From 59fd2c0ea0649c94340d67b735a2d53696065e4c Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 26 Jul 2013 07:47:08 +0200
Subject: Bugfixes:  - handle Error if more then one authentication is started
 for one Online-Application  - handle MultiThread error if more then one
 authentication process is active in one user session

Add:
 - Add UserData database. (is required for the web-based configuration tool)
 - Add additional OA parameter in MOA-ID 2.x configuration scheme to set OAs active or not

TODO: change 'searchOAWith....' to only get results with active=true
---
 .../moa/id/auth/builder/LoginFormBuilder.java      |   4 +-
 .../id/auth/builder/SendAssertionFormBuilder.java  |   4 +-
 .../StartAuthentificationParameterParser.java      |   8 +-
 .../moa/id/auth/servlet/AuthServlet.java           |   6 +-
 .../servlet/GenerateIFrameTemplateServlet.java     |  63 +----
 .../moa/id/auth/servlet/GetForeignIDServlet.java   |  15 +-
 .../id/auth/servlet/GetMISSessionIDServlet.java    |  19 +-
 .../moa/id/auth/servlet/LogOutServlet.java         |  43 +--
 .../moa/id/auth/servlet/PEPSConnectorServlet.java  |  13 +-
 .../auth/servlet/ProcessValidatorInputServlet.java |   2 +-
 .../id/auth/servlet/SSOSendAssertionServlet.java   |  50 +++-
 .../servlet/VerifyAuthenticationBlockServlet.java  |  18 +-
 .../id/auth/servlet/VerifyCertificateServlet.java  |   8 +-
 .../id/auth/servlet/VerifyIdentityLinkServlet.java |  10 +-
 .../moa/id/entrypoints/DispatcherServlet.java      | 208 ++++++++++----
 .../moa/id/moduls/AuthenticationManager.java       |  12 +-
 .../at/gv/egovernment/moa/id/moduls/IRequest.java  |   2 +
 .../gv/egovernment/moa/id/moduls/ModulUtils.java   |  10 +-
 .../gv/egovernment/moa/id/moduls/RequestImpl.java  |  10 +
 .../egovernment/moa/id/moduls/RequestStorage.java  |  57 +++-
 .../id/storage/AuthenticationSessionStoreage.java  |  71 ++++-
 .../resources/templates/loginFormFull.html         | 315 ---------------------
 .../resources/templates/loginFormIFrame.html       | 260 -----------------
 .../resources/templates/sendAssertionFormFull.html |   2 +
 .../templates/sendAssertionFormIFrame.html         |   2 +
 id/server/moa-id-commons/pom.xml                   |   4 +-
 .../moa/id/commons/db/ConfigurationDBUtils.java    |  10 +-
 .../moa/id/commons/db/dao/config/UserDatabase.java | 263 +++++++++++++++++
 .../db/dao/session/AuthenticatedSessionStore.java  |  20 +-
 .../src/main/resources/config/moaid_config_2.0.xsd |   1 +
 .../main/resources/config/persistence_template.xml |   5 +-
 31 files changed, 736 insertions(+), 779 deletions(-)
 delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
 delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/loginFormIFrame.html
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/UserDatabase.java

(limited to 'id')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
index 9ba11bebd..a80fcfa25 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
@@ -30,6 +30,7 @@ public class LoginFormBuilder {
 	private static String BKU_HANDY =  "#HANDY#"; 
 	private static String BKU_LOCAL =  "#LOCAL#"; 
 	private static String CONTEXTPATH = "#CONTEXTPATH#";
+	private static String MOASESSIONID = "#SESSIONID#";
 	
 	private static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate";
 	
@@ -84,7 +85,7 @@ public class LoginFormBuilder {
 			return template;
 	}
 
-	public static String buildLoginForm(String modul, String action, String oaname, String contextpath, boolean isIFrame) {
+	public static String buildLoginForm(String modul, String action, String oaname, String contextpath, boolean isIFrame, String moaSessionID) {
 		String value = getTemplate(isIFrame);
 		
 		if(value != null) {
@@ -98,6 +99,7 @@ public class LoginFormBuilder {
 			value = value.replace(ACTION, action);
 			value = value.replace(OANAME, oaname);
 			value = value.replace(CONTEXTPATH, contextpath);
+			value = value.replace(MOASESSIONID, moaSessionID);
 		}
 		return value;
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
index a72848832..956593237 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
@@ -25,6 +25,7 @@ public class SendAssertionFormBuilder {
 	private static String URL = "#URL#";
 	private static String MODUL = "#MODUL#";
 	private static String ACTION = "#ACTION#";
+	private static String ID = "#ID#";
 	private static String OANAME = "#OAName#";
 	private static String CONTEXTPATH = "#CONTEXTPATH#";
 	
@@ -75,7 +76,7 @@ public class SendAssertionFormBuilder {
 		return template;
 	}
 
-	public static String buildForm(String modul, String action, String oaname, String contextpath, boolean isIFrame) {
+	public static String buildForm(String modul, String action, String id, String oaname, String contextpath, boolean isIFrame) {
 		String value = getTemplate(isIFrame);
 		
 		if(value != null) {
@@ -87,6 +88,7 @@ public class SendAssertionFormBuilder {
 			}
 			value = value.replace(MODUL, modul);
 			value = value.replace(ACTION, action);
+			value = value.replace(ID, id);
 			value = value.replace(OANAME, oaname);
 			value = value.replace(CONTEXTPATH, contextpath);
 		}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index c9a10b812..58cea2926 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -221,11 +221,11 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
 	}
 	
 	public static void parse(HttpServletRequest req, HttpServletResponse resp, 
-			AuthenticationSession moasession) throws WrongParametersException, MOAIDException {
+			AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException {
 		
-	    //check Module and Action
-	    HttpSession httpSession = req.getSession();    
-	    IRequest request = RequestStorage.getPendingRequest(httpSession);
+//	    //check Module and Action
+//	    HttpSession httpSession = req.getSession();    
+//	    IRequest request = RequestStorage.getPendingRequest(httpSession);
 	    
 	    String modul = request.requestedModule();//req.getParameter(PARAM_MODUL);
 	    String action = request.requestedAction();//req.getParameter(PARAM_ACTION);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index 4b15d80b4..022f21491 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -50,6 +50,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
 import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl;
 import at.gv.egovernment.moa.id.storage.IExceptionStore;
 import at.gv.egovernment.moa.id.util.ServletUtils;
@@ -143,7 +144,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
 	 *            servlet response
 	 */
 	protected void handleError(String errorMessage, Throwable exceptionThrown,
-			HttpServletRequest req, HttpServletResponse resp) {
+			HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) {
 
 		if (null != errorMessage) {
 			Logger.error(errorMessage);
@@ -167,7 +168,8 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
 		String redirectURL = null;
 
 		redirectURL = ServletUtils.getBaseUrl(req);
-		redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id;
+		redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id 
+				+ "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
 		
 		resp.setContentType("text/html");
 		resp.setStatus(302);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index 2ea34ee12..8d23f1a3b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -52,19 +52,26 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
 	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
 			throws ServletException, IOException {
 		Logger.info("Receive " + GenerateIFrameTemplateServlet.class + " Request");
-	
+
+    	String pendingRequestID = null;
+		
 	    try {
 	    	String bkuid = req.getParameter(PARAM_BKU);
 	    	String useMandate = req.getParameter(PARAM_USEMANDATE);
 	    	String ccc = req.getParameter(PARAM_CCC);
-	   
-	    	String moasessionid = null;
+	    	String moasessionid = req.getParameter(PARAM_SESSIONID);
+	    	
 	    	AuthenticationSession moasession = null;
-	   
+
 	    	try {
-	    	    moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION);
-				moasession = AuthenticationSessionStoreage.getSession(moasessionid);
-				
+	    	    //moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION);
+	    		
+	    	    pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);
+			
+	    	    moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+	    	    
+	    	    String newmoasessionid = AuthenticationSessionStoreage.changeSessionID(moasession);
+			
 			} catch (MOADatabaseException e) {
 				Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database");
 				throw new MOAIDException("init.04", new Object[] {
@@ -131,49 +138,9 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
 	    }
 	          
 	    catch (MOAIDException ex) {
-	    	handleError(null, ex, req, resp);
+	    	handleError(null, ex, req, resp, pendingRequestID);
 	    }
 	    
 	    
 	}
-		
-//	private String getTemplateURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException {
-//		//TODO: CHANGE to real OA config
-//		
-//		List<String> bkuURIs = Arrays.asList(
-//				"http://localhost:8080/moa-id-auth/template_onlineBKU.html",
-//				"http://localhost:8080/moa-id-auth/template_handyBKU.html",
-//				"http://127.0.0.1:8080/moa-id-auth/template_localBKU.html");
-//		
-////		List<String> bkuURIs = Arrays.asList(
-////				"http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html",
-////				"http://demo.egiz.gv.at/demoportal_moaid-2.0/template_handyBKU.html",
-////				"http://demo.egiz.gv.at/demoportal_moaid-2.0/template_localBKU.html");
-//		
-//		if (bkuID < bkuURIs.size())
-//			return bkuURIs.get(bkuID);
-//		else
-//			throw new WrongParametersException("GenerateIFrameTemplate", PARAM_TEMPLATE,
-//					"auth.12");
-//	}
-//	
-//	private String getBKUURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException {
-//		//TODO: CHANGE to real OA config	
-//		
-//		List<String> bkuURIs = Arrays.asList(
-//				"https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request",
-//				"https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx",
-//				"https://127.0.0.1:3496/https-security-layer-request");
-//			
-////			List<String> bkuURIs = Arrays.asList(
-////					"https://demo.egiz.gv.at/demoportal_bkuonline/https-security-layer-request",
-////					"https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx",
-////					"https://127.0.0.1:3496/https-security-layer-request");
-//		
-//		if (bkuID < bkuURIs.size())
-//			return bkuURIs.get(bkuID);
-//		else
-//			throw new WrongParametersException("GenerateIFrameTemplate", PARAM_BKU,
-//					"auth.12");
-//	}
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index d49f4e215..02c751a0a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -114,7 +114,10 @@ public class GetForeignIDServlet extends AuthServlet {
 		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
 		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
 		
