diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
index 0fd91094e..9f3dabf81 100644
--- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
+++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
@@ -71,16 +71,18 @@ public class AuthenticationService {
 		try {
 
 			StringBuilder sb = new StringBuilder();
-			if (StringHelper.isEmpty(login.getUsername())) {
-				sb.append("Username was not given. "); //$NON-NLS-1$
+			if (StringHelper.isEmpty(login.getUsername()) || login.getUsername().length() < 2) {
+				sb.append("Username was not given or is too short!"); //$NON-NLS-1$
 			}
-			if (StringHelper.isEmpty(login.getPassword())) {
-				sb.append("Password was not given."); //$NON-NLS-1$
+			if (StringHelper.isEmpty(login.getPassword()) || login.getPassword().length() < 3) {
+				if (sb.length() > 0)
+					sb.append("\n");
+				sb.append("Password was not given or was too short!"); //$NON-NLS-1$
 			}
 
 			if (sb.length() != 0) {
 				loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", sb.toString())); //$NON-NLS-1$
-				return Response.status(Status.UNAUTHORIZED).entity(loginResult).build();
+				return Response.status(Status.BAD_REQUEST).entity(loginResult).build();
 			}
 
 			RestfulStrolchComponent restfulStrolchComponent = RestfulStrolchComponent.getInstance();
@@ -103,12 +105,14 @@ public class AuthenticationService {
 			else
 				loginResult.setPrivileges(allowList);
 
-			return Response.ok().entity(entity).build();
+			return Response.ok().entity(entity)//
+					.header(HttpHeaders.AUTHORIZATION, certificate.getAuthToken())//
+					.build();
 
-		} catch (StrolchException e) {
+		} catch (StrolchException | PrivilegeException e) {
 			logger.error(e.getMessage(), e);
 			loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", e.getMessage())); //$NON-NLS-1$
-			return Response.status(Status.UNAUTHORIZED).entity(entity).build();
+			return Response.status(Status.FORBIDDEN).entity(entity).build();
 		} catch (Exception e) {
 			logger.error(e.getMessage(), e);
 			String msg = e.getMessage();
diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/filters/AuthenicationRequestFilter.java b/li.strolch.rest/src/main/java/li/strolch/rest/filters/AuthenicationRequestFilter.java
index 54ee13587..bb0c12c81 100644
--- a/li.strolch.rest/src/main/java/li/strolch/rest/filters/AuthenicationRequestFilter.java
+++ b/li.strolch.rest/src/main/java/li/strolch/rest/filters/AuthenicationRequestFilter.java
@@ -6,16 +6,19 @@ package li.strolch.rest.filters;
 import static li.strolch.rest.StrolchRestfulConstants.STROLCH_CERTIFICATE;
 
 import java.io.IOException;
+import java.util.List;
 
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerRequestFilter;
 import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.ext.Provider;
 
 import li.strolch.rest.RestfulStrolchComponent;
 import li.strolch.rest.StrolchSessionHandler;
 import ch.eitchnet.privilege.model.Certificate;
+import ch.eitchnet.utils.helper.StringHelper;
 
 /**
  * @author Reto Breitenmoser <reto.breitenmoser@4trees.ch>
@@ -26,17 +29,29 @@ public class AuthenicationRequestFilter implements ContainerRequestFilter {
 
 	@Override
 	public void filter(ContainerRequestContext requestContext) throws IOException {
+
+		List<String> matchedURIs = requestContext.getUriInfo().getMatchedURIs();
+
+		// we allow unauthorized access to the authentication service
+		if (matchedURIs.contains("strolch/authentication")) {
+			return;
+		}
+
 		String sessionId = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
-		if (sessionId != null) {
-			try {
-				StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getComponent(
-						StrolchSessionHandler.class);
-				Certificate certificate = sessionHandler.validate(sessionId);
-				requestContext.setProperty(STROLCH_CERTIFICATE, certificate);
-			} catch (Exception e) {
-				requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED)
-						.entity("User cannot access the resource.").build()); //$NON-NLS-1$
-			}
+		if (StringHelper.isEmpty(sessionId)) {
+			requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED)
+					.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN).entity("Missing Authorization!").build()); //$NON-NLS-1$
+		}
+
+		try {
+			StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getComponent(
+					StrolchSessionHandler.class);
+			Certificate certificate = sessionHandler.validate(sessionId);
+			requestContext.setProperty(STROLCH_CERTIFICATE, certificate);
+		} catch (Exception e) {
+			requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED)
+					.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN)
+					.entity("User cannot access the resource.").build()); //$NON-NLS-1$
 		}
 	}
 }