Merge branch 'master' into feature/matching_rebased

# Conflicts:
#	connector/src/main/java/at/asitplus/eidas/specific/connector/provider/StatusMessageProvider.java
#	connector/src/main/resources/specific_eIDAS_connector.beans.xml
#	connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
#	connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java
#	connector/src/test/resources/spring/SpringTest_connector.beans.xml
#	eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
#	eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
#	eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
#	eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java
#	eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
#	eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java
#	eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java
#	pom.xml

16 files changed, 534 insertions, 112 deletions

diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml
index 7bbf826a..49e4984c 100644
--- a/eidas_modules/authmodule-eIDAS-v2/pom.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>at.asitplus.eidas.ms_specific</groupId>
     <artifactId>modules</artifactId>
-    <version>1.1.1-SNAPSHOT</version>
+    <version>1.2.2</version>
   </parent>
   <groupId>at.asitplus.eidas.ms_specific.modules</groupId>
   <artifactId>authmodule-eIDAS-v2</artifactId>
@@ -132,6 +132,10 @@
     </dependency>
     <dependency>
       <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-core</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
       <artifactId>cxf-rt-frontend-jaxws</artifactId>
     </dependency>
     <dependency>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index 70bade43..5dfc9e68 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -67,6 +67,8 @@ public class Constants {
 
   // configuration properties
   public static final String CONIG_PROPS_EIDAS_PREFIX = "auth.eIDAS";
+  public static final String CONIG_PROPS_EIDAS_IS_TEST_IDENTITY = CONIG_PROPS_EIDAS_PREFIX 
+      + ".eid.testidentity.default";
   public static final String CONIG_PROPS_EIDAS_NODE = CONIG_PROPS_EIDAS_PREFIX + ".node_v2";
   public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode";
   public static final String CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS = CONIG_PROPS_EIDAS_NODE
@@ -82,15 +84,23 @@ public class Constants {
       CONIG_PROPS_EIDAS_NODE + ".attributes.requested.{0}.onlynatural";
   public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_REPRESENTATION =
       CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation";
+  
+  public static final String CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION =
+      CONIG_PROPS_EIDAS_NODE + ".requesterId.useHashedForm";
+  public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_REQUESTERID_FOR_LUX =
+      CONIG_PROPS_EIDAS_NODE + ".requesterId.lu.useStaticRequesterForAll";
+  
   public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME =
-      CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName";
+      CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName";  
   public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER =
       CONIG_PROPS_EIDAS_NODE + ".workarounds.useRequestIdAsTransactionIdentifier";
-  public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP =
-      CONIG_PROPS_EIDAS_NODE + ".workarounds.useStaticProviderNameForPublicSPs";
+  
+  public static final String CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT = 
+      CONIG_PROPS_EIDAS_NODE + ".requested.nameIdFormat";
+  
   public static final String CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = CONIG_PROPS_EIDAS_NODE
       + ".staticProviderNameForPublicSPs";
-  public static final String DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = "ERnP";
+  public static final String DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = "Austria";
 
   public static final String FORWARD_METHOD_POST = "POST";
   public static final String FORWARD_METHOD_GET = "GET";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
index 1050f8d9..64c6adeb 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
@@ -24,17 +24,20 @@
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
 
 
+
 import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processCountryCode;
 import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processDateOfBirthToString;
 
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
 import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 import org.apache.commons.lang3.StringUtils;
 import org.joda.time.DateTime;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.lang.NonNull;
 
@@ -55,9 +58,10 @@ import eu.eidas.auth.commons.attribute.AttributeDefinition;
 import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
 import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
 import eu.eidas.auth.commons.protocol.eidas.SpType;
+import lombok.extern.slf4j.Slf4j;
 
+@Slf4j
 public abstract class AbstractEidProcessor implements INationalEidProcessor {
-  private static final Logger log = LoggerFactory.getLogger(AbstractEidProcessor.class);
 
