stuck on how to test

19 files changed, 2244 insertions, 93 deletions

diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml
index e64aefc7..7bbdaf78 100644
--- a/eidas_modules/authmodule-eIDAS-v2/pom.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml
@@ -149,6 +149,24 @@
       <scope>test</scope>
     </dependency>
     <dependency>
+      <groupId>org.powermock</groupId>
+      <artifactId>powermock-module-junit4</artifactId>
+      <version>2.0.7</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.powermock</groupId>
+      <artifactId>powermock-api-mockito2</artifactId>
+      <version>2.0.7</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>eu.eidas</groupId>
+      <artifactId>eidas-light-commons</artifactId>
+      <version>2.4.0</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
       <groupId>at.gv.egiz.eaaf</groupId>
       <artifactId>eaaf_core_utils</artifactId>
       <scope>test</scope>
@@ -160,6 +178,17 @@
       <scope>test</scope>
       <type>test-jar</type>
     </dependency>
+    <dependency>
+      <groupId>com.fasterxml.jackson.core</groupId>
+      <artifactId>jackson-databind</artifactId>
+      <version>2.11.2</version>
+      <scope>compile</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.bitbucket.b_c</groupId>
+      <artifactId>jose4j</artifactId>
+      <version>0.7.2</version>
+    </dependency>
   </dependencies>
 
   <build>
@@ -168,7 +197,7 @@
         <directory>src/main/resources</directory>
       </resource>
       <resource>
-        <directory>target/generated/cxf</directory>
+        <directory>target/generated-sources/cxf</directory>
       </resource>
     </resources>
 
@@ -209,7 +238,7 @@
               <sourceRoot>${project.build.directory}/generated/cxf</sourceRoot>
               <wsdlOptions>
                 <wsdlOption>
-                  <wsdl>${basedir}/src/main/resources/szr_client/SZR-1.1.WSDL</wsdl>
+                  <wsdl>${basedir}/src/main/resources/szr_client/SZR_v4.0.wsdl</wsdl>
                   <extraargs>
                     <extraarg>-verbose </extraarg>
                   </extraargs>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
index 763d8dab..5a551649 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
@@ -33,9 +33,7 @@ import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.security.UnrecoverableKeyException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 
 import javax.annotation.PostConstruct;
 import javax.net.ssl.KeyManager;
@@ -56,7 +54,10 @@ import javax.xml.ws.BindingProvider;
 import javax.xml.ws.Dispatch;
 import javax.xml.ws.handler.Handler;
 
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.time.StopWatch;
 import org.apache.cxf.configuration.jsse.TLSClientParameters;
 import org.apache.cxf.endpoint.Client;
 import org.apache.cxf.frontend.ClientProxy;
@@ -79,15 +80,7 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
-import szrservices.GetBPK;
-import szrservices.GetBPKResponse;
-import szrservices.GetIdentityLinkEidas;
-import szrservices.GetIdentityLinkEidasResponse;
-import szrservices.IdentityLinkType;
-import szrservices.ObjectFactory;
-import szrservices.PersonInfoType;
-import szrservices.SZR;
-import szrservices.SZRException_Exception;
+import szrservices.*;
 
 @Service("SZRClientForeIDAS")
 public class SzrClient {
@@ -109,9 +102,11 @@ public class SzrClient {
   private String szrUrl = null;
   private QName qname = null;
 
+  final ObjectMapper mapper = new ObjectMapper();
+
   /**
    * Get IdentityLink of a person.
-   * 
+   *
    * @param personInfo Person identification information
    * @return IdentityLink
    * @throws SzrCommunicationException In case of a SZR error
@@ -165,7 +160,7 @@ public class SzrClient {
 
     } catch (final Exception e) {
       log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e);
-      throw new SzrCommunicationException("ernb.02", new Object[] { e.getMessage() }, e);
+      throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e);
 
