added ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest

16 files changed, 1296 insertions, 7 deletions

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java
index 1a590aa1..38b50a0a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java
@@ -84,6 +84,7 @@ public class IdAustriaClientAuthConstants {
   public static final List<Triple<String, String, Boolean>> DEFAULT_REQUIRED_PVP_ATTRIBUTES =
       Collections.unmodifiableList(new ArrayList<Triple<String, String, Boolean>>() {
         private static final long serialVersionUID = 1L;
+
         {
           // add PVP Version attribute
           add(Triple.newInstance(PvpAttributeDefinitions.PVP_VERSION_NAME,
@@ -96,8 +97,8 @@ public class IdAustriaClientAuthConstants {
               PvpAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, true));
 
           // entity eID information
-          add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME,
-              ExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, true));
+          //          add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME,
+          //              ExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, true));
           add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME,
               ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, true));
 
@@ -111,6 +112,7 @@ public class IdAustriaClientAuthConstants {
   public static final List<String> DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES =
       Collections.unmodifiableList(new ArrayList<String>() {
         private static final long serialVersionUID = 1L;
+
         {
           for (final Triple<String, String, Boolean> el : DEFAULT_REQUIRED_PVP_ATTRIBUTES) {
             add(el.getFirst());
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyPendingRequest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyPendingRequest.java
new file mode 100644
index 00000000..9a91ecbd
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyPendingRequest.java
@@ -0,0 +1,8 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy;
+
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
+
+public class DummyPendingRequest extends RequestImpl {
+  private static final long serialVersionUID = 8136280395622411505L;
+}
+
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java
index 379f64ee..2579bb40 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java
@@ -22,6 +22,8 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
 import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
 import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
 import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.junit.Assert;
@@ -73,8 +75,8 @@ public class GenerateMobilePhoneSignatureRequestTaskTest {
   private PvpMetadataResolverFactory metadataFactory;
   @Autowired
   private DummyGuiBuilderConfigurationFactory guiBuilderConfigFactory;
-//  @Autowired
-//  private SamlVerificationEngine samlVerifyEngine;
+  @Autowired
+  private SamlVerificationEngine samlVerifyEngine;
 //  @Autowired
 //  private ITransactionStorage transactionStorage;
 
@@ -284,7 +286,7 @@ public class GenerateMobilePhoneSignatureRequestTaskTest {
     msg.setEntityID(authnRequest.getIssuer().getValue());
     metadataProvider.addMetadataResolverIntoChain(
         metadataFactory.createMetadataProvider(METADATA_SP_PATH, null, "jUnit SP", null));
-//    samlVerifyEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+    //samlVerifyEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
 //TODO
     //check other elements
 //    Assert.assertNotNull("Proxy-Scope", authnRequest.getScoping());
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java
new file mode 100644
index 00000000..a07343f9
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java
@@ -0,0 +1,775 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
+
+
+import java.io.IOException;
+import java.util.Base64;
+
+import javax.xml.transform.TransformerException;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyAuthConfigMap;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyPendingRequest;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.joda.time.DateTime;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.MarshallingException;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.Response;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import net.shibboleth.utilities.java.support.xml.XMLParserException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+//@ContextConfiguration({"/spring/SpringTest-context_mapConfig_full.xml", "classpath:/spring/test_eaaf_core.beans.xml"})
+@ContextConfiguration(locations = {
+    "/SpringTest-context_tasks_test1.xml",
+    "/SpringTest-context_basic_mapConfig1.xml"
+})
+public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
+
+  private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml";
+  private static final String TEST_SIGNED_AUTHBLOCK = "MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQG"
+      + "EwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMw"
+      + "MDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0"
+      + "YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eT"
+      + "OWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFt"
+      + "zO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA==";
+
+  @Autowired(required = true)
+  private ApplicationContext context;
+  @Autowired(required = true)
+  protected DummyAuthConfigMap authConfig;
+  @Autowired private IdAustriaClientAuthMetadataProvider metadataProvider;
+  @Autowired private IdAustriaClientAuthCredentialProvider credentialProvider;
+  @Autowired private PvpMetadataResolverFactory metadataFactory;
+
+  final ExecutionContext executionContext = new ExecutionContextImpl();
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+  private DummyPendingRequest pendingReq;
+  private DummyOA oaParam;
+
+  private ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask task;
+
+  /**
+   * JUnit class initializer.
+   *
+   * @throws Exception In case of an OpenSAML3 initialization error
+   */
+  @BeforeClass
+  public static void initialize() throws Exception {
+    EaafOpenSaml3xInitializer.eaafInitialize();
+
+  }
+
+  /**
+   * jUnit test set-up.
+   *
+   * @throws Exception In case of an set-up error
+   */
+  @Before
+  public void setUp() throws Exception {
+    task = (ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask) context.getBean("ReceiveMobilePhoneSignatureResponseTask");
+
+    httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
+    httpReq.setScheme("https");
+    httpReq.setServerPort(443);
+    httpReq.setContextPath("/authhandler");
+    httpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+    authConfig.putConfigValue("modules.eidascentralauth.request.sign.alias", "sig");
+//    authConfig.putConfigValue(AuthHandlerConstants.PROP_CONFIG_LEGACY_ALLOW, "false");
+
+    oaParam = new DummyOA();
+    oaParam.setUniqueAppId("http://test.com/test");
+    oaParam.setTargetIdentifier(
+        EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2));
+    oaParam.setEidasEnabled(true);
+    oaParam.putGenericConfigurationKey(
+        IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
+    oaParam.putGenericConfigurationKey(
+        IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, null);
+    oaParam.setMandateProfilesCsv(
+        RandomStringUtils.randomAlphabetic(5)
+            + "," + RandomStringUtils.randomAlphabetic(5)
+            + "," + RandomStringUtils.randomAlphabetic(5));
+
+    pendingReq = new DummyPendingRequest();
+    pendingReq.initialize(httpReq, authConfig);
+    pendingReq.setPendingRequestId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setOnlineApplicationConfiguration(oaParam);
+    //pendingReq.setAuthUrl("https://localhost/authhandler");
+
+    metadataProvider.fullyDestroy();
+
+  }
+
+  @Test
+  public void unsupportedHttpMethode() {
+    httpReq = new MockHttpServletRequest("PUT", "https://localhost/authhandler");
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+    try {
