(), pendingReq);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
deleted file mode 100644
index e2ac50e5e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
+++ /dev/null
@@ -1,442 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.io.IOException;
-import java.io.StringWriter;
-import java.util.List;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.ContactPerson;
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.KeyDescriptor;
-import org.opensaml.saml2.metadata.LocalizedString;
-import org.opensaml.saml2.metadata.NameIDFormat;
-import org.opensaml.saml2.metadata.Organization;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.RoleDescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.ServiceName;
-import org.opensaml.saml2.metadata.SingleLogoutService;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.xml.io.Marshaller;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.SecurityHelper;
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
-import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureException;
-import org.opensaml.xml.signature.Signer;
-import org.springframework.stereotype.Service;
-import org.w3c.dom.Document;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-
-@Service("PVPMetadataBuilder")
-public class PVPMetadataBuilder {
-
-	X509KeyInfoGeneratorFactory keyInfoFactory = null;
-	
-	/**
-	 * 
-	 */
-	public PVPMetadataBuilder() {
-		keyInfoFactory = new X509KeyInfoGeneratorFactory();
-		keyInfoFactory.setEmitEntityIDAsKeyName(true);
-		keyInfoFactory.setEmitEntityCertificate(true);
-		
-	}
-	
-	
-	/**
-	 * 
-	 * Build PVP 2.1 conform SAML2 metadata
-	 * 
-	 * @param config 
-	 * 				PVPMetadataBuilder configuration
-	 * 
-	 * @return PVP metadata as XML String
-	 * @throws SecurityException 
-	 * @throws ConfigurationException 
-	 * @throws CredentialsNotAvailableException 
-	 * @throws TransformerFactoryConfigurationError 
-	 * @throws MarshallingException 
-	 * @throws TransformerException 
-	 * @throws ParserConfigurationException 
-	 * @throws IOException 
-	 * @throws SignatureException 
-	 */
-	public String buildPVPMetadata(IPVPMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, ConfigurationException, SecurityException, TransformerFactoryConfigurationError, MarshallingException, TransformerException, ParserConfigurationException, IOException, SignatureException {				
-		DateTime date = new DateTime();
-		EntityDescriptor entityDescriptor = SAML2Utils
-				.createSAMLObject(EntityDescriptor.class);
-		
-		//set entityID
-		entityDescriptor.setEntityID(config.getEntityID());		
-								
-		//set contact and organisation information
-		List<ContactPerson> contactPersons = config.getContactPersonInformation();
-		if (contactPersons != null)
-			entityDescriptor.getContactPersons().addAll(contactPersons);
-		
-		Organization organisation = config.getOrgansiationInformation();
-		if (organisation != null)
-			entityDescriptor.setOrganization(organisation);
-
-		//set IDP metadata
-		if (config.buildIDPSSODescriptor()) {
-			RoleDescriptor idpSSODesc = generateIDPMetadata(config);
-			if (idpSSODesc != null)
-				entityDescriptor.getRoleDescriptors().add(idpSSODesc);
-						
-		}
-		
-		//set SP metadata for interfederation
-		if (config.buildSPSSODescriptor()) {
-			RoleDescriptor spSSODesc = generateSPMetadata(config);
-			if (spSSODesc != null)
-				entityDescriptor.getRoleDescriptors().add(spSSODesc);
-		
-		}
-
-		//set metadata signature parameters
-		Credential metadataSignCred = config.getMetadataSigningCredentials();		
-		Signature signature = AbstractCredentialProvider.getIDPSignature(metadataSignCred);
-		SecurityHelper.prepareSignatureParams(signature, metadataSignCred, null, null);
-				
-		//initialize XML document builder
-		DocumentBuilder builder;
-		DocumentBuilderFactory factory = DocumentBuilderFactory
-				.newInstance();
-
-		builder = factory.newDocumentBuilder();
-		Document document = builder.newDocument();
-		
-
-		//build entities descriptor
-		if (config.buildEntitiesDescriptorAsRootElement()) {
-			EntitiesDescriptor entitiesDescriptor = 
-					SAML2Utils.createSAMLObject(EntitiesDescriptor.class);					
-			entitiesDescriptor.setName(config.getEntityFriendlyName());
-			entitiesDescriptor.setID(SAML2Utils.getSecureIdentifier());							
-			entitiesDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));			
-			entitiesDescriptor.getEntityDescriptors().add(entityDescriptor);
-			
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			entitiesDescriptor.setSignature(signature);
-			
-			
-			//marshall document
-			Marshaller out = Configuration.getMarshallerFactory()
-					.getMarshaller(entitiesDescriptor);
-			out.marshall(entitiesDescriptor, document);
-						
-		} else {
-			entityDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));
-			entityDescriptor.setID(SAML2Utils.getSecureIdentifier());
-			
-			entityDescriptor.setSignature(signature);
-			
-			
-			
-			//marshall document
-			Marshaller out = Configuration.getMarshallerFactory()
-					.getMarshaller(entityDescriptor);
-			out.marshall(entityDescriptor, document);
-			
-		}
-		
-		//sign metadata
-		Signer.signObject(signature);
-
-		//transform metadata object to XML string
-		Transformer transformer = TransformerFactory.newInstance()
-				.newTransformer();
-
-		StringWriter sw = new StringWriter();
-		StreamResult sr = new StreamResult(sw);
-		DOMSource source = new DOMSource(document);
-		transformer.transform(source, sr);
-		sw.close();
-
-		return sw.toString();
-	}
-	
-	
-	private RoleDescriptor generateSPMetadata(IPVPMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, SecurityException, ConfigurationException {		
-		SPSSODescriptor spSSODescriptor = SAML2Utils.createSAMLObject(SPSSODescriptor.class);
-		spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
-		spSSODescriptor.setAuthnRequestsSigned(config.wantAuthnRequestSigned());
-		spSSODescriptor.setWantAssertionsSigned(config.wantAssertionSigned());
-	
-		KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
-		
-		//Set AuthRequest Signing certificate
-		Credential authcredential = config.getRequestorResponseSigningCredentials();
-		if (authcredential == null) {
-			Logger.warn("SP Metadata generation FAILED! --> Builder has NO request signing-credential. ");			
-			return null;
-						
-		} else {			
-			KeyDescriptor signKeyDescriptor = SAML2Utils
-					.createSAMLObject(KeyDescriptor.class);
-			signKeyDescriptor.setUse(UsageType.SIGNING);
-			signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential));	
-			spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
-			
-		}
-		
-		//Set assertion encryption credentials		
-		Credential authEncCredential = config.getEncryptionCredentials();			
-
-		if (authEncCredential != null) {
-			KeyDescriptor encryKeyDescriptor = SAML2Utils
-					.createSAMLObject(KeyDescriptor.class);
-			encryKeyDescriptor.setUse(UsageType.ENCRYPTION);
-			encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential));	
-			spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor);
-			
-		} else {
-			Logger.warn("No Assertion Encryption-Key defined. This setting is not recommended!");
-			
-		}
-
-		//check nameID formates
-		if (config.getSPAllowedNameITTypes() == null || config.getSPAllowedNameITTypes().size() == 0) {
-			Logger.warn("SP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. ");
-			return null;
-			
-		} else {
-			for (String format : config.getSPAllowedNameITTypes()) {
-				NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
-				nameIDFormat.setFormat(format);		
-				spSSODescriptor.getNameIDFormats().add(nameIDFormat);
-						 	
-			}			
-		}
-		
-
-		//add POST-Binding assertion consumer services
-		if (MiscUtil.isNotEmpty(config.getSPAssertionConsumerServicePostBindingURL())) {
-			AssertionConsumerService postassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);		
-			postassertionConsumerService.setIndex(0);
-			postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-			postassertionConsumerService.setLocation(config.getSPAssertionConsumerServicePostBindingURL());	
-			postassertionConsumerService.setIsDefault(true);
-			spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService);
-			
-		}
-		
-		//add POST-Binding assertion consumer services
-		if (MiscUtil.isNotEmpty(config.getSPAssertionConsumerServiceRedirectBindingURL())) {
-			AssertionConsumerService redirectassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);		
-			redirectassertionConsumerService.setIndex(1);
-			redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			redirectassertionConsumerService.setLocation(config.getSPAssertionConsumerServiceRedirectBindingURL());
-			spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService);
-			
-		}
-		
-		//validate WebSSO endpoints
-		if (spSSODescriptor.getAssertionConsumerServices().size() == 0) {
-			Logger.warn("SP Metadata generation FAILED! --> NO SAML2 AssertionConsumerService endpoint found. ");
-			return null;
-			
-		}
-		
-		//add POST-Binding SLO descriptor
-		if (MiscUtil.isNotEmpty(config.getSPSLOPostBindingURL())) {
-			SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);			
-			postSLOService.setLocation(config.getSPSLOPostBindingURL());
-			postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-			spSSODescriptor.getSingleLogoutServices().add(postSLOService);
-			
-		}
-		
-		//add POST-Binding SLO descriptor
-		if (MiscUtil.isNotEmpty(config.getSPSLORedirectBindingURL())) {
-			SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);			
-			redirectSLOService.setLocation(config.getSPSLORedirectBindingURL());
-			redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			spSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
-			
-		}
-		
-		//add POST-Binding SLO descriptor
-		if (MiscUtil.isNotEmpty(config.getSPSLOSOAPBindingURL())) {
-			SingleLogoutService soapSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);			
-			soapSLOService.setLocation(config.getSPSLOSOAPBindingURL());
-			soapSLOService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
-			spSSODescriptor.getSingleLogoutServices().add(soapSLOService);
-			
-		}
-		
-		
-		//add required attributes
-		List<RequestedAttribute> reqSPAttr = config.getSPRequiredAttributes();
-		AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class);		
-			
-		attributeService.setIndex(0);
-		attributeService.setIsDefault(true);
-		ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
-		serviceName.setName(new LocalizedString("Default Service", "en"));
-		attributeService.getNames().add(serviceName);
-
-		if (reqSPAttr != null && reqSPAttr.size() > 0) {
-			Logger.debug("Add " + reqSPAttr.size() + " attributes to SP metadata");
-			attributeService.getRequestAttributes().addAll(reqSPAttr);
-			
-		} else {
-			Logger.debug("SP metadata contains NO requested attributes.");
-			
-		}
-			
-		spSSODescriptor.getAttributeConsumingServices().add(attributeService);
-						
-		return spSSODescriptor;
-	}
-	
-	private IDPSSODescriptor generateIDPMetadata(IPVPMetadataBuilderConfiguration config) throws ConfigurationException, CredentialsNotAvailableException, SecurityException {					
-		//check response signing credential
-		Credential responseSignCred = config.getRequestorResponseSigningCredentials();
-		if (responseSignCred == null) {
-			Logger.warn("IDP Metadata generation FAILED! --> Builder has NO Response signing credential. ");			
-			return null;
-			
-		}
-
-		//check nameID formates
-		if (config.getIDPPossibleNameITTypes() == null || config.getIDPPossibleNameITTypes().size() == 0) {
-			Logger.warn("IDP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. ");
-			return null;
-			
-		}
-				
-		// build SAML2 IDP-SSO descriptor element
-		IDPSSODescriptor idpSSODescriptor = SAML2Utils
-				.createSAMLObject(IDPSSODescriptor.class);
-
-		idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
-
-		//set ass default value, because PVP 2.x specification defines this feature as MUST
-		idpSSODescriptor.setWantAuthnRequestsSigned(config.wantAuthnRequestSigned());			
-		
-		// add WebSSO descriptor for POST-Binding
-		if (MiscUtil.isNotEmpty(config.getIDPWebSSOPostBindingURL())) {
-			SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class);
-			postSingleSignOnService.setLocation(config.getIDPWebSSOPostBindingURL());
-			postSingleSignOnService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-			idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService);
-						
-		}
-		
-		// add WebSSO descriptor for Redirect-Binding
-		if (MiscUtil.isNotEmpty(config.getIDPWebSSORedirectBindingURL())) {
-			SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class);
-			postSingleSignOnService.setLocation(config.getIDPWebSSORedirectBindingURL());
-			postSingleSignOnService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService);
-						
-		}
-		
-		//add Single LogOut POST-Binding endpoing
-		if (MiscUtil.isNotEmpty(config.getIDPSLOPostBindingURL())) {
-			SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);			
-			postSLOService.setLocation(config.getIDPSLOPostBindingURL());
-			postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-			idpSSODescriptor.getSingleLogoutServices().add(postSLOService);
-			
-		}
-		
-		//add Single LogOut Redirect-Binding endpoing
-		if (MiscUtil.isNotEmpty(config.getIDPSLORedirectBindingURL())) {
-			SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);			
-			redirectSLOService.setLocation(config.getIDPSLORedirectBindingURL());
-			redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
-			
-		}
-		
-		//validate WebSSO endpoints
-		if (idpSSODescriptor.getSingleSignOnServices().size() == 0) {
-			Logger.warn("IDP Metadata generation FAILED! --> NO SAML2 SingleSignOnService endpoint found. ");
-			return null;
-			
-		}
-				
-		//set assertion signing key
-		KeyDescriptor signKeyDescriptor = SAML2Utils
-				.createSAMLObject(KeyDescriptor.class);
-		signKeyDescriptor.setUse(UsageType.SIGNING);
-		KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
-		signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(config.getRequestorResponseSigningCredentials()));
-		idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
-
-		//set IDP attribute set
-		idpSSODescriptor.getAttributes().addAll(config.getIDPPossibleAttributes());
-			
-		//set providable nameID formats
-		for (String format : config.getIDPPossibleNameITTypes()) {
-			NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
-			nameIDFormat.setFormat(format);		
-			idpSSODescriptor.getNameIDFormats().add(nameIDFormat);
-						
-		}
-			
-		return idpSSODescriptor;
-		
-	}
-		
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index a1d7f5d3a..53606b341 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -75,37 +75,39 @@ import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.exception.BindingNotSupportedException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.StringRedirectDeflateEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.opemsaml.MOAStringRedirectDeflateEncoder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -120,14 +122,15 @@ public class SingleLogOutBuilder {
 	@Autowired(required=true) ApplicationContext springContext;
 	@Autowired private IDPCredentialProvider credentialProvider;
 	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
-	@Autowired private IGUIFormBuilder guiBuilder;
+	@Autowired private IGUIFormBuilder guiBuilder; 
 	@Autowired(required=true) protected IRevisionLogger revisionsLogger;
 	@Autowired private ITransactionStorage transactionStorage;
+	@Autowired(required=true) IPVP2BasicConfiguration pvpBasicConfiguration;
 
 	public static final int SLOTIMEOUT = 30 * 1000; //30 sec
 	
 	public void toTechnicalLogout(ISLOInformationContainer sloContainer, 
-			HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws MOAIDException {		
+			HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws EAAFException {		
 		Logger.trace("Starting Service-Provider logout process ... ");		
 		revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_STARTED);		
 		
@@ -174,7 +177,7 @@ public class SingleLogOutBuilder {
 		}
 						
 		IRequest pendingReq = null;		
-		PVPTargetConfiguration pvpReq = null;
+		PVPSProfilePendingRequest pvpReq = null;
 		//start service provider front channel logout process
 		try {
 			if (sloContainer.hasFrontChannelOA()) {
@@ -221,9 +224,9 @@ public class SingleLogOutBuilder {
 								
 			} else {
 				pendingReq = sloContainer.getSloRequest();
-				if (pendingReq != null && pendingReq instanceof PVPTargetConfiguration) {
+				if (pendingReq != null && pendingReq instanceof PVPSProfilePendingRequest) {
 					//send SLO response to SLO request issuer
-					pvpReq = (PVPTargetConfiguration)pendingReq;
+					pvpReq = (PVPSProfilePendingRequest)pendingReq;
 					SingleLogoutService sloService = getResponseSLODescriptor(pvpReq);
 					LogoutResponse message = buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
 					sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq);
@@ -321,10 +324,11 @@ public class SingleLogOutBuilder {
 	 * @param httpResp
 	 * @param relayState
 	 * @return 
+	 * @throws CredentialsNotAvailableException 
 	 */
 	public String getFrontChannelSLOMessageURL(String serviceURL, String bindingType,
 			RequestAbstractType sloReq, HttpServletRequest httpReq,
-			HttpServletResponse httpResp, String relayState) throws MOAIDException {
+			HttpServletResponse httpResp, String relayState) throws MOAIDException, CredentialsNotAvailableException {
 		
 		try {
 			X509Credential credentials = credentialProvider
@@ -332,7 +336,7 @@ public class SingleLogOutBuilder {
 
 			Logger.debug("create SAML RedirectBinding response");
 			
-			MOAStringRedirectDeflateEncoder encoder = new MOAStringRedirectDeflateEncoder();			
+			StringRedirectDeflateEncoder encoder = new StringRedirectDeflateEncoder();			
 			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
 			SingleLogoutService service = new SingleLogoutServiceBuilder()
 					.buildObject();
@@ -356,7 +360,7 @@ public class SingleLogOutBuilder {
 
 	public String getFrontChannelSLOMessageURL(SingleLogoutService service,
 			StatusResponseType sloResp, HttpServletRequest httpReq,
-			HttpServletResponse httpResp, String relayState) throws MOAIDException {
+			HttpServletResponse httpResp, String relayState) throws MOAIDException, CredentialsNotAvailableException {
 		
 		try {
 			X509Credential credentials = credentialProvider
@@ -364,7 +368,7 @@ public class SingleLogOutBuilder {
 
 			Logger.debug("create SAML RedirectBinding response");
 			
-			MOAStringRedirectDeflateEncoder encoder = new MOAStringRedirectDeflateEncoder();			
+			StringRedirectDeflateEncoder encoder = new StringRedirectDeflateEncoder();			
 			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
 			context.setOutboundSAMLMessageSigningCredential(credentials);
 			context.setPeerEntityEndpoint(service);
@@ -384,7 +388,7 @@ public class SingleLogOutBuilder {
 	
 	public void sendFrontChannelSLOMessage(SingleLogoutService consumerService, 
 			LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp, 
-			String relayState, PVPTargetConfiguration pvpReq) throws MOAIDException {
+			String relayState, PVPSProfilePendingRequest pvpReq) throws MOAIDException, PVP2Exception, CredentialsNotAvailableException {
 		IEncoder binding = null;
 		if (consumerService.getBinding().equals(
 				SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
@@ -417,7 +421,7 @@ public class SingleLogOutBuilder {
 	}
 	
 	
-	public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws ConfigurationException, MOAIDException {
+	public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws EAAFException {
 		LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class);
 		
 		SecureRandomIdentifierGenerator gen;
@@ -433,7 +437,7 @@ public class SingleLogOutBuilder {
 
 		DateTime now = new DateTime();
 		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-		issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloDescr.getAuthURL()));
+		issuer.setValue(pvpBasicConfiguration.getIDPEntityId(sloDescr.getAuthURL()));
 		issuer.setFormat(NameID.ENTITY);
 		sloReq.setIssuer(issuer);		
 		sloReq.setIssueInstant(now);
@@ -477,7 +481,7 @@ public class SingleLogOutBuilder {
 		return sloReq;		
 	}
 	
-	public LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest, String firstLevelStatusCode) throws ConfigurationException, MOAIDException {
+	public LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest, String firstLevelStatusCode) throws EAAFException {
 		LogoutResponse sloResp = buildBasicResponse(sloService, spRequest);
 		
 		Status status = SAML2Utils.createSAMLObject(Status.class);
@@ -494,7 +498,7 @@ public class SingleLogOutBuilder {
 		return sloResp;
 	}
 	
-	public LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPTargetConfiguration spRequest, List<String> failedOAs) throws MOAIDException {		
+	public LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest, List<String> failedOAs) throws EAAFException {		
 		LogoutResponse sloResp = buildBasicResponse(sloService, spRequest);
 		
 		Status status;
@@ -519,11 +523,10 @@ public class SingleLogOutBuilder {
 		
 	}
 	
-	private LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException, MOAIDException {
+	private LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest) throws EAAFException {
 		LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);		
 		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);		
-		issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(
-				spRequest.getAuthURLWithOutSlash()));
+		issuer.setValue(pvpBasicConfiguration.getIDPEntityId(spRequest.getAuthURLWithOutSlash()));
 		issuer.setFormat(NameID.ENTITY);
 		sloResp.setIssuer(issuer);		
 		sloResp.setIssueInstant(new DateTime());		
@@ -540,9 +543,9 @@ public class SingleLogOutBuilder {
 			
 		}			
 
-		if (spRequest.getRequest() instanceof MOARequest &&
-				((MOARequest)spRequest.getRequest()).getSamlRequest() instanceof LogoutRequest) {
-			LogoutRequest sloReq =  (LogoutRequest) ((MOARequest)spRequest.getRequest()).getSamlRequest();
+		if (spRequest.getRequest() instanceof PVPSProfileRequest &&
+				((PVPSProfileRequest)spRequest.getRequest()).getSamlRequest() instanceof LogoutRequest) {
+			LogoutRequest sloReq =  (LogoutRequest) ((PVPSProfileRequest)spRequest.getRequest()).getSamlRequest();
 			sloResp.setInResponseTo(sloReq.getID());
 			
 		}
@@ -592,8 +595,8 @@ public class SingleLogOutBuilder {
 
 	}
 	
-	public SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
-		MOARequest moaReq = (MOARequest) spRequest.getRequest();
+	public SingleLogoutService getResponseSLODescriptor(PVPSProfilePendingRequest spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
+		PVPSProfileRequest moaReq = (PVPSProfileRequest) spRequest.getRequest();
 		EntityDescriptor metadata = moaReq.getEntityMetadata(metadataProvider);
 		SSODescriptor ssodesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
 		
@@ -655,7 +658,8 @@ public class SingleLogOutBuilder {
 											oa.getUserNameID(), 
 											oa.getUserNameIDFormat(), 
 											oa.getProtocolType(),
-											sloDesc));
+											sloDesc.getBinding(),
+											sloDesc.getLocation()));
 						
 							else
 								container.getActiveFrontChannalOAs().put(oa.getOaurlprefix(), 
@@ -666,7 +670,8 @@ public class SingleLogOutBuilder {
 											oa.getUserNameID(), 
 											oa.getUserNameIDFormat(), 
 											oa.getProtocolType(),
-											sloDesc));
+											sloDesc.getBinding(),
+											sloDesc.getLocation()));
 							
 						} catch (NOSLOServiceDescriptorException e) {
 							container.putFailedOA(oa.getOaurlprefix());
@@ -707,7 +712,8 @@ public class SingleLogOutBuilder {
 										el.getUserNameID(), 
 										NameID.TRANSIENT, 
 										PVP2XProtocol.NAME,
-										sloDesc));
+										sloDesc.getBinding(),
+										sloDesc.getLocation()));
 						
 					} catch (NOSLOServiceDescriptorException e) {
 						container.putFailedOA(el.getIdpurlprefix());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
deleted file mode 100644
index 056e2bba0..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ /dev/null
@@ -1,543 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion;
-
-import java.security.MessageDigest;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-import org.joda.time.DateTime;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.saml2.core.Audience;
-import org.opensaml.saml2.core.AudienceRestriction;
-import org.opensaml.saml2.core.AuthnContext;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Conditions;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.RequestedAuthnContext;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.core.impl.AuthnRequestImpl;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.NameIDFormat;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.w3c.dom.Element;
-
-import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
-import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
-import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
-import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egiz.eaaf.core.impl.utils.Random;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.id.util.LoALevelMapper;
-import at.gv.egovernment.moa.id.util.MandateBuilder;
-import at.gv.egovernment.moa.id.util.QAALevelVerifier;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class PVP2AssertionBuilder implements PVPConstants {
-	
-	/**
-	 * Build a PVP assertion as response for a SAML2 AttributeQuery request
-	 * 
-	 * @param issuerEntityID EnitiyID, which should be used for this IDP response 
-	 * @param attrQuery AttributeQuery request from Service-Provider
-	 * @param attrList List of PVP response attributes
-	 * @param now Current time 
-	 * @param validTo ValidTo time of the assertion
-	 * @param qaaLevel QAA level of the authentication
-	 * @param sessionIndex SAML2 SessionIndex, which should be included	 * 
-	 * @return PVP 2.1 Assertion
-	 * @throws ConfigurationException
-	 */
-	public static Assertion buildAssertion(String issuerEntityID, AttributeQuery attrQuery,
-			List<Attribute> attrList, DateTime now, DateTime validTo, String qaaLevel, String sessionIndex) throws ConfigurationException {
-			
-		AuthnContextClassRef authnContextClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
-		authnContextClassRef.setAuthnContextClassRef(qaaLevel);
-		
-		NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
-		subjectNameID.setFormat(attrQuery.getSubject().getNameID().getFormat());
-		subjectNameID.setValue(attrQuery.getSubject().getNameID().getValue());
-		
-		SubjectConfirmationData subjectConfirmationData = null;
-		
-		return buildGenericAssertion(issuerEntityID, attrQuery.getIssuer().getValue(), now, 
-				authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex,
-				validTo);
-	}
-	
-	
-	/**
-	 * Build a PVP 2.1 assertion as response of a SAML2 AuthnRequest
-	 * 
-	 * @param issuerEntityID EnitiyID, which should be used for this IDP response 
-	 * @param pendingReq Current processed pendingRequest DAO
-	 * @param authnRequest Current processed PVP AuthnRequest
-	 * @param authData AuthenticationData of the user, which is already authenticated
-	 * @param peerEntity SAML2 EntityDescriptor of the service-provider, which receives the response
-	 * @param date TimeStamp
-	 * @param assertionConsumerService SAML2 endpoint of the service-provider, which should be used
-	 * @param sloInformation Single LogOut information DAO
-	 * @return
-	 * @throws MOAIDException
-	 */
-	public static Assertion buildAssertion(String issuerEntityID, PVPTargetConfiguration pendingReq, AuthnRequest authnRequest,
-			IAuthData authData, EntityDescriptor peerEntity, DateTime date, 
-			AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation)
-			throws MOAIDException {
-
-		RequestedAuthnContext reqAuthnContext = authnRequest
-				.getRequestedAuthnContext();
-
-		AuthnContextClassRef authnContextClassRef = SAML2Utils
-				.createSAMLObject(AuthnContextClassRef.class);
-		
-		ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
-		
-		if (reqAuthnContext == null) {
-			 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
-			
-		} else {
-
-			boolean eIDAS_qaa_found = false;
-	
-			List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
-					.getAuthnContextClassRefs();
-		
-			if (reqAuthnContextClassRefIt.size() == 0) {			 
-				QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), EAAFConstants.EIDAS_QAA_HIGH);
-			
-				eIDAS_qaa_found = true;
-				authnContextClassRef.setAuthnContextClassRef(EAAFConstants.EIDAS_QAA_HIGH);
-			 
-			} else {
-				for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
-					String qaa_uri = authnClassRef.getAuthnContextClassRef();
-					
-					if (qaa_uri.trim().startsWith(STORK_QAA_PREFIX)) {
-						Logger.debug("Find STORK QAA leven in AuthnRequest. Starting mapping to eIDAS level ... ");
-						qaa_uri = LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(qaa_uri.trim());
-						
-					}
-					
-					if (qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_HIGH)
-							|| qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_SUBSTANTIAL)
-							|| qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_LOW)) {
-					
-						 if (authData.isForeigner()) {
-							 QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), oaParam.getMinimumLevelOfAssurence());
-							 
-							 eIDAS_qaa_found = true;
-							 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
-							 
-						 } else {
-							 
-							 QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), 
-									 qaa_uri.trim());
-							 
-							 eIDAS_qaa_found = true;
-							 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
-							 							 
-						 }
-						 break;
-					 }
-				 }
-			 }
-	
-			if (!eIDAS_qaa_found)
-				throw new QAANotSupportedException(EAAFConstants.EIDAS_QAA_HIGH);
-				
-		}
-		
-
-
-		SPSSODescriptor spSSODescriptor = peerEntity
-				.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-				
-		//add Attributes to Assertion
-		List<Attribute> attrList = new ArrayList<Attribute>();
-		if (spSSODescriptor.getAttributeConsumingServices() != null && 
-				spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-		
-			Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
-			int idx = 0;
-
-			AttributeConsumingService attributeConsumingService = null;						
-			if (aIdx != null) {
-				idx = aIdx.intValue();
-				attributeConsumingService = spSSODescriptor
-						.getAttributeConsumingServices().get(idx);
-				
-			} else {
-				List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
-				for (AttributeConsumingService el : attrConsumingServiceList) {
-					if (el.isDefault())
-						attributeConsumingService = el;
-				}				
-			}
-			
-			/* 
-			 * TODO: maybe use first AttributeConsumingService if no is selected 
-			 * in request or on service is marked as default
-			 * 
-			 */
-			if (attributeConsumingService == null ) {
-				List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
-				if (attrConsumingServiceList != null && !attrConsumingServiceList.isEmpty())
-					attributeConsumingService = attrConsumingServiceList.get(0);
-								
-			}
-			
-			
-			if (attributeConsumingService != null) {						
-				Iterator<RequestedAttribute> it = attributeConsumingService
-						.getRequestAttributes().iterator();
-				while (it.hasNext()) {
-					RequestedAttribute reqAttribut = it.next();
-					try {
-						Attribute attr = PVPAttributeBuilder.buildAttribute(
-								reqAttribut.getName(), oaParam, authData);
-						if (attr == null) {
-							if (reqAttribut.isRequired()) {
-								throw new UnprovideableAttributeException(
-										reqAttribut.getName());
-							}
-						} else {
-							attrList.add(attr);
-						}
-					
-					} catch (UnavailableAttributeException e) {
-						Logger.info(
-								"Attribute generation for "
-										+ reqAttribut.getFriendlyName() + " not possible.");
-						if (reqAttribut.isRequired()) {
-							throw new UnprovideableAttributeException(
-									reqAttribut.getName());
-						}
-						
-					
-					} catch (PVP2Exception e) {
-						Logger.info(
-								"Attribute generation failed! for "
-										+ reqAttribut.getFriendlyName());
-						if (reqAttribut.isRequired()) {
-							throw new UnprovideableAttributeException(
-									reqAttribut.getName());
-						}
-						
-					} catch (Exception e) {
-						Logger.warn(
-								"General Attribute generation failed! for "
-										+ reqAttribut.getFriendlyName(), e);
-						if (reqAttribut.isRequired()) {
-							throw new UnprovideableAttributeException(
-									reqAttribut.getName());
-						}
-						
-					}
-				}
-			}
-		}
-		
-		NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
-		
-		//build nameID and nameID Format from moasession
-		//TODO: nameID generation
-		if (authData instanceof IMOAAuthData && 
-				((IMOAAuthData)authData).isUseMandate()) {
-			String bpktype = null;
-			String bpk = null;
-			
-			Element mandate = ((IMOAAuthData)authData).getMandate();
-			if(mandate != null) {
-				Logger.debug("Read mandator bPK|baseID from full-mandate ... ");
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if(mandateObject == null) {
-					throw new NoMandateDataAvailableException();
-				}
-				CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
-				PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson();
-				
-				IdentificationType id;
-				if(corporation != null && corporation.getIdentification().size() > 0)
-					id = corporation.getIdentification().get(0);
-	
-					
-				else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0)
-					id = pysicalperson.getIdentification().get(0);
-					
-				else {
-					Logger.error("Failed to generate IdentificationType");
-					throw new NoMandateDataAvailableException();		
-				}
-			
-				bpktype = id.getType();
-				bpk = id.getValue().getValue();
-								
-			} else {
-				Logger.debug("Read mandator bPK|baseID from PVP attributes ... ");
-				bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME, String.class);
-				bpktype = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, String.class);				
-				
-				if (MiscUtil.isEmpty(bpk)) {
-					//no sourcePin is included --> search for bPK
-					bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class);
-					
-					try {
-						if (bpk.contains(":"))
-							bpk = bpk.split(":")[1];
-						
-					} catch (Exception e) {
-						Logger.warn("Can not split bPK from mandator attribute!", e);
-						
-					}
-					
-					//set bPK-Type from configuration, because it MUST be equal to service-provider type
-					bpktype = oaParam.getAreaSpecificTargetIdentifier();
-										
-				} else {
-					//sourcePin is include --> check sourcePinType
-					if (MiscUtil.isEmpty(bpktype))
-						bpktype = Constants.URN_PREFIX_BASEID;
-					
-				}				
-			}
-			
-			if (MiscUtil.isEmpty(bpk) || MiscUtil.isEmpty(bpktype)) {
-				throw new NoMandateDataAvailableException();
-				
-			}
-			
-			if (bpktype.equals(Constants.URN_PREFIX_BASEID)) {				
-				Pair<String, String> calcbPK = new BPKBuilder().generateAreaSpecificPersonIdentifier(bpk, oaParam.getAreaSpecificTargetIdentifier());								
-				subjectNameID.setValue(calcbPK.getFirst());
-				subjectNameID.setNameQualifier(calcbPK.getSecond());
-				
-				
-			} else {
-				subjectNameID.setNameQualifier(bpktype);
-				subjectNameID.setValue(bpk);
-			}
-					
-		} else {
-			subjectNameID.setNameQualifier(authData.getBPKType());
-			subjectNameID.setValue(authData.getBPK());
-		}
-		
-		String nameIDFormat = NameID.TRANSIENT;
-		
-		//get NameIDFormat from request		
-		AuthnRequest authnReq = (AuthnRequestImpl) authnRequest;
-		if (authnReq.getNameIDPolicy() != null && 
-				MiscUtil.isNotEmpty(authnReq.getNameIDPolicy().getFormat())) {
-			nameIDFormat = authnReq.getNameIDPolicy().getFormat();
-			
-		} else {
-			//get NameIDFormat from metadata
-			List<NameIDFormat> metadataNameIDFormats = spSSODescriptor.getNameIDFormats();
-			
-			if (metadataNameIDFormats != null) {
-				
-				for (NameIDFormat el : metadataNameIDFormats) {
-					if (NameID.PERSISTENT.equals(el.getFormat())) {
-						nameIDFormat = NameID.PERSISTENT;
-						break;
-						
-					} else if (NameID.TRANSIENT.equals(el.getFormat()) ||
-							NameID.UNSPECIFIED.equals(el.getFormat()))
-						break;
-					
-				}				
-			}
-		}
-	
-		if (NameID.TRANSIENT.equals(nameIDFormat) || NameID.UNSPECIFIED.equals(nameIDFormat)) {
-			String random = Random.nextRandom();
-			String nameID = subjectNameID.getValue();
-			
-			try {
-				MessageDigest md = MessageDigest.getInstance("SHA-1");
-				byte[] hash = md.digest((nameID + random).getBytes("ISO-8859-1"));			
-				subjectNameID.setValue(Base64Utils.encode(hash));
-				subjectNameID.setNameQualifier(null);
-				subjectNameID.setFormat(NameID.TRANSIENT);
-				
-			} catch (Exception e) {
-				Logger.warn("PVP2 subjectNameID error", e);
-				throw new MOAIDException("pvp2.13", null, e);
-			}
-			
-		} else 
-			subjectNameID.setFormat(nameIDFormat);
-			
-
-		String sessionIndex = null;
-					
-		//if request is a reauthentication and NameIDFormat match reuse old session information
-		if (MiscUtil.isNotEmpty(authData.getNameID()) && 
-				MiscUtil.isNotEmpty(authData.getNameIDFormat()) && 
-				nameIDFormat.equals(authData.getNameIDFormat())) {
-			subjectNameID.setValue(authData.getNameID());
-			sessionIndex = authData.getSessionIndex();
-			
-		}
-		
-		//
-		if (MiscUtil.isEmpty(sessionIndex))
-			sessionIndex = SAML2Utils.getSecureIdentifier();
-									
-		SubjectConfirmationData subjectConfirmationData = SAML2Utils
-				.createSAMLObject(SubjectConfirmationData.class);
-		subjectConfirmationData.setInResponseTo(authnRequest.getID());
-		subjectConfirmationData.setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime()));
-//		subjectConfirmationData.setNotBefore(date);
-		
-		//set 'recipient' attribute in subjectConformationData 
-		subjectConfirmationData.setRecipient(assertionConsumerService.getLocation());
-		
-		//set IP address of the user machine as 'Address' attribute in subjectConformationData 
-		String usersIPAddress = pendingReq.getGenericData(
-				PVPTargetConfiguration.DATAID_REQUESTER_IP_ADDRESS, String.class);
-		if (MiscUtil.isNotEmpty(usersIPAddress))
-			subjectConfirmationData.setAddress(usersIPAddress);
-		
-		//set SLO information
-		sloInformation.setUserNameIdentifier(subjectNameID.getValue());
-		sloInformation.setNameIDFormat(subjectNameID.getFormat());
-		sloInformation.setSessionIndex(sessionIndex);
-		
-		return buildGenericAssertion(issuerEntityID, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter());
-	}
-	
-	/**
-	 * 
-	 * @param issuer IDP EntityID
-	 * @param entityID Service Provider EntityID
-	 * @param date 
-	 * @param authnContextClassRef
-	 * @param attrList
-	 * @param subjectNameID
-	 * @param subjectConfirmationData
-	 * @param sessionIndex
-	 * @param isValidTo
-	 * @return
-	 * @throws ConfigurationException
-	 */
-	
-	public static Assertion buildGenericAssertion(String issuer, String entityID, DateTime date, 
-			AuthnContextClassRef authnContextClassRef, List<Attribute> attrList, 
-			NameID subjectNameID, SubjectConfirmationData subjectConfirmationData, 
-			String sessionIndex, DateTime isValidTo) throws ConfigurationException {
-		Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
-		
-		AuthnContext authnContext = SAML2Utils
-				.createSAMLObject(AuthnContext.class);
-		authnContext.setAuthnContextClassRef(authnContextClassRef);
-
-		AuthnStatement authnStatement = SAML2Utils
-				.createSAMLObject(AuthnStatement.class);
-		
-		authnStatement.setAuthnInstant(date);
-		authnStatement.setSessionIndex(sessionIndex);
-		authnStatement.setAuthnContext(authnContext);
-
-		assertion.getAuthnStatements().add(authnStatement);
-		
-		AttributeStatement attributeStatement = SAML2Utils
-				.createSAMLObject(AttributeStatement.class);		
-		attributeStatement.getAttributes().addAll(attrList);		
-		if (attributeStatement.getAttributes().size() > 0) {
-			assertion.getAttributeStatements().add(attributeStatement);
-		}
-		
-		Subject subject = SAML2Utils.createSAMLObject(Subject.class);
-		subject.setNameID(subjectNameID);
-		
-		SubjectConfirmation subjectConfirmation = SAML2Utils
-				.createSAMLObject(SubjectConfirmation.class);
-		subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
-		subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
-
-		subject.getSubjectConfirmations().add(subjectConfirmation);
-
-		Conditions conditions = SAML2Utils.createSAMLObject(Conditions.class);
-		AudienceRestriction audienceRestriction = SAML2Utils
-				.createSAMLObject(AudienceRestriction.class);
-		Audience audience = SAML2Utils.createSAMLObject(Audience.class);
-		
-		audience.setAudienceURI(entityID);
-		audienceRestriction.getAudiences().add(audience);
-		conditions.setNotBefore(date);		
-		conditions.setNotOnOrAfter(isValidTo);
-				
-		conditions.getAudienceRestrictions().add(audienceRestriction);
-
-		assertion.setConditions(conditions);
-
-		Issuer issuerObj = SAML2Utils.createSAMLObject(Issuer.class);
-				
-		if (issuer.endsWith("/"))
-			issuer = issuer.substring(0, issuer.length()-1);
-		issuerObj.setValue(issuer);
-		issuerObj.setFormat(NameID.ENTITY);
-		
-		assertion.setIssuer(issuerObj);
-		assertion.setSubject(subject);
-		assertion.setID(SAML2Utils.getSecureIdentifier());
-		assertion.setIssueInstant(date);
-		
-		return assertion;		
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
deleted file mode 100644
index 6ccacd6c8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeValue;
-import org.opensaml.xml.Configuration;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSInteger;
-import org.opensaml.xml.schema.XSString;
-import org.opensaml.xml.schema.impl.XSIntegerBuilder;
-import org.opensaml.xml.schema.impl.XSStringBuilder;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-
-public class SamlAttributeGenerator implements IAttributeGenerator<Attribute> {
-	
-	private XMLObject buildAttributeStringValue(String value) {
-		XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
-		XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
-		stringValue.setValue(value);
-		return stringValue;
-	}
-	
-	private XMLObject buildAttributeIntegerValue(int value) {
-		XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
-		XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
-		integerValue.setValue(value);
-		return integerValue;
-	}
-	
-	public Attribute buildStringAttribute(final String friendlyName, final String name, final String value) {
-		Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.setNameFormat(Attribute.URI_REFERENCE);
-		attribute.getAttributeValues().add(buildAttributeStringValue(value));
-		return attribute;
-	}
-	
-	public Attribute buildIntegerAttribute(final String friendlyName, final String name, final int value) {
-		Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.setNameFormat(Attribute.URI_REFERENCE);
-		attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
-		return attribute;
-	}
-	
-	public Attribute buildEmptyAttribute(final String friendlyName, final String name) {
-		Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.setNameFormat(Attribute.URI_REFERENCE);
-		return attribute;
-	}
-
-	public Attribute buildLongAttribute(String friendlyName, String name, long value) {
-		Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.setNameFormat(Attribute.URI_REFERENCE);
-		attribute.getAttributeValues().add(buildAttributeIntegerValue((int) value));
-		return attribute;
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
index c0fb5bf5b..d4c94e5c5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
@@ -32,11 +32,12 @@ import org.opensaml.saml2.metadata.Organization;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 import org.opensaml.xml.security.credential.Credential;
 
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -48,16 +49,18 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	private static final int VALIDUNTIL_IN_HOURS = 24;
 	
 	private String authURL;
-	private IDPCredentialProvider credentialProvider;
+	private AbstractCredentialProvider credentialProvider;
+	private PVPConfiguration pvpBasicConfiguration;
 	
-	public IDPPVPMetadataConfiguration(String authURL, IDPCredentialProvider credentialProvider) {
+	public IDPPVPMetadataConfiguration(String authURL, AbstractCredentialProvider pvpIDPCredentials, PVPConfiguration pvpBasicConfiguration) {
 		this.authURL = authURL;
-		this.credentialProvider = credentialProvider;
+		this.credentialProvider = pvpIDPCredentials;
+		this.pvpBasicConfiguration = pvpBasicConfiguration;
 				
 	}
 	
 	public String getDefaultActionName() {
-		return (PVP2XProtocol.METADATA);
+		return (PVPConstants.METADATA);
 	}
 
 	/* (non-Javadoc)
@@ -98,7 +101,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	@Override
 	public String getEntityID() {
 		try {
-			return PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL);
+			return pvpBasicConfiguration.getIDPSSOMetadataService(authURL);
 		
 		} catch (ConfigurationException e) {
 			Logger.error("Can not load Metadata entry: EntityID", e);
@@ -113,7 +116,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	@Override
 	public String getEntityFriendlyName() {
 		try {
-			return PVPConfiguration.getInstance().getIDPIssuerName();
+			return pvpBasicConfiguration.getIDPIssuerName();
 			
 		} catch (ConfigurationException e) {
 			Logger.error("Can not load Metadata entry: EntityID friendlyName.", e);
@@ -129,7 +132,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	@Override
 	public List<ContactPerson> getContactPersonInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPContacts();
+			return pvpBasicConfiguration.getIDPContacts();
 			
 		} catch (ConfigurationException e) {
 			Logger.warn("Can not load Metadata entry: Contect Person", e);
@@ -145,7 +148,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	@Override
 	public Organization getOrgansiationInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPOrganisation();
+			return pvpBasicConfiguration.getIDPOrganisation();
 			
 		} catch (ConfigurationException e) {
 			Logger.warn("Can not load Metadata entry: Organisation", e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java
deleted file mode 100644
index 814a2387d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.xml.security.credential.Credential;
-import org.w3c.dom.Element;
-
-/**
- * @author tlenz
- *
- */
-public interface IPVPAuthnRequestBuilderConfiguruation {
-
-	/**
-	 * Defines a unique name for this PVP Service-provider, which is used for logging
-	 * 
-	 * @return
-	 */
-	public String getSPNameForLogging();
-	
-	/**
-	 * If true, the SAML2 isPassive flag is set in the AuthnRequest
-	 * 
-	 * @return
-	 */
-	public Boolean isPassivRequest();
-
-	/**
-	 * Define the ID of the AssertionConsumerService, 
-	 * which defines the required attributes in service-provider metadata.
-	 * 
-	 * @return
-	 */
-	public Integer getAssertionConsumerServiceId();
-
-	/**
-	 * Define the SAML2 EntityID of the service provider.
-	 * 
-	 * @return
-	 */
-	public String getSPEntityID();
-
-	/**
-	 * Define the SAML2 NameIDPolicy
-	 * 
-	 * @return Service-Provider EntityID, but never null
-	 */
-	public String getNameIDPolicyFormat();
-
-	/**
-	 * Define the AuthnContextClassRefernece of this request
-	 * 
-	 * Example: 
-	 * 			http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3 
-	 * 			http://www.stork.gov.eu/1.0/citizenQAALevel/4
-	 *          
-	 * 
-	 * @return
-	 */
-	public String getAuthnContextClassRef();
-
-	/**
-	 * Define the AuthnContextComparison model, which should be used
-	 * 
-	 * @return
-	 */
-	public AuthnContextComparisonTypeEnumeration getAuthnContextComparison();
-	
-	
-	/**
-	 * Define the credential, which should be used to sign the AuthnRequest
-	 * 
-	 * @return
-	 */
-	public Credential getAuthnRequestSigningCredential();
-	
-	
-	/**
-	 * Define the SAML2 EntityDescriptor of the IDP, which should receive the AuthnRequest
-	 * 
-	 * @return Credential, but never null.
-	 */
-	public EntityDescriptor getIDPEntityDescriptor();
-
-	/**
-	 * Set the SAML2 NameIDPolicy allow-creation flag
-	 * 
-	 * @return EntityDescriptor, but never null.
-	 */
-	public boolean getNameIDPolicyAllowCreation();
-
-	
-	/**
-	 * Set the requested SubjectNameID
-	 * 
-	 * @return SubjectNameID, or null if no SubjectNameID should be used
-	 */
-	public String getSubjectNameID();
-
-	/**
-	 * Define the qualifier of the <code>SubjectNameID</code>
-	 * <br><br>
-	 * Like: 'urn:publicid:gv.at:cdid+BF'
-	 * 
-	 * @return qualifier, or null if no qualifier should be set
-	 */
-	public String getSubjectNameIDQualifier();
-	
-	/**
-	 * Define the format of the subjectNameID, which is included in authn-request
-	 * 
-	 * 
-	 * @return nameIDFormat, of SAML2 'transient' if nothing is defined
-	 */
-	public String getSubjectNameIDFormat();
-
-	/**
-	 * Define a SP specific SAML2 requestID
-	 * 
-	 * @return requestID, or null if the requestID should be generated automatically
-	 */
-	public String getRequestID();
-
-	/**
-	 * Defines the 'method' attribute in 'SubjectConformation' element 
-	 * 
-	 * @return method, or null if no method should set
-	 */
-	public String getSubjectConformationMethode();
-
-	/**
-	 * Define the information, which should be added as 'subjectConformationDate' 
-	 * in 'SubjectConformation' element 
-	 * 
-	 * @return subjectConformation information or null if no subjectConformation should be set
-	 */
-	public Element getSubjectConformationDate();
-
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java
deleted file mode 100644
index 3a8404cae..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java
+++ /dev/null
@@ -1,238 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-
-import java.util.List;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.metadata.ContactPerson;
-import org.opensaml.saml2.metadata.Organization;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.xml.security.credential.Credential;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-
-/**
- * @author tlenz
- *
- */
-public interface IPVPMetadataBuilderConfiguration {
-
-	
-	/**
-	 * Defines a unique name for this PVP Service-provider, which is used for logging
-	 * 
-	 * @return
-	 */
-	public String getSPNameForLogging();
-	
-	/**
-	 * Set metadata valid area
-	 * 
-	 * @return valid until in hours [h]
-	 */
-	public int getMetadataValidUntil();
-	
-	/**
-	 * Build a SAML2 Entities element as metadata root element
-	 * 
-	 * @return true, if the metadata should start with entities element 
-	 */
-	public boolean buildEntitiesDescriptorAsRootElement();
-	
-	/**
-	 * 
-	 * 
-	 * @return true, if an IDP SSO-descriptor element should be generated 
-	 */
-	public boolean buildIDPSSODescriptor();
-	
-	/**
-	 * 
-	 * 
-	 * @return true, if an SP SSO-descriptor element should be generated 
-	 */
-	public boolean buildSPSSODescriptor();
-	
-	/**
-	 * Set the PVP entityID for this SAML2 metadata.
-	 * The entityID must be an URL and must be start with the public-URL prefix of the server
-	 * 
-	 * @return PVP entityID postfix as String
-	 */
-	public String getEntityID();
-	
-	/**
-	 * Set a friendlyName for this PVP entity
-	 * 
-	 * @return 
-	 */
-	public String getEntityFriendlyName();
-	
-	/**
-	 * Set the contact information for this metadata entity
-	 * 
-	 * @return
-	 */
-	public List<ContactPerson> getContactPersonInformation();
-	
-	/**
-	 * Set organisation information for this metadata entity
-	 * 
-	 * @return
-	 */
-	public Organization getOrgansiationInformation();
-	
-
-	/**
-	 * Set the credential for metadata signing
-	 * 
-	 * @return
-	 * @throws CredentialsNotAvailableException 
-	 */
-	public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException;
-	
-	/**
-	 * Set the credential for request/response signing
-	 * IDP metadata: this credential is used for SAML2 response signing
-	 * SP metadata: this credential is used for SAML2 response signing
-	 * 
-	 * @return
-	 * @throws CredentialsNotAvailableException 
-	 */
-	public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException;
-	
-	/**
-	 * Set the credential for response encryption
-	 * 
-	 * @return
-	 * @throws CredentialsNotAvailableException 
-	 */
-	public Credential getEncryptionCredentials() throws CredentialsNotAvailableException;
-	
-	/**
-	 * Set the IDP Post-Binding URL for WebSSO 
-	 * 
-	 * @return
-	 */
-	public String getIDPWebSSOPostBindingURL();
-	
-	/**
-	 * Set the IDP Redirect-Binding URL for WebSSO 
-	 * 
-	 * @return
-	 */
-	public String getIDPWebSSORedirectBindingURL();
-	
-	/**
-	 * Set the IDP Post-Binding URL for Single LogOut 
-	 * 
-	 * @return
-	 */
-	public String getIDPSLOPostBindingURL();
-	
-	/**
-	 * Set the IDP Redirect-Binding URL for Single LogOut 
-	 * 
-	 * @return
-	 */
-	public String getIDPSLORedirectBindingURL();
-	
-	/**
-	 * Set the SP Post-Binding URL for for the Assertion-Consumer Service
-	 * 
-	 * @return
-	 */
-	public String getSPAssertionConsumerServicePostBindingURL();
-	
-	/**
-	 * Set the SP Redirect-Binding URL for the Assertion-Consumer Service 
-	 * 
-	 * @return
-	 */
-	public String getSPAssertionConsumerServiceRedirectBindingURL();
-	
-	/**
-	 * Set the SP Post-Binding URL for Single LogOut 
-	 * 
-	 * @return
-	 */
-	public String getSPSLOPostBindingURL();
-	
-	/**
-	 * Set the SP Redirect-Binding URL for Single LogOut 
-	 * 
-	 * @return
-	 */
-	public String getSPSLORedirectBindingURL();
-	
-	/**
-	 * Set the SP SOAP-Binding URL for Single LogOut 
-	 * 
-	 * @return
-	 */
-	public String getSPSLOSOAPBindingURL();
-	
-	
-	/**
-	 * Set all SAML2 attributes which could be provided by this IDP
-	 * 
-	 * @return
-	 */
-	public List<Attribute> getIDPPossibleAttributes();
-	
-	/**
-	 * Set all nameID types which could be provided by this IDP
-	 * 
-	 * @return a List of SAML2 nameID types
-	 */
-	public List<String> getIDPPossibleNameITTypes();
-	
-	/**
-	 * Set all SAML2 attributes which are required by the SP
-	 * 
-	 * @return
-	 */
-	public List<RequestedAttribute> getSPRequiredAttributes();
-	
-	/**
-	 * Set all nameID types which allowed from the SP
-	 * 
-	 * @return a List of SAML2 nameID types
-	 */
-	public List<String> getSPAllowedNameITTypes();
-	
-	/**
-	 * Set the 'wantAssertionSigned' attribute in SP metadata
-	 * 
-	 * @return
-	 */
-	public boolean wantAssertionSigned();
-	
-	/**
-	 * Set the 'wantAuthnRequestSigned' attribute
-	 * 
-	 * @return
-	 */
-	public boolean wantAuthnRequestSigned();
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
deleted file mode 100644
index b731e2a95..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-
-import org.opensaml.Configuration;
-import org.opensaml.DefaultBootstrap;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.BaseSAML2MessageEncoder;
-import org.opensaml.xml.ConfigurationException;
-
-/**
- * @author tlenz
- *
- */
-public class MOADefaultBootstrap extends DefaultBootstrap {
-
-    public static synchronized void bootstrap() throws ConfigurationException {
-
-        initializeXMLSecurity();
-
-        initializeXMLTooling();
-
-        initializeArtifactBuilderFactories();
-
-        initializeGlobalSecurityConfiguration();
-        
-        initializeParserPool();
-        
-        initializeESAPI();
-        
-    }
-  
-    public static void initializeDefaultPVPConfiguration() {
-    	initializeGlobalSecurityConfiguration();
-    	
-    }
-    
-    /**
-     * Initializes the default global security configuration.
-     */
-    protected static void initializeGlobalSecurityConfiguration() {
-        Configuration.setGlobalSecurityConfiguration(MOADefaultSecurityConfigurationBootstrap.buildDefaultConfig());
-    }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java
deleted file mode 100644
index f878b95d3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-
-import org.opensaml.xml.encryption.EncryptionConstants;
-import org.opensaml.xml.security.BasicSecurityConfiguration;
-import org.opensaml.xml.security.DefaultSecurityConfigurationBootstrap;
-import org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager;
-import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
-import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
-import org.opensaml.xml.signature.SignatureConstants;
-
-/**
- * @author tlenz
- *
- */
-public class MOADefaultSecurityConfigurationBootstrap extends
-		DefaultSecurityConfigurationBootstrap {
-	
-	public static BasicSecurityConfiguration buildDefaultConfig() {
-		BasicSecurityConfiguration config = new BasicSecurityConfiguration();
-
-		populateSignatureParams(config);
-		populateEncryptionParams(config);
-		populateKeyInfoCredentialResolverParams(config);
-		populateKeyInfoGeneratorManager(config);
-		populateKeyParams(config);
-
-		return config;
-	}
-
-	protected static void populateKeyInfoGeneratorManager(
-			BasicSecurityConfiguration config) {
-		NamedKeyInfoGeneratorManager namedManager = new NamedKeyInfoGeneratorManager();
-		config.setKeyInfoGeneratorManager(namedManager);
-
-		namedManager.setUseDefaultManager(true);
-		KeyInfoGeneratorManager defaultManager = namedManager
-				.getDefaultManager();
-
-		BasicKeyInfoGeneratorFactory basicFactory = new BasicKeyInfoGeneratorFactory();
-		basicFactory.setEmitPublicKeyValue(true);
-
-		X509KeyInfoGeneratorFactory x509Factory = new X509KeyInfoGeneratorFactory();
-		x509Factory.setEmitEntityCertificate(true);
-
-		defaultManager.registerFactory(basicFactory);
-		defaultManager.registerFactory(x509Factory);
-	}
-	
-	protected static void populateSignatureParams(
-			BasicSecurityConfiguration config) {
-		
-		//use SHA256 instead of SHA1
-		config.registerSignatureAlgorithmURI("RSA",
-				SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-	
-		config.registerSignatureAlgorithmURI("DSA",
-				"http://www.w3.org/2000/09/xmldsig#dsa-sha1");
-		
-		//use SHA256 instead of SHA1
-		config.registerSignatureAlgorithmURI("EC",
-				SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
-
-		//use SHA256 instead of SHA1
-		config.registerSignatureAlgorithmURI("AES",
-				SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
-		
-		
-		config.registerSignatureAlgorithmURI("DESede",
-				SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
-
-		config.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
-		config.setSignatureHMACOutputLength(null);
-		
-		//use SHA256 instead of SHA1
-		config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
-	}
-
-	protected static void populateEncryptionParams(
-			BasicSecurityConfiguration config) {
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128),
-				"http://www.w3.org/2001/04/xmlenc#aes128-cbc");
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192),
-				"http://www.w3.org/2001/04/xmlenc#aes192-cbc");
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256),
-				"http://www.w3.org/2001/04/xmlenc#aes256-cbc");
-		
-		//support GCM mode
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128), 
-				EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM);
-		
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192), 
-				EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM);
-		
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256), 
-				EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM);
-		
-		
-		config.registerDataEncryptionAlgorithmURI("DESede",
-				Integer.valueOf(168),
-				"http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
-		config.registerDataEncryptionAlgorithmURI("DESede",
-				Integer.valueOf(192),
-				"http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
-
-		config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, "AES",
-				"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
-		
-		config.registerKeyTransportEncryptionAlgorithmURI("RSA", null,
-				"DESede", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
-
-		config.registerKeyTransportEncryptionAlgorithmURI("AES",
-				Integer.valueOf(128), null,
-				"http://www.w3.org/2001/04/xmlenc#kw-aes128");
-		config.registerKeyTransportEncryptionAlgorithmURI("AES",
-				Integer.valueOf(192), null,
-				"http://www.w3.org/2001/04/xmlenc#kw-aes192");
-		config.registerKeyTransportEncryptionAlgorithmURI("AES",
-				Integer.valueOf(256), null,
-				"http://www.w3.org/2001/04/xmlenc#kw-aes256");
-		config.registerKeyTransportEncryptionAlgorithmURI("DESede",
-				Integer.valueOf(168), null,
-				"http://www.w3.org/2001/04/xmlenc#kw-tripledes");
-		config.registerKeyTransportEncryptionAlgorithmURI("DESede",
-				Integer.valueOf(192), null,
-				"http://www.w3.org/2001/04/xmlenc#kw-tripledes");
-
-		config.setAutoGeneratedDataEncryptionKeyAlgorithmURI("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java
new file mode 100644
index 000000000..54940a9d3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java
@@ -0,0 +1,21 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataConfigurationFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+
+@Service("MOAPVPMetadataConfigurationFactory")
+public class MOAPVPMetadataConfigurationFactory implements IPVPMetadataConfigurationFactory {
+
+	@Autowired(required=true) PVPConfiguration pvpBasicConfiguration;
+	
+	@Override
+	public IPVPMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authURL,
+			AbstractCredentialProvider pvpIDPCredentials) {
+			return new IDPPVPMetadataConfiguration(authURL, pvpIDPCredentials, pvpBasicConfiguration);
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 81eca3765..5f39af7a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -22,9 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x.config;
 
-import java.io.IOException;
 import java.net.URL;
-import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -43,29 +41,19 @@ import org.opensaml.saml2.metadata.OrganizationName;
 import org.opensaml.saml2.metadata.OrganizationURL;
 import org.opensaml.saml2.metadata.SurName;
 import org.opensaml.saml2.metadata.TelephoneNumber;
+import org.springframework.stereotype.Service;
 
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
-import iaik.x509.X509Certificate;
 
-public class PVPConfiguration {
+@Service("MOAPVP2Configuration")
+public class PVPConfiguration implements IPVP2BasicConfiguration {
 	
-	private static PVPConfiguration instance;
-
-	public static PVPConfiguration getInstance() {
-		if (instance == null) {
-			instance = new PVPConfiguration();
-		}
-		return instance;
-	}
-
 	public static final String PVP2_METADATA = 	"/pvp2/metadata";
 	public static final String PVP2_IDP_REDIRECT = 	"/pvp2/redirect";
 	public static final String PVP2_IDP_POST = 		"/pvp2/post";
@@ -90,22 +78,7 @@ public class PVPConfiguration {
 	public static final String IDP_CONTACT_PHONE = "phone";	
 	
 	private static String moaIDVersion = null;
-	
-	//PVP2 generalpvpconfigdb;
-	//Properties props;
-	//String rootDir = null;
-	
-	private PVPConfiguration() {
-//		 try {
-//			//generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig();
-//			//props = AuthConfigurationProviderFactory.getInstance().getGeneralPVP2ProperiesConfig();
-//			//rootDir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir();				
-//						
-//		} catch (ConfigurationException e) {
-//			e.printStackTrace();
-//		}
-	}
-	
+		
 	public List<String> getIDPPublicPath() throws ConfigurationException {
 		List<String> publicPath = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
 		List<String> returnvalue = new ArrayList<String>();
@@ -144,6 +117,12 @@ public class PVPConfiguration {
 		return publicURLPrefix + PVP2_METADATA;
 	}
 	
+	@Override
+	public String getIDPEntityId(String authURL) throws ConfigurationException {
+		return getIDPSSOMetadataService(authURL);
+		
+	}
+	
 	public String getIDPIssuerName() throws ConfigurationException {
 		
 		if (moaIDVersion == null) {
@@ -153,47 +132,6 @@ public class PVPConfiguration {
 		return AuthConfigurationProviderFactory.getInstance().getConfigurationWithKey(
 				MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_SERVICENAMME) + moaIDVersion;
 	}
-	
-	public iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) {
-				
-		try {
-			Logger.trace("Load metadata signing certificate for online application " + entityID);
-			ISPConfiguration  oaParam = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);		
-			if (oaParam == null) {
-				Logger.info("Online Application with ID " + entityID + " not found!");
-				return null;
-			}
-		
-			String pvp2MetadataCertificateString = 
-					oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);		 
-			if (MiscUtil.isEmpty(pvp2MetadataCertificateString)) {
-				Logger.info("Online Application with ID " + entityID + " include not PVP2X metadata signing certificate!");
-				return null;
-				
-			}	
-			
-			X509Certificate cert = new X509Certificate(Base64Utils.decode(pvp2MetadataCertificateString, false));
-			Logger.debug("Metadata signing certificate is loaded for ("+entityID+") is loaded.");
-			return cert;
-			
-		} catch (CertificateException e) {
-			Logger.warn("Metadata signer certificate is not parsed.", e);
-			return null;
-			
-		} catch (ConfigurationException e) {
-			Logger.error("Configuration is not accessable.", e);
-			return null;
-			
-		} catch (IOException e) {
-			Logger.warn("Metadata signer certificate is not decodeable.", e);
-			return null;
-			
-		} catch (EAAFConfigurationException e) {
-			Logger.error("Configuration is not accessable.", e);
-			return null;
-			
-		}
-	}
 
 	public List<ContactPerson> getIDPContacts() throws ConfigurationException {
 		List<ContactPerson> list = new ArrayList<ContactPerson>();
@@ -356,4 +294,5 @@ public class PVPConfiguration {
 		
