diff --git a/lasso/id-ff/federation_termination.c b/lasso/id-ff/federation_termination.c
index 06e92c51..ded48856 100644
--- a/lasso/id-ff/federation_termination.c
+++ b/lasso/id-ff/federation_termination.c
@@ -153,7 +153,8 @@ lasso_federation_termination_init_notification(LassoFederationTermination *defed
   default:
     message(G_LOG_LEVEL_CRITICAL, "Invalid provider type\n");
   }
-  
+  lasso_federation_destroy(federation);
+
   if(!nameIdentifier) {
     message(G_LOG_LEVEL_CRITICAL, "Name identifier not found for %s\n", profile->remote_providerID);
     codeError = -1;
@@ -272,6 +273,7 @@ lasso_federation_termination_process_notification(LassoFederationTermination *de
     message(G_LOG_LEVEL_WARNING, "No name identifier for %s\n", profile->remote_providerID);
     return(-1);
   }
+  lasso_federation_destroy(federation);
 
   /* remove federation of the remote provider */
   lasso_identity_remove_federation(profile->identity, profile->remote_providerID);
diff --git a/lasso/id-ff/identity.c b/lasso/id-ff/identity.c
index 0d8fe12f..e700f1b1 100644
--- a/lasso/id-ff/identity.c
+++ b/lasso/id-ff/identity.c
@@ -80,18 +80,18 @@ lasso_identity_add_federation(LassoIdentity   *identity,
   gboolean found = FALSE;
   int i;
 
-  g_return_val_if_fail(identity != NULL, -1);
+  g_return_val_if_fail(LASSO_IS_IDENTITY(identity), -1);
   g_return_val_if_fail(remote_providerID != NULL, -2);
-  g_return_val_if_fail(federation != NULL, -3);
+  g_return_val_if_fail(LASSO_IS_FEDERATION(federation), -3);
 
   /* add the remote provider id if not already saved */
-  for(i = 0; i<identity->providerIDs->len; i++) {
+  for (i = 0; i<identity->providerIDs->len; i++) {
     if(xmlStrEqual(remote_providerID, g_ptr_array_index(identity->providerIDs, i))) {
       found = TRUE;
       break;
     }
   }
-  if(found == TRUE) {
+  if (found == TRUE) {
     debug("A federation existed already for this providerID, it was replaced by the new one.\n");
   }
   else {
@@ -99,7 +99,8 @@ lasso_identity_add_federation(LassoIdentity   *identity,
   }
 
   /* add the federation, replace if one already exists */
-  g_hash_table_insert(identity->federations, g_strdup(remote_providerID), federation);
+  g_hash_table_insert(identity->federations, g_strdup(remote_providerID),
+		      lasso_federation_copy(federation));
 
   identity->is_dirty = TRUE;
 
@@ -185,10 +186,10 @@ lasso_identity_get_federation(LassoIdentity *identity,
 						      remote_providerID);
   if (federation == NULL) {
     debug("No Federation found with remote ProviderID = %s\n", remote_providerID);
+    return (NULL);
   }
 
-  /* FIXME: federation should be a copy (fix lasso_identity_add_federation too) */
-  return(federation);
+  return(lasso_federation_copy(federation));
 }
 
 gchar*
@@ -198,7 +199,7 @@ lasso_identity_get_next_federation_remote_providerID(LassoIdentity *identity)
 
   g_return_val_if_fail(identity!=NULL, NULL);
 
-  if(identity->providerIDs->len == 0) {
+  if (identity->providerIDs->len == 0) {
     return(NULL);
   }
 
@@ -221,14 +222,15 @@ lasso_identity_remove_federation(LassoIdentity *identity,
   federation = lasso_identity_get_federation(identity, remote_providerID);
   if (federation != NULL) {
     g_hash_table_remove(identity->federations, remote_providerID);
+    lasso_federation_destroy(federation);
   }
   else {
     debug("Failed to remove federation for remote Provider %s\n", remote_providerID);
   }
 
