diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java
index ff76030df..96e4af765 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java
@@ -33,6 +33,7 @@ import org.springframework.security.oauth2.common.exceptions.InvalidGrantExcepti
 import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
+import org.springframework.security.providers.ExpiringUsernameAuthenticationToken;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/saml/PerunSamlUserDetailsService.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/saml/PerunSamlUserDetailsService.java
index cd57c380d..468df7b23 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/saml/PerunSamlUserDetailsService.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/saml/PerunSamlUserDetailsService.java
@@ -1,6 +1,5 @@
 package cz.muni.ics.oidc.saml;
 
-import cz.muni.ics.oidc.server.PerunPrincipal;
 import cz.muni.ics.oidc.server.adapters.PerunAdapter;
 import cz.muni.ics.oidc.server.filters.FiltersUtils;
 import lombok.extern.slf4j.Slf4j;
@@ -24,9 +23,7 @@ public class PerunSamlUserDetailsService implements SAMLUserDetailsService {
     @Override
     public Object loadUserBySAML(SAMLCredential credential) throws UsernameNotFoundException {
         log.debug("Loading user for SAML credential");
-        PerunPrincipal p = FiltersUtils.getPerunPrincipal(credential, samlProperties.getUserIdentifierAttribute());
-        log.debug("Fetching user from perun ({})", p);
-        return perunAdapter.getPreauthenticatedUserId(p);
+        return FiltersUtils.getPerunUser(credential, perunAdapter, samlProperties.getUserIdentifierAttribute());
     }
 
 }
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/PerunPrincipal.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/PerunPrincipal.java
deleted file mode 100644
index 03574f498..000000000
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/PerunPrincipal.java
+++ /dev/null
@@ -1,35 +0,0 @@
-package cz.muni.ics.oidc.server;
-
-/**
- * Principal specific for Perun user. User is identified by login (extLogin) and name
- * of the external source (extSourceName) he/she used for login (usually identity provider).
- *
- * @author Martin Kuba <makub@ics.muni.cz>
- */
-public class PerunPrincipal {
-
-	private final String extLogin;
-	private final String extSourceName;
-
-	public PerunPrincipal(String extLogin, String extSourceName) {
-		this.extLogin = extLogin;
-		this.extSourceName = extSourceName;
-	}
-
-	public String getExtLogin() {
-		return extLogin;
-	}
-
-	public String getExtSourceName() {
-		return extSourceName;
-	}
-
-	@Override
-	public String toString() {
-		return "PerunPrincipal{" +
-				"extLogin='" + extLogin + '\'' +
-				", extSourceName='" + extSourceName + '\'' +
-				'}';
-	}
-
-}
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/adapters/PerunAdapterMethods.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/adapters/PerunAdapterMethods.java
index 6ff6560b0..1116f7fb6 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/adapters/PerunAdapterMethods.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/adapters/PerunAdapterMethods.java
@@ -6,7 +6,6 @@ import cz.muni.ics.oidc.models.PerunAttributeValue;
 import cz.muni.ics.oidc.models.PerunUser;
 import cz.muni.ics.oidc.models.Resource;
 import cz.muni.ics.oidc.models.Vo;
-import cz.muni.ics.oidc.server.PerunPrincipal;
 import cz.muni.ics.oidc.server.connectors.Affiliation;
 import java.util.Collection;
 import java.util.List;
@@ -26,10 +25,9 @@ public interface PerunAdapterMethods {
 	/**
 	 * Fetch user based on his principal (extLogin and extSource) from Perun
 	 *
-	 * @param perunPrincipal principal of user
 	 * @return PerunUser with id of found user
 	 */
-	PerunUser getPreauthenticatedUserId(PerunPrincipal perunPrincipal);
+	PerunUser getPreauthenticatedUserId(String extLogin, String extSourceName);
 
 	/**
 	 * Fetch user attribute values
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/adapters/impl/PerunAdapterImpl.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/adapters/impl/PerunAdapterImpl.java
index 93492df00..2274674aa 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/adapters/impl/PerunAdapterImpl.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/adapters/impl/PerunAdapterImpl.java
@@ -6,7 +6,6 @@ import cz.muni.ics.oidc.models.PerunAttributeValue;
 import cz.muni.ics.oidc.models.PerunUser;
 import cz.muni.ics.oidc.models.Resource;
 import cz.muni.ics.oidc.models.Vo;
-import cz.muni.ics.oidc.server.PerunPrincipal;
 import cz.muni.ics.oidc.server.adapters.PerunAdapter;
 import cz.muni.ics.oidc.server.connectors.Affiliation;
 import java.util.Collection;
@@ -23,12 +22,12 @@ import java.util.Set;
 public class PerunAdapterImpl extends PerunAdapter {
 