+      task.execute(pendingReq, executionContext);
+      Assert.fail("Invalid response not detected");
+
+    } catch (final TaskExecutionException e) {
+      Assert.assertNotNull(e.getPendingRequestID());
+      Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+      Assert.assertNotNull(e.getOriginalException());
+      org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+          e.getOriginalException());
+      Assert.assertEquals("sp.pvp2.03",
+          ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+
+    }
+  }
+
+  @Test
+  public void httpGetNoMessage() {
+    httpReq = new MockHttpServletRequest("GET", "https://localhost/authhandler");
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+    try {
+      task.execute(pendingReq, executionContext);
+      Assert.fail("Invalid response not detected");
+
+    } catch (final TaskExecutionException e) {
+      Assert.assertNotNull(e.getPendingRequestID());
+      Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+      Assert.assertNotNull(e.getOriginalException());
+      org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+          e.getOriginalException());
+      Assert.assertEquals("sp.pvp2.12",
+          ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+
+    }
+  }
+
+  @Test
+  public void httpPostNoMessage() {
+    try {
+      task.execute(pendingReq, executionContext);
+      Assert.fail("Invalid response not detected");
+
+    } catch (final TaskExecutionException e) {
+      Assert.assertNotNull(e.getPendingRequestID());
+      Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+      Assert.assertNotNull(e.getOriginalException());
+      org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+          e.getOriginalException());
+      Assert.assertEquals("sp.pvp2.12",
+          ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+
+    }
+  }
+
+  @Test
+  public void httpPostMessageNotSigned() throws IOException {
+
+    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+        IOUtils.toByteArray(ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.class.getResourceAsStream(
+            "/data/Response_without_sig_classpath_entityid.xml"))));
+
+    try {
+      task.execute(pendingReq, executionContext);
+      Assert.fail("Invalid response not detected");
+
+    } catch (final TaskExecutionException e) {
+      Assert.assertNotNull(e.getPendingRequestID());
+      Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+      Assert.assertNotNull(e.getOriginalException());
+      org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+          e.getOriginalException());
+      Assert.assertEquals("sp.pvp2.12",
+          ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+
+    }
+  }
+
+  @Test
+  public void httpPostMessageWrongDestinationEndpoint() throws IOException, SamlSigningException,
+      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+      TransformerException, MarshallingException {
+
+    final Response response = initializeResponse(
+        "classpath:/data/idp_metadata_classpath_entity.xml",
+        "/data/Response_with_wrong_destination_endpoint.xml",
+        credentialProvider.getMessageSigningCredential(), true);
+    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+    try {
+      task.execute(pendingReq, executionContext);
+      Assert.fail("Invalid response not detected");
+
+    } catch (final TaskExecutionException e) {
+      Assert.assertNotNull(e.getPendingRequestID());
+      Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+      Assert.assertNotNull(e.getOriginalException());
+      org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+          e.getOriginalException());
+      Assert.assertEquals("sp.pvp2.12",
+          ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+
+    }
+  }
+
+  @Test
+  public void httpPostValidSignedNoMetadata() throws IOException, SamlSigningException,
+      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+      MarshallingException, TransformerException {
+
+    final Response response = initializeResponse(
+        "classpath:/data/idp_metadata_classpath_entity.xml",
+        "/data/Response_without_sig_classpath_entityid.xml",
+        credentialProvider.getMessageSigningCredential(), true);
+    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+    try {
+      task.execute(pendingReq, executionContext);
+      Assert.fail("Invalid response not detected");
+
+    } catch (final TaskExecutionException e) {
+      Assert.assertNotNull(e.getPendingRequestID());
+      Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+      Assert.assertNotNull(e.getOriginalException());
+      org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+          e.getOriginalException());
+      Assert.assertEquals("sp.pvp2.11",
+          ((EaafException) e.getOriginalException()).getErrorId());
+
+    }
+  }
+
+  @Test
+  public void httpPostValidSignedAssertionOutDated() throws IOException, SamlSigningException,
+      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+      MarshallingException, TransformerException {
+
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+
+    final Response response = initializeResponse(
+        "classpath:/data/idp_metadata_classpath_entity.xml",
+        "/data/Response_without_sig_classpath_entityid.xml",
+        credentialProvider.getMessageSigningCredential(), false);
+    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+    try {
+      task.execute(pendingReq, executionContext);
+      Assert.fail("Invalid response not detected");
+
+    } catch (final TaskExecutionException e) {
+      Assert.assertNotNull(e.getPendingRequestID());
+      Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+      Assert.assertNotNull(e.getOriginalException());
+      org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+          e.getOriginalException());
+      Assert.assertEquals("sp.pvp2.12",
+          ((EaafException) e.getOriginalException()).getErrorId());
+
+    }
+  }
+
+  @Test
+  public void httpPostValidSignedAssertionFromWrongIdp() throws IOException, SamlSigningException,
+      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+      MarshallingException, TransformerException {
+
+    oaParam.putGenericConfigurationKey(
+        IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, "http://wrong.idp");
+
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+
+    final Response response = initializeResponse(
+        "classpath:/data/idp_metadata_classpath_entity.xml",
+        "/data/Response_without_sig_classpath_entityid.xml",
+        credentialProvider.getMessageSigningCredential(),
+        true);
+    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+    try {
+      task.execute(pendingReq, executionContext);
+      Assert.fail("Invalid response not detected");
+
+    } catch (final TaskExecutionException e) {
+      Assert.assertNotNull(e.getPendingRequestID());
+      Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+      Assert.assertNotNull(e.getOriginalException());
+      org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+          e.getOriginalException());
+      Assert.assertEquals("sp.pvp2.08",
+          ((EaafException) e.getOriginalException()).getErrorId());
+
+    }
+  }
+
+  @Test
+  public void httpPostValidSignedAssertionMissingAttributes() throws IOException, SamlSigningException,
+      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+      MarshallingException, TransformerException {
+
+    oaParam.putGenericConfigurationKey(
+        IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
+
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+
+    final Response response = initializeResponse(
+        "classpath:/data/idp_metadata_classpath_entity.xml",
+        "/data/Response_without_sig_classpath_entityid.xml",
+        credentialProvider.getMessageSigningCredential(),
+        true);
+    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+    try {
+      task.execute(pendingReq, executionContext);
+      Assert.fail("Invalid response not detected");
+