   /* remove the federation remote provider id */
-  for(i = 0; i<identity->providerIDs->len; i++) {
-    if(xmlStrEqual(remote_providerID, g_ptr_array_index(identity->providerIDs, i))) {
+  for (i = 0; i<identity->providerIDs->len; i++) {
+    if (xmlStrEqual(remote_providerID, g_ptr_array_index(identity->providerIDs, i))) {
       debug("Remove federation of %s\n", remote_providerID);
       g_ptr_array_remove_index(identity->providerIDs, i);
       break;
@@ -388,7 +390,7 @@ lasso_identity_new_from_dump(gchar *dump)
 	federation_node = lasso_node_new_from_xmlNode(federation_xmlNode);
 	remote_providerID = lasso_node_get_attr_value(federation_node,
 						      LASSO_FEDERATION_REMOTE_PROVIDERID_NODE, &err);
-	if(remote_providerID==NULL){
+	if (remote_providerID == NULL) {
 	  message(G_LOG_LEVEL_WARNING, err->message);
 	  g_error_free(err);
 	  lasso_node_destroy(federation_node);
@@ -466,6 +468,7 @@ lasso_identity_new_from_dump(gchar *dump)
 
 	xmlFree(remote_providerID);
 	lasso_node_destroy(federation_node);
+	lasso_federation_destroy(federation);
       }
 
       federation_xmlNode = federation_xmlNode->next;
diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c
index ddb2c2d8..1b598faa 100644
--- a/lasso/id-ff/login.c
+++ b/lasso/id-ff/login.c
@@ -227,6 +227,7 @@ lasso_login_process_federation(LassoLogin *login)
   }
 
  done:
+  lasso_federation_destroy(federation);
   xmlFree(nameIDPolicy);
   xmlFree(consent);
 
@@ -335,7 +336,7 @@ lasso_login_accept_sso(LassoLogin *login)
     assertion = lasso_node_get_child(LASSO_PROFILE(login)->response,
 				     "Assertion", lassoLibHRef, NULL);
     if (assertion == NULL) {
-      message(G_LOG_LEVEL_ERROR, "Assertion element not found in response.\n");
+      message(G_LOG_LEVEL_CRITICAL, "Assertion element not found in response.\n");
       ret = -2;
       goto done;
     }
@@ -349,7 +350,7 @@ lasso_login_accept_sso(LassoLogin *login)
     nameIdentifier = lasso_node_get_child(assertion, "NameIdentifier",
 					  lassoSamlAssertionHRef, NULL);
     if (nameIdentifier == NULL) {
-      message(G_LOG_LEVEL_ERROR, "NameIdentifier element not found in assertion.\n");
+      message(G_LOG_LEVEL_CRITICAL, "NameIdentifier element not found in assertion.\n");
       ret = -3;
       goto done;
     }
@@ -357,7 +358,7 @@ lasso_login_accept_sso(LassoLogin *login)
     idpProvidedNameIdentifier = lasso_node_get_child(assertion, "IDPProvidedNameIdentifier",
 						     lassoLibHRef, NULL);
     if (idpProvidedNameIdentifier == NULL) {
-      message(G_LOG_LEVEL_ERROR, "IDPProvidedNameIdentifier element not found in assertion.\n");
+      message(G_LOG_LEVEL_CRITICAL, "IDPProvidedNameIdentifier element not found in assertion.\n");
       ret = -4;
       goto done;
     }
@@ -376,9 +377,10 @@ lasso_login_accept_sso(LassoLogin *login)
     lasso_identity_add_federation(LASSO_PROFILE(login)->identity,
 				  LASSO_PROFILE(login)->remote_providerID,
 				  federation);
+    lasso_federation_destroy(federation);
   }
   else {
-    message(G_LOG_LEVEL_ERROR, "response attribute is empty.\n");
+    message(G_LOG_LEVEL_CRITICAL, "response attribute is empty.\n");
   }
   
  done:
@@ -406,13 +408,13 @@ lasso_login_build_artifact_msg(LassoLogin      *login,
   g_return_val_if_fail(authenticationMethod != NULL && reauthenticateOnOrAfter != NULL, -1);
 
   if (method != lassoHttpMethodRedirect && method != lassoHttpMethodPost) {
-    message(G_LOG_LEVEL_ERROR, "Invalid HTTP method, it could be REDIRECT or POST\n.");
+    message(G_LOG_LEVEL_CRITICAL, "Invalid HTTP method, it could be REDIRECT or POST\n.");
     return (-2);
   }
 
