diff --git a/config/config-template.php b/config/config-template.php
index dfb80660c36b609587a9ec0336b4daa2f595d9a3..5f34ed7625b7a495d51aa14641298476762b8562 100644
--- a/config/config-template.php
+++ b/config/config-template.php
@@ -66,7 +66,11 @@ $config = array (
 	 * cookies both at the SP and the IdP exceeds this duration.
 	 */
 	'session.duration'		=>  8 * (60*60), // 8 hours.
+	'session.requestcache'	=>  4 * (60*60), // 4 hours
 	
+	/*
+	 * Languages available and what language is default
+	 */
 	'language.available'	=> array('en', 'no'),
 	'language.default'		=> 'en',
 	
diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index 4b85b4b547738b05fe7885be3e00329e25fdd17d..3bf9ff8c1b0bf97cde0a496a1e7e0d58539a0f5f 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -1,6 +1,4 @@
 <?php
-
-
 /**
  * The Session class holds information about a user session, and everything attached to it.
  *
@@ -32,10 +30,19 @@ class SimpleSAML_Session {
 	const STATE_LOGOUTINPROGRESS = 2;
 	const STATE_LOGGEDOUT = 3;
 
+	/**
+	 * This variable holds the instance of the session - Singleton approach.
+	 */
 	private static $instance = null;
 	
+	/**
+	 * The track id is a new random unique identifier that is generate for each session.
+	 * This is used in the debug logs and error messages to easily track more information
+	 * about what went wrong.
+	 */
 	private $trackid = 0;
 
+	
 	private $configuration = null;
 	
 	private $authnrequests = array();
@@ -60,8 +67,13 @@ class SimpleSAML_Session {
 	// Session duration parameters
 	private $sessionstarted = null;
 	private $sessionduration = null;
+	
+	private $dirty = false;
+	
 
-	// private constructor restricts instantiaton to getInstance()
+	/**
+	 * private constructor restricts instantiaton to getInstance()
+	 */
 	private function __construct($protocol, SimpleSAML_XML_AuthnResponse $message = null, $authenticated = true) {
 
 		$this->configuration = SimpleSAML_Configuration::getInstance();
@@ -96,6 +108,7 @@ class SimpleSAML_Session {
 		$sh = SimpleSAML_SessionHandler::getSessionHandler();
 		if($sh->get('SimpleSAMLphp_SESSION') !== NULL) {
 			self::$instance = $sh->get('SimpleSAMLphp_SESSION');
+			self::$instance->dirty = false;
 			return self::$instance;
 		}
 
@@ -178,22 +191,62 @@ class SimpleSAML_Session {
 		}
 	}
 
-	public function setShibAuthnRequest(SimpleSAML_XML_Shib13_AuthnRequest $req) {
-		$this->shibauthreq = $req;
-	}
+
 	
-	public function getShibAuthnRequest() {
-		return $this->shibauthreq;
-	}
+	
+	/**
+	 * This method retrieves from session a cache of a specific Authentication Request
+	 * The complete request is not stored, instead the values that will be needed later
+	 * are stored in an assoc array.
+	 *
+	 * @param $protocol 		saml2 or shib13
+	 * @param $requestid 		The request id used as a key to lookup the cache.
+	 *
+	 * @return Returns an assoc array of cached variables associated with the
+	 * authentication request.
+	 */
+	public function getAuthnRequest($protocol, $requestid) {
+		if (isset($this->authnrequests[$protocol])) {
+			/*
+			 * Traverse all cached authentication requests in this session for this user using this protocol
+			 */
+			foreach ($this->authnrequests[$protocol] AS $id => $cache) {
+				/*
+				 * If any of the cached requests is elder than the session.requestcache duration, then just
+				 * simply delete it :)
+				 */
+				if ($cache['date'] < $this->configuration->getValue('session.requestcache', time() - (4*60*60) ))
+					unset($this->authnrequests[$protocol][$id]);
+			}
+		}
+		/*
+		 * Then look if the request id that was requested exists, if so return it.
+		 */
+		if (isset($this->authnrequests[$protocol][$requestid])) {
+			return $this->authnrequests[$protocol][$requestid];
+		}
 