   @Autowired
   protected EidasAttributeRegistry attrRegistry;
@@ -68,7 +72,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
   public final void preProcess(IRequest pendingReq, Builder authnRequestBuilder) {
 
     buildLevelOfAssurance(pendingReq.getServiceProviderConfiguration(), authnRequestBuilder);
-    buildProviderNameAttribute(pendingReq, authnRequestBuilder);
+    buildProviderNameAndRequesterIdAttribute(pendingReq, authnRequestBuilder);
     buildRequestedAttributes(authnRequestBuilder);
   }
 
@@ -200,6 +204,83 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
     return EidasResponseUtils.processPseudonym(personalIdObj);
   }
 
+  /**
+   * Set ProviderName and RequestId into eIDAS AuthnRequest.
+   * 
+   * @param pendingReq Current pendingRequest
+   * @param authnRequestBuilder AuthnREquest builer
+   */
+  protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) {
+    final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+
+    // set correct SPType for requested target sector
+    final String publicSectorTargetSelector = basicConfig.getBasicConfiguration(
+        Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS,
+        Constants.POLICY_DEFAULT_ALLOWED_TARGETS);
+    final Pattern p = Pattern.compile(publicSectorTargetSelector);
+    final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier());
+    if (m.matches()) {
+      log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'");
+      authnRequestBuilder.spType(SpType.PUBLIC.getValue());
+
+      final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
+      if (basicConfig.getBasicConfigurationBoolean(
+              Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME,
+              false)) {
+        //TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for
+        if (StringUtils.isNotEmpty(providerName)) {
+          log.debug("Set 'providername' to: {}", providerName);
+          authnRequestBuilder.providerName(providerName);  
+          
+        } else {
+          authnRequestBuilder.providerName(basicConfig.getBasicConfiguration(
+              Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
+              Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP));
+          
+        }                 
+      }
+
+    } else {
+      log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'");
+      authnRequestBuilder.spType(SpType.PRIVATE.getValue());
+
+      // TODO: switch to RequesterId in further version
+      // set provider name for private sector applications
+      final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
+      if (StringUtils.isNotEmpty(providerName)) {
+        authnRequestBuilder.providerName(providerName);
+                      
+      }
+      
+      authnRequestBuilder.requesterId(
+          generateRequesterId(pendingReq.getRawData(Constants.DATA_REQUESTERID, String.class)));
+            
+    }
+  }
+  
+  private String generateRequesterId(String requesterId) {
+    if (requesterId != null && basicConfig.getBasicConfigurationBoolean(
+        Constants.CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION, true)) {            
+      try {
+        log.trace("Building hashed 'requesterId' for private SP ... ");
+        MessageDigest digest = MessageDigest.getInstance("SHA-256");
+        String encodedRequesterId = Base64.getEncoder().encodeToString(
+            digest.digest(requesterId.getBytes(StandardCharsets.UTF_8)));                
+        log.debug("Set 'requesterId' for: {} to: {}", requesterId, encodedRequesterId);
+        return encodedRequesterId;
+        
+      } catch (NoSuchAlgorithmException e) {
+        log.error("Can NOT generate hashed 'requesterId' from: {}. Use it as it is", requesterId, e);
+        
+      }
+            
+    }
+    
+    return requesterId;
+    
+  }
+
+
   private void buildRequestedAttributes(Builder authnRequestBuilder) {
     // build and add requested attribute set
     final Map<String, Boolean> ccSpecificReqAttr = getCountrySpecificRequestedAttributes();
@@ -237,55 +318,6 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
 