-		Map parameters;
+		Map parameters;
+		
+		String pendingRequestID = null;
+		
 	    try 
 	    {
 	      parameters = getParameters(req);
@@ -123,7 +126,8 @@ public class GetForeignIDServlet extends AuthServlet {
 	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
 	      throw new IOException(e.getMessage());
 	     	}
-	    String sessionID = req.getParameter(PARAM_SESSIONID);
+	    String sessionID = req.getParameter(PARAM_SESSIONID);
+	    pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
 	    
 	    // escape parameter strings
 	    sessionID = StringEscapeUtils.escapeHtml(sessionID);
@@ -195,8 +199,9 @@ public class GetForeignIDServlet extends AuthServlet {
 		    		}
 		    		redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
 		    		redirectURL = resp.encodeRedirectURL(redirectURL);*/
+		    							
 		    		redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), 
-							ModulUtils.buildAuthURL(session.getModul(), session.getAction()), newMOASessionID);
+							ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), newMOASessionID);
 		    		redirectURL = resp.encodeRedirectURL(redirectURL);
 		    		
 		    	} else {				    		
@@ -219,10 +224,10 @@ public class GetForeignIDServlet extends AuthServlet {
 	    	    		      
 	    }
 	    catch (MOAIDException ex) {
-	      handleError(null, ex, req, resp);
+	      handleError(null, ex, req, resp, pendingRequestID);
 	    } 
 	    catch (SZRGWClientException ex) {
-	       handleError(null, ex, req, resp);
+	       handleError(null, ex, req, resp, pendingRequestID);
 		}
   }
     
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index 7d825da17..8e5fccfef 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -143,12 +143,15 @@ public class GetMISSessionIDServlet extends AuthServlet {
 		sessionID = StringEscapeUtils.escapeHtml(sessionID);
 
 		AuthenticationSession session = null;
+		String pendingRequestID = null;
 		try {
 			// check parameter
 			if (!ParamValidatorUtils.isValidSessionID(sessionID))
 				throw new WrongParametersException("VerifyCertificate",
 						PARAM_SESSIONID, "auth.12");
 
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+			
 			session = AuthenticationServer.getSession(sessionID);
 
 			String misSessionID = session.getMISSessionID();
@@ -209,11 +212,11 @@ public class GetMISSessionIDServlet extends AuthServlet {
 			
 			Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID);
 			Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
-			
+						
 			String redirectURL = new DataURLBuilder().buildDataURL(
 					session.getAuthURL(),
 					ModulUtils.buildAuthURL(session.getModul(),
-							session.getAction()), newMOASessionID);
+							session.getAction(), pendingRequestID), newMOASessionID);
 			redirectURL = resp.encodeRedirectURL(redirectURL);
 			
 			
@@ -252,17 +255,17 @@ public class GetMISSessionIDServlet extends AuthServlet {
 			Logger.debug("REDIRECT TO: " + redirectURL);
 
 		} catch (MOAIDException ex) {
-			handleError(null, ex, req, resp);
+			handleError(null, ex, req, resp, pendingRequestID);
 		} catch (GeneralSecurityException ex) {
-			handleError(null, ex, req, resp);
+			handleError(null, ex, req, resp, pendingRequestID);
 		} catch (PKIException e) {
-			handleError(null, e, req, resp);
+			handleError(null, e, req, resp, pendingRequestID);
 		} catch (MISSimpleClientException e) {
-			handleError(null, e, req, resp);
+			handleError(null, e, req, resp, pendingRequestID);
 		} catch (SAXException e) {
-			handleError(null, e, req, resp);
+			handleError(null, e, req, resp, pendingRequestID);
 		} catch (ParserConfigurationException e) {
-			handleError(null, e, req, resp);
+			handleError(null, e, req, resp, pendingRequestID);
 		}
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index caf2e4490..8dc5d7469 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -83,29 +83,34 @@ public class LogOutServlet extends AuthServlet {
 	
 	SSOManager ssomanager = SSOManager.getInstance();
 	
-	//get SSO token from request
-	String ssoid = ssomanager.getSSOSessionID(req);
-	
-	if (ssomanager.isValidSSOSession(ssoid, req)) {
-
-		//TODO: Single LogOut Implementation
+	try {
+		//get SSO token from request
+		String ssoid = ssomanager.getSSOSessionID(req);
 		
-		//delete SSO session and MOA session
-		AuthenticationManager authmanager = AuthenticationManager.getInstance();
-		String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid);
-		
-		authmanager.logout(req, resp, moasessionid);
-		Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
-	} else {
-		Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
-	}
+		if (ssomanager.isValidSSOSession(ssoid, req)) {
 	
-	//Remove SSO token
-	ssomanager.deleteSSOSessionID(req, resp);
+			//TODO: Single LogOut Implementation
 	
-	//invalidate Session
-	req.getSession().invalidate();
+			//delete SSO session and MOA session
+			AuthenticationManager authmanager = AuthenticationManager.getInstance();
+			String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid);
 	
+			RequestStorage.removePendingRequest(RequestStorage.getPendingRequest(req.getSession()), 
+					AuthenticationSessionStoreage.getPendingRequestID(moasessionid));
+			
+			authmanager.logout(req, resp, moasessionid);
+			Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
+		} else {
+			Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
+		}
+		
+		//Remove SSO token
+		ssomanager.deleteSSOSessionID(req, resp);
+		
+	} catch (Exception e) {
+		Logger.warn(LogOutServlet.class.getName() + " has an LogOut Error. Redirect to Applikation " + redirectUrl, e);
+	}
+		
 	//Redirect to Application
     resp.setStatus(301);
     resp.addHeader("Location", redirectUrl);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 63bc2a8cc..f6412f897 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -56,6 +56,8 @@ public class PEPSConnectorServlet extends AuthServlet {
 	 */
 	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
 		
+		String pendingRequestID = null;
+		
 		try {
 			
 			Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
@@ -80,6 +82,8 @@ public class PEPSConnectorServlet extends AuthServlet {
 				httpSession.invalidate();
 			}
 			
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+			
 			Logger.info("Found MOA sessionID: " + moaSessionID);
 			
 			Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
@@ -199,7 +203,7 @@ public class PEPSConnectorServlet extends AuthServlet {
 	    		AuthenticationServer.getInstance().getForeignAuthenticationData(moaSession);
 			Logger.info("MOA assertion assembled and SAML Artifact generated.");
 			
-    		//session is implicit stored in changeSessionID!!!! 
+    		//session is implicit stored in changeSessionID!!!!
     		String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
     		
     		Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
@@ -214,8 +218,9 @@ public class PEPSConnectorServlet extends AuthServlet {
 	    		}
 	    		redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
 	    		redirectURL = response.encodeRedirectURL(redirectURL);*/
+	    			    		
 	    		redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), 
-						ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction()), newMOASessionID);
+						ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID);
 	    		redirectURL = response.encodeRedirectURL(redirectURL);
 	    	} else {
 	    		
@@ -236,9 +241,9 @@ public class PEPSConnectorServlet extends AuthServlet {
 			
 			
 		} catch (AuthenticationException e) {
-			handleError(null, e, request, response);
+			handleError(null, e, request, response, pendingRequestID);
 		} catch (MOAIDException e) {
-			handleError(null, e, request, response);
+			handleError(null, e, request, response, pendingRequestID);
 		}
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
index 200d25fbe..ba8698934 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
@@ -135,7 +135,7 @@ public class ProcessValidatorInputServlet extends AuthServlet {
         handleWrongParameters(ex, req, resp);
       }
     catch (MOAIDException ex) {
-      handleError(null, ex, req, resp);
+      handleError(null, ex, req, resp, null);  //TODO: is this Class required?
     }
   }
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
index ecbd87498..9b559770f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
@@ -36,18 +36,48 @@ public class SSOSendAssertionServlet extends AuthServlet{
 	private static final long serialVersionUID = 1L;
 
 	private static final String PARAM = "value";
+	private static final String MODULE = "mod";
+	private static final String ACTION = "action";
+	private static final String ID = "identifier";
 	
 	protected void doPost(HttpServletRequest req, HttpServletResponse resp)
 			throws ServletException, IOException {
+		
+		String id = null;
 		Logger.info("Receive " + SSOSendAssertionServlet.class + " Request");
 		try {
 			
+			Object idObject = req.getParameter(ID);
+			
+			if (idObject != null && (idObject instanceof String)) {
+				id = (String) idObject;
+			}
+			
 			String value = req.getParameter(PARAM);
 			value = StringEscapeUtils.escapeHtml(value);
 			if (!ParamValidatorUtils.isValidUseMandate(value))
 				throw new WrongParametersException("SSOSendAssertionServlet", PARAM, null);		    
 