   /* ProtocolProfile must be BrwsArt */
   if (login->protocolProfile != lassoLoginProtocolProfileBrwsArt) {
-    message(G_LOG_LEVEL_ERROR, "Failed to build artifact message, an AuthnResponse is required by ProtocolProfile.\n");
+    message(G_LOG_LEVEL_CRITICAL, "Failed to build artifact message, an AuthnResponse is required by ProtocolProfile.\n");
     return (-3);
   }
 
@@ -431,6 +433,7 @@ lasso_login_build_artifact_msg(LassoLogin      *login,
 					 federation,
 					 authenticationMethod,
 					 reauthenticateOnOrAfter);
+      lasso_federation_destroy(federation);
     }
   }
   /* save response dump */
@@ -586,7 +589,7 @@ lasso_login_build_authn_response_msg(LassoLogin  *login,
 
   /* ProtocolProfile must be BrwsPost */
   if (login->protocolProfile != lassoLoginProtocolProfileBrwsPost) {
-    message(G_LOG_LEVEL_ERROR, "Failed to build AuthnResponse message, an Artifact is required by ProtocolProfile.\n");
+    message(G_LOG_LEVEL_CRITICAL, "Failed to build AuthnResponse message, an Artifact is required by ProtocolProfile.\n");
     return (-1);
   }
   
@@ -605,6 +608,7 @@ lasso_login_build_authn_response_msg(LassoLogin  *login,
 					 federation,
 					 authenticationMethod,
 					 reauthenticateOnOrAfter);
+      lasso_federation_destroy(federation);
     }
   }
   
@@ -700,7 +704,7 @@ lasso_login_init_from_authn_request_msg(LassoLogin      *login,
   if (authn_request_method != lassoHttpMethodRedirect && \
       authn_request_method != lassoHttpMethodPost && \
       authn_request_method != lassoHttpMethodSoap) {
-    message(G_LOG_LEVEL_ERROR, "Invalid HTTP method, it could be REDIRECT, POST or SOAP (LECP)\n.");
+    message(G_LOG_LEVEL_CRITICAL, "Invalid HTTP method, it could be REDIRECT, POST or SOAP (LECP)\n.");
     return (-1);
   }
 
@@ -815,10 +819,15 @@ lasso_login_init_request(LassoLogin      *login,
 {
   LassoNode *response = NULL;
   xmlChar *artifact, *identityProviderSuccinctID;
+  gint ret = 0;
+  GError *err = NULL;
+
+  g_return_val_if_fail(LASSO_IS_LOGIN(login), -1);
+  g_return_val_if_fail(response_msg != NULL, -1);
 
   if (response_method != lassoHttpMethodRedirect && \
       response_method != lassoHttpMethodPost) {
-    message(G_LOG_LEVEL_ERROR, "Invalid HTTP method, it could be REDIRECT or POST\n.");
+    message(G_LOG_LEVEL_CRITICAL, "Invalid HTTP method, it could be REDIRECT or POST\n.");
     return (-1);
   }
 
@@ -834,21 +843,35 @@ lasso_login_init_request(LassoLogin      *login,
     break;
   }
   LASSO_PROFILE(login)->response = response;
-  /* get remote identityProviderSuccinctID */
-  identityProviderSuccinctID = lasso_artifact_get_identityProviderSuccinctID(LASSO_ARTIFACT(response));
-  LASSO_PROFILE(login)->remote_providerID = lasso_server_get_providerID_from_hash(LASSO_PROFILE(login)->server,
-										  identityProviderSuccinctID);
-  xmlFree(identityProviderSuccinctID);
-  
   LASSO_PROFILE(login)->response_type = lassoMessageTypeArtifact;
 
