more transitions & tests

9 files changed, 458 insertions, 29 deletions

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java
new file mode 100644
index 00000000..c99c6e6a
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java
@@ -0,0 +1,169 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController;
+import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.metadata.resolver.filter.FilterException;
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.security.x509.BasicX509Credential;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter;
+import net.shibboleth.utilities.java.support.xml.XMLParserException;
+
+
+@RunWith(SpringJUnit4ClassRunner.class)
+//@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties"})
+@TestPropertySource(locations = { "classpath:/config/junit_config_1_springboot.properties" })
+@ContextConfiguration(locations = {
+    "/SpringTest-context_tasks_test.xml",
+    "/SpringTest-context_basic_mapConfig.xml"
+})
+@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS)
+@Ignore
+public class IdAustriaClientAuthMetadataControllerTest {
+
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+
+  @Autowired private IdAustriaClientAuthMetadataController controller;
+  @Autowired private IdAustriaClientAuthCredentialProvider credProvider;
+  @Autowired private DummyAuthConfigMap config;
+
+  /**
+   * JUnit class initializer.
+   *
+   * @throws Exception In case of an OpenSAML3 initialization error
+   */
+  @BeforeClass
+  public static void initialize() throws Exception {
+    EaafOpenSaml3xInitializer.eaafInitialize();
+
+  }
+
+  /**
+   * Single jUnit-test set-up.
+   */
+  @Before
+  public void testSetup() {
+    httpReq = new MockHttpServletRequest("GET", "http://localhost/authhandler");
+    httpReq.setContextPath("/authhandler");
+    httpResp = new MockHttpServletResponse();
+
+    config.removeConfigValue("core.legacy.allowLegacyMode");
+    config.removeConfigValue("modules.eidascentralauth.semper.mandates.active");
+    config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.1");
+    config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.2");
+    config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.3");
+    config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.4");
+    config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.5");
+    config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.6");
+
+  }
+
+  @Test
+  public void buildMetadataValidInEidMode() throws IOException, EaafException,
+      XMLParserException, UnmarshallingException, FilterException {
+    config.putConfigValue("core.legacy.allowLegacyMode", "false");
+    config.putConfigValue("modules.eidascentralauth.semper.mandates.active", "false");
+
+    //build metdata
+    controller.getSpMetadata(httpReq, httpResp);
+
+    //check result
+    validateResponse(6);
+
+  }
+
+  private void validateResponse(int numberOfRequestedAttributes) throws UnsupportedEncodingException,
+      XMLParserException, UnmarshallingException, FilterException, CredentialsNotAvailableException {
+    Assert.assertEquals("HTTP Statuscode", 200, httpResp.getStatus());
+    Assert.assertEquals("ContentType", "text/xml; charset=utf-8", httpResp.getContentType());
+    Assert.assertEquals("ContentEncoding", "UTF-8", httpResp.getCharacterEncoding());
+
+    final String metadataXml = httpResp.getContentAsString();
+    Assert.assertNotNull("XML Metadata", metadataXml);
+
+    final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(), new ByteArrayInputStream(metadataXml.getBytes("UTF-8")));
+
+    Assert.assertEquals("EntityId",
+        "http://localhost/authhandler" + IdAustriaClientAuthConstants.ENDPOINT_METADATA,
+        metadata.getEntityID());
+
+    //check XML scheme
+    final SchemaValidationFilter schemaFilter = new SchemaValidationFilter();
+    schemaFilter.filter(metadata);
+
+    //check signature
+    final SimpleMetadataSignatureVerificationFilter sigFilter =
+        new SimpleMetadataSignatureVerificationFilter(credProvider.getKeyStore().getFirst(),
+            metadata.getEntityID());
+    sigFilter.filter(metadata);
+
+    //check content
+    final SPSSODescriptor spSsoDesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+    Assert.assertNotNull("SPSSODescr.", spSsoDesc);
+
+    Assert.assertFalse("AssertionConsumerServices",
+        spSsoDesc.getAssertionConsumerServices().isEmpty());
+    Assert.assertFalse("ContactPersons",
+        metadata.getContactPersons().isEmpty());
+    Assert.assertNotNull("ContactPersons",
+        metadata.getOrganization());
+
+    Assert.assertFalse("KeyDescriptors",
+        spSsoDesc.getKeyDescriptors().isEmpty());
+    Assert.assertEquals("#KeyDescriptors", 2, spSsoDesc.getKeyDescriptors().size());
+
+    Assert.assertFalse("NameIDFormats",
+        spSsoDesc.getNameIDFormats().isEmpty());
+    Assert.assertEquals("wrong NameIDFormats", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
+        spSsoDesc.getNameIDFormats().get(0).getFormat());
+
+    Assert.assertFalse("AttributeConsumingServices",
+        spSsoDesc.getAttributeConsumingServices().isEmpty());
+    Assert.assertEquals("#RequestAttributes", numberOfRequestedAttributes,
+        spSsoDesc.getAttributeConsumingServices().get(0).getRequestAttributes().size());
+
+  }
+
+  private List<BasicX509Credential> convertX509Certs(List<X509Certificate> certs) {
+    final List<BasicX509Credential> result = new ArrayList<>();
+    for (final X509Certificate cert : certs) {
+      result.add(new BasicX509Credential(cert));
+
+    }
+    return result;
+  }
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
index ac188cda..95986c49 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
@@ -46,7 +46,6 @@ import org.apache.commons.lang3.RandomStringUtils;
 import org.jetbrains.annotations.NotNull;
 import org.junit.Assert;
 import org.junit.Before;
-import org.junit.BeforeClass;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
@@ -62,7 +61,6 @@ import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
 import javax.xml.namespace.QName;
-import java.io.IOException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.ArrayList;
@@ -97,7 +95,7 @@ public class InitialSearchTaskTest {
   private final String randomGivenName = RandomStringUtils.randomAlphabetic(10);
   private final String randomPlaceOfBirth = RandomStringUtils.randomAlphabetic(10);
   private final String randomBirthName = RandomStringUtils.randomAlphabetic(10);
-  private final String randomDate = "2011-01-" + (10 + new Random().nextInt(18));
+  private final String randomBirthDate = "2011-01-" + (10 + new Random().nextInt(18));
 