   }
 
-  private void buildProviderNameAttribute(IRequest pendingReq, Builder authnRequestBuilder) {
-    final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
-
-    // set correct SPType for requested target sector
-    final String publicSectorTargetSelector = basicConfig.getBasicConfiguration(
-        Constants.CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS,
-        Constants.POLICY_DEFAULT_ALLOWED_TARGETS);
-    final Pattern p = Pattern.compile(publicSectorTargetSelector);
-    final Matcher m = p.matcher(spConfig.getAreaSpecificTargetIdentifier());
-    if (m.matches()) {
-      log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PublicSector'");
-      authnRequestBuilder.spType(SpType.PUBLIC.getValue());
-
-      if (basicConfig.getBasicConfigurationBoolean(
-          Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
-          true)) {
-        authnRequestBuilder.providerName(basicConfig.getBasicConfiguration(
-            Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
-            Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP));
-
-      } else {
-        // TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for
-        // any SPType
-        final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
-        if (StringUtils.isNotEmpty(providerName)
-            && basicConfig.getBasicConfigurationBoolean(
-            Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME,
-            false)) {
-          authnRequestBuilder.providerName(providerName);
-
-        }
-      }
-
-    } else {
-      log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'");
-      authnRequestBuilder.spType(SpType.PRIVATE.getValue());
-
-      // TODO: switch to RequesterId in further version
-      // set provider name for private sector applications
-      final String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
-      if (StringUtils.isNotEmpty(providerName)) {
-        authnRequestBuilder.providerName(providerName);
-        authnRequestBuilder.requesterId(providerName);
-
-      }
-
-    }
-  }
-
   private void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) {
     // TODO: set matching mode if eIDAS ref. impl. support this method
 
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/LuEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/LuEidProcessor.java
new file mode 100644
index 00000000..8402457f
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/LuEidProcessor.java
@@ -0,0 +1,61 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class LuEidProcessor extends AbstractEidProcessor {
+
+  
+  
+  private static final String canHandleCC = "LU";
+
+  @Getter
+  @Setter
+  private int priority = 1;
+  
+  @Override
+  public String getName() {
+    return "LU-PostProcessor";
+    
+  }
+
+  @Override
+  public boolean canHandle(String countryCode) {
+    return countryCode != null && countryCode.equalsIgnoreCase(canHandleCC);
+    
+  }
+
+  @Override
+  protected void buildProviderNameAndRequesterIdAttribute(IRequest pendingReq, Builder authnRequestBuilder) {
+    super.buildProviderNameAndRequesterIdAttribute(pendingReq, authnRequestBuilder);    
+    if (basicConfig.getBasicConfigurationBoolean(
+        Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_REQUESTERID_FOR_LUX, true)) {      
+      String staticName = basicConfig.getBasicConfiguration(
+          Constants.CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP,
+          Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP);                
+      authnRequestBuilder.providerName(staticName);
+      authnRequestBuilder.requesterId(staticName);
+      log.debug("Use static name: {} as 'providerName' and 'RequesterId' for all 'LU' requests ", staticName);
+                 
+    } else { 
+      log.info("Static 'providerName' and 'RequesterId' for country: LU is deactivated");
+      
+    }
+    
+  }
+  
+  @Override
+  protected Map<String, Boolean> getCountrySpecificRequestedAttributes() {
+    return new HashMap<>();
+    
+  }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
index 234d52dd..a2af4342 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
@@ -18,6 +18,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import com.fasterxml.jackson.annotation.JsonFormat;
+import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -81,6 +82,14 @@ public class AuthBlockSigningService {
     authBlock.setTimestamp(LocalDateTime.now().truncatedTo(ChronoUnit.SECONDS));
     authBlock.setUniqueId(pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class)); 
     authBlock.setPiiTransactionId(pendingReq.getUniquePiiTransactionIdentifier());
+    
+    //set Binding PublicKey if available
+    Object bindingPubKey = pendingReq.getRawData(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME);
+    if (bindingPubKey instanceof String) {
+      authBlock.setBindingPublicKey((String) bindingPubKey);
+      
+    }
+    
     String jwsPayload = mapper.writeValueAsString(authBlock);
     log.debug("Building and sign authBlock with data: {}", jwsPayload);
     
@@ -172,6 +181,7 @@ public class AuthBlockSigningService {
    *
    */
   @Data
+  @JsonInclude(JsonInclude.Include.NON_NULL)
   private static class EidasAuchBlock {
 
     @JsonProperty("challenge")
@@ -189,6 +199,8 @@ public class AuthBlockSigningService {
     @JsonProperty("piiTransactionId")
     private String piiTransactionId;
     
+    @JsonProperty("bindingPublicKey")
+    private String bindingPublicKey;
     