     @Override
-    public PerunUser getPreauthenticatedUserId(PerunPrincipal perunPrincipal) {
+    public PerunUser getPreauthenticatedUserId(String extLogin, String extSourceName) {
         try {
-            return this.getAdapterPrimary().getPreauthenticatedUserId(perunPrincipal);
+            return this.getAdapterPrimary().getPreauthenticatedUserId(extLogin, extSourceName);
         } catch (UnsupportedOperationException e) {
             if (this.isCallFallback()) {
-                return this.getAdapterFallback().getPreauthenticatedUserId(perunPrincipal);
+                return this.getAdapterFallback().getPreauthenticatedUserId(extLogin, extSourceName);
             } else {
                 throw e;
             }
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/adapters/impl/PerunAdapterLdap.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/adapters/impl/PerunAdapterLdap.java
index e7d68130b..ce81b2598 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/adapters/impl/PerunAdapterLdap.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/adapters/impl/PerunAdapterLdap.java
@@ -43,7 +43,6 @@ import cz.muni.ics.oidc.models.Resource;
 import cz.muni.ics.oidc.models.Vo;
 import cz.muni.ics.oidc.models.enums.PerunAttrValueType;
 import cz.muni.ics.oidc.models.enums.PerunEntityType;
-import cz.muni.ics.oidc.server.PerunPrincipal;
 import cz.muni.ics.oidc.server.adapters.PerunAdapter;
 import cz.muni.ics.oidc.server.adapters.PerunAdapterMethods;
 import cz.muni.ics.oidc.server.adapters.PerunAdapterMethodsLdap;
@@ -96,16 +95,10 @@ public class PerunAdapterLdap extends PerunAdapterWithMappingServices implements
 		this.oidcCheckMembershipAttr = oidcCheckMembershipAttr;
 	}
 
-	/**
-	 * Fetch user based on his principal (extLogin and extSource) from Perun
-	 *
-	 * @param perunPrincipal principal of user
-	 * @return PerunUser with id of found user
-	 */
 	@Override
-	public PerunUser getPreauthenticatedUserId(PerunPrincipal perunPrincipal) {
+	public PerunUser getPreauthenticatedUserId(String extLogin, String extSourceName) {
 		FilterBuilder filter = and(
-				equal(OBJECT_CLASS, PERUN_USER), equal(EDU_PERSON_PRINCIPAL_NAMES, perunPrincipal.getExtLogin())
+				equal(OBJECT_CLASS, PERUN_USER), equal(EDU_PERSON_PRINCIPAL_NAMES, extLogin)
 		);
 		SearchScope scope = SearchScope.ONELEVEL;
 		String[] attributes = new String[]{PERUN_USER_ID, GIVEN_NAME, SN};
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/adapters/impl/PerunAdapterRpc.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/adapters/impl/PerunAdapterRpc.java
index 2809c5f08..acc231504 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/adapters/impl/PerunAdapterRpc.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/adapters/impl/PerunAdapterRpc.java
@@ -27,7 +27,6 @@ import cz.muni.ics.oidc.models.Vo;
 import cz.muni.ics.oidc.models.enums.MemberStatus;
 import cz.muni.ics.oidc.models.enums.PerunEntityType;
 import cz.muni.ics.oidc.models.mappers.RpcMapper;
-import cz.muni.ics.oidc.server.PerunPrincipal;
 import cz.muni.ics.oidc.server.adapters.PerunAdapter;
 import cz.muni.ics.oidc.server.adapters.PerunAdapterMethods;
 import cz.muni.ics.oidc.server.adapters.PerunAdapterMethodsRpc;
@@ -85,13 +84,13 @@ public class PerunAdapterRpc extends PerunAdapterWithMappingServices implements
 	}
 
 	@Override
-	public PerunUser getPreauthenticatedUserId(PerunPrincipal perunPrincipal) {
+	public PerunUser getPreauthenticatedUserId(String extLogin, String extSourceName) {
 		if (!this.connectorRpc.isEnabled()) {
 			return null;
 		}
 		Map<String, Object> map = new LinkedHashMap<>();
-		map.put("extLogin", perunPrincipal.getExtLogin());
-		map.put("extSourceName", perunPrincipal.getExtSourceName());
+		map.put("extLogin", extLogin);
+		map.put("extSourceName", extSourceName);
 