 		
 	}
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java
deleted file mode 100644
index 69ca4e8f5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class AssertionAttributeExtractorExeption extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -6459000942830951492L;
-
-	public AssertionAttributeExtractorExeption(String attributeName) {
-		super("Parse PVP2.1 assertion FAILED: Attribute " + attributeName 
-				+ " can not extract.", null);
-	}
-	
-	public AssertionAttributeExtractorExeption(String messageId,
-			Object[] parameters) {
-		super(messageId, parameters);
-	}
-
-	public AssertionAttributeExtractorExeption() {
-		super("Parse PVP2.1 assertion FAILED. Interfederation not possible", null); 
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
deleted file mode 100644
index 1e029f567..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-
-/**
- * @author tlenz
- *
- */
-public class AssertionValidationExeption extends PVP2Exception {
-
-	private static final long serialVersionUID = -3987805399122286259L;
-
-	public AssertionValidationExeption(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-
-	/**
-	 * @param string
-	 * @param object
-	 * @param e
-	 */
-	public AssertionValidationExeption(String string, Object[] parameters,
-			Throwable e) {
-		super(string, parameters, e);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java
deleted file mode 100644
index 9008a7183..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class AttributQueryException extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -4302422507173728748L;
-
-	public AttributQueryException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-	
-	public AttributQueryException(String messageId, Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java
deleted file mode 100644
index eebaf6c9e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class AuthnRequestBuildException extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -1375451065455859354L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public AuthnRequestBuildException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-
-	public AuthnRequestBuildException(String messageId, Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java
deleted file mode 100644
index 957f9af1d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class AuthnResponseValidationException extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 8023812861029406575L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public AuthnResponseValidationException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-	
-	public AuthnResponseValidationException(String messageId, Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
deleted file mode 100644
index 9f4c7fed3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class BindingNotSupportedException extends PVP2Exception {
-
-	public BindingNotSupportedException(String binding) {
-		super("pvp2.11", new Object[] {binding});
-		this.statusCodeValue = StatusCode.UNSUPPORTED_BINDING_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -7227603941387879360L;
-
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
deleted file mode 100644
index 392569366..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class InvalidAssertionConsumerServiceException extends PVP2Exception {
-
-	public InvalidAssertionConsumerServiceException(int idx) {
-		super("pvp2.00", new Object[]{idx});
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-
-	/**
-	 * 
-	 */
-	public InvalidAssertionConsumerServiceException(String wrongURL) {
-		super("pvp2.23", new Object[]{wrongURL});
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-		
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 7861790149343943091L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
deleted file mode 100644
index b49070bd6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class InvalidAssertionEncryptionException extends PVP2Exception {
-
-	private static final long serialVersionUID = 6513388841485355549L;
-
-	public InvalidAssertionEncryptionException() {
-		super("pvp2.16", new Object[]{});
-		this.statusCodeValue = StatusCode.RESPONDER_URI;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
deleted file mode 100644
index 252539bf5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class InvalidDateFormatException extends PVP2Exception {
-
-	public InvalidDateFormatException() {
-		super("pvp2.02", null);
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -6867976890237846085L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
index 15a0ccf72..0e48dfbd6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
@@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
 import org.opensaml.saml2.core.StatusCode;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
 public class MandateAttributesNotHandleAbleException extends PVP2Exception {
 
 	public MandateAttributesNotHandleAbleException() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
index 204e1c2a5..94e1874a5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
@@ -22,6 +22,8 @@
  */
 package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
 /**
  * @author tlenz
  *
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
deleted file mode 100644
index c82e6bdf1..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-
-public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException {
-
-	public NameIDFormatNotSupportedException(String nameIDFormat) {
-		super("pvp2.12", new Object[] {nameIDFormat}, "NameID format not supported");
-		statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI;
-
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -2270762519437873336L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
index 333ef9765..58c2a032d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
@@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
 import org.opensaml.saml2.core.StatusCode;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
 public class NoCredentialsException extends PVP2Exception {
 
 	public static final String MOA_IDP_TARGET = "MOA-ID";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
index ce80ac5cb..821813b69 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
@@ -22,6 +22,8 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
 public class NoMandateDataAvailableException  extends PVP2Exception {
 
 	public NoMandateDataAvailableException() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
deleted file mode 100644
index 50a1af6ad..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class NoMetadataInformationException extends PVP2Exception {
-
-	public NoMetadataInformationException() {
-		super("pvp2.15", null);
-		this.statusCodeValue = StatusCode.UNKNOWN_PRINCIPAL_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -4608068445208032193L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
deleted file mode 100644
index 00fb97151..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public abstract class PVP2Exception extends MOAIDException {
-
-	protected String statusCodeValue = StatusCode.RESPONDER_URI;
-	protected String statusMessageValue = null;
-	
-	public PVP2Exception(String messageId, Object[] parameters,
-			Throwable wrapped) {
-		super(messageId, parameters, wrapped);
-		this.statusMessageValue = this.getMessage();
-	}
-
-	public PVP2Exception(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-		this.statusMessageValue = this.getMessage();
-	}
-	
-	
-	public String getStatusCodeValue() {
-		return (this.statusCodeValue);
-	}
-	
-	public String getStatusMessageValue() {
-		return (this.statusMessageValue);
-	}
-	
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 7669537952484421069L;
-
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java
deleted file mode 100644
index 63f42cbe5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-
-public class QAANotAllowedException extends PVP2Exception {
-
-	public QAANotAllowedException(String qaa_auth, String qaa_request) {
-		super("pvp2.17", new Object[] {qaa_auth, qaa_request});
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -3964192953884089323L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
deleted file mode 100644
index fdf1063c0..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-
-public class QAANotSupportedException extends PVP2Exception {
-
-	public QAANotSupportedException(String qaa) {
-		super("pvp2.05", new Object[] {qaa});
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -3964192953884089323L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
deleted file mode 100644
index 8f12f3cce..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class RequestDeniedException extends PVP2Exception {
-
-	public RequestDeniedException() {
-		super("pvp2.14", null);
-		this.statusCodeValue = StatusCode.REQUEST_DENIED_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 4415896615794730553L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
deleted file mode 100644
index fe921f8b5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class ResponderErrorException extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -425416760138285446L;
-
-	public ResponderErrorException(String messageId, Object[] parameters,
-			Throwable wrapped) {
-		super(messageId, parameters, wrapped);
-		this.statusCodeValue = StatusCode.RESPONDER_URI;
-	}
-	
-	public ResponderErrorException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-		this.statusCodeValue = StatusCode.RESPONDER_URI;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
deleted file mode 100644
index 65def4602..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class SAMLRequestNotSignedException extends PVP2Exception {
-
-	public SAMLRequestNotSignedException() {
-		super("pvp2.07", null);
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-	
-	public SAMLRequestNotSignedException(Throwable e) {
-		super("pvp2.07", null, e);
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 1L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
deleted file mode 100644
index 8a386c951..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-
-public class SAMLRequestNotSupported extends PVP2Exception {
-
-	public SAMLRequestNotSupported() {
-		super("pvp2.09", null);
-		this.statusCodeValue = StatusCode.REQUEST_UNSUPPORTED_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 1244883178458802767L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
deleted file mode 100644
index 9f1b6168e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class SLOException extends PVP2Exception {
-	private static final long serialVersionUID = -5284624715788385022L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public SLOException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-		// TODO Auto-generated constructor stub
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java
deleted file mode 100644
index fc4ed1f28..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class SchemaValidationException extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public SchemaValidationException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-	
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public SchemaValidationException(String messageId, Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
deleted file mode 100644
index a8bfe1070..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class UnprovideableAttributeException extends PVP2Exception {
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 3972197758163647157L;
-
-	public UnprovideableAttributeException(String attributeName) {
-		super("pvp2.10", new Object[] {attributeName});
-		this.statusCodeValue = StatusCode.UNKNOWN_ATTR_PROFILE_URI;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java
deleted file mode 100644
index 8da5edeed..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter;
-
-import org.opensaml.saml2.metadata.provider.FilterException;
-
-/**
- * @author tlenz
- *
- */
-public class SchemaValidationException extends FilterException {
-
-	/**
-	 * @param string
-	 */
-	public SchemaValidationException(String string) {
-		super(string);
-		
-	}
-
-	private static final long serialVersionUID = 1L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java
deleted file mode 100644
index 86a6a777b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter;
-
-import org.opensaml.saml2.metadata.provider.FilterException;
-
-/**
- * @author tlenz
- *
- */
-public class SignatureValidationException extends FilterException {
-
-	/**
-	 * @param string
-	 */
-	public SignatureValidationException(String string) {
-		super(string);
-		
-	}
-
-	/**
-	 * @param e
-	 */
-	public SignatureValidationException(Exception e) {
-		super(e);
-	}
-
-	/**
-	 * @param string
-	 * @param object
-	 */
-	public SignatureValidationException(String string, Exception e) {
-		super(string, e);
-	}
-
-	private static final long serialVersionUID = 1L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html
deleted file mode 100644
index 5ae76ed96..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html
+++ /dev/null
@@ -1,851 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
-
-<!-- MOA-ID 2.x BKUSelection Layout CSS -->
-<style type="text/css">
-@media screen and (min-width: 650px) {
-	body {
-		margin: 0;
-		padding: 0;
-		color: #000;
-		background-color: #fff;
-		text-align: center;
-		background-color: #6B7B8B;
-	}
-	#localBKU p {
-		font-size: 0.7em;
-	}
-	#localBKU input {
-		font-size: 0.7em;
-		/*border-radius: 5px;*/
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.85em;
-		/*border-radius: 7px;*/
-		margin-bottom: 25px;
-		min-width: 80px;
-	}
-	#mandateLogin {
-		font-size: 0.85em;
-	}
-	#bku_header h2 {
-		font-size: 0.8em;
-	}
-	#page {
-		display: block;
-		border: 2px solid rgb(0, 0, 0);
-		width: 650px;
-		height: 440px;
-		margin: 0 auto;
-		margin-top: 5%;
-		position: relative;
-		border-radius: 25px;
-		background: rgb(255, 255, 255);
-	}
-	#page1 {
-		text-align: center;
-	}
-	#main {
-		/*	clear:both; */
-		position: relative;
-		margin: 0 auto;
-		width: 250px;
-		text-align: center;
-	}
-	.OA_header {
-		/*	  background-color: white;*/
-		font-size: 20pt;
-		margin-bottom: 25px;
-		margin-top: 25px;
-	}
-	#leftcontent {
-		/*float:left; */
-		width: 250px;
-		margin-bottom: 25px;
-		text-align: left;
-		border: 1px solid rgb(0, 0, 0);
-	}
-	#selectArea {
-		font-size: 15px;
-		padding-bottom: 65px;
-	}
-	#leftcontent {
-		width: 300px;
-		margin-top: 30px;
-	}
-	#bku_header {
-		height: 5%;
-		padding-bottom: 3px;
-		padding-top: 3px;
-	}
-	#bkulogin {
-		overflow: hidden;
-		min-width: 190px;
-		min-height: 180px;
-		/*height: 260px;*/
-	}
-	h2#tabheader {
-		font-size: 1.1em;
-		padding-left: 2%;
-		padding-right: 2%;
-		position: relative;
-	}
-	.setAssertionButton_full {
-		background: #efefef;
-		cursor: pointer;
-		margin-top: 15px;
-		width: 100px;
-		height: 30px
-	}
-	#leftbutton {
-		width: 30%;
-		float: left;
-		margin-left: 40px;
-	}
-	#rightbutton {
-		width: 30%;
-		float: right;
-		margin-right: 45px;
-		text-align: right;
-	}
-	button {
-		height: 25px;
-		width: 75px;
-		margin-bottom: 10px;
-	}
-	#validation {
-		position: absolute;
-		bottom: 0px;
-		margin-left: 270px;
-		padding-bottom: 10px;
-	}
-}
-
-@media screen and (max-width: 205px) {
-	#localBKU p {
-		font-size: 0.6em;
-	}
-	#localBKU input {
-		font-size: 0.6em;
-		min-width: 60px;
-		/* max-width: 65px; */
-		min-height: 1.0em;
-		/* border-radius: 5px; */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.7em;
-		min-width: 55px;
-		/*min-height: 1.1em;
-          border-radius: 5px;*/
-		margin-bottom: 2%
-	}
-	#mandateLogin {
-		font-size: 0.65em;
-	}
-	#bku_header h2 {
-		font-size: 0.8em;
-		margin-top: -0.4em;
-		padding-top: 0.4em;
-	}
-	#bkulogin {
-		min-height: 150px;
-	}
-}
-
-@media screen and (max-width: 249px) and (min-width: 206px) {
-	#localBKU p {
-		font-size: 0.7em;
-	}
-	#localBKU input {
-		font-size: 0.7em;
-		min-width: 70px;
-		/*    max-width: 75px;    */
-		min-height: 0.95em;
-		/*  border-radius: 6px;    */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.75em;
-		min-width: 60px;
-		/*    min-height: 0.95em;
-          border-radius: 6px;    */
-		margin-bottom: 5%
-	}
-	#mandateLogin {
-		font-size: 0.75em;
-	}
-	#bku_header h2 {
-		font-size: 0.9em;
-		margin-top: -0.45em;
-		padding-top: 0.45em;
-	}
-	#bkulogin {
-		min-height: 180px;
-	}
-}
-
-@media screen and (max-width: 299px) and (min-width: 250px) {
-	#localBKU p {
-		font-size: 0.9em;
-	}
-	#localBKU input {
-		font-size: 0.8em;
-		min-width: 70px;
-		/*    max-width: 75px;      */
-		/*    border-radius: 6px;  */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.85em;
-		/*     min-height: 1.05em;
-          border-radius: 7px;        */
-		margin-bottom: 10%;
-	}
-	#mandateLogin {
-		font-size: 1em;
-	}
-	#bku_header h2 {
-		font-size: 1.0em;
-		margin-top: -0.50em;
-		padding-top: 0.50em;
-	}
-}
-
-@media screen and (max-width: 399px) and (min-width: 300px) {
-	#localBKU p {
-		font-size: 0.9em;
-	}
-	#localBKU input {
-		font-size: 0.8em;
-		min-width: 70px;
-		/*     max-width: 75px;     */
-		/*    border-radius: 6px;       */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.9em;
-		/*       min-height: 1.2em;
-          border-radius: 8px;          */
-		margin-bottom: 10%;
-		max-width: 80px;
-	}
-	#mandateLogin {
-		font-size: 1em;
-	}
-	#bku_header h2 {
-		font-size: 1.1em;
-		margin-top: -0.55em;
-		padding-top: 0.55em;
-	}
-}
-
-@media screen and (max-width: 649px) and (min-width: 400px) {
-	#localBKU p {
-		font-size: 0.9em;
-	}
-	#localBKU input {
-		font-size: 0.8em;
-		min-width: 70px;
-		/*     max-width: 80px;       */
-		/*     border-radius: 6px;          */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 1.0em;
-		/*      min-height: 1.3em;
-         border-radius: 10px;         */
-		margin-bottom: 10%;
-		max-width: 85px;
-	}
-	#mandateLogin {
-		font-size: 1.2em;
-	}
-	#bku_header h2 {
-		font-size: 1.3em;
-		margin-top: -0.65em;
-		padding-top: 0.65em;
-	}
-}
-
-@media screen and (max-width: 649px) {
-	body {
-		margin: 0;
-		padding: 0;
-		color: #000;
-		text-align: center;
-		font-size: 100%;
-		background-color: #MAIN_BACKGOUNDCOLOR#;
-	}
-	#page {
-		visibility: hidden;
-		margin-top: 0%;
-	}
-	#page1 {
-		visibility: hidden;
-	}
-	#main {
-		visibility: hidden;
-	}
-	#validation {
-		visibility: hidden;
-		display: none;
-	}
-	.OA_header {
-		margin-bottom: 0px;
-		margin-top: 0px;
-		font-size: 0pt;
-		visibility: hidden;
-	}
-	#leftcontent {
-		visibility: visible;
-		margin-bottom: 0px;
-		text-align: left;
-		border: none;
-		vertical-align: middle;
-		min-height: 173px;
-		min-width: 204px;
-	}
-	#bku_header {
-		height: 10%;
-		min-height: 1.2em;
-		margin-top: 1%;
-	}
-	h2#tabheader {
-		padding-left: 2%;
-		padding-right: 2%;
-		position: relative;
-		top: 50%;
-	}
-	#bkulogin {
-		min-width: 190px;
-		min-height: 155px;
-	}
-	.setAssertionButton_full {
-		background: #efefef;
-		cursor: pointer;
-		margin-top: 15px;
-		width: 70px;
-		height: 25px;
-	}
-	input[type=button] {
-		/*          height: 11%;  */
-		width: 70%;
-	}
-}
-
-			
-			@media screen and (max-width: 649px) {
-				
-        body {
-					margin:0;
-					padding:0;
-					color : #000;
-			  	text-align: center;
-          font-size: 100%;
-			  	background-color: #MAIN_BACKGOUNDCOLOR#;
-				}
-        				
-			  #page {
-			     visibility: hidden;
-			     margin-top: 0%;
-			  }
-			  
-			  #page1 {
-			    visibility: hidden;
-			  }
-			  
-			  #main {
-			    visibility: hidden;
-			  }
-        
-        #validation {
-          visibility: hidden;
-          display: none;
-        }
-			  
-			  .OA_header {
-			    margin-bottom: 0px;
-			    margin-top: 0px;
-			    font-size: 0pt;
-			    visibility: hidden;
-			  }
-			
-			  #leftcontent {
-			    visibility: visible;
-			    margin-bottom: 0px;
-			    text-align: left;
-			    border:none;
-          vertical-align: middle;
-          min-height: 173px;
-          min-width: 204px;
-          
-			  }
-			  
-        #bku_header {
-          height: 10%;
-          min-height: 1.2em;
-          margin-top: 1%;
-        }
-        
-        h2#tabheader{
-          padding-left: 2%;
-          padding-right: 2%;
-          position: relative;
-          top: 50%;
-			  }
-        
-       	#bkulogin {	
-          min-width: 190px;
-          min-height: 155px;	
-			 }
-        
-			 .setAssertionButton_full {
-			     	background: #efefef;
-				    cursor: pointer;
-				    margin-top: 15px;
-			      width: 70px;
-			      height: 25px;
-			 }
-       
-        input[type=button] {
-/*          height: 11%;  */
-          width: 70%;
-        }
-			}
-			      
-			* {
-				margin: 0;
-				padding: 0;
-        font-family: #FONTTYPE#;
-			}
-							      			
-			#selectArea {
-				padding-top: 10px;
-				padding-bottom: 55px;
-				padding-left: 10px;
-			}
-			
-			.setAssertionButton {
-				background: #efefef;
-				cursor: pointer;
-				margin-top: 15px;
-			  width: 70px;
-			  height: 25px;
-			}
-			
-			#leftbutton  {
-				width: 35%; 
-				float:left; 
-				margin-left: 15px;
-			}
-			
-			#rightbutton {
-				width: 35%; 
-				float:right; 
-				margin-right: 25px; 
-				text-align: right;
-			}
-			
-      #mandateLogin {
-        padding-bottom: 4%;
-        padding-top: 4%;
-        height: 10%;
-        position: relative;
-        text-align: center;
-			}
-      
-      .verticalcenter {
-        vertical-align: middle;
-      }
-      
-      #mandateLogin div {
-        clear: both;
-        margin-top: -1%;
-        position: relative;
-        top: 50%;
-      }
-      
-      #bkuselectionarea {
-          position: relative;
-          display: block;
-      }
-      
-      #localBKU {
-        padding-left: 5%;
-        padding-right: 2%;
-        padding-bottom: 4%;
-        padding-top: 4%;
-        position: relative;
-        clear: both;        
-			}
-          			
-			#bkukarte {
-				float:left;
-				text-align:center;
-				width:40%;
-        min-height: 70px;
-        padding-left: 5%;
-        padding-top: 2%;
-			}
-			
-			#bkuhandy {
-				float:right;
-				text-align:center;
-				width:40%;
-        min-height: 90px;
-        padding-right: 5%;
-        padding-top: 2%;
-			}
-			
-      .bkuimage {
-        width: 90%;
-        height: auto;
-      }
-      
-			#mandate{
-				text-align:center;
-				padding : 5px 5px 5px 5px;
-			}
-      
-/*		input[type=button], .sendButton {
-				background: #BUTTON_BACKGROUNDCOLOR#;
-        color: #BUTTON_COLOR#;
-/*				border:1px solid #000;  */
-/*				cursor: pointer;
-/*        box-shadow: 3px 3px 3px #222222;  */
-/*			}
-			
-/*      button:hover, button:focus, button:active, 
-      .sendButton:hover , .sendButton:focus, .sendButton:active,
-      #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
-				background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
-        color: #BUTTON_COLOR#;
-/*				border:1px solid #000;                */
-/*				cursor: pointer;
-/*        box-shadow: -1px -1px 3px #222222;  */
-/*			}
-      
-*/
-input {
-	/*border:1px solid #000;*/
-	cursor: pointer;
-}
-
-#localBKU input {
-	/*        color: #BUTTON_COLOR#;  */
-	border: 0px;
-	display: inline-block;
-}
-
-#localBKU input:hover,#localBKU input:focus,#localBKU input:active {
-	text-decoration: underline;
-}
-
-#installJava,#BrowserNOK {
-	clear: both;
-	font-size: 0.8em;
-	padding: 4px;
-}
-
-.selectText {
-	
-}
-
-.selectTextHeader {
-	
-}
-
-.sendButton {
-	width: 30%;
-	margin-bottom: 1%;
-}
-
-#leftcontent a {
-	text-decoration: none;
-	color: #000;
-	/*	display:block;*/
-	padding: 4px;
-}
-
-#leftcontent a:hover,#leftcontent a:focus,#leftcontent a:active {
-	text-decoration: underline;
-	color: #000;
-}
-
-.infobutton {
-	background-color: #005a00;
-	color: white;
-	font-family: serif;
-	text-decoration: none;
-	padding-top: 2px;
-	padding-right: 4px;
-	padding-bottom: 2px;
-	padding-left: 4px;
-	font-weight: bold;
-}
-
-.hell {
-	background-color: #MAIN_BACKGOUNDCOLOR#;
-	color: #MAIN_COLOR#;
-}
-
-.dunkel {
-	background-color: #HEADER_BACKGROUNDCOLOR#;
-	color: #HEADER_COLOR#;
-}
-
-.main_header {
-	color: black;
-	font-size: 32pt;
-	position: absolute;
-	right: 10%;
-	top: 40px;
-}
-</style>
-<!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
-<script type="text/javascript">
-		function isIE() {
-			return (/MSIE (\d+\.\d+);/.test(navigator.userAgent));
-		}
-		function isFullscreen() {
-			try {
-				return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height));
-			} catch (e) {
-				return false;
-			}
-		}
-		function isActivexEnabled() {
-			var supported = null;
-			try {
-				supported = !!new ActiveXObject("htmlfile");
-			} catch (e) {
-				supported = false;
-			}
-			return supported;
-		}
-		function isMetro() {
-			if (!isIE())
-				return false;
-			return !isActivexEnabled() && isFullscreen();
-		}
-		window.onload=function() {
-			document.getElementById("localBKU").style.display="block";
-			return;
-		}
-		function bkuOnlineClicked() {
-			if (isMetro())
-				document.getElementById("metroDetected").style.display="block";
-			document.getElementById("localBKU").style.display="block";
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-						
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#ONLINE#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-			iFrameURL += "&MOASessionID=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function bkuHandyClicked() {
-			document.getElementById("localBKU").style.display="none";
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-			
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#HANDY#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-			iFrameURL += "&MOASessionID=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function storkClicked() {
-			document.getElementById("localBKU").style.display="none"; 
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-			
-			var ccc = "AT";
-			var countrySelection = document.getElementById("cccSelection");
-			if (countrySelection !=  null) {
-				ccc = document.getElementById("cccSelection").value;
-			}
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#ONLINE#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-			iFrameURL += "&CCC=" + ccc;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-			iFrameURL += "&MOASessionID=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function generateIFrame(iFrameURL) {
-			var el = document.getElementById("bkulogin");
-      var width = el.clientWidth;
-      var heigth = el.clientHeight - 20;
-			var parent = el.parentNode;
-            
-      iFrameURL += "&heigth=" + heigth;
-      iFrameURL += "&width=" + width;
-      
-			var iframe = document.createElement("iframe");
-			iframe.setAttribute("src", iFrameURL);
-			iframe.setAttribute("width", el.clientWidth - 1);
-			iframe.setAttribute("height", el.clientHeight - 1);
-			iframe.setAttribute("frameborder", "0");
-			iframe.setAttribute("scrolling", "no");
-			iframe.setAttribute("title", "Login");
-			parent.replaceChild(iframe, el);
-		}
-		function setMandateSelection() {
-			document.getElementById("moaidform").action = "#AUTH_URL#";
-			document.getElementById("useMandate").value = "false";
-			var checkbox = document.getElementById("mandateCheckBox");
-			if (checkbox !=  null) {
-				if (document.getElementById("mandateCheckBox").checked) {
-					document.getElementById("useMandate").value = "true";
-				}
-			}
-		}
-		function onChangeChecks() {
-      if (top.innerWidth < 650) {
-         document.getElementById("moaidform").setAttribute("target","_parent");
-      } else {
-         document.getElementById("moaidform").removeAttribute("target");
-      }
-      
-    }
-/* 		function setSSOSelection() {
-			document.getElementById("useSSO").value = "false";
-			var checkbox = document.getElementById("SSOCheckBox");
-			if (checkbox !=  null) {
-				if (document.getElementById("SSOCheckBox").checked) {
-					document.getElementById("useSSO").value = "true";
-				}
-			}
-		} */
-		
-/* 		function checkMandateSSO() {
-			var sso = document.getElementById("SSOCheckBox");
-			var mandate = document.getElementById("mandateCheckBox");
-			
-			
-			if (sso.checked && mandate.checked) {
-				alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!")
-				mandate.checked = false;
-				sso.checked = false;
-				return true;
-			} else {
-				return false;
-			}
-		} */
-	</script>
-<title>Anmeldung mittels Bürgerkarte oder Handy-Signatur</title>
-</head>
-<body onload="onChangeChecks();" onresize="onChangeChecks();">
-	<div id="page">
-		<div id="page1" class="case selected-case" role="main">
-			<h2 class="OA_header" role="heading">Anmeldung an: #OAName#</h2>
-			<div id="main">
-				<div id="leftcontent" class="hell" role="application">
-					<div id="bku_header" class="dunkel">
-						<h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2>
-					</div>
-					<div id="bkulogin" class="hell" role="form">
-						<div id="mandateLogin" style="">
-							<div>
-								<input tabindex="1" type="checkbox" name="Mandate"
-									id="mandateCheckBox" class="verticalcenter" role="checkbox"
-									onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'#MANDATECHECKED#>
-								<label for="mandateCheckBox" class="verticalcenter">in
-									Vertretung anmelden</label>
-								<!--a      href="info_mandates.html" 
-                        target="_blank"
-                        class="infobutton verticalcenter" 
-                        tabindex="5">i</a-->
-							</div>
-						</div>
-						<div id="bkuselectionarea">
-							<div id="bkukarte">
-								<img class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png"
-									alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button"
-									onClick="bkuOnlineClicked();" tabindex="2" role="button"
-									value="Karte" />
-							</div>
-							<div id="bkuhandy">
-								<img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png"
-									alt="HandyBKU" /> <input name="bkuButtonHandy" type="button"
-									onClick="bkuHandyClicked();" tabindex="3" role="button"
-									value="HANDY" />
-							</div>
-						</div>
-						<div id="localBKU">
-							<form method="get" id="moaidform" action="#AUTH_URL#"
-								class="verticalcenter" target="_parent">
-								<input type="hidden" name="bkuURI" value="#LOCAL#"> <input
-									type="hidden" name="useMandate" id="useMandate"> <input
-									type="hidden" name="SSO" id="useSSO"> <input
-									type="hidden" name="CCC" id="ccc"> <input type="hidden"
-									name="MODUL" value="#MODUL#"> <input type="hidden"
-									name="ACTION" value="#ACTION#"> <input type="hidden"
-									name="MOASessionID" value="#SESSIONID#"> <input
-									type="submit" value=">lokale Bürgerkartenumgebung" tabindex="4"
-									role="button" class="hell">
-								<!--p>
-                    <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small>								                                  
-                  </p-->								                                  
-                </form>								                                                          
-              </div>
-              <div id="stork" align="center" style="#STORKVISIBLE#">
-                <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
-                <p>
-                  <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" >
-                    <option value="BE">Belgi&euml;/Belgique</option>
-                    <option value="EE">Eesti</option>
-                    <option value="ES">Espa&ntilde;a</option>
-                    <option value="IS">&Iacute;sland</option>
-                    <option value="IT">Italia</option>
-                    <option value="LI">Liechtenstein</option>
-                    <option value="LT">Lithuania</option>
-                    <option value="PT">Portugal</option>
-                    <option value="SI">Slovenija</option>
-                    <option value="FI">Suomi</option>
-                    <option value="SE">Sverige</option>
-                  </select>
-                  <button name="bkuButton" type="button" onClick="storkClicked();">Proceed</button>
-                  <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
-                </p>
-              </div>
-
-						<div id="metroDetected" style="display: none">
-							<p>Anscheinend verwenden Sie Internet Explorer im
-								Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den
-								Optionen um die Karten-Anmeldung starten zu können.</p>
-						</div>
-					</div>
-				</div>
-			</div>
-		</div>
-		<div id="validation">
-			<a href="http://validator.w3.org/check?uri="> <img
-				style="border: 0; width: 88px; height: 31px"
-				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
-			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
-				style="border: 0; width: 88px; height: 31px"
-				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
-				alt="CSS ist valide!" />
-			</a>
-		</div>
-	</div>
-</body>
-</html>
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
deleted file mode 100644
index 8c8345bbf..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
-
-import java.io.Serializable;
-
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class InboundMessage implements InboundMessageInterface, Serializable{
-
-	private static final long serialVersionUID = 2395131650841669663L;
-	
-	private Element samlMessage = null;
-	private boolean verified = false;
-	private String entityID = null;
-	private String relayState = null;
-	
-	
-	public EntityDescriptor getEntityMetadata(MetadataProvider metadataProvider) throws NoMetadataInformationException {
-		try {
-			if (metadataProvider == null)
-				throw new NullPointerException("No PVP MetadataProvider found.");
-			
-			return metadataProvider.getEntityDescriptor(this.entityID);
-			
-		} catch (MetadataProviderException e) {
-			Logger.warn("No Metadata for EntitiyID " + entityID);
-			throw new NoMetadataInformationException();
-		}			
-	}
-	
-	/**
-	 * @param entitiyID the entitiyID to set
-	 */
-	public void setEntityID(String entitiyID) {
-		this.entityID = entitiyID;
-	}
-	
-	public void setVerified(boolean verified) {
-		this.verified = verified;
-	}
-		
-	/**
-	 * @param relayState the relayState to set
-	 */
-	public void setRelayState(String relayState) {
-		this.relayState = relayState;
-	}
-	
-	public void setSAMLMessage(Element msg) {
-		this.samlMessage = msg;
-	}
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getRelayState()
-	 */
-	@Override
-	public String getRelayState() {
-		return relayState;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getEntityID()
-	 */
-	@Override
-	public String getEntityID() {
-		return entityID;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#isVerified()
-	 */
-	@Override
-	public boolean isVerified() {
-		return verified;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getInboundMessage()
-	 */
-	@Override
-	public Element getInboundMessage() {
-		return samlMessage;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
deleted file mode 100644
index 60a6f069a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
-
-import org.w3c.dom.Element;
-
-/**
- * @author tlenz
- *
- */
-public interface InboundMessageInterface {
-	
-	public String getRelayState();
-	public String getEntityID();
-	public boolean isVerified();
-	public Element getInboundMessage();
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
deleted file mode 100644
index 7679e74a6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
-
-
-import org.opensaml.Configuration;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
-import org.opensaml.xml.io.UnmarshallingException;
-import org.opensaml.xml.signature.SignableXMLObject;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class MOARequest extends InboundMessage{
-	
-	private static final long serialVersionUID = 8613921176727607896L;
-
-	private String binding = null;
-	
-	public MOARequest(SignableXMLObject inboundMessage, String binding) {
-		setSAMLMessage(inboundMessage.getDOM());
-		this.binding = binding;
-		
-	}
-	
-	public String getRequestBinding() {
-		return binding;
-	}
-	
-	public SignableXMLObject getSamlRequest() {
-		UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
-		Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
-		
-		try {
-			return (SignableXMLObject) unmashaller.unmarshall(getInboundMessage());
-			
-		} catch (UnmarshallingException e) {
-			Logger.warn("AuthnRequest Unmarshaller error", e);
-			return null;
-		}
-		
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
deleted file mode 100644
index f2512b122..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
-
-import org.opensaml.Configuration;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
-import org.opensaml.xml.io.UnmarshallingException;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class MOAResponse extends InboundMessage {
-		
-	private static final long serialVersionUID = -1133012928130138501L;
-
-	public MOAResponse(StatusResponseType response) {
-		setSAMLMessage(response.getDOM());
-	}
-
-	public StatusResponseType getResponse() {		
-		UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
-		Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
-		
-		try {
-			return (StatusResponseType) unmashaller.unmarshall(getInboundMessage());
-			
-		} catch (UnmarshallingException e) {
-			Logger.warn("AuthnResponse Unmarshaller error", e);
-			return null;
-		}
-		
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java
deleted file mode 100644
index 3da4dc18a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
-
-/**
- * @author tlenz
- *
- */
-public interface IMOARefreshableMetadataProvider {
-
-	/**
-	 * Refresh a entity or load a entity in a metadata provider 
-	 * 
-	 * @param entityID
-	 * @return true, if refresh is success, otherwise false
-	 */
-	public boolean refreshMetadataProvider(String entityID);
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 7d43732a6..1fa17c683 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -23,401 +23,91 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
 
 import java.io.IOException;
+import java.net.MalformedURLException;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
-import java.util.Timer;
 
-import javax.xml.namespace.QName;
-
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.RoleDescriptor;
-import org.opensaml.saml2.metadata.provider.BaseMetadataProvider;
-import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
-import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
-import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
-import at.gv.egovernment.moa.id.auth.IDestroyableObject;
-import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PVPEntityCategoryFilter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPEntityCategoryFilter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataSignatureFilter;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 @Service("PVPMetadataProvider")
-public class MOAMetadataProvider extends SimpleMOAMetadataProvider
-	implements ObservableMetadataProvider, IGarbageCollectorProcessing, 
-	IMOARefreshableMetadataProvider, IDestroyableObject {
+public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
 
-	//private static final int METADATA_GARBAGE_TIMEOUT_SEC = 604800;  //7 days   
-	
-//	private static MOAMetadataProvider instance = null;
-	MetadataProvider internalProvider = null;
-	private Timer timer = null; 
-	private static Object mutex = new Object();
-	//private Map<String, Date> lastAccess = null;
-	
-	
-	public MOAMetadataProvider() {
-		internalProvider = new ChainingMetadataProvider();	
-		//lastAccess = new HashMap<String, Date>();
+	@Autowired(required=true) AuthConfiguration moaAuthConfig;
 		
-	}
-	
-//	public static MOAMetadataProvider getInstance() {
-//		if (instance == null) {
-//			synchronized (mutex) {
-//				if (instance == null) {
-//					instance = new MOAMetadataProvider();
-//					
-//					//add this to MOA garbage collector
-//					MOAGarbageCollector.addModulForGarbageCollection(instance);
-//										
-//				}
-//			}
-//		}
-//		return instance;
-//	}
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
-	 */
 	@Override
-	public void runGarbageCollector() {
-		synchronized (mutex) {
-			
-			/**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
-			try {
-				Logger.trace("Check consistence of PVP2X metadata");	
-				addAndRemoveMetadataProvider();
-					
-			} catch (ConfigurationException | EAAFConfigurationException e) {
-				Logger.error("Access to MOA-ID configuration FAILED.", e);
-					
-			}
-		}
+	protected String getMetadataURL(String entityId) throws EAAFConfigurationException {
+		ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId);
+		if (oaParam != null)
+			return oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
 		
-	}
-	
-	
-//	private static void reInitialize() {
-//		synchronized (mutex) {
-//			
-//			/**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
-//			if (instance != null)
-//				try {
-//					Logger.trace("Check consistence of PVP2X metadata");	
-//					instance.addAndRemoveMetadataProvider();
-//					
-//				} catch (ConfigurationException e) {
-//					Logger.error("Access to MOA-ID configuration FAILED.", e);
-//					
-//				}
-//			else
-//				Logger.info("MOAMetadataProvider is not loaded.");
-//		}
-//	}
-	
-	public void fullyDestroy() {
-		internalDestroy();
+		else {		
+			Logger.debug("Can not process PVP2X metadata: NO onlineApplication with Id: " + entityId);
+			return null;
 			
+		}
+							
 	}
 	
-
-
 	@Override
-	public synchronized boolean refreshMetadataProvider(String entityID) {
-		try {			
-			//check if metadata provider is already loaded
-			try {
-				if (internalProvider.getEntityDescriptor(entityID) != null)
-					return true;
-				
-			} catch (MetadataProviderException e) {}
-			
+	protected MetadataProvider createNewMetadataProvider(String entityId) throws EAAFConfigurationException, IOException, CertificateException {
+		ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId);
+		if (oaParam != null) {
+			String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);		
+			String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
+			if (MiscUtil.isNotEmpty(certBase64)) {
+				byte[] cert = Base64Utils.decode(certBase64, false);
+				String oaFriendlyName = oaParam.getUniqueIdentifier();
+														
+				return createNewSimpleMetadataProvider(metadataURL, 								 
+						buildMetadataFilterChain(oaParam, metadataURL, cert), 
+						oaFriendlyName,
+						getTimer(),
+						new BasicParserPool(),
+						createHttpClient(metadataURL));
 			
-			//reload metadata provider 
-			ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityID);
-			if (oaParam != null) {
-				String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
-				if (MiscUtil.isNotEmpty(metadataURL)) {
-					Map<String, HTTPMetadataProvider> actuallyLoadedProviders = getAllActuallyLoadedProviders();
-
-					// check if MetadataProvider is actually loaded
-					if (actuallyLoadedProviders.containsKey(metadataURL)) {
-						actuallyLoadedProviders.get(metadataURL).refresh();						
-						Logger.info("PVP2X metadata for onlineApplication: " 
-								+ entityID + " is refreshed.");
-						return true;
-						
-					} else {
-						//load new Metadata Provider
-						String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
-						if (MiscUtil.isNotEmpty(certBase64)) {
-						byte[] cert = Base64Utils.decode(certBase64, false);
-						String oaFriendlyName = oaParam.getUniqueIdentifier();
-					
-						if (timer == null)
-							timer = new Timer(true);
-						
-						ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;						
-						MetadataProvider newMetadataProvider = createNewMoaMetadataProvider(metadataURL, 								 
-								buildMetadataFilterChain(oaParam, metadataURL, cert), 
-								oaFriendlyName,
-								timer,
-								new BasicParserPool());
-						
-						chainProvider.addMetadataProvider(newMetadataProvider);
-						
-						emitChangeEvent();
-						
-						Logger.info("PVP2X metadata for onlineApplication: " 
-								+ entityID + " is added.");
-						return true;
-						
-						} else
-							Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata certificate for OA with Id: " + entityID);
-						
-					}
-															
-				} else
-					Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata URL for OA with Id: " + entityID);
-								
 			} else
-				Logger.debug("Can not refresh PVP2X metadata: NO onlineApplication with Id: " + entityID);
-				
-						
-		} catch (MetadataProviderException e) {
-			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
-					+ entityID + " FAILED.", e);
-			
-		} catch (IOException e) {
-			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
-					+ entityID + " FAILED.", e);
-			
-		} catch (CertificateException e) {
-			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
-					+ entityID + " FAILED.", e);
+				Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata certificate for OA with Id: " + entityId);
 			
-		} catch (ConfigurationException e) {
-			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
-					+ entityID + " FAILED.", e);
-			
-		} catch (EAAFConfigurationException e) {			
-			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
-					+ entityID + " FAILED.", e);
-		}
-		
-		return false;
-		
-	}
-	
-	private Map<String, HTTPMetadataProvider> getAllActuallyLoadedProviders() {
-		Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>();
-		ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-		
-		//make a Map of all actually loaded HTTPMetadataProvider
-		List<MetadataProvider> providers = chainProvider.getProviders();
-		for (MetadataProvider provider : providers) {
-			if (provider instanceof HTTPMetadataProvider) {
-				HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
-				loadedproviders.put(httpprovider.getMetadataURI(), httpprovider);
-
-			}
 		}
 		
-		return loadedproviders;		
-	}
-	
-	
-	private void addAndRemoveMetadataProvider() throws ConfigurationException, EAAFConfigurationException {
-		if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
-			Logger.info("Reload MOAMetaDataProvider.");
-			
-			/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
-			 *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/ 
-			Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
-			ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-			
-			//get all actually loaded metadata providers
-			Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+		Logger.debug("Can not process PVP2X metadata: NO onlineApplication with Id: " + entityId);
+		return null;			
 						
-			/* TODO: maybe add metadata provider destroy after timeout.
-			 *       But could be a problem if one Metadataprovider load an EntitiesDescriptor 
-			 *       with more the multiple EntityDescriptors. If one of this EntityDesciptors 
-			 *       are expired the full EntitiesDescriptor is removed. 
-			 *       
-			 *       Timeout requires a better solution in this case! 
-			 */
-//			Date now = new Date();
-//			Date expioredate = new Date(now.getTime() - (METADATA_GARBAGE_TIMEOUT_SEC * 1000));
-//			Logger.debug("Starting PVP Metadata garbag collection (Expioredate:" 
-//					+ expioredate + ")");
-									
-			//load all PVP2 OAs form ConfigurationDatabase and 
-			//compare actually loaded Providers with configured PVP2 OAs
-			Map<String, String> allOAs = authConfig.getConfigurationWithWildCard(
-					MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES 
-					+ ".%." 
-					+ MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
-			
-			if (allOAs != null) {
-				Iterator<Entry<String, String>> oaInterator = allOAs.entrySet().iterator();
-				while (oaInterator.hasNext()) {
-					Entry<String, String> oaKeyPair = oaInterator.next();
-					
-					ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
-					if (oaParam != null) {
-						String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
-						
-						HTTPMetadataProvider httpProvider = null;				
-						try {
-							if (MiscUtil.isNotEmpty(metadataurl)) {						
-								if (loadedproviders.containsKey(metadataurl)) {									
-									//	PVP2 OA is actually loaded, to nothing
-									providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
-									loadedproviders.remove(metadataurl);
-							
-							
-									//INFO: load metadata dynamically if they are requested 
-//								} else if ( MiscUtil.isNotEmpty(metadataurl) &&
-//										!providersinuse.containsKey(metadataurl) ) {
-//									//PVP2 OA is new, add it to MOAMetadataProvider
-//									String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
-//									if (MiscUtil.isNotEmpty(certBase64)) {
-//										byte[] cert = Base64Utils.decode(certBase64, false);
-//										String oaFriendlyName = oaParam.getFriendlyName();
-//									
-//									
-//										Logger.info("Loading metadata for: " + oaFriendlyName);
-//										httpProvider = createNewHTTPMetaDataProvider(
-//												metadataurl, 												
-//												buildMetadataFilterChain(oaParam, metadataurl, cert),
-//												oaFriendlyName);
-//							
-//										if (httpProvider != null)
-//											providersinuse.put(metadataurl, httpProvider);
-//									}
-						
-								}
-							}
-						} catch (Throwable e) {
-							Logger.error(
-							"Failed to add Metadata (unhandled reason: "
-									+ e.getMessage(), e);
-					
-							if (httpProvider != null) {
-								Logger.debug("Destroy failed Metadata provider");
-								httpProvider.destroy();
-							}
-					
-						}	
-					}
-				}
-			}
-			
-			//remove all actually loaded MetadataProviders with are not in ConfigurationDB any more
-			Collection<HTTPMetadataProvider> notusedproviders = loadedproviders.values();
-			for (HTTPMetadataProvider provider : notusedproviders) {
-				String metadataurl = provider.getMetadataURI();
-				
-				try {
-					
-					provider.destroy();
-					
-					/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
-					 *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
-					//chainProvider.removeMetadataProvider(provider);
-					
-					Logger.info("Remove not used MetadataProvider with MetadataURL " + metadataurl);
-					
-				} catch (Throwable e) {
-					Logger.error("HTTPMetadataProvider with URL " + metadataurl 
-							+ " can not be removed from the list of actually loaded Providers.", e);
-					
-				}
-				
-			}
-			
-			try {
-				chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
-				
-				emitChangeEvent();
-								
-			} catch (MetadataProviderException e) {
-				Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy", e);
-				
-			}
-			
-			
-			
-		} else {
-			Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
-		}
-		
 	}
 	
-	
-	public void internalDestroy() {
-		if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
-			Logger.info("Destrorying PVP-Authentication MetaDataProvider.");
-			ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;				
-			
-			List<MetadataProvider> providers = chainProvider.getProviders();
-			for (MetadataProvider provider : providers) {
-				if (provider instanceof HTTPMetadataProvider) {
-					HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
-					Logger.debug("Destroy HTTPMetadataProvider +" + httpprovider.getMetadataURI());
-					httpprovider.destroy();
-					
-				} else {
-					Logger.warn("MetadataProvider can not be destroyed.");
-				}
-			}
-				
-			internalProvider = new ChainingMetadataProvider();
-			
-			if (timer != null)
-				timer.cancel();
-			
-		} else {
-			Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
-		}
-	}
-	
-	@Deprecated
-	/**
-	 * Load all PVP metadata from OA configuration
-	 * 
-	 * This method is deprecated because OA metadata should be loaded dynamically 
-	 * if the corresponding OA is requested.
-	 */
-	private void loadAllPVPMetadataFromKonfiguration() throws EAAFConfigurationException {
-		ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
-		Logger.info("Loading metadata");		
-		Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
-		Map<String, String> allOAs = authConfig.getConfigurationWithWildCard(
+	@Override
+	protected List<String> getAllMetadataURLsFromConfiguration() throws EAAFConfigurationException {
+		List<String> metadataURLs = new ArrayList<String>();
+		
+		Map<String, String> allOAs = moaAuthConfig.getConfigurationWithWildCard(
 				MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES 
 				+ ".%." 
 				+ MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
@@ -430,71 +120,56 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 				ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
 				if (oaParam != null) {
 					String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
-					String oaFriendlyName = oaParam.getUniqueIdentifier();
-					MetadataProvider httpProvider = null;
-			
-					try {
-						String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
-						if (MiscUtil.isNotEmpty(certBase64) && MiscUtil.isNotEmpty(metadataurl)) {
-							byte[] cert = Base64Utils.decode(certBase64, false);
-							
-							
-							if (timer == null)
-								timer = new Timer(true);
-							
-							Logger.info("Loading metadata for: " + oaFriendlyName);					
-							if (!providersinuse.containsKey(metadataurl)) {					
-								httpProvider = createNewMoaMetadataProvider(
-										metadataurl, 
-										buildMetadataFilterChain(oaParam, metadataurl, cert),
-										oaFriendlyName,
-										timer,
-										new BasicParserPool());
+					if (MiscUtil.isNotEmpty(metadataurl))
+						metadataURLs.add(metadataurl);
+					else
+						Logger.trace("OA: " + oaParam.getUniqueIdentifier() + " has NO PVP2 metadata URL");
 					
-								if (httpProvider != null)
-									providersinuse.put(metadataurl, httpProvider);
-						
-							} else {
-								Logger.info(metadataurl + " are already added.");
-							}
-					
-						} else {
-							Logger.info(oaFriendlyName
-									+ " is not a PVP2 Application skipping");
-						}
-					} catch (Throwable e) {
-						Logger.error(
-								"Failed to add Metadata (unhandled reason: "
-										+ e.getMessage(), e);
-				
-						if (httpProvider != null && httpProvider instanceof BaseMetadataProvider) {
-							Logger.debug("Destroy failed Metadata provider");
-							((BaseMetadataProvider)httpProvider).destroy();
-							
-						}
-					}			
-				}
+				} else
+					Logger.warn("Something is suspect! OA is in Set of OAs, but no specific OA configuration is found.");
 			}
 			
-		} else 
-			Logger.info("No Online-Application configuration found. PVP 2.1 metadata provider initialization failed!");
-				
-		try {
-			chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
+		} else
+			Logger.debug("No OA configuration found.");
+														
+		return metadataURLs;
+	}
 			
-		} catch (MetadataProviderException e) {
-			Logger.error(
-					"Failed to add Metadata (unhandled reason: "
-							+ e.getMessage(), e);
+	private HttpClient createHttpClient(String metadataURL) {					
+		MOAHttpClient httpClient = new MOAHttpClient();		
+		HttpClientParams httpClientParams = new HttpClientParams();
+		httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+		httpClient.setParams(httpClientParams);
+		
+		if (metadataURL.startsWith("https:")) {
+			try {
+				//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
+				MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+						PVPConstants.SSLSOCKETFACTORYNAME, 
+						moaAuthConfig.getTrustedCACertificates(),
+						null,
+						AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
+						moaAuthConfig.isTrustmanagerrevoationchecking(),
+						moaAuthConfig.getRevocationMethodOrder(),
+						moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+								AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
+				
+				httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+			} catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
+				Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+				
+			}
 		}
 		
-		internalProvider = chainProvider;
+		return httpClient;
 				
 	}
-		
-	private PVPMetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException {
-		PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
-		filterChain.getFilters().add(new SchemaValidationFilter());
+	
+	private MetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, byte[] certificate) throws CertificateException{
+		MetadataFilterChain filterChain = new MetadataFilterChain();		
+		filterChain.getFilters().add(new SchemaValidationFilter(moaAuthConfig.isPVPSchemaValidationActive()));
+		filterChain.getFilters().add(new MetadataSignatureFilter(metadataURL, certificate));
 		filterChain.getFilters().add(
 				new PVPEntityCategoryFilter(authConfig.getBasicMOAIDConfigurationBoolean(
 						AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER, 
@@ -511,116 +186,4 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 		return filterChain;		
 	}
 		
-	public boolean requireValidMetadata() {
-		return internalProvider.requireValidMetadata();
-	}
-
-	public void setRequireValidMetadata(boolean requireValidMetadata) {
-		internalProvider.setRequireValidMetadata(requireValidMetadata);
-	}
-
-	public MetadataFilter getMetadataFilter() {
-		return internalProvider.getMetadataFilter();
-	}
-
-	public void setMetadataFilter(MetadataFilter newFilter)
-			throws MetadataProviderException {
-		internalProvider.setMetadataFilter(newFilter);
-	}
-
-	public XMLObject getMetadata() throws MetadataProviderException {
-		return internalProvider.getMetadata();
-	}
-
-	public EntitiesDescriptor getEntitiesDescriptor(String entitiesID)
-			throws MetadataProviderException {
-		EntitiesDescriptor entitiesDesc = null;
-		try {
-			entitiesDesc = internalProvider.getEntitiesDescriptor(entitiesID);
-		
-			if (entitiesDesc == null) {
-				Logger.debug("Can not find PVP metadata for entityID: " + entitiesID 
-						+ " Start refreshing process ...");
-				if (refreshMetadataProvider(entitiesID))
-					return internalProvider.getEntitiesDescriptor(entitiesID);
-									
-			}			
-			
-		} catch (MetadataProviderException e) {
-			Logger.debug("Can not find PVP metadata for entityID: " + entitiesID 
-					+ " Start refreshing process ...");
-			if (refreshMetadataProvider(entitiesID))
-				return internalProvider.getEntitiesDescriptor(entitiesID);
-			
-		}	
-		
-		return entitiesDesc;
-	}
-
-	public EntityDescriptor getEntityDescriptor(String entityID)
-			throws MetadataProviderException {
-		EntityDescriptor entityDesc = null;
-		try {
-			entityDesc = internalProvider.getEntityDescriptor(entityID);
-			if (entityDesc == null) {
-				Logger.debug("Can not find PVP metadata for entityID: " + entityID 
-						+ " Start refreshing process ...");
-				if (refreshMetadataProvider(entityID))
-					return internalProvider.getEntityDescriptor(entityID);
-									
-			}
-			
-		} catch (MetadataProviderException e) {
-			Logger.debug("Can not find PVP metadata for entityID: " + entityID 
-					+ " Start refreshing process ...");
-			if (refreshMetadataProvider(entityID))
-				return internalProvider.getEntityDescriptor(entityID);
-			
-		}
-		
-//		if (entityDesc != null)
-//			lastAccess.put(entityID, new Date());
-		
-		return entityDesc;
-	}
-
-	public List<RoleDescriptor> getRole(String entityID, QName roleName)
-			throws MetadataProviderException {		
-		List<RoleDescriptor> result = internalProvider.getRole(entityID, roleName);
-		
-//		if (result != null)
-//			lastAccess.put(entityID, new Date());
-		
-		return result; 
-	}
-
-	public RoleDescriptor getRole(String entityID, QName roleName,
-			String supportedProtocol) throws MetadataProviderException {
-		RoleDescriptor result = internalProvider.getRole(entityID, roleName, supportedProtocol);
-		
-//		if (result != null)
-//			lastAccess.put(entityID, new Date());
-		
-		return result; 
-	}
-
-	/* (non-Javadoc)
-	 * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers()
-	 */
-	@Override
-	public List<Observer> getObservers() {
-		return ((ChainingMetadataProvider) internalProvider).getObservers();
-	}
-
-	protected void emitChangeEvent() {
-		if ((getObservers() == null) || (getObservers().size() == 0)) {
-			return;
-		}
-
-		List<Observer> tempObserverList = new ArrayList<Observer>(getObservers());
-		for (ObservableMetadataProvider.Observer observer : tempObserverList)
-			if (observer != null)
-				observer.onEvent(this);
-	}
-	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
deleted file mode 100644
index c87b7515f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
+++ /dev/null
@@ -1,257 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
-
-import java.io.File;
-import java.net.MalformedURLException;
-import java.util.Timer;
-
-import javax.net.ssl.SSLHandshakeException;
-
-import org.apache.commons.httpclient.MOAHttpClient;
-import org.apache.commons.httpclient.params.HttpClientParams;
-import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
-import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.xml.parse.ParserPool;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
-import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
-
-/**
- * @author tlenz
- *
- */
-public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
-	
-	private static final String URI_PREFIX_HTTP = "http:";
-	private static final String URI_PREFIX_HTTPS = "https:";
-	private static final String URI_PREFIX_FILE = "file:";
-	
-	
-	@Autowired 
-	//protected IConfiguration authConfig;
-	protected AuthConfiguration authConfig;
-	
-	/**
-	 * Create a single SAML2 MOA specific metadata provider
-	 * 
-	 * @param metadataLocation where the metadata should be loaded, but never null. If the location starts with http(s):, than a http
-	 *  based metadata provider is used. If the location starts with file:, than a filesystem based metadata provider is used
-	 * @param filter Filters, which should be used to validate the metadata
-	 * @param IdForLogging Id, which is used for Logging
-	 * @param timer {@link Timer} which is used to schedule metadata refresh operations
-	 * 
-	 * @return SAML2 Metadata Provider, or null if the metadata provider can not initialized
-	 */
-	protected MetadataProvider createNewMoaMetadataProvider(String metadataLocation, MetadataFilter filter, 
-			String IdForLogging, Timer timer, ParserPool pool) {
-		if (metadataLocation.startsWith(URI_PREFIX_HTTP) || metadataLocation.startsWith(URI_PREFIX_HTTPS)) 
-			return createNewHTTPMetaDataProvider(metadataLocation, filter, IdForLogging, timer, pool);
-		
-		else {
-			String absoluteMetadataLocation;
-			try {
-				absoluteMetadataLocation = FileUtils.makeAbsoluteURL(
-						metadataLocation,
-						authConfig.getConfigurationRootDirectory().toURL().toString());
-				
-				if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
-					File metadataFile = new File(absoluteMetadataLocation);
-					if (metadataFile.exists())
-						return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool);
-					
-					else {
-						Logger.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
-						return null;
-					}
-					
-				}	
-				
-				
-			} catch (MalformedURLException e) {
-				Logger.warn("SAML2 metadata URL is invalid: " + metadataLocation, e);
-				
-			}
-							
-		}
-		
-		Logger.warn("SAML2 metadata has an unsupported metadata location prefix: " + metadataLocation);		
-		return null;
-		
-	}
-	
-	
-	/**
-	 * Create a single SAML2 filesystem based metadata provider
-	 * 
-	 * @param metadataFile File, where the metadata should be loaded
-	 * @param filter Filters, which should be used to validate the metadata
-	 * @param IdForLogging Id, which is used for Logging
-	 * @param timer {@link Timer} which is used to schedule metadata refresh operations
-	 * @param pool 
-	 * 
-	 * @return SAML2 Metadata Provider
-	 */	
-	private MetadataProvider createNewFileSystemMetaDataProvider(File metadataFile, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool) {
-		FilesystemMetadataProvider fileSystemProvider = null;
-		try {
-			fileSystemProvider = new FilesystemMetadataProvider(timer, metadataFile);
-			fileSystemProvider.setParserPool(pool);
-			fileSystemProvider.setRequireValidMetadata(true);
-			fileSystemProvider.setMinRefreshDelay(1000*60*15); //15 minutes
-			fileSystemProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
-			//httpProvider.setRefreshDelayFactor(0.1F);
-			
-			fileSystemProvider.setMetadataFilter(filter);
-			fileSystemProvider.initialize();
-			
-			fileSystemProvider.setRequireValidMetadata(true);
-			
-			return fileSystemProvider;
-						
-		} catch (Exception e) {
-			Logger.warn(
-					"Failed to load Metadata file for "
-							+ IdForLogging + "[ "
-							+ "File: " + metadataFile.getAbsolutePath()
-							+ " Msg: " + e.getMessage() + " ]", e);
-			
-			
-			Logger.warn("Can not initialize SAML2 metadata provider from filesystem: " + metadataFile.getAbsolutePath()
-					+ " Reason: " + e.getMessage(), e);
-			
-			if (fileSystemProvider != null)
-				fileSystemProvider.destroy();
-			
-		}
-				
-		return null;
-				
-	}
-	
-	
-	
-	/**
-	 * Create a single SAML2 HTTP metadata provider
-	 * 
-	 * @param metadataURL URL, where the metadata should be loaded
-	 * @param filter Filters, which should be used to validate the metadata
-	 * @param IdForLogging Id, which is used for Logging
-	 * @param timer {@link Timer} which is used to schedule metadata refresh operations
-	 * @param pool 
-	 * 
-	 * @return SAML2 Metadata Provider
-	 */
-	private MetadataProvider createNewHTTPMetaDataProvider(String metadataURL, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool) {
-		HTTPMetadataProvider httpProvider = null;
-		//Timer timer= null;
-		MOAHttpClient httpClient = null;
-		try {			
-			httpClient = new MOAHttpClient();
-			
-			HttpClientParams httpClientParams = new HttpClientParams();
-			httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
-			httpClient.setParams(httpClientParams);
-			
-			if (metadataURL.startsWith("https:")) {
-				try {
-					//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
-					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
-							PVPConstants.SSLSOCKETFACTORYNAME, 
-							authConfig.getTrustedCACertificates(),
-							null,
-							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
-							authConfig.isTrustmanagerrevoationchecking(),
-							authConfig.getRevocationMethodOrder(),
-							authConfig.getBasicMOAIDConfigurationBoolean(
-									AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
-					
-					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
-
-				} catch (MOAHttpProtocolSocketFactoryException e) {
-					Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
-					
-				}
-			}
-			
-//			timer = new Timer(true);
-			httpProvider = new HTTPMetadataProvider(timer, httpClient, 
-					metadataURL);
-			httpProvider.setParserPool(pool);
-			httpProvider.setRequireValidMetadata(true);
-			httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
-			httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
-			//httpProvider.setRefreshDelayFactor(0.1F);
-			
-			httpProvider.setMetadataFilter(filter);
-			httpProvider.initialize();
-			
-			httpProvider.setRequireValidMetadata(true);
-			
-			return httpProvider;
-						
-		} catch (Throwable e) {			
-			if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
-				Logger.warn("SSL-Server certificate for metadata " 
-						+ metadataURL + " not trusted.", e);
-				
-			} if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {				
-				Logger.warn("Signature verification for metadata" 
-						+ metadataURL + " FAILED.", e);
-			
-			} if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
-				Logger.warn("Schema validation for metadata " 
-						+ metadataURL + " FAILED.", e);								
-			}
-			
-			Logger.warn(
-					"Failed to load Metadata file for "
-							+ IdForLogging + "[ "
-							+ e.getMessage() + " ]", e);
-						
-			if (httpProvider != null) {
-				Logger.debug("Destroy failed Metadata provider");
-				httpProvider.destroy();
-			}
-			
-//			if (timer != null) {
-//				Logger.debug("Destroy Timer.");
-//				timer.cancel();
-//			}
-
-			
-		}
-		
-		return null;	
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
deleted file mode 100644
index dd94e0093..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
+++ /dev/null
@@ -1,218 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
-
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.interfaces.ECPrivateKey;
-import java.security.interfaces.RSAPrivateKey;
-
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.x509.X509Credential;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureConstants;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.opemsaml.MOAKeyStoreX509CredentialAdapter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public abstract class AbstractCredentialProvider {
-	
-	private KeyStore keyStore = null;
-	
-	/**
-	 * Get a friendlyName for this keyStore implementation
-	 * This friendlyName is used for logging
-	 * 
-	 * @return keyStore friendlyName
-	 */
-	public abstract String getFriendlyName();
-	
-	/**
-	 * Get KeyStore
-	 * 
-	 * @return URL to the keyStore
-	 * @throws ConfigurationException 
-	 */
-	public abstract String getKeyStoreFilePath() throws ConfigurationException;
-	
-	/**
-	 * Get keyStore password
-	 * 
-	 * @return Password of the keyStore
-	 */
-	public abstract String getKeyStorePassword();
-	
-	/**
-	 * Get alias of key for metadata signing
-	 * 
-	 * @return key alias
-	 */
-	public abstract String getMetadataKeyAlias();
-	
-	/**
-	 * Get password of key for metadata signing
-	 * 
-	 * @return key password
-	 */
-	public abstract String getMetadataKeyPassword();
-	
-	/**
-	 * Get alias of key for request/response signing
-	 * 
-	 * @return key alias
-	 */
-	public abstract String getSignatureKeyAlias();
-	
-	/**
-	 * Get password of key for request/response signing
-	 * 
-	 * @return key password
-	 */
-	public abstract String getSignatureKeyPassword();
-	
-	/**
-	 * Get alias of key for IDP response encryption
-	 * 
-	 * @return key alias
-	 */
-	public abstract String getEncryptionKeyAlias();
-	
-	/**
-	 * Get password of key for IDP response encryption
-	 * 
-	 * @return key password
-	 */
-	public abstract String getEncryptionKeyPassword();
-	
-	
-	public X509Credential getIDPMetaDataSigningCredential()
-			throws CredentialsNotAvailableException {
-		try {
-			
-			if (keyStore == null)
-				keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), 
-						getKeyStorePassword());
-
-			MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
-					keyStore, getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray());
-
-			credentials.setUsageType(UsageType.SIGNING);
-			if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
-				Logger.error(getFriendlyName() + " Metadata Signing credentials is not found or contains no PrivateKey.");
-				throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: "
-						+ getMetadataKeyAlias() + ") is not found or contains no PrivateKey."});
-				
-			}
-			return credentials;
-		} catch (Exception e) {
-			Logger.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials");
-			e.printStackTrace();
-			throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
-		}
-	}
-
-	public X509Credential getIDPAssertionSigningCredential()
-			throws CredentialsNotAvailableException {
-		try {
-			if (keyStore == null)
-				keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), 
-						getKeyStorePassword());
-
-			MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
-					keyStore, getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray());
-			
-			credentials.setUsageType(UsageType.SIGNING);
-			if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
-				Logger.error(getFriendlyName() + " Assertion Signing credentials is not found or contains no PrivateKey.");
-				throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: "
-						+ getSignatureKeyAlias() + ") is not found or contains no PrivateKey."});
-				
-			}
-			
-			return (X509Credential) credentials;
-		} catch (Exception e) {
-			Logger.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials");
-			e.printStackTrace();
-			throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
-		}
-	}
-	
-	public X509Credential getIDPAssertionEncryptionCredential()
-			throws CredentialsNotAvailableException {
-		try {
-			if (keyStore == null)
-				keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), 
-						getKeyStorePassword());
-
-			//if no encryption key is configured return null
-			if (MiscUtil.isEmpty(getEncryptionKeyAlias()))
-				return null;
-			
-			MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
-					keyStore, getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
-			
-			credentials.setUsageType(UsageType.ENCRYPTION);
-			
-			if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
-				Logger.error(getFriendlyName() + " Assertion Encryption credentials is not found or contains no PrivateKey.");
-				throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Encryption credentials (Alias: "
-						+ getEncryptionKeyAlias() + ") is not found or contains no PrivateKey."});
-				
-			}
-			
-			return (X509Credential) credentials;
-			
-		} catch (Exception e) {
-			Logger.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials");
-			e.printStackTrace();
-			throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
-		}
-	}
-	
-	public static Signature getIDPSignature(Credential credentials) {		
-		PrivateKey privatekey = credentials.getPrivateKey();		
-		Signature signer = SAML2Utils.createSAMLObject(Signature.class);
-		
-		if (privatekey instanceof RSAPrivateKey) {
-			signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-			
-		} else if (privatekey instanceof ECPrivateKey) {
-			signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
-
-		} else {
-			Logger.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() + " credential.");
-			
-			
-		}
-
-		signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);		
-		signer.setSigningCredential(credentials);
-		return signer;
-		
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
deleted file mode 100644
index 85de666c9..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public class CredentialsNotAvailableException extends MOAIDException {
-
-	public CredentialsNotAvailableException(String messageId,
-			Object[] parameters) {
-		super(messageId, parameters);
-	}
-
-	public CredentialsNotAvailableException(String messageId,
-			Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-	
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -2564476345552842599L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
index ebaef348c..389d97b18 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
@@ -25,14 +25,14 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
 import java.util.Properties;
 