+  /* get remote identityProviderSuccinctID */
+  identityProviderSuccinctID = lasso_artifact_get_identityProviderSuccinctID(LASSO_ARTIFACT(response), &err);
+  if (identityProviderSuccinctID != NULL) {
+    LASSO_PROFILE(login)->remote_providerID = lasso_server_get_providerID_from_hash(LASSO_PROFILE(login)->server,
+										    identityProviderSuccinctID);
+    xmlFree(identityProviderSuccinctID);
+  }
+  else {
+    message(G_LOG_LEVEL_CRITICAL, err->message);
+    ret = err->code;
+    g_clear_error(&err);
+  }
+  
   /* create SamlpRequest */
-  artifact = lasso_artifact_get_samlArt(LASSO_ARTIFACT(LASSO_PROFILE(login)->response));
-  LASSO_PROFILE(login)->request = lasso_request_new(artifact);
-  LASSO_PROFILE(login)->request_type = lassoMessageTypeRequest;
-  xmlFree(artifact);
+  artifact = lasso_artifact_get_samlArt(LASSO_ARTIFACT(LASSO_PROFILE(login)->response), &err);
+  if (artifact != NULL) {
+    LASSO_PROFILE(login)->request = lasso_request_new(artifact);
+    LASSO_PROFILE(login)->request_type = lassoMessageTypeRequest;
+    xmlFree(artifact);
+  }
+  else {
+    message(G_LOG_LEVEL_CRITICAL, err->message);
+    ret = err->code;
+    g_clear_error(&err);
+  }
 
-  return (0);
+  return (ret);
 }
 
 gboolean
diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c
index 053de1e5..5a7fc81a 100644
--- a/lasso/id-ff/logout.c
+++ b/lasso/id-ff/logout.c
@@ -256,7 +256,8 @@ lasso_logout_init_request(LassoLogout *logout,
     message(G_LOG_LEVEL_CRITICAL, "Invalid provider type\n");
     return(-4);
   }
-  
+  lasso_federation_destroy(federation);
+
   if(nameIdentifier == NULL) {
     message(G_LOG_LEVEL_CRITICAL, "Name identifier not found for %s\n",
 	    profile->remote_providerID);
@@ -418,6 +419,7 @@ lasso_logout_validate_request(LassoLogout *logout)
     statusCode_class->set_prop(statusCode, "Value", lassoLibStatusCodeFederationDoesNotExist);
     return(-10);
   }
+  lasso_federation_destroy(federation);
 
   /* verification is ok, save name identifier in logout object */
   lasso_session_remove_assertion(profile->session, profile->remote_providerID);
diff --git a/lasso/id-ff/name_identifier_mapping.c b/lasso/id-ff/name_identifier_mapping.c
index 63f0a320..2cc55a3c 100644
--- a/lasso/id-ff/name_identifier_mapping.c
+++ b/lasso/id-ff/name_identifier_mapping.c
@@ -181,7 +181,8 @@ lasso_name_identifier_mapping_init_request(LassoNameIdentifierMapping *mapping,
     message(G_LOG_LEVEL_ERROR, "Unknown provider type\n");
     return(-4);
   }
-  
+  lasso_federation_destroy(federation);
+
   if(nameIdentifier == NULL) {
     message(G_LOG_LEVEL_ERROR, "Name identifier not found\n");
     return(-5);
@@ -272,6 +273,7 @@ lasso_name_identifier_mapping_process_request_msg(LassoNameIdentifierMapping *ma
     statusCode_class->set_prop(statusCode, "Value", lassoLibStatusCodeFederationDoesNotExist);
     return(-7);
   }
+  lasso_federation_destroy(federation);
 
   return(0);
 }
diff --git a/lasso/id-ff/register_name_identifier.c b/lasso/id-ff/register_name_identifier.c
index bd95edb3..aa05a46c 100644
--- a/lasso/id-ff/register_name_identifier.c
+++ b/lasso/id-ff/register_name_identifier.c
@@ -243,6 +243,7 @@ lasso_register_name_identifier_init_request(LassoRegisterNameIdentifier *registe
     message(G_LOG_LEVEL_CRITICAL, "Invalid provider type (%d)\n", profile->provider_type);
     return(-5);
   }
+  lasso_federation_destroy(federation);
 
   debug("old name identifier : %s, old name qualifier : %s, old format : %s\n", oldNameIdentifier, oldNameQualifier, oldFormat);
   debug("sp name identifier : %s, sp name qualifier : %s, sp format : %s\n",    spNameIdentifier,  spNameQualifier,  spFormat);
@@ -367,6 +368,7 @@ lasso_register_name_identifier_process_request(LassoRegisterNameIdentifier *regi
     statusCode_class->set_prop(statusCode, "Value", lassoLibStatusCodeFederationDoesNotExist);
     return(-8);
   }
+  lasso_federation_destroy(federation);
 
   /* verify authentication (if ok, delete assertion) */
   assertion = lasso_session_get_assertion(profile->session, remote_providerID);