-		
+			//get module and action
+			Object moduleObject = req.getParameter(MODULE);
+			String module = null;
+			if (moduleObject != null && (moduleObject instanceof String)) {
+				module = (String) moduleObject;
+			}
+			
+
+			Object actionObject = req.getParameter(ACTION);
+			String action = null;
+			if (actionObject != null && (actionObject instanceof String)) {
+				action = (String) actionObject;
+			}
+						
+			if (MiscUtil.isEmpty(module) || MiscUtil.isEmpty(action) || MiscUtil.isEmpty(id)) {
+				Logger.warn("No Moduel or Action parameter received!");
+				throw new WrongParametersException("Module or Action is empty", "", "auth.10");
+			}
+			
+			
 			SSOManager ssomanager = SSOManager.getInstance();
 			//get SSO Cookie for Request
 			String ssoId = ssomanager.getSSOSessionID(req);
@@ -86,15 +116,9 @@ public class SSOSendAssertionServlet extends AuthServlet{
 					moaSessionID = AuthenticationSessionStoreage.getMOASessionID(ssoId);
 					AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
 					AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true);
-					
-					HttpSession httpSession = req.getSession();
-					IRequest protocolRequest = RequestStorage.getPendingRequest(httpSession);
-					
-					if (protocolRequest == null)
-						throw new AuthenticationException("auth.21", new Object[] {});
-					
+															
 					String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(), 
-							ModulUtils.buildAuthURL(protocolRequest.requestedModule(), protocolRequest.requestedAction()), "");
+							ModulUtils.buildAuthURL(module, action, id), "");
 					
 					resp.setContentType("text/html");
 					resp.setStatus(302);
@@ -109,16 +133,16 @@ public class SSOSendAssertionServlet extends AuthServlet{
 				}
 			
 			} else {
-				handleError("SSO Session is not valid", null, req, resp);
+				handleError("SSO Session is not valid", null, req, resp, id);
 			}
 			
 			
 		} catch (MOADatabaseException e) {
-			handleError("SSO Session is not found", e, req, resp);
+			handleError("SSO Session is not found", e, req, resp, id);
 		} catch (WrongParametersException e) {
-			handleError("Parameter is not valid", e, req, resp);
+			handleError("Parameter is not valid", e, req, resp, id);
 		} catch (AuthenticationException e) {
-			handleError(e.getMessage(), e, req, resp);
+			handleError(e.getMessage(), e, req, resp, id);
 		}
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index adef74370..96914647e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -136,6 +136,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
 		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
 		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
 		
+		String pendingRequestID = null;
 		  
     Map parameters;
     try 
@@ -152,6 +153,8 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
 		// escape parameter strings
 		sessionID = StringEscapeUtils.escapeHtml(sessionID);
 
+		pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+		
 		String redirectURL = null;
 		try {
          // check parameter
@@ -161,7 +164,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
             throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
 
 			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
-         
+
 			String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse);
 			
 
@@ -252,8 +255,9 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
 					redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
 					redirectURL = resp.encodeRedirectURL(redirectURL);*/
 					
+				
 					redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), 
-							ModulUtils.buildAuthURL(session.getModul(), session.getAction()), samlArtifactBase64);
+							ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), samlArtifactBase64);
 					
 				} else {
 					redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
@@ -270,15 +274,15 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
 		}
     
 		catch (MOAIDException ex) {
-			handleError(null, ex, req, resp);
+			handleError(null, ex, req, resp, pendingRequestID);
 		} catch (GeneralSecurityException e) {
-			handleError(null, e, req, resp);
+			handleError(null, e, req, resp, pendingRequestID);
 		} catch (PKIException e) {
-			handleError(null, e, req, resp);
+			handleError(null, e, req, resp, pendingRequestID);
 		} catch (MISSimpleClientException e) {
-			handleError(null, e, req, resp);
+			handleError(null, e, req, resp, pendingRequestID);
 		} catch (TransformerException e) {
-			handleError(null, e, req, resp);
+			handleError(null, e, req, resp, pendingRequestID);
 		}
 
   }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index e07be8420..896bd0864 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -106,6 +106,8 @@ public class VerifyCertificateServlet extends AuthServlet {
 		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
 		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
 		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+		
+		String pendingRequestID = null;
 		
 		Map parameters;
 	    try 
@@ -120,7 +122,9 @@ public class VerifyCertificateServlet extends AuthServlet {
 	    
 	    // escape parameter strings
 		sessionID = StringEscapeUtils.escapeHtml(sessionID);
-				
+		
+		pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+		
 	    AuthenticationSession session = null;
 	    try {
 	       // check parameter
@@ -177,7 +181,7 @@ public class VerifyCertificateServlet extends AuthServlet {
 	    		    	 
 	    }
 	    catch (MOAIDException ex) {
-	      handleError(null, ex, req, resp);
+	      handleError(null, ex, req, resp, pendingRequestID);
 	    } 
   }    
  
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 2f12c7ae6..c6310d8c0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -113,6 +113,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
 		Logger.debug("POST VerifyIdentityLink");
 		  
     Map parameters;
+    String pendingRequestID = null;
+    
     try 
     {
       parameters = getParameters(req);
@@ -127,6 +129,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
     // escape parameter strings
 	sessionID = StringEscapeUtils.escapeHtml(sessionID);
     
+	pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+	
     resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
 	resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
 	resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
@@ -175,7 +179,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
     	    	
     	    }
     	    catch(Exception e) {
-    	    	handleError(null, e, req, resp);
+    	    	handleError(null, e, req, resp, pendingRequestID);
     	    }
     	    
     	}
@@ -234,11 +238,11 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
 		}
     }
     catch (ParseException ex) {
-    	handleError(null, ex, req, resp);
+    	handleError(null, ex, req, resp, pendingRequestID);
     }
     
     catch (MOAIDException ex) {
-      handleError(null, ex, req, resp);
+      handleError(null, ex, req, resp, pendingRequestID);
     }
   }
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index e995a1c2e..e7b41e3c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -3,13 +3,20 @@ package at.gv.egovernment.moa.id.entrypoints;
 import iaik.util.logging.Log;
 
 import java.io.IOException;
+import java.util.ConcurrentModificationException;
+import java.util.HashMap;
 import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
 
 import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
+import javax.swing.ListModel;
 
 import at.gv.egovernment.moa.id.AuthenticationException;
 import at.gv.egovernment.moa.id.MOAIDException;
@@ -32,6 +39,7 @@ import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl;
 import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -44,6 +52,7 @@ public class DispatcherServlet extends AuthServlet{
 
 	public static final String PARAM_TARGET_MODULE = "mod";
 	public static final String PARAM_TARGET_ACTION = "action";
+	public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid";
 
 	@Override
 	public void init(ServletConfig config) throws ServletException {
@@ -66,6 +75,8 @@ public class DispatcherServlet extends AuthServlet{
 		
 		boolean isValidSSOSession = false;
 		boolean useSSOOA = false;
+		String protocolRequestID = null;
+		
 		
 		try {
 			Logger.info("REQUEST: " + req.getRequestURI());
@@ -76,30 +87,65 @@ public class DispatcherServlet extends AuthServlet{
 				Throwable throwable = ExceptionStoreImpl.getStore()
 						.fetchException(errorid);
 				ExceptionStoreImpl.getStore().removeException(errorid);
+				
+				Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
 
-				if (throwable != null) {
+				Map<String, IRequest> errorRequests = RequestStorage.getPendingRequest(req.getSession());
+				
+				String pendingRequestID = null;
+				if (idObject != null && (idObject instanceof String)) {
+					if (errorRequests.containsKey((String)idObject))
+						pendingRequestID = (String) idObject; 
+				}
+				
+				if (throwable != null) {					
+					if (errorRequests != null) {
+		
+						synchronized (errorRequests) {
+													
+						IRequest errorRequest = null;
+						if (pendingRequestID != null) {
+							errorRequest = errorRequests.get(pendingRequestID);
+						
+							//remove the 
+							RequestStorage.removePendingRequest(errorRequests, pendingRequestID);
+						}
+						else {
+							if (errorRequests.size() > 1) {
+								handleErrorNoRedirect(throwable.getMessage(), throwable,
+										req, resp);
+								
+							} else {
+								Set<String> keys = errorRequests.keySet();
+								errorRequest = errorRequests.get(keys.toArray()[0]);
+								RequestStorage.removeAllPendingRequests(req.getSession());
+							}
+							
+						}
+						
 