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
-@Service("IDPCredentialProvider")
+//@Service("PVPIDPCredentialProvider")
 public class IDPCredentialProvider extends AbstractCredentialProvider {	
 	public static final String IDP_JAVAKEYSTORE = "idp.ks.file";
 	public static final String IDP_KS_PASS = "idp.ks.kspassword";
@@ -54,7 +54,7 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
 	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath()
 	 */
 	@Override
-	public String getKeyStoreFilePath() throws ConfigurationException {
+	public String getKeyStoreFilePath() throws EAAFException {
 		if (props == null)
 			props = authConfig.getGeneralPVP2ProperiesConfig();
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java
deleted file mode 100644
index ef64efb56..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
-
-public class SAMLSigner {
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
deleted file mode 100644
index 9d585bc86..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ /dev/null
@@ -1,292 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.xml.XMLObject;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class AssertionAttributeExtractor {
-	
-	private Assertion assertion = null;
-	private Map<String, List<String>> attributs = new HashMap<String, List<String>>();
-	//private PersonalAttributeList storkAttributes = new PersonalAttributeList();
-		
-	private final List<String> minimalMDSAttributeNamesList = Arrays.asList(
-			PVPConstants.PRINCIPAL_NAME_NAME, 
-			PVPConstants.GIVEN_NAME_NAME,
-			PVPConstants.BIRTHDATE_NAME,
-			PVPConstants.BPK_NAME);
-
-	private final List<String> minimalIDLAttributeNamesList = Arrays.asList(
-			PVPConstants.EID_IDENTITY_LINK_NAME,			
-			PVPConstants.EID_SOURCE_PIN_NAME,
-			PVPConstants.EID_SOURCE_PIN_TYPE_NAME);
-	
-	/**
-	 * Parse the SAML2 Response element and extracts included information
-	 * <br><br>
-	 * <b>INFO:</b> Actually, only the first SAML2 Assertion of the SAML2 Response is used!
-	 * 
-	 * @param samlResponse SAML2 Response
-	 * @throws AssertionAttributeExtractorExeption
-	 */
-	public AssertionAttributeExtractor(StatusResponseType samlResponse) throws AssertionAttributeExtractorExeption {
-		if (samlResponse != null && samlResponse instanceof Response) {
-			List<Assertion> assertions = ((Response) samlResponse).getAssertions();			
-			if (assertions.size() == 0) 
-				throw new AssertionAttributeExtractorExeption("Assertion");
-				
-			else if (assertions.size() > 1)
-				Logger.warn("Found more then ONE PVP2.1 assertions. Only the First is used.");
-			
-			assertion = assertions.get(0);
-
-			if (assertion.getAttributeStatements() != null &&
-					assertion.getAttributeStatements().size() > 0) {
-				AttributeStatement attrStat = assertion.getAttributeStatements().get(0);
-				for (Attribute attr : attrStat.getAttributes()) {
-					if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) {							
-						List<String> storkAttrValues = new ArrayList<String>();
-						for (XMLObject el : attr.getAttributeValues())
-							storkAttrValues.add(el.getDOM().getTextContent());
-						
-//						PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), 
-//								false, storkAttrValues , "Available");
-//						storkAttributes.put(attr.getName(), storkAttr );
-						
-					} else {
-						List<String> attrList = new ArrayList<String>();
-						for (XMLObject el : attr.getAttributeValues())
-							attrList.add(el.getDOM().getTextContent());
-
-						attributs.put(attr.getName(), attrList);
-												
-					}
-			}
-				
-			}
-						
-		} else 
-			throw new AssertionAttributeExtractorExeption();		
-	}
-
-	/**
-	 * Get all SAML2 attributes from first SAML2 AttributeStatement element
-	 * 
-	 * @return List of SAML2 Attributes
-	 */
-	public List<Attribute> getAllResponseAttributesFromFirstAttributeStatement() {
-		return assertion.getAttributeStatements().get(0).getAttributes();
-		
-	}
-	
-	/**
-	 * Get all SAML2 attributes of specific SAML2 AttributeStatement element
-	 * 
-	 * @param attrStatementID List ID of the AttributeStatement element
-	 * @return List of SAML2 Attributes
-	 */
-	public List<Attribute> getAllResponseAttributes(int attrStatementID) {
-		return assertion.getAttributeStatements().get(attrStatementID).getAttributes();
-		
-	}
-	
-	/**
-	 * check attributes from assertion with minimal required attribute list
-	 * @return
-	 */
-	public boolean containsAllRequiredAttributes() {
-		return containsAllRequiredAttributes(minimalMDSAttributeNamesList) 
-				|| containsAllRequiredAttributes(minimalIDLAttributeNamesList);
-		
-	}
-	
-	/**
-	 * check attributes from assertion with attributeNameList
-	 * bPK or enc_bPK are always needed
-	 * 
-	 * @param List of attributes which are required
-	 * 
-	 * @return
-	 */
-	public boolean containsAllRequiredAttributes(Collection<String> attributeNameList) {		
-		
-		//first check if a bPK or an encrypted bPK is available
-		boolean flag = true;
-		for (String attr : attributeNameList) {
-			if (!attributs.containsKey(attr)) {
-				flag = false;					
-				Logger.debug("Assertion contains no Attribute " + attr);
-									
-			}
-					
-		}
-		
-		if (flag)
-			return flag;
-		
-		else {			
-			Logger.debug("Assertion contains no all minimum attributes from: " + attributeNameList.toString());
-			return false;
-			
-		}		
-	}
-	
-	public boolean containsAttribute(String attributeName) {
-		return attributs.containsKey(attributeName);
-		
-	}
-	
-	public String getSingleAttributeValue(String attributeName) {
-		if (attributs.containsKey(attributeName) && attributs.get(attributeName).size() > 0)
-			return attributs.get(attributeName).get(0);
-		else
-			return null;
-		
-	}
-	
-	public List<String> getAttributeValues(String attributeName) {
-		return attributs.get(attributeName);
-		
-	}
-	
-	/**
-	 * Return all include PVP attribute names
-	 * 
-	 * @return
-	 */
-	public Set<String> getAllIncludeAttributeNames() {
-		return attributs.keySet();
-		
-	}
-	
-//	public PersonalAttributeList getSTORKAttributes() {
-//		return storkAttributes;
-//	}
-	
-	
-	public String getNameID() throws AssertionAttributeExtractorExeption {		
-		if (assertion.getSubject() != null) {
-			Subject subject = assertion.getSubject();
-			
-			if (subject.getNameID() != null) {
-				if (MiscUtil.isNotEmpty(subject.getNameID().getValue()))					
-					return subject.getNameID().getValue();			
-				
-				else
-					Logger.error("SAML2 NameID Element is empty.");
-			}
-		}
-			
-		throw new AssertionAttributeExtractorExeption("nameID");
-	}
-	
-	public String getSessionIndex() throws AssertionAttributeExtractorExeption {		
-		AuthnStatement authn = getAuthnStatement();
-		
-		if (MiscUtil.isNotEmpty(authn.getSessionIndex()))
-			return authn.getSessionIndex();
-		
-		else
-			throw new AssertionAttributeExtractorExeption("SessionIndex");		
-	}
-
-	/**
-	 * @return
-	 * @throws AssertionAttributeExtractorExeption 
-	 */
-	public String getQAALevel() throws AssertionAttributeExtractorExeption {
-		AuthnStatement authn = getAuthnStatement();
-		if (authn.getAuthnContext() != null && authn.getAuthnContext().getAuthnContextClassRef() != null) {
-			AuthnContextClassRef qaaClass = authn.getAuthnContext().getAuthnContextClassRef();
-			
-			if (MiscUtil.isNotEmpty(qaaClass.getAuthnContextClassRef()))
-				return qaaClass.getAuthnContextClassRef();
-			
-			else
-				throw new AssertionAttributeExtractorExeption("AuthnContextClassRef (QAALevel)");			
-		}
-		
-		throw new AssertionAttributeExtractorExeption("AuthnContextClassRef");		
-	}
-	
-	public Assertion getFullAssertion() {
-		return assertion;
-	}
-	
-	
-	/**
-	 * Get the Assertion validTo period
-	 * 
-	 * Primarily, the 'SessionNotOnOrAfter' attribute in the SAML2 'AuthnStatment' element is used.
-	 * If this is empty, this method returns value of  SAML 'Conditions' element. 
-	 * 
-	 * @return Date, until this SAML2 assertion is valid
-	 */
-	public Date getAssertionNotOnOrAfter() {
-		if (getFullAssertion().getAuthnStatements() != null 
-				&& getFullAssertion().getAuthnStatements().size() > 0) {
-			for (AuthnStatement el : getFullAssertion().getAuthnStatements()) {
-				if (el.getSessionNotOnOrAfter() != null)
-					return (el.getSessionNotOnOrAfter().toDate());
-			}
-			
-		} 
-		
-		return getFullAssertion().getConditions().getNotOnOrAfter().toDate();
-					
-	}
-	
-	private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption {
-		List<AuthnStatement> authnList = assertion.getAuthnStatements();
-		if (authnList.size() == 0)
-			throw new AssertionAttributeExtractorExeption("AuthnStatement");
-		
-		else if (authnList.size() > 1)
-			Logger.warn("Found more then ONE AuthnStatements in PVP2.1 assertions. Only the First is used.");
-		
-		return authnList.get(0);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
index e02ecb662..d7ada1f36 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -35,6 +35,7 @@ import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
 import org.opensaml.xml.security.SecurityException;
 
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
deleted file mode 100644
index 29dd70545..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
+++ /dev/null
@@ -1,145 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
-
-import java.io.IOException;
-import java.security.NoSuchAlgorithmException;
-import java.util.List;
-
-import javax.xml.namespace.QName;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.TransformerException;
-
-import org.opensaml.Configuration;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.ws.soap.soap11.Body;
-import org.opensaml.ws.soap.soap11.Envelope;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.XMLObjectBuilderFactory;
-import org.opensaml.xml.io.Marshaller;
-import org.opensaml.xml.io.MarshallingException;
-import org.w3c.dom.Document;
-
-import at.gv.egiz.eaaf.core.impl.utils.Random;
-
-public class SAML2Utils {
-
-	public static <T> T createSAMLObject(final Class<T> clazz) {
-		try {
-			XMLObjectBuilderFactory builderFactory = Configuration
-					.getBuilderFactory();
-
-			QName defaultElementName = (QName) clazz.getDeclaredField(
-					"DEFAULT_ELEMENT_NAME").get(null);
-			@SuppressWarnings("unchecked")
-			T object = (T) builderFactory.getBuilder(defaultElementName)
-					.buildObject(defaultElementName);
-			return object;
-		} catch (Throwable e) {
-			e.printStackTrace();
-			return null;
-		}
-	}
-
-	public static String getSecureIdentifier() {
-		return "_".concat(Random.nextHexRandom16());
-		
-		/*Bug-Fix: There are open problems with RandomNumberGenerator via Java SPI and Java JDK 8.121 
-		*          Generation of a 16bit Random identifier FAILES with an  Caused by: java.lang.ArrayIndexOutOfBoundsException
-		*          Caused by: java.lang.ArrayIndexOutOfBoundsException
-							  at iaik.security.random.o.engineNextBytes(Unknown Source)
-							  at iaik.security.random.SecRandomSpi.engineNextBytes(Unknown Source)
-						      at java.security.SecureRandom.nextBytes(SecureRandom.java:468)
-						      at org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:62)
-						      at org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:56)
-						      at at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils.getSecureIdentifier(SAML2Utils.java:69)        
-		*/		
-		//return idGenerator.generateIdentifier();
-	}
-	
-	private static SecureRandomIdentifierGenerator idGenerator;
-	
-	private static DocumentBuilder builder;
-	static {
-		DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-		factory.setNamespaceAware(true);
-		try {
-			builder = factory.newDocumentBuilder();
-		} catch (ParserConfigurationException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-		try {
-			idGenerator = new SecureRandomIdentifierGenerator();
-		} catch(NoSuchAlgorithmException e) {
-			e.printStackTrace();
-		}
-	}
-
-	public static Document asDOMDocument(XMLObject object) throws IOException,
-			MarshallingException, TransformerException {
-		Document document = builder.newDocument();
-		Marshaller out = Configuration.getMarshallerFactory().getMarshaller(
-				object);
-		out.marshall(object, document);
-		return document;
-	}
-
-	public static Status getSuccessStatus() {
-		Status status = SAML2Utils.createSAMLObject(Status.class);
-		StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
-		statusCode.setValue(StatusCode.SUCCESS_URI);
-		status.setStatusCode(statusCode);
-		return status;
-	}
-	
-	public static int getDefaultAssertionConsumerServiceIndex(SPSSODescriptor spSSODescriptor) {
-		
-		List<AssertionConsumerService> assertionConsumerList = spSSODescriptor.getAssertionConsumerServices();
-		
-		for (AssertionConsumerService el : assertionConsumerList) {
-			if (el.isDefault())
-				return el.getIndex();
-			
-		}
-		
-		return 0;
-	}
-	
-    public static Envelope buildSOAP11Envelope(XMLObject payload) {
-        XMLObjectBuilderFactory bf = Configuration.getBuilderFactory();
-        Envelope envelope = (Envelope) bf.getBuilder(Envelope.DEFAULT_ELEMENT_NAME).buildObject(Envelope.DEFAULT_ELEMENT_NAME);
-        Body body = (Body) bf.getBuilder(Body.DEFAULT_ELEMENT_NAME).buildObject(Body.DEFAULT_ELEMENT_NAME);
-         
-        body.getUnknownXMLObjects().add(payload);
-        envelope.setBody(body);
-         
-        return envelope;
-    }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java
deleted file mode 100644
index 86ca591ee..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import javax.xml.namespace.QName;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.Validator;
-
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.common.xml.SAMLSchemaBuilder;
-import org.opensaml.security.MetadataCriteria;
-import org.opensaml.security.SAMLSignatureProfileValidator;
-import org.opensaml.ws.message.MessageContext;
-import org.opensaml.ws.security.SecurityPolicyException;
-import org.opensaml.ws.security.SecurityPolicyRule;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.security.CriteriaSet;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-import org.opensaml.xml.validation.ValidationException;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public abstract class AbstractRequestSignedSecurityPolicyRule implements SecurityPolicyRule {
-
-	private SignatureTrustEngine trustEngine = null;
-	private QName peerEntityRole = null;
-	/**
-	 * @param peerEntityRole 
-	 * 
-	 */
-	public AbstractRequestSignedSecurityPolicyRule(SignatureTrustEngine trustEngine, QName peerEntityRole) {
-		this.trustEngine = trustEngine;
-		this.peerEntityRole = peerEntityRole;
-		
-	}
-	
-	
-	/**
-	 * Reload the PVP metadata for a given entity
-	 * 
-	 * @param entityID for which the metadata should be refreshed.
-	 * @return true if the refresh was successful, otherwise false
-	 */
-	protected abstract boolean refreshMetadataProvider(String entityID);
-	
-	
-	protected abstract SignableSAMLObject getSignedSAMLObject(XMLObject inboundData);
-	
-	/* (non-Javadoc)
-	 * @see org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message.MessageContext)
-	 */
-	@Override
-	public void evaluate(MessageContext context) throws SecurityPolicyException {
-		try {
-			verifySignature(context);
-			
-		} catch (SecurityPolicyException e) {
-			if (MiscUtil.isEmpty(context.getInboundMessageIssuer())) {
-				throw e;
-			
-			}			
-			Logger.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + context.getInboundMessageIssuer());
-			if (!refreshMetadataProvider(context.getInboundMessageIssuer()))
-				throw e;
-			
-			else {
-				Logger.trace("PVP2X metadata reload finished. Check validate message again.");					
-				verifySignature(context);
-										
-			}
-			Logger.trace("Second PVP2X message validation finished");
-			
-		}
-
-		
-	}
-
-	private void verifySignature(MessageContext context) throws SecurityPolicyException {
-		SignableSAMLObject samlObj = getSignedSAMLObject(context.getInboundMessage());			
-		if (samlObj != null && samlObj.getSignature() != null) {
-						
-			SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
-			try {
-				profileValidator.validate(samlObj.getSignature());		    
-				performSchemaValidation(samlObj.getDOM());
-		    
-			} catch (ValidationException e) {
-				Logger.warn("Signature is not conform to SAML signature profile", e);
-				throw new SecurityPolicyException("Signature is not conform to SAML signature profile");
-		    
-			} catch (SchemaValidationException e) {
-				Logger.warn("Signature is not conform to SAML signature profile", e);
-				throw new SecurityPolicyException("Signature is not conform to SAML signature profile");
-			
-			}
-			
-			
-			
-			CriteriaSet criteriaSet = new CriteriaSet();
-			criteriaSet.add( new EntityIDCriteria(context.getInboundMessageIssuer()) );
-			criteriaSet.add( new MetadataCriteria(peerEntityRole, SAMLConstants.SAML20P_NS) );
-			criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
-						
-			try {
-				if (!trustEngine.validate(samlObj.getSignature(), criteriaSet)) {
-					throw new SecurityPolicyException("Signature validation FAILED.");
-					
-				}
-				Logger.debug("PVP message signature valid.");
-				
-			} catch (org.opensaml.xml.security.SecurityException e) {
-				Logger.info("PVP2x message signature validation FAILED. Message:" + e.getMessage());
-				throw new SecurityPolicyException("Signature validation FAILED.");
-				
-			}
-			
-		} else {
-			throw new SecurityPolicyException("PVP Message is not signed.");
-			
-		}
-				
-	}
-	
-	private void performSchemaValidation(Element source) throws SchemaValidationException {
-			
-		String err = null;
-		try {
-			Schema test = SAMLSchemaBuilder.getSAML11Schema();
-			Validator val = test.newValidator();		
-			val.validate(new DOMSource(source));
-			Logger.debug("Schema validation check done OK");
-			return;
-			
-		} catch (SAXException e) {
-			err = e.getMessage();
-			if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-				Logger.warn("Schema validation FAILED with exception:", e);
-			else
-				Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
-							
-		} catch (Exception e) {
-			err = e.getMessage();
-			if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-				Logger.warn("Schema validation FAILED with exception:", e);
-			else
-				Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
-						
-		}
-			
-		throw new SchemaValidationException("pvp2.22", new Object[]{err});
-			
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
deleted file mode 100644
index 7b7ba6883..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.NameIDPolicy;
-
-import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
-import at.gv.egovernment.moaspss.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class AuthnRequestValidator {
-
-	public static void validate(AuthnRequest req) throws AuthnRequestValidatorException{
-
-		//validate NameIDPolicy
-		NameIDPolicy nameIDPolicy = req.getNameIDPolicy();
-		if (nameIDPolicy != null) {
-			String nameIDFormat = nameIDPolicy.getFormat();
-			if (nameIDFormat != null) {
-				if ( !(NameID.TRANSIENT.equals(nameIDFormat) ||
-						NameID.PERSISTENT.equals(nameIDFormat) ||
-						NameID.UNSPECIFIED.equals(nameIDFormat)) ) {
-				
-					throw new NameIDFormatNotSupportedException(nameIDFormat);
-					
-				}
-				
-			} else
-				Logger.trace("Find NameIDPolicy, but NameIDFormat is 'null'");							
-		} else
-			Logger.trace("AuthnRequest includes no 'NameIDPolicy'");
-			
-		
-		
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
index a9f9b206e..91de943d5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
@@ -28,7 +28,8 @@ import java.util.List;
 
 import org.opensaml.saml2.core.RequestAbstractType;
 
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.ISAMLValidator;
 
 public class ChainSAMLValidator implements ISAMLValidator {
 
@@ -39,7 +40,7 @@ private List<ISAMLValidator> validator = new ArrayList<ISAMLValidator>();
 	}
 	
 	public void validateRequest(RequestAbstractType request)
-			throws MOAIDException {
+			throws EAAFException {
 		Iterator<ISAMLValidator> validatorIterator = validator.iterator();
 		while(validatorIterator.hasNext()) {
 			ISAMLValidator validator = validatorIterator.next();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
deleted file mode 100644
index 4f697d986..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import org.opensaml.saml2.core.RequestAbstractType;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public interface ISAMLValidator {
-	public void validateRequest(RequestAbstractType request) throws MOAIDException;
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java
deleted file mode 100644
index 7b3f890e9..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MOAPVPSignedRequestPolicyRule extends
-		AbstractRequestSignedSecurityPolicyRule {
-
-	private IMOARefreshableMetadataProvider metadataProvider = null;
-	
-	/**
-	 * @param metadataProvider 
-	 * @param trustEngine
-	 * @param peerEntityRole
-	 */
-	public MOAPVPSignedRequestPolicyRule(MetadataProvider metadataProvider, SignatureTrustEngine trustEngine,
-			QName peerEntityRole) {
-		super(trustEngine, peerEntityRole);
-		if (metadataProvider instanceof IMOARefreshableMetadataProvider)
-			this.metadataProvider = (IMOARefreshableMetadataProvider) metadataProvider;
-				
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#refreshMetadataProvider(java.lang.String)
-	 */
-	@Override
-	protected boolean refreshMetadataProvider(String entityID) {
-		if (metadataProvider != null)
-			return metadataProvider.refreshMetadataProvider(entityID);
-		
-		return false;
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#getSignedSAMLObject(org.opensaml.xml.XMLObject)
-	 */
-	@Override
-	protected SignableSAMLObject getSignedSAMLObject(XMLObject inboundData) {
-		if (inboundData instanceof SignableSAMLObject)
-			return (SignableSAMLObject) inboundData;
-		
-		else
-			return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java
deleted file mode 100644
index efcf21b50..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import org.opensaml.common.binding.SAMLMessageContext;
-import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule;
-import org.opensaml.ws.transport.http.HTTPInTransport;
-import org.opensaml.xml.util.DatatypeHelper;
-
-/**
- * @author tlenz
- *
- */
-public class MOASAML2AuthRequestSignedRole extends SAML2AuthnRequestsSignedRule {
-
-	@Override
-    protected boolean isMessageSigned(SAMLMessageContext messageContext) {        
-        // This handles HTTP-Redirect and HTTP-POST-SimpleSign bindings.
-        HTTPInTransport inTransport = (HTTPInTransport) messageContext.getInboundMessageTransport();
-        String sigParam = inTransport.getParameterValue("Signature");
-        boolean isSigned = !DatatypeHelper.isEmpty(sigParam);
-        
-        String sigAlgParam = inTransport.getParameterValue("SigAlg");
-        boolean isSigAlgExists = !DatatypeHelper.isEmpty(sigAlgParam);
-        
-        return isSigned && isSigAlgExists;
-               
-    }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
index 952a6024a..9abaf9330 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
@@ -27,13 +27,14 @@ import org.opensaml.saml2.core.RequestAbstractType;
 import org.opensaml.security.SAMLSignatureProfileValidator;
 import org.opensaml.xml.validation.ValidationException;
 
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.ISAMLValidator;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException;
 
 public class SAMLSignatureValidator implements ISAMLValidator {
 
 	public void validateRequest(RequestAbstractType request)
-			throws MOAIDException {
+			throws EAAFException {
 		if (request.getSignature() == null) {
 			throw new SAMLRequestNotSignedException();
 		}
@@ -48,7 +49,7 @@ public class SAMLSignatureValidator implements ISAMLValidator {
 	}
 
 	public static void validateSignable(SignableSAMLObject signableObject)
-			throws MOAIDException {
+			throws EAAFException {
 		if (signableObject.getSignature() == null) {
 			throw new SAMLRequestNotSignedException();
 		}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index d89d04664..e8aa93d43 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -23,7 +23,7 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
 
 import java.io.IOException;
-import java.util.List;
+import java.security.cert.CertificateException;
 
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -36,79 +36,34 @@ import org.opensaml.xml.validation.ValidationException;
 
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.x509.X509Certificate;
 
 public class EntityVerifier {
 
-	public static byte[] fetchSavedCredential(String entityID) {
-//		List<OnlineApplication> oaList = ConfigurationDBRead
-//				.getAllActiveOnlineApplications();
-		try { 
-			ISPConfiguration oa = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);
-		
-			if (oa == null) {
-				Logger.debug("No OnlineApplication with EntityID: " + entityID);
-				return null;
-				
-			}
-			
-			String certBase64 = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
-			if (MiscUtil.isNotEmpty(certBase64)) {
-				return Base64Utils.decode(certBase64, false);
-			
-			}
-			
-		} catch (ConfigurationException | EAAFConfigurationException e) {
-			Logger.error("Access MOA-ID configuration FAILED.", e);
-			
-		} catch (IOException e) {
-			Logger.warn("Decoding PVP2X metadata certificate FAILED.", e);
-			
-		}
-		
-		return null;
-	}
-
 	public static void verify(EntityDescriptor entityDescriptor)
-			throws MOAIDException {
-		if (entityDescriptor.getSignature() == null) {
-			throw new SAMLRequestNotSignedException();
-		}
-
-		try {
-			SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
-			sigValidator.validate(entityDescriptor.getSignature());
-		} catch (ValidationException e) {
-			Logger.error("Failed to validate Signature", e);
-			throw new SAMLRequestNotSignedException(e);
-		}
-
+			throws EAAFException {
+		
 		Credential credential = getSPTrustedCredential(entityDescriptor.getEntityID());
 		if (credential == null) {
 			throw new NoCredentialsException(entityDescriptor.getEntityID());
 		}
-
-		SignatureValidator sigValidator = new SignatureValidator(credential);
-		try {
-			sigValidator.validate(entityDescriptor.getSignature());
-		} catch (ValidationException e) {
-			Logger.error("Failed to verfiy Signature", e);
-			throw new SAMLRequestNotSignedException(e);
-		}
+		
+		verify(entityDescriptor, credential);
+	
 	}
 
 	public static void verify(EntityDescriptor entityDescriptor, Credential cred)
-			throws MOAIDException {
+			throws EAAFException {
 		if (entityDescriptor.getSignature() == null) {
 			throw new SAMLRequestNotSignedException();
 		}
@@ -131,7 +86,7 @@ public class EntityVerifier {
 	}
 
 	public static void verify(EntitiesDescriptor entityDescriptor,
-			Credential cred) throws MOAIDException {
+			Credential cred) throws EAAFException {
 		if (entityDescriptor.getSignature() == null) {
 			throw new SAMLRequestNotSignedException();
 		}
@@ -153,55 +108,11 @@ public class EntityVerifier {
 			throw new SAMLRequestNotSignedException(e);
 		}
 	}
-
-	public static void verify(EntitiesDescriptor entityDescriptor)
-			throws MOAIDException {
-		if (entityDescriptor.getSignature() == null) {
-			throw new SAMLRequestNotSignedException();
-		}
-
-		try {
-			SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
-			sigValidator.validate(entityDescriptor.getSignature());
-		} catch (ValidationException e) {
-			Logger.error("Failed to validate Signature", e);
-			throw new SAMLRequestNotSignedException(e);
-		}
-
-		List<EntityDescriptor> entities = entityDescriptor
-				.getEntityDescriptors();
-
-		if (entities.size() > 0) {
-
-			if (entities.size() > 1) {
-				Logger.warn("More then one EntityID in Metadatafile with Name "
-						+ entityDescriptor.getName()
-						+ " defined. Actually only the first"
-						+ " entryID is used to select the certificate to perform Metadata verification.");
-			}
-
-			Credential credential = getSPTrustedCredential(entities.get(0).getEntityID());
-
-			if (credential == null) {
-				throw new NoCredentialsException("moaID IDP");
-			}
-
-			SignatureValidator sigValidator = new SignatureValidator(credential);
-			try {
-				sigValidator.validate(entityDescriptor.getSignature());
-
-			} catch (ValidationException e) {
-				Logger.error("Failed to verfiy Signature", e);
-				throw new SAMLRequestNotSignedException(e);
-			}
-		}
-	}
-	
+		
 	public static Credential getSPTrustedCredential(String entityID)
 			throws CredentialsNotAvailableException {
 
-		iaik.x509.X509Certificate cert = PVPConfiguration.getInstance()
-				.getTrustEntityCertificate(entityID);
+		iaik.x509.X509Certificate cert = getTrustEntityCertificate(entityID);
 		
 		if (cert == null) {
 			throw new CredentialsNotAvailableException("ServiceProvider Certificate can not be loaded from Database", null);
@@ -214,5 +125,46 @@ public class EntityVerifier {
 
 		return credential;
 	}
+	
+	private static iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) {
+		
+		try {
+			Logger.trace("Load metadata signing certificate for online application " + entityID);
+			ISPConfiguration  oaParam = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);		
+			if (oaParam == null) {
+				Logger.info("Online Application with ID " + entityID + " not found!");
+				return null;
+			}
+		
+			String pvp2MetadataCertificateString = 
+					oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);		 
+			if (MiscUtil.isEmpty(pvp2MetadataCertificateString)) {
+				Logger.info("Online Application with ID " + entityID + " include not PVP2X metadata signing certificate!");
+				return null;
+				
+			}	
+			
+			X509Certificate cert = new X509Certificate(Base64Utils.decode(pvp2MetadataCertificateString, false));
+			Logger.debug("Metadata signing certificate is loaded for ("+entityID+") is loaded.");
+			return cert;
+			
+		} catch (CertificateException e) {
+			Logger.warn("Metadata signer certificate is not parsed.", e);
+			return null;
+			
+		} catch (ConfigurationException e) {
+			Logger.error("Configuration is not accessable.", e);
+			return null;
+			
+		} catch (IOException e) {
+			Logger.warn("Metadata signer certificate is not decodeable.", e);
+			return null;
+			
+		} catch (EAAFConfigurationException e) {
+			Logger.error("Configuration is not accessable.", e);
+			return null;
+			
+		}
+	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
deleted file mode 100644
index 50bc7fb68..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ /dev/null
@@ -1,197 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
-
-import javax.xml.namespace.QName;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.Validator;
-
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.common.xml.SAMLSchemaBuilder;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.security.MetadataCriteria;
-import org.opensaml.security.SAMLSignatureProfileValidator;
-import org.opensaml.xml.security.CriteriaSet;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-import org.opensaml.xml.validation.ValidationException;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
-
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Service("SAMLVerificationEngine")
-public class SAMLVerificationEngine {
-		
-	@Autowired(required=true) MOAMetadataProvider metadataProvider;
-	
-	public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
-		try {		
-			if (msg instanceof MOARequest &&  
-					((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType)
-				verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine);
-		
-			else
-				verifyIDPResponse(((MOAResponse)msg).getResponse(), sigTrustEngine);
-			
-		} catch (InvalidProtocolRequestException e) {
-			if (MiscUtil.isEmpty(msg.getEntityID())) {
-				throw e;
-			
-			}			
-			Logger.debug("PVP2X message validation FAILED. Relead metadata for entityID: " + msg.getEntityID());
-						
-			if (metadataProvider == null || !metadataProvider.refreshMetadataProvider(msg.getEntityID()))
-				throw e;
-			
-			else {
-				Logger.trace("PVP2X metadata reload finished. Check validate message again.");
-					
-				if (msg instanceof MOARequest && 
-						((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType)
-					verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine);
-				
-				else
-					verifyIDPResponse(((MOAResponse)msg).getResponse(), sigTrustEngine);
-										
-			}
-			Logger.trace("Second PVP2X message validation finished");
-		}		
-	}
-	
-	public void verifyIDPResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine) throws InvalidProtocolRequestException{
-		verifyResponse(samlObj, sigTrustEngine, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-		
-	}
-	
-	public void verifySLOResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException {
-		verifyResponse(samlObj, sigTrustEngine, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-		
-	}
-	
-	private void verifyResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine, QName defaultElementName)  throws InvalidProtocolRequestException{
-		SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
-		try {
-		    profileValidator.validate(samlObj.getSignature());
-		    performSchemaValidation(samlObj.getDOM());
-		    
-		} catch (ValidationException e) {
-			 Logger.warn("Signature is not conform to SAML signature profile", e);
-			 throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature is not conform to SAML signature profile");
-		
-		} catch (SchemaValidationException e) {			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "SAML response does not fit XML scheme");
-		
-		}
-
-		CriteriaSet criteriaSet = new CriteriaSet();
-		criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
-		criteriaSet.add( new MetadataCriteria(defaultElementName, SAMLConstants.SAML20P_NS) );
-		criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
-
-		try {
-		    if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
-		    	throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response");
-		    }
-		} catch (org.opensaml.xml.security.SecurityException e) {
-		    Logger.warn("PVP2x message signature validation FAILED.", e);
-		    throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response");
-		}
-	}
-	
-	public void verifyRequest(RequestAbstractType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException {
-		SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
-		try {
-		    profileValidator.validate(samlObj.getSignature());		    
-		    performSchemaValidation(samlObj.getDOM());
-		    
-		} catch (ValidationException e) {
-		    Logger.warn("Signature is not conform to SAML signature profile", e);
-		    throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Scheme validation FAILED on SAML request");
-		    
-		} catch (SchemaValidationException e) {			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "Scheme verification FAILED on SAML request");
-			
-		}
-
-		CriteriaSet criteriaSet = new CriteriaSet();
-		criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
-		criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
-		criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
-
-		try {
-		    if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
-		        throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request");
-		    }
-		} catch (org.opensaml.xml.security.SecurityException e) {
-			Logger.warn("PVP2x message signature validation FAILED.", e);
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request");
-		}
-	}
-		
-	protected void performSchemaValidation(Element source) throws SchemaValidationException {
-		
-		String err = null;
-		try {
-			Schema test = SAMLSchemaBuilder.getSAML11Schema();
-			Validator val = test.newValidator();		
-			val.validate(new DOMSource(source));
-			Logger.debug("Schema validation check done OK");
-			return;
-		
-		} catch (SAXException e) {
-			err = e.getMessage();
-			if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-				Logger.warn("Schema validation FAILED with exception:", e);
-			else
-				Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
-						
-		} catch (Exception e) {
-			err = e.getMessage();
-			if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-				Logger.warn("Schema validation FAILED with exception:", e);
-			else
-				Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
-						
-		}
-		
-		throw new SchemaValidationException("pvp2.22", new Object[]{err});
-		
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
index 385fe90fb..d1d8c9368 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
@@ -47,11 +47,12 @@ import org.opensaml.xml.validation.ValidationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SAMLVerificationEngine;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
deleted file mode 100644
index 3ea124db6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
+++ /dev/null
@@ -1,87 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.security.MetadataCredentialResolver;
-import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
-import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
-import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
-import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
-import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
-import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
-//import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
-//import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver;
-
-public class TrustEngineFactory {
-
-//	public static SignatureTrustEngine getSignatureTrustEngine() {
-//		try {
-//			MetadataPKIXValidationInformationResolver mdResolver = new MetadataPKIXValidationInformationResolver(
-//					MOAMetadataProvider.getInstance());
-//
-//			List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
-//			keyInfoProvider.add(new DSAKeyValueProvider());
-//			keyInfoProvider.add(new RSAKeyValueProvider());
-//			keyInfoProvider.add(new InlineX509DataProvider());
-//
-//			KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
-//					keyInfoProvider);
-//
-//			PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(
-//					mdResolver, keyInfoResolver);
-//
-//			return engine;
-//
-//		} catch (Exception e) {
-//			e.printStackTrace();
-//			return null;
-//		}
-//	}
-
-	public static SignatureTrustEngine getSignatureKnownKeysTrustEngine(MetadataProvider provider) {
-		MetadataCredentialResolver resolver;
-
-		resolver = new MetadataCredentialResolver(provider);
-
-		List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
-		keyInfoProvider.add(new DSAKeyValueProvider());
-		keyInfoProvider.add(new RSAKeyValueProvider());
-		keyInfoProvider.add(new InlineX509DataProvider());
-
-		KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
-				keyInfoProvider);
-
-		ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(
-				resolver, keyInfoResolver);
-
-		return engine;
-
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
index 589713c4b..57f1c2f9a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
@@ -23,23 +23,20 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
 
 import java.security.cert.CertificateException;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
 
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.credential.Credential;
 import org.opensaml.xml.security.x509.BasicX509Credential;
 
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.AbstractMetadataSignatureFilter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
 import at.gv.egovernment.moa.logging.Logger;
 import iaik.x509.X509Certificate;
 
-public class MetadataSignatureFilter implements MetadataFilter {
+public class MetadataSignatureFilter extends AbstractMetadataSignatureFilter {
 	
 	private String metadataURL;
 	private BasicX509Credential savedCredential;
@@ -52,111 +49,52 @@ public class MetadataSignatureFilter implements MetadataFilter {
 		savedCredential.setEntityCertificate(cert);
 	}
 	
-	public void processEntityDescriptorr(EntityDescriptor desc) throws MOAIDException {
-		
-//		String entityID = desc.getEntityID();
-		
-		EntityVerifier.verify(desc);
-	}
-	
-	public void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException {
-		Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator();
-		
-		if(desc.getSignature() != null) {
-			EntityVerifier.verify(desc, this.savedCredential);
+	@Override
+	protected void verify(EntityDescriptor desc) throws PVP2MetadataException {
+		try {
+			EntityVerifier.verify(desc);
+			
+		} catch (EAAFException e) {
+			Logger.info("PVP2 metadata verification FAILED for entity: " + desc.getEntityID()
+					+ " Reason: " + e.getMessage());
+			throw new PVP2MetadataException("PVP2 metadata verification FAILED for entity: " + desc.getEntityID(), null, e);
 		}
 		
-		while(entID.hasNext()) {
-			processEntitiesDescriptor(entID.next());
-		}
-				
-		Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator();
+	}
 
-		List<EntityDescriptor> verifiedEntIT = new ArrayList<EntityDescriptor>();
-		
-		//check every Entity
-		
-		while(entIT.hasNext()) {
-			
-			EntityDescriptor entity = entIT.next();
-			
-			String entityID = entity.getEntityID();
-			
-			//CHECK if Entity also match MetaData signature.
-			/*This check is necessary to prepend declaration of counterfeit OA metadata!!*/
-			Logger.debug("Validate metadata for entityID: " + entityID + " ..... ");
-			byte[] entityCert = EntityVerifier.fetchSavedCredential(entityID);
-						
-			if (entityCert != null) {
+	@Override
+	protected void verify(EntitiesDescriptor desc) throws PVP2MetadataException {
+		try {
+			EntityVerifier.verify(desc, this.savedCredential);
 			
-				X509Certificate cert;
-				try {
-					cert = new X509Certificate(entityCert);
-					BasicX509Credential entityCrendential = new BasicX509Credential();
-					entityCrendential.setEntityCertificate(cert);
-	
-					EntityVerifier.verify(desc, entityCrendential);
-					
-					//add entity to verified entity-list					
-					verifiedEntIT.add(entity);
-					Logger.debug("Metadata for entityID: " + entityID + " valid");
-					
-					
-				} catch (Exception e) {
-
-					//remove entity of signature can not be verified.
-					Logger.info("Entity " + entityID + " is removed from metadata " 
-							+ desc.getName() + ". Entity verification error: " + e.getMessage());
-//					throw new MOAIDException("The App", null, e);
-				}
-				
-			} else {
-				//remove entity if it is not registrated as OA
-				Logger.info("Entity " + entityID + " is removed from metadata " 
-						+ desc.getName() + ". Entity is not registrated or no certificate is found!");				
-//				throw new NoCredentialsException("NO Certificate found for OA " + entityID);
-			}
+		} catch (EAAFException e) {
+			Logger.info("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL
+				+ " Reason: " + e.getMessage());
+			throw new PVP2MetadataException("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL, null, e);
 			
-			//TODO: insert to support signed Entity-Elements
-			//processEntityDescriptorr(entIT.next());
-		}		
+		}
 		
-		//set only verified entity elements
-		desc.getEntityDescriptors().clear();
-		desc.getEntityDescriptors().addAll(verifiedEntIT);
 	}
-	
-	public void doFilter(XMLObject metadata) throws SignatureValidationException {
+
+	@Override
+	protected void verify(EntityDescriptor entity, EntitiesDescriptor entities) throws PVP2MetadataException {		
 		try {
-			if (metadata instanceof EntitiesDescriptor) {
-				EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
-				if(entitiesDescriptor.getSignature() == null) {
-					throw new MOAIDException("Root element of metadata file has to be signed", null);
-				}
-				processEntitiesDescriptor(entitiesDescriptor);
-				
-				
-				if (entitiesDescriptor.getEntityDescriptors().size() == 0) {
-					throw new MOAIDException("No valid entity in metadata "
-							+ entitiesDescriptor.getName() + ". Metadata is not loaded.", null);
-				}
-				
-				
-			} else if (metadata instanceof EntityDescriptor) {
-				EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;
-				processEntityDescriptorr(entityDescriptor);
+			if (entity.isSigned()) {
+				Logger.debug("EntityDescriptor: " + entity.getEntityID() + " is signed. Starting signature verification ... ");
+				EntityVerifier.verify(entity);
 				
 			} else {
-				throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
+				Logger.debug("EntityDescriptor: " + entity.getEntityID() + " is not signed. Verify EntitiesDescriptor by using 'Entity' certificate ...  ");
+				Credential entityCredential = EntityVerifier.getSPTrustedCredential(entity.getEntityID());
+				EntityVerifier.verify(entities, entityCredential);
+				
 			}
 			
+		} catch (EAAFException e) {
+			Logger.info("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL
+				+ " Reason: " + e.getMessage());
+			throw new PVP2MetadataException("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL, null, e);
 			
-			
-			Logger.info("Metadata signature policy check done OK");
-		} catch (MOAIDException e) {
-			Logger.warn("Metadata signature policy check FAILED.", e);
-			throw new SignatureValidationException(e);
 		}
 	}
-
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
deleted file mode 100644
index caabfea30..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
+++ /dev/null
@@ -1,230 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.common.Extensions;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.LocalizedString;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.ServiceName;
-import org.opensaml.saml2.metadata.provider.FilterException;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.samlext.saml2mdattr.EntityAttributes;
-import org.opensaml.xml.XMLObject;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.Trible;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moaspss.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class PVPEntityCategoryFilter implements MetadataFilter {
-
-
-	private boolean isUsed = false;
-	
-	/**
-	 * Filter to map PVP EntityCategories into a set of single PVP attributes 
-	 * 
-	 * @param isUsed if true PVP EntityCategories are mapped, otherwise they are ignored
-	 * 
-	 */
-	public PVPEntityCategoryFilter(boolean isUsed) {
-		this.isUsed = isUsed;
-	}
-	
-	
-	/* (non-Javadoc)
-	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
-	 */
-	@Override
-	public void doFilter(XMLObject metadata) throws FilterException {
-		
-		if (isUsed) {
-			Logger.trace("Map PVP EntityCategory to single PVP Attributes ... ");
-			String entityId = null;
-			try {
-				if (metadata instanceof EntitiesDescriptor) {
-					Logger.trace("Find EnitiesDescriptor ... ");
-					EntitiesDescriptor entitiesDesc = (EntitiesDescriptor) metadata;
-					if (entitiesDesc.getEntityDescriptors() != null) {
-						for (EntityDescriptor el : entitiesDesc.getEntityDescriptors()) 
-							resolveEntityCategoriesToAttributes(el);
-						
-					}
-									
-				} else if (metadata instanceof EntityDescriptor) {
-					Logger.trace("Find EntityDescriptor");
-					resolveEntityCategoriesToAttributes((EntityDescriptor)metadata);
-					
-					
-				} else
-					throw new MOAIDException("Invalid Metadata file Root element is no Entities- or EntityDescriptor", null);
-				
-				
-				
-			} catch (Exception e) {
-				Logger.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: " + entityId, e);
-				
-			}
-			
-		} else
-			Logger.trace("Filter to map PVP EntityCategory to single PVP Attributes is deactivated");
-		
-	}
-
-	private void resolveEntityCategoriesToAttributes(EntityDescriptor metadata) {
-		Logger.debug("Resolving EntityCategorie for Entity: " + metadata.getEntityID() + " ...");
-		Extensions extensions = metadata.getExtensions();
-		if (extensions != null) {
-			List<XMLObject> listOfExt = extensions.getUnknownXMLObjects();
-			if (listOfExt != null && !listOfExt.isEmpty()) {
-				Logger.trace("Find #" + listOfExt.size() + " 'Extension' elements ");
-				for (XMLObject el : listOfExt) {
-					Logger.trace("Find ExtensionElement: " + el.getElementQName().toString());
-					if (el instanceof EntityAttributes) {
-						EntityAttributes entityAttrElem = (EntityAttributes)el;
-						if (entityAttrElem.getAttributes() != null) {
-							Logger.trace("Find EntityAttributes. Start attribute processing ...");
-							for (Attribute entityAttr : entityAttrElem.getAttributes()) {
-								if (entityAttr.getName().equals(PVPConstants.ENTITY_CATEGORY_ATTRIBITE)) {
-									if (!entityAttr.getAttributeValues().isEmpty()) {
-										String entityAttrValue = entityAttr.getAttributeValues().get(0).getDOM().getTextContent();
-										if (PVPConstants.EGOVTOKEN.equals(entityAttrValue)) {
-											Logger.debug("Find 'EGOVTOKEN' EntityAttribute. Adding single pvp attributes ... ");
-											addAttributesToEntityDescriptor(metadata, 
-													buildAttributeList(PVPConstants.EGOVTOKEN_PVP_ATTRIBUTES), 
-													entityAttrValue);
-											
-																													
-										} else if (PVPConstants.CITIZENTOKEN.equals(entityAttrValue)) {
-											Logger.debug("Find 'CITIZENTOKEN' EntityAttribute. Adding single pvp attributes ... ");
-											addAttributesToEntityDescriptor(metadata, 
-													buildAttributeList(PVPConstants.CITIZENTOKEN_PVP_ATTRIBUTES), 
-													entityAttrValue);
-											
-										} else
-											Logger.info("EntityAttributeValue: " + entityAttrValue + " is UNKNOWN!");
-																			
-									} else
-										Logger.info("EntityAttribute: No attribute value");
-																		
-								} else 
-									Logger.info("EntityAttribute: " + entityAttr.getName() + " is NOT supported");
-								
-							}
-										
-						} else
-							Logger.info("Can NOT resolve EntityAttributes! Reason: Only EntityAttributes are supported!");
-						
-					}					
-				}
-				
-			} else
-				Logger.trace("'Extension' element is 'null' or empty");
-			
-		} else
-			Logger.trace("No 'Extension' element found");
-				
-	}
-	
-	/**
-	 * @param metadata
-	 * @param attrList
-	 */
-	private void addAttributesToEntityDescriptor(EntityDescriptor metadata, List<RequestedAttribute> attrList, String entityAttr) {
-		SPSSODescriptor spSSODesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-		if (spSSODesc != null) {
-			if (spSSODesc.getAttributeConsumingServices() == null || 
-					spSSODesc.getAttributeConsumingServices().isEmpty()) {
-				Logger.trace("No 'AttributeConsumingServices' found. Added it ...");
-				
-				AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class);						
-				attributeService.setIndex(0);
-				attributeService.setIsDefault(true);
-				ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
-				serviceName.setName(new LocalizedString("Default Service", "en"));
-				attributeService.getNames().add(serviceName);
-				
-				if (attrList != null && !attrList.isEmpty()) {
-					attributeService.getRequestAttributes().addAll(attrList);
-					Logger.info("Add  " + attrList.size() + " attributes for 'EntityAttribute': " + entityAttr);
-					
-				}
-				
-				spSSODesc.getAttributeConsumingServices().add(attributeService);
-				
-			} else {
-				Logger.debug("Find 'AttributeConsumingServices'. Starting updating process ... ");
-				for (AttributeConsumingService el : spSSODesc.getAttributeConsumingServices()) {
-					Logger.debug("Update 'AttributeConsumingService' with Index: " + el.getIndex());
-					
-					//load currently requested attributes
-					List<String> currentlyReqAttr = new ArrayList<String>();
-					for (RequestedAttribute reqAttr : el.getRequestAttributes())
-						currentlyReqAttr.add(reqAttr.getName());
-						
-
-					//check against EntityAttribute List
-					for (RequestedAttribute entityAttrListEl : attrList) {
-						if (!currentlyReqAttr.contains(entityAttrListEl.getName())) {
-							el.getRequestAttributes().add(entityAttrListEl);
-							
-						} else
-							Logger.debug("'AttributeConsumingService' already contains attr: " + entityAttrListEl.getName());
-						
-					}
-					
-				}
-				
-			}
-			
-		} else
-			Logger.info("Can ONLY add 'EntityAttributes' to 'SPSSODescriptor'");
-		
-	}
-
-	private List<RequestedAttribute> buildAttributeList(List<Trible<String, String, Boolean>> attrSet) {
-		List<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>();
-		for (Trible<String, String, Boolean> el : attrSet)
-			requestedAttributes.add(PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird()));	
-					
-		return requestedAttributes;
-		
-		
-	}
-	 	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
deleted file mode 100644
index 4c1da747b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
-
-import java.security.cert.CertificateException;
-
-import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
-
-/**
- * @author tlenz
- *
- */
-public class PVPMetadataFilterChain extends MetadataFilterChain {
-
-		
-	/**
-	 * @throws CertificateException 
-	 * 
-	 */
-	public PVPMetadataFilterChain(String url, byte[] certificate) throws CertificateException {
-		addDefaultFilters(url, certificate);
-	}
-	
-	public void addDefaultFilters(String url, byte[] certificate) throws CertificateException {
-		addFilter(new MetadataSignatureFilter(url, certificate));
-		
-	}
-
-
-
-
-
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
deleted file mode 100644
index 83a2b61d2..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
-
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.Validator;
-
-import org.opensaml.common.xml.SAMLSchemaBuilder;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.xml.XMLObject;
-import org.xml.sax.SAXException;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class SchemaValidationFilter implements MetadataFilter {
-
-	private boolean isActive = true;
-	
-	public SchemaValidationFilter() {
-		try {
-			isActive = AuthConfigurationProviderFactory.getInstance().isPVPSchemaValidationActive();
-			
-		} catch (ConfigurationException e) {
-			e.printStackTrace();
-		}
-	}
-	
-	/**
-	 * 
-	 */
-	public SchemaValidationFilter(boolean useSchemaValidation) {
-		this.isActive = useSchemaValidation;
-	}
-	
-	
-	/* (non-Javadoc)
-	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
-	 */
-	@Override
-	public void doFilter(XMLObject arg0) throws SchemaValidationException {
-		
-		String errString = null;
-		
-		if (isActive) {
-			try {
-				Schema test = SAMLSchemaBuilder.getSAML11Schema();
-				Validator val = test.newValidator();
-				DOMSource source = new DOMSource(arg0.getDOM());		
-				val.validate(source);
-				Logger.info("Metadata Schema validation check done OK");
-				return;
-			
-			} catch (SAXException e) {
-				if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-					Logger.warn("Metadata Schema validation FAILED with exception:", e);
-				else
-					Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage());
-
-				errString = e.getMessage();
-				
-			} catch (Exception e) {
-				if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-					Logger.warn("Metadata Schema validation FAILED with exception:", e);
-				else
-					Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage());
-				
-				errString = e.getMessage();
-				
-			}
-			
-			throw new SchemaValidationException("Metadata Schema validation FAILED with message: "+ errString);
-			
-		} else		
-			Logger.info("Metadata Schema validation check is DEACTIVATED!");
-		
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java
deleted file mode 100644
index e7412a0fc..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.saml2;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opensaml.saml2.metadata.provider.FilterException;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.xml.XMLObject;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MetadataFilterChain implements MetadataFilter {
-
-	private List<MetadataFilter> filters = new ArrayList<MetadataFilter>();
-		
-	/**
-	 * Return all actually used Metadata filters
-	 * 
-	 * @return List of Metadata filters
-	 */
-	public List<MetadataFilter> getFilters() {
-		return filters;
-	}
-	
-	/**
-	 * Add a new Metadata filter to filterchain
-	 * 
-	 * @param filter 
-	 */
-	public void addFilter(MetadataFilter filter) {
-		filters.add(filter);
-	}
-	
-	
-	/* (non-Javadoc)
-	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
-	 */
-	@Override
-	public void doFilter(XMLObject arg0) throws FilterException {
-		for (MetadataFilter filter : filters) {
-			Logger.trace("Use MOAMetadataFilter " + filter.getClass().getName());
-			filter.doFilter(arg0);
-		}
-
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index c5f02e7de..f303adfe5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -44,6 +44,8 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -60,8 +62,6 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.utils.JsonMapper;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.EncryptedData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
index ff9c4e358..5f2ec046a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
@@ -28,6 +28,8 @@ import java.util.List;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -38,8 +40,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 
 /**
  * @author tlenz
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
index 3e3d9dafc..10e22c806 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
@@ -25,6 +25,9 @@ package at.gv.egovernment.moa.id.util;
 import java.io.IOException;
 import java.util.Properties;
 
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
 import at.gv.egovernment.moa.id.data.AuthenticationRole;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -33,7 +36,8 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
-public class LoALevelMapper {
+@Service("MOAIDLoALevelMapper")
+public class LoALevelMapper implements ILoALevelMapper{
 
 	private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/";
 	private static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/";
@@ -46,18 +50,8 @@ public class LoALevelMapper {
 	private static final String MAPPING_EIDAS_PREFIX = "eidas_";
 	
 	private Properties mapping = null;
-	
-	private static LoALevelMapper instance = null;
-	
-	public static LoALevelMapper getInstance() {
-		if (instance == null) {
-			instance = new LoALevelMapper();			
-		}
-		
-		return instance;
-	}
-	
-	private LoALevelMapper() {
+			
+	public LoALevelMapper() {
 		try {
 			mapping = new Properties();
 			mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE));
@@ -72,6 +66,43 @@ public class LoALevelMapper {
 		
 	}
 
+	public String mapToeIDASLoA(String qaa) {
+		if (qaa.startsWith(STORK_QAA_PREFIX))
+			return mapSTORKQAAToeIDASQAA(qaa);
+		
+		else if (qaa.startsWith(PVP_SECCLASS_PREFIX))
+			return mapSTORKQAAToeIDASQAA(mapSecClassToQAALevel(qaa));
+					
+		else if (qaa.startsWith(MAPPING_EIDAS_PREFIX))
+			return qaa;
+		
+		else {
+			Logger.info("QAA: " + qaa + " is NOT supported by LoA level mapper");
+			return null;
+			
+		}
+		
+	}
+	
+	public String mapToSecClass(String qaa) {
+		if (qaa.startsWith(STORK_QAA_PREFIX))
+			return mapStorkQAAToSecClass(qaa);
+		
+		else if (qaa.startsWith(MAPPING_EIDAS_PREFIX))
+			return mapStorkQAAToSecClass(mapeIDASQAAToSTORKQAA(qaa));
+					
+		else if (qaa.startsWith(PVP_SECCLASS_PREFIX))
+			return qaa;
+		
+		else {
+			Logger.info("QAA: " + qaa + " is NOT supported by LoA level mapper");
+			return null;
+			
+		}
+		
+	}
+	
+	
 	/**
 	 * Map STORK QAA level to eIDAS QAA level
 	 * 
@@ -118,7 +149,7 @@ public class LoALevelMapper {
 	 * @param STORK-QAA level
 	 * @return PVP SecClass pvpQAALevel
 	 */	
-	public String mapToSecClass(String storkQAALevel) {
+	public String mapStorkQAAToSecClass(String storkQAALevel) {
 		if (mapping != null) {
 			String input = storkQAALevel.substring(STORK_QAA_PREFIX.length());			
 			String mappedQAA = mapping.getProperty(MAPPING_SECCLASS_PREFIX + input);
@@ -137,7 +168,7 @@ public class LoALevelMapper {
 	 * @param PVP SecClass pvpQAALevel
 	 * @return STORK-QAA level
 	 */	
-	public String mapToQAALevel(String pvpQAALevel) {
+	public String mapSecClassToQAALevel(String pvpQAALevel) {
 		if (mapping != null) {
 			String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length());			
 			String mappedQAA = mapping.getProperty(input);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
deleted file mode 100644
index ca71ad946..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.util;
-
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotAllowedException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class QAALevelVerifier {
-
-	public static void verifyQAALevel(String qaaAuth, String qaaRequest) throws QAANotAllowedException {
-		
-		if (EAAFConstants.EIDAS_QAA_LOW.equals(qaaRequest) && 
-					(EAAFConstants.EIDAS_QAA_LOW.equals(qaaAuth) || 
-							EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) ||
-									EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth))
-				) 
-			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
-		
-		else if (EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaRequest) && 
-					(EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) ||
-								EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth))
-				) 
-			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
-		
-		else if (EAAFConstants.EIDAS_QAA_HIGH.equals(qaaRequest) && EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth)) 
-			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
-		
-		else 
-			throw new QAANotAllowedException(qaaAuth, qaaRequest);
-		
-	}
-}
diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
index d8565112b..5ccacf350 100644
--- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -22,6 +22,30 @@
 	<context:component-scan base-package="at.gv.egovernment.moa.id.auth.servlet" />
 	<context:component-scan base-package="at.gv.egovernment.moa.id.protocols" />
  
+ 	<bean id="PVPIDPCredentialProvider"
+ 				class="at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider" />
+ 
+ 	<bean id="PVP2XProtocol"
+ 				class="at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol">
+		<property name="pvpIDPCredentials">
+			<ref bean="PVPIDPCredentialProvider" />
+		</property>
+ 	</bean>
+ 
+  	<bean id="pvpMetadataService"
+ 				class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.MetadataAction">
+		<property name="pvpIDPCredentials">
+			<ref bean="PVPIDPCredentialProvider" />
+		</property>
+ 	</bean>
+ 
+   	<bean id="PVPAuthenticationRequestAction"
+ 				class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AuthenticationAction">
+		<property name="pvpIDPCredentials">
+			<ref bean="PVPIDPCredentialProvider" />
+		</property>
+ 	</bean>
+ 
 	<bean id="MOAID_AuthenticationManager" 
 				class="at.gv.egovernment.moa.id.moduls.AuthenticationManager"/>
 
@@ -50,6 +74,12 @@
 	<bean id="MOAGarbageCollector" 
 				class="at.gv.egovernment.moa.id.auth.MOAGarbageCollector"/>
 
+	<bean id="MOAIDLoALevelMapper" 
+				class="at.gv.egovernment.moa.id.util.LoALevelMapper"/>
+
+	<bean id="MOASAML2SubjectNameIDGenerator"
+				class="at.gv.egovernment.moa.id.auth.builder.MOAIDSubjectNameIdGenerator" />
+				
 <!-- 	<bean id="taskExecutor" class="org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor">
     <property name="corePoolSize" value="5" />
     <property name="maxPoolSize" value="10" />
@@ -64,11 +94,7 @@
 	<bean id="EvaluateBKUSelectionTask" 
 				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.EvaluateBKUSelectionTask"
 				scope="prototype"/>
-				
-	<bean id="RestartAuthProzessManagement" 
-				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.RestartAuthProzessManagement"
-				scope="prototype"/>				
-			
+										
 	<bean id="GenerateSSOConsentEvaluatorFrameTask" 
 				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GenerateSSOConsentEvaluatorFrameTask"
 				scope="prototype"/>
diff --git a/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java b/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
index b3a9d367f..b0494534a 100644
--- a/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
+++ b/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
@@ -54,9 +54,9 @@ import javax.xml.transform.TransformerException;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.impl.utils.StreamUtils;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.StreamUtils;
 import at.gv.egovernment.moa.util.XPathUtils;
 import iaik.ixsil.algorithms.Transform;
 import iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML;
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java
index 1cd54d61b..299bbee23 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java
@@ -50,8 +50,8 @@ import java.security.KeyStore;
 import java.util.Enumeration;
 
 import test.at.gv.egovernment.moa.id.UnitTestCase;
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
 