-	public function setAuthnRequest($requestid, SimpleSAML_XML_SAML20_AuthnRequest $xml) {	
-		$this->authnrequests[$requestid] = $xml;
+		/*
+		 * Could not find requested ID. Throw an error. Could be that it is never set, or that it is deleted due to age.
+		 */
+		throw new Exception('Could not find cached version of authentication request with ID ' . $requestid . ' (' . $protocol . ')');
 	}
 	
-	public function getAuthnRequest($requestid) {
-		return $this->authnrequests[$requestid];
+	/**
+	 * This method sets a cached assoc array to the authentication request cache storage.
+	 *
+	 * @param $protocol 		saml2 or shib13
+	 * @param $requestid 		The request id used as a key to lookup the cache.
+	 * @param $cache			The assoc array that will be stored.
+	 */
+	public function setAuthnRequest($protocol, $requestid, array $cache) {
+		$cache['date'] = time();
+		$this->authnrequests[$protocol][$requestid] = $cache;
+
 	}
 	
+	
+	
 	public function setAuthnResponse(SimpleSAML_XML_AuthnResponse $xml) {
 		$this->authnresponse = $xml;
 	}
@@ -294,7 +347,14 @@ class SimpleSAML_Session {
 	public function setAttribute($name, $value) {
 		$this->attributes[$name] = $value;
 	}
-	
+	 
+	 
+	/**
+	 * Is this session modified since loaded?
+	 */
+	public function isModified() {
+		return $this->dirty;
+	}
 }
 
 ?>
\ No newline at end of file
diff --git a/lib/SimpleSAML/XML/SAML20/AuthnRequest.php b/lib/SimpleSAML/XML/SAML20/AuthnRequest.php
index ead9afa386a54f4137259d9642c238f76c3b3067..b53a18e23ebc1c53ffd6b4ba4ba64f5dc8618247 100644
--- a/lib/SimpleSAML/XML/SAML20/AuthnRequest.php
+++ b/lib/SimpleSAML/XML/SAML20/AuthnRequest.php
@@ -1,21 +1,15 @@
 <?php
-
-
-/**
- * SimpleSAMLphp
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @author Andreas Åkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
- */
  
 require_once('SimpleSAML/Configuration.php');
 require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php');
  
 /**
- * Configuration of SimpleSAMLphp
+ * The Shibboleth 1.3 Authentication Request. Not part of SAML 1.1, 
+ * but an extension using query paramters no XML.
+ *
+ * @author Andreas Åkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
+ * @package simpleSAMLphp
+ * @version $Id$
  */
 class SimpleSAML_XML_SAML20_AuthnRequest {
 
@@ -27,7 +21,7 @@ class SimpleSAML_XML_SAML20_AuthnRequest {
 	private $relayState = null;
 	
 	
-	const PROTOCOL = 'urn:oasis:names:tc:SAML:2.0';
+	const PROTOCOL = 'saml2';
 
 
 	function __construct(SimpleSAML_Configuration $configuration, SimpleSAML_Metadata_MetaDataStorageHandler $metadatastore) {
@@ -110,7 +104,7 @@ class SimpleSAML_XML_SAML20_AuthnRequest {
 		return $requestid;	
 		*/
 	}
-	
+	/*
 	public function createSession() {
 	