 		JsonNode response = connectorRpc.post(USERS_MANAGER, "getUserByExtSourceNameAndExtLogin", map);
 		return RpcMapper.mapPerunUser(response);
diff --git a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/FiltersUtils.java b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/FiltersUtils.java
index 30f60375d..2b1794ccb 100644
--- a/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/FiltersUtils.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/oidc/server/filters/FiltersUtils.java
@@ -8,7 +8,6 @@ import cz.muni.ics.oauth2.service.ClientDetailsEntityService;
 import cz.muni.ics.oidc.models.Facility;
 import cz.muni.ics.oidc.models.PerunAttributeValue;
 import cz.muni.ics.oidc.models.PerunUser;
-import cz.muni.ics.oidc.server.PerunPrincipal;
 import cz.muni.ics.oidc.server.adapters.PerunAdapter;
 import cz.muni.ics.oidc.server.configurations.FacilityAttrsConfig;
 import cz.muni.ics.oidc.web.controllers.ControllerUtils;
@@ -93,21 +92,30 @@ public class FiltersUtils {
 		return client;
 	}
 
-	/**
-	 * Get Perun user
-	 * @param request Request object
-	 * @param perunAdapter Adapter of Perun interface
-	 * @return Found PerunUser
-	 */
-	public static PerunUser getPerunUser(HttpServletRequest request, PerunAdapter perunAdapter, String samlIdAttribute) {
-		SAMLCredential samlCredential = getSamlCredential(request);
+	public static PerunUser getPerunUser(HttpServletRequest request,
+										 PerunAdapter perunAdapter,
+										 String samlIdAttribute)
+	{
+		return getPerunUser(getSamlCredential(request), perunAdapter, samlIdAttribute);
+	}
+
+	public static PerunUser getPerunUser(SAMLCredential samlCredential,
+										 PerunAdapter perunAdapter,
+										 String samlIdAttribute) {
+		if (perunAdapter == null) {
+			throw new IllegalArgumentException("Cannot fetch user, no adapter passed");
+		}
 		if (samlCredential == null) {
 			return null;
 		}
-		PerunPrincipal principal = getPerunPrincipal(samlCredential, samlIdAttribute);
-		log.debug("fetching Perun user with extLogin '{}' and extSourceName '{}'",
-				principal.getExtLogin(), principal.getExtSourceName());
-		return perunAdapter.getPreauthenticatedUserId(principal);
+		String extLogin = getExtLogin(samlCredential, samlIdAttribute);
+		String extSourceName = getExtSourceName(samlCredential);
+		if (!StringUtils.hasText(extLogin)) {
+			return null;
+		} else if (!StringUtils.hasText(extSourceName)) {
+			return null;
+		}
+		return perunAdapter.getPreauthenticatedUserId(extLogin, extSourceName);
 	}
 
 	public static SAMLCredential getSamlCredential(HttpServletRequest request) {
@@ -118,7 +126,7 @@ public class FiltersUtils {
 		return (SAMLCredential) p.getCredentials();
 	}
 
-	public static PerunPrincipal getPerunPrincipal(SAMLCredential credential, String idAttribute) {
+	public static String getExtLogin(SAMLCredential credential, String idAttribute) {
 		if (credential == null) {
 			throw new IllegalArgumentException("No SAML credential passed");
 		} else if (!StringUtils.hasText(idAttribute)) {
@@ -128,39 +136,14 @@ public class FiltersUtils {
 		if (identifierAttrOid == null) {
 			throw new IllegalStateException("SAML credentials has no value for attribute: " + idAttribute);
 		}
-		String extLogin = credential.getAttributeAsString(identifierAttrOid);
-		String extSourceName = credential.getRemoteEntityID();
-		return new PerunPrincipal(extLogin, extSourceName);
+		return credential.getAttributeAsString(identifierAttrOid);
 	}
 
-	/**
-	 * Extract PerunPrincipal from request
-	 * @param req request object
-	 * @param proxyExtSourceName name of proxy
-	 * @return extracted principal or null if not present
-	 */
-	public static PerunPrincipal extractPerunPrincipal(HttpServletRequest req, String proxyExtSourceName) {
-		String extLogin = null;
-		String remoteUser = req.getRemoteUser();
-		if (StringUtils.hasText(remoteUser)) {
-			extLogin = remoteUser;
-		} else if (req.getUserPrincipal() != null) {
-			extLogin = ((User)req.getUserPrincipal()).getUsername();
+	public static String getExtSourceName(SAMLCredential credential) {
+		if (credential == null) {
+			throw new IllegalArgumentException("No SAML credential passed");
 		}
-
-		PerunPrincipal principal = null;
-		log.error("{}", req.getUserPrincipal());
-		log.error("{}", req.getRemoteUser());
-
-
-		if (extLogin != null) {
-			principal = new PerunPrincipal(extLogin, proxyExtSourceName);
-			log.debug("extracted principal '{}'", principal);
-		} else {
-			log.debug("could not extract principal");
-		}
-
-		return principal;
+		return credential.getRemoteEntityID();
 	}
 
 	/**