 /**
  * @author Paul Ivancsics
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
index 3f6227402..663f712ef 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
@@ -194,5 +194,9 @@ public class MOAIDAuthConstants extends MOAIDConstants{
   @Deprecated
   public static final String AUTHPROCESS_DATA_TARGETFRIENDLYNAME = "authProces_TargetFriendlyName";
   
+  public static final String DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP = "useMinimalFrontChannelResponse";
+  public static final String DATAID_INTERFEDERATION_NAMEID = "federatedNameID";
+  public static final String DATAID_INTERFEDERATION_QAALEVEL = "federatedQAALevel";		
+  public static final String DATAID_INTERFEDERATION_REQUESTID = "authnReqID";
 
 }
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java
index cb81fe79e..5fec08053 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java
@@ -34,8 +34,8 @@ import java.security.UnrecoverableKeyException;
 
 import org.apache.commons.lang3.SerializationUtils;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
 
 
 /**
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index abf2d211c..e6efca4ea 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -58,8 +58,8 @@ import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManager;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
 import at.gv.egovernment.moaspss.logging.LoggingContext;
 import at.gv.egovernment.moaspss.logging.LoggingContextManager;
 import iaik.pki.DefaultPKIConfiguration;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
deleted file mode 100644
index 8d6aea164..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
+++ /dev/null
@@ -1,146 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.io.BufferedInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.net.URL;
-
-/**
- * Utility for accessing files on the file system, and for reading from input streams.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class FileUtils {
-  
-  /**
-   * Reads a file, given by URL, into a byte array.
-   * @param urlString file URL
-   * @return file content
-   * @throws IOException on any exception thrown
-   */
-  public static byte[] readURL(String urlString) throws IOException {	  
-    URL url = new URL(urlString);
-    InputStream in = new BufferedInputStream(url.openStream());
-    byte[] content = StreamUtils.readStream(in);
-    in.close();
-    return content;
-  }
-
-  /**
-   * Reads a file from a resource.
-   * @param name resource name
-   * @return file content as a byte array
-   * @throws IOException on any exception thrown
-   */
-  public static byte[] readResource(String name) throws IOException {
-    ClassLoader cl = FileUtils.class.getClassLoader();
-    BufferedInputStream in = new BufferedInputStream(cl.getResourceAsStream(name));
-    byte[] content = StreamUtils.readStream(in);
-    in.close();
-    return content;
-  }
-  /**
-   * Reads a file from a resource.
-   * @param name filename
-   * @param encoding character encoding
-   * @return file content
-   * @throws IOException on any exception thrown
-   */
-  public static String readResource(String name, String encoding) throws IOException {
-    byte[] content = readResource(name);
-    return new String(content, encoding);
-  }
-  
-	/**
-	 * Returns the absolute URL of a given url which is relative to the parameter root
-	 * @param url
-	 * @param root
-	 * @return String
-	 */
-	public static String makeAbsoluteURL(String url, String root) {
-		//if url is relative to rootConfigFileDirName make it absolute 					
-		
-    File keyFile;
-    String newURL = url;
-
-		if(null == url) return  null;
-    
-    if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("file:/") || url.startsWith("ftp:/")) {
-    	return url;
-    } else {
-      // check if absolute - if not make it absolute
-      keyFile = new File(url);
-      if (!keyFile.isAbsolute()) {
-        keyFile = new File(root, url);
-
-        if (keyFile.toString().startsWith("file:"))
-        	newURL = keyFile.toString();
-        
-        else
-        	newURL = keyFile.toURI().toString();
-        
-      }
-      return newURL;
-    }
-	}  
-	
-	
-	 private static void copy( InputStream fis, OutputStream fos )
-	  {
-	    try
-	    {
-	      byte[] buffer = new byte[ 0xFFFF ];
-	      for ( int len; (len = fis.read(buffer)) != -1; )
-	        fos.write( buffer, 0, len );
-	    }
-	    catch( IOException e ) {
-	      System.err.println( e );
-	    }
-	    finally {
-	      if ( fis != null )
-	        try { fis.close(); } catch ( IOException e ) { e.printStackTrace(); }
-	      if ( fos != null )
-	        try { fos.close(); } catch ( IOException e ) { e.printStackTrace(); }
-	    }
-	  }
-	 
-	 public static void copyFile(File src, File dest)
-	  {
-	    try
-	    {
-	      copy( new FileInputStream( src ), new FileOutputStream( dest ) );
-	    }
-	    catch( IOException e ) {
-	      e.printStackTrace();
-	    }
-	  }
-  
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
deleted file mode 100644
index 38dcafcc0..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import iaik.x509.X509Certificate;
-
-import java.io.BufferedInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.cert.Certificate;
-
-/**
- * Utility for creating and loading key stores.
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class KeyStoreUtils {
-	
-	/**
-	 * JAVA KeyStore
-	 */
-	private static final String KEYSTORE_TYPE_JKS = "JKS";
-	
-	/**
-	 * PKCS12 KeyStore
-	 */
-	private static final String KEYSTORE_TYPE_PKCS12 = "PKCS12";
-	
-	
-
-  /**
-   * Loads a key store from file.
-   * 
-   * @param keystoreType key store type
-   * @param urlString URL of key store
-   * @param password password protecting the key store
-   * @return key store loaded
-   * @throws IOException thrown while reading the key store from file
-   * @throws GeneralSecurityException thrown while creating the key store
-   */
-  public static KeyStore loadKeyStore(
-    String keystoreType,
-    String urlString,
-    String password)
-    throws IOException, GeneralSecurityException {
-
-    URL keystoreURL = new URL(urlString);
-    InputStream in = keystoreURL.openStream();
-    return loadKeyStore(keystoreType, in, password);
-  }
-  /**
-   * Loads a key store from an <code>InputStream</code>, and
-   * closes the <code>InputStream</code>.
-   * 
-   * @param keystoreType key store type
-   * @param in input stream
-   * @param password password protecting the key store
-   * @return key store loaded
-   * @throws IOException thrown while reading the key store from the stream
-   * @throws GeneralSecurityException thrown while creating the key store
-   */
-  public static KeyStore loadKeyStore(
-    String keystoreType,
-    InputStream in,
-    String password)
-    throws IOException, GeneralSecurityException {
-
-    char[] chPassword = null;
-    if (password != null)
-      chPassword = password.toCharArray();
-    KeyStore ks = KeyStore.getInstance(keystoreType);
-    ks.load(in, chPassword);
-    in.close();
-    return ks;
-  }
-  /**
-   * Creates a key store from X509 certificate files, aliasing them with
-   * the index in the <code>String[]</code>, starting with <code>"0"</code>.
-   * 
-   * @param keyStoreType key store type
-   * @param certFilenames certificate filenames
-   * @return key store created
-   * @throws IOException thrown while reading the certificates from file
-   * @throws GeneralSecurityException thrown while creating the key store
-   */
-  public static KeyStore createKeyStore(
-    String keyStoreType,
-    String[] certFilenames)
-    throws IOException, GeneralSecurityException {
-
-    KeyStore ks = KeyStore.getInstance(keyStoreType);
-    ks.load(null, null);
-    for (int i = 0; i < certFilenames.length; i++) {
-      Certificate cert = loadCertificate(certFilenames[i]);
-      ks.setCertificateEntry("" + i, cert);
-    }
-    return ks;
-  }
-//  /**
-//   * Creates a key store from a directory containg X509 certificate files, 
-//   * aliasing them with the index in the <code>String[]</code>, starting with <code>"0"</code>.
-//   * All the files in the directory are considered to be certificates.
-//   * 
-//   * @param keyStoreType key store type
-//   * @param certDirURLString file URL of directory containing certificate filenames
-//   * @return key store created
-//   * @throws IOException thrown while reading the certificates from file
-//   * @throws GeneralSecurityException thrown while creating the key store
-//   */
-//  public static KeyStore createKeyStoreFromCertificateDirectory(
-//    String keyStoreType,
-//    String certDirURLString)
-//    throws IOException, GeneralSecurityException {
-//
-//    URL certDirURL = new URL(certDirURLString);
-//    String certDirname = certDirURL.getFile();
-//    File certDir = new File(certDirname);
-//    String[] certFilenames = certDir.list();
-//    String separator =
-//      (certDirname.endsWith(File.separator) ? "" : File.separator);
-//    for (int i = 0; i < certFilenames.length; i++) {
-//      certFilenames[i] = certDirname + separator + certFilenames[i];
-//    }
-//    return createKeyStore(keyStoreType, certFilenames);
-//  }
-
-  /**
-   * Loads an X509 certificate from file.
-   * @param certFilename filename
-   * @return the certificate loaded
-   * @throws IOException thrown while reading the certificate from file
-   * @throws GeneralSecurityException thrown while creating the certificate
-   */
-  private static Certificate loadCertificate(String certFilename)
-    throws IOException, GeneralSecurityException {
-
-    FileInputStream in = new FileInputStream(certFilename);
-    Certificate cert = new X509Certificate(in);
-    in.close();
-    return cert;
-  }
-  
- 
-	/**
-	 * Loads a keyStore without knowing the keyStore type
-	 * @param keyStorePath URL to the keyStore
-	 * @param password Password protecting the keyStore
-	 * @return keyStore loaded
-	 * @throws KeyStoreException thrown if keyStore cannot be loaded
-	 * @throws FileNotFoundException 
-	 * @throws IOException 
-	 */
-  public static KeyStore loadKeyStore(String keyStorePath, String password) throws KeyStoreException, IOException{
-		
-		//InputStream is = new FileInputStream(keyStorePath);
-	  	URL keystoreURL = new URL(keyStorePath);
-	    InputStream in = keystoreURL.openStream();
-		InputStream isBuffered = new BufferedInputStream(in);				
-		return loadKeyStore(isBuffered, password);
-		
-	}
-	
-	/**
-	 * Loads a keyStore without knowing the keyStore type
-	 * @param in input stream
-	 * @param password Password protecting the keyStore
-	 * @return keyStore loaded
-	 * @throws KeyStoreException thrown if keyStore cannot be loaded
-	 * @throws FileNotFoundException 
-	 * @throws IOException 
-	 */
-public static KeyStore loadKeyStore(InputStream is, String password) throws KeyStoreException, IOException{		
-		is.mark(1024*1024);
-		KeyStore ks = null;
-		try {
-			try {				
-				ks = loadKeyStore(KEYSTORE_TYPE_PKCS12, is, password);
-			} catch (IOException e2) {
-				is.reset();				
-				ks = loadKeyStore(KEYSTORE_TYPE_JKS, is, password);
-			}
-		} catch(Exception e) {			
-			e.printStackTrace();
-			//throw new KeyStoreException(e);
-		}
-		return ks;	
-						
-	}
-  
-	
-
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java
deleted file mode 100644
index e4ccd127f..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java
+++ /dev/null
@@ -1,197 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.PrintStream;
-
-/**
- * Utility methods for streams.
- * 
- * @author Patrick Peck
- * @version $Id$
- */
-public class StreamUtils {
-  
-  /**
-   * Compare the contents of two <code>InputStream</code>s.
-   * 
-   * @param is1 The 1st <code>InputStream</code> to compare.
-   * @param is2 The 2nd <code>InputStream</code> to compare.
-   * @return boolean <code>true</code>, if both streams contain the exactly the
-   * same content, <code>false</code> otherwise.
-   * @throws IOException An error occurred reading one of the streams.
-   */
-  public static boolean compareStreams(InputStream is1, InputStream is2) 
-    throws IOException {
-      
-    byte[] buf1 = new byte[256];
-    byte[] buf2 = new byte[256];
-    int length1;
-    int length2;
-  
-    try {
-      while (true) {
-        length1 = is1.read(buf1);
-        length2 = is2.read(buf2);
-        
-        if (length1 != length2) {
-          return false;
-        }
-        if (length1 <= 0) {
-          return true;
-        }
-        if (!compareBytes(buf1, buf2, length1)) {
-          return false;
-        }
-      }
-    } catch (IOException e) {
-      throw e;
-    } finally {
-      // close both streams
-      try {
-        is1.close();
-        is2.close();
-      } catch (IOException e) {
-        // ignore this
-      }
-    }
-  }
-  
-  /**
-   * Compare two byte arrays, up to a given maximum length.
-   * 
-   * @param b1 1st byte array to compare.
-   * @param b2 2nd byte array to compare.
-   * @param length The maximum number of bytes to compare.
-   * @return <code>true</code>, if the byte arrays are equal, <code>false</code>
-   * otherwise.
-   */
-  private static boolean compareBytes(byte[] b1, byte[] b2, int length) {
-    if (b1.length != b2.length) {
-      return false;
-    }
-  
-    for (int i = 0; i < b1.length && i < length; i++) {
-      if (b1[i] != b2[i]) {
-        return false;
-      }
-    }
-  
-    return true;
-  }
-
-  /**
-   * Reads a byte array from a stream.
-   * @param in The <code>InputStream</code> to read.
-   * @return The bytes contained in the given <code>InputStream</code>.
-   * @throws IOException on any exception thrown
-   */
-  public static byte[] readStream(InputStream in) throws IOException {
-
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    copyStream(in, out, null);
-		  
-		/*  
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    int b;
-    while ((b = in.read()) >= 0)
-      out.write(b);
-    
-    */
-    in.close();
-    return out.toByteArray();
-  }
-
-  /**
-   * Reads a <code>String</code> from a stream, using given encoding.
-   * @param in The <code>InputStream</code> to read.
-   * @param encoding The character encoding to use for converting the bytes
-   * of the <code>InputStream</code> into a <code>String</code>.
-   * @return The content of the given <code>InputStream</code> converted into
-   * a <code>String</code>.
-   * @throws IOException on any exception thrown
-   */
-  public static String readStream(InputStream in, String encoding) throws IOException {
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    copyStream(in, out, null);
-
-    /*
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    int b;
-    while ((b = in.read()) >= 0)
-      out.write(b);
-      */
-    in.close();
-    return out.toString(encoding);
-  }
-  
-  /**
-   * Reads all data (until EOF is reached) from the given source to the 
-   * destination stream. If the destination stream is null, all data is dropped.
-   * It uses the given buffer to read data and forward it. If the buffer is 
-   * null, this method allocates a buffer.
-   *
-   * @param source The stream providing the data.
-   * @param destination The stream that takes the data. If this is null, all
-   *                    data from source will be read and discarded.
-   * @param buffer The buffer to use for forwarding. If it is null, the method
-   *               allocates a buffer.
-   * @exception IOException If reading from the source or writing to the 
-   *                        destination fails.
-   */
-  private static void copyStream(InputStream source, OutputStream destination, byte[] buffer) throws IOException {
-    if (source == null) {
-      throw new NullPointerException("Argument \"source\" must not be null.");
-    }
-    if (buffer == null) {
-      buffer = new byte[8192];
-    }
-    
-    if (destination != null) {
-      int bytesRead;
-      while ((bytesRead = source.read(buffer)) >= 0) {
-        destination.write(buffer, 0, bytesRead);
-      }
-    } else {
-      while (source.read(buffer) >= 0);
-    }    
-  }
-  
-  /**
-   * Gets the stack trace of the <code>Throwable</code> passed in as a string.
-   * @param t The <code>Throwable</code>.
-   * @return a String representing the stack trace of the <code>Throwable</code>.
-   */
-  public static String getStackTraceAsString(Throwable t)
-  {
-    ByteArrayOutputStream stackTraceBIS = new ByteArrayOutputStream();
-    t.printStackTrace(new PrintStream(stackTraceBIS));
-    return new String(stackTraceBIS.toByteArray());
-  }
-}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java
index 8941ab4cf..c52f52fa8 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java
@@ -26,13 +26,13 @@ import java.io.BufferedInputStream;
 import java.io.FileInputStream;
 import java.io.IOException;
 
-import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egiz.eaaf.core.impl.utils.StreamUtils;
 
 /**
  * @author tlenz
  *
  */
-public class FileUtils extends at.gv.egovernment.moa.util.FileUtils {
+public class FileUtils extends at.gv.egiz.eaaf.core.impl.utils.FileUtils {
 
   /**
   * Reads a file, given by URL, into a String.
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
index be5581139..6d341b88b 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
@@ -34,8 +34,7 @@ import java.security.Security;
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
 
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import junit.framework.TestCase;
 
 /**
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java
index 98f7fccf5..f32b90eb0 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java
@@ -1,8 +1,14 @@
 package at.gv.egovernment.moa.id.auth.frontend;
 
+import java.net.MalformedURLException;
+import java.net.URI;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
 import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfigurationFactory;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 
 public class MOAIDGuiBilderConfigurationFactory implements IGUIBuilderConfigurationFactory {
 
@@ -13,5 +19,15 @@ public class MOAIDGuiBilderConfigurationFactory implements IGUIBuilderConfigurat
 
 	}
 
-	
+	@Override
+	public IGUIBuilderConfiguration getSPSpecificSAML2PostConfiguration(IRequest pendingReq, String viewName, URI configRootDir) 
+			throws MalformedURLException {
+		return new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
+				pendingReq, 
+				viewName, 
+				MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, 
+				null, 
+				configRootDir.toURL().toString());
+		
+	}	
 }
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
index 2ce4488a8..1bacc93c7 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
@@ -44,7 +44,7 @@ import org.springframework.stereotype.Service;
 import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
index 6092c8d5d..3e2bdda10 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
@@ -32,8 +32,8 @@ import java.net.URISyntaxException;
 import java.net.URL;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java
deleted file mode 100644
index 3d5c5ed2f..000000000
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.auth.frontend.velocity;
-
-import org.apache.velocity.app.Velocity;
-import org.apache.velocity.runtime.RuntimeServices;
-import org.apache.velocity.runtime.log.LogChute;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-public class VelocityLogAdapter implements LogChute {
-
-	public VelocityLogAdapter() {
-		try
-	    {
-	      /*
-	       *  register this class as a logger with the Velocity singleton
-	       *  (NOTE: this would not work for the non-singleton method.)
-	       */
-	      Velocity.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, this );
-	      Velocity.init();
-	    }
-	    catch (Exception e)
-	    {
-	      Logger.error("Failed to register Velocity logger");
-	    }
-	}
-	
-	public void init(RuntimeServices arg0) throws Exception {
-	}
-
-	public boolean isLevelEnabled(int arg0) {
-		switch(arg0) {
-		case LogChute.DEBUG_ID:
-			return Logger.isDebugEnabled();
-		case LogChute.TRACE_ID:
-			return Logger.isTraceEnabled();
-		default:
-			return true;
-		}
-	}
-
-	public void log(int arg0, String arg1) {
-		switch(arg0) {
-		case LogChute.DEBUG_ID:
-			Logger.debug(arg1);
-			break;
-		case LogChute.TRACE_ID:
-			Logger.trace(arg1);
-			break;
-		case LogChute.INFO_ID:
-			Logger.info(arg1);
-			break;
-		case LogChute.WARN_ID:
-			Logger.warn(arg1);
-			break;
-		case LogChute.ERROR_ID:
-		default:
-			Logger.error(arg1);
-			break;
-		}
-	}
-
-	public void log(int arg0, String arg1, Throwable arg2) {
-		switch(arg0) {
-		case LogChute.DEBUG_ID:
-		case LogChute.TRACE_ID:
-		case LogChute.INFO_ID:
-		case LogChute.WARN_ID:
-			Logger.warn(arg1, arg2);
-			break;
-		case LogChute.ERROR_ID:
-		default:
-			Logger.error(arg1, arg2);
-			break;
-		}
-	}
-	
-}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java
deleted file mode 100644
index 015d8e321..000000000
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/**
- * 
- */
-package at.gv.egovernment.moa.id.auth.frontend.velocity;
-
-import org.apache.velocity.app.Velocity;
-import org.apache.velocity.app.VelocityEngine;
-import org.apache.velocity.runtime.RuntimeConstants;
-
-/**
- * Gets a Velocity Engine
- * 
- * @author bzwattendorfer
- *
- */
-public class VelocityProvider {
-
-	private static VelocityEngine velocityEngine = null;
-	
-	/**
-	 * Gets velocityEngine from Classpath
-	 * @return VelocityEngine
-	 * @throws Exception
-	 */
-	public static VelocityEngine getClassPathVelocityEngine() throws Exception {
-		if (velocityEngine == null) {
-			velocityEngine = getBaseVelocityEngine();
-			velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
-			velocityEngine.setProperty("classpath.resource.loader.class",
-					"org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");                
-			velocityEngine.init();
-			
-		}
-		
-		return velocityEngine;
-	}
-	
-	/**
-	 * Gets VelocityEngine from File
-	 * @param rootPath File Path to template file
-	 * @return VelocityEngine
-	 * @throws Exception
-	 */
-	public static VelocityEngine getFileVelocityEngine(String rootPath) throws Exception {
-		if (velocityEngine == null) {
-			velocityEngine = getBaseVelocityEngine();
-			velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "file");
-			velocityEngine.setProperty("file.resource.loader.class",
-					"org.apache.velocity.runtime.resource.loader.FileResourceLoader");
-			velocityEngine.setProperty("file.resource.loader.path", rootPath);
-        
-			velocityEngine.init();
-			
-		}
-		
-		return velocityEngine;
-	}
-	
-	/**
-	 * Gets a basic VelocityEngine
-	 * @return VelocityEngine
-	 */
-	private static VelocityEngine getBaseVelocityEngine() {
-		VelocityEngine velocityEngine = new VelocityEngine();
-        velocityEngine.setProperty(RuntimeConstants.INPUT_ENCODING, "UTF-8");
-        velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
-//        velocityEngine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
-//				"org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
-        velocityEngine.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, new VelocityLogAdapter() );
-        
-        return velocityEngine;
-	}
-	
-}
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java
index f99013082..59779060f 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java
@@ -37,6 +37,7 @@ import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
 import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.IDestroyableObject;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
index d32ce972a..1eb354778 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
@@ -23,6 +23,7 @@ import org.springframework.web.context.support.ServletContextResource;
 import org.springframework.web.servlet.DispatcherServlet;
 
 import at.gv.egiz.components.spring.api.SpringLoader;
+import at.gv.egiz.eaaf.core.api.IPostStartupInitializable;
 import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 2b2a8cab6..ef3e71874 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -26,7 +26,9 @@ import org.w3c.dom.NodeList;
 import org.xml.sax.SAXException;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
@@ -65,14 +67,12 @@ import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.logging.SpecificTraceLogger;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.DateTimeUtils;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 import at.gv.egovernment.moaspss.logging.LogMsg;
@@ -1033,7 +1033,8 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		session.setForeigner(false);
 
 		//set QAA Level four in case of card authentifcation
-		session.setQAALevel(PVPConstants.STORK_QAA_1_4);
+		session.setQAALevel(PVPConstants.EIDAS_QAA_HIGH);
+		
 		
 		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED);
 		
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
index a904242e1..8e80fbbbb 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
@@ -49,9 +49,9 @@ package at.gv.egovernment.moa.id.auth.builder;
 import java.io.IOException;
 import java.text.MessageFormat;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.FileUtils;
 
 /**
  * Builder for the <code>&lt;VerifyXMLSignatureRequest&gt;</code> structure
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index ec1de6155..37f24ea72 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -138,7 +138,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
 				moasession.setIdentityLink(identitylink);
 
 				// set QAA Level four in case of card authentifcation
-				moasession.setQAALevel(PVPConstants.STORK_QAA_1_4);
+				moasession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH);
 
 				authServer.getForeignAuthenticationData(moasession);
 				
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
index b170d9e89..ab53671f2 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -34,6 +34,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -44,7 +45,6 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 44c3992d0..96be0279a 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -57,6 +57,7 @@ import org.jaxen.SimpleNamespaceContext;
 import org.w3c.dom.Element;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
@@ -71,7 +72,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.logging.SpecificTraceLogger;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index 7bb07df74..b3327a3d5 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -63,13 +63,13 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.BoolUtils;
 import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
index 9ce987956..90810a7f4 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
@@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
@@ -47,7 +48,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 
 /**
  * @author tlenz
@@ -94,7 +94,7 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 		moaSession.setForeigner(false);
 		
 		moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest");			
-		moaSession.setQAALevel(PVPConstants.STORK_QAA_1_4);
+		moaSession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH);
 			
 		try {
 			String idlurl = FileUtils.makeAbsoluteURL(moaAuthConfig.getMonitoringTestIdentityLinkURL(), moaAuthConfig.getRootConfigFileDir());				
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 74cf665ca..bad1f4e41 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -31,7 +31,7 @@ import org.apache.xml.security.signature.XMLSignature;
 import org.opensaml.xml.encryption.EncryptionConstants;
 import org.opensaml.xml.signature.SignatureConstants;
 
-import at.gv.egovernment.moa.id.data.Trible;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
index d743b57e3..5e4745f7c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
@@ -35,12 +35,12 @@ import java.util.List;
 import java.util.Map;
 import java.util.Properties;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.samlengineconfig.BinaryParameter;
 import eu.eidas.samlengineconfig.EngineInstance;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
index 384d6be0b..f7a6ff495 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
@@ -34,10 +34,10 @@ import java.util.List;
 import java.util.Map.Entry;
 import java.util.Properties;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import eu.eidas.samlengineconfig.ConfigurationParameter;
 import eu.eidas.samlengineconfig.InstanceConfiguration;
 import eu.eidas.samlengineconfig.StringParameter;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 94cd04ca7..aca818532 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -1,5 +1,6 @@
 package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
 
+import java.net.MalformedURLException;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.HashMap;
@@ -11,6 +12,9 @@ import java.util.Timer;
 
 import javax.xml.namespace.QName;
 
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.RoleDescriptor;
@@ -22,45 +26,39 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
 import org.opensaml.xml.XMLObject;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.IDestroyableObject;
-import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
-import at.gv.egovernment.moa.id.auth.IPostStartupInitializable;
+import at.gv.egiz.eaaf.core.api.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
+import at.gv.egiz.eaaf.core.api.IPostStartupInitializable;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
-import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.engine.AbstractProtocolEngine;
 
 @Service("eIDASMetadataProvider")
-public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider implements ObservableMetadataProvider, 
-	IGarbageCollectorProcessing, IDestroyableObject, IMOARefreshableMetadataProvider, IPostStartupInitializable{
+public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider implements ObservableMetadataProvider, 
+	IGarbageCollectorProcessing, IDestroyableObject, IRefreshableMetadataProvider, IPostStartupInitializable{
 
-	private Timer timer = null;
+	@Autowired(required=true) IConfiguration basicConfig;
+	
+	private Timer timer = null; 
 	
 	private MetadataProvider internalProvider;
 	private Map<String, Date> lastAccess = null;
 	
-	
-//	public static MOAeIDASChainingMetadataProvider getInstance() {
-//		if (instance == null) {
-//			synchronized (mutex) {
-//				if (instance == null) {
-//					instance = new MOAeIDASChainingMetadataProvider();
-//					MOAGarbageCollector.addModulForGarbageCollection(instance);
-//				}
-//			}
-//		}
-//		return instance;
-//	}
-	
-	
 	public MOAeIDASChainingMetadataProvider() {
 		internalProvider = new ChainingMetadataProvider();
 		lastAccess = new HashMap<String, Date>();
@@ -83,18 +81,25 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
 	}
 	
 	protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException {
-		Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
-		if (!metadataToLoad.isEmpty()) {
-			Logger.info("Load static configurated eIDAS metadata ... ");			
-			for (String metaatalocation : metadataToLoad.values()) {
-				String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getRootConfigFileDir());				
-				Logger.info("  Load eIDAS metadata from: " + absMetadataLocation);
-				refreshMetadataProvider(absMetadataLocation);
+		try {
+			Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
+			if (!metadataToLoad.isEmpty()) {
+				Logger.info("Load static configurated eIDAS metadata ... ");			
+				for (String metaatalocation : metadataToLoad.values()) {
+					String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getConfigurationRootDirectory());				
+					Logger.info("  Load eIDAS metadata from: " + absMetadataLocation);
+					refreshMetadataProvider(absMetadataLocation);
 				
+				}
+			
+				Logger.info("Load static configurated eIDAS metadata finished ");
 			}
 			
-			Logger.info("Load static configurated eIDAS metadata finished ");
-		}		
+		} catch (MalformedURLException e) {
+			Logger.warn("MOA-ID configuration error." , e);
+			throw new ConfigurationException("MOA-ID configuration error.", null, e);
+			
+		}
 	}
 	
 	
@@ -238,9 +243,10 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
 		filter.addFilter(new MOASPMetadataSignatureFilter(
 				authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE)));
 		
-		return createNewMoaMetadataProvider(metadataURL, filter, 
+		return createNewSimpleMetadataProvider(metadataURL, filter, 
 					"eIDAS metadata-provider", 
-					timer, AbstractProtocolEngine.getSecuredParserPool());
+					timer, AbstractProtocolEngine.getSecuredParserPool(),
+					createHttpClient(metadataURL));
 			
 	}
 
@@ -421,5 +427,40 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
 			if (observer != null)
 				observer.onEvent(this);
 	}
+	
+	private HttpClient createHttpClient(String metadataURL) {					
+		MOAHttpClient httpClient = new MOAHttpClient();		
+		HttpClientParams httpClientParams = new HttpClientParams();
+		httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+		httpClient.setParams(httpClientParams);
+		
+		if (metadataURL.startsWith("https:")) {
+			try {
+				if (basicConfig instanceof AuthConfiguration) {
+					AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig;
+					//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
+					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+							PVPConstants.SSLSOCKETFACTORYNAME, 
+							moaAuthConfig.getTrustedCACertificates(),
+							null,
+							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
+							moaAuthConfig.isTrustmanagerrevoationchecking(),
+							moaAuthConfig.getRevocationMethodOrder(),
+							moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+									AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
+				
+					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+					
+				}
+
+			} catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
+				Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+				
+			}
+		}
+		
+		return httpClient;
+				
+	}
 
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
index 9adc221e5..3851ead2d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
@@ -31,7 +31,7 @@ import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
 import eu.eidas.auth.engine.ProtocolEngineI;
 import eu.eidas.auth.engine.metadata.MetadataFetcherI;
 import eu.eidas.auth.engine.metadata.MetadataSignerI;
@@ -65,8 +65,8 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataFetcherI {
 	 * @return true if refresh was successful, otherwise false
 	 */
 	public boolean refreshMetadata(String entityId) {
-		if (this.metadataprovider instanceof IMOARefreshableMetadataProvider )
-			return ((IMOARefreshableMetadataProvider)this.metadataprovider).refreshMetadataProvider(entityId);		
+		if (this.metadataprovider instanceof IRefreshableMetadataProvider )
+			return ((IRefreshableMetadataProvider)this.metadataprovider).refreshMetadataProvider(entityId);		
 		else
 			return false;
 		
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index a87d971d8..0e8bf2a5a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -47,10 +47,11 @@ import com.google.common.net.MediaType;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
@@ -61,7 +62,6 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
 import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.EidasStringUtil;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 8e840e2c1..6d20caa4b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -32,6 +32,7 @@ import org.opensaml.common.xml.SAMLSchemaBuilder;
 import org.opensaml.xml.ConfigurationException;
 import org.opensaml.xml.XMLConfigurator;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAExtendedSWSigner;
 import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
@@ -41,7 +42,6 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProvid
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
 import eu.eidas.auth.commons.attribute.AttributeRegistries;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
index 8add8e206..1b1b15567 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
@@ -35,10 +35,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java
index 30e1e4505..3075ab9cf 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java
@@ -25,8 +25,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import at.gv.egiz.eaaf.core.impl.data.Trible;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
-import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index ce5f4dc6b..42ca6e507 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -47,10 +47,10 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
@@ -87,7 +87,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
 	public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE";
 	
     public static final String NAME = EIDASProtocol.class.getName();
-    public static final String PATH = "eidas";	
+    public static final String PATH = "id_eidas";	
 
     @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
     
@@ -105,9 +105,10 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
         return NAME;
     }
 
-    public String getPath() {
-        return PATH;
-    }
+	@Override
+	public String getAuthProtocolIdentifier() {
+		return PATH;
+	}
 
 	//eIDAS metadata end-point
 	@RequestMapping(value = "/eidas/metadata", method = {RequestMethod.GET})
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index bbd132a3b..bfdb46a11 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -32,6 +32,8 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAction;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
@@ -39,9 +41,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.utils.NewMoaEidasMetadata;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.engine.ProtocolEngineI;
 import eu.eidas.auth.engine.metadata.ContactData;
@@ -59,6 +59,7 @@ public class EidasMetaDataRequest implements IAction {
      
 	@Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
 	@Autowired(required=true) AuthConfiguration authConfig;
+	@Autowired(required=true) IPVP2BasicConfiguration pvpConfiguration;
 	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
@@ -150,10 +151,10 @@ public class EidasMetaDataRequest implements IAction {
         //add organisation information from PVP metadata information        
         Organization pvpOrganisation = null;
 		try {
-			pvpOrganisation = PVPConfiguration.getInstance().getIDPOrganisation();			
+			pvpOrganisation = pvpConfiguration.getIDPOrganisation();			
 			eu.eidas.auth.engine.metadata.ContactData.Builder technicalContact = ContactData.builder();
 			
-			List<ContactPerson> contacts = PVPConfiguration.getInstance().getIDPContacts();
+			List<ContactPerson> contacts = pvpConfiguration.getIDPContacts();
 			if (contacts != null && contacts.size() >= 1) {
 				ContactPerson contact = contacts.get(0);
 				technicalContact.givenName(contact.getGivenName().getName());
@@ -187,7 +188,7 @@ public class EidasMetaDataRequest implements IAction {
 			metadataConfigBuilder.supportContact(ContactData.builder(technicalContact.build()).build());
 			
 									
-		} catch (ConfigurationException | NullPointerException e) {
+		} catch (NullPointerException | EAAFException e) {
 			Logger.warn("Can not load Organisation or Contact from Configuration", e);
 			
 		}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
index 14b1d06b6..5a8fcb846 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
@@ -28,9 +28,9 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils;
-import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
index 6c3bfc569..1176ba251 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
@@ -28,10 +28,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index 82d0facd4..f6a67db9d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -41,15 +41,15 @@ import at.gv.egiz.eaaf.core.api.idp.IAction;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeBuilder;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.commons.EidasStringUtil;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java
index 24d24db2c..5dcd9499e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java
@@ -23,12 +23,12 @@
 package at.gv.egovernment.moa.id.protocols.eidas.validator;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.protocol.IAuthenticationResponse;
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
index 7ca4590bb..72c95d9c7 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
@@ -26,7 +26,7 @@ import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
-import at.gv.egovernment.moa.id.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 
 /**
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
index 5743590f9..482d8ef85 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
@@ -33,14 +33,14 @@ import org.opensaml.saml2.metadata.Organization;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 import org.opensaml.xml.security.credential.Credential;
 
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -51,11 +51,12 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
 	
 	private String authURL;
 	private ELGAMandatesCredentialProvider credentialProvider;
+	private IPVP2BasicConfiguration pvpConfiguration;
 	
-	public ELGAMandatesMetadataConfiguration(String authURL, ELGAMandatesCredentialProvider credentialProvider) {
+	public ELGAMandatesMetadataConfiguration(String authURL, ELGAMandatesCredentialProvider credentialProvider, IPVP2BasicConfiguration pvpConfiguration) {
 		this.authURL = authURL;
 		this.credentialProvider = credentialProvider;
-				
+		this.pvpConfiguration = pvpConfiguration;
 	}
 	
 	
@@ -118,9 +119,9 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
 	@Override
 	public List<ContactPerson> getContactPersonInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPContacts();
+			return pvpConfiguration.getIDPContacts();
 			
-		} catch (ConfigurationException e) {
+		} catch (EAAFException e) {
 			Logger.warn("Can not load Metadata entry: Contect Person", e);
 			return null;
 			
@@ -134,9 +135,9 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
 	@Override
 	public Organization getOrgansiationInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPOrganisation();
+			return pvpConfiguration.getIDPOrganisation();
 			
-		} catch (ConfigurationException e) {
+		} catch (EAAFException e) {
 			Logger.warn("Can not load Metadata entry: Organisation", e);
 			return null;
 			
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
index b67d263fc..6954b9feb 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
@@ -38,9 +38,9 @@ import org.opensaml.xml.security.credential.Credential;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
index aaed6655b..d52cd750a 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
@@ -36,12 +36,13 @@ import com.google.common.net.MediaType;
 
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesMetadataConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -54,6 +55,7 @@ public class ELGAMandateMetadataController extends AbstractController {
 	@Autowired PVPMetadataBuilder metadatabuilder;
 	@Autowired AuthConfiguration authConfig;
 	@Autowired ELGAMandatesCredentialProvider credentialProvider; 
+	@Autowired IPVP2BasicConfiguration pvpConfiguration;
 	
 	public ELGAMandateMetadataController() {
 		super();
@@ -76,7 +78,7 @@ public class ELGAMandateMetadataController extends AbstractController {
 			} else {
 				//initialize metadata builder configuration
 				IPVPMetadataBuilderConfiguration metadataConfig = 
-						new ELGAMandatesMetadataConfiguration(authURL, credentialProvider);
+						new ELGAMandatesMetadataConfiguration(authURL, credentialProvider, pvpConfiguration);
 				
 				//build metadata
 				String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index 12f2bde60..ce5f654da 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -41,26 +41,26 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -70,7 +70,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  */
 @Component("ReceiveElgaMandateResponseTask")
 public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
-
+  
 	@Autowired SAMLVerificationEngineSP samlVerificationEngine;
 	@Autowired ELGAMandatesCredentialProvider credentialProvider;
 	@Autowired ELGAMandateServiceMetadataProvider metadataProvider;
@@ -85,17 +85,17 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 		
 		try {						
 			IDecoder decoder = null;
-			MOAURICompare comperator = null;
+			EAAFURICompare comperator = null;
 			//select Response Binding
 			if (request.getMethod().equalsIgnoreCase("POST")) {
 				decoder = new PostBinding();
-				comperator = new MOAURICompare(pendingReq.getAuthURL() 
+				comperator = new EAAFURICompare(pendingReq.getAuthURL() 
 						+ ELGAMandatesAuthConstants.ENDPOINT_POST);
 				Logger.debug("Receive PVP Response from ELGA mandate-service, by using POST-Binding.");
 				
 			}  else if (request.getMethod().equalsIgnoreCase("GET")) {
 				decoder = new RedirectBinding();
-				comperator = new MOAURICompare(pendingReq.getAuthURL()
+				comperator = new EAAFURICompare(pendingReq.getAuthURL()
 						+ ELGAMandatesAuthConstants.ENDPOINT_REDIRECT);
 				Logger.debug("Receive PVP Response from ELGA mandate-service, by using Redirect-Binding.");
 				
@@ -131,7 +131,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 			
 			
 			//validate assertion
-			MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);			
+			PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);			
 			
 			//write ELGA mandate information into MOASession
 			AssertionAttributeExtractor extractor = 
@@ -217,7 +217,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 
 		} catch (AssertionValidationExeption | AuthnResponseValidationException e) {
 			Logger.info("ELGA mandate-service: PVP response validation FAILED. Msg:" + e.getMessage());
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getMessageId());
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getErrorId());
 			throw new TaskExecutionException(pendingReq, "ELGA mandate-service: PVP response validation FAILED.", e);
 		
 		} catch (Exception e) {
@@ -239,13 +239,13 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 	 * @throws AssertionValidationExeption 
 	 * @throws AuthnResponseValidationException 
 	 */
-	private MOAResponse preProcessAuthResponse(MOAResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
+	private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
 		Logger.debug("Start PVP-2.1 assertion processing... ");
 		Response samlResp = (Response) msg.getResponse();
 
 		//validate 'inResponseTo' attribute
 		String authnReqID = pendingReq.getGenericData(
-				PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID, String.class);
+				MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID, String.class);
 		String inResponseTo = samlResp.getInResponseTo();
 		
 		if (MiscUtil.isEmpty(authnReqID) || MiscUtil.isEmpty(inResponseTo) || 
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index 70dc87df9..0b0c74777 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -37,8 +37,10 @@ import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -47,12 +49,10 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesReq
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions.ELGAMetadataException;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -193,7 +193,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 			//set MandateReferenceValue as RequestID
 			authnReqConfig.setRequestID(moasession.getMandateReferenceValue());
 			pendingReq.setGenericDataToSession(
-					PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID,
+					MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID,
 					authnReqConfig.getRequestID());
 			
 			//set SubjectConformationDate
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index 07f618c10..e8cfae10a 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -22,11 +22,15 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
 
+import java.net.MalformedURLException;
 import java.util.List;
 import java.util.Timer;
 
 import javax.xml.namespace.QName;
 
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.RoleDescriptor;
@@ -37,14 +41,19 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.IDestroyableObject;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
-import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -54,9 +63,10 @@ import at.gv.egovernment.moa.util.MiscUtil;
  */
 
 @Service("ELGAMandate_MetadataProvider")
-public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvider
+public class ELGAMandateServiceMetadataProvider extends SimpleMetadataProvider
 	implements IDestroyableObject {
-	
+	@Autowired(required=true) AuthConfiguration moaAuthConfig;
+		
 	private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider();
 	private Timer timer = null;
 	
@@ -253,11 +263,12 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
 			filter.addFilter(new SchemaValidationFilter(true));
 			filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID));
 		
-			MetadataProvider idpMetadataProvider = createNewMoaMetadataProvider(metdataURL, 
+			MetadataProvider idpMetadataProvider = createNewSimpleMetadataProvider(metdataURL, 
 					filter, 
 					ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,					
 					timer,
-					new BasicParserPool());
+					new BasicParserPool(),
+					createHttpClient(metdataURL));
 			
 			if (idpMetadataProvider == null) {
 				Logger.error("Create ELGA Mandate-Service Client FAILED.");
@@ -300,4 +311,35 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
 			timer.cancel();
 		
 	}
+	
+	private HttpClient createHttpClient(String metadataURL) {					
+		MOAHttpClient httpClient = new MOAHttpClient();		
+		HttpClientParams httpClientParams = new HttpClientParams();
+		httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+		httpClient.setParams(httpClientParams);
+		
+		if (metadataURL.startsWith("https:")) {
+			try {
+				//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
+				MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+						PVPConstants.SSLSOCKETFACTORYNAME, 
+						moaAuthConfig.getTrustedCACertificates(),
+						null,
+						AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
+						moaAuthConfig.isTrustmanagerrevoationchecking(),
+						moaAuthConfig.getRevocationMethodOrder(),
+						moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+								AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
+				
+				httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+			} catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
+				Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+				
+			}
+		}
+		
+		return httpClient;
+				
+	}
 }
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
index c8fe55e51..dd4e5d340 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
@@ -25,11 +25,11 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
-import at.gv.egovernment.moa.util.FileUtils;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
index 9060f35c5..76e7f0901 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
@@ -24,9 +24,9 @@ package at.gv.egovernment.moa.id.protocols.oauth20;
 
 import java.util.Properties;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.util.FileUtils;
 
 public class OAuth20Configuration {
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index d97c8f7cf..190ef9e9d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -35,17 +35,18 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
-import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIssuingNationAttributeBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
@@ -62,7 +63,6 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAt
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 
 public final class OAuth20AttributeBuilder {
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
index cd7b8312d..17ed6b40d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
@@ -34,11 +34,11 @@ import java.security.interfaces.RSAPublicKey;
 import org.apache.commons.lang.StringUtils;
 import org.opensaml.xml.security.x509.BasicX509Credential;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Configuration;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20CertificateErrorException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
 
 public final class OAuth20SignatureUtil {
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index 5d461afc8..b00675e7c 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -40,11 +40,11 @@ import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
 import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index e04d719d9..98f6f2d5c 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -51,8 +51,9 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 	public String getName() { 
 		return NAME;
 	}
-	
-	public String getPath() {
+
+	@Override
+	public String getAuthProtocolIdentifier() {
 		return PATH;
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
index 35bbac6e7..824d64171 100644
--- a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
+++ b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
@@ -30,10 +30,9 @@ import org.opensaml.xml.security.x509.BasicX509Credential;
 import org.testng.Assert;
 import org.testng.annotations.Test;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Signer;
 import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Verifier;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-
 import net.oauth.jsontoken.crypto.Signer;
 import net.oauth.jsontoken.crypto.Verifier;
 
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
index 2766eab05..92a08e411 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
@@ -22,6 +22,8 @@ import com.google.gson.JsonElement;
 import com.google.gson.JsonParser;
 import com.google.gson.JsonSyntaxException;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception;
@@ -32,8 +34,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.utils.X509Utils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
 
 @Service
 public class JsonSecurityUtils implements IJOSETools{
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index 9f910d598..04ac1fd57 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -75,8 +75,10 @@ import com.google.gson.JsonParser;
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
@@ -94,12 +96,10 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageExcepti
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import net.glxn.qrgen.QRCode;
 import net.glxn.qrgen.image.ImageType;
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
index f1075f060..c7e42c8ab 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
@@ -49,6 +49,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
@@ -59,7 +60,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
index 189fcd2f6..4a5511df4 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
@@ -99,7 +99,18 @@ import com.google.gson.JsonObject;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.PVP2AssertionBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair;
@@ -116,17 +127,8 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
@@ -141,6 +143,9 @@ import iaik.x509.X509Certificate;
 @Service("SSOContainerUtils")
 public class SSOContainerUtils {
 	
+	@Autowired(required=true) private IPVP2BasicConfiguration pvpConfiguration;
+	@Autowired(required=true) private PVP2AssertionBuilder assertionBuilder;
+	
 	private static final String PVP_HOLDEROFKEY_NAME = PVPConstants.URN_OID_PREFIX + 
 			"1.2.40.0.10.2.1.1.261.xx.xx";
 	
@@ -272,7 +277,7 @@ public class SSOContainerUtils {
 		
 	}
 	
-	public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException  {	
+	public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException, SAMLRequestNotSignedException, NoCredentialsException, CredentialsNotAvailableException, AssertionValidationExeption  {	
 		final BasicParserPool ppMgr = new BasicParserPool();
 		final HashMap<String, Boolean> features = new HashMap<String, Boolean>();
 		features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
@@ -296,7 +301,7 @@ public class SSOContainerUtils {
 			} catch (ValidationException e) {
 				Logger.error("Failed to validate Signature", e);
 				throw new SAMLRequestNotSignedException(e);
-			}
+			} 
 			
 			Credential credential = credentials.getIDPAssertionSigningCredential();
 			if (credential == null) {
@@ -340,7 +345,7 @@ public class SSOContainerUtils {
 	public String generateSignedAndEncryptedSSOContainer(String authURL,
 			IAuthenticationSession authSession, Date date, byte[] hashedSecret) {		
 		try {
-			String entityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL);
+			String entityID = pvpConfiguration.getIDPEntityId(authURL);
 			AuthnContextClassRef authnContextClassRef = SAML2Utils
 					.createSAMLObject(AuthnContextClassRef.class);
 			authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());			
@@ -369,7 +374,7 @@ public class SSOContainerUtils {
 
 			IMOAAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession);
 			
-			Assertion assertion = PVP2AssertionBuilder.buildGenericAssertion(
+			Assertion assertion = assertionBuilder.buildGenericAssertion(
 					entityID,
 					entityID, 
 					new DateTime(date.getTime()), 
@@ -405,7 +410,7 @@ public class SSOContainerUtils {
 						
 			return container.toString();
 												
-		} catch (ConfigurationException | EncryptionException | CredentialsNotAvailableException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException e) {
+		} catch (EncryptionException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException | EAAFException e) {
 			Logger.warn("SSO container generation FAILED.", e);
 		}
 		
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java
index 8ca087e1d..a2441bc1f 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java
@@ -39,7 +39,7 @@ import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
 import org.bouncycastle.math.ec.ECPoint;
 import org.bouncycastle.util.BigIntegers;
 
-import at.gv.egovernment.moa.id.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.util.Base64Utils;
 import iaik.security.random.SeedGenerator;
 
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
index 1fff56f8d..a1b8631dc 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
@@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.config;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.Iterator;
 import java.util.List;
 
 import org.opensaml.saml2.core.Attribute;
@@ -35,16 +34,15 @@ import org.opensaml.saml2.metadata.Organization;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 import org.opensaml.xml.security.credential.Credential;
 
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -58,11 +56,14 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
 	
 	private String authURL;
 	private FederatedAuthCredentialProvider credentialProvider;
+	private IPVP2BasicConfiguration pvpConfiguration;
 	
-	public FederatedAuthMetadataConfiguration(String authURL, FederatedAuthCredentialProvider credentialProvider) {
+	public FederatedAuthMetadataConfiguration(String authURL, 
+			FederatedAuthCredentialProvider credentialProvider,
+			IPVP2BasicConfiguration pvpConfiguration) {
 		this.authURL = authURL;
 		this.credentialProvider = credentialProvider;
-				
+		this.pvpConfiguration = pvpConfiguration;
 	}
 	
 	
@@ -125,9 +126,9 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
 	@Override
 	public List<ContactPerson> getContactPersonInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPContacts();
+			return pvpConfiguration.getIDPContacts();
 			
-		} catch (ConfigurationException e) {
+		} catch (EAAFException e) {
 			Logger.warn("Can not load Metadata entry: Contect Person", e);
 			return null;
 			
@@ -141,9 +142,9 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
 	@Override
 	public Organization getOrgansiationInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPOrganisation();
+			return pvpConfiguration.getIDPOrganisation();
 			
-		} catch (ConfigurationException e) {
+		} catch (EAAFException e) {
 			Logger.warn("Can not load Metadata entry: Organisation", e);
 			return null;
 			
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
index 000590923..6cbe558e7 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
@@ -28,8 +28,8 @@ import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.xml.security.credential.Credential;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
index 399845643..6a733adb8 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
@@ -36,12 +36,13 @@ import com.google.common.net.MediaType;
 
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthMetadataConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -54,6 +55,7 @@ public class FederatedAuthMetadataController extends AbstractController {
 	@Autowired PVPMetadataBuilder metadatabuilder;
 	@Autowired AuthConfiguration authConfig;
 	@Autowired FederatedAuthCredentialProvider credentialProvider; 
+	@Autowired IPVP2BasicConfiguration pvpConfiguration;
 	
 	public FederatedAuthMetadataController() {
 		super();
@@ -76,7 +78,7 @@ public class FederatedAuthMetadataController extends AbstractController {
 			} else {
 				//initialize metadata builder configuration
 				IPVPMetadataBuilderConfiguration metadataConfig = 
-						new FederatedAuthMetadataConfiguration(authURL, credentialProvider);
+						new FederatedAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration);
 				
 				//build metadata
 				String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index 717099a8d..20fd5ebc4 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -35,9 +35,12 @@ import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthnRequestBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
@@ -46,10 +49,7 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -63,6 +63,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 	@Autowired PVPAuthnRequestBuilder authnReqBuilder;
 	@Autowired FederatedAuthCredentialProvider credential;
 	@Autowired(required=true) MOAMetadataProvider metadataProvider;
+	@Autowired(required=true) ILoALevelMapper loaMapper; 
 	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -117,7 +118,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			//build and transmit AuthnRequest
 			authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response);
 			
-		} catch (MOAIDException | MetadataProviderException e) {
+		} catch (MetadataProviderException e) {
 			throw new TaskExecutionException(pendingReq, "Build PVP2.1 AuthnRequest for SSO inderfederation FAILED.", e);
 
 		} catch (MessageEncodingException | NoSuchAlgorithmException  | SecurityException e) {
@@ -182,7 +183,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 					pendingReq.getClass().isInstance(storkRequst)) {
 				
 				try {									
-					secClass = LoALevelMapper.getInstance().mapToSecClass(
+					secClass = loaMapper.mapToSecClass(
 							PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass));
 				
 				} catch (Exception e) {
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index c20342a11..bb7f735aa 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -48,6 +48,18 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
@@ -60,22 +72,9 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -106,17 +105,17 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 		
 		try {
 			
-			IDecoder decoder = null;
-			MOAURICompare comperator = null;
+			IDecoder decoder = null; 
+			EAAFURICompare comperator = null;
 			//select Response Binding
 			if (request.getMethod().equalsIgnoreCase("POST")) {
 				decoder = new PostBinding();
-				comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST);
+				comperator = new EAAFURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST);
 				Logger.trace("Receive PVP Response from federated IDP, by using POST-Binding.");
 				
 			}  else if (request.getMethod().equalsIgnoreCase("GET")) {
 				decoder = new RedirectBinding();
-				comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT);
+				comperator = new EAAFURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT);
 				Logger.trace("Receive PVP Response from federated IDP, by using Redirect-Binding.");
 				
 			} else {
@@ -148,7 +147,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE);
 			
 			//validate assertion
-			MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
+			PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);
 			
 			//load IDP and SP configuration
 			IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
@@ -171,11 +170,11 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			if (spConfig.isInderfederationIDP()) {
 				//SP is a federated IDP  --> answer only with nameID and wait for attribute-Query
 				pendingReq.setGenericDataToSession(
-						PVPTargetConfiguration.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true);				
+						MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true);				
 				pendingReq.setGenericDataToSession(
-						PVPTargetConfiguration.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID());
+						MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID());
 				pendingReq.setGenericDataToSession(
-						PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel());
+						MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel());
 
 				authenticatedSessionStorage.
 					addFederatedSessionInformation(pendingReq, 
@@ -369,7 +368,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 	 * @throws AssertionValidationExeption 
 	 * @throws AuthnResponseValidationException 
 	 */
-	private MOAResponse preProcessAuthResponse(MOAResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
+	private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
 		Logger.debug("Start PVP21 assertion processing... ");
 		Response samlResp = (Response) msg.getResponse();
 
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
index 9ef02935b..38568cdd8 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
@@ -25,11 +25,11 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.utils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
-import at.gv.egovernment.moa.util.FileUtils;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 3452da003..92bcce24b 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -32,11 +32,11 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAction;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.URLEncoder;
@@ -121,7 +121,7 @@ public class GetArtifactAction implements IAction {
 					new SLOInformationImpl(req.getAuthURL(), oaParam.getPublicURLPrefix(), authData.getAssertionID(), null, null, req.requestedModule());
 			
 			return sloInformation;
-			
+			 
 		} catch (Exception ex) {
 			Logger.error("SAML1 Assertion build error", ex);
 			throw new AuthenticationException("SAML1 Assertion build error.", new Object[]{}, ex);
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index 85e2107c6..73d99d93b 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -72,12 +72,12 @@ import org.xml.sax.SAXException;
 
 import com.google.common.net.MediaType;
 
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
@@ -338,7 +338,7 @@ public class GetAuthenticationDataService extends AbstractController implements
 			is = Thread.currentThread()
 					.getContextClassLoader()
 					.getResourceAsStream(templateURL);	
-		
+		 
 			VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();		
 			BufferedReader reader = new BufferedReader(new InputStreamReader(is ));				
 			StringWriter writer = new StringWriter();						
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
index c53d1c98d..51d722dc4 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
@@ -52,6 +52,7 @@ import java.util.List;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DateTimeUtils;
 
@@ -88,7 +89,8 @@ public class SAML1AuthenticationData extends MOAAuthenticationData {
   private List<ExtendedSAMLAttribute> extendedSAMLAttributesOA;
   
 
-  public SAML1AuthenticationData() {	  	
+  public SAML1AuthenticationData(LoALevelMapper loaMapper) {
+	  	super(loaMapper);
 		this.setMajorVersion(1);
 		this.setMinorVersion(0);
 		this.setAssertionID(Random.nextRandom());	  
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 1be3e3daa..73afec4e0 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -47,6 +47,7 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
@@ -66,7 +67,6 @@ import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
@@ -490,7 +490,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 						&& Constants.URN_PREFIX_BASEID
 								.equals(identificationType)) {
 					// now we calculate the wbPK and do so if we got it from the
-					// BKU
+					// BKU 
 					
 					//load IdentityLinkDomainType from OAParam 					
 					Pair<String, String> targedId = new BPKBuilder().generateAreaSpecificPersonIdentifier(
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 54b137ce1..aa3fce249 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -94,10 +94,11 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 		return NAME;
 	}
 
-	public String getPath() {
+	@Override
+	public String getAuthProtocolIdentifier() {
 		return PATH;
+		
 	}
-
 	
 	@RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET})
 	public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {		
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
index 60d64a3ac..9ba1c4dd3 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
@@ -31,10 +31,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 
 public class TestManager{
 	
diff --git a/pom.xml b/pom.xml
index 6e5ee2fb8..2faf73b09 100644
--- a/pom.xml
+++ b/pom.xml
@@ -35,7 +35,7 @@
 			<moa-id-module-elga_mandate_client>1.3.1</moa-id-module-elga_mandate_client>
 
 			<!-- =================================================================================== -->
-			<eaaf-core.version>1.0.0-snapshot</eaaf-core.version>							
+			<egiz.eaaf.version>1.0.0-snapshot</egiz.eaaf.version>							
 			<org.springframework.version>4.3.13.RELEASE</org.springframework.version>
 			<org.springframework.data.spring-data-jpa>1.11.9.RELEASE</org.springframework.data.spring-data-jpa>
 			<surefire.version>2.20.1</surefire.version>		
@@ -442,9 +442,25 @@
 						<dependency>
 	    					<groupId>at.gv.egiz.eaaf</groupId>
 	  						<artifactId>eaaf-core</artifactId>
-	  						<version>${eaaf-core.version}</version>
-	  					</dependency> 
-
+	  						<version>${egiz.eaaf.version}</version>
+	  					</dependency>
+	  					<dependency>
+	  						<groupId>at.gv.egiz.eaaf</groupId>
+  							<artifactId>eaaf_module_pvp2_idp</artifactId>
+  							<version>${egiz.eaaf.version}</version>
+  						</dependency>
+  						<dependency> 
+							<groupId>at.gv.egiz.eaaf</groupId>
+  							<artifactId>eaaf_module_pvp2_sp</artifactId>
+  							<version>${egiz.eaaf.version}</version>
+						</dependency>  							
+						<dependency>
+        					<groupId>at.gv.egiz.eaaf</groupId>
+        					<artifactId>eaaf_module_pvp2_core</artifactId>
+        					<version>${egiz.eaaf.version}</version>
+        				</dependency>  							
+  							
+  							
       					<dependency>
 							<groupId>MOA.id.server</groupId>
 							<artifactId>moa-id-spring-initializer</artifactId>
-- 
cgit v1.2.3


From 016663e3a46f5f41f4d621c19e49063c78ccca70 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 20 Jun 2018 15:32:44 +0200
Subject: add some missing files

---
 .../moa/id/protocols/pvp2x/PVP2XProtocol.java      | 396 +++++++++++++++++++++
 .../metadata/PVPMetadataFilterChain.java           |  54 +++
 .../tasks/FirstBKAMobileAuthTask.java              |   2 +-
 3 files changed, 451 insertions(+), 1 deletion(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java