 		
@@ -122,15 +116,10 @@ class SimpleSAML_XML_SAML20_AuthnRequest {
 		}
 
 		$session->setAuthnRequest($this->getRequestID(), $this);
-		
-		/*
-		if (isset($this->relayState)) {
-			$session->setRelayState($this->relayState);
-		}
-		*/
+
 		return $session;
 	}
-	
+	*/
 
 	public function generate($spentityid, $destination) {
 		$md = $this->metadata->getMetaData($spentityid);
diff --git a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
index 65ed360ebeab4364114c2fb8f60be02e7ae716e0..1876ebc2ac25c97171f5744049eb47dd13636af3 100644
--- a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
@@ -24,14 +24,6 @@ require_once('xmlseclibs.php');
  */
 class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 
-	private $configuration = null;
-	private $metadata = 'default.php';
-	
-	private $message = null;
-	private $dom;
-	private $relayState = null;
-	
-	private $validIDs = null;
 	
 	const PROTOCOL = 'urn:oasis:names:tc:SAML:2.0';
 	
@@ -105,12 +97,15 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 			throw new Exception("Unable to validate Signature");
 		}
 		
+		foreach ($refids AS $key => $value) {
+			$refids[$key] = str_replace('#', '', $value);
+		}
+		
 		$this->validIDs = $refids;
 		return true;
 	}
 	
-	
-	
+
 	
 	function validateCertFingerprint($objKey) {
 
@@ -229,9 +224,7 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 				$end = $node->getAttribute("NotOnOrAfter");
 	
 				if (! SimpleSAML_Utilities::checkDateConditions($start, $end)) {
-					error_log( " Date check failed ... (from $start to $end)");
-		
-					return $attributes;
+					throw new Exception("Date check failed (between $start and $end). Check if the clocks on the SP and IdP are synchronized. Alternatively you can get this message, when you move back in history or refresh an old page.");
 				}
 			}
 	
@@ -332,12 +325,12 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 	}
 
 
-	/* This function retrieves the ID of the request this response is a
+	/**
+	 * This function retrieves the ID of the request this response is a
 	 * response to. This ID is stored in the InResponseTo attribute of the
 	 * top level DOM element.
 	 *
-	 * Returns:
-	 *  The ID of the request this response is a response to, or NULL if
+	 * @return The ID of the request this response is a response to, or NULL if
 	 *  we don't know.
 	 */
 	public function getInResponseTo() {
@@ -466,17 +459,16 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 	}
 
 	
-	/* This function converts an array of attribute values into an
+	/**
+	 * This function converts an array of attribute values into an
 	 * encoded saml:Attribute element which should go into the
 	 * AuthnResponse. The data can optionally be base64 encoded.
 	 *
-	 * Parameters:
-	 *  $name      Name of this attribute.
-	 *  $values    Array with the values of this attribute.
-	 *  $base64    Enable base64 encoding of attribute values.
+	 *  @param $name      Name of this attribute.
+	 *  @param $values    Array with the values of this attribute.
+	 *  @param $base64    Enable base64 encoding of attribute values.
 	 *
-	 * Returns:
-	 *  String containing the encoded saml:attribute value for this
+	 *  @return String containing the encoded saml:attribute value for this
 	 *  attribute.
 	 */
 	private static function enc_attribute($name, $values, $base64 = false) {
@@ -495,7 +487,6 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 			        $text . '</saml:AttributeValue>';
 		}
 
-
 		$ret .= '</saml:Attribute>';
 
 		return $ret;
diff --git a/lib/SimpleSAML/XML/Shib13/AuthnRequest.php b/lib/SimpleSAML/XML/Shib13/AuthnRequest.php
index 053319c41271e2e084ce97816093fb33a175f231..1fe6972aa9ffd9825ba0b98dc8ae9a1b1339603b 100644
--- a/lib/SimpleSAML/XML/Shib13/AuthnRequest.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnRequest.php
@@ -1,21 +1,15 @@
 <?php
 
-
-/**
- * SimpleSAMLphp
- *
- * PHP versions 4 and 5
- *
- * LICENSE: See the COPYING file included in this distribution.
- *
- * @author Andreas Åkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
- */
- 
 require_once('SimpleSAML/Configuration.php');
 require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php');
  