   }
 
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
index 2b3fabd9..74525e65 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
@@ -113,6 +113,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
       final String environment = (String) executionContext.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT);
       final String issuer = loadIssuerFromConfig();
       final LightRequest lightAuthnReq = buildEidasAuthnRequest(citizenCountryCode, issuer);
+      
       final BinaryLightToken token = putRequestInCommunicationCache(lightAuthnReq);
       final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token);
       workaroundRelayState(lightAuthnReq);
@@ -165,7 +166,11 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
       throws EidPostProcessingException {
     final LightRequest.Builder builder = LightRequest.builder();
     builder.id(UUID.randomUUID().toString());
-    builder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT);
+    
+    // set nameIDFormat
+    builder.nameIdFormat(
+        authConfig.getBasicConfiguration(Constants.CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT));
+
     builder.citizenCountryCode(citizenCountryCode);
     builder.issuer(issuer);
     // Add country-specific information into eIDAS request
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
index ae582e91..86cd2164 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
@@ -23,6 +23,13 @@
 
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jetbrains.annotations.NotNull;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
 import at.asitplus.eidas.specific.connector.MsConnectorEventCodes;
 import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
@@ -34,16 +41,10 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import eu.eidas.auth.commons.light.ILightResponse;
 import lombok.extern.slf4j.Slf4j;
-import org.jetbrains.annotations.NotNull;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 
 
 /**
@@ -83,6 +84,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
       checkStatusCode(eidasResponse);
       validateMsSpecificResponse(executionContext, eidasResponse);
       storeInSession(eidasResponse);
+
       revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_VALID);
     } catch (final EaafException e) {
       revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_NOT_VALID);
@@ -129,10 +131,17 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 
   private void storeInSession(ILightResponse eidasResponse) throws EaafException {
     log.debug("Store eIDAS response information into pending-request.");
-    final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+    final EidAuthProcessDataWrapper authProcessData = pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
     authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance());
+    
+    //inject set flag to inject 
+    authProcessData.setTestIdentity(
+        basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_IS_TEST_IDENTITY, false));
+
+    
     authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
     requestStoreage.storePendingRequest(pendingReq);
+    
   }
 
 }
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
index 5a113550..85b49186 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
@@ -61,6 +61,11 @@
     <property name="priority" value="1" />
   </bean>
 
+  <bean id="LU-Processor"
+    class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.LuEidProcessor">
+    <property name="priority" value="1" />
+  </bean>
+
   <bean id="Default-Processor"
     class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor">
     <property name="priority" value="0" />
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java
index 647e5d27..ee1ecf9f 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java
@@ -23,51 +23,69 @@
 
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.clients;
 
-import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
-import at.gv.egiz.eaaf.core.api.data.EaafConstants;
-import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
-import at.gv.egiz.eaaf.core.exceptions.EaafParserException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
-import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
-import com.skjolberg.mockito.soap.SoapServiceRule;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyList;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.util.List;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.ws.soap.SOAPFaultException;
+
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.cxf.binding.soap.SoapFault;
-import org.junit.*;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.Rule;
+import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.w3c.dom.Element;
 import org.xml.sax.SAXException;
-import szrservices.*;
 
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.ws.soap.SOAPFaultException;
-import java.io.IOException;
-import java.util.List;
+import com.github.skjolber.mockito.soap.SoapServiceRule;
 
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.anyList;
-import static org.mockito.Mockito.when;
+import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EaafParserException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import lombok.extern.slf4j.Slf4j;
+import szrservices.GetBPKFromStammzahlEncryptedResponse;
+import szrservices.GetBPKFromStammzahlEncryptedResponseType;
+import szrservices.GetIdentityLinkEidasResponse;
+import szrservices.IdentityLinkType;
+import szrservices.PersonInfoType;
+import szrservices.SZR;
+import szrservices.SZRException_Exception;
+import szrservices.SignContentEntry;
+import szrservices.SignContentResponse;
+import szrservices.SignContentResponseType;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(locations = {
     "/SpringTest-context_tasks_test.xml",
     "/SpringTest-context_basic_mapConfig.xml"})
+@DirtiesContext(classMode = ClassMode.AFTER_CLASS)
+@Slf4j
 public class SzrClientTest {
-  private static final Logger log = LoggerFactory.getLogger(SzrClientTest.class);
 
