diff --git a/src/libcharon/sa/authenticators/eap_authenticator.c b/src/libcharon/sa/authenticators/eap_authenticator.c
index 4617c4d8d..0fbeb63fe 100644
--- a/src/libcharon/sa/authenticators/eap_authenticator.c
+++ b/src/libcharon/sa/authenticators/eap_authenticator.c
@@ -220,7 +220,6 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this,
 	eap_type_t type, received_type;
 	u_int32_t vendor, received_vendor;
 	eap_payload_t *out;
-	auth_cfg_t *cfg;
 
 	if (in->get_code(in) != EAP_RESPONSE)
 	{
@@ -283,12 +282,6 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this,
 			}
 			this->ike_sa->set_condition(this->ike_sa, COND_EAP_AUTHENTICATED,
 										TRUE);
-			cfg = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
-			cfg->add(cfg, AUTH_RULE_EAP_TYPE, type);
-			if (vendor)
-			{
-				cfg->add(cfg, AUTH_RULE_EAP_VENDOR, vendor);
-			}
 			this->eap_complete = TRUE;
 			return eap_payload_create_code(EAP_SUCCESS, in->get_identifier(in));
 		case FAILED:
diff --git a/src/libcharon/sa/tasks/ike_auth.c b/src/libcharon/sa/tasks/ike_auth.c
index a07f96767..5df1a26f8 100644
--- a/src/libcharon/sa/tasks/ike_auth.c
+++ b/src/libcharon/sa/tasks/ike_auth.c
@@ -527,7 +527,16 @@ static status_t process_r(private_ike_auth_t *this, message_t *message)
 				}
 				cand = get_auth_cfg(this, FALSE);
 			}
-			cfg->merge(cfg, cand, TRUE);
+			/* copy over the EAP specific rules for authentication */
+			cfg->add(cfg, AUTH_RULE_EAP_TYPE,
+					 cand->get(cand, AUTH_RULE_EAP_TYPE));
+			cfg->add(cfg, AUTH_RULE_EAP_VENDOR,
+					 cand->get(cand, AUTH_RULE_EAP_VENDOR));
+			id = (identification_t*)cand->get(cand, AUTH_RULE_EAP_IDENTITY);
+			if (id)
+			{
+				cfg->add(cfg, AUTH_RULE_EAP_IDENTITY, id->clone(id));
+			}
 		}
 
 		/* verify authentication data */