 /**
- * Configuration of SimpleSAMLphp
+ * The Shibboleth 1.3 Authentication Request. Not part of SAML 1.1, 
+ * but an extension using query paramters no XML.
+ *
+ * @author Andreas Åkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
+ * @package simpleSAMLphp
+ * @version $Id$
  */
 class SimpleSAML_XML_Shib13_AuthnRequest {
 
@@ -29,7 +23,7 @@ class SimpleSAML_XML_Shib13_AuthnRequest {
 	private $requestid = null;
 	
 	
-	const PROTOCOL = 'shibboleth';
+	const PROTOCOL = 'shib13';
 
 
 	function __construct(SimpleSAML_Configuration $configuration, SimpleSAML_Metadata_MetaDataStorageHandler $metadatastore) {
@@ -83,25 +77,7 @@ class SimpleSAML_XML_Shib13_AuthnRequest {
 	public function getRequestID() {
 		return $this->requestid;
 	}
-	
-	public function createSession() {
-		
-		$session = SimpleSAML_Session::getInstance();
-		
-		if (!isset($session)) {
-			SimpleSAML_Session::init(self::PROTOCOL, null, false);
-			$session = SimpleSAML_Session::getInstance();
-		}
 
-		$session->setShibAuthnRequest($this);
-		
-		/*
-		if (isset($this->relayState)) {
-			$session->setRelayState($this->relayState);
-		}
-		*/
-		return $session;
-	}
 	
 	public function createRedirect($destination) {
 		$idpmetadata = $this->metadata->getMetaData($destination, 'shib13-idp-remote');
diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index 7c2b82aa5480675cb38a2173f45db1142676550a..31d590aa5a9cd5c0e48f0b033c38aa27b62b8cca 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -1,9 +1,16 @@
 <?php
-
+/**
+ * The SSOService is part of the SAML 2.0 IdP code, and it receives incomming Authentication Requests
+ * from a SAML 2.0 SP, parses, and process it, and then authenticates the user and sends the user back
+ * to the SP with an Authentication Response.
+ *
+ * @author Andreas Åkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
 
 require_once('../../../www/_include.php');
 
-
 require_once('SimpleSAML/Utilities.php');
 require_once('SimpleSAML/Session.php');
 require_once('SimpleSAML/Logger.php');
@@ -29,7 +36,14 @@ $requestid = null;
 
 $logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'EVENT', 'Access', 'Accessing SAML 2.0 IdP endpoint SSOService');
 
-
+/*
+ * If the SAMLRequest query parameter is set, we got an incomming Authentication Request 
+ * at this interface.
+ *
+ * In this case, what we should do is to process the request and set the neccessary information
+ * from the request into the session object to be used later.
+ *
+ */
 if (isset($_GET['SAMLRequest'])) {
 
 
@@ -37,16 +51,25 @@ if (isset($_GET['SAMLRequest'])) {
 		$binding = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata);
 		$authnrequest = $binding->decodeRequest($_GET);
 		
-		$session = $authnrequest->createSession();
+		//$session = $authnrequest->createSession();
 		$requestid = $authnrequest->getRequestID();
 		
+		/*
+		 * Create an assoc array of the request to store in the session cache.
+		 */
+		$requestcache = array(
+			'Issuer'    => $authnrequest->getIssuer()
+		);
+		if ($relaystate = $authnrequest->getRelayState() )
+			$requestcache['RelayState'] = $relaystate;
+			
+		$session->setAuthnRequest('saml2', $requestid, $requestcache);
+		
 		
 		if ($binding->validateQuery($authnrequest->getIssuer(),'IdP')) {
 			$logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'AuthnRequest', $requestid, 'Valid signature found');
 		}
 		