   @Autowired SzrClient szrClient;
   @Autowired MsConnectorDummyConfigMap basicConfig;
@@ -89,8 +107,11 @@ public class SzrClientTest {
     }
 
     basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject", "false");
+    
   }
 
+  
+  
 
   @Test
   public void getStammzahlenEcryptedTest() throws SZRException_Exception, SzrCommunicationException {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index 7af9706e..e3757c0d 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -41,9 +41,9 @@ import org.springframework.web.context.request.ServletRequestAttributes;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.github.skjolber.mockito.soap.SoapServiceRule;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
-import com.skjolberg.mockito.soap.SoapServiceRule;
 
 import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
@@ -241,7 +241,9 @@ public class CreateIdentityLinkTaskEidNewTest {
     Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText());
     Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty());
     Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty());
-
+    Assert.assertFalse("binding pubKey", authBlockJson.has("bindingPublicKey"));
+    
+    
 
     // check vsz request
     ArgumentCaptor<PersonInfoType> argument4 = ArgumentCaptor.forClass(PersonInfoType.class);
@@ -331,9 +333,12 @@ public class CreateIdentityLinkTaskEidNewTest {
     final SignContentEntry signContentEntry = new SignContentEntry();
     signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10));
     signContentResp.getOut().add(signContentEntry);
+
     when(szrMock.signContent(any(), any(), any())).thenReturn(signContentResp);
 
+
     String randomTestSp = RandomStringUtils.randomAlphabetic(10);
+    String bindingPubKey = RandomStringUtils.randomAlphabetic(10);
     pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp);
 
     MatchedPersonResult matchingInfos = MatchedPersonResult.builder()
@@ -342,9 +347,11 @@ public class CreateIdentityLinkTaskEidNewTest {
         .familyName(RandomStringUtils.randomAlphabetic(5))
         .dateOfBirth(RandomStringUtils.randomAlphabetic(5))
         .countryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
-        .build();
-        
+        .build();        
     MatchingTaskUtils.storeFinalMatchingResult(pendingReq, matchingInfos);
+
+    pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey);
+
     
     //perform test
     task.execute(pendingReq, executionContext);
@@ -360,9 +367,30 @@ public class CreateIdentityLinkTaskEidNewTest {
     Assert.assertNotNull("AuthProcessData", authProcessData);
     Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class));
 
+    // check authblock signature
     String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class);
     Assert.assertNotNull("AuthBlock", authBlock);
 
+    final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT,
+        BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()]));
+    Pair<KeyStore, Provider> keyStore = getKeyStore();
+    X509Certificate[] trustedCerts = EaafKeyStoreUtils
+        .getPrivateKeyAndCertificates(keyStore.getFirst(), ALIAS, PW.toCharArray(), true, "junit").getSecond();
+    JwsResult result = JoseUtils.validateSignature(authBlock, Arrays.asList(trustedCerts), constraints);
+    Assert.assertTrue("AuthBlock not valid", result.isValid());        
+    JsonNode authBlockJson = mapper.readTree(result.getPayLoad());    
+    Assert.assertNotNull("deserialized AuthBlock", authBlockJson);
+    
+    Assert.assertNotNull("no piiTransactionId in pendingRequesdt", 
+        storedPendingReq.getUniquePiiTransactionIdentifier());
+    Assert.assertEquals("piiTransactionId", storedPendingReq.getUniquePiiTransactionIdentifier(), 
+        authBlockJson.get("piiTransactionId").asText());
+    Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText());    
+    Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty());
+    Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty());
+    Assert.assertTrue("binding pubKey", authBlockJson.has("bindingPublicKey"));
+    Assert.assertEquals("binding PubKey", bindingPubKey, authBlockJson.get("bindingPublicKey").asText());
+    
     Assert.assertTrue("EID process", authProcessData.isEidProcess());
     Assert.assertTrue("foreigner process", authProcessData.isForeigner());
     Assert.assertEquals("EID-ISSUING_NATION", "LU",
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java
index 0a2d4271..7513501e 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java
@@ -30,9 +30,9 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
+import com.github.skjolber.mockito.soap.SoapServiceRule;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
-import com.skjolberg.mockito.soap.SoapServiceRule;
 
 import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
index c416b515..4edfe32d 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
@@ -1,5 +1,7 @@
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
 