-					IRequest errorRequest = RequestStorage
-							.getPendingRequest(req.getSession());
-					
-					//remove the 
-					RequestStorage.removePendingRequest(req.getSession());
-					
-					if (errorRequest != null) {
-						try {
-							IModulInfo handlingModule = ModulStorage
-									.getModuleByPath(errorRequest
-											.requestedModule());
-							if (handlingModule != null) {
-								if (handlingModule.generateErrorMessage(
-										throwable, req, resp, errorRequest)) {
-									return;
+						
+						if (errorRequest != null) {
+						
+							try {
+								IModulInfo handlingModule = ModulStorage
+										.getModuleByPath(errorRequest
+												.requestedModule());
+								if (handlingModule != null) {
+									if (handlingModule.generateErrorMessage(
+											throwable, req, resp, errorRequest)) {
+										return;
+									}
 								}
+							} catch (Throwable e) {
+								Logger.error(e);
+								handleErrorNoRedirect(throwable.getMessage(),
+										throwable, req, resp);
 							}
-						} catch (Throwable e) {
-							Logger.error(e);
-							handleErrorNoRedirect(throwable.getMessage(),
-									throwable, req, resp);
+						}
+						else {
+							handleErrorNoRedirect(throwable.getMessage(), throwable,
+									req, resp);
 						}
 					}
 					handleErrorNoRedirect(throwable.getMessage(), throwable,
@@ -113,6 +159,7 @@ public class DispatcherServlet extends AuthServlet{
 
 				return;
 			}
+			}
 
 			Object moduleObject = req.getParameter(PARAM_TARGET_MODULE);
 			String module = null;
@@ -133,7 +180,7 @@ public class DispatcherServlet extends AuthServlet{
 			if (action == null) {
 				action = req.getParameter(PARAM_TARGET_ACTION);
 			}
-
+			
 			Logger.debug("dispatching to " + module + " protocol " + action);
 
 			IModulInfo info = ModulStorage.getModuleByPath(module);
@@ -174,46 +221,103 @@ public class DispatcherServlet extends AuthServlet{
 			}
 
 			HttpSession httpSession = req.getSession();
+			Map<String, IRequest> protocolRequests = null;
 			IRequest protocolRequest = null;
+			
 			try {
-				protocolRequest = RequestStorage.getPendingRequest(httpSession);
-
-				if (protocolRequest != null) {
-					// check if pending request is same protocol and action
-					if (!protocolRequest.requestedModule().equals(module)
-							|| !protocolRequest.requestedAction()
-									.equals(action)
-							|| !info.validate(req, resp, protocolRequest)) {
-						resp.sendError(HttpServletResponse.SC_CONFLICT);
-						Logger.error("Different Request is pending in this session!");
+				protocolRequests = RequestStorage.getPendingRequest(httpSession);
+
+				Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
+	
+				if (protocolRequests != null && 
+						idObject != null && (idObject instanceof String)) {
+				
+//					synchronized (protocolRequests) {
+					
+						protocolRequestID = (String) idObject;
+					
+						//get IRequest if it exits
+						if (protocolRequests.containsKey(protocolRequestID)) {
+							protocolRequest = protocolRequests.get(protocolRequestID);
+							
+							//RequestStorage.setPendingRequest(httpSession, protocolRequests);
+						
+						} else {
+							resp.sendError(HttpServletResponse.SC_CONFLICT);
+							Logger.error("No PendingRequest with ID " + protocolRequestID + " found for this session!");
+							return;
+						}
+//					}
+				} else {
+					try {
+						protocolRequest = info.preProcess(req, resp, action);
+						
+						if (protocolRequest != null) {
+							
+							if(protocolRequests != null) {
+							
+//								synchronized (protocolRequests) {
+//									synchronized (protocolRequest) {
+										Set<String> mapkeys = protocolRequests.keySet();
+										for (String el : mapkeys) {
+											IRequest value = protocolRequests.get(el);
+								
+											if (value.getOAURL().equals(protocolRequest.getOAURL())) {
+										
+												if(!AuthenticationSessionStoreage.deleteSessionWithPendingRequestID(el)) {
+													Logger.warn("NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!");
+													RequestStorage.removeAllPendingRequests(req.getSession());
+											
+												} else {
+													
+													
+													RequestStorage.removePendingRequest(protocolRequests, el);
+												}
+											}
+										}
+//									}
+//								}
+								
+							} else {
+								protocolRequests = new ConcurrentHashMap<String, IRequest>();
+							}
+							
+							synchronized (protocolRequest) {
+								synchronized (protocolRequests) {
+								
+									//Start new Authentication
+									protocolRequest.setAction(action);
+									protocolRequest.setModule(module);
+									protocolRequestID = Random.nextRandom();
+									protocolRequest.setRequestID(protocolRequestID);
+									protocolRequests.put(protocolRequestID, protocolRequest);
+								}
+							}
+						}
+					} catch (MOAIDException e) {
+						resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
+						Logger.error("Failed to generate a valid protocol request!");
 						return;
 					}
-				}
-
-				if (protocolRequest == null) {
-					protocolRequest = info.preProcess(req, resp, action);
-					if (protocolRequest != null) {
-						protocolRequest.setAction(action);
-						protocolRequest.setModule(module);
+						
+					if (protocolRequest == null) {
+						resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
+						Logger.error("Failed to generate a valid protocol request!");
+						return;
 					}
 				}
+				
+				
 
-				if (protocolRequest == null) {
-					resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
-					Logger.error("Failed to generate a valid protocol request!");
-					return;
-				}
-
+				
 				//load Parameters from OnlineApplicationConfiguration
 				OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
 						.getOnlineApplicationParameter(protocolRequest.getOAURL());	
 				if (oaParam == null) {
-					//TODO: Find a better place for this!!
-					//req.getSession().invalidate();
 					throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() });
 				}
-				
-				RequestStorage.setPendingRequest(httpSession, protocolRequest);
+
+				RequestStorage.setPendingRequest(httpSession, protocolRequests);
 				
 				AuthenticationManager authmanager = AuthenticationManager.getInstance();
 									
@@ -296,6 +400,8 @@ public class DispatcherServlet extends AuthServlet{
 						}						
 					}
 					else {
+						
+						//TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest!
 						moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
 											AuthenticationManager.MOA_SESSION, null);
 						moasession = AuthenticationSessionStoreage.getSession(moasessionID);
@@ -319,7 +425,7 @@ public class DispatcherServlet extends AuthServlet{
 						
 				moduleAction.processRequest(protocolRequest, req, resp, moasession);
 
-				RequestStorage.removePendingRequest(httpSession);
+				RequestStorage.removePendingRequest(protocolRequests, protocolRequestID);
 				
 				boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID);
 				
@@ -331,7 +437,7 @@ public class DispatcherServlet extends AuthServlet{
 					authmanager.logout(req, resp, moasessionID);
 				}
 				
-				ConfigurationDBUtils.closeSession();
+//				ConfigurationDBUtils.closeSession();
 				
 				//authmanager.logout(req, resp);
 
@@ -345,7 +451,7 @@ public class DispatcherServlet extends AuthServlet{
 		} catch (WrongParametersException ex) {
 			handleWrongParameters(ex, req, resp);
 		} catch (MOAIDException ex) {
-			handleError(null, ex, req, resp);
+			handleError(null, ex, req, resp, protocolRequestID);
 		} catch (Throwable e) {
 			e.printStackTrace();
 			resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index b6742fb9e..b9f0b2144 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -177,7 +177,7 @@ public class AuthenticationManager extends AuthServlet {
 			}
 			
 			authSession.setAuthenticated(false);
-			HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
+			//HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
 			
 			AuthenticationSessionStoreage.destroySession(moaSessionID);
 			
@@ -230,7 +230,7 @@ public class AuthenticationManager extends AuthServlet {
 			
 			//parse request parameter into MOASession
 			
-			StartAuthentificationParameterParser.parse(request, response, moasession);
+			StartAuthentificationParameterParser.parse(request, response, moasession, target);
 							
 		    Logger.info("Start Authentication Module: " + moasession.getModul() 
 		    		+ " Action: " + moasession.getAction());
@@ -245,7 +245,7 @@ public class AuthenticationManager extends AuthServlet {
 			
 			//store MOASession
 			try {
-				AuthenticationSessionStoreage.storeSession(moasession);				
+				AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID());				
 			} catch (MOADatabaseException e) {
 				Logger.error("Database Error! MOASession is not stored!");
 				throw new MOAIDException("init.04", new Object[] {
@@ -284,11 +284,11 @@ public class AuthenticationManager extends AuthServlet {
 			
 			
 			String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), 
-					target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame());
+					target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame(), moasession.getSessionID());
 			
 			//store MOASession
 			try {
-				AuthenticationSessionStoreage.storeSession(moasession);				
+				AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID());				
 			} catch (MOADatabaseException e) {
 				Logger.error("Database Error! MOASession is not stored!");
 				throw new MOAIDException("init.04", new Object[] {
@@ -310,7 +310,7 @@ public class AuthenticationManager extends AuthServlet {
 			throws ServletException, IOException, MOAIDException { 
 		
 			String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), 
-					target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame());
+					target.requestedAction(), target.getRequestID(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame());
 						
 			response.setContentType("text/html;charset=UTF-8");
 			PrintWriter out = new PrintWriter(response.getOutputStream()); 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
index f63b0049f..824b210cf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
@@ -10,6 +10,8 @@ public interface IRequest {
 	public void setModule(String module);
 	public void setAction(String action);
 	public String getTarget();
+	public void setRequestID(String id);
+	public String getRequestID();
 	
 	//public void setTarget();
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java
index 9ce835c7e..b07695938 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java
@@ -8,15 +8,17 @@ public class ModulUtils {
 	public static final String UNAUTHDISPATCHER = "dispatcher";
 	public static final String AUTHDISPATCHER = "dispatcher";
 	
-	public static String buildUnauthURL(String modul, String action) {
+	public static String buildUnauthURL(String modul, String action, String pendingRequestID) {
 		return UNAUTHDISPATCHER + "?" + 
 				DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" +
-				DispatcherServlet.PARAM_TARGET_ACTION + "=" + action;
+				DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" + 
+				DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
 	}
 	