 //  /**
 //   * jUnit class initializer.
@@ -138,7 +136,7 @@ public class InitialSearchTaskTest {
   public void testNode100_UserIdentifiedUpdateNecessary_a() throws Exception {
     String newFirstName = RandomStringUtils.randomAlphabetic(10);
     Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList(
-        new RegisterResult(randomBpk, randomIdentifier, newFirstName, randomFamilyName, randomDate)));
+        new RegisterResult(randomBpk, randomIdentifier, newFirstName, randomFamilyName, randomBirthDate)));
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
 
     task.execute(pendingReq, executionContext);
@@ -158,7 +156,7 @@ public class InitialSearchTaskTest {
     Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
     String newRandomGivenName = RandomStringUtils.randomAlphabetic(10);
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList(
-        new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate)));
+        new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate)));
 
     task.execute(pendingReq, executionContext);
     String bPk = (String)
@@ -175,9 +173,9 @@ public class InitialSearchTaskTest {
   @DirtiesContext
   public void testNode101_ManualFixNecessary_a() {
     ArrayList<RegisterResult> zmrResult = new ArrayList<>();
-    zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate));
+    zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate));
     String newRandomGivenName = randomGivenName + RandomStringUtils.randomAlphabetic(2);
-    zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate));
+    zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate));
     Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult);
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
 
@@ -197,10 +195,10 @@ public class InitialSearchTaskTest {
   public void testNode101_ManualFixNecessary_b() {
     Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
     ArrayList<RegisterResult> ernpResult = new ArrayList<>();
-    ernpResult.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName, randomFamilyName, randomDate));
+    ernpResult.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName, randomFamilyName, randomBirthDate));
     String newRandomGivenName = randomGivenName + RandomStringUtils.randomAlphabetic(2);
     ernpResult.add(
-        new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate));
+        new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate));
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult);
 