(limited to 'id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
new file mode 100644
index 000000000..a59033177
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -0,0 +1,396 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.AttributeQuery;
+import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.ws.security.SecurityPolicyException;
+import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityLogAdapter;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.AbstractPVP2XProtocol;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.SoapBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+ 
+@Controller
+public class PVP2XProtocol extends AbstractPVP2XProtocol {
+
+	@Autowired(required=true) AuthConfiguration moaAuthConfig;
+	@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
+	
+	public static final String NAME = PVP2XProtocol.class.getName();
+	public static final String PATH = "id_pvp2-sprofile";
+
+	
+	public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
+			new String[] {
+					PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME
+			});
+	
+	static {			
+		new VelocityLogAdapter();
+		
+	}
+
+	public String getName() {
+		return NAME;
+	}
+
+	public String getAuthProtocolIdentifier() {
+		return PATH;
+	}
+	
+	public PVP2XProtocol() {
+		super();
+	} 
+		
+	//PVP2.x metadata end-point
+	@RequestMapping(value = PVPConfiguration.PVP2_METADATA, method = {RequestMethod.POST, RequestMethod.GET})
+	public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+		if (!moaAuthConfig.getAllowedProtocols().isPVP21Active()) {
+			Logger.info("PVP2.1 is deaktivated!");
+			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+			
+		}
+		
+		super.pvpMetadataRequest(req, resp);
+		
+	}
+	
+	//PVP2.x IDP POST-Binding end-point
+	@RequestMapping(value = PVPConfiguration.PVP2_IDP_POST, method = {RequestMethod.POST})
+	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+		if (!moaAuthConfig.getAllowedProtocols().isPVP21Active()) {
+			Logger.info("PVP2.1 is deaktivated!");
+			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+			
+		}
+		
+		super.PVPIDPPostRequest(req, resp);
+						
+	}
+	
+	//PVP2.x IDP Redirect-Binding end-point
+	@RequestMapping(value = PVPConfiguration.PVP2_IDP_REDIRECT, method = {RequestMethod.GET})
+	public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+		if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) {
+			Logger.info("PVP2.1 is deaktivated!");
+			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+			
+		}
+		
+		super.PVPIDPRedirecttRequest(req, resp);
+				
+	}
+	
+	
+	//PVP2.x IDP SOAP-Binding end-point
+	@RequestMapping(value = "/pvp2/soap", method = {RequestMethod.POST})
+	public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
+//			Logger.info("PVP2.1 is deaktivated!");
+//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+//			
+//		}
+				
+		PVPSProfilePendingRequest pendingReq = null;
+		try {
+			//create pendingRequest object
+			pendingReq = applicationContext.getBean(PVPSProfilePendingRequest.class);
+			pendingReq.initialize(req, authConfig);
+			pendingReq.setModule(NAME);
+			
+			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
+			revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
+			revisionsLogger.logEvent(
+					pendingReq.getUniqueSessionIdentifier(), 
+					pendingReq.getUniqueTransactionIdentifier(), 
+					MOAIDEventConstants.TRANSACTION_IP, 
+					req.getRemoteAddr());
+			
+			//get POST-Binding decoder implementation
+			InboundMessage msg = (InboundMessage) new SoapBinding().decode(
+					req, resp, metadataProvider, false,
+					new EAAFURICompare(pvpBasicConfiguration.getIDPSSOPostService(pendingReq.getAuthURL())));
+			pendingReq.setRequest(msg);
+			
+			//preProcess Message
+			preProcess(req, resp, pendingReq);
+						
+		} catch (SecurityPolicyException e) {
+			String samlRequest = req.getParameter("SAMLRequest");			
+			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+						
+			//write revision log entries
+			if (pendingReq != null)
+				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
+			
+			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
+			
+		} catch (SecurityException e) {
+			String samlRequest = req.getParameter("SAMLRequest");			
+			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+			
+			//write revision log entries
+			if (pendingReq != null)
+				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
+			
+			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
+		
+		} catch (MOAIDException e) {			
+			//write revision log entries
+			if (pendingReq != null)
+				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
+			
+			throw e;
+						
+		} catch (Throwable e) {			
+			String samlRequest = req.getParameter("SAMLRequest");			
+			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+			
+			//write revision log entries
+			if (pendingReq != null)
+				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
+			
+			throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
+		}					
+	}
+	
+	
+	protected boolean childPreProcess(HttpServletRequest request,
+			HttpServletResponse response, PVPSProfilePendingRequest pendingReq) throws Throwable {				
+		InboundMessage msg = pendingReq.getRequest();
+		if (msg instanceof PVPSProfileRequest && 
+				((PVPSProfileRequest)msg).getSamlRequest() instanceof AttributeQuery)
+			preProcessAttributQueryRequest(request, response, pendingReq);
+
+		else if (msg instanceof PVPSProfileRequest && 
+				((PVPSProfileRequest)msg).getSamlRequest() instanceof LogoutRequest)
+			preProcessLogOut(request, response, pendingReq);
+			
+		else if (msg instanceof PVPSProfileResponse && 
+				((PVPSProfileResponse)msg).getResponse() instanceof LogoutResponse)
+			preProcessLogOut(request, response, pendingReq);
+			
+		else 
+			return false;
+			
+			
+		return true;
+	}
+	
+	/**
+	 * PreProcess Single LogOut request
+	 * @param request
+	 * @param response
+	 * @param msg
+	 * @return
+	 * @throws EAAFException 
+	 * @throws MOAIDException 
+	 */
+	private void preProcessLogOut(HttpServletRequest request,
+			HttpServletResponse response, PVPSProfilePendingRequest pendingReq) throws EAAFException {
+
+		InboundMessage inMsg = pendingReq.getRequest();		
+		PVPSProfileRequest msg;
+		if (inMsg instanceof PVPSProfileRequest && 
+				((PVPSProfileRequest)inMsg).getSamlRequest() instanceof LogoutRequest) {
+			//preProcess single logout request from service provider
+			
+			msg = (PVPSProfileRequest) inMsg;
+			
+			EntityDescriptor metadata = msg.getEntityMetadata(metadataProvider);
+			if(metadata == null) {
+				throw new NoMetadataInformationException();
+			}
+
+			String oaURL = metadata.getEntityID();
+			oaURL = StringEscapeUtils.escapeHtml(oaURL);
+			ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
+			
+			Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
+						
+			pendingReq.setSPEntityId(oaURL);
+			pendingReq.setOnlineApplicationConfiguration(oa);
+			pendingReq.setBinding(msg.getRequestBinding());
+			
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO);
+			
+
+						
+		} else if (inMsg instanceof PVPSProfileResponse && 
+				((PVPSProfileResponse)inMsg).getResponse() instanceof LogoutResponse) {
+			//preProcess single logour response from service provider
+						
+			LogoutResponse resp = (LogoutResponse) (((PVPSProfileResponse)inMsg).getResponse());
+			
+			Logger.debug("PreProcess SLO Response from " + resp.getIssuer());
+			
+//			List<String> allowedPublicURLPrefix = authConfig.getIDPPublicURLPrefixes();
+//					AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
+			
+			boolean isAllowedDestination = false;			
+			try {
+				isAllowedDestination = MiscUtil.isNotEmpty(authConfig.validateIDPURL(new URL(resp.getDestination())));
+				
+			} catch (MalformedURLException e) {
+				Logger.info(resp.getDestination() + " is NOT valid. Reason: " + e.getMessage());
+				
+			}
+			
+//			for (String prefix : allowedPublicURLPrefix) {
+//				if (resp.getDestination().startsWith(
+//					prefix)) {
+//					isAllowedDestination = true;
+//					break;
+//				}
+//			}
+						
+			if (!isAllowedDestination) {
+				Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL");
+				throw new AssertionValidationExeption("PVP 2.1 single logout response destination does not match to IDP URL", null);
+				
+			}
+			
+			//TODO: check if relayState exists
+			inMsg.getRelayState();
+						
+						
+		} else 
+			throw new EAAFException("Unsupported request");
+		
+		
+		pendingReq.setRequest(inMsg);
+		pendingReq.setAction(PVPConstants.SINGLELOGOUT);
+		
+		//Single LogOut Request needs no authentication 
+		pendingReq.setNeedAuthentication(false);
+		
+		//set protocol action, which should be executed
+		pendingReq.setAction(SingleLogOutAction.class.getName());
+	}
+	
+	/**
+	 * PreProcess AttributeQuery request 
+	 * @param request
+	 * @param response
+	 * @param pendingReq
+	 * @throws Throwable
+	 */
+	private void preProcessAttributQueryRequest(HttpServletRequest request,
+			HttpServletResponse response, PVPSProfilePendingRequest pendingReq) throws Throwable {
+		PVPSProfileRequest moaRequest = ((PVPSProfileRequest)pendingReq.getRequest());
+		AttributeQuery attrQuery = (AttributeQuery) moaRequest.getSamlRequest();
+		moaRequest.setEntityID(attrQuery.getIssuer().getValue());
+		
+		//validate destination
+		String destinaten = attrQuery.getDestination();
+		if (!pvpBasicConfiguration.getIDPSSOSOAPService(HTTPUtils.extractAuthURLFromRequest(request)).equals(destinaten)) {
+			Logger.warn("AttributeQuery destination does not match IDP AttributeQueryService URL");
+			throw new AttributQueryException("AttributeQuery destination does not match IDP AttributeQueryService URL", null);
+			
+		}
+
+		//check if Issuer is an interfederation IDP		
+		IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(moaRequest.getEntityID(), IOAAuthParameters.class);
+		if (!oa.isInderfederationIDP()) {
+			Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs.");
+			throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null);
+			
+		}
+		
+		if (!oa.isOutboundSSOInterfederationAllowed()) {
+			Logger.warn("Interfederation IDP " + oa.getPublicURLPrefix() + " does not allow outgoing SSO interfederation.");
+			throw new AttributQueryException("Interfederation IDP does not allow outgoing SSO interfederation.", null);
+			
+		}
+					
+		//check active MOASession
+		String nameID = attrQuery.getSubject().getNameID().getValue();			
+		IAuthenticationSession session = authenticatedSessionStorage.getSessionWithUserNameID(nameID);
+		if (session == null) {
+			Logger.warn("AttributeQuery nameID does not match to an active single sign-on session.");
+			throw new AttributQueryException("auth.31", null);
+			
+		}
+		
+		//set preProcessed information into pending-request
+		pendingReq.setRequest(moaRequest);
+		pendingReq.setSPEntityId(moaRequest.getEntityID());
+		pendingReq.setOnlineApplicationConfiguration(oa);
+		pendingReq.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+		
+		//Attribute-Query Request needs authentication, because session MUST be already authenticated 
+		pendingReq.setNeedAuthentication(false);
+				
+		//set protocol action, which should be executed after authentication
+		pendingReq.setAction(AttributQueryAction.class.getName());
+
+		//add moasession
+		pendingReq.setSSOSessionIdentifier(session.getSSOSessionID());
+				
+		//write revisionslog entry
+		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
+		
+		
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
new file mode 100644
index 000000000..615a0eaa7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
+
+import java.security.cert.CertificateException;
+
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+
+/**
+ * @author tlenz
+ *
+ */
+public class PVPMetadataFilterChain extends MetadataFilterChain {
+
+		
+	/**
+	 * @throws CertificateException 
+	 * 
+	 */
+	public PVPMetadataFilterChain(String url, byte[] certificate) throws CertificateException {
+		addDefaultFilters(url, certificate);
+	}
+	
+	public void addDefaultFilters(String url, byte[] certificate) throws CertificateException {
+		addFilter(new MetadataSignatureFilter(url, certificate));
+		
+	}
+
+
+
+
+
+	
+}
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
index 68b944814..76563c8ca 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
@@ -210,7 +210,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 			moaSession.setUseMandates(false);
 			moaSession.setForeigner(false);			
 			moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest");			
-			moaSession.setQAALevel(PVPConstants.STORK_QAA_1_3);
+			moaSession.setQAALevel(PVPConstants.EIDAS_QAA_SUBSTANTIAL);
 			Logger.info("Session Restore completed");
 			
 			
-- 
cgit v1.2.3


From d1d206293ea012fd37c891673a8b5e74ad40a0cf Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 22 Jun 2018 15:20:53 +0200
Subject: some more pvp2 updates

---
 .../id/demoOA/servlet/pvp2/DemoApplication.java    |    2 +-
 .../moa/id/demoOA/servlet/pvp2/Index.java          |    2 +-
 .../moa/id/advancedlogging/MOAReversionLogger.java |    2 +-
 .../id/auth/builder/AuthenticationDataBuilder.java |  657 +++-------
 .../moa/id/auth/builder/BPKBuilder.java            |  359 ------
 .../auth/builder/MOAIDSubjectNameIdGenerator.java  |    5 +-
 .../moa/id/auth/data/AuthenticationSession.java    |   10 +-
 .../id/auth/data/AuthenticationSessionWrapper.java |  231 +---
 .../egovernment/moa/id/auth/data/IdentityLink.java |  312 -----
 .../auth/parser/IdentityLinkAssertionParser.java   |   10 +-
 .../parser/VerifyXMLSignatureResponseParser.java   |    4 +-
 .../id/config/auth/OAAuthParameterDecorator.java   |   43 +-
 .../config/auth/data/DynamicOAAuthParameters.java  |   18 +
 .../gv/egovernment/moa/id/data/IMOAAuthData.java   |    4 +-
 .../at/gv/egovernment/moa/id/data/MISMandate.java  |    2 +-
 .../moa/id/data/MOAAuthenticationData.java         |   47 +-
 .../builder/attributes/EIDIdentityLinkBuilder.java |   76 --
 .../MandateFullMandateAttributeBuilder.java        |    2 +-
 .../MandateNaturalPersonBPKAttributeBuilder.java   |    7 +-
 .../metadata/MOASPMetadataSignatureFilter.java     |    2 +-
 .../moa/id/util/IdentityLinkReSigner.java          |    2 +-
 .../moa/id/util/ParamValidatorUtils.java           |    2 +-
 .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder |    1 -
 .../src/test/java/test/MOAIDTestCase.java          |    4 +-
 .../commons/api/data/AuthProzessDataConstants.java |   22 +-
 .../commons/api/data/IAuthenticationSession.java   |  106 +-
 .../moa/id/commons/api/data/IIdentityLink.java     |  175 ---
 .../java/at/gv/egovernment/moa/util/DOMUtils.java  | 1263 --------------------
 .../gv/egovernment/moa/util/MOADefaultHandler.java |    6 +-
 .../egovernment/moa/util/NodeIteratorAdapter.java  |  111 --
 .../gv/egovernment/moa/util/NodeListAdapter.java   |   68 --
 .../at/gv/egovernment/moa/util/XPathException.java |   86 --
 .../at/gv/egovernment/moa/util/XPathUtils.java     |  557 ---------
 .../test/at/gv/egovernment/moa/MOATestCase.java    |    2 +-
 .../at/gv/egovernment/moa/util/DOMUtilsTest.java   |    2 +-
 .../at/gv/egovernment/moa/util/XPathUtilsTest.java |    3 +-
 .../AbstractGUIFormBuilderConfiguration.java       |  111 --
 ...roviderSpecificGUIFormBuilderConfiguration.java |    1 +
 .../DefaultGUIFormBuilderConfiguration.java        |    1 +
 .../auth/frontend/builder/GUIFormBuilderImpl.java  |  165 +--
 .../moa/id/auth/AuthenticationServer.java          |   15 +-
 .../builder/AuthenticationAssertionBuilder.java    |    2 +-
 .../AuthenticationBlockAssertionBuilder.java       |    2 +-
 .../moa/id/auth/builder/PersonDataBuilder.java     |    6 +-
 .../moa/id/auth/builder/SAMLResponseBuilder.java   |    2 +-
 .../builder/VerifyXMLSignatureRequestBuilder.java  |    2 +-
 .../modules/internal/tasks/GetForeignIDTask.java   |    6 +-
 .../internal/tasks/GetMISSessionIDTask.java        |    2 +-
 .../internal/tasks/PrepareGetMISMandateTask.java   |    2 +-
 .../parser/CreateXMLSignatureResponseParser.java   |    4 +-
 .../parser/ExtendedInfoboxReadResponseParser.java  |    2 +-
 .../id/auth/parser/InfoboxReadResponseParser.java  |    6 +-
 .../CreateXMLSignatureResponseValidator.java       |    9 +-
 .../id/auth/validator/IdentityLinkValidator.java   |    6 +-
 .../VerifyXMLSignatureResponseValidator.java       |    2 +-
 .../moa/id/auth/validator/parep/ParepUtils.java    |    4 +-
 .../id/util/client/mis/simple/MISSimpleClient.java |    2 +-
 .../builder/InfoboxReadRequestBuilderTest.java     |    3 +-
 .../moa/id/auth/builder/PersonDataBuilderTest.java |    2 +-
 .../parser/IdentityLinkAssertionParserTest.java    |    9 +-
 .../auth/parser/InfoboxReadResponseParserTest.java |    6 +-
 .../tasks/FirstBKAMobileAuthTask.java              |    4 +-
 .../tasks/SecondBKAMobileAuthTask.java             |    4 +-
 .../eidas/tasks/CreateIdentityLinkTask.java        |    8 +-
 .../elgamandates/tasks/RequestELGAMandateTask.java |    2 +-
 .../attributes/OAuth20AttributeBuilder.java        |    2 +-
 .../sl20_auth/tasks/ReceiveQualeIDTask.java        |    2 +-
 .../data/SSOTransferAuthenticationData.java        |    2 +-
 .../data/SSOTransferOnlineApplication.java         |   18 +
 .../ssotransfer/servlet/SSOTransferServlet.java    |    5 +-
 .../ssotransfer/utils/SSOContainerUtils.java       |    2 +-
 .../saml1/GetAuthenticationDataService.java        |    6 +-
 .../protocols/saml1/SAML1AuthenticationServer.java |    9 +-
 .../moa/id/monitoring/IdentityLinkTestModule.java  |    4 +-
 74 files changed, 398 insertions(+), 4247 deletions(-)
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathException.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java
 delete mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java

(limited to 'id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src')

diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
index 93622f828..aeb4d8eac 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
@@ -78,12 +78,12 @@ import org.opensaml.xml.security.x509.X509Credential;
 import org.opensaml.xml.signature.Signature;
 import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.demoOA.Configuration;
 import at.gv.egovernment.moa.id.demoOA.Constants;
 import at.gv.egovernment.moa.id.demoOA.PVPConstants;
 import at.gv.egovernment.moa.id.demoOA.utils.ApplicationBean;
 import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils;
-import at.gv.egovernment.moa.util.DOMUtils;
 
 public class DemoApplication extends HttpServlet {
 	Logger log = Logger.getLogger(DemoApplication.class);
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java
index 28003528b..bac3e1949 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java
@@ -83,11 +83,11 @@ import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.demoOA.Configuration;
 import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException;
 import at.gv.egovernment.moa.id.demoOA.utils.ApplicationBean;
 import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 8298b082b..9894ffbe9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -33,11 +33,11 @@ import org.springframework.stereotype.Service;
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.modules.pvp2.PVPEventConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 998817b19..b6f78119c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -23,19 +23,14 @@
 package at.gv.egovernment.moa.id.auth.builder;
 
 import java.io.IOException;
-import java.io.InputStream;
 import java.lang.reflect.InvocationTargetException;
 import java.security.PrivateKey;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Collection;
 import java.util.Date;
 import java.util.Iterator;
 import java.util.List;
 
-import javax.naming.ldap.LdapName;
-import javax.naming.ldap.Rdn;
-
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.DOMException;
@@ -46,17 +41,24 @@ import org.w3c.dom.NodeList;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFParserException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.exceptions.XPathException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -64,7 +66,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -82,24 +83,21 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.egovernment.moa.util.XPathException;
-import at.gv.egovernment.moa.util.XPathUtils;
 import at.gv.util.client.szr.SZRClient;
 import at.gv.util.config.EgovUtilPropertiesConfiguration;
 import at.gv.util.wsdl.szr.SZRException;
 import at.gv.util.xsd.szr.PersonInfoType;
-import iaik.x509.X509Certificate;
 
 /**
  * @author tlenz
  *
  */
 @Service("AuthenticationDataBuilder")
-public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAuthenticationDataBuilder{
+public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder {
 
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
 	@Autowired protected AuthConfiguration authConfig;
-	@Autowired private LoALevelMapper loaLevelMapper; 
+	@Autowired protected LoALevelMapper loaLevelMapper; 
 	
 	@Override
 	public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
@@ -108,16 +106,17 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 					new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()),
 					pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class));
 			
-		} catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException e) {
+		} catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException | EAAFBuilderException e) {
 			Logger.warn("Can not build authentication data from session information");
 			throw new EAAFAuthenticationException("TODO", new Object[]{},					
 					"Can not build authentication data from session information", e);
+			
 		}
 		
 	}
 		
 	private IAuthData buildAuthenticationData(IRequest pendingReq, 
-            IAuthenticationSession session,  IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {		
+            IAuthenticationSession session,  IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException, EAAFBuilderException {		
 		MOAAuthenticationData authdata = null;		
 		
 		//only needed for SAML1 legacy support
@@ -181,96 +180,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 	}
 			
 	private void buildAuthDataFormMOASession(MOAAuthenticationData authData, IAuthenticationSession session, 
-			IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {
-
-		Collection<String> includedToGenericAuthData = null;
-		if (session.getGenericSessionDataStorage() != null &&  
-				!session.getGenericSessionDataStorage().isEmpty())
-			includedToGenericAuthData = session.getGenericSessionDataStorage().keySet();
-		else
-			includedToGenericAuthData = new ArrayList<String>();
-		
-		try {		
-			//####################################################
-			//set general authData info's
-			authData.setAuthenticationIssuer(protocolRequest.getAuthURL());
-			authData.setSsoSession(protocolRequest.needSingleSignOnFunctionality());			
-			authData.setBaseIDTransferRestrication(oaParam.hasBaseIdTransferRestriction());
-			
-		
-			//####################################################
-			//parse user info's from identityLink
-			IIdentityLink idlFromPVPAttr = null;
-			IIdentityLink identityLink = session.getIdentityLink();		
-			if (identityLink != null) {
-				parseBasicUserInfosFromIDL(authData, identityLink, includedToGenericAuthData);
-			
-			} else {
-				// identityLink is not direct in MOASession
-				String pvpAttrIDL = session.getGenericDataFromSession(PVPConstants.EID_IDENTITY_LINK_NAME, String.class);
-					//find PVP-Attr. which contains the IdentityLink
-				if (MiscUtil.isNotEmpty(pvpAttrIDL)) {
-					Logger.debug("Find PVP-Attr: " + PVPConstants.EID_IDENTITY_LINK_FRIENDLY_NAME
-							+ " --> Parse basic user info's from that attribute.");
-					InputStream idlStream = null;
-					try {
-						idlStream = Base64Utils.decodeToStream(pvpAttrIDL, false);				
-						idlFromPVPAttr = new IdentityLinkAssertionParser(idlStream).parseIdentityLink();
-						parseBasicUserInfosFromIDL(authData, idlFromPVPAttr, includedToGenericAuthData);
-															
-					} catch (ParseException e) {
-						Logger.error("Received IdentityLink is not valid", e);
-						
-					} catch (Exception e) {
-						Logger.error("Received IdentityLink is not valid", e);
-						
-					} finally {
-						try {
-							includedToGenericAuthData.remove(PVPConstants.EID_IDENTITY_LINK_NAME);
-							if (idlStream != null)						
-								idlStream.close();
-							
-						} catch (IOException e) {
-							Logger.fatal("Close InputStream FAILED.", e);
-							
-						}
-						
-					}
-					
-				}
-				
-				//if no basic user info's are set yet, parse info's single PVP-Attributes
-				if (MiscUtil.isEmpty(authData.getFamilyName())) {
-					Logger.debug("No IdentityLink found or not parseable --> Parse basic user info's from single PVP-Attributes.");
-					authData.setFamilyName(session.getGenericDataFromSession(PVPConstants.PRINCIPAL_NAME_NAME, String.class));		
-					authData.setGivenName(session.getGenericDataFromSession(PVPConstants.GIVEN_NAME_NAME, String.class));		
-					authData.setDateOfBirth(session.getGenericDataFromSession(PVPConstants.BIRTHDATE_NAME, String.class));
-					authData.setIdentificationValue(session.getGenericDataFromSession(PVPConstants.EID_SOURCE_PIN_NAME, String.class));		
-					authData.setIdentificationType(session.getGenericDataFromSession(PVPConstants.EID_SOURCE_PIN_TYPE_NAME, String.class));
-					
-					//remove corresponding keys from genericSessionData if exists
-					includedToGenericAuthData.remove(PVPConstants.PRINCIPAL_NAME_NAME);
-					includedToGenericAuthData.remove(PVPConstants.GIVEN_NAME_NAME);
-					includedToGenericAuthData.remove(PVPConstants.BIRTHDATE_NAME);
-					includedToGenericAuthData.remove(PVPConstants.EID_SOURCE_PIN_NAME);
-					includedToGenericAuthData.remove(PVPConstants.EID_SOURCE_PIN_TYPE_NAME);
-				}
-								
-			}
-			
-			if (authData.getIdentificationType() != null && 
-					!authData.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
-				Logger.trace("IdentificationType is not a baseID --> clear it. ");
-				authData.setBPK(authData.getIdentificationValue());
-				authData.setBPKType(authData.getIdentificationType());
-				
-				authData.setIdentificationValue(null);
-				authData.setIdentificationType(null);
-								
-			}
+			IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException, EAAFBuilderException {
+		try {
+			//generate basic authentication data
+			generateBasicAuthData(authData, protocolRequest, session);
 			
 			
-			//####################################################
+			// #### generate MOA-ID specific authentication data ######
 			//set BKU URL
 			includedToGenericAuthData.remove(PVPConstants.EID_CCS_URL_NAME);
 			if (MiscUtil.isNotEmpty(session.getBkuURL()))
@@ -282,41 +198,50 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 			//TODO: fully switch from STORK QAA to eIDAS LoA
 			//####################################################
 			//set QAA level
-			includedToGenericAuthData.remove(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME);
-			String currentLoA = null;
-			if (MiscUtil.isNotEmpty(session.getQAALevel()))
-				currentLoA = session.getQAALevel();			
-			else {
-				currentLoA = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class);
-				if (MiscUtil.isNotEmpty(currentLoA)) {
-					Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA
-							+ " --> Parse QAA-Level from that attribute.");
+			if (MiscUtil.isNotEmpty(authData.getEIDASQAALevel())) {
+				Logger.debug("Find eIDAS LoA. Map it to STORK QAA");
+				authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(authData.getEIDASQAALevel()));
+				
+			} else {
+				Logger.info("Find NO eIDAS Loa. Starting STORK QAA processing as backup ... ");
+			
+							
+				includedToGenericAuthData.remove(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME);
+				String currentLoA = null;
+				if (MiscUtil.isNotEmpty(session.getQAALevel()))
+					currentLoA = session.getQAALevel();			
+				else {
+					currentLoA = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class);
+					if (MiscUtil.isNotEmpty(currentLoA)) {
+						Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA
+								+ " --> Parse QAA-Level from that attribute.");
 					
+					}
 				}
-			}
 				
-			if (MiscUtil.isNotEmpty(currentLoA)) {					
-				if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
-					authData.setQAALevel(currentLoA);
-					authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(currentLoA));
+				if (MiscUtil.isNotEmpty(currentLoA)) {					
+					if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
+						authData.setQAALevel(currentLoA);
+						authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(currentLoA));
 
-				} else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) {
-					authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(currentLoA));
-					authData.seteIDASLoA(currentLoA);
+					} else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) {
+						authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(currentLoA));
+						authData.seteIDASLoA(currentLoA);
 										
-				} else { 
-					Logger.debug("Found PVP SecClass. QAA mapping process starts ... ");				
-					String mappedStorkQAA = loaLevelMapper.mapSecClassToQAALevel(currentLoA);
-					if (MiscUtil.isNotEmpty(mappedStorkQAA)) {
-						authData.setQAALevel(mappedStorkQAA);
-						authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(mappedStorkQAA));
+					} else { 
+						Logger.debug("Found PVP SecClass. QAA mapping process starts ... ");				
+						String mappedStorkQAA = loaLevelMapper.mapSecClassToQAALevel(currentLoA);
+						if (MiscUtil.isNotEmpty(mappedStorkQAA)) {
+							authData.setQAALevel(mappedStorkQAA);
+							authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(mappedStorkQAA));
 						
-					}										
-				}
-			}		
+						}										
+					}
+				}		
+			}
 			
 			//if no QAA level is set in MOASession then set default QAA level  
-			if (MiscUtil.isEmpty(authData.getQAALevel())) {														
+			if (MiscUtil.isEmpty(authData.getEIDASQAALevel())) {														
 				Logger.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_QAA_LOW);
 				authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + "1");
 				authData.seteIDASLoA(EAAFConstants.EIDAS_QAA_LOW);
@@ -371,65 +296,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 				
 			}
 			
-			
-			//####################################################
-			//set isForeigner flag
-			//TODO: change to new eIDAS-token attribute identifier
-			if (session.getGenericDataFromSession(PVPConstants.EID_STORK_TOKEN_NAME) != null) {
-				Logger.debug("Find PVP-Attr: " + PVPConstants.EID_STORK_TOKEN_FRIENDLY_NAME
-						+ " --> Set 'isForeigner' flag to TRUE");
-				authData.setForeigner(true);
-				
-			} else {		
-				authData.setForeigner(session.isForeigner());
-				
-			}
-					
-			
-			//####################################################
-			//set citizen country-code
-			includedToGenericAuthData.remove(PVPConstants.EID_ISSUING_NATION_NAME);
-			String pvpCCCAttr = session.getGenericDataFromSession(PVPConstants.EID_ISSUING_NATION_NAME, String.class);
-			if (MiscUtil.isNotEmpty(pvpCCCAttr)) {
-				authData.setCiticenCountryCode(pvpCCCAttr);
-				Logger.debug("Find PVP-Attr: " + PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME);
-				
-			} else {
-				if (authData.isForeigner()) {
-					try {
-						if (authData.getSignerCertificate() != null) {					
-							//TODO: replace with TSL lookup when TSL is ready!
-							X509Certificate certificate = new X509Certificate(authData.getSignerCertificate());
-							if (certificate != null) {
-								LdapName ln = new LdapName(certificate.getIssuerDN()
-										.getName());
-								for (Rdn rdn : ln.getRdns()) {
-									if (rdn.getType().equalsIgnoreCase("C")) {
-										Logger.info("C is: " + rdn.getValue());
-										authData.setCiticenCountryCode(rdn.getValue().toString());
-										break;
-									}
-								}
-							}
-							
-						} else
-							Logger.warn("NO PVP-Attr: " + PVPConstants.EID_ISSUING_NATION_NAME 
-									+ " and NO SignerCertificate in MOASession -->"
-									+ " Can NOT extract citizen-country of foreign person.");
-						
-						
-					} catch (Exception e) {
-						Logger.error("Failed to extract country code from certificate with message: " + e.getMessage());
-						
-					}
-									
-				} else {
-					authData.setCiticenCountryCode(COUNTRYCODE_AUSTRIA);
-					
-				}			
-			}
-			
-			
+											
 			//####################################################
 			//set max. SSO session time
 			includedToGenericAuthData.remove(AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO);
@@ -558,11 +425,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 					includedToGenericAuthData.remove(PVPConstants.MANDATE_PROF_REP_OID_NAME);
 				}
 			}
-		
-		
-		
-		
-						
+					
 			//####################################################
 			// set bPK and IdentityLink for Organwalter --> 
 			//        Organwalter has a special bPK is received from MIS 
@@ -572,111 +435,14 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 				authData.setBPK(misMandate.getOWbPK());
 				authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
 				Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK());
-				
-				
-				//TODO: check in case of mandates for business services
-				if (identityLink != null)
-					authData.setIdentityLink(identityLink);
-			
-				else if (idlFromPVPAttr != null){
-					authData.setIdentityLink(idlFromPVPAttr);
-					Logger.debug("Set IdentityLink received from federated IDP for Organwalter");
-										
-				} else
-					Logger.info("Can NOT set Organwalter IdentityLink. Msg: No IdentityLink found");				
-
-				
+											
 				//set bPK and IdenityLink for all other
-			} else {
-				//build bPK
-				String pvpbPKValue = getbPKValueFromPVPAttribute(session);
-				String pvpbPKTypeAttr = getbPKTypeFromPVPAttribute(session);				
-				Pair<String, String> pvpEncbPKAttr = getEncryptedbPKFromPVPAttribute(session, authData, oaParam);
-
-				//check if a unique ID for this citizen exists
-				if (MiscUtil.isEmpty(authData.getIdentificationValue()) && 
-						MiscUtil.isEmpty(pvpbPKValue) && MiscUtil.isEmpty(authData.getBPK()) &&
-						pvpEncbPKAttr == null) {
-					Logger.info("Can not build authData, because moaSession include no bPK, encrypted bPK or baseID");
-					throw new MOAIDException("builder.08", new Object[]{"No " + PVPConstants.BPK_FRIENDLY_NAME
-							+ " or " + PVPConstants.EID_SOURCE_PIN_FRIENDLY_NAME 
-							+ " or " + PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME});
-					
-				}
-								
-				// baseID is in MOASesson --> calculate bPK directly
-				if (MiscUtil.isNotEmpty(authData.getIdentificationValue())) {
-					Logger.debug("Citizen baseID is in MOASession --> calculate bPK from this.");
-					Pair<String, String> result = buildOAspecificbPK(protocolRequest, oaParam, authData);
-					authData.setBPK(result.getFirst());
-					authData.setBPKType(result.getSecond());
-					
-					//check if bPK already added to AuthData matches OA					
-				} else if (MiscUtil.isNotEmpty(authData.getBPK()) 
-						&& matchsReceivedbPKToOnlineApplication(oaParam, authData.getBPKType()) ) { 
-					Logger.debug("Correct bPK is already included in AuthData.");
-
-					//check if bPK received by PVP-Attribute matches OA
-				} else if (MiscUtil.isNotEmpty(pvpbPKValue) && 
-						matchsReceivedbPKToOnlineApplication(oaParam, pvpbPKTypeAttr)) {
-					Logger.debug("Receive correct bPK from PVP-Attribute");
-					authData.setBPK(pvpbPKValue);
-					authData.setBPKType(pvpbPKTypeAttr);
-					
-					//check if decrypted bPK exists
-				} else if (pvpEncbPKAttr != null) {
-					Logger.debug("Receive bPK as encrypted bPK and decryption was possible.");
-					authData.setBPK(pvpEncbPKAttr.getFirst());
-					authData.setBPKType(pvpEncbPKAttr.getSecond());
+				Logger.debug("User is an OW. Set original IDL into authdata ... ");
+				authData.setIdentityLink(session.getIdentityLink());
 				
-					//ask SZR to get bPK
-				} else {
-					String notValidbPK = authData.getBPK();  
-					String notValidbPKType = authData.getBPKType();					
-					if (MiscUtil.isEmpty(notValidbPK) && 
-							MiscUtil.isEmpty(notValidbPKType)) {
-						notValidbPK = pvpbPKValue;
-						notValidbPKType = pvpbPKTypeAttr;
-						
-						if (MiscUtil.isEmpty(notValidbPK) && 
-								MiscUtil.isEmpty(notValidbPKType)) {
-							Logger.fatal("No bPK in MOASession. THIS error should not occur any more.");
-							throw new NullPointerException("No bPK in MOASession. THIS error should not occur any more.");							
-						}						
-					}	
-										
-					Pair<String, String> baseIDFromSZR = getbaseIDFromSZR(authData, notValidbPK, notValidbPKType);
-					if (baseIDFromSZR != null) {
-						Logger.info("Receive citizen baseID from SRZ. Authentication can be completed");
-						authData.setIdentificationValue(baseIDFromSZR.getFirst());
-						authData.setIdentificationType(baseIDFromSZR.getSecond());
-						Pair<String, String> result = buildOAspecificbPK(protocolRequest, oaParam, authData);
-						authData.setBPK(result.getFirst());
-						authData.setBPKType(result.getSecond());
-						
-					} else {
-						Logger.warn("Can not build authData, because moaSession include no valid bPK, encrypted bPK or baseID");
-						throw new MOAIDException("builder.08", new Object[]{"No valid " + PVPConstants.BPK_FRIENDLY_NAME
-								+ " or " + PVPConstants.EID_SOURCE_PIN_FRIENDLY_NAME 
-								+ " or " + PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME});
-						
-					}					
-				}
-								
-				//build IdentityLink
-				if (identityLink != null)
-					authData.setIdentityLink(buildOAspecificIdentityLink(oaParam, identityLink, authData.getBPK(), authData.getBPKType()));
 				
-				else if (idlFromPVPAttr != null) {					
-					authData.setIdentityLink(buildOAspecificIdentityLink(oaParam, idlFromPVPAttr, authData.getBPK(), authData.getBPKType()));
-					Logger.debug("Set IdentityLink received from federated IDP");
 				
-				} else {
-					Logger.info("Can NOT set IdentityLink. Msg: No IdentityLink found");
-					
-				}            	                        
-			}
-			
+			}			
 			
 			//###################################################################
 			//set PVP role attribute (implemented for ISA 1.18 action)
@@ -738,7 +504,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 				}				
 			}
 			
-		} catch (BuildException e) {
+		} catch (EAAFBuilderException e) {
 			throw e;
 			
         } catch (Throwable ex) {
@@ -747,38 +513,6 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
         }
 		
 	}
-
-	/**
-	 * Check a bPK-Type against a Service-Provider configuration <br>
-	 * If bPK-Type is <code>null</code> the result is <code>false</code>.
-	 * 
-	 * @param oaParam Service-Provider configuration, never null
-	 * @param bPKType bPK-Type to check
-	 * @return true, if bPK-Type matchs to Service-Provider configuration, otherwise false
-	 * @throws ConfigurationException 
-	 */
-	private boolean matchsReceivedbPKToOnlineApplication(IOAAuthParameters oaParam, String bPKType) throws ConfigurationException {						
-		return oaParam.getAreaSpecificTargetIdentifier().equals(bPKType);
-
-	}
-
-	private void parseBasicUserInfosFromIDL(AuthenticationData authData, IIdentityLink identityLink, Collection<String> includedGenericSessionData) {
-		//baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
-		authData.setIdentificationValue(identityLink.getIdentificationValue());
-		authData.setIdentificationType(identityLink.getIdentificationType());
-
-		authData.setGivenName(identityLink.getGivenName());
-		authData.setFamilyName(identityLink.getFamilyName());
-		authData.setDateOfBirth(identityLink.getDateOfBirth());
-		
-		//remove corresponding keys from genericSessionData if exists
-		includedGenericSessionData.remove(PVPConstants.PRINCIPAL_NAME_NAME);
-		includedGenericSessionData.remove(PVPConstants.GIVEN_NAME_NAME);
-		includedGenericSessionData.remove(PVPConstants.BIRTHDATE_NAME);
-		includedGenericSessionData.remove(PVPConstants.EID_SOURCE_PIN_NAME);
-		includedGenericSessionData.remove(PVPConstants.EID_SOURCE_PIN_TYPE_NAME);
-		
-	}
 	
 	/**
 	 * @param authData
@@ -786,7 +520,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 	 * @param notValidbPKType
 	 * @return
 	 */
-	private Pair<String, String> getbaseIDFromSZR(AuthenticationData authData, String notValidbPK,
+	@Override
+	protected Pair<String, String> getbaseIDFromSZR(AuthenticationData authData, String notValidbPK,
 			String notValidbPKType) {
 		try {
 			EgovUtilPropertiesConfiguration eGovClientsConfig = authConfig.geteGovUtilsConfig();
@@ -841,7 +576,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 	 * MOASession as 'GenericData' <br> <pre><code>session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class)</code></pre>
 	 * to <code>authData</code>
 	 *  
-	 * @param session MOASession, but never null
+	 * @param authProcessDataContainer MOASession, but never null
 	 * @param authData AuthenticationData DAO
 	 * @param spConfig Service-Provider configuration
 	 * 
@@ -849,194 +584,124 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 	 *         or <code>null</code> if no attribute exists or can not decrypted
 	 * @throws ConfigurationException 
 	 */
-	private Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthenticationSession session,
-			MOAAuthenticationData authData, IOAAuthParameters spConfig) throws ConfigurationException {
-		//set List of encrypted bPKs to authData DAO		
-		String pvpEncbPKListAttr = session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class);
-		if (MiscUtil.isNotEmpty(pvpEncbPKListAttr)) {
-			List<String> encbPKList = Arrays.asList(pvpEncbPKListAttr.split(";"));							
-			authData.setEncbPKList(encbPKList);			
-			
-			//check if one of this encrypted bPK could be decrypt for this Service-Provider
-			for (String fullEncbPK : encbPKList) {
-				int index = fullEncbPK.indexOf("|");								 
-				if (index >= 0) {
-					String encbPK = fullEncbPK.substring(index+1);
-					String second = fullEncbPK.substring(0, index);					
-					int secIndex = second.indexOf("+");
-					if (secIndex >= 0) {
-						String oaTargetId = spConfig.getAreaSpecificTargetIdentifier();
-						if (oaTargetId.startsWith(MOAIDAuthConstants.PREFIX_CDID)) {						
-							String publicServiceShortTarget = oaTargetId.substring(MOAIDAuthConstants.PREFIX_CDID.length());						
-							if (publicServiceShortTarget.equals(second.substring(secIndex+1))) {
-								Logger.debug("Found encrypted bPK for online-application " 
-										+ spConfig.getPublicURLPrefix()
-										+ " Start decryption process ...");
-								PrivateKey privKey = spConfig.getBPKDecBpkDecryptionKey();
-								if (privKey != null) {
-									try {
-										String bPK = BPKBuilder.decryptBPK(encbPK, publicServiceShortTarget, privKey);
-										if (MiscUtil.isNotEmpty(bPK)) {
-											Logger.info("bPK decryption process finished successfully.");
-											return Pair.newInstance(bPK, oaTargetId);
-																															
-										} else {
-											Logger.error("bPK decryption FAILED.");
-										
+	@Override
+	protected Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthProcessDataContainer authProcessDataContainer,
+			AuthenticationData authData, ISPConfiguration spConfig) throws EAAFBuilderException {
+		//set List of encrypted bPKs to authData DAO
+		if (authData instanceof MOAAuthenticationData && 
+				spConfig instanceof IOAAuthParameters) {
+		
+			String pvpEncbPKListAttr = authProcessDataContainer.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class);
+			if (MiscUtil.isNotEmpty(pvpEncbPKListAttr)) {
+				List<String> encbPKList = Arrays.asList(pvpEncbPKListAttr.split(";"));							
+				((MOAAuthenticationData) authData).setEncbPKList(encbPKList);			
+				
+				//check if one of this encrypted bPK could be decrypt for this Service-Provider
+				for (String fullEncbPK : encbPKList) {
+					int index = fullEncbPK.indexOf("|");								 
+					if (index >= 0) {
+						String encbPK = fullEncbPK.substring(index+1);
+						String second = fullEncbPK.substring(0, index);					
+						int secIndex = second.indexOf("+");
+						if (secIndex >= 0) {
+							String oaTargetId = spConfig.getAreaSpecificTargetIdentifier();
+							if (oaTargetId.startsWith(MOAIDAuthConstants.PREFIX_CDID)) {						
+								String publicServiceShortTarget = oaTargetId.substring(MOAIDAuthConstants.PREFIX_CDID.length());						
+								if (publicServiceShortTarget.equals(second.substring(secIndex+1))) {
+									Logger.debug("Found encrypted bPK for online-application " 
+											+ spConfig.getUniqueIdentifier()
+											+ " Start decryption process ...");
+									PrivateKey privKey = ((IOAAuthParameters) spConfig).getBPKDecBpkDecryptionKey();
+									if (privKey != null) {
+										try {
+											String bPK = BPKBuilder.decryptBPK(encbPK, publicServiceShortTarget, privKey);
+											if (MiscUtil.isNotEmpty(bPK)) {
+												Logger.info("bPK decryption process finished successfully.");
+												return Pair.newInstance(bPK, oaTargetId);
+																																
+											} else {
+												Logger.error("bPK decryption FAILED.");
+											
+											}
+										} catch (EAAFBuilderException e) {
+											Logger.error("bPK decryption FAILED.", e);
+											
 										}
-									} catch (BuildException e) {
-										Logger.error("bPK decryption FAILED.", e);
 										
-									}
+									} else {
+										Logger.info("bPK decryption FAILED, because no valid decryption key is found.");
+										
+									}							
 									
 								} else {
-									Logger.info("bPK decryption FAILED, because no valid decryption key is found.");
+									Logger.info("Found encrypted bPK but " +
+											"encrypted bPK target does not match to online-application target"); 
 									
-								}							
+								}
 								
 							} else {
-								Logger.info("Found encrypted bPK but " +
-										"encrypted bPK target does not match to online-application target"); 
+								Logger.info("Encrypted bPKs are only allowed for public services with prefix: " + MOAIDAuthConstants.PREFIX_CDID 
+										+ " BUT oaTarget is " + oaTargetId);
 								
 							}
-							
-						} else {
-							Logger.info("Encrypted bPKs are only allowed for public services with prefix: " + MOAIDAuthConstants.PREFIX_CDID 
-									+ " BUT oaTarget is " + oaTargetId);
-							
-						}
-					}					
-				}							
-			}
-		}
-		
-		return null;
-	}
-
-	/**
-	 * Get bPK from PVP Attribute 'BPK_NAME', which could be exist in
-	 * MOASession as 'GenericData' <br> <pre><code>session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class)</code></pre>
-	 * 
-	 * @param session MOASession, but never null
-	 * @return bPK, which was received by PVP-Attribute, or <code>null</code> if no attribute exists
-	 */
-	private String getbPKValueFromPVPAttribute(IAuthenticationSession session) {
-		String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class);
-		if (MiscUtil.isNotEmpty(pvpbPKValueAttr)) {
-			
-			//fix a wrong bPK-value prefix, which was used in some PVP Standardportal implementations
-			if (pvpbPKValueAttr.startsWith("bPK:")) {
-				Logger.warn("Attribute " + PVPConstants.BPK_NAME 
-					+ " contains a not standardize prefix! Staring attribute value correction process ...");
-				pvpbPKValueAttr = pvpbPKValueAttr.substring("bPK:".length());
-				
-			}
-			
-			String[] spitted = pvpbPKValueAttr.split(":");
-			if (spitted.length != 2) {
-				Logger.warn("Attribute " + PVPConstants.BPK_NAME + " has a wrong encoding and can NOT be USED!"
-						+ " Value:" + pvpbPKValueAttr);
-				return null;
-				
+						}					
+					}							
+				}
 			}
-			Logger.debug("Find PVP-Attr: " + PVPConstants.BPK_FRIENDLY_NAME);
-			return spitted[1];
 			
-		}
+		} else
+			Logger.warn("AuthData: " + authData.getClass().getName() + " or spConfig: " + spConfig.getClass().getName() 
+					+ " are not MOAID data-objects");
 		
 		return null;
 	}
 
-	/**
-	 * Get bPK-Type from PVP Attribute 'EID_SECTOR_FOR_IDENTIFIER_NAME', which could be exist in
-	 * MOASession as 'GenericData' <br> <pre><code>session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class)</code></pre>
-	 * 
-	 * @param session MOASession, but never null
-	 * @return bPKType, which was received by PVP-Attribute, or <code>null</code> if no attribute exists
-	 */
-	private String getbPKTypeFromPVPAttribute(IAuthenticationSession session) {
-		String pvpbPKTypeAttr = session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); 
-		if (MiscUtil.isNotEmpty(pvpbPKTypeAttr)) {
-			
-			//fix a wrong bPK-Type encoding, which was used in some PVP Standardportal implementations
-			if (pvpbPKTypeAttr.startsWith(Constants.URN_PREFIX_CDID) && 
-					!pvpbPKTypeAttr.substring(Constants.URN_PREFIX_CDID.length(), 
-							Constants.URN_PREFIX_CDID.length() + 1).equals("+")) {				
-				Logger.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + " Starting attribute value correction ... ");
-				pvpbPKTypeAttr = Constants.URN_PREFIX_CDID + "+" + pvpbPKTypeAttr.substring(Constants.URN_PREFIX_CDID.length() + 1); 
-				
-			}
-			Logger.debug("Find PVP-Attr: " + PVPConstants.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME);
-			return pvpbPKTypeAttr;
-		}
-		
-		return null;
-
-
-		/*
-		 * INFO: This code could be used to extract the bPKType from 'PVPConstants.BPK_NAME',
-		 *       because the prefix of BPK_NAME attribute contains the postfix of the bPKType
-		 *       
-		 *       Now, all PVP Standardportals should be able to send 'EID_SECTOR_FOR_IDENTIFIER'
-		 *       PVP attributes  
-		 */
-//		String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class);
-//		String[] spitted = pvpbPKValueAttr.split(":");
-//		if (MiscUtil.isEmpty(authData.getBPKType())) {
-//			Logger.debug("PVP assertion contains NO bPK/wbPK target attribute. " +
-//					"Starting target extraction from bPK/wbPK prefix ...");
-//			//exract bPK/wbPK type from bpk attribute value prefix if type is 
-//			//not transmitted as single attribute
-//		    Pattern pattern = Pattern.compile("[a-zA-Z]{2}(-[a-zA-Z]+)?");
-//		    Matcher matcher = pattern.matcher(spitted[0]);
-//		    if (matcher.matches()) {
-//		    	//find public service bPK
-//		    	authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + spitted[0]);
-//		    	Logger.debug("Found bPK prefix. Set target to " + authData.getBPKType());
-//		    	   
-//		    } else {
-//		    	//find business service wbPK
-//		    	authData.setBPKType(Constants.URN_PREFIX_WBPK+ "+" + spitted[0]);
-//		    	Logger.debug("Found wbPK prefix. Set target to " + authData.getBPKType());
-//		    	   
-//		    }			    	  				
-//		}
-		
-	}
+	@Override
+	protected IIdentityLink buildOAspecificIdentityLink(ISPConfiguration spConfig, IIdentityLink idl, String bPK, String bPKType) throws EAAFConfigurationException, XPathException, DOMException, EAAFParserException {
+		if (spConfig.hasBaseIdTransferRestriction()) {
+			try {
+				Element idlassertion = idl.getSamlAssertion();
+            
+				//set bpk/wpbk;
+				Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+				prIdentification.getFirstChild().setNodeValue(bPK);
 
-	private IIdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IIdentityLink idl, String bPK, String bPKType) throws MOAIDException, EAAFConfigurationException, XPathException, DOMException {
-		if (oaParam.hasBaseIdTransferRestriction()) {
-            Element idlassertion = idl.getSamlAssertion();
-            //set bpk/wpbk;
-	        Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
-	        prIdentification.getFirstChild().setNodeValue(bPK);
-            //set bkp/wpbk type
-            Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
-            prIdentificationType.getFirstChild().setNodeValue(bPKType);
+				//set bkp/wpbk type
+				Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
+				prIdentificationType.getFirstChild().setNodeValue(bPKType);
 
-            IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
-            IIdentityLink businessServiceIdl = idlparser.parseIdentityLink();
+				IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
+				IIdentityLink businessServiceIdl = idlparser.parseIdentityLink();
                                 
-            //resign IDL
-			IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();					
-			Element resignedilAssertion;
-
-			if (authConfig.isIdentityLinkResigning()) {
-				resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), authConfig.getIdentityLinkResigningKey());
-			} else {
-				resignedilAssertion = businessServiceIdl.getSamlAssertion();
+				//resign IDL
+				IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();					
+				Element resignedilAssertion;
+ 
+				if (authConfig.isIdentityLinkResigning()) {
+					resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), authConfig.getIdentityLinkResigningKey());				
+				} else {
+					resignedilAssertion = businessServiceIdl.getSamlAssertion();
+				}
+				
+				IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion);
+				return resignedIDLParser.parseIdentityLink();
+				
+			} catch (MOAIDException e) {
+				Logger.warn("Can not build OA specific IDL. Reason: " + e.getMessage(), e);
+				throw new EAAFParserException("TODO", null, 
+						"Can not build OA specific IDL. Reason: " + e.getMessage(), e);
+				
 			}
-			IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion);
-			return resignedIDLParser.parseIdentityLink();
 			
         } else
         	return idl;
-        	
-		
-	}		
-
-
-	private Pair<String, String> buildOAspecificbPK(IRequest pendingReq, IOAAuthParameters oaParam, AuthenticationData authData) throws BuildException, ConfigurationException  {
+        			
+	}
+	
+	
+	@Override
+	protected Pair<String, String> buildOAspecificbPK(IRequest pendingReq, AuthenticationData authData) throws EAAFBuilderException {
+		ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
 		
 		String baseID = authData.getIdentificationValue();
 		String baseIDType = authData.getIdentificationType();		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
deleted file mode 100644
index 4bc4a7e81..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ /dev/null
@@ -1,359 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.security.InvalidKeyException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * Builder for the bPK, as defined in
- * <code>&quot;Ableitung f&uml;r die bereichsspezifische Personenkennzeichnung&quot;</code>
- * version <code>1.0.1</code> from <code>&quot;reference.e-government.gv.at&quot;</code>.
- *
- * @author Paul Schamberger
- * @version $Id$
- */
-public class BPKBuilder {
-
-	/**
-	 * Calculates an area specific unique person-identifier from a baseID
-	 * 
-	 * @param baseID baseId from user but never null
-	 * @param targetIdentifier target identifier for area specific identifier calculation but never null
-	 * @return Pair<unique person identifier for this target, targetArea> but never null
-	 * @throws BuildException if some input data are not valid 
-	 */
-	public Pair<String, String> generateAreaSpecificPersonIdentifier(String baseID, String targetIdentifier) throws BuildException{
-		return generateAreaSpecificPersonIdentifier(baseID, Constants.URN_PREFIX_BASEID, targetIdentifier);
-		
-	}
-	
-	/**
-	 * Calculates an area specific unique person-identifier from an unique identifier with a specific type
-	 * 
-	 * @param baseID baseId from user but never null
-	 * @param baseIdType Type of the baseID but never null
-	 * @param targetIdentifier target identifier for area specific identifier calculation but never null
-	 * @return Pair<unique person identifier for this target, targetArea> but never null
-	 * @throws BuildException if some input data are not valid 
-	 */
-	public Pair<String, String> generateAreaSpecificPersonIdentifier(String baseID, String baseIdType, String targetIdentifier) throws BuildException{
-		if (MiscUtil.isEmpty(baseID))
-			throw new BuildException("builder.00", new Object[]{"baseID is empty or null"});
-
-		if (MiscUtil.isEmpty(baseIdType))
-			throw new BuildException("builder.00", new Object[]{"the type of baseID is empty or null"});
-		
-		if (MiscUtil.isEmpty(targetIdentifier)) 
-			throw new BuildException("builder.00", new Object[]{"OA specific target identifier is empty or null"});
-
-		if (baseIdType.equals(Constants.URN_PREFIX_BASEID)) {
-			Logger.trace("Find baseID. Starting unique identifier caluclation for this target");
-			
-			if (targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_CDID) || 
-					targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_WPBK) || 
-					targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_STORK)) {
-				Logger.trace("Calculate bPK, wbPK, or STORK identifier for target: " + targetIdentifier);
-				return Pair.newInstance(calculatebPKwbPK(baseID + "+" + targetIdentifier), targetIdentifier);
-													
-			} else if (targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_EIDAS)) {
-				Logger.trace("Calculate eIDAS identifier for target: " + targetIdentifier);
-				String[] splittedTarget = targetIdentifier.split("\\+");
-				String cititzenCountryCode = splittedTarget[1];
-				String eIDASOutboundCountry = splittedTarget[2];				 
-				 
-				if (cititzenCountryCode.equalsIgnoreCase(eIDASOutboundCountry)) {
-					Logger.warn("Suspect configuration FOUND!!! CitizenCountry equals DestinationCountry");
-					 
-				}
-				return buildeIDASIdentifer(baseID, baseIdType, cititzenCountryCode, eIDASOutboundCountry);
-				
-				
-			} else
-				throw new BuildException("builder.00", 
-						new Object[]{"Target identifier: " + targetIdentifier + " is NOT allowed or unknown"});
-		
-		} else {
-			Logger.trace("BaseID is not of type " + Constants.URN_PREFIX_BASEID + ". Check type against requested target ...");
-			if (baseIdType.equals(targetIdentifier)) {
-				Logger.debug("Unique identifier is already area specific. Is nothing todo");
-				return Pair.newInstance(baseID, targetIdentifier);
-				
-			} else {
-				Logger.warn("Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required!");
-				throw new BuildException("builder.00", 
-						new Object[]{"Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required"});
-				
-			}			
-		}						
-	}
-	
-	
-    /**
-     * Builds the storkeid from the given parameters.
-     *
-     * @param baseID baseID of the citizen
-     * @param baseIDType Type of the baseID
-     * @param sourceCountry CountryCode of that country, which build the eIDAs ID
-     * @param destinationCountry CountryCode of that country, which receives the eIDAs ID
-     * 
-     * @return Pair<eIDAs, bPKType> in a BASE64 encoding
-     * @throws BuildException if an error occurs on building the wbPK
-     */
-    private Pair<String, String> buildeIDASIdentifer(String baseID, String baseIDType, String sourceCountry, String destinationCountry)
-            throws BuildException {        
-        String bPK = null;
-        String bPKType = null;
-        
-        // check if we have been called by public sector application
-        if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) {
-        	bPKType = Constants.URN_PREFIX_EIDAS + "+" + sourceCountry + "+" + destinationCountry;
-            Logger.debug("Building eIDAS identification from: [identValue]+" + bPKType);         
-            bPK = calculatebPKwbPK(baseID + "+"  + bPKType);
-            
-        } else { // if not, sector identification value is already calculated by BKU
-            Logger.debug("eIDAS eIdentifier already provided by BKU");
-            bPK = baseID;
-        }
-
-        if ((MiscUtil.isEmpty(bPK) ||
-                MiscUtil.isEmpty(sourceCountry) ||
-                	MiscUtil.isEmpty(destinationCountry))) {
-            throw new BuildException("builder.00",
-                    new Object[]{"eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" +
-                            bPK + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry});
-        }
-        
-        Logger.debug("Building eIDAS identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]");
-        String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bPK;
-        
-        return Pair.newInstance(eIdentifier, bPKType);
-    }
-	
-//    /**
-//     * Builds the bPK from the given parameters.
-//     *
-//     * @param identificationValue Base64 encoded "Stammzahl"
-//     * @param target              "Bereich lt. Verordnung des BKA"
-//     * @return bPK in a BASE64 encoding
-//     * @throws BuildException if an error occurs on building the bPK
-//     */
-//    private String buildBPK(String identificationValue, String target)
-//            throws BuildException {
-//
-//        if ((identificationValue == null ||
-//                identificationValue.length() == 0 ||
-//                target == null ||
-//                target.length() == 0)) {
-//            throw new BuildException("builder.00",
-//                    new Object[]{"BPK", "Unvollständige Parameterangaben: identificationValue=" +
-//                            identificationValue + ",target=" + target});
-//        }
-//        String basisbegriff;
-//        if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
-//            basisbegriff = identificationValue + "+" + target;
-//        else
-//            basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target;
-//
-//        return calculatebPKwbPK(basisbegriff);
-//    }
-//
-//    /**
-//     * Builds the wbPK from the given parameters.
-//     *
-//     * @param identificationValue Base64 encoded "Stammzahl"
-//     * @param registerAndOrdNr    type of register + "+" + number in register.
-//     * @return wbPK in a BASE64 encoding
-//     * @throws BuildException if an error occurs on building the wbPK
-//     */
-//    private String buildWBPK(String identificationValue, String registerAndOrdNr)
-//            throws BuildException {
-//
-//        if ((identificationValue == null ||
-//                identificationValue.length() == 0 ||
-//                registerAndOrdNr == null ||
-//                registerAndOrdNr.length() == 0)) {
-//            throw new BuildException("builder.00",
-//                    new Object[]{"wbPK", "Unvollständige Parameterangaben: identificationValue=" +
-//                            identificationValue + ",Register+Registernummer=" + registerAndOrdNr});
-//        }
-//
-//        String basisbegriff;
-//        if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+"))
-//            basisbegriff = identificationValue + "+" + registerAndOrdNr;
-//        else
-//            basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr;
-//
-//        return calculatebPKwbPK(basisbegriff);
-//    }
-//
-//    private String buildbPKorwbPK(String baseID, String bPKorwbPKTarget) throws BuildException {
-//    	if (MiscUtil.isEmpty(baseID) || 
-//    			!(bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_CDID + "+") || 
-//    					bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_WBPK + "+") || 
-//    					bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_STORK + "+")) ) {
-//    		throw new BuildException("builder.00",
-//                    new Object[]{"bPK/wbPK", "bPK or wbPK target " + bPKorwbPKTarget 
-//    					+ " has an unkown prefix."});
-//    		
-//    	}
-//    	
-//    	return calculatebPKwbPK(baseID + "+" + bPKorwbPKTarget);
-//    	
-//    }
-    
-	public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws BuildException {
-		MiscUtil.assertNotNull(bpk, "BPK");
-		MiscUtil.assertNotNull(publicKey, "publicKey");
-		
-		SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
-		if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
-			target = target.substring((Constants.URN_PREFIX_CDID + "+").length());
-		
-		String input = "V1::urn:publicid:gv.at:cdid+" + target + "::"
-		    + bpk + "::"
-		    + sdf.format(new Date());
-		System.out.println(input);
-		byte[] result;
-		try {
-			byte[] inputBytes = input.getBytes("ISO-8859-1");
-			result = encrypt(inputBytes, publicKey);
-			return new String(Base64Utils.encode(result, "ISO-8859-1")).replaceAll("\r\n", "");
-			
-		} catch (Exception e) {
-			throw new BuildException("bPK encryption FAILED", null, e);
-		}		
-	}
-
-	public static String decryptBPK(String encryptedBpk, String target, PrivateKey privateKey) throws BuildException {
-		MiscUtil.assertNotEmpty(encryptedBpk, "Encrypted BPK");
-		MiscUtil.assertNotNull(privateKey, "Private key");
-		String decryptedString;
-		try {
-			byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false, "ISO-8859-1");
-			byte[] decryptedBytes = decrypt(encryptedBytes, privateKey);
-			decryptedString = new String(decryptedBytes, "ISO-8859-1");
-			
-		} catch (Exception e) {
-			throw new BuildException("bPK decryption FAILED", null, e);
-		}
-		String tmp = decryptedString.substring(decryptedString.indexOf('+') + 1);
-		String sector = tmp.substring(0, tmp.indexOf("::"));
-		tmp = tmp.substring(tmp.indexOf("::") + 2);
-		String bPK = tmp.substring(0, tmp.indexOf("::"));
-
-		if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
-			target = target.substring((Constants.URN_PREFIX_CDID + "+").length());
-		
-		if (target.equals(sector))
-			return bPK;
-		
-		else {
-			Logger.error("Decrypted bPK does not match to request bPK target.");
-			return null;
-		}		
-	}
-        
-    private String calculatebPKwbPK(String basisbegriff) throws BuildException {
-    	try {
-            MessageDigest md = MessageDigest.getInstance("SHA-1");
-            byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
-            String hashBase64 = Base64Utils.encode(hash);
-            return hashBase64;
-            
-        } catch (Exception ex) {
-            throw new BuildException("builder.00", new Object[]{"bPK/wbPK", ex.toString()}, ex);
-        }
-    	
-    }
-    
-	private static byte[] encrypt(byte[] inputBytes, PublicKey publicKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
-		byte[] result;
-		Cipher cipher = null;
-		try {
-			cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle
-		} catch(NoSuchAlgorithmException e) {
-			cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider
-		}
-		cipher.init(Cipher.ENCRYPT_MODE, publicKey);
-		result = cipher.doFinal(inputBytes);
-		
-		return result;
-	}
-
-	private static byte[] decrypt(byte[] encryptedBytes, PrivateKey privateKey) 
-			throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{
-		byte[] result;
-		Cipher cipher = null;
-		try {
-			cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle
-		} catch(NoSuchAlgorithmException e) {
-			cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider
-		}
-		cipher.init(Cipher.DECRYPT_MODE, privateKey);
-		result = cipher.doFinal(encryptedBytes);
-		return result;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
index aa462c480..3dfba9cca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
@@ -10,12 +10,13 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.Identificati
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
 import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
 import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
 import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator;
 import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -97,7 +98,7 @@ public class MOAIDSubjectNameIdGenerator implements ISubjectNameIdGenerator {
 				try {
 					return new BPKBuilder().generateAreaSpecificPersonIdentifier(bpk, spConfig.getAreaSpecificTargetIdentifier());
 										
-				} catch (BuildException e) {
+				} catch (EAAFBuilderException e) {
 					Logger.warn("Can NOT generate SubjectNameId." , e);
 					throw new ResponderErrorException("pvp2.01", null);
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index d23e32c81..926bfe242 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -48,13 +48,13 @@ import java.util.Map;
 
 import org.apache.commons.collections4.map.HashedMap;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -618,17 +618,17 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object)
 	 */
 	@Override
-	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
+	public void setGenericDataToSession(String key, Object object) throws EAAFStorageException {
 		if (MiscUtil.isEmpty(key)) {
 			Logger.warn("Generic session-data can not be stored with a 'null' key");
-			throw new SessionDataStorageException("Generic session-data can not be stored with a 'null' key", null);
+			throw new EAAFStorageException("Generic session-data can not be stored with a 'null' key");
 			
 		}
 		
 		if (object != null) {
 			if (!Serializable.class.isInstance(object)) {
 				Logger.warn("Generic session-data can only store objects which implements the 'Seralizable' interface");
-				throw new SessionDataStorageException("Generic session-data can only store objects which implements the 'Seralizable' interface", null);
+				throw new EAAFStorageException("Generic session-data can only store objects which implements the 'Seralizable' interface");
 				
 			}						
 		}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
index fb584047e..aea6f26fb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
@@ -26,79 +26,35 @@ import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.Collections;
-import java.util.Date;
-import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
 import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
 import iaik.x509.X509Certificate;
 
 /**
  * @author tlenz
  * 
  */
-public class AuthenticationSessionWrapper implements IAuthenticationSession, AuthProzessDataConstants {
+public class AuthenticationSessionWrapper extends AuthProcessDataWrapper implements IAuthenticationSession, AuthProzessDataConstants {
 
-		
-	private Map<String, Object> sessionData;
 	