-	public static String buildAuthURL(String modul, String action) {
+	public static String buildAuthURL(String modul, String action, String pendingRequestID) {
 		return AUTHDISPATCHER + 
 				"?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" +
-				DispatcherServlet.PARAM_TARGET_ACTION + "=" + action;
+				DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" + 
+				DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
 	}
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index 29f9ff69b..420f11622 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -9,6 +9,7 @@ public class RequestImpl implements IRequest {
 	private String module = null;
 	private String action = null;
 	private String target = null;
+	private String requestID;
 	
 	
 	public void setOAURL(String value) {
@@ -66,4 +67,13 @@ public class RequestImpl implements IRequest {
 	public void setTarget(String target) {
 		this.target = target;
 	}
+
+	public void setRequestID(String id) {
+		this.requestID = id;
+		
+	}
+
+	public String getRequestID() {
+		return requestID;
+	}
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
index 4e7d8d2ed..35481a0a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
@@ -1,28 +1,65 @@
 package at.gv.egovernment.moa.id.moduls;
 
+import java.util.List;
+import java.util.Map;
+
 import javax.servlet.http.HttpSession;
 
+import at.gv.egovernment.moa.logging.Logger;
+
 public class RequestStorage {
 
 	private static final String PENDING_REQUEST = "PENDING_REQUEST";
 
-	public static IRequest getPendingRequest(HttpSession session) {
-		Object obj = session.getAttribute(PENDING_REQUEST);
-		if (obj != null) {
-			if (obj instanceof IRequest) {
-				return (IRequest) obj;
-			} else {
+	public static Map<String,IRequest> getPendingRequest(HttpSession session) {
+		
+				
+			Object obj = session.getAttribute(PENDING_REQUEST);
+			if (obj != null) {
+				synchronized (obj) {
+					if (obj instanceof Map<?,?>) {
+						if (((Map<?,?>) obj).size() > 0) {
+							if ( ((Map<?,?>) obj).keySet().toArray()[0] instanceof String) {
+								if (((Map<?,?>) obj).get(((Map<?,?>) obj).keySet().toArray()[0]) 
+										instanceof IRequest) {
+									return (Map<String, IRequest>) obj;
+							
+							
+							
+								}
+							}
+						}
+					}
+				}
 				session.setAttribute(PENDING_REQUEST, null);
 			}
-		}
-		return null;
+			return null;
 	}
 
-	public static void setPendingRequest(HttpSession session, IRequest request) {
+	public static void setPendingRequest(HttpSession session, Map<String, IRequest> request) {
 		session.setAttribute(PENDING_REQUEST, request);
 	}
 
-	public static void removePendingRequest(HttpSession session) {
+	public static void removeAllPendingRequests(HttpSession session) {
 		session.setAttribute(PENDING_REQUEST, null);
 	}
+	
+	public static void removePendingRequest(Map<String, IRequest> requestmap, String requestID) {
+		
+		if (requestmap != null && requestID != null) {
+		
+			synchronized (requestmap) {
+			
+				//Map<String, IRequest> requestmap = getPendingRequest(session);
+			
+				if (requestmap.containsKey(requestID)) {
+					requestmap.remove(requestID);
+					Logger.debug("Remove PendingRequest with ID " + requestID);
+				
+				}
+			
+				//setPendingRequest(session, requestmap);
+			}
+		}
+	}
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index da5556b30..1f71bf8bf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -107,11 +107,33 @@ public class AuthenticationSessionStoreage {
 		} catch (MOADatabaseException e) {
 			Logger.warn("MOASession could not be stored.");
 			throw new MOADatabaseException(e);
-		} 
-		
+		} 	
+	}
+	
+	public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException {
 		
+		try {
+			AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
+			dbsession.setPendingRequestID(pendingRequestID);
+			
+			dbsession.setAuthenticated(session.isAuthenticated());
+			byte[] serialized = SerializationUtils.serialize(session);
+			
+			dbsession.setSession(SessionEncrytionUtil.encrypt(serialized));
+			
+			//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+			dbsession.setUpdated(new Date());
+			
+			MOASessionDBUtils.saveOrUpdate(dbsession);
+			Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
+			
+		} catch (MOADatabaseException e) {
+			Logger.warn("MOASession could not be stored.");
+			throw new MOADatabaseException(e);
+		} 	
 	}
 	
+	
 	public static void destroySession(String moaSessionID) throws MOADatabaseException {
 		
 		  Session session = MOASessionDBUtils.getCurrentSession();
@@ -236,6 +258,7 @@ public class AuthenticationSessionStoreage {
 					dbsession.setSSOSession(true);
 					dbsession.setSSOsessionid(SSOSessionID);
 					dbsession.setAuthenticated(false);
+					dbsession.setPendingRequestID("");
 					
 					//Store MOASession
 					session.saveOrUpdate(dbsession);
@@ -365,7 +388,51 @@ public class AuthenticationSessionStoreage {
 		  }
 		
 	}
+	
+	public static boolean deleteSessionWithPendingRequestID(String id) {
+		  MiscUtil.assertNotNull(id, "PendingRequestID");	  
+		  Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database.");
+		  Session session = MOASessionDBUtils.getCurrentSession();
+		  
+		  List<AuthenticatedSessionStore> result;
+		  
+		  synchronized (session) {
+			  session.beginTransaction();
+			  Query query = session.getNamedQuery("getSessionWithPendingRequestID");
+			  query.setString("sessionid", id);
+			  result = query.list();
+			  
+			  //send transaction
+			  session.getTransaction().commit();
+		  }
+		  
+		  Logger.trace("Found entries: " + result.size());
+		  
+		  //Assertion requires an unique artifact
+		  if (result.size() != 1) {
+			 Logger.trace("No entries found.");
+			 return false;
+					 
+		  } else {
+			  MOASessionDBUtils.delete(result.get(0));
+			  return true;
+		  }
 		