-		$session->setAuthnRequest($requestid, $authnrequest);
-		
 		$logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'AuthnRequest', 
 			array($authnrequest->getIssuer(), $requestid), 
 			'Incomming Authentication request');
@@ -63,19 +86,26 @@ if (isset($_GET['SAMLRequest'])) {
 		exit(0);
 	}
 
+/*
+ * If we did not get an incomming Authenticaiton Request, we need a RequestID parameter.
+ *
+ * The RequestID parameter is used to retrieve the information stored in the session object
+ * related to the request that was received earlier. Usually the request is processed with 
+ * code above, then the user is redirected to some login module, and when successfully authenticated
+ * the user isredirected back to this endpoint, and then the user will need to have the RequestID 
+ * parmeter attached.
+ */
 } elseif(isset($_GET['RequestID'])) {
 
 	try {
 
 		$requestid = $_GET['RequestID'];
 
-		$session = SimpleSAML_Session::getInstance();
-		$authnrequest = $session->getAuthnRequest($requestid);
+		$requestcache = $session->getAuthnRequest('saml2', $requestid);
 		
 		$logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'EVENT', $requestid, 'Got incomming RequestID');
 		
-		
-		if (!$authnrequest) throw new Exception('Could not retrieve cached RequestID = ' . $requestid);
+		if (!$requestcache) throw new Exception('Could not retrieve cached RequestID = ' . $requestid);
 		
 	} catch(Exception $exception) {
 		
@@ -90,24 +120,31 @@ if (isset($_GET['SAMLRequest'])) {
 
 	}
 	
-	
-	/*	
-	$authnrequest = new SimpleSAML_XML_SAML20_AuthnRequest($config, $metadata);
-	$authnrequest->setXML($authnrequestXML);
-	*/
-	
-
 
 } else {
-
-	echo 'You must either provide a SAML Request message or a RequestID on this interface.';
+	/*
+	 * We did neither get a request or a requestID as a parameter. Then throw an error.
+	 */
+	$et = new SimpleSAML_XHTML_Template($config, 'error.php');
+	
+	$et->data['header'] = 'No parameters found';
+	$et->data['message'] = 'You must either provide a SAML Request message or a RequestID on this interface.';	
+	$et->data['e'] = $exception;
+	
+	$et->show();
 	exit(0);
-
 }
 
 
-
-
+/*
+ * As we have passed the code above, we have an accociated request that is already processed.
+ *
+ * Now we check whether we have a authenticated session. If we do not have an authenticated session,
+ * we look up in the metadata of the IdP, to see what authenticaiton module to use, then we redirect
+ * the user to the authentication module, to authenticate. Later the user is redirected back to this
+ * endpoint - then the session is authenticated and set, and the user is redirected back with a RequestID
+ * parameter so we can retrieve the cached information from the request.
+ */
 if (!$session->isAuthenticated() ) {
 
 	$logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'AuthNext', $idpmeta['auth'], 
@@ -119,12 +156,16 @@ if (!$session->isAuthenticated() ) {
 
 	SimpleSAML_Utilities::redirect($authurl,
 		array('RelayState' => $relaystate));
+		
+/*
+ * We got an request, and we hav a valid session. Then we send an AuthenticationResponse back to the
+ * service.
+ */
 } else {
 
 	try {
 	
-	
-		$spentityid = $authnrequest->getIssuer();
+		$spentityid = $requestcache['Issuer'];
 		$spmetadata = $metadata->getMetaData($spentityid, 'saml20-sp-remote');
 		
 		/*
@@ -151,19 +192,16 @@ if (!$session->isAuthenticated() ) {
 			
 				$logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'ConsentOK', '-', 
 					'Got consent from user');
-			
 			}
 			
 		}
 	
 		// Adding this service provider to the list of sessions.
+		// Right now the list is used for SAML 2.0 only.
 		$session->add_sp_session($spentityid);
 
-
-		
 		$logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'AuthnResponse', $spentityid, 
 			'Sending back AuthnResponse');
-		
 