+    } catch (final TaskExecutionException e) {
+      Assert.assertNotNull(e.getPendingRequestID());
+      Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+      Assert.assertNotNull(e.getOriginalException());
+      org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+          e.getOriginalException());
+      Assert.assertEquals("sp.pvp2.12",
+          ((EaafException) e.getOriginalException()).getErrorId());
+
+    }
+  }
+
+  @Test
+  public void httpPostValidSignedWithError() throws IOException, SamlSigningException,
+      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+      MarshallingException, TransformerException {
+
+    oaParam.putGenericConfigurationKey(
+        IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
+
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+
+    final Response response = initializeResponse(
+        "classpath:/data/idp_metadata_classpath_entity.xml",
+        "/data/Response_without_sig_with_error.xml",
+        credentialProvider.getMessageSigningCredential(),
+        true);
+    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+    try {
+      task.execute(pendingReq, executionContext);
+      Assert.fail("Invalid response not detected");
+
+    } catch (final TaskExecutionException e) {
+      Assert.assertNotNull(e.getPendingRequestID());
+      Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+      Assert.assertNotNull(e.getOriginalException());
+      org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+          e.getOriginalException());
+      Assert.assertEquals("sp.pvp2.05",
+          ((EaafException) e.getOriginalException()).getErrorId());
+
+    }
+  }
+
+  @Test
+  public void httpPostValidSignedWitUserStopErrorCode() throws IOException, SamlSigningException,
+      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+      MarshallingException, TransformerException, TaskExecutionException {
+
+    oaParam.putGenericConfigurationKey(
+        IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
+
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+
+    final Response response = initializeResponse(
+        "classpath:/data/idp_metadata_classpath_entity.xml",
+        "/data/Response_without_sig_with_error_userstop.xml",
+        credentialProvider.getMessageSigningCredential(),
+        true);
+    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+    //perform test
+    task.execute(pendingReq, executionContext);
+
+    //validate state
+    Assert.assertTrue("process not cancelled", executionContext.isProcessCancelled());
+    Assert.assertTrue("process not stopped by user", pendingReq.isAbortedByUser());
+    Assert.assertFalse("should not authenticated", pendingReq.isAuthenticated());
+
+  }
+
+  @Test
+  public void httpPostValidSignedWithErrorAndNoSubCode() throws IOException, SamlSigningException,
+      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+      MarshallingException, TransformerException {
+
+    oaParam.putGenericConfigurationKey(
+        IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
+
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+
+    final Response response = initializeResponse(
+        "classpath:/data/idp_metadata_classpath_entity.xml",
+        "/data/Response_without_sig_with_error_without_subcode.xml",
+        credentialProvider.getMessageSigningCredential(),
+        true);
+    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+    try {
+      task.execute(pendingReq, executionContext);
+      Assert.fail("Invalid response not detected");
+
+    } catch (final TaskExecutionException e) {
+      Assert.assertNotNull(e.getPendingRequestID());
+      Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+      Assert.assertNotNull(e.getOriginalException());
+      org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+          e.getOriginalException());
+      Assert.assertEquals("sp.pvp2.05",
+          ((EaafException) e.getOriginalException()).getErrorId());
+
+    }
+  }
+
+  @Test
+  public void httpPostValidSignedWithErrorAndEmptySubCode() throws IOException, SamlSigningException,
+      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+      MarshallingException, TransformerException {
+
+    oaParam.putGenericConfigurationKey(
+        IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
+
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+
+    final Response response = initializeResponse(
+        "classpath:/data/idp_metadata_classpath_entity.xml",
+        "/data/Response_without_sig_with_error_empty_subcode.xml",
+        credentialProvider.getMessageSigningCredential(),
+        true);
+    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+    try {
+      task.execute(pendingReq, executionContext);
+      Assert.fail("Invalid response not detected");
+
+    } catch (final TaskExecutionException e) {
+      Assert.assertNotNull(e.getPendingRequestID());
+      Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+      Assert.assertNotNull(e.getOriginalException());
+      org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+          e.getOriginalException());
+      Assert.assertEquals("sp.pvp2.05",
+          ((EaafException) e.getOriginalException()).getErrorId());
+
+    }
+  }
+
+  @Test
+  public void responseWrongEidasBind() throws IOException, SamlSigningException,
+      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+      MarshallingException, TransformerException {
+
+    oaParam.putGenericConfigurationKey(
+        IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
+
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+
+    final Response response = initializeResponse(
+        "classpath:/data/idp_metadata_classpath_entity.xml",
+        "/data/Response_with_EID_wrong_data.xml",
+        credentialProvider.getMessageSigningCredential(),
+        true);
+    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+    try {
+      task.execute(pendingReq, executionContext);
+      Assert.fail("Invalid response not detected");
+
+    } catch (final TaskExecutionException e) {
+      Assert.assertNotNull(e.getPendingRequestID());
+      Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+      Assert.assertNotNull(e.getOriginalException());
+      org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+          e.getOriginalException());
+      Assert.assertEquals("sp.pvp2.12",
+          ((EaafException) e.getOriginalException()).getErrorId());
+
+    }
+  }
+
+  @Test
+  public void httpPostValidSignedAssertionEidValid() throws IOException, SamlSigningException,
+      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+      MarshallingException, TransformerException, TaskExecutionException {
+
+    oaParam.putGenericConfigurationKey(
+        IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
+
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+
+    final Response response = initializeResponse(
+        "classpath:/data/idp_metadata_classpath_entity.xml",
+        "/data/Response_with_EID.xml",
+        credentialProvider.getMessageSigningCredential(),
+        true);
+    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+    //perform task
+    task.execute(pendingReq, executionContext);
+
+    //validate state
+//    Assert.assertTrue("Wrong EID-Process flag",
+//        (boolean) executionContext.get(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS));
+//    Assert.assertFalse("Wrong Mandate flag",
+//        (boolean) executionContext.get(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES));
+
+    Assert.assertEquals("piiTransactionId", "piiId_112233445566", pendingReq.getUniquePiiTransactionIdentifier());
+
+    final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+
+    Assert.assertTrue("E-ID flag", session.isEidProcess());
+    Assert.assertTrue("Foreign flag", session.isForeigner());
+//    Assert.assertEquals("eidasBind", EIDAS_BIND, session.getQcBind());
+//    Assert.assertEquals("vsz",
+//        "OD/kCGIFbjLTW0po6IZSmoaz3uhPYlO3S5bs9JnK0A5DHtufM3APLuDc3Llp4PeNdEa4NrCmgHr1YUiHT5irT8eDAfGpIbQHJg==",