+		
+	}
+	
+	public static String getPendingRequestID(String sessionID) {
+		try {
+			AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+			return dbsession.getPendingRequestID();
+			
+		} catch (MOADatabaseException e) {
+			Logger.warn("MOASession with ID " + sessionID + " not found");
+			return "";
+		}
+		
+	}
+	
 	public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) {
 		Date expioredatecreate = new Date(now - authDataTimeOutCreated);		
 		Date expioredateupdate = new Date(now - authDataTimeOutUpdated);
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
deleted file mode 100644
index 1228ba90e..000000000
--- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
+++ /dev/null
@@ -1,315 +0,0 @@
-<html>
-<head>
-	<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
-	<meta content="text/css" http-equiv="Content-Style-Type">
-	<link rel="stylesheet" type="text/css" href="#CONTEXTPATH#/css/index.css">
-	<link type="text/css" rel="stylesheet" href="#CONTEXTPATH#/css/2.0/stammzahl.css">
-	<link type="text/css" rel="stylesheet" href="#CONTEXTPATH#/css/2.0/stylesnew.css">
-	<link type="text/css" rel="stylesheet" href="#CONTEXTPATH#/css/2.0/stylesinput.css">
-
-	<script type="text/javascript">
-		function isIE() {
-			return (/MSIE (\d+\.\d+);/.test(navigator.userAgent));
-		}
-
-		function isFullscreen() {
-			try {
-				return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height));
-			} catch (e) {
-				return false;
-			}
-		}
-
-		function isActivexEnabled() {
-			var supported = null;
-			try {
-				supported = !!new ActiveXObject("htmlfile");
-			} catch (e) {
-				supported = false;
-			}
-			return supported;
-		}
-
-		function isMetro() {
-			if (!isIE())
-				return false;
-			return !isActivexEnabled() && isFullscreen();
-		}
-
-		window.onload=function() {
-			document.getElementById("localBKU").style.display="none";
-			return;
-		}
-
-		function bkuOnlineClicked() {
-			if (isMetro())
-				document.getElementById("metroDetected").style.display="block";
-			document.getElementById("localBKU").style.display="block";
-
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-						
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#ONLINE#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-
-			generateIFrame(iFrameURL);
-		}
-
-		function bkuHandyClicked() {
-			document.getElementById("localBKU").style.display="none";
-
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-			
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#HANDY#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-
-			generateIFrame(iFrameURL);
-		}
-
-		function storkClicked() {
-			document.getElementById("localBKU").style.display="none"; 
-
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-			
-			var ccc = "AT";
-			var countrySelection = document.getElementById("cccSelection");
-
-			if (countrySelection !=  null) {
-				ccc = document.getElementById("cccSelection").value;
-			}
-
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#ONLINE#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-			iFrameURL += "&CCC=" + ccc;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-
-			generateIFrame(iFrameURL);
-		}
-
-		function generateIFrame(iFrameURL) {
-			var el = document.getElementById("bkulogin");
-			var parent = el.parentNode;
-
-			var iframe = document.createElement("iframe");
-			iframe.setAttribute("src", iFrameURL);
-			iframe.setAttribute("width", "220");
-			iframe.setAttribute("height", "165");
-			iframe.setAttribute("frameborder", "0");
-			iframe.setAttribute("scrolling", "no");
-			iframe.setAttribute("title", "Login");
-
-			parent.replaceChild(iframe, el);
-		}
-
-		function setMandateSelection() {
-			document.getElementById("moaidform").action = "#AUTH_URL#";
-
-			document.getElementById("useMandate").value = "false";
-			var checkbox = document.getElementById("mandateCheckBox");
-			if (checkbox !=  null) {
-				if (document.getElementById("mandateCheckBox").checked) {
-					document.getElementById("useMandate").value = "true";
-				}
-			}
-		}
-		
-/* 		function setSSOSelection() {
-			document.getElementById("useSSO").value = "false";
-			var checkbox = document.getElementById("SSOCheckBox");
-			if (checkbox !=  null) {
-				if (document.getElementById("SSOCheckBox").checked) {
-					document.getElementById("useSSO").value = "true";
-				}
-			}
-		} */
-		
-/* 		function checkMandateSSO() {
-			var sso = document.getElementById("SSOCheckBox");
-			var mandate = document.getElementById("mandateCheckBox");
-			
-			
-			if (sso.checked && mandate.checked) {
-				alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!")
-				mandate.checked = false;
-				sso.checked = false;
-				return true;
-			} else {
-				return false;
-			}
-		} */
-	</script>
-</head>
-
-
-<body>
-	<div class="pageWidth">
-
-		<div id="pagebase">
-		<div id="page">
-
-		<div id="header" class="header clearfix">
-			<h1 class="main_header">MOA-ID 2.0 - Login Preview</h1>
-
-<!-- 			<ul id="servicenav">
-				<li><a href="http://www.dsk.gv.at">Datenschutzkommission<span class="hidden">.</span></a></li>
-			    <li><a href="http://www.stammzahlenregister.gv.at/site/5109/default.aspx">Stammzahlenregister<span class="hidden">.</span></a></li>
-			    <li><a href="http://www.dsk.gv.at/DesktopDefault.aspx?alias=dvr">Datenverarbeitungsregister<span class="hidden">.</span></a></li>
-			    <li><a href="http://www.dsk.gv.at/DesktopDefault.aspx?alias=dsken" lang="en" class="last-item">English<span class="hidden">.</span></a></li>	
-			</ul> -->
-
-			<div id="mainnavjump"></div>
-			<p id="homelink"><img src="#CONTEXTPATH#/img/2.0/logo.png" style="width: 250px" alt="EGIZ"></p>
-			<ul id="mainnav" class="clearfix">
-<!-- 				<li><a href="http://www2.egiz.gv.at">Home<span class="hidden">.</span></a></li> -->
-<!-- 				<li><a href="http://www.stammzahlenregister.gv.at/site/5970/default.aspx">bPK<span class="hidden">.</span></a></li>
-				<li><a href="http://www.stammzahlenregister.gv.at/site/5981/default.aspx">Ergänzungsregister<span class="hidden">.</span></a></li>
-				<li class="selected"><a href="http://www.stammzahlenregister.gv.at/site/5983/default.aspx" class="current">Vollmachten<span class="hidden"> (gew&auml;hlt)</span><span class="hidden">.</span></a></li>
-				<li><a href="http://www.stammzahlenregister.gv.at/site/6001/default.aspx">Veröffentlichungen<span class="hidden">.</span></a></li> -->
-			</ul>
-
-		</div>
-
-
-		<br class="clearAll">
-
-		<div id="viewcontrol" class="switch">
-			<div id="page1" class="case selected-case">
-				<div style="margin-left: 0px;">
-
-					<h2 class="OA_header">Anmeldung an: #OAName#</h2>
-
-					<div id="main">
-					<div id="leftcontent">
-						<h2 id="tabheader" class="dunkel">
-							Login mit Bürgerkarte
-						</h2>
-						<div id="bkulogin" class="hell">
-
-							<div id="mandateLogin" style="margin-top: 10px; margin-bottom: 10px">
-								<table style="margin-left: auto; margin-right: auto;">
-									<tr>
-										<td><input tabindex="1" type="checkbox" name="Mandate"
-											style="vertical-align: middle; margin-right: 5px"
-											id="mandateCheckBox"></td>
-										<td><label for="mandateCheckBox">in Vertretung anmelden</label></td>
-										<td><a href="info_mandates.html" target="_blank"
-											class="infobutton" style="margin-left: 5px" tabindex="5">i</a></td>
-									</tr>
-<!-- 									<tr>
-										<td><input tabindex="1" type="checkbox" name="SSO"
-											style="vertical-align: middle; margin-right: 5px"
-											id="SSOCheckBox"></td>
-										<td><label for="SSOCheckBox">Single Sign-On</label></td>
-										<td></td>
-									</tr> -->
-								</table>
-							</div>
-	
-							<div id="bkukarte" class="hell">
-								<button name="bkuButton" type="button" onClick="bkuOnlineClicked();">KARTE</button>
-							</div>
-	
-							<div id="bkuhandy" class="hell">
-								<button name="bkuButton" type="button" onClick="bkuHandyClicked();">HANDY</button>
-							</div>
-	
-	<!-- 						<div id="mandate">
-								<input type="checkbox" name="Mandate" style="vertical-align: middle; margin-right: 5px;" id="mandateCheckBox">
-								<label>in Vertretung anmelden</label>
-								<a href="info_mandates.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
-							</div> -->
-		
-							<div id="stork" class="hell" align="center">
-								<div id="leftcontent" style="margin-bottom:10px">
-									<h2 id="tabheader" class="dunkel">
-										Home Country Selection
-									</h2>
-								</div>
-								<p>
-									<select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" >
-										<option value="BE">Belgi&euml;/Belgique</option>
-										<option value="EE">Eesti</option>
-										<option value="ES">Espa&ntilde;a</option>
-										<option value="IS">&Iacute;sland</option>
-										<option value="IT">Italia</option>
-										<option value="LI">Liechtenstein</option>
-										<option value="LT">Lithuania</option>
-										<option value="PT">Portugal</option>
-										<option value="SI">Slovenija</option>
-										<option value="FI">Suomi</option>
-										<option value="SE">Sverige</option>
-									</select>
-									<button name="bkuButton" type="button" onClick="storkClicked();">Send</button>
-									<a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>								
-								</p>
-							</div>
-						</div>
-
-						<div id="metroDetected" style="display:none" class="hell">
-							<p>
-								Anscheinend verwenden Sie Internet Explorer im Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den Optionen um die Karten-Anmeldung starten zu können.
-							</p>
-						</div>
-
-						<div id="localBKU" style="display:none" class="hell">
-							<hr>
-							<form method="get" id="moaidform">
-								<input type="hidden" name="bkuURI" value="#LOCAL#">
-								<input type="hidden" name="useMandate" id="useMandate">
-<!-- 								<input type="hidden" name="SSO" id="useSSO"> -->
-								<input type="hidden" name="CCC" id="ccc">
-								<input type="hidden" name="MODUL" value="#MODUL#">
-								<input type="hidden" name="ACTION" value="#ACTION#">
-								<input type="submit" size="400" value="lokale BKU" class="sendButton">
-							</form>
-							<p>
-								<small>Alternativ können Sie eine lokal installierte BKU verwenden.</small>
-							</p>
-						</div>
-					</div>
-					</div>
-				</div>
-			</div>
-		</div>
-
-		<br style="clear: both">
-		<div id="footer" class="clearfix">
-
-<!-- 			<h2 class="hidden">&Uuml;ber die Website der Stammzahlenregisterbeh&ouml;rde</h2>
-			<ul>
-				<li><a href="http://www.stammzahlenregister.gv.at/site/5115/Default.aspx" class="first-item">Impressum<span class="hidden">.</span></a></li>
-				<li><a href="http://www.stammzahlenregister.gv.at/site/6004/Default.aspx" lang="en">Sitemap<span class="hidden">.</span></a></li>
-		
-				<li><a href="http://www.stammzahlenregister.gv.at/site/5122/Default.aspx">Kontakt<span class="hidden">.</span></a></li>