 	/**
 	 * @param genericDataStorage
 	 */
 	public AuthenticationSessionWrapper(Map<String, Object> genericDataStorage) {
-		this.sessionData = genericDataStorage;
-	}
-	
-	private <T> T wrapStringObject(String key, Object defaultValue, Class<T> clazz) {		
-		if (MiscUtil.isNotEmpty(key)) {
-			Object obj = sessionData.get(key);
-			if (obj != null && clazz.isInstance(obj))
-				return (T) obj;
-		}
+		super(genericDataStorage);
 		
-		if (defaultValue == null)
-			return null;
-		
-		else if (clazz.isInstance(defaultValue))
-			return (T)defaultValue;
-			
-		else {
-			Logger.error("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName());
-			throw new IllegalStateException("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName());
-				
-		}		
 	}
+		
 	
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated()
-	 */
-	@Override
-	public boolean isAuthenticated() {
-		return wrapStringObject(FLAG_IS_AUTHENTICATED, false, Boolean.class);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthenticated(boolean)
-	 */
-	@Override
-	public void setAuthenticated(boolean authenticated) {
-		sessionData.put(FLAG_IS_AUTHENTICATED, authenticated);
-
-	}
-
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate()
 	 */
@@ -133,7 +89,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	@Override
 	public void setSignerCertificate(X509Certificate signerCertificate) {
 		try {
-			sessionData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded());
+			authProcessData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded());
 			
 		}catch (CertificateEncodingException e) {
 			Logger.warn("Signer certificate can not be stored to session database!", e);
@@ -141,15 +97,6 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIdentityLink()
-	 */
-	@Override
-	public IIdentityLink getIdentityLink() {
-		return wrapStringObject(VALUE_IDENTITYLINK, null, IIdentityLink.class);
-		
-	}
-
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID()
 	 */
@@ -159,21 +106,12 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 				
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIdentityLink(at.gv.egovernment.moa.id.auth.data.IdentityLink)
-	 */
-	@Override
-	public void setIdentityLink(IIdentityLink identityLink) {
-		sessionData.put(VALUE_IDENTITYLINK, identityLink);
-
-	}
-
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String)
 	 */
 	@Override
 	public void setSSOSessionID(String sessionId) {
-		sessionData.put(ISSOManager.AUTH_DATA_SSO_SESSIONID, sessionId);
+		authProcessData.put(ISSOManager.AUTH_DATA_SSO_SESSIONID, sessionId);
 
 	}
 
@@ -190,7 +128,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setBkuURL(String bkuURL) {
-		sessionData.put(VALUE_BKUURL, bkuURL);
+		authProcessData.put(VALUE_BKUURL, bkuURL);
 
 	}
 
@@ -207,7 +145,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setAuthBlock(String authBlock) {
-		sessionData.put(VALUE_AUTHBLOCK, authBlock);
+		authProcessData.put(VALUE_AUTHBLOCK, authBlock);
 
 	}
 
@@ -224,7 +162,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setExtendedSAMLAttributesAUTH(List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH) {
-		sessionData.put(VALUE_EXTENTEDSAMLATTRAUTH, extendedSAMLAttributesAUTH);
+		authProcessData.put(VALUE_EXTENTEDSAMLATTRAUTH, extendedSAMLAttributesAUTH);
 
 	}
 
@@ -241,7 +179,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setExtendedSAMLAttributesOA(List<ExtendedSAMLAttribute> extendedSAMLAttributesOA) {
-		sessionData.put(VALUE_EXTENTEDSAMLATTROA, extendedSAMLAttributesOA);
+		authProcessData.put(VALUE_EXTENTEDSAMLATTROA, extendedSAMLAttributesOA);
 
 	}
 
@@ -258,24 +196,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
-		sessionData.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant()
-	 */
-	@Override
-	public String getIssueInstant() {
-		return wrapStringObject(VALUE_ISSUEINSTANT, null, String.class);
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant(java.lang.String)
-	 */
-	@Override
-	public void setIssueInstant(String issueInstant) {
-		sessionData.put(VALUE_ISSUEINSTANT, issueInstant);
+		authProcessData.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk);
 
 	}
 
@@ -291,29 +212,12 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandates(boolean)
-	 */
-	@Override
-	public void setUseMandates(boolean useMandates) {
-		sessionData.put(FLAG_USE_MANDATE, useMandates);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isMandateUsed()
-	 */
-	@Override
-	public boolean isMandateUsed() {
-		return wrapStringObject(FLAG_USE_MANDATE, false, Boolean.class);
-	}
-
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISSessionID(java.lang.String)
 	 */
 	@Override
 	public void setMISSessionID(String misSessionID) {
-		sessionData.put(VALUE_MISSESSIONID, misSessionID);
+		authProcessData.put(VALUE_MISSESSIONID, misSessionID);
 
 	}
 
@@ -338,24 +242,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setMandateReferenceValue(String mandateReferenceValue) {
-		sessionData.put(VALUE_MISREFVALUE, mandateReferenceValue);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isForeigner()
-	 */
-	@Override
-	public boolean isForeigner() {
-		return wrapStringObject(FLAG_IS_FOREIGNER, false, Boolean.class);
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setForeigner(boolean)
-	 */
-	@Override
-	public void setForeigner(boolean isForeigner) {
-		sessionData.put(FLAG_IS_FOREIGNER, isForeigner);
+		authProcessData.put(VALUE_MISREFVALUE, mandateReferenceValue);
 
 	}
 
@@ -372,7 +259,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse) {
-		sessionData.put(VALUE_VERIFYSIGRESP, xMLVerifySignatureResponse);
+		authProcessData.put(VALUE_VERIFYSIGRESP, xMLVerifySignatureResponse);
 
 	}
 
@@ -389,27 +276,10 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setMISMandate(IMISMandate mandate) {
-		sessionData.put(VALUE_MISMANDATE, mandate);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isOW()
-	 */
-	@Override
-	public boolean isOW() {
-		return wrapStringObject(FLAG_IS_ORGANWALTER, false, Boolean.class);
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setOW(boolean)
-	 */
-	@Override
-	public void setOW(boolean isOW) {
-		sessionData.put(FLAG_IS_ORGANWALTER, isOW);
+		authProcessData.put(VALUE_MISMANDATE, mandate);
 
 	}
-
+	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlockTokken()
 	 */
@@ -423,78 +293,13 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setAuthBlockTokken(String authBlockTokken) {
-		sessionData.put(VALUE_AUTNBLOCKTOKKEN, authBlockTokken);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getQAALevel()
-	 */
-	@Override
-	public String getQAALevel() {
-		return wrapStringObject(VALUE_QAALEVEL, null, String.class);
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setQAALevel(java.lang.String)
-	 */
-	@Override
-	public void setQAALevel(String qAALevel) {
-		sessionData.put(VALUE_QAALEVEL, qAALevel);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated()
-	 */
-	@Override
-	public Date getSessionCreated() {
-		return wrapStringObject(EAAFConstants.AUTH_DATA_CREATED, null, Date.class);
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericSessionDataStorage()
-	 */
-	@Override
-	public Map<String, Object> getGenericSessionDataStorage() {
-		Map<String, Object> result = new HashMap<String, Object>();		
-		for (String el : sessionData.keySet()) {
-			if (el.startsWith(GENERIC_PREFIX))
-				result.put(el.substring(GENERIC_PREFIX.length()), sessionData.get(el));
-			
-		}
-		
-		return result;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String)
-	 */
-	@Override
-	public Object getGenericDataFromSession(String key) {
-		return sessionData.get(GENERIC_PREFIX + key); 
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String, java.lang.Class)
-	 */
-	@Override
-	public <T> T getGenericDataFromSession(String key, Class<T> clazz) {
-		return wrapStringObject(GENERIC_PREFIX + key, null, clazz);
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object)
-	 */
-	@Override
-	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
-		sessionData.put(GENERIC_PREFIX + key, object);
+		authProcessData.put(VALUE_AUTNBLOCKTOKKEN, authBlockTokken);
 
 	}
 
 	@Override
 	public Map<String, Object> getKeyValueRepresentationFromAuthSession() {
-		return Collections.unmodifiableMap(sessionData);
+		return Collections.unmodifiableMap(authProcessData);
 		
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
deleted file mode 100644
index 2690bc2cc..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
+++ /dev/null
@@ -1,312 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.data;
-
-import java.io.IOException;
-import java.io.Serializable;
-import java.security.PublicKey;
-
-import javax.xml.transform.TransformerException;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
-import at.gv.egovernment.moa.util.DOMUtils;
-
-
-/**
- * Data contained in an identity link issued by BMI, relevant to the MOA ID component.
- * <br><code>"IdentityLink"</code> is the translation of <code>"Personenbindung"</code>.
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class IdentityLink implements Serializable, IIdentityLink{
-
-	private static final long serialVersionUID = 1L;
-	
-	/**
-	 * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
-	 */
-	private String identificationValue;
-	/**
-	* <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
-	*/
-	private String identificationType;
-	/**
-	 * first name
-	 */
-	private String givenName;
-	/**
-	 * family name
-	 */
-	private String familyName;
-  
-  /**
-   * The name as (givenName + familyName)
-   */
-  private String name;
-	/**
-	 * date of birth
-	 */
-	private String dateOfBirth;
-  /**
-   * the original saml:Assertion-Element
-   */
-	private Element samlAssertion;
-  /**
-   * the serializes saml:Assertion
-   */
-  private String serializedSamlAssertion;
-	/**
-	 * Element /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person
-	 */
-	private Element prPerson;
-  /**
-   * we need for each dsig:Reference Element all
-   * transformation elements
-   */
-  private Element[] dsigReferenceTransforms;
-  
-  /**
-   * The issuing time of the identity link SAML assertion.
-   */
-  private String issueInstant;
-
-  /**
-   * we need all public keys stored in 
-   * the identity link
-   */
-  private PublicKey[] publicKey;
-
-	/**
-	 * Constructor for IdentityLink
-	 */
-	public IdentityLink() {
-	}
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDateOfBirth()
- */
-  @Override
-public String getDateOfBirth() {
-    return dateOfBirth;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getFamilyName()
- */
-  @Override
-public String getFamilyName() {
-    return familyName;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getGivenName()
- */
-  @Override
-public String getGivenName() {
-    return givenName;
-  }
-  
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getName()
- */
-  @Override
-public String getName() {
-    if (name == null) {
-      name = givenName + " " + familyName;
-    }
-    return name;
-  }
-  
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationValue()
- */
-  @Override
-public String getIdentificationValue() {
-    return identificationValue;
-  }
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationType()
-	 */
-	@Override
-	public String getIdentificationType() {
-		return identificationType;
-	}
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDateOfBirth(java.lang.String)
- */
-  @Override
-public void setDateOfBirth(String dateOfBirth) {
-    this.dateOfBirth = dateOfBirth;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setFamilyName(java.lang.String)
- */
-  @Override
-public void setFamilyName(String familyName) {
-    this.familyName = familyName;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setGivenName(java.lang.String)
- */
-  @Override
-public void setGivenName(String givenName) {
-    this.givenName = givenName;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationValue(java.lang.String)
- */
-  @Override
-public void setIdentificationValue(String identificationValue) {
-    this.identificationValue = identificationValue;
-  }
-  
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationType(java.lang.String)
-	 */
-	@Override
-	public void setIdentificationType(String identificationType) {
-		this.identificationType = identificationType;
-	}
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSamlAssertion()
- */
-  @Override
-public Element getSamlAssertion() {
-    return samlAssertion;
-  }
-  
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSerializedSamlAssertion()
- */
-  @Override
-public String getSerializedSamlAssertion() {
-    return serializedSamlAssertion;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setSamlAssertion(org.w3c.dom.Element)
- */
-  @Override
-public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException {
-    this.samlAssertion = samlAssertion;
-    this.serializedSamlAssertion = DOMUtils.serializeNode(samlAssertion);    
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDsigReferenceTransforms()
- */
-  @Override
-public Element[] getDsigReferenceTransforms() {
-    return dsigReferenceTransforms;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDsigReferenceTransforms(org.w3c.dom.Element[])
- */
-  @Override
-public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) {
-    this.dsigReferenceTransforms = dsigReferenceTransforms;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPublicKey()
- */
-  @Override
-public PublicKey[] getPublicKey() {
-    return publicKey;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPublicKey(java.security.PublicKey[])
- */
-  @Override
-public void setPublicKey(PublicKey[] publicKey) {
-    this.publicKey = publicKey;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPrPerson()
- */
-  @Override
-public Element getPrPerson() {
-    return prPerson;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPrPerson(org.w3c.dom.Element)
- */
-  @Override
-public void setPrPerson(Element prPerson) {
-    this.prPerson = prPerson;
-  }
-  
-   /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIssueInstant()
- */
-  @Override
-public String getIssueInstant() {
-    return issueInstant;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIssueInstant(java.lang.String)
- */
-  @Override
-public void setIssueInstant(String issueInstant) {
-    this.issueInstant = issueInstant;
-  }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
index 8f7364f62..3ff22b84d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
@@ -58,15 +58,15 @@ import java.util.List;
 import org.w3c.dom.Element;
 import org.w3c.dom.traversal.NodeIterator;
 
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.IdentityLink;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.exception.ECDSAConverterException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * Parses an identity link <code>&lt;saml:Assertion&gt;</code>
@@ -259,7 +259,7 @@ public class IdentityLinkAssertionParser {
 
   public IIdentityLink parseIdentityLink() throws ParseException {
     IIdentityLink identityLink;
-    try {
+    try { 
       identityLink = new IdentityLink();
       identityLink.setSamlAssertion(assertionElem);
       identityLink.setIssueInstant(assertionElem.getAttribute(ISSUE_INSTANT_ATTR));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
index b54a43fff..e6b4e9bb8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -54,12 +54,12 @@ import java.io.InputStream;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * Parses a <code>&lt;VerifyXMLSignatureResponse&gt;</code> returned by
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
index 89e543209..97d1e7132 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
@@ -909,12 +909,6 @@ public boolean containsConfigurationKey(String arg0) {
 }
 
 
-@Override
-public String getConfigurationValue(String arg0) {
-	return spConfiguration.getConfigurationValue(arg0);
-}
-
-
 @Override
 public Map<String, String> getFullConfiguration() {
 	return spConfiguration.getFullConfiguration();
@@ -951,4 +945,41 @@ public String getMinimumLevelOfAssurence() {
 }
 
 
+@Override
+public String getConfigurationValue(String key) {
+	return spConfiguration.getConfigurationValue(key);
+}
+
+@Override
+public String getConfigurationValue(String key, String defaultValue) {
+	String value = getConfigurationValue(key);
+	if (value == null)
+		return defaultValue;
+	else
+		return value;
+}
+
+
+@Override
+public Boolean isConfigurationValue(String key) {
+	String value = getConfigurationValue(key);
+	if (value == null)
+		return Boolean.parseBoolean(value);
+
+	return null;
+	
+}
+
+
+@Override
+public boolean isConfigurationValue(String key, boolean defaultValue) {
+	String value = getConfigurationValue(key);
+	if (value == null)
+		return Boolean.parseBoolean(value);
+	else
+		return defaultValue;
+	
+}
+
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index 11932f52a..76a53ee40 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -559,5 +559,23 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 		return getQaaLevel();
 	}
 
+	@Override
+	public String getConfigurationValue(String arg0, String arg1) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Boolean isConfigurationValue(String arg0) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isConfigurationValue(String arg0, boolean arg1) {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
index b8dccfa65..ff4b96aab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
@@ -5,7 +5,6 @@ import java.util.List;
 import org.w3c.dom.Element;
 
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 
 public interface IMOAAuthData extends IAuthData{
@@ -18,8 +17,7 @@ public interface IMOAAuthData extends IAuthData{
 	  */
 	 String getQAALevel();
 	 
-	 List<String> getEncbPKList();	 
-	 IIdentityLink getIdentityLink();	 
+	 List<String> getEncbPKList();	 	 
      byte[] getSignerCertificate();
 	 String getAuthBlock();	 
 	 boolean isPublicAuthority();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java
index 25d50f57a..d1e1e5c60 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java
@@ -51,10 +51,10 @@ import java.io.Serializable;
 import org.w3c.dom.Element;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class MISMandate implements Serializable, IMISMandate{
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index e0dd30db3..b5d46fea3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -28,14 +28,14 @@ import java.util.List;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 
@@ -47,7 +47,6 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class MOAAuthenticationData extends AuthenticationData implements IMOAAuthData, Serializable {
 
 	private static final long serialVersionUID = 1L;
-	private IIdentityLink identityLink;
 	private boolean qualifiedCertificate;
 	private boolean publicAuthority;
 	private String publicAuthorityCode;
@@ -70,8 +69,9 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 
 	private LoALevelMapper loaMapper;
 	
-	public MOAAuthenticationData(LoALevelMapper loaMapper) {	
-		this.loaMapper = loaMapper;
+	public MOAAuthenticationData(ILoALevelMapper loaMapper) {
+		if (loaMapper instanceof LoALevelMapper)
+			this.loaMapper = (LoALevelMapper) loaMapper;
 		
 	}
 	
@@ -82,19 +82,22 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	public String getQAALevel() {
 		if (this.QAALevel != null && 
 				this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
-			String mappedQAA = loaMapper.mapeIDASQAAToSTORKQAA(this.QAALevel);
-			if (MiscUtil.isNotEmpty(mappedQAA))
-				return mappedQAA;
-			
-			else {
-				Logger.error("eIDAS QAA-level:" + this.QAALevel 
-						+ " can not be mapped to STORK QAA-level! Use "
+			if (loaMapper != null) {
+				String mappedQAA = loaMapper.mapeIDASQAAToSTORKQAA(this.QAALevel);
+				if (MiscUtil.isNotEmpty(mappedQAA))
+					return mappedQAA;
+				else {
+					Logger.error("eIDAS QAA-level:" + this.QAALevel 
+							+ " can not be mapped to STORK QAA-level! Use "
+							+ PVPConstants.STORK_QAA_1_1 + " as default value.");					
+				}
+							
+			} else
+				Logger.error("NO LoALevelMapper found. Use "
 						+ PVPConstants.STORK_QAA_1_1 + " as default value.");
-				return PVPConstants.STORK_QAA_1_1;
-				
-			}
-			
 			
+			return PVPConstants.STORK_QAA_1_1;
+										
 		} else
 			return this.QAALevel;
 		
@@ -106,18 +109,6 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	}
 
 	
-	@Override
-	public IIdentityLink getIdentityLink() {
-		return identityLink;
-	}
-
-	/**
-	 * @param identityLink the identityLink to set
-	 */
-	public void setIdentityLink(IIdentityLink identityLink) {
-		this.identityLink = identityLink;
-	}
-
 	@Override
 	public byte[] getSignerCertificate() {
 		return signerCertificate;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
deleted file mode 100644
index 2c0a9fe74..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import java.io.IOException;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.util.Base64Utils;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.id.data.IMOAAuthData;
-
-
-
-public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder {
-	private static final Logger log = LoggerFactory.getLogger(EIDIdentityLinkBuilder.class);
-	
-	
-	public String getName() {
-		return EID_IDENTITY_LINK_NAME;
-	}
-
-	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		try {
-			String ilAssertion = null;			
-			if (authData instanceof IMOAAuthData 
-					&&  ((IMOAAuthData)authData).getIdentityLink() == null)
-				throw new UnavailableAttributeException(EID_IDENTITY_LINK_NAME);
-			
-			ilAssertion = ((IMOAAuthData)authData).getIdentityLink().getSerializedSamlAssertion();
-			
-			return g.buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
-					EID_IDENTITY_LINK_NAME, Base64Utils.encodeToString(ilAssertion.getBytes("UTF-8")));
-			
-			
-		} catch (IOException e) {
-			log.warn("IdentityLink serialization error.", e);
-			return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
-					EID_IDENTITY_LINK_NAME);
-		}
-		
-	}
-
-	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
-		return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
-				EID_IDENTITY_LINK_NAME);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
index 171dfe2d9..af96a9459 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -33,10 +33,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 
 public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder {
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index b2a2aad88..af64ffe64 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -32,9 +32,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -91,7 +92,7 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
 			}
 			
 		}
-		catch (BuildException | ConfigurationException e) {
+		catch (BuildException | ConfigurationException | EAAFBuilderException e) {
 			Logger.error("Failed to generate IdentificationType");
 			throw new NoMandateDataAttributeException();
 			
@@ -105,7 +106,7 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
 		return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME);
 	}
 	
-	protected Pair<String, String> internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException {		
+	protected Pair<String, String> internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException {		
 		//get PVP attribute directly, if exists 
 		Pair<String, String> calcResult = null;
 		if (authData instanceof IMOAAuthData) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
index 16b179d89..75ca2ccdf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
@@ -33,11 +33,11 @@ import org.opensaml.saml2.metadata.provider.FilterException;
 import org.opensaml.saml2.metadata.provider.MetadataFilter;
 import org.opensaml.xml.XMLObject;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
index 81041260c..d8114f19d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
@@ -35,6 +35,7 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -57,7 +58,6 @@ import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
 import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
 import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class IdentityLinkReSigner {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 885d03fd8..397e28bc2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -62,13 +62,13 @@ import javax.xml.parsers.ParserConfigurationException;
 
 import org.xml.sax.SAXException;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index a1fd81eb2..14d4d9fb6 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -1,4 +1,3 @@
-at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder
diff --git a/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java b/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
index b0494534a..b1f8fe593 100644
--- a/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
+++ b/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
@@ -54,10 +54,10 @@ import javax.xml.transform.TransformerException;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.StreamUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 import iaik.ixsil.algorithms.Transform;
 import iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML;
 import iaik.ixsil.exceptions.AlgorithmException;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java
index 439138645..31a0573b6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java
@@ -22,39 +22,25 @@
  */
 package at.gv.egovernment.moa.id.commons.api.data;
 
+import at.gv.egiz.eaaf.core.api.idp.EAAFAuthProcessDataConstants;
+
 /**
  * @author tlenz
  *
  */
-public interface AuthProzessDataConstants {
-	
-	public static final String GENERIC_PREFIX 					= "generic_";
-	
+public interface AuthProzessDataConstants extends EAAFAuthProcessDataConstants { 
 	
-	public static final String FLAG_IS_FOREIGNER 				= "direct_flagIsForeigner";
-	public static final String FLAG_USE_MANDATE 				= "direct_flagUseMandate";
-	public static final String FLAG_IS_ORGANWALTER 				= "direct_flagOrganwalter";
-	public static final String FLAG_IS_AUTHENTICATED 			= "direct_flagIsAuth";
 	public static final String FLAG_SAMLATTRIBUTEGEBEORWBPK 	= "direct_SAMLAttributeGebeORwbpk";
 	
-
-	public static final String VALUE_ISSUEINSTANT 				= "direct_issueInstant";
-	
 	public static final String VALUE_SIGNER_CERT 				= "direct_signerCert";
 	public static final String VALUE_IDENTITYLINK 				= "direct_idl";	
 	public static final String VALUE_BKUURL 					= "direct_bkuUrl";
 	public static final String VALUE_AUTHBLOCK 					= "direct_authBlock";
 	
 	public static final String VALUE_AUTNBLOCKTOKKEN 			= "direct_authblocktokken";
-	public static final String VALUE_QAALEVEL 					= "direct_qaaLevel";
-	public static final String VALUE_VERIFYSIGRESP 				= "direct_verifySigResp";
-	
+	public static final String VALUE_VERIFYSIGRESP 				= "direct_verifySigResp";	
 	public static final String VALUE_MISSESSIONID 				= "direct_MIS_SessionId";
 	public static final String VALUE_MISREFVALUE 				= "direct_MIS_RefValue";
-	public static final String VALUE_MISMANDATE 				= "direct_MIS_Mandate";
-	
-	
-
 	
 	@Deprecated
 	public static final String VALUE_EXTENTEDSAMLATTRAUTH 		= "direct_extSamlAttrAuth";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java
index 8cb2b31bc..1d54af7c8 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java
@@ -22,22 +22,17 @@
  */
 package at.gv.egovernment.moa.id.commons.api.data;
 
-import java.util.Date;
 import java.util.List;
 import java.util.Map;
 
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
 import iaik.x509.X509Certificate;
 
 /**
  * @author tlenz
  *
  */
-public interface IAuthenticationSession {
-
-	boolean isAuthenticated();
-
-	void setAuthenticated(boolean authenticated);
+public interface IAuthenticationSession extends IAuthProcessDataContainer {
 
 	X509Certificate getSignerCertificate();
 
@@ -45,13 +40,6 @@ public interface IAuthenticationSession {
 
 	void setSignerCertificate(X509Certificate signerCertificate);
 
-	/**
-	 * Returns the identityLink.
-	 * 
-	 * @return IdentityLink
-	 */
-	IIdentityLink getIdentityLink();
-
 	/**
 	 * Returns the sessionID.
 	 * 
@@ -59,14 +47,7 @@ public interface IAuthenticationSession {
 	 */
 	String getSSOSessionID();
 
-	/**
-	 * Sets the identityLink.
-	 * 
-	 * @param identityLink
-	 *            The identityLink to set
-	 */
-	void setIdentityLink(IIdentityLink identityLink);
-
+	
 	/**
 	 * Sets the sessionID.
 	 * 
@@ -158,20 +139,6 @@ public interface IAuthenticationSession {
 	 */
 	void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk);
 
-	/**
-	 * Returns the issuing time of the AUTH-Block SAML assertion.
-	 * 
-	 * @return The issuing time of the AUTH-Block SAML assertion.
-	 */
-	String getIssueInstant();
-
-	/**
-	 * Sets the issuing time of the AUTH-Block SAML assertion.
-	 * 
-	 * @param issueInstant
-	 *            The issueInstant to set.
-	 */
-	void setIssueInstant(String issueInstant);
 
 	/**
 	 * 
@@ -180,13 +147,6 @@ public interface IAuthenticationSession {
 	 */
 	void setUseMandate(String useMandate);
 
-	void setUseMandates(boolean useMandates);
-
-	/**
-	 * @return
-	 */
-	boolean isMandateUsed();
-
 	/**
 	 * 
 	 * @param misSessionID
@@ -212,9 +172,6 @@ public interface IAuthenticationSession {
 	 */
 	void setMandateReferenceValue(String mandateReferenceValue);
 
-	boolean isForeigner();
-
-	void setForeigner(boolean isForeigner);
 
 	IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse();
 
@@ -224,17 +181,6 @@ public interface IAuthenticationSession {
 
 	void setMISMandate(IMISMandate mandate);
 
-	/**
-	 * @return the isOW
-	 */
-	boolean isOW();
-
-	/**
-	 * @param isOW
-	 *            the isOW to set
-	 */
-	void setOW(boolean isOW);
-
 	/**
 	 * @return the authBlockTokken
 	 */
@@ -246,52 +192,6 @@ public interface IAuthenticationSession {
 	 */
 	void setAuthBlockTokken(String authBlockTokken);
 
-	/**
-	 * eIDAS QAA level
-	 * 
-	 * @return the qAALevel
-	 */
-	String getQAALevel();
-
-	/**
-	 * set QAA level in eIDAS form
-	 * 
-	 * @param qAALevel the qAALevel to set
-	 */
-	void setQAALevel(String qAALevel);
-
-	/**
-	 * @return the sessionCreated
-	 */
-	Date getSessionCreated();
-
-	Map<String, Object> getGenericSessionDataStorage();
-
-	/**
-	 * Returns a generic session-data object with is stored with a specific identifier 
-	 * 
-	 * @param key The specific identifier of the session-data object
-	 * @return The session-data object or null if no data is found with this key
-	 */
-	Object getGenericDataFromSession(String key);
-
-	/**
-	 * Returns a generic session-data object with is stored with a specific identifier 
-	 * 
-	 * @param key The specific identifier of the session-data object
-	 * @param clazz The class type which is stored with this key
-	 * @return The session-data object or null if no data is found with this key
-	 */
-	<T> T getGenericDataFromSession(String key, Class<T> clazz);
-
-	/**
-	 * Store a generic data-object to session with a specific identifier
-	 * 
-	 * @param key Identifier for this data-object
-	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
-	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
-	 */
-	void setGenericDataToSession(String key, Object object) throws SessionDataStorageException;
 	
 	/**
 	 * Generates a Key / Value representation from Authenticated session
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java
deleted file mode 100644
index 3a0ccd7c9..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.commons.api.data;
-
-import java.io.IOException;
-import java.security.PublicKey;
-
-import javax.xml.transform.TransformerException;
-
-import org.w3c.dom.Element;
-
-/**
- * @author tlenz
- *
- */
-public interface IIdentityLink {
-
-	/**
-	   * Returns the dateOfBirth.
-	   * @return Calendar
-	   */
-	String getDateOfBirth();
-
-	/**
-	   * Returns the familyName.
-	   * @return String
-	   */
-	String getFamilyName();
-
-	/**
-	   * Returns the givenName.
-	   * @return String
-	   */
-	String getGivenName();
-
-	/**
-	   * Returns the name.
-	   * @return The name.
-	   */
-	String getName();
-
-	/**
-	   * Returns the identificationValue.
-		 * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
-	   * @return String
-	   */
-	String getIdentificationValue();
-
-	/**
-	 * Returns the identificationType.
-	 * <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
-	 * @return String
-	 */
-	String getIdentificationType();
-
-	/**
-	   * Sets the dateOfBirth.
-	   * @param dateOfBirth The dateOfBirth to set
-	   */
-	void setDateOfBirth(String dateOfBirth);
-
-	/**
-	   * Sets the familyName.
-	   * @param familyName The familyName to set
-	   */
-	void setFamilyName(String familyName);
-
-	/**
-	   * Sets the givenName.
-	   * @param givenName The givenName to set
-	   */
-	void setGivenName(String givenName);
-
-	/**
-	   * Sets the identificationValue.
-		 * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
-	   * @param identificationValue The identificationValue to set
-	   */
-	void setIdentificationValue(String identificationValue);
-
-	/**
-	 * Sets the Type of the identificationValue.
-	 * @param identificationType The type of identificationValue to set
-	 */
-	void setIdentificationType(String identificationType);
-
-	/**
-	   * Returns the samlAssertion.
-	   * @return Element
-	   */
-	Element getSamlAssertion();
-
-	/**
-	   * Returns the samlAssertion.
-	   * @return Element
-	   */
-	String getSerializedSamlAssertion();
-
-	/**
-	   * Sets the samlAssertion and the serializedSamlAssertion.
-	   * @param samlAssertion The samlAssertion to set
-	   */
-	void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException;
-
-	/**
-	   * Returns the dsigReferenceTransforms.
-	   * @return Element[]
-	   */
-	Element[] getDsigReferenceTransforms();
-
-	/**
-	   * Sets the dsigReferenceTransforms.
-	   * @param dsigReferenceTransforms The dsigReferenceTransforms to set
-	   */
-	void setDsigReferenceTransforms(Element[] dsigReferenceTransforms);
-
-	/**
-	   * Returns the publicKey.
-	   * @return PublicKey[]
-	   */
-	PublicKey[] getPublicKey();
-
-	/**
-	   * Sets the publicKey.
-	   * @param publicKey The publicKey to set
-	   */
-	void setPublicKey(PublicKey[] publicKey);
-
-	/**
-	   * Returns the prPerson.
-	   * @return Element
-	   */
-	Element getPrPerson();
-
-	/**
-	   * Sets the prPerson.
-	   * @param prPerson The prPerson to set
-	   */
-	void setPrPerson(Element prPerson);
-
-	/**
-	   * Returns the issuing time of the identity link SAML assertion.
-	   *
-	   * @return The issuing time of the identity link SAML assertion.
-	   */
-	String getIssueInstant();
-
-	/**
-	   * Sets the issuing time of the identity link SAML assertion.
-	   *
-	   * @param issueInstant The issueInstant to set.
-	   */
-	void setIssueInstant(String issueInstant);
-
-}
\ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
deleted file mode 100644
index 62a168ac8..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ /dev/null
@@ -1,1263 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Set;
-import java.util.Vector;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.OutputKeys;
-import javax.xml.transform.Result;
-import javax.xml.transform.Source;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.apache.commons.io.IOUtils;
-import org.apache.xerces.parsers.DOMParser;
-import org.apache.xerces.parsers.SAXParser;
-import org.apache.xerces.parsers.XMLGrammarPreparser;
-import org.apache.xerces.util.SymbolTable;
-import org.apache.xerces.util.XMLGrammarPoolImpl;
-import org.apache.xerces.xni.grammars.XMLGrammarDescription;
-import org.apache.xerces.xni.grammars.XMLGrammarPool;
-import org.apache.xerces.xni.parser.XMLInputSource;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.DocumentFragment;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.xml.sax.EntityResolver;
-import org.xml.sax.ErrorHandler;
-import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Various utility functions for handling XML DOM trees.
- * 
- * The parsing methods in this class make use of some features internal to the
- * Xerces DOM parser, mainly for performance reasons. As soon as JAXP
- * (currently at version 1.2) is better at schema handling, it should be used as
- * the parser interface.
- * 
- * @author Patrick Peck
- * @version $Id$
- */
-public class DOMUtils {
-
-  /** Feature URI for namespace aware parsing. */
-  private static final String NAMESPACES_FEATURE =
-    "http://xml.org/sax/features/namespaces";
-  /** Feature URI for validating parsing. */
-  private static final String VALIDATION_FEATURE =
-    "http://xml.org/sax/features/validation";
-  /** Feature URI for schema validating parsing. */
-  private static final String SCHEMA_VALIDATION_FEATURE =
-    "http://apache.org/xml/features/validation/schema";
-  /** Feature URI for normalization of element/attribute values. */
-  private static final String NORMALIZED_VALUE_FEATURE =
-    "http://apache.org/xml/features/validation/schema/normalized-value";
-  /** Feature URI for parsing ignorable whitespace. */
-  private static final String INCLUDE_IGNORABLE_WHITESPACE_FEATURE =
-    "http://apache.org/xml/features/dom/include-ignorable-whitespace";
-  /** Feature URI for creating EntityReference nodes in the DOM tree. */
-  private static final String CREATE_ENTITY_REF_NODES_FEATURE =
-    "http://apache.org/xml/features/dom/create-entity-ref-nodes";
-  /** Property URI for providing external schema locations. */
-  private static final String EXTERNAL_SCHEMA_LOCATION_PROPERTY =
-    "http://apache.org/xml/properties/schema/external-schemaLocation";
-  /** Property URI for providing the external schema location for elements 
-   * without a namespace. */
-  private static final String EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY =
-    "http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation";
-  
-  private static final String EXTERNAL_GENERAL_ENTITIES_FEATURE =
-  	"http://xml.org/sax/features/external-general-entities";
-  
-  private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE =
-	  "http://xml.org/sax/features/external-parameter-entities";
-  
-  public static final String DISALLOW_DOCTYPE_FEATURE =
-		  "http://apache.org/xml/features/disallow-doctype-decl";
-  
-  
-  
-  /** Property URI for the Xerces grammar pool. */
-  private static final String GRAMMAR_POOL =
-    org.apache.xerces.impl.Constants.XERCES_PROPERTY_PREFIX
-      + org.apache.xerces.impl.Constants.XMLGRAMMAR_POOL_PROPERTY;
-  /** A prime number for initializing the symbol table. */
-  private static final int BIG_PRIME = 2039;
-  /** Symbol table for the grammar pool. */
-  private static SymbolTable symbolTable = new SymbolTable(BIG_PRIME);
-  /** Xerces schema grammar pool. */
-  private static XMLGrammarPool grammarPool = new XMLGrammarPoolImpl();
-  /** Set holding the NamespaceURIs of the grammarPool, to prevent multiple
-    * entries of same grammars to the pool */
-  private static Set grammarNamespaces; 
-
-  static {
-    grammarPool.lockPool();
-    grammarNamespaces = new HashSet();
-  }
-
-  /**
-   * Preparse a schema and add it to the schema pool.
-   * The method only adds the schema to the pool if a schema having the same
-   * <code>systemId</code> (namespace URI) is not already present in the pool.
-   * 
-   * @param inputStream An <code>InputStream</code> providing the contents of
-   * the schema.
-   * @param systemId The systemId (namespace URI) to use for the schema.
-   * @throws IOException An error occurred reading the schema.
-   */
-  public static void addSchemaToPool(InputStream inputStream, String systemId)
-    throws IOException {
-    XMLGrammarPreparser preparser;
-
-    if (!grammarNamespaces.contains(systemId)) { 
-
-      grammarNamespaces.add(systemId);
-    
-      // unlock the pool so that we can add another grammar
-      grammarPool.unlockPool();
-	
-      // prepare the preparser
-      preparser = new XMLGrammarPreparser(symbolTable);
-      preparser.registerPreparser(XMLGrammarDescription.XML_SCHEMA, null);
-      preparser.setProperty(GRAMMAR_POOL, grammarPool);
-      preparser.setFeature(NAMESPACES_FEATURE, true);
-      preparser.setFeature(VALIDATION_FEATURE, true);
-	
-      // add the grammar to the pool
-      preparser.preparseGrammar(
-      XMLGrammarDescription.XML_SCHEMA,
-        new XMLInputSource(null, systemId, null, inputStream, null));
-	
-      // lock the pool again so that schemas are not added automatically
-      grammarPool.lockPool();
-    }
-  }
-
-  /**
-   * Parse an XML document from an <code>InputStream</code>.
-   * 
-   * @param inputStream The <code>InputStream</code> containing the XML
-   * document.
-   * @param validating If <code>true</code>, parse validating.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @param entityResolver An <code>EntityResolver</code> to resolve external
-   * entities (schemas and DTDs). If <code>null</code>, it will not be set.
-   * @param errorHandler An <code>ErrorHandler</code> to decide what to do
-   * with parsing errors. If <code>null</code>, it will not be set.
-   * @return The parsed XML document as a DOM tree.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Document parseDocument(
-    InputStream inputStream,
-    boolean validating,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation,
-    EntityResolver entityResolver,
-    ErrorHandler errorHandler,
-    Map<String, Object> parserFeatures)
-    throws  SAXException, IOException, ParserConfigurationException {
-
-    DOMParser parser;
-
-//    class MyEntityResolver implements EntityResolver {
-//
-//		public InputSource resolveEntity(String publicId, String systemId)
-//				throws SAXException, IOException {
-//		    return new InputSource(new ByteArrayInputStream(new byte[0]));
-//		}
-//    }
-
-
-		//if Debug is enabled make a copy of inputStream to enable debug output in case of SAXException
-		byte buffer [] = null;
-		ByteArrayInputStream baStream = null;
-		if(true == Logger.isDebugEnabled()) {
-			buffer = IOUtils.toByteArray(inputStream);
-			baStream = new ByteArrayInputStream(buffer);
-			
-		}	
-		
-		
-		
-    // create the DOM parser
-    if (symbolTable != null) {
-      parser = new DOMParser(symbolTable, grammarPool);
-    } else {
-      parser = new DOMParser();
-    }
-    
-    // set parser features and properties
-    try {
-	    parser.setFeature(NAMESPACES_FEATURE, true);
-	    parser.setFeature(VALIDATION_FEATURE, validating);
-	    parser.setFeature(SCHEMA_VALIDATION_FEATURE, validating);
-	    parser.setFeature(NORMALIZED_VALUE_FEATURE, false);
-	    parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true);
-	    parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false);
-	    parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
-	    parser.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
-	    
-	    //set external added parser features
-	    if (parserFeatures != null) {
-	    	for (Entry<String, Object> el : parserFeatures.entrySet()) {
-	    		String key = el.getKey();
-	    		if (MiscUtil.isNotEmpty(key)) {
-	    			Object value = el.getValue();
-	    			if (value != null && value instanceof Boolean)	    		
-	    				parser.setFeature(key, (boolean)value);
-	    			
-	    			else
-	    				Logger.warn("This XML parser only allows features with 'boolean' values");
-	    			
-	    		} else 
-	    			Logger.warn("Can not set 'null' feature to XML parser");
-	    	}
-	    }
-	    
-	    //fix XXE problem
-	    //parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
-	    
-	
-	    if (validating) {
-	      if (externalSchemaLocations != null) {
-	        parser.setProperty(
-	          EXTERNAL_SCHEMA_LOCATION_PROPERTY,
-	          externalSchemaLocations);
-	      }
-	      if (externalNoNamespaceSchemaLocation != null) {
-	        parser.setProperty(
-	          EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY,
-	          externalNoNamespaceSchemaLocation);
-	      }
-	    }
-	
-	    // set entity resolver and error handler
-	    if (entityResolver != null) {
-	      parser.setEntityResolver(entityResolver);
-	    }
-	    if (errorHandler != null) {
-	      parser.setErrorHandler(errorHandler);
-	    }
-	
-	    // parse the document and return it
-	    // if debug is enabled: use copy of strem (baStream) else use orig stream
-	    if(null != baStream)
-	    	parser.parse(new InputSource(baStream));
-	    else 
-			parser.parse(new InputSource(inputStream));
-    } catch(SAXException e) {
-			if(true == Logger.isDebugEnabled() && null != buffer) {				
-				String xmlContent = new String(buffer);
-				Logger.debug("SAXException in:\n" + xmlContent);				 
-			} 
-		  throw(e);
-    }
-
-    return parser.getDocument();
-  }
-
-  /**
-   * Parse an XML document from an <code>InputStream</code>.
-   * 
-   * @param inputStream The <code>InputStream</code> containing the XML
-   * document.
-   * @param validating If <code>true</code>, parse validating.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @param entityResolver An <code>EntityResolver</code> to resolve external
-   * entities (schemas and DTDs). If <code>null</code>, it will not be set.
-   * @param errorHandler An <code>ErrorHandler</code> to decide what to do
-   * with parsing errors. If <code>null</code>, it will not be set.
-   * @return The parsed XML document as a DOM tree.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Document parseDocumentSimple(InputStream inputStream)
-    throws  SAXException, IOException, ParserConfigurationException {
-
-    DOMParser parser;
-			
-    parser = new DOMParser();
-    // set parser features and properties
-    parser.setFeature(NAMESPACES_FEATURE, true);
-    parser.setFeature(VALIDATION_FEATURE, false);
-    parser.setFeature(SCHEMA_VALIDATION_FEATURE, false);
-    parser.setFeature(NORMALIZED_VALUE_FEATURE, false);
-    parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true);
-    parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false);
-		
-    parser.parse(new InputSource(inputStream));
-    
-    return parser.getDocument();
-  }
-
-  
-  /**
-   * Parse an XML document from an <code>InputStream</code>.
-   * 
-   * It uses a <code>MOAEntityResolver</code> as the <code>EntityResolver</code>
-   * and a <code>MOAErrorHandler</code> as the <code>ErrorHandler</code>.
-   * 
-   * @param inputStream The <code>InputStream</code> containing the XML
-   * document.
-   * @param validating If <code>true</code>, parse validating.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
- * @param parserFeatures 
-   * @return The parsed XML document as a DOM tree.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Document parseDocument(
-    InputStream inputStream,
-    boolean validating,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation, Map<String, Object> parserFeatures)
-    throws SAXException, IOException, ParserConfigurationException {
-
-  
-	  
-    return parseDocument(
-      inputStream,
-      validating,
-      externalSchemaLocations,
-      externalNoNamespaceSchemaLocation,
-      new MOAEntityResolver(),
-      new MOAErrorHandler(),
-      parserFeatures);
-  }
-
-  /**
-   * Parse an XML document from a <code>String</code>.
-   * 
-   * It uses a <code>MOAEntityResolver</code> as the <code>EntityResolver</code>
-   * and a <code>MOAErrorHandler</code> as the <code>ErrorHandler</code>.
-   * 
-   * @param xmlString The <code>String</code> containing the XML document.
-   * @param encoding The encoding of the XML document.
-   * @param validating If <code>true</code>, parse validating.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @return The parsed XML document as a DOM tree.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Document parseDocument(
-    String xmlString,
-    String encoding,
-    boolean validating,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation,
-    Map<String, Object> parserFeatures)
-    throws SAXException, IOException, ParserConfigurationException {
-
-    InputStream in = new ByteArrayInputStream(xmlString.getBytes(encoding));
-    return parseDocument(
-      in,
-      validating,
-      externalSchemaLocations,
-      externalNoNamespaceSchemaLocation,
-      parserFeatures);
-  }
-  
-  
-  /**
-   * Parse an XML document from a <code>String</code>.
-   * 
-   * It uses a <code>MOAEntityResolver</code> as the <code>EntityResolver</code>
-   * and a <code>MOAErrorHandler</code> as the <code>ErrorHandler</code>.
-   * 
-   * @param xmlString The <code>String</code> containing the XML document.
-   * @param encoding The encoding of the XML document.
-   * @param validating If <code>true</code>, parse validating.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @return The parsed XML document as a DOM tree.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Document parseDocument(
-    String xmlString,
-    String encoding,
-    boolean validating,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation)
-    throws SAXException, IOException, ParserConfigurationException {
-
-    InputStream in = new ByteArrayInputStream(xmlString.getBytes(encoding));
-    return parseDocument(
-      in,
-      validating,
-      externalSchemaLocations,
-      externalNoNamespaceSchemaLocation,
-      null);
-  }
-
-  /**
-   * Parse an UTF-8 encoded XML document from a <code>String</code>.
-   * 
-   * @param xmlString The <code>String</code> containing the XML document.
-   * @param validating If <code>true</code>, parse validating.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @return The parsed XML document as a DOM tree.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Document parseDocument(
-    String xmlString,
-    boolean validating,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation)
-    throws SAXException, IOException, ParserConfigurationException {
-
-    return parseDocument(
-      xmlString,
-      "UTF-8",
-      validating,
-      externalSchemaLocations,
-      externalNoNamespaceSchemaLocation);
-  }
-
-  /**
-   * A convenience method to parse an XML document validating.
-   * 
-   * @param inputStream The <code>InputStream</code> containing the XML
-   * document.
-   * @return The root element of the parsed XML document.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Element parseXmlValidating(InputStream inputStream)
-    throws ParserConfigurationException, SAXException, IOException {
-    return DOMUtils
-      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, null)
-      .getDocumentElement();
-  }
-  
-  /**
-   * A convenience method to parse an XML document validating.
-   * 
-   * @param inputStream The <code>InputStream</code> containing the XML
-   * document.
-   * @param parserFeatures Set additional features to XML parser
-   * @return The root element of the parsed XML document.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Element parseXmlValidating(InputStream inputStream, Map<String, Object> parserFeatures)
-    throws ParserConfigurationException, SAXException, IOException {
-    return DOMUtils
-      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, parserFeatures)
-      .getDocumentElement();
-  }
-  
-  /**
-   * A convenience method to parse an XML document non validating.
-   * This method disallow DocType declarations 
-   * 
-   * @param inputStream The <code>InputStream</code> containing the XML
-   * document.
-   * @return The root element of the parsed XML document.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Element parseXmlNonValidating(InputStream inputStream)
-    throws ParserConfigurationException, SAXException, IOException {	  
-    return DOMUtils
-      .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null, 
-    		  Collections.unmodifiableMap(new HashMap<String, Object>() {
-    			  private static final long serialVersionUID = 1L;
-    			  {	
-    				  put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
-				
-    			  }
-    		  })).getDocumentElement();
-  }
-
-  /**
-   * Schema validate a given DOM element.
-   * 
-   * @param element The element to validate.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @return <code>true</code>, if the <code>element</code> validates against
-   * the schemas declared in it.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document from its
-   * serialized representation.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * @throws TransformerException An error occurred serializing the element.
-   */
-  public static boolean validateElement(
-    Element element,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation)
-    throws
-      ParserConfigurationException,
-      IOException,
-      SAXException,
-      TransformerException {
-
-    byte[] docBytes;
-    SAXParser parser;
-
-    // create the SAX parser
-    if (symbolTable != null) {
-      parser = new SAXParser(symbolTable, grammarPool);
-    } else {
-      parser = new SAXParser();
-    }
-
-    // serialize the document
-    docBytes = serializeNode(element, "UTF-8");
-
-    // set up parser features and attributes
-    parser.setFeature(NAMESPACES_FEATURE, true);
-    parser.setFeature(VALIDATION_FEATURE, true);
-    parser.setFeature(SCHEMA_VALIDATION_FEATURE, true);
-    parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
-    parser.setFeature(DISALLOW_DOCTYPE_FEATURE, true);
-    
-    
-    if (externalSchemaLocations != null) {
-      parser.setProperty(
-        EXTERNAL_SCHEMA_LOCATION_PROPERTY,
-        externalSchemaLocations);
-    }
-    if (externalNoNamespaceSchemaLocation != null) {
-      parser.setProperty(
-        EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY,
-        "externalNoNamespaceSchemaLocation");
-    }
-
-    // set up entity resolver and error handler
-    parser.setEntityResolver(new MOAEntityResolver());
-    parser.setErrorHandler(new MOAErrorHandler());
-
-    // parse validating
-    parser.parse(new InputSource(new ByteArrayInputStream(docBytes)));
-    return true;
-  }
-
-  
-  /**
-   * Schema validate a given DOM element.
-   * 
-   * @param element The element to validate.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @return <code>true</code>, if the <code>element</code> validates against
-   * the schemas declared in it.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document from its
-   * serialized representation.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * @throws TransformerException An error occurred serializing the element.
-   */
-  public static boolean validateElement(
-    Element element,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation,
-    EntityResolver entityResolver)
-    throws
-      ParserConfigurationException,
-      IOException,
-      SAXException,
-      TransformerException {
-
-    byte[] docBytes;
-    SAXParser parser;
-
-    // create the SAX parser
-    if (symbolTable != null) {
-      parser = new SAXParser(symbolTable, grammarPool);
-    } else {
-      parser = new SAXParser();
-    }
-
-    // serialize the document
-    docBytes = serializeNode(element, "UTF-8");
-
-    // set up parser features and attributes
-    parser.setFeature(NAMESPACES_FEATURE, true);
-    parser.setFeature(VALIDATION_FEATURE, true);
-    parser.setFeature(SCHEMA_VALIDATION_FEATURE, true);
-    
-    if (externalSchemaLocations != null) {
-      parser.setProperty(
-        EXTERNAL_SCHEMA_LOCATION_PROPERTY,
-        externalSchemaLocations);
-    }
-    if (externalNoNamespaceSchemaLocation != null) {
-      parser.setProperty(
-        EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY,
-        "externalNoNamespaceSchemaLocation");
-    }
-
-    // set up entity resolver and error handler
-    parser.setEntityResolver(entityResolver);
-    parser.setErrorHandler(new MOAErrorHandler());
-
-    // parse validating
-    parser.parse(new InputSource(new ByteArrayInputStream(docBytes)));
-    return true;
-  }
-  
-  /**
-   * Serialize the given DOM node.
-   * 
-   * The node will be serialized using the UTF-8 encoding.
-   * 
-   * @param node The node to serialize.
-   * @return String The <code>String</code> representation of the given DOM
-   * node.
-   * @throws TransformerException An error occurred transforming the
-   * node to a <code>String</code>.
-   * @throws IOException An IO error occurred writing the node to a byte array.
-   */
-  public static String serializeNode(Node node)
-    throws TransformerException, IOException {
-    return new String(serializeNode(node, "UTF-8", false), "UTF-8");
-  }
-
-
-  /**
-   * Serialize the given DOM node.
-   * 
-   * The node will be serialized using the UTF-8 encoding.
-   * 
-   * @param node The node to serialize.
-   * @param omitXmlDeclaration The boolean value for omitting the XML Declaration.
-   * @return String The <code>String</code> representation of the given DOM
-   * node.
-   * @throws TransformerException An error occurred transforming the
-   * node to a <code>String</code>.
-   * @throws IOException An IO error occurred writing the node to a byte array.
-   */
-  public static String serializeNode(Node node, boolean omitXmlDeclaration)
-    throws TransformerException, IOException {
-    return new String(serializeNode(node, "UTF-8", omitXmlDeclaration), "UTF-8");
-  }
-
-  /**
-   * Serialize the given DOM node.
-   * 
-   * The node will be serialized using the UTF-8 encoding.
-   * 
-   * @param node The node to serialize.
-   * @param omitXmlDeclaration The boolean value for omitting the XML Declaration.
-   * @param lineSeperator Sets the line seperator String of the parser
-   * @return String The <code>String</code> representation of the given DOM
-   * node.
-   * @throws TransformerException An error occurred transforming the
-   * node to a <code>String</code>.
-   * @throws IOException An IO error occurred writing the node to a byte array.
-   */
-  public static String serializeNode(Node node, boolean omitXmlDeclaration, String lineSeperator)
-    throws TransformerException, IOException {
-    return new String(serializeNode(node, "UTF-8", omitXmlDeclaration, lineSeperator), "UTF-8");
-  }
-  
-  /**
-   * Serialize the given DOM node to a byte array.
-   * 
-   * @param node The node to serialize.
-   * @param xmlEncoding The XML encoding to use.
-   * @return The serialized node, as a byte array. Using a compatible encoding
-   * this can easily be converted into a <code>String</code>.
-   * @throws TransformerException An error occurred transforming the node to a 
-   * byte array.
-   * @throws IOException An IO error occurred writing the node to a byte array.
-   */
-  public static byte[] serializeNode(Node node, String xmlEncoding)
-  throws TransformerException, IOException {
-    return serializeNode(node, xmlEncoding, false);
-  }
-  
-  /**
-   * Serialize the given DOM node to a byte array.
-   * 
-   * @param node The node to serialize.
-   * @param xmlEncoding The XML encoding to use.
-   * @param omitDeclaration The boolean value for omitting the XML Declaration.
-   * @return The serialized node, as a byte array. Using a compatible encoding
-   * this can easily be converted into a <code>String</code>.
-   * @throws TransformerException An error occurred transforming the node to a 
-   * byte array.
-   * @throws IOException An IO error occurred writing the node to a byte array.
-   */
-  public static byte[] serializeNode(Node node, String xmlEncoding, boolean omitDeclaration)
-    throws TransformerException, IOException {
-    return serializeNode(node, xmlEncoding, omitDeclaration, null);
-  }
-
-
-  /**
-   * Serialize the given DOM node to a byte array.
-   * 
-   * @param node The node to serialize.
-   * @param xmlEncoding The XML encoding to use.
-   * @param omitDeclaration The boolean value for omitting the XML Declaration.
-   * @param lineSeperator Sets the line seperator String of the parser
-   * @return The serialized node, as a byte array. Using a compatible encoding
-   * this can easily be converted into a <code>String</code>.
-   * @throws TransformerException An error occurred transforming the node to a 
-   * byte array.
-   * @throws IOException An IO error occurred writing the node to a byte array.
-   */
-  public static byte[] serializeNode(Node node, String xmlEncoding, boolean omitDeclaration, String lineSeperator)
-    throws TransformerException, IOException {
-
-    TransformerFactory transformerFactory = TransformerFactory.newInstance();
-    Transformer transformer = transformerFactory.newTransformer();
-    ByteArrayOutputStream bos = new ByteArrayOutputStream(16384);
-
-    transformer.setOutputProperty(OutputKeys.METHOD, "xml");
-    transformer.setOutputProperty(OutputKeys.ENCODING, xmlEncoding);
-    String omit = omitDeclaration ? "yes" : "no";
-    transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, omit);
-    if (null!=lineSeperator) {
-      transformer.setOutputProperty("{http://xml.apache.org/xalan}line-separator", lineSeperator);//does not work for xalan <= 2.5.1
-    }
-    transformer.transform(new DOMSource(node), new StreamResult(bos));
-
-    bos.flush();
-    bos.close();
-
-    return bos.toByteArray();
-  }
-
-  /**
-    * Return the text that a node contains. 
-    * 
-    * This routine:
-    * <ul>
-    * <li>Ignores comments and processing instructions.</li>
-    * <li>Concatenates TEXT nodes, CDATA nodes, and the results recursively
-    * processing EntityRef nodes.</li>
-    * <li>Ignores any element nodes in the sublist. (Other possible options are
-    * to recurse into element sublists or throw an exception.)</li>
-    * </ul>
-    * 
-    * @param node A DOM node from which to extract text.
-    * @return A String representing its contents.
-    */
-  public static String getText(Node node) {
-    if (!node.hasChildNodes()) {
-      return "";
-    }
-
-    StringBuffer result = new StringBuffer();
-    NodeList list = node.getChildNodes();
-
-    for (int i = 0; i < list.getLength(); i++) {
-      Node subnode = list.item(i);
-      if (subnode.getNodeType() == Node.TEXT_NODE) {
-        result.append(subnode.getNodeValue());
-      } else if (subnode.getNodeType() == Node.CDATA_SECTION_NODE) {
-        result.append(subnode.getNodeValue());
-      } else if (subnode.getNodeType() == Node.ENTITY_REFERENCE_NODE) {
-        // Recurse into the subtree for text
-        // (and ignore comments)
-        result.append(getText(subnode));
-      }
-    }
-    return result.toString();
-  }
-
-  /**
-   * Build the namespace prefix to namespace URL mapping in effect for a given
-   * node.
-   * 
-   * @param node The context node for which build the map.
-   * @return The namespace prefix to namespace URL mapping (
-   * a <code>String</code> value to <code>String</code> value mapping).
-   */
-  public static Map getNamespaceDeclarations(Node node) {
-    Map nsDecls = new HashMap();
-    int i;
-
-    do {
-      if (node.hasAttributes()) {
-        NamedNodeMap attrs = node.getAttributes();
-
-        for (i = 0; i < attrs.getLength(); i++) {
-          Attr attr = (Attr) attrs.item(i);
-
-          // add prefix mapping if none exists
-          if ("xmlns".equals(attr.getPrefix())
-            || "xmlns".equals(attr.getName())) {
-
-            String nsPrefix =
-              attr.getPrefix() != null ? attr.getLocalName() : "";
-
-            if (nsDecls.get(nsPrefix) == null) {
-              nsDecls.put(nsPrefix, attr.getValue());
-            }
-          }
-        }
-      }
-    } while ((node = node.getParentNode()) != null);
-
-    return nsDecls;
-  }
-
-  /**
-   * Add all namespace declarations declared in the parent(s) of a given
-   * element and used in the subtree of the given element to the given element.  
-   * 
-   * @param context The element to which to add the namespaces.
-   */
-  public static void localizeNamespaceDeclarations(Element context) {
-    Node parent = context.getParentNode();
-
-    if (parent != null) {
-      Map namespaces = getNamespaceDeclarations(context.getParentNode());
-      Set nsUris = collectNamespaceURIs(context);
-      Iterator iter;
-
-      for (iter = namespaces.entrySet().iterator(); iter.hasNext();) {
-        Map.Entry e = (Map.Entry) iter.next();
-
-        if (nsUris.contains(e.getValue())) {
-          String prefix = (String) e.getKey();
-          String nsUri = (String) e.getValue();
-          String nsAttrName = "".equals(prefix) ? "xmlns" : "xmlns:" + prefix;
-
-          context.setAttributeNS(Constants.XMLNS_NS_URI, nsAttrName, nsUri);
-        }
-      }
-    }
-  }
-
-  /**
-   * Collect all the namespace URIs used in the subtree of a given element.
-   * 
-   * @param context The element that should be searched for namespace URIs.
-   * @return All namespace URIs used in the subtree of <code>context</code>,
-   * including the ones used in <code>context</code> itself.
-   */
-  public static Set collectNamespaceURIs(Element context) {
-    Set result = new HashSet();
-
-    collectNamespaceURIsImpl(context, result);
-    return result;
-  }
-
-  /**
-   * A recursive method to do the work of <code>collectNamespaceURIs</code>.
-   * 
-   * @param context The context element to evaluate.
-   * @param result The result, passed as a parameter to avoid unnecessary
-   * instantiations of <code>Set</code>.
-   */
-  private static void collectNamespaceURIsImpl(Element context, Set result) {
-    NamedNodeMap attrs = context.getAttributes();
-    NodeList childNodes = context.getChildNodes();
-    String nsUri;
-    int i;
-
-    // add the namespace of the context element
-    nsUri = context.getNamespaceURI();
-    if (nsUri != null && nsUri != Constants.XMLNS_NS_URI) {
-      result.add(nsUri);
-    }
-
-    // add all namespace URIs from attributes
-    for (i = 0; i < attrs.getLength(); i++) {
-      nsUri = attrs.item(i).getNamespaceURI();
-      if (nsUri != null && nsUri != Constants.XMLNS_NS_URI) {
-        result.add(nsUri);
-      }
-    }
-
-    // add all namespaces from subelements
-    for (i = 0; i < childNodes.getLength(); i++) {
-      Node node = childNodes.item(i);
-
-      if (node.getNodeType() == Node.ELEMENT_NODE) {
-        collectNamespaceURIsImpl((Element) node, result);
-      }
-    }
-  }
-
-  /**
-   * Check, that each attribute node in the given <code>NodeList</code> has its
-   * parent in the <code>NodeList</code> as well.
-   * 
-   * @param nodes The <code>NodeList</code> to check.
-   * @return <code>true</code>, if each attribute node in <code>nodes</code>
-   * has its parent in <code>nodes</code> as well.
-   */
-  public static boolean checkAttributeParentsInNodeList(NodeList nodes) {
-    Set nodeSet = new HashSet();
-    int i;
-
-    // put the nodes into the nodeSet
-    for (i = 0; i < nodes.getLength(); i++) {
-      nodeSet.add(nodes.item(i));
-    }
-
-    // check that each attribute node's parent is in the node list
-    for (i = 0; i < nodes.getLength(); i++) {
-      Node n = nodes.item(i);
-
-      if (n.getNodeType() == Node.ATTRIBUTE_NODE) {
-        Attr attr = (Attr) n;
-        Element owner = attr.getOwnerElement();
-
-        if (owner == null) {
-          if (!isNamespaceDeclaration(attr)) {
-            return false;
-          }
-        }
-
-        if (!nodeSet.contains(owner) && !isNamespaceDeclaration(attr)) {
-          return false;
-        }
-      }
-    }
-
-    return true;
-  }
-
-  /**
-   * Convert an unstructured <code>NodeList</code> into a 
-   * <code>DocumentFragment</code>.
-   *
-   * @param nodeList Contains the node list to be converted into a DOM 
-   * DocumentFragment.
-   * @return the resulting DocumentFragment. The DocumentFragment will be 
-   * backed by a new DOM Document, i.e. all noded of the node list will be 
-   * cloned.
-   * @throws ParserConfigurationException An error occurred creating the
-   * DocumentFragment.
-   * @precondition The nodes in the node list appear in document order
-   * @precondition for each Attr node in the node list, the owning Element is 
-   * in the node list as well.
-   * @precondition each Element or Attr node in the node list is namespace 
-   * aware.
-   */
-  public static DocumentFragment nodeList2DocumentFragment(NodeList nodeList)
-    throws ParserConfigurationException {
-
-    DocumentBuilder builder =
-      DocumentBuilderFactory.newInstance().newDocumentBuilder();
-    Document doc = builder.newDocument();
-    DocumentFragment result = doc.createDocumentFragment();
-
-    if (null == nodeList || nodeList.getLength() == 0) {
-      return result;
-    }
-
-    int currPos = 0;
-    currPos =
-      nodeList2DocumentFragment(nodeList, currPos, result, null, null) + 1;
-
-    while (currPos < nodeList.getLength()) {
-      currPos =
-        nodeList2DocumentFragment(nodeList, currPos, result, null, null) + 1;
-    }
-    return result;
-  }
-
-  /**
-   * Helper method for the <code>nodeList2DocumentFragment</code>.
-   * 
-   * @param nodeList The <code>NodeList</code> to convert.
-   * @param currPos The current position in the <code>nodeList</code>.
-   * @param result The resulting <code>DocumentFragment</code>.
-   * @param currOrgElem The current original element.
-   * @param currClonedElem The current cloned element.
-   * @return The current position.
-   */
-  private static int nodeList2DocumentFragment(
-    NodeList nodeList,
-    int currPos,
-    DocumentFragment result,
-    Element currOrgElem,
-    Element currClonedElem) {
-
-    while (currPos < nodeList.getLength()) {
-      Node currentNode = nodeList.item(currPos);
-      switch (currentNode.getNodeType()) {
-        case Node.COMMENT_NODE :
-        case Node.PROCESSING_INSTRUCTION_NODE :
-        case Node.TEXT_NODE :
-          {
-            // Append current node either to resulting DocumentFragment or to 
-            // current cloned Element
-            if (null == currClonedElem) {
-              result.appendChild(
-                result.getOwnerDocument().importNode(currentNode, false));
-            } else {
-              // Stop processing if current Node is not a descendant of 
-              // current Element
-              if (!isAncestor(currOrgElem, currentNode)) {
-                return --currPos;
-              }
-
-              currClonedElem.appendChild(
-                result.getOwnerDocument().importNode(currentNode, false));
-            }
-            break;
-          }
-
-        case Node.ELEMENT_NODE :
-          {
-            Element nextCurrOrgElem = (Element) currentNode;
-            Element nextCurrClonedElem =
-              result.getOwnerDocument().createElementNS(
-                nextCurrOrgElem.getNamespaceURI(),
-                nextCurrOrgElem.getNodeName());
-
-            // Append current Node either to resulting DocumentFragment or to 
-            // current cloned Element
-            if (null == currClonedElem) {
-              result.appendChild(nextCurrClonedElem);
-              currOrgElem = nextCurrOrgElem;
-              currClonedElem = nextCurrClonedElem;
-            } else {
-              // Stop processing if current Node is not a descendant of
-              // current Element
-              if (!isAncestor(currOrgElem, currentNode)) {
-                return --currPos;
-              }
-
-              currClonedElem.appendChild(nextCurrClonedElem);
-            }
-
-            // Process current Node (of type Element) recursively
-            currPos =
-              nodeList2DocumentFragment(
-                nodeList,
-                ++currPos,
-                result,
-                nextCurrOrgElem,
-                nextCurrClonedElem);
-
-            break;
-          }
-
-        case Node.ATTRIBUTE_NODE :
-          {
-            Attr currAttr = (Attr) currentNode;
-
-            // GK 20030411: Hack to overcome problems with IAIK IXSIL
-            if (currAttr.getOwnerElement() == null)
-              break;
-            if (currClonedElem == null)
-              break;
-
-            // currClonedElem must be the owner Element of currAttr if 
-            // preconditions are met
-            currClonedElem.setAttributeNS(
-              currAttr.getNamespaceURI(),
-              currAttr.getNodeName(),
-              currAttr.getValue());
-            break;
-          }
-
-        default :
-          {
-            // All other nodes will be ignored
-          }
-      }
-
-      currPos++;
-    }
-
-    return currPos;
-  }
-
-  /**
-   * Check, if the given attribute is a namespace declaration.
-   * 
-   * @param attr The attribute to check.
-   * @return <code>true</code>, if the attribute is a namespace declaration,
-   * <code>false</code> otherwise.
-   */
-  private static boolean isNamespaceDeclaration(Attr attr) {
-    return Constants.XMLNS_NS_URI.equals(attr.getNamespaceURI());
-  }
-
-  /**
-   * Check, if a given DOM element is an ancestor of a given node.
-   * 
-   * @param candAnc The DOM element to check for being the ancestor.
-   * @param cand The node to check for being the child.
-   * @return <code>true</code>, if <code>candAnc</code> is an (indirect) 
-   * ancestor of <code>cand</code>; <code>false</code> otherwise.
-   */
-  public static boolean isAncestor(Element candAnc, Node cand) {
-    Node currPar = cand.getParentNode();
-
-    while (currPar != null) {
-      if (candAnc == currPar)
-        return true;
-      currPar = currPar.getParentNode();
-    }
-    return false;
-  }
-  
-  /**
-   * Selects the (first) element from a node list and returns it.
-   * 
-   * @param nl  The NodeList to get the element from.
-   * @return    The (first) element included in the node list or <code>null</code>
-   *            if the node list is <code>null</code> or empty or no element is
-   *            included in the list.
-   */
-  public static Element getElementFromNodeList (NodeList nl) {
-    if ((nl == null) || (nl.getLength() == 0)) {
-      return null;
-    }
-    for (int i=0; i<nl.getLength(); i++) {
-      Node node = nl.item(i);
-      if (node.getNodeType() == Node.ELEMENT_NODE)  {
-        return  (Element)node;
-      }
-    }
-    return null;
-  }
-  
-  /**
-   * Returns all child elements of the given element.
-   * 
-   * @param parent  The element to get the child elements from.
-   * 
-   * @return A list including all child elements of the given element.
-   *         Maybe empty if the parent element has no child elements.
-   */
-  public static List getChildElements (Element parent) {
-    Vector v = new Vector();
-    NodeList nl = parent.getChildNodes();
-    int length = nl.getLength();
-    for (int i=0; i < length; i++) {
-      Node node = nl.item(i);
-      if (node.getNodeType() == Node.ELEMENT_NODE) {
-        v.add((Element)node);
-      }
-    }
-    return v;
-  }
-  
-  /**
-   * Returns a byte array from given node.
-   * @param node
-   * @return
-   * @throws TransformerException
-   */
-  public static byte[] nodeToByteArray(Node node) throws TransformerException {
-	  Source source = new DOMSource(node);
-	  ByteArrayOutputStream out = new ByteArrayOutputStream();
-	  //StringWriter stringWriter = new StringWriter();
-	  Result result = new StreamResult(out);
-	  TransformerFactory factory = TransformerFactory.newInstance();
-	  Transformer transformer = factory.newTransformer();
-	  transformer.transform(source, result);
-	  return out.toByteArray();
-  }
-
- 
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java
index 7a79bd9e5..c0b530ed0 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java
@@ -33,6 +33,8 @@ import org.xml.sax.SAXException;
 import org.xml.sax.SAXParseException;
 import org.xml.sax.helpers.DefaultHandler;
 