+//        session.getVsz());
+//    Assert.assertArrayEquals("signedConsent",
+//        Base64.getDecoder().decode(TEST_SIGNED_AUTHBLOCK), session.getSignedAuthBlock());
+//    Assert.assertEquals("AuthBlockType", AuthHandlerConstants.AuthBlockType.JWS, session.getSignedAuthBlockType());
+
+    Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel());
+    Assert.assertEquals("CountryCode", "IT", session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class));
+    Assert.assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString());
+
+//    Assert.assertNull("SigCert", session.getEncodedSignerCertificate());
+
+//    Assert.assertFalse("Mandate flag", session.isMandateUsed());
+//    Assert.assertNull("MandateInfos", session.getMandateDate());
+
+    Assert.assertNull("MandateType", session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.MANDATE_TYPE_NAME, String.class));
+    Assert.assertNull("Legal Person CommonName", session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, String.class));
+    Assert.assertNull("Legal Person SourcePin",session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class));
+    Assert.assertNull("Legal Person SourcePinType", session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class));
+  }
+
+  @Test
+  public void httpPostValidSignedAssertionLegacyValid() throws IOException, SamlSigningException,
+      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+      MarshallingException, TransformerException, TaskExecutionException {
+//    authConfig.putConfigValue(AuthHandlerConstants.PROP_CONFIG_LEGACY_ALLOW, "true");
+    oaParam.putGenericConfigurationKey(
+        IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
+
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+
+    final Response response = initializeResponse(
+        "classpath:/data/idp_metadata_classpath_entity.xml",
+        "/data/Response_with_legacy.xml",
+        credentialProvider.getMessageSigningCredential(),
+        true);
+    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+    String piiTransId = pendingReq.getUniquePiiTransactionIdentifier();
+
+    //perform task
+    task.execute(pendingReq, executionContext);
+
+    //validate state
+//    Assert.assertFalse("Wrong EID-Process flag",
+//        (boolean) executionContext.get(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS));
+//    Assert.assertFalse("Wrong Mandate flag",
+//        (boolean) executionContext.get(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES));
+
+    Assert.assertEquals("piiTransactionId", piiTransId, pendingReq.getUniquePiiTransactionIdentifier());
+
+    final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+
+    Assert.assertFalse("E-ID flag", session.isEidProcess());
+    Assert.assertTrue("Foreign flag", session.isForeigner());
+    Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/test", session.getQaaLevel());
+    Assert.assertEquals("CountryCode", "AB", session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class));
+    Assert.assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString());
+
+    Assert.assertEquals("FamilyName", "Mustermann", session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class));
+    Assert.assertEquals("Givenname", "Max", session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.GIVEN_NAME_NAME, String.class));
+    Assert.assertEquals("DateOfBirth", "1940-01-01", session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.BIRTHDATE_NAME, String.class));
+
+    Assert.assertEquals("bPK", "BF:QVGm48cqcM4UcyhDTNGYmVdrIoY=", session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.BPK_NAME, String.class));
+    Assert.assertEquals("bPK-Target", "urn:publicid:gv.at:cdid+BF", session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class));
+    Assert.assertEquals("AuthBlock", TEST_SIGNED_AUTHBLOCK, session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.EID_IDENTITY_LINK_NAME, String.class));
+
+//    Assert.assertNull("SigCert", session.getEncodedSignerCertificate());
+//    Assert.assertNull("eidasBind", session.getQcBind());
+//    Assert.assertNull("signedConsent", session.getSignedAuthBlock());
+//    Assert.assertEquals("signedConsentType", AuthBlockType.NONE, session.getSignedAuthBlockType());
+
+    Assert.assertFalse("Mandate flag", session.isMandateUsed());
+//    Assert.assertNull("MandateInfos", session.getMandateDate());
+
+  }
+
+  @Test
+  public void httpPostValidSignedAssertionWithLegacyAndEid() throws IOException, SamlSigningException,
+      Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+      MarshallingException, TransformerException, TaskExecutionException {
+
+    oaParam.putGenericConfigurationKey(
+        IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
+
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+
+    final Response response = initializeResponse(
+        "classpath:/data/idp_metadata_classpath_entity.xml",
+        "/data/Response_with_legacy_and_EID.xml",
+        credentialProvider.getMessageSigningCredential(),
+        true);
+    httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+    //perform task
+    task.execute(pendingReq, executionContext);
+
+    //validate state
+//    Assert.assertTrue("Wrong EID-Process flag",
+//        (boolean) executionContext.get(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS));
+    final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+//    Assert.assertFalse("Wrong Mandate flag",
+//        (boolean) executionContext.get(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES));
+
+//    Assert.assertTrue("E-ID flag", session.isEidProcess());
+//    Assert.assertTrue("Foreign flag", session.isForeigner());
+    Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/test", session.getQaaLevel());
+    Assert.assertEquals("CountryCode", "AB", session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class));
+    Assert.assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString());
+
+//    Assert.assertEquals("eidasBind", EIDAS_BIND, session.getQcBind());
+//    Assert.assertArrayEquals("signedConsent",
+//        Base64.getDecoder().decode(TEST_SIGNED_AUTHBLOCK), session.getSignedAuthBlock());
+
+    Assert.assertEquals("FamilyName", "Mustermann", session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class));
+    Assert.assertEquals("Givenname", "Max", session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.GIVEN_NAME_NAME, String.class));
+    Assert.assertEquals("DateOfBirth", "1940-01-01", session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.BIRTHDATE_NAME, String.class));
+
+    Assert.assertEquals("FamilyName", "BF:QVGm48cqcM4UcyhDTNGYmVdrIoY=", session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.BPK_NAME, String.class));
+    Assert.assertEquals("FamilyName", "urn:publicid:gv.at:cdid+BF", session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class));
+    Assert.assertEquals("FamilyName", TEST_SIGNED_AUTHBLOCK, session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.EID_IDENTITY_LINK_NAME, String.class));
+
+//    Assert.assertNull("SigCert", session.getEncodedSignerCertificate());
+
+    Assert.assertFalse("Mandate flag", session.isMandateUsed());
+//    Assert.assertNull("MandateInfos", session.getMandateDate());
+
+    Assert.assertNull("MandateType", session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.MANDATE_TYPE_NAME, String.class));
+    Assert.assertNull("Legal Person CommonName", session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, String.class));
+    Assert.assertNull("Legal Person SourcePin",session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class));
+    Assert.assertNull("Legal Person SourcePinType", session.getGenericDataFromSession(
+        ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class));
+
+  }
+
+
+
+
+  private Response initializeResponse(String idpEntityId, String responsePath, EaafX509Credential credential,
+                                      boolean validConditions) throws SamlSigningException, XMLParserException, UnmarshallingException,