-				<li><a href="http://www.stammzahlenregister.gv.at/site/6005/Default.aspx">Hilfe<span class="hidden">.</span></a></li>
-			</ul> -->
-		</div>
-
-
-		</div>
-		</div>
-	</div>
-</body>
-</html>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormIFrame.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormIFrame.html
deleted file mode 100644
index 3d39f9233..000000000
--- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormIFrame.html
+++ /dev/null
@@ -1,260 +0,0 @@
-<html>
-<head>
-	<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
-	<meta content="text/css" http-equiv="Content-Style-Type">
-	<link rel="stylesheet" type="text/css" href="#CONTEXTPATH#/css/index.css">
-
-	<script type="text/javascript">
-		function isIE() {
-			return (/MSIE (\d+\.\d+);/.test(navigator.userAgent));
-		}
-
-		function isFullscreen() {
-			try {
-				return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height));
-			} catch (e) {
-				return false;
-			}
-		}
-
-		function isActivexEnabled() {
-			var supported = null;
-			try {
-				supported = !!new ActiveXObject("htmlfile");
-			} catch (e) {
-				supported = false;
-			}
-			return supported;
-		}
-
-		function isMetro() {
-			if (!isIE())
-				return false;
-			return !isActivexEnabled() && isFullscreen();
-		}
-
-		window.onload=function() {
-			document.getElementById("localBKU").style.display="block";
-			return;
-		}
-
-		function bkuLocalClicked() {
-			if (isMetro())
-				document.getElementById("metroDetected").style.display="block";
-		
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-						
-			document.getElementById("moaidform").submit();
-		}
-		
-		function bkuOnlineClicked() {
-			if (isMetro())
-				document.getElementById("metroDetected").style.display="block";
-		
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-						
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#ONLINE#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-			iFrameURL += "&SSO=" + document.getElementById("useSSO").value;
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-
-			generateIFrame(iFrameURL);
-		}
-
-		function bkuHandyClicked() {
-			document.getElementById("localBKU").style.display="none";
-
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-			
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#HANDY#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-			iFrameURL += "&SSO=" + document.getElementById("useSSO").value;
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-
-			generateIFrame(iFrameURL);
-		}
-
-		function storkClicked() {
-			document.getElementById("localBKU").style.display="none"; 
-
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-			
-			var ccc = "AT";
-			var countrySelection = document.getElementById("cccSelection");
-
-			if (countrySelection !=  null) {
-				ccc = document.getElementById("cccSelection").value;
-			}
-
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#ONLINE#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-			iFrameURL += "&CCC=" + ccc;
-			iFrameURL += "&SSO=" + document.getElementById("useSSO").value;
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-
-			generateIFrame(iFrameURL);
-		}
-
-		function generateIFrame(iFrameURL) {
-			var el = document.getElementById("bkulogin");
-			var parent = el.parentNode;
-
-			var iframe = document.createElement("iframe");
-			iframe.setAttribute("src", iFrameURL);
-			iframe.setAttribute("width", "220");
-			iframe.setAttribute("height", "165");
-			iframe.setAttribute("frameborder", "0");
-			iframe.setAttribute("scrolling", "no");
-			iframe.setAttribute("title", "Login");
-
-			parent.replaceChild(iframe, el);
-			
-/* 						document.location.href=iFrameURL; */
-		}
-
-		function setMandateSelection() {
-			document.getElementById("useMandate").value = "false";
-			var checkbox = document.getElementById("mandateCheckBox");
-			if (checkbox !=  null) {
-				if (document.getElementById("mandateCheckBox").checked) {
-					document.getElementById("useMandate").value = "true";
-				}
-			}
-		}
-		
-/* 		function setSSOSelection() {
-			document.getElementById("useSSO").value = "false";
-			var checkbox = document.getElementById("SSOCheckBox");
-			if (checkbox !=  null) {
-				if (document.getElementById("SSOCheckBox").checked) {
-					document.getElementById("useSSO").value = "true";
-				}
-			}
-		}
-		
-		function checkMandateSSO() {
-			var sso = document.getElementById("SSOCheckBox");
-			var mandate = document.getElementById("mandateCheckBox");
-			
-			
-			if (sso.checked && mandate.checked) {
-				alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!")
-				mandate.checked = false;
-				sso.checked = false;
-				return true;
-			} else {
-				return false;
-			}
-		} */
-	</script>
-</head>
-
-
-<body>
-					<div id="leftcontent">
-						<h2 id="tabheader" class="dunkel">
-							Login mit Bürgerkarte
-						</h2>
-						<div id="bkulogin" class="hell">
-
-							<div id="mandateLogin" style="margin-top: 10px; margin-bottom: 10px">
-								<table style="margin-left: auto; margin-right: auto;">
-									<tr>
-										<td><input tabindex="1" type="checkbox" name="Mandate"
-											style="vertical-align: middle; margin-right: 5px"
-											id="mandateCheckBox"></td>
-										<td><label for="mandateCheckBox">in Vertretung anmelden</label></td>
-										<td><a href="info_mandates.html" target="_blank"
-											class="infobutton" style="margin-left: 5px" tabindex="5">i</a></td>
-									</tr>
-<!-- 									<tr>
-										<td><input tabindex="1" type="checkbox" name="SSO"
-											style="vertical-align: middle; margin-right: 5px"
-											id="SSOCheckBox"></td>
-										<td><label for="SSOCheckBox">Single Sign-On</label></td>
-										<td></td>
-									</tr> -->
-								</table>
-							</div>
-	
-							<div id="bkukarte" class="hell">
-								<button name="bkuButton" type="button" onClick="bkuOnlineClicked();">KARTE</button>
-							</div>
-	
-							<div id="bkuhandy" class="hell">
-								<button name="bkuButton" type="button" onClick="bkuHandyClicked();">HANDY</button>
-							</div>
-							
-							<div id="localBKU" style="display:none" class="hell">
-								<hr>
-								<form method="get" id="moaidform" action="#AUTH_URL#">
-									<input type="hidden" name="bkuURI" value="#LOCAL#">
-									<input type="hidden" name="useMandate" id="useMandate">
-									<input type="hidden" name="SSO" id="useSSO">
-									<input type="hidden" name="CCC" id="ccc">
-									<input type="hidden" name="MODUL" value="#MODUL#">
-									<input type="hidden" name="ACTION" value="#ACTION#">
-									<input type="submit" size="400" value="lokale BKU" class="sendButton" style="margin-top: 5px;">
-								</form>
-								<p style="margin-bottom: 0px; margin-top: 3px;">
-									<small>Alternativ können Sie eine lokal installierte BKU verwenden.</small>
-								</p>
-							</div>
-		
-							<div id="stork" class="hell" align="center">
-								<div id="leftcontent" style="margin-bottom:10px">
-									<h2 id="tabheader" class="dunkel">
-										Home Country Selection
-									</h2>
-								</div>
-								<p>
-									<select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" >
-										<option value="BE">Belgi&euml;/Belgique</option>
-										<option value="EE">Eesti</option>
-										<option value="ES">Espa&ntilde;a</option>
-										<option value="IS">&Iacute;sland</option>
-										<option value="IT">Italia</option>
-										<option value="LI">Liechtenstein</option>
-										<option value="LT">Lithuania</option>
-										<option value="PT">Portugal</option>
-										<option value="SI">Slovenija</option>
-										<option value="FI">Suomi</option>
-										<option value="SE">Sverige</option>
-									</select>
-									<button name="bkuButton" type="button" onClick="storkClicked();">Send</button>
-									<a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>								
-								</p>
-							</div>
-						</div>
-
-						<div id="metroDetected" style="display:none" class="hell">
-							<p>
-								Anscheinend verwenden Sie Internet Explorer im Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den Optionen um die Karten-Anmeldung starten zu können.
-							</p>
-						</div>
-						
-					</div>
-</body>
-</html>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
index c4b7196b1..f4377ace4 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
@@ -65,6 +65,7 @@
 										<input type="hidden" name="value" value="true">
 										<input type="hidden" name="mod" value="#MODUL#">
 								    <input type="hidden" name="action" value="#ACTION#">
+								    <input type="hidden" name="identifier" value="#ID#">
 										<input type="submit" size="400" value="Ja" class="setAssertionButton_full">
 									</form>
 							</div>
@@ -73,6 +74,7 @@
 										<input type="hidden" name="value" value="false">
 										<input type="hidden" name="mod" value="#MODUL#">
 								    <input type="hidden" name="action" value="#ACTION#">
+								    <input type="hidden" name="identifier" value="#ID#">
 										<input type="submit" size="400" value="Nein" class="setAssertionButton_full">
 									</form>
 							</div>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html
index 46e8f46d8..a30bbfa9a 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html
@@ -24,6 +24,7 @@
 										<input type="hidden" name="value" value="true">
 										<input type="hidden" name="mod" value="#MODUL#">
 								    <input type="hidden" name="action" value="#ACTION#">
+								    <input type="hidden" name="identifier" value="#ID#">
 										<input type="submit" size="400" value="Ja" class="setAssertionButton">
 									</form>
 							</div>
@@ -32,6 +33,7 @@
 										<input type="hidden" name="value" value="false">
 										<input type="hidden" name="mod" value="#MODUL#">
 								    <input type="hidden" name="action" value="#ACTION#">
+								    <input type="hidden" name="identifier" value="#ID#">
 										<input type="submit" size="400" value="Nein" class="setAssertionButton">
 									</form>
 							</div>
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index 540bd7b89..f04de3ad8 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -122,10 +122,8 @@
 					<extension>true</extension>
           <schemaDirectory>src/main/resources/config</schemaDirectory>
           <bindingDirectory>src/main/resources/config</bindingDirectory>
-          <!-- persistenceXml>src/main/resources/config/persistence_template.xml</persistenceXml-->
+          <persistenceXml>src/main/resources/config/persistence_template.xml</persistenceXml>
           <generatePackage>at.gv.egovernment.moa.id.commons.db.dao.config</generatePackage>
-          
-					<!-- roundtripTestClassName>RoundtripTest</roundtripTestClassName -->
  				</configuration>
 			</plugin>
 			<plugin>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java
index dc0e493d1..4bb0a08ea 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java
@@ -23,7 +23,7 @@ public final class ConfigurationDBUtils {
    