 		/*
 		 * Filtering attributes.
@@ -185,9 +223,9 @@ if (!$session->isAuthenticated() ) {
 		// Sending the AuthNResponse using HTTP-Post SAML 2.0 binding
 		$httppost = new SimpleSAML_Bindings_SAML20_HTTPPost($config, $metadata);
 		$httppost->sendResponse($authnResponseXML, 
-			$idpentityid, $authnrequest->getIssuer(), $authnrequest->getRelayState());
-		
-		
+			$idpentityid, $spentityid, 
+			isset($requestcache['RelayState']) ? $requestcache['RelayState'] : null
+		);
 		
 	} catch(Exception $exception) {
 		
@@ -198,7 +236,6 @@ if (!$session->isAuthenticated() ) {
 		$et->data['e'] = $exception;
 		
 		$et->show();
-
 	}
 	
 }
diff --git a/www/saml2/sp/AssertionConsumerService.php b/www/saml2/sp/AssertionConsumerService.php
index 3b327e4bcc6540117be38f64c6568a9f93a32dd6..d1d5da804061270722496dab51cdae3409d02bce 100644
--- a/www/saml2/sp/AssertionConsumerService.php
+++ b/www/saml2/sp/AssertionConsumerService.php
@@ -44,7 +44,7 @@ try {
 		if (isset($relayState)) {
 			SimpleSAML_Utilities::redirect($relayState);
 		} else {
-			echo 'Could not find RelayState parameter, you are stucked here.';
+			throw new Exception('Could not find RelayState parameter, you are stucked here.');
 		}
 	} else {
 		throw new Exception('Unkown error. Could not get session.');
diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php
index 44c3e6ce1fa30f06f9cd778ec3f7c7390c1b7656..f5ce87b63c6f6f8ae8d727d33812ca0eb7124d2d 100644
--- a/www/shib13/idp/SSOService.php
+++ b/www/shib13/idp/SSOService.php
@@ -1,11 +1,19 @@
 <?php
-
+/**
+ * The SSOService is part of the Shibboleth 1.3 IdP code, and it receives incomming Authentication Requests
+ * from a Shibboleth 1.3 SP, parses, and process it, and then authenticates the user and sends the user back
+ * to the SP with an Authentication Response.
+ *
+ * @author Andreas Åkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
 
 require_once('../../../www/_include.php');
 
-
 require_once('SimpleSAML/Utilities.php');
 require_once('SimpleSAML/Session.php');
+require_once('SimpleSAML/Logger.php');
 require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php');
 require_once('SimpleSAML/XML/AttributeFilter.php');
 require_once('SimpleSAML/XML/Shib13/AuthnRequest.php');
@@ -17,14 +25,25 @@ require_once('SimpleSAML/XHTML/Template.php');
 
 $config = SimpleSAML_Configuration::getInstance();
 $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+$session = SimpleSAML_Session::getInstance(true);
+
+$logger = new SimpleSAML_Logger();
 
 $idpentityid = $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted');
 $idpmeta = $metadata->getMetaDataCurrent('shib13-idp-hosted');
 
 $requestid = null;
-$session = null;
 
+$logger->log(LOG_INFO, $session->getTrackID(), 'Shib1.3', 'IdP.SSOService', 'EVENT', 'Access', 'Accessing Shibboleth 1.3 IdP endpoint SSOService');
 
+/*
+ * If the shire query parameter is set, we got an incomming Authentication Request 
+ * at this interface.
+ *
+ * In this case, what we should do is to process the request and set the neccessary information
+ * from the request into the session object to be used later.
+ *
+ */
 if (isset($_GET['shire'])) {
 
 
@@ -32,13 +51,25 @@ if (isset($_GET['shire'])) {
 		$authnrequest = new SimpleSAML_XML_Shib13_AuthnRequest($config, $metadata);
 		$authnrequest->parseGet($_GET);
 		