+      Pvp2MetadataException {
+
+    final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.class.getResourceAsStream(responsePath));
+    response.setIssueInstant(DateTime.now());
+    final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
+    issuer.setValue(idpEntityId);
+    response.setIssuer(issuer);
+
+    if (validConditions) {
+      response.getAssertions().get(0).getConditions().setNotOnOrAfter(DateTime.now().plusMinutes(5));
+
+    }
+
+    return Saml2Utils.signSamlObject(response, credential, true);
+  }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test1.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test1.xml
index 7a1719d3..c58eb330 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test1.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test1.xml
@@ -142,4 +142,8 @@
   <bean id="IGuiBuilderConfigurationFactory"
         class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory" />
 
+  <bean id="SAMLVerificationEngine"
+      class="at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine" />
+
+
 </beans>
\ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1-.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1-.properties
index 28f1552c..ee4dff39 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1-.properties
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1-.properties
@@ -136,7 +136,7 @@ eidas.ms.modules.idaustriaclient.truststore.path=../keystore/junit_test.jks
 eidas.ms.modules.idaustriaclient.truststore.password=password
 eidas.ms.modules.idaustriaclient.truststore.type=jks
 
-eidas.ms.modules.idaustriaclient.node.entityId=
+eidas.ms.modules.idaustriaclient.node.entityId=classpath:/data/idp_metadata_classpath_entity.xml
 eidas.ms.modules.idaustriaclient.sp.entityId=
 eidas.ms.modules.idaustriaclient.node.metadataUrl=
 
@@ -221,7 +221,7 @@ modules.idaustriaclient.metadata.organisation.name=JUnit
 modules.idaustriaclient.metadata.organisation.url=http://junit.test
 modules.idaustriaclient.metadata.sign.alias=meta
 modules.idaustriaclient.metadata.sign.password=password
-modules.idaustriaclient.node.entityId=
+modules.idaustriaclient.node.entityId=classpath:/data/idp_metadata_classpath_entity.xml
 modules.idaustriaclient.node.metadataUrl=
 modules.idaustriaclient.request.sign.alias=sig
 modules.idaustriaclient.request.sign.password=password
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID.xml
new file mode 100644
index 00000000..cd2cceb5
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/idAustriaSp/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+	<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
+	<saml2p:Status>
+		<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+	</saml2p:Status>
+	<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_602c3236bffaf71ac3ac88674e76ff9f" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0">
+		<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer>
+		<saml2:Subject>
+			<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
+			<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+				<saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/idAustriaSp/post"/>
+			</saml2:SubjectConfirmation>
+		</saml2:Subject>
+		<saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
+			<saml2:AudienceRestriction>
+				<saml2:Audience>https://localhost/authhandler/idAustriaSp/metadata</saml2:Audience>
+			</saml2:AudienceRestriction>
+		</saml2:Conditions>
+		<saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
+			<saml2:AuthnContext>
+				<saml2:AuthnContextClassRef>http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef>
+			</saml2:AuthnContext>
+		</saml2:AuthnStatement>
+		<saml2:AttributeStatement>
+            <saml2:Attribute FriendlyName="piiTransactionId" Name="urn:eidgvat:attributes.piiTransactionId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">piiId_112233445566</saml2:AttributeValue>
+            </saml2:Attribute>
+			<saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">2.1</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-CITIZEN-QAA- EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">http://eidas.europa.eu/LoA/low</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">IT</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="eidBind" Name="urn:eidgvat:attributes.eidbind" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">eyJhbGciOiJQUzI1NiIsInVybjphdC5ndi5laWQ6YmluZHR5cGUiOiJ1cm46YXQuZ3YuZWlkOmJjQmluZCIsIng1dCNTMjU2IjoidmZDUTQ1eE9ndEhqWGFTQ0FDbVpPRzFVem9kSFpLaFVDZ1pxek50SU45SSJ9.ewogICJ1cm46ZWlkZ3ZhdDphdHRyaWJ1dGVzLnZzei52YWx1ZSI6ICJPRC9rQ0dJRmJqTFRXMHBvNklaU21vYXozdWhQWWxPM1M1YnM5Sm5LMEE1REh0dWZNM0FQTHVEYzNMbHA0UGVOZEVhNE5yQ21nSHIxWVVpSFQ1aXJUOGVEQWZHcEliUUhKZz09IiwKICAidXJuOmVpZGd2YXQ6YXR0cmlidXRlcy51c2VyLnB1YmtleXMiOiBbCiAgICAiTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE3UCtIclFwYVBXU1VpT0R1dkxackUzejlhTHMyc3NjR3pzd3NaazZsc0lQNjYyZVkwbnZkME04Vy9STG1ZTUV2ejZIaWNGNEEvZjA1WHBlSjROODlRWEtWaWJkUkdDTUNObGhEUW1LZ0xaVitIajdmQmZrcmdaWXpHUitlSTZkclU5Y1JRSHQ2NE9EL2lJRTFxTzhHbXF2a2EzUnhsOXV3V05GMUJMTDFORTVQenNDUzNuQUs3c1hSM2lVS0RDbVJ2RGx5WjQvTFJDMjRLbFhOc2doTkVSVlRnY2lvdzhGLzJSaHcwM0dUdllaU0c4dmxlTmRoaUVYR2grQlBqUW91cmlPRmg2TFVEY0djSnFJbFdacEZXUzYwNlRreG5BNEtacld2VkFBSjMwcGpBTkorUENVem11Z2lhcWxoaHRWQ1FwQjVwb0ZIR2UzRXJaUy8yME1oQ3dJREFRQUIiCiAgXSwKICAidXJuOmVpZGd2YXQ6YXR0cmlidXRlcy5laWQuc3RhdHVzIjogInVybjplaWRndmF0OmVpZC5zdGF0dXMubGlnaHQiLAogICJ1cm46ZWlkZ3ZhdDphdHRyaWJ1dGVzLmJpbmRpbmcuYXV0aGJsb2NrIjogewogICAgImhhc2hBbGciOiAiaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhNTEyIiwKICAgICJ2YWx1ZSI6ICJhYWFiYmJjY2NkZGRlZWVmZmZnZ2ciCiAgfSwKICAidXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMzIiOiJDWiIsCiAgInVybjplaWRndmF0Om1kcyI6ewogICAgICAidXJuOm9pZDoyLjUuNC40MiI6IlhYWENsYXVzIC0gTWFyaWEiLAogICAgICAidXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAiOiJYWFh2b24gQnJhbmRlbmJ1cmciLAogICAgICAidXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSI6IjE5ODQtMTItMzEiCiAgIH0sCiAgICAidXJuOmVpZGd2YXQ6YXR0cmlidXRlcy5hcHBsaWNhdGlvbi5yZXN0cmljdGlvbiI6IFsKICAgICJhcHBJZDEiLAogICAgImFwcElkMiIKICBdCn0.M83-8edNj64SBXV7BEZUTAgqFULZTmvFFmIdJ-GKCdJIWw-AXlfOCzCdvFYg1Y9_yfjWHuPWFJmh8RXzXN6yRqv8LjtxsK8qBmT3Xsg3puMrpTSiImoM1iSHTaVXZlSV74vj9Fdr9EXrTIZFA7Uj-JBFRQ_mkYdCdWnrIwwm3ojxnq_wrSepO_uYOOQ0w7lTveTyn_iXKVAk3f8N0gibODXXUiTnCuOr6CqZwKwiwuwgDNZEItkpR7r_qpZSwwim1OOc7JTQFi05ANRe8lP4YRLfGatp6FX-Tu4krT0xsgrd0bTKSYOaP11mOhftLAp-wOB-04zkfs0b7yYw6CGVHg</saml2:AttributeValue>
+			</saml2:Attribute>
+            <saml2:Attribute FriendlyName="userAuthBlock" Name="urn:eidgvat:attributes.authblock.signed" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+              <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA==</saml2:AttributeValue>
+            </saml2:Attribute>
+		</saml2:AttributeStatement>
+	</saml2:Assertion>
+</saml2p:Response>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID_wrong_data.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID_wrong_data.xml
new file mode 100644
index 00000000..50d434e3
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_EID_wrong_data.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/idAustriaSp/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+	<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
+	<saml2p:Status>
+		<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+	</saml2p:Status>
+	<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_602c3236bffaf71ac3ac88674e76ff9f" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0">
+		<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer>
+		<saml2:Subject>
+			<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
+			<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+				<saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/idAustriaSp/post"/>
+			</saml2:SubjectConfirmation>
+		</saml2:Subject>
+		<saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
+			<saml2:AudienceRestriction>
+				<saml2:Audience>https://localhost/authhandler/idAustriaSp/metadata</saml2:Audience>
+			</saml2:AudienceRestriction>
+		</saml2:Conditions>
+		<saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