     TaskExecutionException exception = assertThrows(TaskExecutionException.class,
@@ -218,7 +216,7 @@ public class InitialSearchTaskTest {
   public void testNode102_UserIdentified_a() throws Exception {
     Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList(
-        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate)));
+        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate)));
 
     task.execute(pendingReq, executionContext);
     String bPk = (String)
@@ -234,7 +232,7 @@ public class InitialSearchTaskTest {
   @DirtiesContext
   public void testNode102_UserIdentified_b() throws Exception {
     Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList(
-        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate)));
+        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate)));
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
 
     task.execute(pendingReq, executionContext);
@@ -260,7 +258,7 @@ public class InitialSearchTaskTest {
     String newRandomIdentifier = randomIdentifier + RandomStringUtils.randomNumeric(2);
     Mockito.when(zmrClient.searchItSpecific(taxNumber)).thenReturn(Collections.singletonList(
         new RegisterResult(randomBpk, newRandomIdentifier, randomGivenName, randomFamilyName,
-            randomDate, null, null, taxNumber, null)));
+            randomBirthDate, null, null, taxNumber, null)));
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
     task = new InitialSearchTask(
         Collections.singletonList(new ItSpecificDetailSearchProcessor(ernpClient, zmrClient)),
@@ -282,15 +280,15 @@ public class InitialSearchTaskTest {
   public void testNode103_UserIdentified_DE() throws Exception {
     final AuthenticationResponse response = buildDummyAuthResponseDE(randomGivenName, randomFamilyName,
         randomPseudonym,
-        randomDate, randomPlaceOfBirth, randomBirthName);
+        randomBirthDate, randomPlaceOfBirth, randomBirthName);
     TestRequestImpl pendingReq1 = new TestRequestImpl();
     pendingReq1.getSessionData(AuthProcessDataWrapper.class)
         .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response);
     Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
-    Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomDate, randomPlaceOfBirth,
+    Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomBirthDate, randomPlaceOfBirth,
         randomBirthName))
         .thenReturn(Collections.singletonList(new RegisterResult(randomBpk, randomIdentifier, randomGivenName,
-            randomFamilyName, randomDate, randomPlaceOfBirth, randomBirthName, null, null)));
+            randomFamilyName, randomBirthDate, randomPlaceOfBirth, randomBirthName, null, null)));
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
     task = new InitialSearchTask(
         Collections.singletonList(new DeSpecificDetailSearchProcessor(ernpClient, zmrClient)),
@@ -314,18 +312,18 @@ public class InitialSearchTaskTest {
     String newRandomBpk = randomBpk + RandomStringUtils.randomNumeric(6);
     final AuthenticationResponse response = buildDummyAuthResponseDE(randomGivenName, randomFamilyName,
         randomPseudonym,
-        randomDate, randomPlaceOfBirth, randomBirthName);
+        randomBirthDate, randomPlaceOfBirth, randomBirthName);
     TestRequestImpl pendingReq1 = new TestRequestImpl();
     pendingReq1.getSessionData(AuthProcessDataWrapper.class)
         .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response);
     Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
     ArrayList<RegisterResult> zmrResultSpecific = new ArrayList<>();
     zmrResultSpecific.add(
-        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate,
+        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate,
             randomPlaceOfBirth, randomBirthName, null, null));
-    zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName, randomFamilyName, randomDate,
+    zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName, randomFamilyName, randomBirthDate,
         randomPlaceOfBirth, randomBirthName, null, null));
-    Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomDate, randomPlaceOfBirth,
+    Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomBirthDate, randomPlaceOfBirth,
         randomBirthName)).thenReturn(zmrResultSpecific);
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
     task = new InitialSearchTask(
@@ -354,11 +352,11 @@ public class InitialSearchTaskTest {
     ArrayList<RegisterResult> zmrResultSpecific = new ArrayList<>();
     String randomPseudonym = IT_ST + randomIdentifier + "4";
     zmrResultSpecific.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName,
-        randomFamilyName, randomDate, null, null, randomTaxNumber, null));
+        randomFamilyName, randomBirthDate, null, null, randomTaxNumber, null));
     String newRandomPseudonym = IT_ST + randomIdentifier + "5";
     String newRandomBpk = RandomStringUtils.randomNumeric(6);
     zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName,
-        randomFamilyName, randomDate, null, null, randomTaxNumber, null));
+        randomFamilyName, randomBirthDate, null, null, randomTaxNumber, null));
     Mockito.when(zmrClient.searchItSpecific(randomTaxNumber)).thenReturn(zmrResultSpecific);
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
     task = new InitialSearchTask(
@@ -373,11 +371,11 @@ public class InitialSearchTaskTest {
   }
 
   /**
-   * NO match found in ZMR and ErnP with Initial search
+   * NO match found in ZMR and ErnP with Initial and MDS search
    */
   @Test
   @DirtiesContext
-  public void testNode105_TemporaryEnd() throws TaskExecutionException {
+  public void testNode505_TransitionToErnbTask() throws TaskExecutionException {
     Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
 