+import static org.junit.Assert.assertNull;
+
 import java.io.UnsupportedEncodingException;
 import java.util.HashMap;
 import java.util.Map;
@@ -83,6 +85,7 @@ public class GenerateAuthnRequestTaskTest {
     pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue());
     pendingReq.setAuthUrl("http://test.com/");
 
+    basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm", "true");
     basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.entityId", 
         RandomStringUtils.randomAlphabetic(10));
     basicConfig.putConfigValue(
@@ -90,7 +93,8 @@ public class GenerateAuthnRequestTaskTest {
         "http://test/" + RandomStringUtils.randomAlphabetic(5));  
     basicConfig.putConfigValue(
         "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
-        
+    basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat");    
+    
   }
   
   @Test
@@ -297,7 +301,7 @@ public class GenerateAuthnRequestTaskTest {
     basicConfig.putConfigValue(
         "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
     basicConfig.putConfigValue(
-        "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true");
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderNames", "true");
     basicConfig.putConfigValue(
         "eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs", "myNode");
     
@@ -312,9 +316,8 @@ public class GenerateAuthnRequestTaskTest {
     Assert.assertEquals("ProviderName is not Static", "myNode", eidasReq.getProviderName());
     Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType());
     Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance());
-    Assert.assertEquals("wrong CC", cc, eidasReq.getCitizenCountryCode());
-    Assert.assertEquals("NameIdFormat", Constants.eIDAS_REQ_NAMEID_FORMAT, eidasReq.getNameIdFormat());
-    
+    Assert.assertEquals("wrong CC", cc, eidasReq.getCitizenCountryCode());    
+    assertNull("NameIdPolicy not null", eidasReq.getNameIdFormat());
     
   }
 
@@ -336,6 +339,10 @@ public class GenerateAuthnRequestTaskTest {
     basicConfig.putConfigValue(
         "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false");
             
+    String nameIdFormat = RandomStringUtils.randomAlphabetic(10);
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat", nameIdFormat);
+    
     String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
     basicConfig.putConfigValue(
         "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);    
@@ -362,6 +369,102 @@ public class GenerateAuthnRequestTaskTest {
         eidasReq.getLevelOfAssurance());
     
     Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size());
+    Assert.assertEquals("NameIdFormat", nameIdFormat, eidasReq.getNameIdFormat());
+    
+  }
+  
+  @Test
+  public void publicSpWithCountryLu() throws TaskExecutionException,
+      SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException {
+    //set-up test
+    executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU");
+    executionContext.put("selectedEnvironment", "prod");
+    
+    String providerName = RandomStringUtils.randomAlphanumeric(10);
+    pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+            
+    basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
+            
+    String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);    
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
+    
+    //execute test
+    task.execute(pendingReq, executionContext);
+        
+    //validate state
+    Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus());
+    Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location"));
+    Assert.assertTrue("Wrong redirect endpoint", 
+        ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint));
+        
+    
+    final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
+
+    Assert.assertEquals("PrividerName", "myNode", eidasReq.getProviderName());
+    Assert.assertEquals("RequesterId found", "myNode", eidasReq.getRequesterId());
+    Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType());
+    Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH, 
+        eidasReq.getLevelOfAssurance());
+    
+    Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size());
+    
+  }
+  
+  @Test
+  public void privateSpWithCountryLu() throws TaskExecutionException,
+      SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException {
+    //set-up test
+    executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU");
+    executionContext.put("selectedEnvironment", "prod");
+    
+    String providerName = RandomStringUtils.randomAlphanumeric(10);
+    String requesterId = RandomStringUtils.randomAlphanumeric(10);
+    pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+    pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, requesterId);
+    
+    spConfig.put("target", 
+        EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6));
+            
+    basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true");
+            
+    String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);    
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
+    
+    //execute test
+    task.execute(pendingReq, executionContext);
+        
+    //validate state
+    Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus());
+    Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location"));
+    Assert.assertTrue("Wrong redirect endpoint", 
+        ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint));
+        
+    
+    final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
+
+    Assert.assertEquals("PrividerName", "myNode", eidasReq.getProviderName());
+    Assert.assertEquals("RequesterId", "myNode", eidasReq.getRequesterId());
+    Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType());
+    Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH, 
+        eidasReq.getLevelOfAssurance());
+    
+    Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size());
     