+			<saml2:AuthnContext>
+				<saml2:AuthnContextClassRef>http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef>
+			</saml2:AuthnContext>
+		</saml2:AuthnStatement>
+		<saml2:AttributeStatement>
+            <saml2:Attribute FriendlyName="piiTransactionId" Name="urn:eidgvat:attributes.piiTransactionId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">piiId_112233445566</saml2:AttributeValue>
+            </saml2:Attribute>
+			<saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">2.1</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-CITIZEN-QAA- EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">http://eidas.europa.eu/LoA/low</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">IT</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="eidBind" Name="urn:eidgvat:attributes.eidbind" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">aabbccddeeffgghh</saml2:AttributeValue>
+			</saml2:Attribute>
+            <saml2:Attribute FriendlyName="userAuthBlock" Name="urn:eidgvat:attributes.authblock.signed" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+              <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA==</saml2:AttributeValue>
+            </saml2:Attribute>
+		</saml2:AttributeStatement>
+	</saml2:Assertion>
+</saml2p:Response>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy.xml
new file mode 100644
index 00000000..357b873d
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/idAustriaSp/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+	<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
+	<saml2p:Status>
+		<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+	</saml2p:Status>
+	<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_602c3236bffaf71ac3ac88674e76ff9f" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0">
+		<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer>
+		<saml2:Subject>
+			<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
+			<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+				<saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/idAustriaSp/post"/>
+			</saml2:SubjectConfirmation>
+		</saml2:Subject>
+		<saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
+			<saml2:AudienceRestriction>
+				<saml2:Audience>https://localhost/authhandler/idAustriaSp/metadata</saml2:Audience>
+			</saml2:AudienceRestriction>
+		</saml2:Conditions>
+		<saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
+			<saml2:AuthnContext>
+				<saml2:AuthnContextClassRef>http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef>
+			</saml2:AuthnContext>
+		</saml2:AuthnStatement>
+		<saml2:AttributeStatement>
+			<saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">2.1</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-CITIZEN-QAA- EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">http://eidas.europa.eu/LoA/test</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AB</saml2:AttributeValue>
+			</saml2:Attribute>
+            <saml2:Attribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+          <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Mustermann</saml2:AttributeValue>
+          </saml2:Attribute>
+          <saml2:Attribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Max</saml2:AttributeValue>
+          </saml2:Attribute>
+          <saml2:Attribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1940-01-01</saml2:AttributeValue>
+          </saml2:Attribute>
+          <saml2:Attribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">BF:QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:AttributeValue>
+          </saml2:Attribute>
+          <saml2:Attribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:cdid+BF</saml2:AttributeValue>
+          </saml2:Attribute>
+          <saml2:Attribute FriendlyName="EID-IDENTITY-LINK" Name="urn:oid:1.2.40.0.10.2.1.1.261.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA==</saml2:AttributeValue>
+          </saml2:Attribute>
+		</saml2:AttributeStatement>
+	</saml2:Assertion>
+</saml2p:Response>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy_and_EID.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy_and_EID.xml
new file mode 100644
index 00000000..a2aec0d0
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_legacy_and_EID.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/idAustriaSp/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+	<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
+	<saml2p:Status>
+		<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+	</saml2p:Status>
+	<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_602c3236bffaf71ac3ac88674e76ff9f" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0">
+		<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer>
+		<saml2:Subject>
+			<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
+			<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+				<saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/idAustriaSp/post"/>
+			</saml2:SubjectConfirmation>
+		</saml2:Subject>
+		<saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
+			<saml2:AudienceRestriction>
+				<saml2:Audience>https://localhost/authhandler/idAustriaSp/metadata</saml2:Audience>
+			</saml2:AudienceRestriction>
+		</saml2:Conditions>
+		<saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
+			<saml2:AuthnContext>
+				<saml2:AuthnContextClassRef>http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef>
+			</saml2:AuthnContext>
+		</saml2:AuthnStatement>
+		<saml2:AttributeStatement>
+			<saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">2.1</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-CITIZEN-QAA- EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">http://eidas.europa.eu/LoA/test</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AB</saml2:AttributeValue>
+			</saml2:Attribute>
+            <saml2:Attribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+          <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Mustermann</saml2:AttributeValue>
+          </saml2:Attribute>
+          <saml2:Attribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Max</saml2:AttributeValue>
+          </saml2:Attribute>
+          <saml2:Attribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1940-01-01</saml2:AttributeValue>
+          </saml2:Attribute>
+          <saml2:Attribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">BF:QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:AttributeValue>
+          </saml2:Attribute>
+          <saml2:Attribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:cdid+BF</saml2:AttributeValue>
+          </saml2:Attribute>
+          <saml2:Attribute FriendlyName="EID-IDENTITY-LINK" Name="urn:oid:1.2.40.0.10.2.1.1.261.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA==</saml2:AttributeValue>
+          </saml2:Attribute>
+          <saml2:Attribute FriendlyName="eidBind" Name="urn:eidgvat:attributes.eidbind" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+           <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">eyJhbGciOiJQUzI1NiIsInVybjphdC5ndi5laWQ6YmluZHR5cGUiOiJ1cm46YXQuZ3YuZWlkOmJjQmluZCIsIng1dCNTMjU2IjoidmZDUTQ1eE9ndEhqWGFTQ0FDbVpPRzFVem9kSFpLaFVDZ1pxek50SU45SSJ9.ewogICJ1cm46ZWlkZ3ZhdDphdHRyaWJ1dGVzLnZzei52YWx1ZSI6ICJPRC9rQ0dJRmJqTFRXMHBvNklaU21vYXozdWhQWWxPM1M1YnM5Sm5LMEE1REh0dWZNM0FQTHVEYzNMbHA0UGVOZEVhNE5yQ21nSHIxWVVpSFQ1aXJUOGVEQWZHcEliUUhKZz09IiwKICAidXJuOmVpZGd2YXQ6YXR0cmlidXRlcy51c2VyLnB1YmtleXMiOiBbCiAgICAiTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE3UCtIclFwYVBXU1VpT0R1dkxackUzejlhTHMyc3NjR3pzd3NaazZsc0lQNjYyZVkwbnZkME04Vy9STG1ZTUV2ejZIaWNGNEEvZjA1WHBlSjROODlRWEtWaWJkUkdDTUNObGhEUW1LZ0xaVitIajdmQmZrcmdaWXpHUitlSTZkclU5Y1JRSHQ2NE9EL2lJRTFxTzhHbXF2a2EzUnhsOXV3V05GMUJMTDFORTVQenNDUzNuQUs3c1hSM2lVS0RDbVJ2RGx5WjQvTFJDMjRLbFhOc2doTkVSVlRnY2lvdzhGLzJSaHcwM0dUdllaU0c4dmxlTmRoaUVYR2grQlBqUW91cmlPRmg2TFVEY0djSnFJbFdacEZXUzYwNlRreG5BNEtacld2VkFBSjMwcGpBTkorUENVem11Z2lhcWxoaHRWQ1FwQjVwb0ZIR2UzRXJaUy8yME1oQ3dJREFRQUIiCiAgXSwKICAidXJuOmVpZGd2YXQ6YXR0cmlidXRlcy5laWQuc3RhdHVzIjogInVybjplaWRndmF0OmVpZC5zdGF0dXMubGlnaHQiLAogICJ1cm46ZWlkZ3ZhdDphdHRyaWJ1dGVzLmJpbmRpbmcuYXV0aGJsb2NrIjogewogICAgImhhc2hBbGciOiAiaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhNTEyIiwKICAgICJ2YWx1ZSI6ICJhYWFiYmJjY2NkZGRlZWVmZmZnZ2ciCiAgfSwKICAidXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMzIiOiJDWiIsCiAgInVybjplaWRndmF0Om1kcyI6ewogICAgICAidXJuOm9pZDoyLjUuNC40MiI6IlhYWENsYXVzIC0gTWFyaWEiLAogICAgICAidXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAiOiJYWFh2b24gQnJhbmRlbmJ1cmciLAogICAgICAidXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSI6IjE5ODQtMTItMzEiCiAgIH0sCiAgICAidXJuOmVpZGd2YXQ6YXR0cmlidXRlcy5hcHBsaWNhdGlvbi5yZXN0cmljdGlvbiI6IFsKICAgICJhcHBJZDEiLAogICAgImFwcElkMiIKICBdCn0.M83-8edNj64SBXV7BEZUTAgqFULZTmvFFmIdJ-GKCdJIWw-AXlfOCzCdvFYg1Y9_yfjWHuPWFJmh8RXzXN6yRqv8LjtxsK8qBmT3Xsg3puMrpTSiImoM1iSHTaVXZlSV74vj9Fdr9EXrTIZFA7Uj-JBFRQ_mkYdCdWnrIwwm3ojxnq_wrSepO_uYOOQ0w7lTveTyn_iXKVAk3f8N0gibODXXUiTnCuOr6CqZwKwiwuwgDNZEItkpR7r_qpZSwwim1OOc7JTQFi05ANRe8lP4YRLfGatp6FX-Tu4krT0xsgrd0bTKSYOaP11mOhftLAp-wOB-04zkfs0b7yYw6CGVHg</saml2:AttributeValue>