-		$session = $authnrequest->createSession();
+		//$session = $authnrequest->createSession();
 	
 		$requestid = $authnrequest->getRequestID();
 
 		//$session->setShibAuthnRequest($authnrequest);
-
 		
+		
+
+		/*
+		 * Create an assoc array of the request to store in the session cache.
+		 */
+		$requestcache = array(
+			'Issuer'    => $authnrequest->getIssuer(),
+			'shire'		=> $authnrequest->getShire(),
+		);
+		if ($relaystate = $authnrequest->getRelayState() )
+			$requestcache['RelayState'] = $relaystate;
+			
+		$session->setAuthnRequest('shib13', $requestid, $requestcache);
 
 	
 	} catch(Exception $exception) {
@@ -50,21 +81,31 @@ if (isset($_GET['shire'])) {
 		$et->data['e'] = $exception;
 		
 		$et->show();
-
+		exit(0);
 	}
 
-} elseif(isset($_GET['RequestID'])) {
-
-
 
+/*
+ * If we did not get an incomming Authenticaiton Request, we need a RequestID parameter.
+ *
+ * The RequestID parameter is used to retrieve the information stored in the session object
+ * related to the request that was received earlier. Usually the request is processed with 
+ * code above, then the user is redirected to some login module, and when successfully authenticated
+ * the user isredirected back to this endpoint, and then the user will need to have the RequestID 
+ * parmeter attached.
+ */
+} elseif(isset($_GET['RequestID'])) {
+	
 	try {
 
 		$requestid = $_GET['RequestID'];
-		$session = SimpleSAML_Session::getInstance();
-		$authnrequest = $session->getShibAuthnRequest();
+
+		$requestcache = $session->getAuthnRequest('shib13', $requestid);
 		
-		if (!$authnrequest) throw new Exception('Could not retrieve cached RequestID = ' . $requestid);
+		$logger->log(LOG_INFO, $session->getTrackID(), 'Shib1.3', 'IdP.SSOService', 'EVENT', $requestid, 'Got incomming RequestID');
 		
+		if (!$requestcache) throw new Exception('Could not retrieve cached RequestID = ' . $requestid);
+
 	} catch(Exception $exception) {
 		
 		$et = new SimpleSAML_XHTML_Template($config, 'error.php');
@@ -74,33 +115,46 @@ if (isset($_GET['shire'])) {
 		$et->data['e'] = $exception;
 		
 		$et->show();
-
 	}
-	
-	
-	/*	
-	$authnrequest = new SimpleSAML_XML_SAML20_AuthnRequest($config, $metadata);
-	$authnrequest->setXML($authnrequestXML);
-	*/
-	
-
 
 } else {
-
-	echo 'You must either provide a SAML Request message or a RequestID on this interface.';
+	/*
+	 * We did neither get a request or a requestID as a parameter. Then throw an error.
+	 */
+	$et = new SimpleSAML_XHTML_Template($config, 'error.php');
+	
+	$et->data['header'] = 'No parameters found';
+	$et->data['message'] = 'You must either provide a Shibboleth Request message or a RequestID on this interface.';	
+	$et->data['e'] = $exception;
+	
+	$et->show();
 	exit(0);
 
 }
 
 
 
-
+/*
+ * As we have passed the code above, we have an accociated request that is already processed.
+ *
+ * Now we check whether we have a authenticated session. If we do not have an authenticated session,
+ * we look up in the metadata of the IdP, to see what authenticaiton module to use, then we redirect
+ * the user to the authentication module, to authenticate. Later the user is redirected back to this
+ * endpoint - then the session is authenticated and set, and the user is redirected back with a RequestID
+ * parameter so we can retrieve the cached information from the request.
+ */
 if (!$session->isAuthenticated() ) {
 