+import at.gv.egiz.eaaf.core.impl.utils.EAAFDomEntityResolver;
+
 /**
  * A <code>DefaultHandler</code> that uses a <code>MOAEntityResolver</code> and
  * a <code>MOAErrorHandler</code>.
@@ -48,9 +50,9 @@ public class MOADefaultHandler extends DefaultHandler {
 
   /**
    * Create a new <code>MOADefaultHandler</code>.
-   */
+   */ 
   public MOADefaultHandler() {
-    entityResolver = new MOAEntityResolver();
+    entityResolver = new EAAFDomEntityResolver();
     errorHandler = new MOAErrorHandler();
   }
 
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java
deleted file mode 100644
index fdc823229..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.util.ListIterator;
-
-import org.w3c.dom.DOMException;
-import org.w3c.dom.Node;
-import org.w3c.dom.traversal.NodeFilter;
-import org.w3c.dom.traversal.NodeIterator;
-
-/**
- * A <code>NodeIterator</code> implementation based on a
- * <code>ListIterator</code>.
- * 
- * @see java.util.ListIterator
- * @see org.w3c.dom.traversal.NodeIterator
- * 
- * @author Patrick Peck
- * @version $Id$
- */
-public class NodeIteratorAdapter implements NodeIterator {
-
-  /** The <code>ListIterator</code> to wrap. */
-  private ListIterator nodeIterator;
-
-  /**
-   * Create a new <code>NodeIteratorAdapter</code>.
-   * @param nodeIterator The <code>ListIterator</code> to iterate over.
-   */
-  public NodeIteratorAdapter(ListIterator nodeIterator) {
-    this.nodeIterator = nodeIterator;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#getRoot()
-   */
-  public Node getRoot() {
-    return null;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#getWhatToShow()
-   */
-  public int getWhatToShow() {
-    return NodeFilter.SHOW_ALL;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#getFilter()
-   */
-  public NodeFilter getFilter() {
-    return null;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#getExpandEntityReferences()
-   */
-  public boolean getExpandEntityReferences() {
-    return false;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#nextNode()
-   */
-  public Node nextNode() throws DOMException {
-    if (nodeIterator.hasNext()) {
-      return (Node) nodeIterator.next();
-    }
-    return null;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#previousNode()
-   */
-  public Node previousNode() throws DOMException {
-    if (nodeIterator.hasPrevious()) {
-      return (Node) nodeIterator.previous();
-    }
-    return null;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#detach()
-   */
-  public void detach() {
-  }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java
deleted file mode 100644
index e39cc0291..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.util.List;
-
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * A <code>NodeList</code> implementation based on a <code>List</code>.
- * 
- * @see java.util.List
- * @see org.w3c.dom.NodeList
- * 
- * @author Patrick Peck
- * @version $Id$
- */
-public class NodeListAdapter implements NodeList {
-  /** The <code>List</code> to wrap. */
-  private List nodeList;
-  
-  /**
-   * Create a new <code>NodeListAdapter</code>.
-   * 
-   * @param nodeList The <code>List</code> containing the nodes. 
-   */
-  public NodeListAdapter(List nodeList) {
-    this.nodeList = nodeList;
-  }
-
-  /**
-   * @see org.w3c.dom.NodeList#item(int)
-   */
-  public Node item(int index) {
-    return (Node) nodeList.get(index);
-  }
-
-  /**
-   * @see org.w3c.dom.NodeList#getLength()
-   */
-  public int getLength() {
-    return nodeList.size();
-  }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathException.java
deleted file mode 100644
index 206245a68..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathException.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.io.PrintStream;
-import java.io.PrintWriter;
-
-/**
- * An exception occurred evaluating an XPath.
- * 
- * @author Patrick Peck
- * @version $Id$
- */
-public class XPathException extends RuntimeException {
-  /**
-	 * 
-	 */
-	private static final long serialVersionUID = 1736311265333034392L;
-/** The wrapped exception. */
-  private Throwable wrapped;
-  
-  /**
-   * Create a <code>XPathException</code>.
-   * 
-   * @param message The exception message.
-   * @param wrapped The exception being the likely cause of this exception.
-   */
-  public XPathException(String message, Throwable wrapped) {
-    super(message);
-    this.wrapped = wrapped; 
-  }
-  
-  /**
-   * Return the wrapped exception.
-   * 
-   * @return The wrapped exception being the likely cause of this exception.
-   */
-  public Throwable getWrapped() {
-    return wrapped;
-  }
-
-  /**
-   * @see java.lang.Throwable#printStackTrace(java.io.PrintStream)
-   */
-  public void printStackTrace(PrintStream s) {
-    super.printStackTrace(s);
-    if (getWrapped() != null) {
-      s.print("Caused by: ");
-      getWrapped().printStackTrace(s);
-    }
-  }
-
-  /**
-   * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter)
-   */
-  public void printStackTrace(PrintWriter s) {
-    super.printStackTrace(s);
-    if (getWrapped() != null) {
-      s.print("Caused by: ");
-      getWrapped().printStackTrace(s);
-    }
-  }
- 
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java
deleted file mode 100644
index 89aeaf3d1..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java
+++ /dev/null
@@ -1,557 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.util.List;
-import java.util.Map;
-
-import org.w3c.dom.Attr;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.w3c.dom.traversal.NodeIterator;
-
-import org.jaxen.JaxenException;
-import org.jaxen.NamespaceContext;
-import org.jaxen.Navigator;
-import org.jaxen.SimpleNamespaceContext;
-import org.jaxen.dom.DOMXPath;
-import org.jaxen.dom.DocumentNavigator;
-
-/**
- * Utility methods to evaluate XPath expressions on DOM nodes.
- * 
- * @author Patrick Peck
- * @version $Id$
- */
-public class XPathUtils {
-
-  /**
-   * The XPath expression selecting all nodes under a given root (including the
-   * root node itself).
-   */
-  public static final String ALL_NODES_XPATH =
-    "(.//. | .//@* | .//namespace::*)";
-
-  /** The <code>DocumentNavigator</code> to use for navigating the document. */
-  private static Navigator documentNavigator =
-    DocumentNavigator.getInstance();
-  /** The default namespace prefix to namespace URI mappings. */
-  private static NamespaceContext NS_CONTEXT;
-
-  static {
-    SimpleNamespaceContext ctx = new SimpleNamespaceContext();
-    ctx.addNamespace(Constants.MOA_PREFIX, Constants.MOA_NS_URI);
-    ctx.addNamespace(Constants.MOA_CONFIG_PREFIX, Constants.MOA_CONFIG_NS_URI);
-    ctx.addNamespace(Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
-    ctx.addNamespace(Constants.SL10_PREFIX, Constants.SL10_NS_URI);
-    ctx.addNamespace(Constants.SL11_PREFIX, Constants.SL11_NS_URI);
-    ctx.addNamespace(Constants.SL12_PREFIX, Constants.SL12_NS_URI);
-    ctx.addNamespace(Constants.ECDSA_PREFIX, Constants.ECDSA_NS_URI);
-    ctx.addNamespace(Constants.PD_PREFIX, Constants.PD_NS_URI);
-    ctx.addNamespace(Constants.SAML_PREFIX, Constants.SAML_NS_URI);
-    ctx.addNamespace(Constants.SAMLP_PREFIX, Constants.SAMLP_NS_URI);
-    ctx.addNamespace(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
-    ctx.addNamespace(Constants.XSLT_PREFIX, Constants.XSLT_NS_URI);
-    ctx.addNamespace(Constants.XSI_PREFIX, Constants.XSI_NS_URI);
-    ctx.addNamespace(Constants.DSIG_FILTER2_PREFIX, Constants.DSIG_FILTER2_NS_URI);
-    ctx.addNamespace(Constants.DSIG_EC_PREFIX, Constants.DSIG_EC_NS_URI);
-    ctx.addNamespace(Constants.MD_PREFIX, Constants.MD_NS_URI);
-    ctx.addNamespace(Constants.MDP_PREFIX, Constants.MDP_NS_URI);
-    ctx.addNamespace(Constants.MVV_PREFIX, Constants.MVV_NS_URI);
-    ctx.addNamespace(Constants.STB_PREFIX, Constants.STB_NS_URI);
-    ctx.addNamespace(Constants.WRR_PREFIX, Constants.WRR_NS_URI);
-    ctx.addNamespace(Constants.STORK_PREFIX, Constants.STORK_NS_URI);
-    ctx.addNamespace(Constants.STORKP_PREFIX, Constants.STORKP_NS_URI);
-    ctx.addNamespace(Constants.SAML2_PREFIX, Constants.SAML2_NS_URI);
-    ctx.addNamespace(Constants.SAML2P_PREFIX, Constants.SAML2P_NS_URI);
-    ctx.addNamespace(Constants.XENC_PREFIX, Constants.XENC_NS_URI);
-    ctx.addNamespace(Constants.XADES_1_1_1_NS_PREFIX, Constants.XADES_1_1_1_NS_URI);
-    NS_CONTEXT = ctx;
-  }
-
-  /**
-   * Return a <code>NodeIterator</code> over the nodes matching the XPath
-   * expression.
-   * 
-   * All namespace URIs and prefixes declared in the <code>Constants</code>
-   * interface are used for resolving namespaces.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param exp The XPath expression to evaluate.
-   * @return An iterator over the resulting nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static NodeIterator selectNodeIterator(Node contextNode, String exp)
-    throws XPathException {
-
-    return selectNodeIterator(contextNode, NS_CONTEXT, exp);
-  }
-
-  /**
-   * Return a <code>NodeIterator</code> over the nodes matching the XPath
-   * expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param namespaceElement An element from which to build the
-   * namespace mapping for evaluating the XPath expression
-   * @param exp The XPath expression to evaluate.
-   * @return An iterator over the resulting nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static NodeIterator selectNodeIterator(
-    Node contextNode,
-    Element namespaceElement,
-    String exp)
-    throws XPathException {
-
-    try {
-      SimpleNamespaceContext ctx = new SimpleNamespaceContext();
-      ctx.addElementNamespaces(documentNavigator, namespaceElement);
-      return selectNodeIterator(contextNode, ctx, exp);
-    } catch (JaxenException e) {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { exp });
-      throw new XPathException(message, e);
-    }
-  }
-
-  /**
-   * Return a <code>NodeIterator</code> over the nodes matching the XPath
-   * expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param namespaceMapping A namespace prefix to namespace URI mapping
-   * (<code>String</code> to <code>String</code>) for evaluating the XPath 
-   * expression.
-   * @param exp The XPath expression to evaluate.
-   * @return An iterator over the resulting nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static NodeIterator selectNodeIterator(
-    Node contextNode,
-    Map namespaceMapping,
-    String exp)
-    throws XPathException {
-
-    SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping);
-
-    return selectNodeIterator(contextNode, ctx, exp);
-  }
-
-  /**
-   * Return a <code>NodeIterator</code> over the nodes matching the XPath
-   * expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param nsContext The <code>NamespaceContext</code> for resolving namespace
-   * prefixes to namespace URIs for evaluating the XPath expression.
-   * @param exp The XPath expression to evaluate.
-   * @return An iterator over the resulting nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  private static NodeIterator selectNodeIterator(
-    Node contextNode,
-    NamespaceContext nsContext,
-    String exp)
-    throws XPathException {
-
-    try {
-      DOMXPath xpath = new DOMXPath(exp);
-      List nodes;
-
-      xpath.setNamespaceContext(nsContext);
-      nodes = xpath.selectNodes(contextNode);
-      return new NodeIteratorAdapter(nodes.listIterator());
-    } catch (JaxenException e) {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { exp });
-      throw new XPathException(message, e);
-    }
-  }
-
-  /**
-   * Return a <code>NodeList</code> of all the nodes matching the XPath
-   * expression.
-   * 
-   * All namespace URIs and prefixes declared in the <code>Constants</code>
-   * interface are used for resolving namespaces.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param exp The XPath expression to evaluate.
-   * @return A <code>NodeList</code> containing the matching nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static NodeList selectNodeList(Node contextNode, String exp)
-    throws XPathException {
-
-    return selectNodeList(contextNode, NS_CONTEXT, exp);
-  }
-
-  /**
-   * Return a <code>NodeList</code> of all the nodes matching the XPath
-   * expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param namespaceElement An element from which to build the
-   * namespace mapping for evaluating the XPath expression
-   * @param exp The XPath expression to evaluate.
-   * @return A <code>NodeList</code> containing the matching nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static NodeList selectNodeList(
-    Node contextNode,
-    Element namespaceElement,
-    String exp)
-    throws XPathException {
-
-    try {
-      SimpleNamespaceContext ctx = new SimpleNamespaceContext();
-
-      ctx.addElementNamespaces(documentNavigator, namespaceElement);
-      return selectNodeList(contextNode, ctx, exp);
-    } catch (JaxenException e) {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { exp });
-      throw new XPathException(message, e);
-    }
-  }
-
-  /**
-   * Return a <code>NodeList</code> of all the nodes matching the XPath
-   * expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param namespaceMapping A namespace prefix to namespace URI mapping
-   * (<code>String</code> to <code>String</code>) for evaluating the XPath 
-   * expression.
-   * @param exp The XPath expression to evaluate.
-   * @return A <code>NodeList</code> containing the matching nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static NodeList selectNodeList(
-    Node contextNode,
-    Map namespaceMapping,
-    String exp)
-    throws XPathException {
-
-    SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping);
-
-    return selectNodeList(contextNode, ctx, exp);
-  }
-
-  /**
-   * Return a <code>NodeList</code> of all the nodes matching the XPath
-   * expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param nsContext The <code>NamespaceContext</code> for resolving namespace
-   * prefixes to namespace URIs for evaluating the XPath expression.
-   * @param exp The XPath expression to evaluate.
-   * @return A <code>NodeList</code> containing the matching nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  private static NodeList selectNodeList(
-    Node contextNode,
-    NamespaceContext nsContext,
-    String exp)
-    throws XPathException {
-
-    try {
-      DOMXPath xpath = new DOMXPath(exp);
-      List nodes;
-
-      xpath.setNamespaceContext(nsContext);
-      nodes = xpath.selectNodes(contextNode);
-      return new NodeListAdapter(nodes);
-    } catch (JaxenException e) {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { exp });
-      throw new XPathException(message, e);
-    }
-  }
-
-  /**
-   * Select the first node matching an XPath expression.
-   * 
-   * All namespace URIs and prefixes declared in the <code>Constants</code>
-   * interface are used for resolving namespaces.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param exp The XPath expression to evaluate.
-   * @return Node The first node matching the XPath expression, or
-   * <code>null</code>, if no node matched.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static Node selectSingleNode(Node contextNode, String exp)
-    throws XPathException {
-
-    return selectSingleNode(contextNode, NS_CONTEXT, exp);
-  }
-
-  /**
-   * Select the first node matching an XPath expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param namespaceElement An element from which to build the
-   * namespace mapping for evaluating the XPath expression
-   * @param exp The XPath expression to evaluate.
-   * @return Node The first node matching the XPath expression, or
-   * <code>null</code>, if no node matched.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static Node selectSingleNode(
-    Node contextNode,
-    Element namespaceElement,
-    String exp)
-    throws XPathException {
-
-    try {
-      SimpleNamespaceContext ctx = new SimpleNamespaceContext();
-      ctx.addElementNamespaces(documentNavigator, namespaceElement);
-
-      return selectSingleNode(contextNode, ctx, exp);
-    } catch (JaxenException e) {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { exp });
-      throw new XPathException(message, e);
-    }
-  }
-
-  /**
-   * Select the first node matching an XPath expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param namespaceMapping A namespace prefix to namespace URI mapping
-   * (<code>String</code> to <code>String</code>) for evaluating the XPath 
-   * expression.
-   * @param exp The XPath expression to evaluate.
-   * @return Node The first node matching the XPath expression, or
-   * <code>null</code>, if no node matched.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static Node selectSingleNode(
-    Node contextNode,
-    Map namespaceMapping,
-    String exp)
-    throws XPathException {
-
-    SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping);
-
-    return selectSingleNode(contextNode, ctx, exp);
-  }
-
-  /**
-   * Select the first node matching an XPath expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param nsContext The <code>NamespaceContext</code> for resolving namespace
-   * prefixes to namespace URIs for evaluating the XPath expression.
-   * @param exp The XPath expression to evaluate.
-   * @return Node The first node matching the XPath expression, or
-   * <code>null</code>, if no node matched.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static Node selectSingleNode(
-    Node contextNode,
-    NamespaceContext nsContext,
-    String exp)
-    throws XPathException {
-
-    try {
-      DOMXPath xpath = new DOMXPath(exp);
-      xpath.setNamespaceContext(nsContext);
-      return (Node) xpath.selectSingleNode(contextNode);
-    } catch (JaxenException e) {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { exp });
-      throw new XPathException(message, e);
-    }
-  }
-
-  /**
-   * Return the value of a DOM element whose location is given by an XPath
-   * expression.
-   * 
-   * @param root The root element from which to evaluate the XPath.
-   * @param xpath The XPath expression pointing to the element whose value
-   * to return.
-   * @param def The default value to return, if no element can be found using
-   * the given <code>xpath</code>.
-   * @return The element value, if it can be located using the
-   * <code>xpath</code>. Otherwise, <code>def</code> is returned.
-   */
-  public static String getElementValue(
-    Element root,
-    String xpath,
-    String def) {
-
-    Element elem = (Element) XPathUtils.selectSingleNode(root, xpath);
-    return elem != null ? DOMUtils.getText(elem) : def;
-  }
-
-  /**
-   * Return the value of a DOM attribute whose location is given by an XPath
-   * expression.
-   * 
-   * @param root The root element from which to evaluate the XPath.
-   * @param xpath The XPath expression pointing to the attribute whose value to
-   * return.
-   * @param def The default value to return, if no attribute can be found using
-   * the given <code>xpath</code>.
-   * @return The element value, if it can be located using the
-   * <code>xpath</code>. Otherwise, <code>def</code> is returned.
-   */
-  public static String getAttributeValue(
-    Element root,
-    String xpath,
-    String def) {
-
-    Attr attr = (Attr) XPathUtils.selectSingleNode(root, xpath);
-    return attr != null ? attr.getValue() : def;
-  }
-  
-  /**
-   * Returns the namespace prefix used within <code>XPathUtils</code> for referring to
-   * the namespace of the specified (Security Layer command) element.
-   * 
-   * This namespace prefix can be used in various XPath expression evaluation methods 
-   * within <code> XPathUtils</code> without explicitely binding it to the particular
-   * namespace.
-   * 
-   * @param contextElement The (Security Layer command) element. 
-   *            
-   * @return  the namespace prefix used within <code>XPathUtils</code> for referring to
-   *          the namespace of the specified (Security Layer command) element.
-   * 
-   * throws XpathException If the specified element has a namespace other than the ones
-   *        known by this implementation as valid Security Layer namespaces (cf. 
-   *        @link Constants#SL10_NS_URI, @link Constants#SL11_NS_URI, @link Constants#SL12_NS_URI).
-   */
-  public static String getSlPrefix (Element contextElement) throws XPathException 
-  {
-    String sLNamespace = contextElement.getNamespaceURI();
-    String sLPrefix = null;
-
-    if (sLNamespace.equals(Constants.SL10_NS_URI)) 
-    {
-      sLPrefix = Constants.SL10_PREFIX;
-    }  
-    else if (sLNamespace.equals(Constants.SL12_NS_URI)) 
-    {
-      sLPrefix = Constants.SL12_PREFIX;
-    }
-    else if (sLNamespace.equals(Constants.SL11_NS_URI)) 
-    {
-      sLPrefix = Constants.SL11_PREFIX;
-    } 
-    else 
-    {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { "Ung�ltiger Security Layer Namespace: \"" + sLNamespace + "\"."});
-      throw new XPathException(message, null);
-    }
-    
-    return sLPrefix;
-  }
-  
-  
-  /**
-   * Return the SecurityLayer namespace prefix of the context element.
-   * If the context element is not the element that lies within the 
-   * SecurityLayer namespace. The Securitylayer namespace is derived from
-   * the <code>xmlns:sl10</code>, <code>sl11</code> or <code>sl</code> 
-   * attribute of the context element.
-   * 
-   * The returned prefix is needed for evaluating XPATH expressions.
-   * 
-   * @param contextElement The element to get a prefix for the Securitylayer namespace,
-   *                       that is used within the corresponding document. 
-   *            
-   * @return  The string <code>sl10</code>, <code>sl11</code> or <code>sl</code>,
-   *          depending on the SecurityLayer namespace of the contextElement.
-   * 
-   * throws XPathException If no (vlalid) SecurityLayer namespace prefix or namespace
-   *                       is defined.
-   */
-  public static String getSlPrefixFromNoRoot (Element contextElement) throws XPathException {
-    
-    String slPrefix = checkSLnsDeclaration(contextElement, Constants.SL10_PREFIX, Constants.SL10_NS_URI);
-    if (slPrefix == null) {
-      slPrefix = checkSLnsDeclaration(contextElement, Constants.SL11_PREFIX, Constants.SL11_NS_URI);
-    }
-    if (slPrefix == null) {
-      slPrefix = checkSLnsDeclaration(contextElement, Constants.SL12_PREFIX, Constants.SL12_NS_URI);
-    }       
-     
-    return slPrefix;
-       
-  }
-  
-  /**
-   * Checks if the context element has an attribute <code>xmlns:slPrefix</code> and
-   * if the prefix of that attribute corresponds with a valid SecurityLayer namespace.
-   * 
-   * @param contextElement  The element to be checked.
-   * @param slPrefix        The prefix which should be checked. Must be a valid SecurityLayer
-   *                        namespace prefix.
-   * @param slNameSpace     The SecurityLayer namespace that corresponds to the specified prefix.
-   *  
-   * @return                The valid SecurityLayer prefix or <code>null</code> if this prefix is
-   *                        not used.
-   * @throws XPathException
-   */
-  private static String checkSLnsDeclaration(Element contextElement, String slPrefix, String slNameSpace)
-      throws XPathException 
-  {
-    String nsAtt = "xmlns:" + slPrefix;
-    String nameSpace = contextElement.getAttribute(nsAtt);
-    if (nameSpace == "") {
-      return null;
-    } else {
-      // check if namespace is correct
-      if (nameSpace.equals(slNameSpace)) {
-        return slPrefix;
-      } else {
-        MessageProvider msg = MessageProvider.getInstance();
-        String message = msg.getMessage("xpath.00", new Object[] { "Ung�ltiger SecurityLayer Namespace: \"" + nameSpace + "\"."});
-        throw new XPathException(message, null);
-      }
-    }
-  }
-
-}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
index 66bf1faff..51297fce3 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
@@ -36,8 +36,8 @@ import javax.xml.parsers.DocumentBuilderFactory;
 import org.w3c.dom.Document;
 import org.xml.sax.InputSource;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import junit.framework.TestCase;
 
 /**
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
index 7b1c0cb67..ac121a0b2 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
@@ -31,8 +31,8 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import test.at.gv.egovernment.moa.MOATestCase;
 
 /**
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java
index 15e6a62f3..4837caa2b 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java
@@ -26,10 +26,9 @@ package test.at.gv.egovernment.moa.util;
 import org.w3c.dom.Document;
 import org.w3c.dom.NodeList;
 
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import test.at.gv.egovernment.moa.MOATestCase;
 
-import at.gv.egovernment.moa.util.XPathUtils;
-
 
 /**
  * @author Patrick Peck
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
deleted file mode 100644
index 999552891..000000000
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.frontend.builder;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public abstract class AbstractGUIFormBuilderConfiguration implements IGUIBuilderConfiguration {
-
-	public static final String PARAM_AUTHCONTEXT = "contextPath";
-	public static final String PARAM_FORMSUBMITENDPOINT = "submitEndpoint";
-	
-	public static final String PARAM_PENDINGREQUESTID = "pendingReqID";
-	
-	private String authURL = null;
-	private String viewName = null;
-	private String formSubmitEndpoint = null;
-	
-	/**
-	 * @param authURL IDP PublicURL-Prefix which should be used, but never null
-	 * @param viewName Name of the template (with suffix) but never null
-	 * @param formSubmitEndpoint EndPoint on which the form should be submitted, 
-	 * or null if the form must not submitted
-	 * 
-	 */
-	public AbstractGUIFormBuilderConfiguration(String authURL, String viewName, String formSubmitEndpoint) {
-		if (viewName.startsWith("/"))
-			this.viewName = viewName.substring(1);
-		else
-			this.viewName = viewName;
-		
-		if (authURL.endsWith("/"))
-			this.authURL = authURL.substring(0, authURL.length() - 1);
-		else
-			this.authURL = authURL;
-		
-		if (MiscUtil.isNotEmpty(formSubmitEndpoint)) {
-			if (formSubmitEndpoint.startsWith("/"))
-				this.formSubmitEndpoint = formSubmitEndpoint;
-			else		
-				this.formSubmitEndpoint = "/" + formSubmitEndpoint;
-		}
-	}
-	
-	
-	/**
-	 * Define the parameters, which should be evaluated in the template <br>
-	 * <b>IMPORTANT:</b> external HTML escapetion is required, because it is NOT done internally during the building process
-	 * 
-	 * @return Map of parameters, which should be added to template
-	 */
-	abstract protected Map<String, Object> getSpecificViewParameters();
-	
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewName()
-	 */
-	@Override
-	public final String getViewName() {
-		return this.viewName;
-		
-	}
-	
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters()
-	 */
-	@Override
-	public final Map<String, Object> getViewParameters() {
-		//get parameters from detail implementation
-		Map<String, Object> specParams = getSpecificViewParameters();
-		if (specParams == null)
-			specParams = new HashMap<String, Object>();
-		
-		//add generic parameters
-		specParams.put(PARAM_AUTHCONTEXT, this.authURL);		
-		if (this.formSubmitEndpoint != null)
-			specParams.put(PARAM_FORMSUBMITENDPOINT, this.formSubmitEndpoint);
-		
-		return specParams;
-		
-	}
-
-}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
index e1f995e82..2fcec92c5 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -30,6 +30,7 @@ import java.util.Map;
 import org.apache.commons.lang.StringEscapeUtils;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
index 5283089ed..e59c19219 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
@@ -30,6 +30,7 @@ import org.apache.commons.lang.StringEscapeUtils;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderConfiguration;
 	
 /**
  * This class builds MOA-ID GUI forms from default resource paths
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
index 1bacc93c7..43d499589 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
@@ -22,154 +22,40 @@
  */
 package at.gv.egovernment.moa.id.auth.frontend.builder;
 
-import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileInputStream;
-import java.io.IOException;
 import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.StringWriter;
 import java.net.URI;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Map.Entry;
 
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
-import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
-import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
-import at.gv.egovernment.moa.id.commons.MOAIDConstants;
+import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderImpl;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * @author tlenz 
  *
  */
 @Service("guiFormBuilder")
-public class GUIFormBuilderImpl implements IGUIFormBuilder {
+public class GUIFormBuilderImpl extends AbstractGUIFormBuilderImpl {
 	
-	private static final String DEFAULT_CONTENT_TYPE = MOAIDConstants.DEFAULT_CONTENT_TYPE_HTML_UTF8;
+
 	private static final String CONFIG_HTMLTEMPLATES_DIR = "htmlTemplates/";
 	private static final String CLASSPATH_HTMLTEMPLATES_DIR = "templates/";
 			
 	@Autowired private AuthConfiguration authConfig;
-	private VelocityEngine engine;
-		
+
 	public GUIFormBuilderImpl() throws GUIBuildException {
-		try {
-			engine = VelocityProvider.getClassPathVelocityEngine();
-			
-		} catch (Exception e) {
-			Logger.fatal("Initialization of Velocity-Engine to render GUI components FAILED.", e);
-			throw new GUIBuildException("Initialization of Velocity-Engine to render GUI components FAILED.", e);
-			
-		}
+		super();
 		
 	}
-		
-	public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String loggerName) throws GUIBuildException {
-		build(httpResp, config, getInternalContentType(config), loggerName);
-		
-	}
-		
-	@Override
-	public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, 
-			String contentType, String loggerName) throws GUIBuildException {
-		
-		InputStream is = null;
-		try {
-			String viewName = config.getViewName();			
-			is = getTemplateInputStream(config);
-			
-			//build Velocity Context from input paramters
-			VelocityContext context = buildContextFromViewParams(config.getViewParameters());
-
-			//evaluate template
-			StringWriter writer = new StringWriter();
-			engine.evaluate(context, writer, loggerName, new BufferedReader(new InputStreamReader(is)));
-							
-			//write template to response
-			final byte[] content = writer.toString().getBytes("UTF-8");
-			httpResp.setStatus(HttpServletResponse.SC_OK);
-			httpResp.setContentLength(content.length);
-			httpResp.setContentType(contentType);						
-			httpResp.getOutputStream().write(content);
-			
-			if (Logger.isTraceEnabled()) {
-				Logger.trace("Write Content for viewName:" + viewName 
-						+ ". Contentsize:" + String.valueOf(content.length)
-						+ " BufferSize:" + httpResp.getBufferSize()
-						+ " ContentType:" + contentType);
-				for (String el : httpResp.getHeaderNames())
-					Logger.trace(" * Headername:" + el + " Value:" + httpResp.getHeader(el));
 				
-			}
-			
-		} catch (IOException e) {
-			Logger.error("GUI form-builder has an internal error.", e);
-			throw new GUIBuildException("GUI form-builder has an internal error.", e);
-						
-		} finally {
-			if (is != null)
-				try {
-					is.close();
-					
-				} catch (IOException e) {
-					Logger.error("Can NOT close GUI-Template InputStream.", e);
-					
-				}
-		}
-		
-	}
-
-	/**
-	 * Generate a new {@link VelocityContext} and populate it with MOA-ID GUI parameters
-	 * 
-	 * @param config
-	 * @return
-	 */
-	public VelocityContext generateVelocityContextFromConfiguration(IGUIBuilderConfiguration config) {
-		return buildContextFromViewParams(config.getViewParameters());
-		
-	}
-	
-	/**
-	 * Load the template from different resources
-	 * 
-	 * @param config
-	 * @return An {@link InputStream} but never null. The {@link InputStream} had to be closed be the invoking method
-	 * @throws GUIBuildException
-	 */
-	public InputStream getTemplateInputStream(IGUIBuilderConfiguration config) throws GUIBuildException {			
-		InputStream is = getInternalTemplate(config);
-		if (is == null) {
-			Logger.warn("No GUI with viewName:" + config.getViewName() + " FOUND.");
-			throw new GUIBuildException("No GUI with viewName:" + config.getViewName() + " FOUND.");
-		
-		}		
-		return is;
-		
-	}
-	
-	private String getInternalContentType(IGUIBuilderConfiguration config) {
-		if (MiscUtil.isEmpty(config.getDefaultContentType()))
-			return DEFAULT_CONTENT_TYPE;
-		
-		else
-			return config.getDefaultContentType();
-		
-	}
-	
-	private InputStream getInternalTemplate(IGUIBuilderConfiguration config) throws GUIBuildException {
+	@Override
+	protected InputStream getInternalTemplate(IGUIBuilderConfiguration config) throws GUIBuildException {
 		String viewName = config.getViewName();
 		
 		//load specific template
@@ -193,7 +79,7 @@ public class GUIFormBuilderImpl implements IGUIFormBuilder {
 					Logger.debug("GUI template:" + viewName + " is not found in configuration directory. "
 							+ " Load template from project library ... ");					
 					try  {
-						pathLocation = getInternalClasspathTemplateDir(config) + viewName;
+						pathLocation = super.getInternalClasspathTemplateDir(config, CLASSPATH_HTMLTEMPLATES_DIR) + viewName;
 						is = Thread.currentThread()
 								.getContextClassLoader()
 								.getResourceAsStream(pathLocation);				
@@ -219,39 +105,4 @@ public class GUIFormBuilderImpl implements IGUIFormBuilder {
 		
 	}
 	
-	
-	/**
-	 * @return
-	 */
-	private String getInternalClasspathTemplateDir(IGUIBuilderConfiguration config) {
-		String dir = config.getClasspathTemplateDir();
-		if (dir != null) {
-			if (!dir.endsWith("/"))
-				dir += "/";
-			
-			return dir;			
-			
-		} else
-			return CLASSPATH_HTMLTEMPLATES_DIR;
-	}
-	
-	/**
-	 * @param viewParams
-	 * @return
-	 */
-	private VelocityContext buildContextFromViewParams(Map<String, Object> viewParams) {
-		VelocityContext context = new VelocityContext();
-				
-		if (viewParams != null) {
-			Iterator<Entry<String, Object>> interator = viewParams.entrySet().iterator();
-			while (interator.hasNext()) {
-				Entry<String, Object> el = interator.next();
-				context.put(el.getKey(), el.getValue());
-			}
-			
-		} 
-		
-		return context;
-	}
-	
 }
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index ef3e71874..6156ba6b4 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -26,13 +26,16 @@ import org.w3c.dom.NodeList;
 import org.xml.sax.SAXException;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
 import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
 import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
@@ -61,7 +64,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
@@ -71,7 +73,6 @@ import at.gv.egovernment.moa.id.logging.SpecificTraceLogger;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.DateTimeUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
@@ -432,7 +433,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 	 */
 	public String getCreateXMLSignatureRequestAuthBlockOrRedirect(
 			IAuthenticationSession session, IRequest pendingReq) throws ConfigurationException,
-			BuildException, ValidateException {
+			BuildException, ValidateException, EAAFBuilderException {
 
 		IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
 
@@ -531,7 +532,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 	 * @throws ConfigurationException 
 	 */
 	private String buildAuthenticationBlock(IAuthenticationSession session,
-			IOAAuthParameters oaParam, IRequest pendingReq) throws BuildException, ConfigurationException {
+			IOAAuthParameters oaParam, IRequest pendingReq) throws BuildException, ConfigurationException, EAAFBuilderException {
 
 		IIdentityLink identityLink = session.getIdentityLink();
 		String issuer = identityLink.getName();
@@ -930,7 +931,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 	public void verifyAuthenticationBlock(IRequest pendingReq, IAuthenticationSession session,
 			String xmlCreateXMLSignatureReadResponse)
 					throws AuthenticationException, BuildException, ParseException,
-					ConfigurationException, ServiceException, ValidateException, BKUException {
+					ConfigurationException, ServiceException, ValidateException, BKUException, EAAFBuilderException {
 
 		if (session == null)
 			throw new AuthenticationException("auth.10", new Object[]{
@@ -1068,7 +1069,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 	 */
 
 	protected Element createIdentificationBPK(Element mandatePerson,
-			String baseid, String target) throws BuildException {
+			String baseid, String target) throws BuildException, EAAFBuilderException {
 		Element identificationBpK = mandatePerson.getOwnerDocument()
 				.createElementNS(Constants.PD_NS_URI, "Identification");
 		Element valueBpK = mandatePerson.getOwnerDocument().createElementNS(
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
index 9a807ca00..a2a38c9dd 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
@@ -31,10 +31,10 @@ import javax.xml.transform.TransformerException;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index bbd90fdaa..a46c81d06 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -48,6 +48,7 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
@@ -61,7 +62,6 @@ import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
index 9dcc93e9f..fb65bac04 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
@@ -49,10 +49,10 @@ package at.gv.egovernment.moa.id.auth.builder;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * Builder for the <code>lt;pr:Person&gt;</code> element to be inserted
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
index 306c871fc..ee58b7fa1 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
@@ -50,9 +50,9 @@ import java.text.MessageFormat;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index e6adcf159..2c8127e2d 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -55,10 +55,10 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
 
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index 37f24ea72..d345aa208 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -18,9 +18,11 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -31,12 +33,10 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.client.SZRGWClientException;
 import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
 
 /**
@@ -135,7 +135,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
 				IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(
 						response.getIdentityLink()));
 				IIdentityLink identitylink = ilParser.parseIdentityLink();
-				moasession.setIdentityLink(identitylink);
+				moasession.setIdentityLink(identitylink); 
 
 				// set QAA Level four in case of card authentifcation
 				moasession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index d81afee7b..af4abe813 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -18,6 +18,7 @@ import org.xml.sax.SAXException;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -31,7 +32,6 @@ import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import iaik.pki.PKIException;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
index 4db814246..7c9702b8b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
@@ -37,6 +37,7 @@ import org.w3c.dom.Element;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -49,7 +50,6 @@ import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
index fb3cf3713..0b5db368f 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
@@ -58,14 +58,14 @@ import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 import org.w3c.dom.traversal.NodeIterator;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * Parses an <code>&lt;InfoboxReadResponse&gt;</code> returned from
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java
index 390467bf8..4c9c15e99 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java
@@ -53,12 +53,12 @@ import java.util.Vector;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.data.InfoboxToken;
 import at.gv.egovernment.moa.id.auth.data.InfoboxTokenImpl;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 
 /**
  * Parses and unmarshales <code>InfoboxReadResponse<code>.
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
index dba26f1db..8458bce01 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
@@ -63,14 +63,14 @@ import org.apache.xpath.XPathAPI;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 import iaik.x509.X509Certificate;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 96be0279a..01ef4ee26 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -57,9 +57,12 @@ import org.jaxen.SimpleNamespaceContext;
 import org.w3c.dom.Element;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
@@ -68,7 +71,6 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -77,7 +79,6 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * 
@@ -136,7 +137,7 @@ public class CreateXMLSignatureResponseValidator {
  * @throws ConfigurationException 
    */
   public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, IAuthenticationSession session, IRequest pendingReq)
-   throws ValidateException, BuildException, ConfigurationException {
+   throws ValidateException, BuildException, ConfigurationException, EAAFBuilderException {
       // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
     IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
     String oaURL = oaParam.getPublicURLPrefix(); 
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
index f3ce6888b..604d224eb 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
@@ -49,11 +49,11 @@ package at.gv.egovernment.moa.id.auth.validator;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.IdentityLink;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * This class is used to validate an {@link IdentityLink} 
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 17a3fe7ab..17d487e79 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -54,11 +54,11 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index b3327a3d5..e023a6507 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -64,7 +64,8 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
 import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
@@ -73,7 +74,6 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.BoolUtils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index a1e16a7f0..fe0e659c7 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -70,12 +70,12 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.xml.sax.SAXException;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException;
 import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 
 
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java
index ec15a209c..9d59b60f3 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java
@@ -48,10 +48,9 @@ package test.at.gv.egovernment.moa.id.auth.builder;
 
 import org.w3c.dom.Document;
 import test.at.gv.egovernment.moa.id.UnitTestCase;
-
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 
 /**
  * @author Paul Ivancsics
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java
index f2fde6322..f83f57144 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java
@@ -46,9 +46,9 @@
 
 package test.at.gv.egovernment.moa.id.auth.builder;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
 import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.util.Constants;
 
 import test.at.gv.egovernment.moa.id.UnitTestCase;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java
index 977764878..88b973457 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java
@@ -46,20 +46,19 @@
 
 package test.at.gv.egovernment.moa.id.auth.parser;
 
-import iaik.security.rsa.RSAPublicKey;
-
 import java.io.FileOutputStream;
 import java.io.RandomAccessFile;
 import java.security.PublicKey;
 
 import org.w3c.dom.Document;
 
-import test.at.gv.egovernment.moa.id.UnitTestCase;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
 import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
+import iaik.security.rsa.RSAPublicKey;
+import test.at.gv.egovernment.moa.id.UnitTestCase;
 
 /**
  * @author Paul Ivancsics
@@ -74,7 +73,7 @@ public class IdentityLinkAssertionParserTest extends UnitTestCase {
   }
 
   public void setUp() {
-    try {
+    try { 
       RandomAccessFile s =
         new RandomAccessFile(
           "data/test/xmldata/testperson1/InfoboxReadResponse.xml",
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java
index 38bf1cab6..58c6b66d0 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java
@@ -48,10 +48,10 @@ package test.at.gv.egovernment.moa.id.auth.parser;
 
 import java.io.RandomAccessFile;
 
-import test.at.gv.egovernment.moa.id.UnitTestCase;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import test.at.gv.egovernment.moa.id.UnitTestCase;
 
 /**
  * @author Paul Ivancsics
@@ -64,7 +64,7 @@ public class InfoboxReadResponseParserTest extends UnitTestCase {
   public InfoboxReadResponseParserTest(String name) {
     super(name);
   }
-
+ 
   public void setUp() {
   }
 
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
index 76563c8ca..ec43adccc 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
@@ -55,6 +55,7 @@ import com.google.gson.JsonParseException;
 import com.google.gson.JsonParser;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
@@ -64,7 +65,6 @@ import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
@@ -91,7 +91,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 	private static final String EIDCONTAINER_KEY_SALT = "salt";
 	private static final String EIDCONTAINER_KEY_IV = "iv";
 	private static final String EIDCONTAINER_EID = "eid";
-	private static final String EIDCONTAINER_KEY_IDL = "idl";
+	private static final String EIDCONTAINER_KEY_IDL = "idl"; 
 	private static final String EIDCONTAINER_KEY_BINDINGCERT = "cert";
 	 
 	public static final String REQ_PARAM_eID_BLOW = "eidToken";
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
index 90810a7f4..5e79aee8e 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
@@ -34,6 +34,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
@@ -44,7 +45,6 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
@@ -64,7 +64,7 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
-		
+		 
 		try {
 			Logger.info("Add user credentials for BKA MobileAuth SAML2 test and finalize authentication");	
 			parseDemoValuesIntoMOASession(pendingReq);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index 45033562f..103781470 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -35,9 +35,12 @@ import org.springframework.stereotype.Component;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
@@ -46,13 +49,10 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeExce
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
 
 /**
@@ -70,7 +70,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 	@Override
 	public void execute(ExecutionContext executionContext,
 			HttpServletRequest request, HttpServletResponse response)
-			throws TaskExecutionException {
+			throws TaskExecutionException { 
 		try{												
 			//get eIDAS attributes from MOA-Session
 			ImmutableAttributeMap eIDASAttributes = pendingReq.getGenericData(
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index 0b0c74777..658502d2c 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -38,11 +38,11 @@ import org.springframework.stereotype.Component;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesRequestBuilderConfiguration;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 190ef9e9d..19fdb3fee 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -37,6 +37,7 @@ import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIssuingNationAttributeBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN;
@@ -46,7 +47,6 @@ import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index 325e1906d..8791da429 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -127,7 +127,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				
 				//TODO: validate results
 				
-				
+				 
 				//add into session
 				AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
 				moasession.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink());
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
index 5a17d6123..044366eb6 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
@@ -28,10 +28,10 @@ import java.util.List;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.data.AuthenticationRole;
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
index a866f3939..8c024e79c 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -447,4 +447,22 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
 		return false;
 	}
 
+	@Override
+	public String getConfigurationValue(String arg0, String arg1) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Boolean isConfigurationValue(String arg0) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isConfigurationValue(String arg0, boolean arg1) {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
 }
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index 04ac1fd57..dc2baab7d 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -75,6 +75,7 @@ import com.google.gson.JsonParser;
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
@@ -202,7 +203,7 @@ public class SSOTransferServlet{
 					InputStream idlstream = idlURL.openStream();
 					moaSession.setIdentityLink(new IdentityLinkAssertionParser(idlstream).parseIdentityLink());
 					internalTransferPersonalInformation(req, resp, container, moaSession, true);
-					
+					 
 				} else {
 					Logger.info("Servlet " + getClass().getName() + " receive a token:" +
 							token + ", which references an empty data object.");
@@ -451,7 +452,7 @@ public class SSOTransferServlet{
 	}
 	
 	private void internalTransferPersonalInformation(HttpServletRequest req, HttpServletResponse resp,
-			SSOTransferContainer container, IAuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException {
+			SSOTransferContainer container, IAuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, EAAFStorageException {
 		Logger.debug("");
 		JsonObject receivedData = getJSONObjectFromPostMessage(req, developmentMode);
 		
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
index 4a5511df4..cf7723c70 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
@@ -213,7 +213,7 @@ public class SSOContainerUtils {
 			Logger.error("SignerCertificate is not parseable.", e);
 			
 		}
-		
+		 
 		String idlStr = attributeExtractor.getSingleAttributeValue(PVPConstants.EID_IDENTITY_LINK_NAME);
 		try {
 			if (MiscUtil.isNotEmpty(idlStr)) {
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index 73d99d93b..dcb7cb7ee 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -74,17 +74,17 @@ import com.google.common.net.MediaType;
 
 import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.DateTimeUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * Web service for picking up authentication data created in the MOA-ID Auth component.
@@ -256,7 +256,7 @@ public class GetAuthenticationDataService extends AbstractController implements
 				// no SAML artifact given in request
 				statusCode = "samlp:Requester";
 				statusMessageCode = "1202";
-				
+				 
 			} else if (samlArtifactList.getLength() > 1) {
 				// too many SAML artifacts given in request
 				statusCode = "samlp:Requester";
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 73afec4e0..78dc80815 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -46,12 +46,14 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
 import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -71,7 +73,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 import at.gv.util.xsd.persondata.IdentificationType;
@@ -445,7 +446,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 	private String generateMandateDate(IOAAuthParameters oaParam, MOAAuthenticationData authData
 			) throws AuthenticationException, BuildException,
 			ParseException, ConfigurationException, ServiceException,
-			ValidateException {
+			ValidateException, EAAFBuilderException {
 
 		if (authData == null)
 			throw new AuthenticationException("auth.10", new Object[] {
@@ -547,7 +548,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 				
 			} else {
 				;
-			}
+			} 
 			
 			return DOMUtils.serializeNode(prPerson);
 
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
index e6dbcd89d..33976704f 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
@@ -28,6 +28,7 @@ import java.util.List;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
 import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
@@ -36,7 +37,6 @@ import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
 import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters;
@@ -56,7 +56,7 @@ public class IdentityLinkTestModule implements TestModuleInterface {
 			identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink();
 		}
 		
-	} 
+	}  
 	
 	public List<String> performTests()  throws Exception{
 		Logger.trace("Start MOA-ID IdentityLink Test");
-- 
cgit v1.2.3


From bc6ebce79bdd07a0a1bbe9a956e7d49512ff9e57 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 26 Jun 2018 10:30:18 +0200
Subject: read noAuth header value from configuration

---
 .../moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src')

diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
index 853d1b6a4..0b7b674a4 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
@@ -51,6 +51,7 @@ public class BKAMobileAuthModule implements AuthModule {
 	@Autowired(required=true) private AuthenticationManager authManager;
 	
 	private List<String> uniqueIDsDummyAuthEnabled = new ArrayList<String>();
+	private String noAuthHeaderValue = null;
 	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
@@ -71,6 +72,9 @@ public class BKAMobileAuthModule implements AuthModule {
 	@PostConstruct
 	public void initialDummyAuthWhiteList() {
 		String sensitiveSpIdentifier = authConfig.getBasicMOAIDConfiguration("modules.bkamobileAuth.entityID");
+		noAuthHeaderValue = authConfig.getBasicMOAIDConfiguration("modules.bkamobileAuth.noAuthHeaderValue", "0");
+		Logger.info("Dummy authentication is sensitive on 'X-MOA-VDA' value: " + noAuthHeaderValue);
+		
 		if (MiscUtil.isNotEmpty(sensitiveSpIdentifier)) {
 			uniqueIDsDummyAuthEnabled.addAll(KeyValueUtils.getListOfCSVValues(sensitiveSpIdentifier));
 			
@@ -105,7 +109,7 @@ public class BKAMobileAuthModule implements AuthModule {
 					return "BKAMobileAuthentication";
 					
 				} else if (MiscUtil.isNotEmpty(sl20ClientTypeHeader) 
-						&& MiscUtil.isNotEmpty(sl20VDATypeHeader) && sl20VDATypeHeader.equals("0")) {
+						&& MiscUtil.isNotEmpty(sl20VDATypeHeader) && sl20VDATypeHeader.equals(noAuthHeaderValue)) {
 					Logger.info("Find dummy-auth request for oe.gv.at demos ... ");
 					return "BKAMobileAuthentication";
 					
-- 
cgit v1.2.3


From 158d41705d0f8c67a858e84bda8d2c16377cf288 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 13 Jul 2018 15:48:17 +0200
Subject: some bug fixes

---
 .../src/main/webapp/jsp/snippets/OA/stork.jsp      |   3 +-
 .../conf/moa-id/htmlTemplates/css_template.css     |  84 +++++++++++++--------
 .../conf/moa-id/htmlTemplates/loginFormFull.html   |  68 ++++++++++-------
 id/server/idserverlib/pom.xml                      |   4 +-
 .../moa/id/advancedlogging/StatisticLogger.java    |  80 +++++++++++---------
 .../id/auth/builder/AuthenticationDataBuilder.java |  10 +--
 .../builder/CreateXMLSignatureRequestBuilder.java  |   2 +-
 .../moa/id/auth/data/AuthenticationSession.java    |  22 ++++--
 .../tasks/EvaluateSSOConsentsTaskImpl.java         |  16 ++--
 .../internal/tasks/UserRestrictionTask.java        |   2 +-
 .../StartAuthentificationParameterParser.java      |   8 +-
 .../moa/id/moduls/AuthenticationManager.java       |  11 +--
 .../gv/egovernment/moa/id/moduls/SSOManager.java   |  32 +++++---
 .../storage/DBAuthenticationSessionStoreage.java   |   3 +-
 .../resources/properties/id_messages_de.properties |   6 +-
 .../protocol_response_statuscodes_de.properties    |   2 +
 .../auth/data/AuthenticationDataBuilderTest.java   |   2 +-
 ...roviderSpecificGUIFormBuilderConfiguration.java |  12 ++-
 .../moa/id/auth/frontend/utils/FormBuildUtils.java |  18 ++---
 .../moa/id/auth/AuthenticationServer.java          |  10 +--
 .../AuthenticationBlockAssertionBuilder.java       |   2 +-
 .../internal/tasks/CertificateReadRequestTask.java |   4 +-
 .../internal/tasks/CreateIdentityLinkFormTask.java |   2 +-
 .../internal/tasks/GetMISSessionIDTask.java        |   3 +-
 .../tasks/InitializeBKUAuthenticationTask.java     |   9 ++-
 .../tasks/PrepareAuthBlockSignatureTask.java       |   3 +-
 .../internal/tasks/PrepareGetMISMandateTask.java   |   3 +-
 .../tasks/VerifyAuthenticationBlockTask.java       |   3 +-
 .../internal/tasks/VerifyCertificateTask.java      |   3 +-
 .../internal/tasks/VerifyIdentityLinkTask.java     |   3 +-
 .../CreateXMLSignatureResponseValidator.java       |   4 +-
 .../tasks/CreateAuthnRequestTask.java              |  50 +++---------
 .../tasks/ReceiveAuthnResponseTask.java            |  34 +++++++--
 .../auth/modules/eIDAScentralAuth/utils/Utils.java |  45 +++++++++++
 .../tasks/FirstBKAMobileAuthTask.java              |  19 +----
 .../tasks/SecondBKAMobileAuthTask.java             |  13 +---
 .../eidas/tasks/CreateIdentityLinkTask.java        |  18 ++---
 .../eidas/tasks/ReceiveAuthnResponseTask.java      |  19 +++--
 .../moa/id/protocols/eidas/EIDASProtocol.java      |   6 +-
 .../tasks/ReceiveElgaMandateResponseTask.java      |   8 +-
 .../elgamandates/tasks/RequestELGAMandateTask.java |   4 +-
 .../oauth20/protocol/OAuth20AuthRequest.java       |   3 +-
 .../oauth20/protocol/OAuth20BaseRequest.java       |  11 +--
 .../oauth20/protocol/OAuth20Protocol.java          |   4 +-
 .../oauth20/protocol/OAuth20TokenRequest.java      |   3 +-
 .../sl20_auth/tasks/CreateQualeIDRequestTask.java  |   2 +-
 .../sl20_auth/tasks/ReceiveQualeIDTask.java        |  19 +++--
 .../sl20_auth/tasks/VerifyQualifiedeIDTask.java    |  14 ++--
 .../task/InitializeRestoreSSOSessionTask.java      |   4 +-
 .../ssotransfer/task/RestoreSSOSessionTask.java    |  14 ++--
 .../tasks/CreateAuthnRequestTask.java              |   2 +-
 .../tasks/ReceiveAuthnResponseTask.java            |  16 ++--
 .../moa/id/protocols/saml1/GetArtifactAction.java  |   6 +-
 .../moa/id/protocols/saml1/SAML1Protocol.java      |   4 +-
 .../eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0-tests.jar | Bin 53076 -> 53645 bytes
 .../egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.jar  | Bin 360335 -> 360662 bytes
 .../1.0.0/eaaf_module_pvp2_core-1.0.0.jar          | Bin 110449 -> 110555 bytes
 .../1.0.0/eaaf_module_pvp2_idp-1.0.0.jar           | Bin 35302 -> 35407 bytes
 .../1.0.0/eaaf_module_pvp2_sp-1.0.0.jar            | Bin 15649 -> 15649 bytes
 59 files changed, 411 insertions(+), 341 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java

(limited to 'id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src')

diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
index 76c8d069b..129b32508 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
@@ -22,7 +22,7 @@
 								labelposition="left" 
 								cssClass="textfield_long"/>
 								
-								
+							<!-- 	
 							<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.enabledcpeps", request) %></h4>
 							<s:checkboxlist name="storkOA.enabledCitizenCountries" list="storkOA.availableCitizenCountries" value="storkOA.enabledCitizenCountries" />
 							<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.header", request) %></h4>
@@ -39,6 +39,7 @@
 									</tr>
 								</s:iterator>
 							</table>
+							 -->
 						</div>
 					</div>
 				
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css
index c8de82c50..f95106c5a 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css
@@ -87,7 +87,7 @@
 			  }
 			
 			  #leftcontent {
-				 width: 300px;
+				 width: 400px;
 				 /*margin-top: 30px;*/
          margin: auto;
 			  }
@@ -99,9 +99,9 @@
         }
       
         #bkulogin {
-				  overflow:hidden;	
-          min-width: 190px;
-          min-height: 180px;
+            overflow:hidden;	
+            min-width: 190px;
+            min-height: 180px;
           /*height: 260px;*/	
 			  }
       
@@ -130,11 +130,16 @@
 				 float:left; 
 				 margin-left: 40px;
 			  }
+            #centerbutton {
+                width: 30%
+                float: middle; 
+            }
+			
 			
 			  #rightbutton {
 				 width: 30%; 
 				 float:right; 
-				 margin-right: 45px; 
+				 margin-right: 40px; 
 				 text-align: right;
 			  }
         
@@ -266,7 +271,7 @@
         } 
       }
 
-      @media screen and (max-width: 399px) and (min-width: 300px) {
+      @media screen and (max-width: 399px) and (min-width: 400px) {
         #localBKU p {
           font-size: 0.9em;
         } 
@@ -381,15 +386,14 @@
           visibility: hidden;
         }
         
-			  #leftcontent {
-			    visibility: visible;
-			    margin-bottom: 0px;
-			    text-align: left;
-			    border:none;
-          vertical-align: middle;
-          min-height: 173px;
-          min-width: 204px;
-          
+                #leftcontent {
+			     visibility: visible;
+			     margin-bottom: 0px;
+			     text-align: left;
+			     border:none;
+                vertical-align: middle;
+                min-height: 173px;
+                min-width: 204px;
 			  }
 			  
         #bku_header {
@@ -452,13 +456,14 @@
 			}
 			
 			#leftbutton  {
-				width: 35%; 
+				width: 30%; 
 				float:left; 
 				margin-left: 15px;
 			}
+
 			
 			#rightbutton {
-				width: 35%; 
+				width: 30%; 
 				float:right; 
 				margin-right: 25px; 
 				text-align: right;
@@ -479,12 +484,17 @@
         padding-top: 4%;
         height: 10%;
         position: relative;
-        text-align: center;
+        text-align: left;
 			}
       
       .verticalcenter {
         vertical-align: middle;
       }
+
+    .mandate{
+        float: left;
+        margin-left: 4%;
+    }
       
       #mandateLogin div {
         clear: both;
@@ -509,29 +519,37 @@
 			#bkukarte {
 				float:left;
 				text-align:center;
-				width:40%;
-        min-height: 70px;
-        padding-left: 5%;
-        padding-top: 2%;
+				width:33%;
+                min-height: 90px;
+
+                padding-top: 2%;
 			}
 			