@@ -386,18 +384,99 @@ public class InitialSearchTaskTest {
     String bPk = (String)
         pendingReq.getSessionData(AuthProcessDataWrapper.class)
             .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK);
-    Assert.assertEquals("Wrong bpk", "TODO-Temporary-Endnode-105", bPk);
+    Assert.assertEquals("Wrong bpk", null, bPk);
+
+    Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK);
+    Assert.assertEquals("Wrong transition", null, transitionGUI);
+    Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK);
+    Assert.assertEquals("Wrong transition", true, transitionErnb);
+  }
+
+  /**
+   * NO match found in ZMR and ErnP with Initial search, one match with MDS search in Ernb
+   */
+  @Test
+  @DirtiesContext
+  public void testNode505_TransitionToGUI_Ernb() throws TaskExecutionException {
+    Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
+    Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
+
+    Mockito.when(ernpClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn(
+        Collections.singletonList(
+        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate)));
+
+    task.execute(pendingReq, executionContext);
+
+    String bPk = (String)
+        pendingReq.getSessionData(AuthProcessDataWrapper.class)
+            .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK);
+    Assert.assertEquals("Wrong bpk", null, bPk);
+    Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK);
+    Assert.assertEquals("Wrong transition", true, transitionGUI);
+    Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK);
+    Assert.assertEquals("Wrong transition", null, transitionErnb);
+  }
+
+  /**
+   * NO match found in ZMR and ErnP with Initial search, one match with MDS search in ZMR
+   */
+  @Test
+  @DirtiesContext
+  public void testNode505_TransitionToGUI_Zmr() throws TaskExecutionException {
+    Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
+    Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
+
+    Mockito.when(zmrClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn(
+        Collections.singletonList(
+            new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate)));
+
+    task.execute(pendingReq, executionContext);
+
+    String bPk = (String)
+        pendingReq.getSessionData(AuthProcessDataWrapper.class)
+            .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK);
+    Assert.assertEquals("Wrong bpk", null, bPk);
+    Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK);
+    Assert.assertEquals("Wrong transition", true, transitionGUI);
+    Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK);
+    Assert.assertEquals("Wrong transition", null, transitionErnb);
   }
 
+  /**
+   * NO match found in ZMR and ErnP with Initial search, multiple matches found with MDS search
+   */
+  @Test
+  @DirtiesContext
+  public void testNode505_TransitionToGUI_Ernb_multi() throws TaskExecutionException {
+    Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
+    Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
+    ArrayList<RegisterResult> ernbResult = new ArrayList<>();
+    ernbResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName,
+        randomBirthDate));
+    ernbResult.add(new RegisterResult(randomBpk+"1", randomIdentifier, randomGivenName, randomFamilyName,
+        randomBirthDate));
+    Mockito.when(ernpClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn(ernbResult);
+
+    task.execute(pendingReq, executionContext);
+
+    String bPk = (String)
+        pendingReq.getSessionData(AuthProcessDataWrapper.class)
+            .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK);
+    Assert.assertEquals("Wrong bpk", null, bPk);
+    Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK);
+    Assert.assertEquals("Wrong transition", true, transitionGUI);
+    Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK);
+    Assert.assertEquals("Wrong transition", null, transitionErnb);
+  }
 
   @NotNull
   private AuthenticationResponse buildDummyAuthResponseRandomPerson() throws URISyntaxException {
-    return buildDummyAuthResponse(randomGivenName, randomFamilyName, DE_ST + randomIdentifier, randomDate);
+    return buildDummyAuthResponse(randomGivenName, randomFamilyName, DE_ST + randomIdentifier, randomBirthDate);
   }
 
   private AuthenticationResponse buildDummyAuthResponseRandomPersonIT_Tax(String taxNumber)
       throws URISyntaxException {
-    return buildDummyAuthResponse(randomGivenName, randomFamilyName, IT_ST + randomIdentifier, randomDate,
+    return buildDummyAuthResponse(randomGivenName, randomFamilyName, IT_ST + randomIdentifier, randomBirthDate,
         taxNumber, null, null);
   }
 
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
index d0ab50f4..35f1a91b 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
@@ -54,8 +54,11 @@ import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(locations = {
     "/SpringTest-context_tasks_test.xml",
-    "/SpringTest-context_basic_realConfig.xml"})
-@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties"})
+    "/SpringTest-context_basic_realConfig.xml",
+    //"/SpringTest-context_basic_mapConfig.xml"
+    })
+@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties", "classpath:/config" +
+    "/junit_config_1_springboot.properties"})
 @DirtiesContext(classMode = ClassMode.AFTER_CLASS)
 public class EidasRequestPreProcessingFirstTest {
 