    protected ConfigurationDBUtils() { }
    	      
-   public static void initHibernate(Properties props) { 
+   public static void initHibernate(Properties props) throws MOADatabaseException { 
 	   	    
 	    try {
 	    	
@@ -44,13 +44,15 @@ public final class ConfigurationDBUtils {
 			entitymanagerfactory = 
 					Persistence.createEntityManagerFactory("at.gv.egovernment.moa.id.commons.db.dao.config", 
 							props);
+			
+
 
 		    Logger.debug("Initial session factory successfully created.");
 		    
 		    
 	    } catch (Throwable ex) {
 	    	Logger.error("Initial session factory creation failed: " + ex.getMessage());
-	        throw new ExceptionInInitializerError(ex);
+	        throw new MOADatabaseException("Initialization of Configuration Hibernate session factory failed.",ex);
 	     }
    }
    
@@ -71,7 +73,7 @@ public final class ConfigurationDBUtils {
       
       EntityManager session = (EntityManager) THREAD_LOCAL_CONFIG.get();
       // Open a new Session, if this Thread has none yet
-      if (session == null) {
+      if (session == null || !session.isOpen()) {
          session = getNewSession();
       }
       return session;
@@ -85,7 +87,7 @@ public final class ConfigurationDBUtils {
     	  return entitymanagerfactory.createEntityManager();
       }
       EntityManager session = (EntityManager) THREAD_LOCAL_CONFIG.get();
-      if (session != null) {
+      if (session != null ) {
     	  Logger.warn("Previous session has not been closed; closing session now.");
          closeSession();
       }
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/UserDatabase.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/UserDatabase.java
new file mode 100644
index 000000000..d1887bfa6
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/UserDatabase.java
@@ -0,0 +1,263 @@
+package at.gv.egovernment.moa.id.commons.db.dao.config;
+
+import java.io.Serializable;
+import java.util.Date;
+import java.util.List;
+
+import javax.persistence.CascadeType;
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.OneToMany;
+import javax.persistence.PreUpdate;
+import javax.persistence.Table;
+import javax.persistence.Temporal;
+import javax.persistence.TemporalType;
+
+import org.hibernate.annotations.DynamicUpdate;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+
+
+@Entity
+@DynamicUpdate(value=true)
+@Table(name = "userdatabase")
+public class UserDatabase implements Serializable{
+
+	private static final long serialVersionUID = 1L;
+
+	@Id
+	@GeneratedValue(strategy = GenerationType.IDENTITY)
+	@Column(name = "id", unique=true, nullable=false)
+	private long id;
+	
+	@Column(name = "givenname", nullable=false)
+	private String givenname;
+	
+	@Column(name = "familyname", nullable=false)
+	private String familyname;
+	
+	@Column(name = "institut", nullable=false)
+	private String institut;
+	
+	@Column(name = "mail", nullable=false)
+	private String mail;
+	
+	@Column(name = "phone", nullable=false)
+	private String phone;
+	
+	@Column(name = "username", unique=true, nullable=false)
+	private String username;
+	
+	@Column(name = "password", nullable=false)
+	private String password;
+	
+	@Column(name = "bpk", unique=true, nullable=false)
+	private String bpk;
+	
+	@Column(name = "isadmin", nullable=false)
+	private boolean isadmin;
+	
+	@Column(name = "isactive", nullable=false)
+	private boolean isactive;
+	
+	@OneToMany(mappedBy="hjid", cascade=CascadeType.REFRESH)
+    private List<OnlineApplication> registratedOAs = null;
+	
+    @Column(name = "lastlogin")
+    @Temporal(TemporalType.TIMESTAMP)
+    private Date lastlogin;
+    
+    @PreUpdate
+    protected void lastUpdate() {
+    this.lastlogin = new Date();
+    }
+
+	/**
+	 * @return the id
+	 */
+	public long getId() {
+		return id;
+	}
+
+	/**
+	 * @param id the id to set
+	 */
+	public void setId(long id) {
+		this.id = id;
+	}
+
+	/**
+	 * @return the givenname
+	 */
+	public String getGivenname() {
+		return givenname;
+	}
+
+	/**
+	 * @param givenname the givenname to set
+	 */
+	public void setGivenname(String givenname) {
+		this.givenname = givenname;
+	}
+
+	/**
+	 * @return the familyname
+	 */
+	public String getFamilyname() {
+		return familyname;
+	}
+
+	/**
+	 * @param familyname the familyname to set
+	 */
+	public void setFamilyname(String familyname) {
+		this.familyname = familyname;
+	}
+
+	/**
+	 * @return the institut
+	 */
+	public String getInstitut() {
+		return institut;
+	}
+
+	/**
+	 * @param institut the institut to set
+	 */
+	public void setInstitut(String institut) {
+		this.institut = institut;
+	}
+
+	/**
+	 * @return the mail
+	 */
+	public String getMail() {
+		return mail;
+	}
+
+	/**
+	 * @param mail the mail to set
+	 */
+	public void setMail(String mail) {
+		this.mail = mail;
+	}
+
+	/**
+	 * @return the phone
+	 */
+	public String getPhone() {
+		return phone;
+	}
+
+	/**
+	 * @param phone the phone to set
+	 */
+	public void setPhone(String phone) {
+		this.phone = phone;
+	}
+
+	/**
+	 * @return the username
+	 */
+	public String getUsername() {
+		return username;
+	}
+
+	/**
+	 * @param username the username to set
+	 */
+	public void setUsername(String username) {
+		this.username = username;
+	}
+
+	/**
+	 * @return the password
+	 */
+	public String getPassword() {
+		return password;
+	}
+
+	/**
+	 * @param password the password to set
+	 */
+	public void setPassword(String password) {
+		this.password = password;
+	}
+
+	/**
+	 * @return the bpk
+	 */
+	public String getBpk() {
+		return bpk;
+	}
+
+	/**
+	 * @param bpk the bpk to set
+	 */
+	public void setBpk(String bpk) {
+		this.bpk = bpk;
+	}
+
+	/**
+	 * @return the isadmin
+	 */
+	public boolean isIsadmin() {
+		return isadmin;
+	}
+
+	/**
+	 * @param isadmin the isadmin to set
+	 */
+	public void setIsadmin(boolean isadmin) {
+		this.isadmin = isadmin;
+	}
+
+	/**
+	 * @return the isactive
+	 */
+	public boolean isIsactive() {
+		return isactive;
+	}
+
+	/**
+	 * @param isactive the isactive to set
+	 */
+	public void setIsactive(boolean isactive) {
+		this.isactive = isactive;
+	}
+
+	/**
+	 * @return the registratedOAs
+	 */
+	public List<OnlineApplication> getRegistratedOAs() {
+		return registratedOAs;
+	}
+
+	/**
+	 * @param registratedOAs the registratedOAs to set
+	 */
+	public void setRegistratedOAs(List<OnlineApplication> registratedOAs) {
+		this.registratedOAs = registratedOAs;
+	}
+
+	/**
+	 * @return the lastlogin
+	 */
+	public Date getLastlogin() {
+		return lastlogin;
+	}
+
+	/**
+	 * @param lastlogin the lastlogin to set
+	 */
+	public void setLastlogin(Date lastlogin) {
+		this.lastlogin = lastlogin;
+	}
+    
+    
+}
+
+
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
index c08fe1bb2..ed865d70f 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
@@ -30,6 +30,7 @@ import org.hibernate.annotations.DynamicUpdate;
 @NamedQueries({
     @NamedQuery(name="getSessionWithID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.sessionid = :sessionid"),
     @NamedQuery(name="getSessionWithSSOID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.SSOsessionid = :sessionid"),
+    @NamedQuery(name="getSessionWithPendingRequestID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.pendingRequestID = :sessionid"),
     @NamedQuery(name="getMOAISessionsWithTimeOut", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.created < :timeoutcreate or authenticatedsessionstore.updated < :timeoutupdate")
 })
 
@@ -57,6 +58,9 @@ public class AuthenticatedSessionStore implements Serializable{
 	@Column(name = "isSSOSession", nullable=false)
 	private boolean isSSOSession =  false;
 	
+	@Column(name = "pendingRequestID", nullable=false)
+	private String pendingRequestID =  "";
+	
 	@Column(name = "created", updatable=false, nullable=false)
     @Temporal(TemporalType.TIMESTAMP)
     private Date created;
@@ -165,7 +169,19 @@ public class AuthenticatedSessionStore implements Serializable{
 		this.oldssosessionids = oldssosessionids;
 	}
 
-    
+	/**
+	 * @return the pendingRequestID
+	 */
+	public String getPendingRequestID() {
+		return pendingRequestID;
+	}
+
+	/**
+	 * @param pendingRequestID the pendingRequestID to set
+	 */
+	public void setPendingRequestID(String pendingRequestID) {
+		this.pendingRequestID = pendingRequestID;
+	}
+
 
-	
 }
diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
index 9f4e54212..a90205260 100644
--- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
+++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
@@ -504,6 +504,7 @@
 	<xsd:complexType name="ProxyComponentType"/>
 	<xsd:complexType name="OnlineApplicationType">
 		<xsd:sequence>
+			<xsd:element name="isActive" type="xsd:boolean" minOccurs="1" maxOccurs="1" default="false"/>
 			<xsd:element name="AuthComponent_OA" minOccurs="0">
 				<xsd:annotation>
 					<xsd:documentation>enthält Parameter über die OA, die die
diff --git a/id/server/moa-id-commons/src/main/resources/config/persistence_template.xml b/id/server/moa-id-commons/src/main/resources/config/persistence_template.xml
index d7ec8c625..727be25ec 100644
--- a/id/server/moa-id-commons/src/main/resources/config/persistence_template.xml
+++ b/id/server/moa-id-commons/src/main/resources/config/persistence_template.xml
@@ -2,9 +2,6 @@
 <persistence version="1.0" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd
 http://java.sun.com/xml/ns/persistence/orm http://java.sun.com/xml/ns/persistence/orm_1_0.xsd" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:orm="http://java.sun.com/xml/ns/persistence/orm" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
     <persistence-unit name="##generated">
-			<class>at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore</class>
-      <class>at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore</class>
-      <class>at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore</class>
-      <class>at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore</class> 
+			<class>at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase</class> 
     </persistence-unit>
 </persistence>
-- 
cgit v1.2.3