 			#bkuhandy {
-				float:right;
+				float:left;
 				text-align:center;
-				width:40%;
-        min-height: 90px;
-        padding-right: 5%;
-        padding-top: 2%;
+				width:33%;
+                min-height: 90px;
+
+                padding-top: 2%;
 			}
+            #bkueulogin {
+            float:left;
+            text-align:center;
+            width:33%;
+            min-height: 90px;
+            padding-top: 2%;
+         
+        }
 			
-      .bkuimage {
-        width: 60%;
-        height: auto;
-        margin-bottom: 10%;
-      }
+            .bkuimage {
+            width: 55%;
+            height: auto;
+            margin-bottom: 10%;
+            }
       
 			#mandate{
-				text-align:center;
+				text-align:left;
 				padding : 5px 5px 5px 5px;
 			}
       
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
index fe9bc2166..01249537f 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
@@ -4,7 +4,7 @@
 <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
 
    <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
-   <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID" />
+   <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID"/>
    
    <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
    <script src="$contextPath/js/buildJS?pendingid=$pendingReqID"></script>
@@ -26,8 +26,8 @@
 						<div id="mandateLogin" class="$MANDATEVISIBLE">
 							<div>
 								<input tabindex="1" type="checkbox" name="Mandate"
-									id="mandateCheckBox" class="verticalcenter" role="checkbox" $MANDATECHECKED>
-								<label for="mandateCheckBox" class="verticalcenter">in
+									id="mandateCheckBox" class="mandate" role="checkbox" $MANDATECHECKED>
+								<label for="mandateCheckBox" class="mandate">in
 									Vertretung anmelden</label>
 								<!--a      href="info_mandates.html" 
                         target="_blank"
@@ -37,31 +37,41 @@
 						</div>
 						<div id="bkuselectionarea">
 							<div id="bkukarte">
-								<img id="bkuimage" class="bkuimage" src="$contextPath/img/karte.png" alt="OnlineBKU" /> 
+								<img id="bkuimage" class="bkuimage" src="$contextPath/img/karte.png" alt="OnlineBKU"/> 
                 
-                <!-- Remove support for Online BKU and swith the card button to local BKU-->
-                <!--input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" value="Karte" /-->                
+                  <!-- Remove support for Online BKU and swith the card button to local BKU-->
+                  <!--input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" value="Karte" /-->                
                 
-                <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
-								  <input type="hidden" name="bkuURI" value="$bkuLocal" />
-								  <input type="hidden" name="useMandate" id="useMandate" /> 
-								  <input type="hidden" name="SSO" id="useSSO" /> 
-								  <input type="hidden" name="ccc" id="ccc" /> 
-								  <input type="hidden" name="pendingid" value="$pendingReqID" /> 
-                  <input type="submit" value=" Karte " tabindex="4" role="button">
-                </form>
+                  <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
+								    <input type="hidden" name="bkuURI" value="$bkuLocal" />
+								    <input type="hidden" name="useMandate" id="useMandate" /> 
+								    <input type="hidden" name="SSO" id="useSSO" /> 
+								    <input type="hidden" name="ccc" id="ccc" /> 
+								    <input type="hidden" name="pendingid" value="$pendingReqID" /> 
+                    <input type="submit" value=" Karte " tabindex="5" role="button" onclick="setMandateSelection();" />
+                  </form>
                 
-                <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe>
+                  <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe>
                 
-                <!-- BKU detection with static template-->
-                <!--iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"></iframe-->
-                                                            
-							</div>
-							<div id="bkuhandy">
-								<img class="bkuimage" src="$contextPath/img/handysign.png" alt="HandyBKU" />         
-                <input name="bkuButtonHandy" type="button" tabindex="3" role="button" value="HANDY" />
-							</div>
-						</div>
+                  <!-- BKU detection with static template-->
+                  <!--iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"></iframe-->                                                            
+				        </div>
+                            
+				        <div id="bkuhandy">
+				            <img class="bkuimage" src="$contextPath/img/handysign.png" alt="HandyBKU" />         
+                            <input name="bkuButtonHandy" type="button" tabindex="3" role="button" value="HANDY" />
+				        </div>
+                
+            
+				        <div id="bkueulogin" style="$STORKVISIBLE">
+				            <img class="bkuimage" src="$contextPath/img/eIDAS_small.png" alt="EULogin" />                                                        
+                    <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
+								      <input type="hidden" name="useeIDAS" value="true" />
+								      <input type="hidden" name="useMandate" id="useMandate" />  
+								      <input type="hidden" name="pendingid" value="$pendingReqID" /> 
+                      <input name="bkuButtonEULogin" onclick="setMandateSelection();" type="submit" role="button" value="EULogin" />
+                    </form>
+				        </div>
 						<!--div id="localBKU">
 							<form method="get" id="moaidform" action="$contextPath$submitEndpoint"
 								class="verticalcenter" target="_parent">
@@ -80,7 +90,11 @@
               <!--div id="ssoSessionTransferBlock">
                 <a href="$contextPath$submitEndpoint?pendingid=$pendingReqID&restoreSSOSession=true">>Restore SSO Session from Smartphone</a>
               </div-->
-              
+            
+                  
+                        
+            
+            <!-- 
               <div id="stork" align="center" class="$STORKVISIBLE">
                 <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
                 <p>
@@ -88,9 +102,9 @@
                     $countryList
                   </select>
                   <button id="eIDASButton" name="bkuButton" type="button">Proceed</button>
-                  <!--a href="info_stork.html" target="_blank" class="infobutton">i</a-->
+                  a href="info_stork.html" target="_blank" class="infobutton">i</a
                 </p>
-              </div>
+              </div>-->
 
 						<div id="metroDetected" class="unvisible">
 							<p>Anscheinend verwenden Sie Internet Explorer im
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 9b9b13d8b..0e8b996ba 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -319,8 +319,8 @@
   			<artifactId>eaaf-core</artifactId>
   			<type>test-jar</type>
   			<classifier>tests</classifier>
-  			<version>1.0.0-snapshot</version>
-  			<scope>test</scope> 
+  			<version>1.0.0</version>
+  			<scope>test</scope>  
 		</dependency>						
 <!-- 		<dependency>
   			<groupId>org.opensaml</groupId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index e92c3377a..f642cddc7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -61,7 +61,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -142,12 +142,15 @@ public class StatisticLogger implements IStatisticLogger{
 				IMOAAuthData moaAuthData = (IMOAAuthData) authData;
 				dblog.setOatarget(moaAuthData.getBPKType());	
 
-				boolean isFederatedAuthentication = protocolRequest.getGenericData(AuthenticationManager.DATAID_INTERFEDERATIOIDP_RESPONSE) != null;
+				boolean isFederatedAuthentication = protocolRequest.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE) != null;
 				dblog.setInterfederatedSSOSession(isFederatedAuthentication);
 				
 				if (isFederatedAuthentication) {
 					dblog.setBkutype(IOAAuthParameters.INDERFEDERATEDIDP);
-					dblog.setBkuurl(protocolRequest.getGenericData(AuthenticationManager.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class));
+					dblog.setBkuurl(protocolRequest.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class));
+					
+				} else if (moaAuthData.isForeigner()) {
+					dblog.setBkutype(IOAAuthParameters.EIDAS);
 					
 				} else {
 					dblog.setBkuurl(moaAuthData.getBkuURL());
@@ -299,7 +302,8 @@ public class StatisticLogger implements IStatisticLogger{
 										
 				} else {
 					Logger.debug("Use MOA session information from pending-req for ErrorLogging");
-					moasession = new AuthenticationSessionWrapper(errorRequest.genericFullDataStorage()); 
+					moasession = (IAuthenticationSession) errorRequest.getSessionData(AuthenticationSessionWrapper.class);
+					
 
 					
 				}
@@ -393,45 +397,47 @@ public class StatisticLogger implements IStatisticLogger{
 	
 	private String findBKUType(String bkuURL, IOAAuthParameters dbOA) {
 		
-		if (dbOA != null) {
-			if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.HANDYBKU)))
-				return IOAAuthParameters.HANDYBKU;
-					
-			if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.LOCALBKU)))
-				return IOAAuthParameters.LOCALBKU;
-					
-			if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.THIRDBKU)))
-				return IOAAuthParameters.THIRDBKU;	
-		}
-		
-		Logger.trace("Staticic Log search BKUType from DefaultBKUs");
-		
-		try {
-			if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.THIRDBKU)))
-				return IOAAuthParameters.THIRDBKU;
+		if (bkuURL != null) {
+			if (dbOA != null) {
+				if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.HANDYBKU)))
+					return IOAAuthParameters.HANDYBKU;
+						
+				if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.LOCALBKU)))
+					return IOAAuthParameters.LOCALBKU;
+						
+				if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.THIRDBKU)))
+					return IOAAuthParameters.THIRDBKU;	
+			}
+			
+			Logger.trace("Staticic Log search BKUType from DefaultBKUs");
 			
-			if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU)))
+			try {
+				if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.THIRDBKU)))
+					return IOAAuthParameters.THIRDBKU;
+				
+				if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU)))
+					return IOAAuthParameters.LOCALBKU;
+				
+				if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU)))
+					return IOAAuthParameters.HANDYBKU;
+				
+			} catch (ConfigurationException e) {
+				Logger.info("Advanced Logging: Default BKUs read failed");
+			}
+			
+			Logger.debug("Staticic Log search BKUType from generneric Parameters");
+			
+			if (bkuURL.endsWith(GENERIC_LOCALBKU)) {
+				Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.LOCALBKU);
 				return IOAAuthParameters.LOCALBKU;
+			}
 			
-			if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU)))
+			if (bkuURL.startsWith(GENERIC_HANDYBKU)) {
+				Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.HANDYBKU);
 				return IOAAuthParameters.HANDYBKU;
-			
-		} catch (ConfigurationException e) {
-			Logger.info("Advanced Logging: Default BKUs read failed");
-		}
-		
-		Logger.debug("Staticic Log search BKUType from generneric Parameters");
-		
-		if (bkuURL.endsWith(GENERIC_LOCALBKU)) {
-			Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.LOCALBKU);
-			return IOAAuthParameters.LOCALBKU;
+			}
 		}
 		
-		if (bkuURL.startsWith(GENERIC_HANDYBKU)) {
-			Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.HANDYBKU);
-			return IOAAuthParameters.HANDYBKU;
-		}
-				
 		Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.AUTHTYPE_OTHERS);
 		return IOAAuthParameters.AUTHTYPE_OTHERS;
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index a13455972..2c14af463 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -129,12 +129,12 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 	public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
 		try {
 			return buildAuthenticationData(pendingReq, 
-					new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()),
+					pendingReq.getSessionData(AuthenticationSessionWrapper.class),
 					pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class));
 			
 		} catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException | EAAFBuilderException e) {
 			Logger.warn("Can not build authentication data from session information");
-			throw new EAAFAuthenticationException("TODO", new Object[]{}, e);
+			throw new EAAFAuthenticationException("builder.11", new Object[]{}, e);
 			
 		}
 		
@@ -186,14 +186,14 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 		if (oaParam.isSTORKPVPGateway())
 			oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, pendingReq);
 				
-		Boolean isMinimalFrontChannelResp = pendingReq.getGenericData(
+		Boolean isMinimalFrontChannelResp = pendingReq.getRawData(
 				MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class);
 		if (isMinimalFrontChannelResp != null && isMinimalFrontChannelResp) {
 			//only set minimal response attributes			
 			authdata.setQAALevel(
-					pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, String.class));
+					pendingReq.getRawData(MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, String.class));
 			authdata.setBPK(
-					pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, String.class));
+					pendingReq.getRawData(MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, String.class));
 						
 		} else {
 			//build AuthenticationData from MOASession
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index a43e6a7fb..399ecc022 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -191,7 +191,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
 		String sectorName = null;
 		
 		
-		String saml1Target = pendingReq.getGenericData(
+		String saml1Target = pendingReq.getRawData(
 				MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
 		if (MiscUtil.isNotEmpty(saml1Target)) {
 			target = saml1Target;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 926bfe242..cadaec2a0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -45,6 +45,7 @@ import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 
 import org.apache.commons.collections4.map.HashedMap;
 
@@ -235,13 +236,17 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi
 	 */
 	@Override
 	public X509Certificate getSignerCertificate() {
-		try {
-			return new X509Certificate(signerCertificate);
-		}
-		catch (CertificateException e) {
-			Logger.warn("Signer certificate can not be loaded from session database!", e);
-			return null;
+		if (signerCertificate != null && signerCertificate.length > 0) {
+			try {
+				return new X509Certificate(signerCertificate);
+			}
+			catch (CertificateException e) {
+				Logger.warn("Signer certificate can not be loaded from session database!", e);
+			
+			}
 		}
+		
+		return null;
 	}
 	
 	/* (non-Javadoc)
@@ -665,8 +670,9 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi
 		result.put(VALUE_SIGNER_CERT, getSignerCertificate());
 		result.put(VALUE_VERIFYSIGRESP, getXMLVerifySignatureResponse());
 		
-		result.putAll(genericSessionDataStorate);
-		
+		for (Entry<String, Object> el : genericSessionDataStorate.entrySet()) 
+			result.put(GENERIC_PREFIX + el.getKey(), el.getValue());
+				
 		return Collections.unmodifiableMap(result);
 	}	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
index b976cba9e..375b144d7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
@@ -78,13 +78,8 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
 			//defaultTaskInitialization(request, executionContext);
 			
 			//check SSO session cookie and MOASession object
-			String ssoId = ssoManager.getSSOSessionID(request);
-			boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);
-
-			//load MOA SSO-session from database
-			AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
-			
-			if (!(isValidSSOSession && ssoMOSSession.isAuthenticated() )) {
+			String ssoId = ssoManager.getSSOSessionID(request);			
+			if (!(ssoManager.isValidSSOSession(ssoId, pendingReq))) {
 				Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ...");
 				throw new AuthenticationException("auth.30", null);
 				
@@ -95,9 +90,12 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
 						
 			//user allow single sign-on authentication
 			if (ssoConsents) {
-								
+				//load MOA SSO-session from database
+				AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
+
+				
 				//Populate this pending request with SSO session information
-				pendingReq.setGenericDataToSession(ssoMOSSession.getKeyValueRepresentationFromAuthSession());;
+				pendingReq.setRawDataToTransaction(ssoMOSSession.getKeyValueRepresentationFromAuthSession());;
 				
 				//authenticate pending-request
 				pendingReq.setAuthenticated(true);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
index 7d9a2c28c..acaf21682 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
@@ -35,7 +35,7 @@ public class UserRestrictionTask extends AbstractAuthServletTask {
 			List<String> restrictedSPs = KeyValueUtils.getListOfCSVValues(authConfig.getBasicConfiguration(CONFIG_PROPS_SP_LIST));						
 			if (restrictedSPs.contains(spEntityId)) {
 				Logger.debug("SP:" + spEntityId + " has a user restrication. Check users bPK ... ");				
-				AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+				AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); 
 				
 				//check if user idl is already loaded
 				if (moasession.getIdentityLink() == null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 0e1e1bf12..ead80b117 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -138,8 +138,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 				resultTargetFriendlyName = targetFriendlyNameConfig;
 					
 			//set info's into request-context. (It's required to support SAML1 requested target parameters)			
-			protocolReq.setGenericDataToSession(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, resultTarget);
-			protocolReq.setGenericDataToSession(
+			protocolReq.setRawDataToTransaction(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, resultTarget);
+			protocolReq.setRawDataToTransaction(
 					MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, resultTargetFriendlyName);
 			
 		} else {
@@ -206,7 +206,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 	    if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL()))
 		       throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
 	    
-	    protocolReq.setGenericDataToSession(
+	    protocolReq.setRawDataToTransaction(
 	    		MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, 
 	    		templateURL);
 	    
@@ -248,7 +248,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 	    oaURL = pendingReq.getSPEntityId();
 	    
 	    //only needed for SAML1
-	    String target = pendingReq.getGenericData("saml1_target", String.class);
+	    String target = pendingReq.getRawData("saml1_target", String.class);
 	    	    
 	    parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, pendingReq);
 	    
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 6544766b2..77abe07af 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -60,12 +60,9 @@ import at.gv.egovernment.moa.util.MiscUtil;
 @Service("MOAID_AuthenticationManager")
 public class AuthenticationManager extends AbstractAuthenticationManager {
 
-	public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL";
-	public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse";
-	public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes";
-	public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID";	
 	public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_LoA";
-		
+	public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes";	
+	
 	public static final String MOA_SESSION = "MoaAuthenticationSession";
 	public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
 
@@ -167,13 +164,13 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 		//set interfederation authentication flag
 		executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH, 
 				MiscUtil.isNotEmpty(
-						pendingReq.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class)));
+						pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class)));
 		
 		//set legacy mode or BKU-selection flags
 		boolean leagacyMode = (legacyallowed && legacyparamavail);			
 		executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_ISLEGACYREQUEST, leagacyMode);
 		executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, !leagacyMode 
-				&& MiscUtil.isEmpty(pendingReq.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class)));
+				&& MiscUtil.isEmpty(pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class)));
 				
 		//add additional http request parameter to context
 		if (leagacyMode) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 97c4f40cd..b5005d0c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -23,6 +23,8 @@
 package at.gv.egovernment.moa.id.moduls;
 
 import java.util.Date;
+import java.util.Map;
+import java.util.Map.Entry;
 
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
@@ -73,9 +75,10 @@ public class SSOManager implements ISSOManager {
 	
 	private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec
 
-	public static final String DATAID_INTERFEDERATIOIDP_URL = "INTERFEDERATIOIDP_URL";
-	public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "INTERFEDERATIOIDP_RESPONSE";
-	public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "INTERFEDERATIOIDP_ENTITYID";
+	public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL";
+	public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse";
+	public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID";	
+	
 	
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
 	@Autowired private AuthConfiguration authConfig;
@@ -166,8 +169,17 @@ public class SSOManager implements ISSOManager {
 				Logger.debug("Found authenticated MOASession with provided SSO-Cookie.");
 				revisionsLogger.logEvent(pendingReq, EVENT_SSO_SESSION_VALID);
 				
-				Logger.trace("Populatint pending request with SSO session information .... ");						
-				pendingReq.setGenericDataToSession(ssoMOASession.getKeyValueRepresentationFromAuthSession());
+				Logger.trace("Populatint pending request with SSO session information .... ");
+				Map<String, Object> fullSSOData = ssoMOASession.getKeyValueRepresentationFromAuthSession();
+				if (Logger.isTraceEnabled()) {
+					Logger.trace("Full SSO DataSet:  ");
+					for (Entry<String, Object> el : fullSSOData.entrySet()) {
+						Logger.trace("  Key: " + el.getKey() + " Value: " + el.getValue());
+						
+					}
+					
+				}				
+				pendingReq.setRawDataToTransaction(fullSSOData);
 				pendingReq.setAuthenticated(true);
 							
 			}
@@ -301,7 +313,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
 		String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP);
 
 		String interfederationIDP = 
-				protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class);
+				protocolRequest.getRawData(DATAID_INTERFEDERATIOIDP_URL, String.class);
 		if (MiscUtil.isNotEmpty(interfederationIDP)) {
 			Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + interfederationIDP);
 			return;
@@ -313,14 +325,14 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
 			RequestImpl moaReq = (RequestImpl) protocolRequest;
 			if (MiscUtil.isNotEmpty(interIDP)) {
 				Logger.info("Receive SSO request for interfederation IDP " + interIDP);
-				moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, interIDP);
+				moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, interIDP);
 				
 			} else {
 				//check if IDP cookie is set
 				String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION);
 				if (MiscUtil.isNotEmpty(cookie)) {
 					Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie);
-					moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, cookie);
+					moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, cookie);
 				
 					deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);									
 				}				
@@ -367,7 +379,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
 				//in case of federated SSO session, jump to federated IDP for authentication
 				
 				String interfederationIDP = 
-						protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class);
+						protocolRequest.getRawData(DATAID_INTERFEDERATIOIDP_URL, String.class);
 				
 				if (MiscUtil.isEmpty(interfederationIDP)) {
 					InterfederationSessionStore selectedIDP = authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid());
@@ -375,7 +387,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
 					if (selectedIDP != null) {				
 						//no local SSO session exist -> request interfederated IDP
 						Logger.info("SSO Session refer to federated IDP: " + selectedIDP.getIdpurlprefix());
-						protocolRequest.setGenericDataToSession(
+						protocolRequest.setRawDataToTransaction(
 								DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix());
 						
 					} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index 0f75cf63b..405e44112 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -95,7 +95,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			dbsession.setAdditionalInformationBytes(mapper.serialize(sessionExt).getBytes("UTF-8"));
 		
 			AuthenticationSession session = new AuthenticationSession(id, now, 
-					new AuthenticationSessionWrapper(target.genericFullDataStorage()));
+					(IAuthenticationSession)target.getSessionData(AuthenticationSessionWrapper.class));
 			encryptSession(session, dbsession);
 		
 			//store AssertionStore element to Database
@@ -341,6 +341,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 				  
 		dbsession.setSSOSession(true);
 		dbsession.setSSOsessionid(externalSSOSessionID);
+		dbsession.setAuthenticated(true);
 
 		//Store MOASession
 		entityManager.merge(dbsession);
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 7d6730925..66b9be341 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -114,6 +114,7 @@ builder.07=Fehlerhaftes SecurityLayer Template.
 builder.08=Authentication process could NOT completed. Reason: {0}
 builder.09=Can not build GUI component. Reason: {0}
 builder.10=Can not create or update SSO session. SSO NOT POSSIBLE
+builder.11=Fehler beim generieren der Anmeldedaten f\u00FCr die Online Applikation
 
 service.00=Fehler beim Aufruf des Web Service: {0}
 service.01=Fehler beim Aufruf des Web Service: kein Endpoint
@@ -310,8 +311,8 @@ pvp2.25=Fehler beim Validieren der PVP2 Metadaten
 
 ##add status codes!!!!
 sp.pvp2.00=Can not build PVP AuthnRequest for {0} {1}. No valid SingleSignOnService endpoint found.
-sp.pvp2.01=Can not build PVP AuthnRequest for {0} {0}. IDP is not allowed for federated authentication.
-sp.pvp2.02=Can not build PVP AuthnRequest for {0} {0}. IDP has no (valid) metadata.
+sp.pvp2.01=Can not build PVP AuthnRequest for {0}. IDP is not allowed for federated authentication.
+sp.pvp2.02=Can not build PVP AuthnRequest for {0}. IDP has no (valid) metadata.
 sp.pvp2.03=Receive PVP Response from {0} with unsupported Binding.  
 sp.pvp2.04=Receive invalid PVP Response from {0}. No PVP metadata found.  
 sp.pvp2.05=Receive invalid PVP Response from {0} {1}. StatusCode:{2} Msg:{3}.
@@ -322,6 +323,7 @@ sp.pvp2.09=Receive invalid PVP Response from {0} {1}. StatusCodes:{2} {3} Msg:{4
 sp.pvp2.10=Receive invalid PVP Response from {0}. No valid assertion included.
 sp.pvp2.11=Receive invalid PVP Response from {0}. Assertion decryption FAILED.
 sp.pvp2.12=Receive invalid PVP Response from {0}. Msg:{1}
+sp.pvp2.13=Can not build PVP AuthnRequest for {0}. Internal processing error.
 
 oauth20.01=Fehlerhafte redirect url
 oauth20.02=Fehlender oder ung\u00FCltiger Parameter "{0}"
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 5d7588dd5..b878eadf3 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -92,6 +92,7 @@ builder.07=9002
 builder.08=1008
 builder.09=9103
 builder.10=1009
+builder.11=9102
 
 service.00=4300
 service.03=4300
@@ -122,6 +123,7 @@ sp.pvp2.09=4503
 sp.pvp2.10=4502
 sp.pvp2.11=4502
 sp.pvp2.12=4502
+sp.pvp2.13=4501
  
 validator.00=1102
 validator.01=1102
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
index 16cdc9c12..1ea057186 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
@@ -43,7 +43,7 @@ public class AuthenticationDataBuilderTest {
 				
 		IAuthenticationSession session = new DummyAuthSession();
 		session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL, false))).parseIdentityLink());
-		pendingReq.setGenericDataToSession(session.getKeyValueRepresentationFromAuthSession());
+		pendingReq.setRawDataToTransaction(session.getKeyValueRepresentationFromAuthSession());
 		
 		
 		IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq);
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
index 2fcec92c5..c9dcd291a 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -63,6 +63,7 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
 	
 	public static final String PARAM_OANAME = "OAName";
 	public static final String PARAM_COUNTRYLIST = "countryList";
+	public static final String PARAM_EIDAS_VISIBLE = "eIDASVisible";
 	
 	protected IRequest pendingReq = null;
 	protected String templateClasspahtDir = null;
@@ -141,10 +142,15 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
 					params.put(PARAM_BKU_URL_THIRD, oaParam.getBKUURL(IOAAuthParameters.THIRDBKU));
 				
 				//set eIDAS login information if requird
-				if (oaParam.isShowStorkLogin())
+				if (oaParam.isShowStorkLogin()) {
 					addCountrySelection(params, oaParam);
-				else
-					params.put(PARAM_COUNTRYLIST, "");
+					params.put(PARAM_EIDAS_VISIBLE, "");
+					
+				} else {
+					params.put(PARAM_COUNTRYLIST, "");					
+					params.put(PARAM_EIDAS_VISIBLE, FormBuildUtils.TEMPLATEVISIBLE);
+					
+				}
 				
 				FormBuildUtils.customiceLayoutBKUSelection(params, oaParam);
 								
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
index 53ec222dc..248bde700 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
@@ -50,12 +50,10 @@ public class FormBuildUtils {
 	private static String PARAM_MANDATEVISIBLE = "MANDATEVISIBLE";
 	private static String PARAM_MANDATECHECKED = "MANDATECHECKED";
 
-	private static String PARAM_STORKVISIBLE = "STORKVISIBLE";
-
-	private static final String TEMPLATEVISIBLE = " unvisible";
-	private static final String TEMPLATEDISABLED =  "disabled=\"true\"";
-	private static final String TEMPLATECHECKED = "checked=\"true\"";
-	private static final String TEMPLATE_ARIACHECKED = "aria-checked=";
+	public static final String TEMPLATEVISIBLE = " unvisible";
+	public static final String TEMPLATEDISABLED =  "disabled=\"true\"";
+	public static final String TEMPLATECHECKED = "checked=\"true\"";
+	public static final String TEMPLATE_ARIACHECKED = "aria-checked=";
 	
 	
 	static {
@@ -91,12 +89,7 @@ public class FormBuildUtils {
 			
 		} else
 			params.put(PARAM_MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\"");
-		
-		if (oaParam.isShowStorkLogin())
-			params.put(PARAM_STORKVISIBLE, "");
-		else
-			params.put(PARAM_STORKVISIBLE, TEMPLATEVISIBLE);
-		
+				
 		//add more SP specific infos
 		setFormCustomizatenFromSP(params, oaParam);
 		
@@ -126,7 +119,6 @@ public class FormBuildUtils {
 	public static void defaultLayoutBKUSelection(Map<String, Object> params) {
 		params.put(PARAM_MANDATEVISIBLE, TEMPLATEVISIBLE);
 		params.put(PARAM_MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\"");
-		params.put(PARAM_STORKVISIBLE, TEMPLATEVISIBLE);
 		
 		params.putAll(getDefaultMap());		
 	}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 34567131b..a77ba45a5 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -151,7 +151,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 			throw new AuthenticationException("auth.00", new Object[]{pendingReq.getSPEntityId()});
 
 		//load Template
-		String templateURL = pendingReq.getGenericData(
+		String templateURL = pendingReq.getRawData(
 				MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, String.class);
 		String template = null;
 		if (MiscUtil.isNotEmpty(templateURL)) {
@@ -450,8 +450,8 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		
 		SpecificTraceLogger.trace("Req. Authblock: " + createXMLSignatureRequest);
 		SpecificTraceLogger.trace("OA config: " + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).toString());
-		SpecificTraceLogger.trace("saml1RequestedTarget: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class));
-		SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class));	
+		SpecificTraceLogger.trace("saml1RequestedTarget: " + pendingReq.getRawData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class));
+		SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + pendingReq.getRawData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class));	
 				
 		return createXMLSignatureRequest;
 	}
@@ -547,10 +547,10 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		String authURL = pendingReq.getAuthURL();
 		
 		@Deprecated
-		String saml1RequestedTarget = pendingReq.getGenericData(
+		String saml1RequestedTarget = pendingReq.getRawData(
 				MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
 		@Deprecated
-		String saml1RequestedFriendlyName = pendingReq.getGenericData(
+		String saml1RequestedFriendlyName = pendingReq.getRawData(
 				MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class);
 
 		
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index a46c81d06..a2e03bc4e 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -162,7 +162,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
 	  result.put(AUTHBLOCK_TEXT_PATTERN_TIME, timeformat.format(datetime.getTime()));
 	  	  
 	  //set other values from pendingReq if exists
-	  Map<?,?> processSpecificElements = pendingReq.getGenericData(PENDING_REQ_AUTHBLOCK_TEXT_KEY, Map.class);
+	  Map<?,?> processSpecificElements = pendingReq.getRawData(PENDING_REQ_AUTHBLOCK_TEXT_KEY, Map.class);
 	  if (processSpecificElements != null && !processSpecificElements.isEmpty()) {
 		  Logger.debug("Find process-specific patterns for 'special AuthBlock-Text'. Start processing ...");
 		  Iterator<?> mapIterator = processSpecificElements.entrySet().iterator();
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
index f53dfae45..3eb7225a8 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
@@ -51,8 +51,8 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask {
 		Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
 					
 		try { 
-			//execute default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			//execute default task initialization   
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); 
 			boolean useMandate = moasession.isMandateUsed();
 			boolean identityLinkAvailable = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkAvailable"));	
 			if (!identityLinkAvailable && useMandate) {
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index af8f780ec..50add6beb 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -64,7 +64,7 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
 			throws TaskExecutionException {		
 		try { 
 			//execute default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 	    	//normal MOA-ID authentication
 	    	Logger.debug("Starting normal MOA-ID authentication");		    			    	    	
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index af4abe813..e4966a53b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -71,7 +71,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
 
 		try {
 			//execute default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 			//get MIS sessionID
 			String misSessionID = moasession.getMISSessionID();
@@ -120,7 +120,6 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
 			//revisionsLogger.logMandateEventSet(pendingReq, mandate);
 									
 			//store pending request with new MOASession data information
-			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 			
 			
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
index ab53671f2..65ae9cf91 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -34,6 +34,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -87,7 +88,9 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
 			HttpServletRequest request, HttpServletResponse response) throws EAAFException {
 		
 		Logger.info("BKU is selected -> Start BKU communication ...");			
-		AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+		//AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+		
+		AuthenticationSessionWrapper moasession = ((RequestImpl)pendingReq).getSessionData(AuthenticationSessionWrapper.class);
 		
 		boolean isLegacyRequest = false;
 		Object isLegacyRequestObj = executionContext.get("isLegacyRequest");
@@ -122,9 +125,9 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
 				
 		    	//get Target from config or from request in case of SAML 1				
 				String target = null;
-				if (MiscUtil.isNotEmpty(pendingReq.getGenericData("saml1_target", String.class)) && 
+				if (MiscUtil.isNotEmpty(pendingReq.getRawData("saml1_target", String.class)) && 
 						pendingReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol"))
-					target = pendingReq.getGenericData("saml1_target", String.class);
+					target = pendingReq.getRawData("saml1_target", String.class);
 
 				
 		    	String bkuURL = oaParam.getBKUURL(bkuid);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
index d1d0ef086..a02032e74 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
@@ -50,14 +50,13 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
 		
 		try {
 			//initialize task
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 			//build authBlock
 			String createXMLSignatureRequest = authServer
 					.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq);
 
 			//store pending request with new MOASession data information
-			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 			
 			//write response
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
index 7c9702b8b..dd7890b7e 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
@@ -71,7 +71,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
 		//mandate Mode
 		try {
 			//perform default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 						
 			ConnectionParameterInterface connectionParameters = 
 					moaAuthConfig.getOnlineMandatesConnectionParameter(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class));	
@@ -131,7 +131,6 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
 	        moasession.setMISSessionID(misSessionID.getSessiondId());
 		
 	      //store pending request with new MOASession data information
-	        pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 	        			
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
index 3b70c55e9..c8b562282 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
@@ -87,7 +87,7 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
 				throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
 
 			//execute default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
 			
@@ -95,7 +95,6 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
 			authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse);
 			
 			//store pending request with new MOASession data information
-			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 							
 		}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
index 5b207d33e..9f1f23344 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -77,7 +77,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
 				
 	    try {
 	    	//execute default task initialization
-	    	AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+	    	AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
 	    		    	
@@ -98,7 +98,6 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
 	    				authServer.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq);
 	    		
 	    		//store pending request with new MOASession data information
-	    		pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 				requestStoreage.storePendingRequest(pendingReq);
 	    		
 		    	CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
index 99eba56c1..b7c45a032 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
@@ -66,7 +66,7 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 		
 		try {
 			//execute default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 		
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
 
@@ -74,7 +74,6 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 			boolean identityLinkAvailable = authServer.verifyIdentityLink(pendingReq, moasession, parameters) != null;
 			
 			//store pending request with new MOASession data information
-			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 
 			//set 'identityLink exists' flag to context
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 01ef4ee26..ab9be7163 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -144,10 +144,10 @@ public class CreateXMLSignatureResponseValidator {
     IIdentityLink identityLink = session.getIdentityLink();
     
     @Deprecated
-	String saml1RequestedTarget = pendingReq.getGenericData(
+	String saml1RequestedTarget = pendingReq.getRawData(
 			MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
 	@Deprecated
-	String saml1RequestedFriendlyName = pendingReq.getGenericData(
+	String saml1RequestedFriendlyName = pendingReq.getRawData(
 			MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class);
 	  
 	  try {	                
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
index c3c3331e1..c1229e3ff 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
@@ -29,7 +29,6 @@ import java.util.List;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.commons.lang3.StringUtils;
 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -40,21 +39,20 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
 import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthRequestBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.logging.Logger;
@@ -92,7 +90,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			}
 						
 			// get entityID for central ms-specific eIDAS node 			
-			String msNodeEntityID = getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration());
+			String msNodeEntityID = Utils.getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration(), authConfig);
 			
 			
 			if (MiscUtil.isEmpty(msNodeEntityID)) {
@@ -149,48 +147,24 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
 						
 		} catch (MetadataProviderException e) {
-			throw new TaskExecutionException(pendingReq, "Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED.", e);
+			
+			throw new TaskExecutionException(pendingReq, 
+					"Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED.", 
+					new AuthnRequestBuildException("sp.pvp2.02", new Object[] {"'national central eIDASNode'"},e ));
 
 		} catch (MessageEncodingException | NoSuchAlgorithmException  | SecurityException e) {
-			Logger.error("Build PVP2.1 AuthnRequest for SSO inderfederation FAILED", e);
-			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			Logger.error("Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED", e);
+			throw new TaskExecutionException(pendingReq, 
+					e.getMessage(), 
+					new AuthnRequestBuildException("sp.pvp2.13", new Object[] {"'national central eIDASNode'"},e ));
 			
 		} catch (Exception e) {
-			Logger.error("Build PVP2.1 AuthnRequest for SSO inderfederation FAILED", e);
+			Logger.error("Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED", e);
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
 			
 		}
 	}
 
-	private String getCentraleIDASNodeEntityId(ISPConfiguration spConfiguration) {
-		//load from service-provider configuration
-		String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL);
-		
-		if (StringUtils.isEmpty(msNodeEntityID)) {
-			Logger.debug("No SP-specific central eIDAS-node URL. Switch to general configuration ... ");
-			if (authConfig instanceof AuthConfiguration) {
-				AuthConfiguration moaAuthConfig = (AuthConfiguration)authConfig;					
-				List<String> configuratedEntityIDs = KeyValueUtils.getListOfCSVValues(
-						moaAuthConfig.getConfigurationWithKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL));
-				
-				if (configuratedEntityIDs.size() > 0)
-					msNodeEntityID = configuratedEntityIDs.get(0);
-				else
-					Logger.info("No central eIDAS-node URL in IDP configuration. Switch to backup configuration ... ");
-				
-			} else 
-				Logger.info("Basic configuration is NOT of type '" + AuthConfiguration.class.getName()
-						+ "' Switch to generic Type ... ");
-				
-			
-			if (StringUtils.isEmpty(msNodeEntityID))
-				msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
-			
-		}
-						
-		return msNodeEntityID;
-	}
-
 	private List<EAAFRequestedAttribute> buildRequestedAttributes() {
 		List<EAAFRequestedAttribute> attributs = new ArrayList<EAAFRequestedAttribute>();
 		
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
index c034dc95e..f3eaff11a 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
@@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.xml.transform.TransformerException;
 
+import org.apache.commons.lang3.StringUtils;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.saml2.core.StatusCode;
 import org.opensaml.ws.message.decoder.MessageDecodingException;
@@ -55,10 +56,12 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
 import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
@@ -129,7 +132,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);
 			
 			//validate entityId of response
-			String msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+			String msNodeEntityID = Utils.getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration(), authConfig);
 			String respEntityId = msg.getEntityID();
 			if (!msNodeEntityID.equals(respEntityId)) {
 				Logger.warn("Response Issuer is not a 'ms-specific eIDAS node'. Stopping eIDAS authentication ...");
@@ -155,23 +158,28 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 		} catch (MessageDecodingException | SecurityException e) {
 			String samlRequest = request.getParameter("SAMLRequest");			
 			Logger.warn("Receive INVALID PVP Response from 'ms-specific eIDAS node': " + samlRequest, e);
-			throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from federated IDP", e);
+			throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from federated IDP", 
+					new AuthnResponseValidationException("sp.pvp2.11", new Object[] {"'national central eIDASNode'"}, e));
 
 		} catch (IOException | MarshallingException | TransformerException e) {
 			Logger.warn("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
-			throw new TaskExecutionException(pendingReq, "Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "Processing PVP response from 'ms-specific eIDAS node' FAILED.", 
+					new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'national central eIDASNode'", e.getMessage()}, e));
 			
 		} catch (CredentialsNotAvailableException e) {
 			Logger.error("PVP response decrytion FAILED. No credential found.", e);
-			throw new TaskExecutionException(pendingReq, "PVP response decrytion FAILED. No credential found.", e);
+			throw new TaskExecutionException(pendingReq, "PVP response decrytion FAILED. No credential found.", 
+					new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'national central eIDASNode'"}, e));
 
 		} catch (AssertionValidationExeption | AuthnResponseValidationException e) {
 			Logger.info("PVP response validation FAILED. Msg:" + e.getMessage());			
-			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", 
+					new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'national central eIDASNode'"}, e));
 									
 		} catch (Exception e) {
 			Logger.warn("PVP response validation FAILED. Msg:" + e.getMessage(), e);			
-			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", 
+					new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'national central eIDASNode'", e.getMessage()}, e));
 			
 		}
 
@@ -182,19 +190,29 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			//check if all attributes are include
 			if (!extractor.containsAllRequiredAttributes() 
 					&& !extractor.containsAllRequiredAttributes(EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES)) {
-				Logger.warn("PVP Response from federated IDP contains not all requested attributes.");
+				Logger.warn("PVP Response from 'ms-specific eIDAS node' contains not all requested attributes.");
 				throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING});
 				
 			}
 			
 			//copy attributes into MOASession
+			AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); 
 			Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
 			for (String el : includedAttrNames) {
 				String value = extractor.getSingleAttributeValue(el);				 				
-				pendingReq.setGenericDataToSession(el, value);				
+				session.setGenericDataToSession(el, value);				
 				Logger.debug("Add PVP-attribute " + el + " into MOASession");
 				
 			}
+			
+			//set foreigner flag
+			session.setForeigner(true);
+			if (extractor.getFullAssertion().getIssuer() != null && 
+					StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue()))
+				session.setBkuURL(extractor.getFullAssertion().getIssuer().getValue());
+			else
+				session.setBkuURL("eIDAS_Authentication");
+			
 												
 		} catch (AssertionValidationExeption e) {
 			throw new BuildException("builder.06", null, e);
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java
new file mode 100644
index 000000000..642008726
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java
@@ -0,0 +1,45 @@
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils;
+
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class Utils {
+
+	public static String getCentraleIDASNodeEntityId(ISPConfiguration spConfiguration, IConfiguration authConfig) {
+		//load from service-provider configuration
+		String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL);
+		
+		if (StringUtils.isEmpty(msNodeEntityID)) {
+			Logger.debug("No SP-specific central eIDAS-node URL. Switch to general configuration ... ");
+			if (authConfig instanceof AuthConfiguration) {
+				AuthConfiguration moaAuthConfig = (AuthConfiguration)authConfig;					
+				List<String> configuratedEntityIDs = KeyValueUtils.getListOfCSVValues(
+						moaAuthConfig.getConfigurationWithKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL));
+				
+				if (configuratedEntityIDs.size() > 0)
+					msNodeEntityID = configuratedEntityIDs.get(0);
+				else
+					Logger.info("No central eIDAS-node URL in IDP configuration. Switch to backup configuration ... ");
+				
+			} else 
+				Logger.info("Basic configuration is NOT of type '" + AuthConfiguration.class.getName()
+						+ "' Switch to generic Type ... ");
+				
+			
+			if (StringUtils.isEmpty(msNodeEntityID))
+				msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+			
+		}
+						
+		return msNodeEntityID;
+	}
+}
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
index ec43adccc..0cbf009ad 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
@@ -29,7 +29,6 @@ import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.KeySpec;
-import java.util.Date;
 
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
@@ -57,14 +56,12 @@ import com.google.gson.JsonParser;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
-import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
@@ -136,9 +133,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 	 * @throws MOAIDException 
 	 * @throws IOException 
 	 */
-	private void parseDemoValuesIntoMOASession(IRequest pendingReq, String eIDBlobRawB64) throws MOAIDException, IOException {
-		IAuthenticationSession moaSession = new AuthenticationSession("1235", new Date());
-		
+	private void parseDemoValuesIntoMOASession(IRequest pendingReq, String eIDBlobRawB64) throws MOAIDException, IOException {		
 		Logger.debug("Check eID blob signature  ... ");
 		byte[] eIDBlobRaw = Base64Utils.decode(eIDBlobRawB64.trim(), false);
 		
@@ -206,16 +201,14 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 			Logger.debug("Parse eID information into MOA-Session ...");
 			byte[] rawIDL = Base64Utils.decode(idlB64, false);
 			IIdentityLink identityLink = new IdentityLinkAssertionParser(new ByteArrayInputStream(rawIDL)).parseIdentityLink();			
+			AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			moaSession.setIdentityLink(identityLink);
 			moaSession.setUseMandates(false);
 			moaSession.setForeigner(false);			
 			moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest");			
 			moaSession.setQAALevel(PVPConstants.EIDAS_QAA_SUBSTANTIAL);
 			Logger.info("Session Restore completed");
-			
-			
-			pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession());
-			
+									
 		} catch (MOAIDException e) {
 			throw e;
 			
@@ -243,10 +236,6 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 			Logger.error("Can not extract mobile-app binding-certificate from eID blob.", e);
 			throw new MOAIDException("Can not extract mobile-app binding-certificate from eID blob.", null, e);
 						
-		} catch (EAAFStorageException e) {
-			Logger.error("Can not populate pending-request with eID data.", e);
-			throw new MOAIDException("Can not populate pending-request with eID data.", null, e);
-			
 		} finally {
 						
 		}
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
index 5e79aee8e..bb5700bd7 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
@@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
-import java.util.Date;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -40,11 +39,10 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
@@ -87,9 +85,8 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 	 * @throws MOAIDException 
 	 * @throws EAAFStorageException 
 	 */
-	private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException {
-		IAuthenticationSession moaSession = new AuthenticationSession("1233", new Date());
-		
+	private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException {		
+		AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 		moaSession.setUseMandates(false);
 		moaSession.setForeigner(false);
 		
@@ -108,9 +105,7 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 			throw new MOAIDException("IdentityLink is not parseable.", null);
 			
 		}
-			
-		pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession());
-		
+					
 	}
 
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index 103781470..3dea62ec4 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
 import java.io.InputStream;
 import java.text.SimpleDateFormat;
-import java.util.Date;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -42,8 +41,8 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
@@ -73,7 +72,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 			throws TaskExecutionException { 
 		try{												
 			//get eIDAS attributes from MOA-Session
-			ImmutableAttributeMap eIDASAttributes = pendingReq.getGenericData(
+			AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
+			ImmutableAttributeMap eIDASAttributes = moaSession.getGenericDataFromSession(
 					AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, 
 					ImmutableAttributeMap.class);
 			
@@ -161,13 +161,11 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 			}
 			
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED);
-			AuthenticationSession moasession = new AuthenticationSession("1234", new Date());
-			moasession.setForeigner(true);
-			moasession.setIdentityLink(identityLink);
-			moasession.setBkuURL("Not applicable (eIDASAuthentication)");
-			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
-			
-			
+			moaSession.setForeigner(true);
+			moaSession.setIdentityLink(identityLink);
+			moaSession.setBkuURL("Not applicable (eIDASAuthentication)");
+
+						
 			//store MOA-session to database
 			requestStoreage.storePendingRequest(pendingReq);
 		
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 55416e92b..1788facf0 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -12,6 +12,7 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
@@ -89,21 +90,19 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			// **********************************************************
 			
 			//update MOA-Session data with received information			
-			Logger.debug("Store eIDAS response information into MOA-session.");
-					
-			pendingReq.setGenericDataToSession(AuthProzessDataConstants.VALUE_QAALEVEL, samlResp.getLevelOfAssurance());
-			
-			pendingReq.setGenericDataToSession(
+			Logger.debug("Store eIDAS response information into MOA-session.");					
+			AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class);			
+			session.setGenericDataToSession(AuthProzessDataConstants.VALUE_QAALEVEL, samlResp.getLevelOfAssurance());			
+			session.setGenericDataToSession(
 					AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, 
-					samlResp.getAttributes());
-						
-			pendingReq.setGenericDataToSession(
+					samlResp.getAttributes());						
+			session.setGenericDataToSession(
 					AuthenticationSessionStorageConstants.eIDAS_RESPONSE, 
 					decSamlToken);
 			
 			//set issuer nation as PVP attribute into MOASession
-			pendingReq.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry());
-						
+			session.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry());			
+			
 			//store MOA-session to database
 			requestStoreage.storePendingRequest(pendingReq);
 			
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 42ca6e507..d268dd2f6 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -350,15 +350,15 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
 			pendingReq.setRemoteRelayState(relayState);
 			
 			//store level of assurance
-			pendingReq.setGenericDataToSession(eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, 
+			pendingReq.setRawDataToTransaction(eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, 
 					eIDASSamlReq.getEidasLevelOfAssurance().stringValue());			
 			
 			//set flag if transiend identifier is requested
 			if (MiscUtil.isNotEmpty(eIDASSamlReq.getNameIdFormat()) 
 					&& eIDASSamlReq.getNameIdFormat().equals(SamlNameIdFormat.TRANSIENT.getNameIdFormat()))
-				pendingReq.setGenericDataToSession(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, true);
+				pendingReq.setRawDataToTransaction(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, true);
 			else
-				pendingReq.setGenericDataToSession(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, false);
+				pendingReq.setRawDataToTransaction(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, false);
 			
 			// - memorize requested attributes			
 			pendingReq.setEidasRequestedAttributes(eIDASSamlReq.getRequestedAttributes());
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index 25f303816..b1db1564e 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -55,6 +55,7 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationExceptio
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
@@ -162,8 +163,11 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 			Logger.debug("Validation of PVP Response from ELGA mandate-service is complete.");
 			
 			Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
+			
+			AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class);			
 			for (String el : includedAttrNames) {
-				pendingReq.setGenericDataToSession(el, extractor.getSingleAttributeValue(el));
+				session.setGenericDataToSession(el, extractor.getSingleAttributeValue(el));
+				//pendingReq.setGenericDataToSession(el, extractor.getSingleAttributeValue(el));
 				Logger.debug("Add PVP-attribute " + el + " into MOASession");
 				
 			}
@@ -243,7 +247,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 		Response samlResp = (Response) msg.getResponse();
 
 		//validate 'inResponseTo' attribute
-		String authnReqID = pendingReq.getGenericData(
+		String authnReqID = pendingReq.getRawData(
 				MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID, String.class);
 		String inResponseTo = samlResp.getInResponseTo();
 		
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index 658502d2c..50fb2cb4a 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -114,7 +114,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 			EntityDescriptor entityDesc = metadataService.getEntityDescriptor(elgaMandateServiceEntityID);			
 			
 			//load MOASession from database
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 			
 			//setup AuthnRequestBuilder configuration
@@ -192,7 +192,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 			
 			//set MandateReferenceValue as RequestID
 			authnReqConfig.setRequestID(moasession.getMandateReferenceValue());
-			pendingReq.setGenericDataToSession(
+			pendingReq.setRawDataToTransaction(
 					MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID,
 					authnReqConfig.getRequestID());
 			
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 40701d91d..0350a113c 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -28,6 +28,7 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -159,7 +160,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 	}
 
 	@Override
-	protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception {
+	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
 		this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true));
 		this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true));
 		this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true));
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index 2ce5234ac..118de861c 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -30,7 +30,6 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
@@ -49,9 +48,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 	private static final long serialVersionUID = 1L;
 	
 	protected Set<String> allowedParameters = new HashSet<String>();
-		
-	@Autowired(required=true) protected IConfiguration authConfig;
-	
+			
 	protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception {
 		String param = request.getParameter(name);
 		Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param);
@@ -65,7 +62,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 		return param;
 	}
 	
-	protected void populateParameters(final HttpServletRequest request) throws OAuth20Exception {
+	protected void populateParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
 		
 		// moa id - load oa with client id!
 		try {
@@ -91,7 +88,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 		}
 		
 		// oAuth
-		this.populateSpecialParameters(request);
+		this.populateSpecialParameters(request, authConfig);
 		
 		// cleanup parameters
 		this.checkAllowedParameters(request);
@@ -115,6 +112,6 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 		
 	}
 	
-	protected abstract void populateSpecialParameters(final HttpServletRequest request) throws OAuth20Exception;
+	protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception;
 	
 }
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 30e89d15a..9f4174bf0 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -79,7 +79,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 		try {			
 			pendingReq.initialize(req, authConfig);
 			pendingReq.setModule(OAuth20Protocol.NAME);		
-			pendingReq.populateParameters(req);
+			pendingReq.populateParameters(req, authConfig);
 			
 		} catch (EAAFException e) {
 			Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
@@ -113,7 +113,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 		try {			
 			pendingReq.initialize(req, authConfig);
 			pendingReq.setModule(OAuth20Protocol.NAME);		
-			pendingReq.populateParameters(req);
+			pendingReq.populateParameters(req, authConfig);
 			
 		} catch (EAAFException e) {
 			Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index e14914512..89e4252b1 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -28,6 +28,7 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -124,7 +125,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
 	}
 	
 	@Override
-	protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception {
+	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
 		this.setCode(this.getParam(request, OAuth20Constants.RESPONSE_CODE, true));
 		this.setGrantType(this.getParam(request, OAuth20Constants.PARAM_GRANT_TYPE, true));
 		this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
index fec78d88c..3408cf538 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
@@ -167,7 +167,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 							command, signedCommand);
 										
 					//store pending request
-					pendingReq.setGenericDataToSession(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, 
+					pendingReq.setRawDataToTransaction(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, 
 							qualeIDReqId);
 					requestStoreage.storePendingRequest(pendingReq);
 
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index a3175713a..fc386b796 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -25,7 +25,6 @@ import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
 import at.gv.egiz.eaaf.core.impl.utils.StreamUtils;
 import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
@@ -93,7 +92,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				}
 			
 				//validate reqId with inResponseTo 
-				String sl20ReqId = pendingReq.getGenericData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class);
+				String sl20ReqId = pendingReq.getRawData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class);
 				String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true);
 				if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) {
 					Logger.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
@@ -153,16 +152,16 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 					}
 				
 					//cache qualified eID data into pending request
-					pendingReq.setGenericDataToSession(
+					pendingReq.setRawDataToTransaction(
 							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, 
 							idlB64);
-					pendingReq.setGenericDataToSession(
+					pendingReq.setRawDataToTransaction(
 							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, 
 							authBlockB64);
-					pendingReq.setGenericDataToSession(
+					pendingReq.setRawDataToTransaction(
 							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, 
 							ccsURL);
-					pendingReq.setGenericDataToSession(
+					pendingReq.setRawDataToTransaction(
 							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, 
 							LoA);
 								
@@ -176,7 +175,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				Logger.warn("SL2.0 processing error:", e);
 				if (sl20Result != null)
 					Logger.debug("Received SL2.0 result: " + sl20Result);
-				pendingReq.setGenericDataToSession(
+				pendingReq.setRawDataToTransaction(
 						Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, 
 						new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e));
 				
@@ -185,7 +184,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				Logger.warn("SL2.0 Authentication FAILED with a generic error.", e);
 				if (sl20Result != null)
 					Logger.debug("Received SL2.0 result: " + sl20Result);
-				pendingReq.setGenericDataToSession(
+				pendingReq.setRawDataToTransaction(
 						Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, 
 						new TaskExecutionException(pendingReq, e.getMessage(), e));
 				
@@ -246,7 +245,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				Map<String, String> reqParameters = new HashMap<String, String>();
 				reqParameters.put(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, pendingReq.getPendingRequestId());
 				JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters(
-						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.ENDPOINT_FINALIZEPROTOCOL, null), 
+						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), 
 						SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, 
 						false, 
 						reqParameters);
@@ -260,7 +259,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 								
 				//build second redirect command for IDP
 				JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters(
-						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.ENDPOINT_FINALIZEPROTOCOL, null), 
+						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), 
 						redirectOneCommand, null, true);
 				JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams);
 				
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
index 403423e46..6811d1016 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
@@ -40,7 +40,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 		Logger.debug("Verify qualified eID data from SL20 response .... ");
 		try {
 			//check if there was an error 
-			TaskExecutionException sl20Error = pendingReq.getGenericData(
+			TaskExecutionException sl20Error = pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR,
 					TaskExecutionException.class);			
 			if (sl20Error != null) {
@@ -50,19 +50,19 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 			}
 			
 			//get data from pending request
-			String sl20ReqId = pendingReq.getGenericData(
+			String sl20ReqId = pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, 
 					String.class);
-			String idlB64 =  pendingReq.getGenericData(
+			String idlB64 =  pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL,
 					String.class);
-			String authBlockB64 = pendingReq.getGenericData(
+			String authBlockB64 = pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, 
 					String.class);
-			String ccsURL = pendingReq.getGenericData(
+			String ccsURL = pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, 
 					String.class);
-			String LoA = pendingReq.getGenericData(
+			String LoA = pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, 
 					String.class);
 							
@@ -104,7 +104,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 			
 			
 			//add into session
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());			
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);			
 			moasession.setIdentityLink(idl);
 			moasession.setBkuURL(ccsURL);
 			//TODO: from AuthBlock
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
index 95590b51a..921e3844b 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
@@ -91,8 +91,8 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask {
 			//store DH params and nonce to pending-request
 			SSOTransferContainer container = new SSOTransferContainer();
 			container.setDhParams(dhKeyIDP);
-			pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_DH, container);
-			pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_NONCE, nonce);
+			pendingReq.setRawDataToTransaction(SSOTransferConstants.PENDINGREQ_DH, container);
+			pendingReq.setRawDataToTransaction(SSOTransferConstants.PENDINGREQ_NONCE, nonce);
 						
 			//store pending-request
 			requestStoreage.storePendingRequest(pendingReq);
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
index c7e42c8ab..90b74ebd7 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
@@ -27,7 +27,6 @@ import java.io.IOException;
 import java.io.PrintWriter;
 import java.math.BigInteger;
 import java.security.MessageDigest;
-import java.util.Date;
 
 import javax.crypto.Cipher;
 import javax.crypto.spec.DHPublicKeySpec;
@@ -50,13 +49,11 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
@@ -102,8 +99,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 			
 		}
 		
-    	String nonce = pendingReq.getGenericData(SSOTransferConstants.PENDINGREQ_NONCE, String.class);
-    	SSOTransferContainer container = pendingReq.getGenericData(
+    	String nonce = pendingReq.getRawData(SSOTransferConstants.PENDINGREQ_NONCE, String.class);
+    	SSOTransferContainer container = pendingReq.getRawData(
     			SSOTransferConstants.PENDINGREQ_DH, SSOTransferContainer.class);
     	if (container == null) {
     		throw new TaskExecutionException(pendingReq, "NO DH-Params in pending-request", 
@@ -189,9 +186,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 				Logger.debug("MobileDevice is valid. --> Starting session reconstruction ...");
 		    					
 		    	//transfer SSO Assertion into MOA-Session
-				AuthenticationSession moaSession = new AuthenticationSession("1235", new Date());
+				AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 		    	ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moaSession, attributeExtractor);
-		    	pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession());
 		    	
 		    	// store MOASession into database
 		    	requestStoreage.storePendingRequest(pendingReq);
@@ -249,8 +245,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 				
 			} else {
 		    	//session is valid --> load MOASession object
-
-				IAuthenticationSession moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());			    
+				AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); 
+								
 				DateTime moaSessionCreated = new DateTime(moasession.getSessionCreated().getTime());
 				if (moaSessionCreated.plusMinutes(1).isBeforeNow()) {
 					Logger.warn("No SSO session-container received. Stop authentication process after time-out.");
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index 20fd5ebc4..d0d97e9e8 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -73,7 +73,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			throws TaskExecutionException {
 		try{
 			// get IDP entityID
-			String idpEntityID = pendingReq.getGenericData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class);
+			String idpEntityID = pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class);
 					
 			if (MiscUtil.isEmpty(idpEntityID)) {
 				Logger.info("Interfederation not possible -> not inderfederation IDP EntityID found!");
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index f5af84405..6b6d1a196 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -47,6 +47,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
 import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
@@ -168,11 +169,11 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			//check if SP is also a federated IDP
 			if (spConfig.isInderfederationIDP()) {
 				//SP is a federated IDP  --> answer only with nameID and wait for attribute-Query
-				pendingReq.setGenericDataToSession(
+				pendingReq.setRawDataToTransaction(
 						MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true);				
-				pendingReq.setGenericDataToSession(
+				pendingReq.setRawDataToTransaction(
 						MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID());
-				pendingReq.setGenericDataToSession(
+				pendingReq.setRawDataToTransaction(
 						MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel());
 
 				authenticatedSessionStorage.
@@ -195,8 +196,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			}
 
 			//store valid assertion into pending-request
-			pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg);
-			pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID());
+			pendingReq.setRawDataToTransaction(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg);
+			pendingReq.setRawDataToTransaction(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID());
 			
 			//store pending-request
 			requestStoreage.storePendingRequest(pendingReq);
@@ -297,6 +298,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			
 			//copy attributes into MOASession
 			Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
+			AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
 			for (String el : includedAttrNames) {
 				String value = extractor.getSingleAttributeValue(el);
 				
@@ -310,13 +312,13 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 					}					
 				} 
 				
-				pendingReq.setGenericDataToSession(el, value);				
+				session.setGenericDataToSession(el, value);				
 				Logger.debug("Add PVP-attribute " + el + " into MOASession");
 				
 			}
 			
 			//set validTo from this federated IDP response
-			pendingReq.setGenericDataToSession(
+			session.setGenericDataToSession(
 					AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO, 
 					extractor.getAssertionNotOnOrAfter());
 									
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 92bcce24b..21dbb573a 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -85,14 +85,14 @@ public class GetArtifactAction implements IAction {
 			
 			String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID);
 			
-			String oaTargetArea = req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class);
+			String oaTargetArea = req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class);
 			
 			if (authData.isSsoSession()) {
 				String url = req.getAuthURL() + RedirectServlet.SERVICE_ENDPOINT;
 				url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8"));
 				if (MiscUtil.isNotEmpty(oaTargetArea))
 					url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, 
-							URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
+							URLEncoder.encode(req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
 				url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
 				url = httpResp.encodeRedirectURL(url);
 				
@@ -104,7 +104,7 @@ public class GetArtifactAction implements IAction {
 				String redirectURL = oaURL;		
 				if (MiscUtil.isNotEmpty(oaTargetArea)) {
 					redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_TARGET,
-					URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
+					URLEncoder.encode(req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
 
 				}
 				
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 398119a7f..30d740a2a 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -193,7 +193,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 			revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST);
 			
 			if (MiscUtil.isNotEmpty(target)) {
-				pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target);
+				pendingRequest.setRawDataToTransaction(REQ_DATA_TARGET, target);
 				pendingRequest.setTarget(MOAIDAuthConstants.PREFIX_CDID + target);
 			
 			} else {
@@ -201,7 +201,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 				pendingRequest.setTarget(targetArea);
 				
 				if (targetArea.startsWith(MOAIDAuthConstants.PREFIX_CDID))
-					pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, 
+					pendingRequest.setRawDataToTransaction(REQ_DATA_TARGET, 
 							targetArea.substring(MOAIDAuthConstants.PREFIX_CDID.length()));
 				
 				
diff --git a/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0-tests.jar b/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0-tests.jar
index e892b3f35..9edec3e82 100644
Binary files a/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0-tests.jar and b/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0-tests.jar differ
diff --git a/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.jar b/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.jar
index f3f35cf39..0837eb813 100644
Binary files a/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.jar and b/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.jar differ
diff --git a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_core/1.0.0/eaaf_module_pvp2_core-1.0.0.jar b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_core/1.0.0/eaaf_module_pvp2_core-1.0.0.jar
index 6473df192..612ec0b6c 100644
Binary files a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_core/1.0.0/eaaf_module_pvp2_core-1.0.0.jar and b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_core/1.0.0/eaaf_module_pvp2_core-1.0.0.jar differ
diff --git a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_idp/1.0.0/eaaf_module_pvp2_idp-1.0.0.jar b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_idp/1.0.0/eaaf_module_pvp2_idp-1.0.0.jar
index 6317fa4a4..e45f380a6 100644
Binary files a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_idp/1.0.0/eaaf_module_pvp2_idp-1.0.0.jar and b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_idp/1.0.0/eaaf_module_pvp2_idp-1.0.0.jar differ
diff --git a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_sp/1.0.0/eaaf_module_pvp2_sp-1.0.0.jar b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_sp/1.0.0/eaaf_module_pvp2_sp-1.0.0.jar
index ff42b691e..c3251bc5f 100644
Binary files a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_sp/1.0.0/eaaf_module_pvp2_sp-1.0.0.jar and b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_sp/1.0.0/eaaf_module_pvp2_sp-1.0.0.jar differ
-- 
cgit v1.2.3