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml
index 5a7f4161..ed636eed 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml
@@ -102,4 +102,31 @@
         class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask"
         scope="prototype" />
 
+  <bean id="GenerateGuiQueryAustrianResidenceTask"
+        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateGuiQueryAustrianResidenceTask"
+        scope="prototype" />
+
+  <bean id="ReceiveGuiAustrianResidenceResponseTask"
+        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveGuiAustrianResidenceResponseTask"
+        scope="prototype" />
+
+  <bean id="idAustriaClientAuthCredentialProvider"
+        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider" />
+
+  <bean id="idAustriaClientAuthMetadataProvider"
+        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider" />
+
+  <bean id="idAustriaClientAuthMetadataController"
+        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" />
+
+  <bean id="idAustriaClientPvpMetadataResolverFactory"
+        class="at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory" />
+
+  <bean id="pvpMetadataBuilder"
+        class="at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder" />
+
+  <bean id="idAustriaAuthPvpConfiguration"
+        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaAuthPvpConfiguration" />
+
+
 </beans>
\ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties
index a662379c..df64b494 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties
@@ -114,4 +114,36 @@ eidas.ms.configuration.sp.disableRegistrationRequirement=
 eidas.ms.configuration.restrictions.baseID.spTransmission=
 eidas.ms.configuration.auth.default.countrycode=
 eidas.ms.configuration.pvp.scheme.validation=
-eidas.ms.configuration.pvp.enable.entitycategories=
\ No newline at end of file
+eidas.ms.configuration.pvp.enable.entitycategories=
+
+
+
+
+## PVP2 S-Profile ID Austria client configuration
+
+eidas.ms.modules.idaustriaclient.keystore.path=../keystore/junit_test.jks
+eidas.ms.modules.idaustriaclient.keystore.password=password
+eidas.ms.modules.idaustriaclient.keystore.type=jks
+
+eidas.ms.modules.idaustriaclient.metadata.sign.alias=meta
+eidas.ms.modules.idaustriaclient.metadata.sign.password=password
+eidas.ms.modules.idaustriaclient.request.sign.alias=sig
+eidas.ms.modules.idaustriaclient.request.sign.password=password
+eidas.ms.modules.idaustriaclient.response.encryption.alias=enc
+eidas.ms.modules.idaustriaclient.response.encryption.password=password
+
+eidas.ms.modules.idaustriaclient.truststore.path=../keystore/junit_test.jks
+eidas.ms.modules.idaustriaclient.truststore.password=password
+eidas.ms.modules.idaustriaclient.truststore.type=jks
+
+eidas.ms.modules.idaustriaclient.node.entityId=
+eidas.ms.modules.idaustriaclient.sp.entityId=
+eidas.ms.modules.idaustriaclient.node.metadataUrl=
+
+eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit
+eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit
+eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test
+eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max
+eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann
+eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test
+
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties
new file mode 100644
index 00000000..fc0c7241
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties
@@ -0,0 +1,119 @@
+## embbeded Tomcat
+tomcat.workingdir=./target/work
+tomcat.ajp.enabled=true
+tomcat.ajp.port=8009
+tomcat.ajp.networkAddress=127.0.0.1
+tomcat.ajp.additionalAttributes.secretrequired=true
+tomcat.ajp.additionalAttributes.secret=junit
+
+## Basic service configuration
+eidas.ms.context.url.prefix=http://localhost
+eidas.ms.core.configRootDir=file:./src/test/resources/config/
+
+eidas.ms.context.use.clustermode=true
+
+##Monitoring
+eidas.ms.monitoring.eIDASNode.metadata.url=http://localhost:40900/mockup
+
+## extended validation of pending-request Id's
+eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret
+
+## eIDAS Ref. Implementation connector ###
+eidas.ms.auth.eIDAS.node_v2.forward.endpoint=http://eidas.node/junit
+
+eidas.ms.auth.eIDAS.szrclient.useTestService=true
+eidas.ms.auth.eIDAS.szrclient.endpoint.prod=
+eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr
+eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/junit.jks
+eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password=password
+eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path=
+eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password=
+
+#tech. AuthBlock signing for E-ID process
+eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s
+eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair
+eidas.ms.auth.eIDAS.authblock.keystore.path=keys/teststore.jks
+eidas.ms.auth.eIDAS.authblock.keystore.type=jks
+eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair
+eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s
+
+
+#Raw eIDAS Id data storage
+eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true
+eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false
+
+
+
+## PVP2 S-Profile end-point configuration
+eidas.ms.pvp2.keystore.type=jks
+eidas.ms.pvp2.keystore.path=keys/junit.jks
+eidas.ms.pvp2.keystore.password=password
+eidas.ms.pvp2.key.metadata.alias=meta
+eidas.ms.pvp2.key.metadata.password=password
+eidas.ms.pvp2.key.signing.alias=sig
+eidas.ms.pvp2.key.signing.password=password
+eidas.ms.pvp2.metadata.validity=24
+
+eidas.ms.pvp2.metadata.organisation.name=JUnit
+eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit
+eidas.ms.pvp2.metadata.organisation.url=http://junit.test
+eidas.ms.pvp2.metadata.contact.givenname=Max
+eidas.ms.pvp2.metadata.contact.surname=Mustermann
+eidas.ms.pvp2.metadata.contact.email=max@junit.test
+
+## Service Provider configuration
+eidas.ms.sp.0.uniqueID=https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata
+eidas.ms.sp.0.pvp2.metadata.truststore=keys/junit.jks
+eidas.ms.sp.0.pvp2.metadata.truststore.password=password
+eidas.ms.sp.0.friendlyName=jUnit test
+eidas.ms.sp.0.newEidMode=true
+
+#eidas.ms.sp.0.pvp2.metadata.url=
+#eidas.ms.sp.0.policy.allowed.requested.targets=.*
+#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false
+
+## Service Provider configuration
+eidas.ms.sp.1.uniqueID=https://demo.egiz.gv.at/junit_test
+eidas.ms.sp.1.pvp2.metadata.truststore=keys/junit.jks
+eidas.ms.sp.1.pvp2.metadata.truststore.password=password
+eidas.ms.sp.1.friendlyName=jUnit test
+eidas.ms.sp.1.pvp2.metadata.url=http://junit.test/metadata
+eidas.ms.sp.1.policy.allowed.requested.targets=test
+eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true
+
+## PVP2 S-Profile client configuration
+#eidas.ms.modules.idaustriaclient.keystore.type=jks
+#eidas.ms.modules.idaustriaclient.keystore.path=keys/junit.jks1
+#eidas.ms.modules.idaustriaclient.keystore.password=password
+#eidas.ms.modules.idaustriaclient.key.metadata.alias=meta
+#eidas.ms.modules.idaustriaclient.key.metadata.password=password
+#eidas.ms.modules.idaustriaclient.key.signing.alias=sig
+#eidas.ms.modules.idaustriaclient.key.signing.password=password
+#eidas.ms.modules.idaustriaclient.metadata.validity=24
+
+eidas.ms.modules.idaustriaclient.keystore.path=keys/junit_test.jks
+eidas.ms.modules.idaustriaclient.keystore.password=password
+eidas.ms.modules.idaustriaclient.keystore.type=jks
+
+eidas.ms.modules.idaustriaclient.metadata.sign.alias=meta
+eidas.ms.modules.idaustriaclient.metadata.sign.password=password
+eidas.ms.modules.idaustriaclient.request.sign.alias=sig
+eidas.ms.modules.idaustriaclient.request.sign.password=password
+eidas.ms.modules.idaustriaclient.response.encryption.alias=enc
+eidas.ms.modules.idaustriaclient.response.encryption.password=password
+
+eidas.ms.modules.idaustriaclient.truststore.path=keys/junit_test.jks
+eidas.ms.modules.idaustriaclient.truststore.password=password
+eidas.ms.modules.idaustriaclient.truststore.type=jks
+
+eidas.ms.modules.idaustriaclient.node.entityId=
+eidas.ms.modules.idaustriaclient.sp.entityId=
+eidas.ms.modules.idaustriaclient.node.metadataUrl=
+
+eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit
+eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit
+eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test
+eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max
+eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann
+eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test
+
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jks
new file mode 100644
index 00000000..ee6254a9
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jks
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jks
new file mode 100644
index 00000000..fcc6400c
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jks
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jks
new file mode 100644
index 00000000..ee6254a9
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jks