+          </saml2:Attribute>
+          <saml2:Attribute FriendlyName="userAuthBlock" Name="urn:eidgvat:attributes.authblock.signed" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA==</saml2:AttributeValue>
+          </saml2:Attribute>
+          <saml2:Attribute FriendlyName="piiTransactionId" Name="urn:eidgvat:attributes.piiTransactionId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+            <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">piiTrans_11223344556677</saml2:AttributeValue>
+          </saml2:Attribute>          
+		</saml2:AttributeStatement>
+	</saml2:Assertion>
+</saml2p:Response>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_wrong_destination_endpoint.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_wrong_destination_endpoint.xml
new file mode 100644
index 00000000..cac4c867
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_with_wrong_destination_endpoint.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/idAustriaSp/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+	<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
+	<saml2p:Status>
+		<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+	</saml2p:Status>
+	<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_602c3236bffaf71ac3ac88674e76ff9f" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0">
+		<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer>
+		<saml2:Subject>
+			<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
+			<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+				<saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/idAustriaSp/post"/>
+			</saml2:SubjectConfirmation>
+		</saml2:Subject>
+		<saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
+			<saml2:AudienceRestriction>
+				<saml2:Audience>https://demo.egiz.gv.at/demoportal_demologin/</saml2:Audience>
+			</saml2:AudienceRestriction>
+		</saml2:Conditions>
+		<saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
+			<saml2:AuthnContext>
+				<saml2:AuthnContextClassRef>http://www.stork.gov.eu/1.0/citizenQAALevel/4</saml2:AuthnContextClassRef>
+			</saml2:AuthnContext>
+		</saml2:AuthnStatement>
+		<saml2:AttributeStatement>
+			<saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">2.1</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Mustermann</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Max</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1940-01-01</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">BF:QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-CITIZEN-QAA-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.94" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:integer">4</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AT</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:cdid+BF</saml2:AttributeValue>
+			</saml2:Attribute>
+		</saml2:AttributeStatement>
+	</saml2:Assertion>
+</saml2p:Response>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_classpath_entityid.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_classpath_entityid.xml
new file mode 100644
index 00000000..2eeeeb17
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_classpath_entityid.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/idAustriaSp/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+	<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
+	<saml2p:Status>
+		<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+	</saml2p:Status>
+	<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_602c3236bffaf71ac3ac88674e76ff9f" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0">
+		<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer>
+		<saml2:Subject>
+			<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
+			<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+				<saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/idAustriaSp/post"/>
+			</saml2:SubjectConfirmation>
+		</saml2:Subject>
+		<saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
+			<saml2:AudienceRestriction>
+				<saml2:Audience>https://localhost/authhandler/idAustriaSp/metadata</saml2:Audience>
+			</saml2:AudienceRestriction>
+		</saml2:Conditions>
+		<saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
+			<saml2:AuthnContext>
+				<saml2:AuthnContextClassRef>http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef>
+			</saml2:AuthnContext>
+		</saml2:AuthnStatement>
+		<saml2:AttributeStatement>
+			<saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">2.1</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Mustermann</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Max</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1940-01-01</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">BF:QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-CITIZEN-QAA- EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">http://eidas.europa.eu/LoA/high</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">IT</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:cdid+BF</saml2:AttributeValue>
+			</saml2:Attribute>
+		</saml2:AttributeStatement>
+	</saml2:Assertion>
+</saml2p:Response>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error.xml
new file mode 100644
index 00000000..28dd9d92
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/idAustriaSp/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+	<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
+	<saml2p:Status>
+		<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">
+          <saml2p:StatusCode Value="9199"/>
+        </saml2p:StatusCode>
+        <saml2p:StatusMessage>Der Anmeldevorgang wurde durch den Benutzer abgebrochen.</saml2p:StatusMessage>
+	</saml2p:Status>
+	<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_602c3236bffaf71ac3ac88674e76ff9f" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0">
+		<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer>
+		<saml2:Subject>
+			<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
+			<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+				<saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/idAustriaSp/post"/>
+			</saml2:SubjectConfirmation>
+		</saml2:Subject>
+		<saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
+			<saml2:AudienceRestriction>
+				<saml2:Audience>https://localhost/authhandler/idAustriaSp/metadata</saml2:Audience>
+			</saml2:AudienceRestriction>
+		</saml2:Conditions>
+		<saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
+			<saml2:AuthnContext>
+				<saml2:AuthnContextClassRef>http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef>
+			</saml2:AuthnContext>
+		</saml2:AuthnStatement>
+		<saml2:AttributeStatement>
+			<saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">2.1</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-CITIZEN-QAA- EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">http://eidas.europa.eu/LoA/low</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">IT</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="eidBind" Name="urn:eidgvat:attributes.eidbind" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">aabbccddeeffgghh</saml2:AttributeValue>