 	$relaystate = SimpleSAML_Utilities::selfURLNoQuery() . '?RequestID=' . urlencode($requestid);
 	$authurl = SimpleSAML_Utilities::addURLparameter('/' . $config->getValue('baseurlpath') . $idpmeta['auth'], 
 		'RelayState=' . urlencode($relaystate));
 	SimpleSAML_Utilities::redirect($authurl);
+	
+	
+/*
+ * We got an request, and we hav a valid session. Then we send an AuthenticationResponse back to the
+ * service.
+ */
 } else {
 
 	try {
@@ -110,7 +164,7 @@ if (!$session->isAuthenticated() ) {
 
 		//$session->setAttribute('eduPersonAffiliation', array('student'));
 
-		$spentityid = $authnrequest->getIssuer();
+		$spentityid = $requestcache['Issuer'];
 		$spmetadata = $metadata->getMetaData($spentityid, 'shib13-sp-remote');
 
 		/*
@@ -130,7 +184,7 @@ if (!$session->isAuthenticated() ) {
 
 		// Generating a Shibboleth 1.3 Response.
 		$ar = new SimpleSAML_XML_Shib13_AuthnResponse($config, $metadata);
-		$authnResponseXML = $ar->generate($idpentityid, $authnrequest->getIssuer(), 
+		$authnResponseXML = $ar->generate($idpentityid, $requestcache['Issuer'], 
 			$requestid, null, $filteredattributes);
 		
 		
@@ -142,13 +196,13 @@ if (!$session->isAuthenticated() ) {
 		
 		//echo 'Relaystate[' . $authnrequest->getRelayState() . ']';
 		
-		$issuer = $authnrequest->getIssuer();
-		$shire = $authnrequest->getShire();
+		$issuer = $requestcache['Issuer'];
+		$shire = $requestcache['shire'];
 		if ($issuer == null || $issuer == '')
 			throw new Exception('Could not retrieve issuer of the AuthNRequest (ProviderID)');
 		
 		$httppost->sendResponse($authnResponseXML, 
-			$idpentityid, $issuer, $authnrequest->getRelayState(), $shire);
+			$idpentityid, $issuer, isset($requestcache['RelayState']) ? $requestcache['RelayState'] : null, $shire);
 			
 	} catch(Exception $exception) {
 		
diff --git a/www/shib13/sp/initSSO.php b/www/shib13/sp/initSSO.php
index 106ae18f937b984d05230c83c6f7a5ed4e70ed3a..55a7723fb8b72ec5f2c52577d9a6fe4849b0e54a 100644
--- a/www/shib13/sp/initSSO.php
+++ b/www/shib13/sp/initSSO.php
@@ -8,9 +8,6 @@ require_once('SimpleSAML/Session.php');
 require_once('SimpleSAML/XHTML/Template.php');
 require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php');
 require_once('SimpleSAML/XML/Shib13/AuthnRequest.php');
-//require_once('SimpleSAML/XML/SAML20/AuthnResponse.php');
-//require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
-//require_once('SimpleSAML/Bindings/SAML20/HTTPPost.php');
 
 $config = SimpleSAML_Configuration::getInstance();
 $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
@@ -41,9 +38,10 @@ try {
 	exit(0);
 }
 
+
+
 if (!isset($session) || !$session->isValid() ) {
 	
-	
 	if ($idpentityid == null) {
 	
 		$returnURL = urlencode(SimpleSAML_Utilities::selfURL());
@@ -77,7 +75,6 @@ if (!isset($session) || !$session->isValid() ) {
 } else {
 
 	
-	
 	$relaystate = $session->getRelayState();
 	
 	if (isset($relaystate) && !empty($relaystate)) {
@@ -96,10 +93,6 @@ if (!isset($session) || !$session->isValid() ) {
 }
 
 
-#print_r($metadata->getMetaData('sam.feide.no'));
-#print_r($req);
-
-//echo 'Location: ' . $relaystate;
 
 
-?>
+?>
\ No newline at end of file