   }
   
@@ -409,6 +512,53 @@ public class GenerateAuthnRequestTaskTest {
         EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6));
     String providerName = RandomStringUtils.randomAlphanumeric(10);
     pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+    pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, "http://junit.sp");
+
+    basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false");
+    
+    String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint);    
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET");
+        
+    
+    //perform test
+    task.execute(pendingReq, executionContext);
+    
+    //validate state
+    Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus());
+    Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location"));
+    Assert.assertTrue("Wrong redirect endpoint", 
+        ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint));
+    
+
+    final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
+
+    Assert.assertEquals("PrividerName", providerName, eidasReq.getProviderName());
+    Assert.assertEquals("RequesterId", "Wr8LrrVf5SYneblOlZdZNaLQQCCgzklfKQvyeZjBx10=", eidasReq.getRequesterId());
+    Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType());
+    Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance());
+    
+  }
+  
+  @Test
+  public void privateSPWithoutRequestIdHashing() throws TaskExecutionException,
+      SpecificCommunicationException, EaafStorageException {
+    //set-up test
+    executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC");
+    spConfig.put("target", 
+        EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6));
+    String providerName = RandomStringUtils.randomAlphanumeric(10);
+    String requesterId = RandomStringUtils.randomAlphanumeric(10);
+    pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName);
+    pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, requesterId);
 
     basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets");
     basicConfig.putConfigValue(
@@ -417,6 +567,7 @@ public class GenerateAuthnRequestTaskTest {
         "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true");
     basicConfig.putConfigValue(
         "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false");
+    basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm", "false");
     
     String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5);
     basicConfig.putConfigValue(
@@ -438,7 +589,7 @@ public class GenerateAuthnRequestTaskTest {
     final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null);
 
     Assert.assertEquals("PrividerName", providerName, eidasReq.getProviderName());
-    Assert.assertEquals("RequesterId", providerName, eidasReq.getRequesterId());
+    Assert.assertEquals("RequesterId", requesterId, eidasReq.getRequesterId());
     Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType());
     Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance());
     
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java
index c8e00e72..ea2cda4b 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java
@@ -37,7 +37,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
 import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
 import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
@@ -81,7 +81,8 @@ public class ReceiveAuthnResponseTaskTest {
     RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
 
     basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false");
-
+    basicConfig.putConfigValue("eidas.ms.auth.eIDAS.eid.testidentity.default", "false");
+    
     final Map<String, String> spConfig = new HashMap<>();
     spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
     spConfig.put("target", "urn:publicid:gv.at:cdid+XX");
@@ -149,16 +150,45 @@ public class ReceiveAuthnResponseTaskTest {
     //validate state
     IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
     Assert.assertNotNull("pendingReq not stored", storedReq);
-
-    final AuthProcessDataWrapper authProcessData = storedReq.getSessionData(AuthProcessDataWrapper.class);
+    final EidAuthProcessDataWrapper authProcessData = storedReq.getSessionData(EidAuthProcessDataWrapper.class);
     Assert.assertEquals("LoA", eidasResponse.getLevelOfAssurance(), authProcessData.getQaaLevel());
     Assert.assertNotNull("eIDAS response",
         authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
     Assert.assertEquals("eIDAS response", eidasResponse,
         authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
-
+    
+    Assert.assertFalse("testIdentity flag", authProcessData.isTestIdentity());
+        
   }
-
+  
+  @Test
+  public void successWithTestIdentity() throws URISyntaxException, TaskExecutionException, PendingReqIdValidationException {    
+    basicConfig.putConfigValue("eidas.ms.auth.eIDAS.eid.testidentity.default", "true");
+    
+    @NotNull        
+    AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI);
+    httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
+    executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU");    
+      
+    //execute test
+    task.execute(pendingReq, executionContext);
+    
+    //validate state
+    IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
+    Assert.assertNotNull("pendingReq not stored", storedReq);
+    
+    final EidAuthProcessDataWrapper authProcessData = storedReq.getSessionData(EidAuthProcessDataWrapper.class);
+    Assert.assertEquals("LoA", eidasResponse.getLevelOfAssurance(), authProcessData.getQaaLevel());
+    Assert.assertNotNull("eIDAS response", 
+        authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
+    Assert.assertEquals("eIDAS response", eidasResponse, 
+        authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE));
+    Assert.assertTrue("testIdentity flag", authProcessData.isTestIdentity());
+        
+  }
+  
+  
+  
   @NotNull
   private AuthenticationResponse buildDummyAuthResponse(String statusCode) throws URISyntaxException {
     final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
index 35f1a91b..84da2344 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
@@ -149,9 +149,10 @@ public class EidasRequestPreProcessingFirstTest {
 
     Assert.assertEquals("ProviderName is not Static",
         Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, lightReq.getProviderName());
+    Assert.assertNotSame("RequesterId was set", lightReq.getRequesterId());
     Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
     Assert.assertEquals("Requested attribute size not match", 8, lightReq.getRequestedAttributes().size());
 
   }
-
+    
 }
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
index 23175a18..6fd4f8a5 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java
@@ -86,6 +86,9 @@ public class EidasRequestPreProcessingSecondTest {
     authnRequestBuilder.issuer("Test");
     authnRequestBuilder.levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH);
 
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "true");
+    
   }
 
   @Test
@@ -106,4 +109,49 @@ public class EidasRequestPreProcessingSecondTest {
 
   }
 
+
+  /*
+   * Set ProviderName according to general configuration
+   */
+  @Test
+  public void prePreProcessLuPublicSpWithoutRequestId() throws EidPostProcessingException {
+
+    basicConfig.putConfigValue(
+        "eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll", "false");
+    
+    final String testCountry = "LU";
+    authnRequestBuilder.citizenCountryCode(testCountry);
+    preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
+
+    final LightRequest lightReq = authnRequestBuilder.build();
+
+    Assert.assertEquals("ProviderName is not Static", "myNode", lightReq.getProviderName());
+    Assert.assertNull("RequesterId", lightReq.getRequesterId());
+    Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
+    Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size());
+
+  }
+  
+  /* 
+   * Always set requesterId and providername in case of country LU
+   */
+  @Test
+  public void prePreProcessLuPublicSpWithStaticRequesterId() throws EidPostProcessingException {
+
+    
+    final String testCountry = "LU";
+    authnRequestBuilder.citizenCountryCode(testCountry);
+    preProcessor.preProcess(testCountry, pendingReq, authnRequestBuilder);
+
+    final LightRequest lightReq = authnRequestBuilder.build();
+
+    Assert.assertEquals("ProviderName is not Static",
+        "myNode", lightReq.getProviderName());
+    Assert.assertEquals("RequesterId is not Static",
+        "myNode", lightReq.getRequesterId());
+    Assert.assertEquals("no PublicSP", "public", lightReq.getSpType());
+    Assert.assertEquals("Requested attribute size not match", 4, lightReq.getRequestedAttributes().size());
+
+  }
+  
 }
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
index d4783585..f4fc72a7 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
@@ -53,6 +53,11 @@
     <property name="priority" value="1" />
   </bean>
 
+  <bean id="LU-PostProcessor"
+    class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.LuEidProcessor">
+    <property name="priority" value="1" />
+  </bean>
+
  <bean id="eIDASAuthModule"
     class="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasAuthenticationModulImpl">
     <property name="priority" value="2" />