+			</saml2:Attribute>
+            <saml2:Attribute FriendlyName="userConsent" Name="urn:eidgvat:attributes.consent.signed" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+              <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA==</saml2:AttributeValue>
+            </saml2:Attribute>
+		</saml2:AttributeStatement>
+	</saml2:Assertion>
+</saml2p:Response>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_empty_subcode.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_empty_subcode.xml
new file mode 100644
index 00000000..4a4566df
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_empty_subcode.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/idAustriaSp/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+	<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
+	<saml2p:Status>
+		<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">
+          <saml2p:StatusCode Value=""/>
+        </saml2p:StatusCode>
+        <saml2p:StatusMessage>Der Anmeldevorgang wurde durch den Benutzer abgebrochen.</saml2p:StatusMessage>
+	</saml2p:Status>
+	<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_602c3236bffaf71ac3ac88674e76ff9f" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0">
+		<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer>
+		<saml2:Subject>
+			<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
+			<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+				<saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/idAustriaSp/post"/>
+			</saml2:SubjectConfirmation>
+		</saml2:Subject>
+		<saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
+			<saml2:AudienceRestriction>
+				<saml2:Audience>https://localhost/authhandler/idAustriaSp/metadata</saml2:Audience>
+			</saml2:AudienceRestriction>
+		</saml2:Conditions>
+		<saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
+			<saml2:AuthnContext>
+				<saml2:AuthnContextClassRef>http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef>
+			</saml2:AuthnContext>
+		</saml2:AuthnStatement>
+		<saml2:AttributeStatement>
+			<saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">2.1</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-CITIZEN-QAA- EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">http://eidas.europa.eu/LoA/low</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">IT</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="eidBind" Name="urn:eidgvat:attributes.eidbind" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">aabbccddeeffgghh</saml2:AttributeValue>
+			</saml2:Attribute>
+            <saml2:Attribute FriendlyName="userConsent" Name="urn:eidgvat:attributes.consent.signed" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+              <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA==</saml2:AttributeValue>
+            </saml2:Attribute>
+		</saml2:AttributeStatement>
+	</saml2:Assertion>
+</saml2p:Response>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_userstop.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_userstop.xml
new file mode 100644
index 00000000..7ca0f134
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_userstop.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/idAustriaSp/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+	<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
+	<saml2p:Status>
+		<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">
+          <saml2p:StatusCode Value="1005"/>
+        </saml2p:StatusCode>
+        <saml2p:StatusMessage>Der Anmeldevorgang wurde durch den Benutzer abgebrochen.</saml2p:StatusMessage>
+	</saml2p:Status>
+	<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_602c3236bffaf71ac3ac88674e76ff9f" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0">
+		<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer>
+		<saml2:Subject>
+			<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
+			<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+				<saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/idAustriaSp/post"/>
+			</saml2:SubjectConfirmation>
+		</saml2:Subject>
+		<saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
+			<saml2:AudienceRestriction>
+				<saml2:Audience>https://localhost/authhandler/idAustriaSp/metadata</saml2:Audience>
+			</saml2:AudienceRestriction>
+		</saml2:Conditions>
+		<saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
+			<saml2:AuthnContext>
+				<saml2:AuthnContextClassRef>http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef>
+			</saml2:AuthnContext>
+		</saml2:AuthnStatement>
+		<saml2:AttributeStatement>
+			<saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">2.1</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-CITIZEN-QAA- EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">http://eidas.europa.eu/LoA/low</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">IT</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="eidBind" Name="urn:eidgvat:attributes.eidbind" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">aabbccddeeffgghh</saml2:AttributeValue>
+			</saml2:Attribute>
+            <saml2:Attribute FriendlyName="userConsent" Name="urn:eidgvat:attributes.consent.signed" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+              <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA==</saml2:AttributeValue>
+            </saml2:Attribute>
+		</saml2:AttributeStatement>
+	</saml2:Assertion>
+</saml2p:Response>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_without_subcode.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_without_subcode.xml
new file mode 100644
index 00000000..2a068dbe
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/Response_without_sig_with_error_without_subcode.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/authhandler/idAustriaSp/post" InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+	<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
+	<saml2p:Status>
+		<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">
+        </saml2p:StatusCode>
+        <saml2p:StatusMessage>Der Anmeldevorgang wurde durch den Benutzer abgebrochen.</saml2p:StatusMessage>
+	</saml2p:Status>
+	<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_602c3236bffaf71ac3ac88674e76ff9f" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0">
+		<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer>
+		<saml2:Subject>
+			<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
+			<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+				<saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/authhandler/idAustriaSp/post"/>
+			</saml2:SubjectConfirmation>
+		</saml2:Subject>
+		<saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2014-03-05T06:44:51.017Z">
+			<saml2:AudienceRestriction>
+				<saml2:Audience>https://localhost/authhandler/idAustriaSp/metadata</saml2:Audience>
+			</saml2:AudienceRestriction>
+		</saml2:Conditions>
+		<saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
+			<saml2:AuthnContext>
+				<saml2:AuthnContextClassRef>http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef>
+			</saml2:AuthnContext>
+		</saml2:AuthnStatement>
+		<saml2:AttributeStatement>
+			<saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">2.1</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-CITIZEN-QAA- EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">http://eidas.europa.eu/LoA/low</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">IT</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="eidBind" Name="urn:eidgvat:attributes.eidbind" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">aabbccddeeffgghh</saml2:AttributeValue>
+			</saml2:Attribute>
+            <saml2:Attribute FriendlyName="userConsent" Name="urn:eidgvat:attributes.consent.signed" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+              <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA==</saml2:AttributeValue>
+            </saml2:Attribute>
+		</saml2:AttributeStatement>
+	</saml2:Assertion>
+</saml2p:Response>