     }
 
@@ -173,19 +168,19 @@ public class SzrClient {
 
   /**
    * Get bPK of person.
-   * 
+   *
    * @param personInfo Person identification information
-   * @param target requested bPK target
-   * @param vkz Verfahrenskennzeichen
+   * @param target     requested bPK target
+   * @param vkz        Verfahrenskennzeichen
    * @return bPK for this person
    * @throws SzrCommunicationException In case of a SZR error
    */
-  public String getBpk(PersonInfoType personInfo, String target, String vkz)
+  public List<String> getBpk(PersonInfoType personInfo, String target, String vkz)
       throws SzrCommunicationException {
     try {
       final GetBPK parameters = new GetBPK();
       parameters.setPersonInfo(personInfo);
-      parameters.setBereichsKennung(target);
+      parameters.getBereichsKennung().add(target);
       parameters.setVKZ(vkz);
       final GetBPKResponse result = this.szr.getBPK(parameters);
 
@@ -193,16 +188,98 @@ public class SzrClient {
 
     } catch (final SZRException_Exception e) {
       log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e);
-      throw new SzrCommunicationException("ernb.02", new Object[] { e.getMessage() }, e);
+      throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e);
 
     }
 
   }
 
+  /**
+   * Request a encryped baseId from SRZ.
+   *
+   * @param personInfo Minimum dataset of person
+   * @return encrypted baseId
+   * @throws SzrCommunicationException    In case of a SZR error
+   */
+  public String getEncryptedStammzahl(final PersonInfoType personInfo)
+      throws SzrCommunicationException {
+
+    final String resp;
+    try {
+      resp = this.szr.getStammzahlEncrypted(personInfo, false);
+    } catch (SZRException_Exception e) {
+      throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e);
+    }
+
+    if (resp == null || StringUtils.isEmpty(resp)) {
+      throw new SzrCommunicationException("ernb.01", new Object[]{"Stammzahl response empty"}); // TODO error handling
+    }
+
+    return resp;
+
+  }
+
+
+  /**
+   * Signs content.
+   *
+   * @param vsz ? TODO
+   * @param bindingPubKey  binding PublikKey as PKCS1# (ASN.1) container
+   * @param eidStatus Status of the E-ID
+   * @return bPK for this person
+   * @throws SzrCommunicationException In case of a SZR error
+   */
+  public String getBcBind(final String vsz, final String bindingPubKey, final String eidStatus)
+      throws SzrCommunicationException {
+
+    final String ATTR_NAME_VSZ = "urn:eidgvat:attributes.vsz.value";
+    final String ATTR_NAME_PUBKEYS = "urn:eidgvat:attributes.user.pubkeys";
+    final String ATTR_NAME_STATUS = "urn:eidgvat:attributes.eid.status";
+    final String KEY_BC_BIND = "bcBindReq";
+    final String JOSE_HEADER_USERCERTPINNING_TYPE = "urn:at.gv.eid:bindtype";
+    final String JOSE_HEADER_USERCERTPINNING_EIDASBIND = "urn:at.gv.eid:eidasBind";
+
+    final Map<String, Object> bcBindMap = new HashMap<>();
+    bcBindMap.put(ATTR_NAME_VSZ, vsz);
+    bcBindMap.put(ATTR_NAME_STATUS, eidStatus);
+    bcBindMap.put(ATTR_NAME_PUBKEYS, Arrays.asList(bindingPubKey));
+
+    try {
+      final String serializedBcBind = mapper.writeValueAsString(bcBindMap);
+      final SignContent req = new SignContent();
+      final SignContentEntry bcBindInfo = new SignContentEntry();
+      bcBindInfo.setKey(KEY_BC_BIND);
+      bcBindInfo.setValue(serializedBcBind);
+      req.getIn().add(bcBindInfo);
+      req.setAppendCert(false);
+      final JwsHeaderParam bcBindJoseHeader = new JwsHeaderParam();
+      bcBindJoseHeader.setKey(JOSE_HEADER_USERCERTPINNING_TYPE);
+      bcBindJoseHeader.setValue(JOSE_HEADER_USERCERTPINNING_EIDASBIND);
+      req.getJWSHeaderParam().add(bcBindJoseHeader);
+
+      log.trace("Requesting SZR to sign bcBind datastructure ... ");
+      final SignContentResponseType resp = szr.signContent(req.isAppendCert(), req.getJWSHeaderParam(), req.getIn());
+      log.trace("Receive SZR response on bcBind siging operation ");
+
+      if (resp == null
+          || resp.getOut().isEmpty()
+          || resp.getOut().get(0).getValue() == null) {
+        throw new SzrCommunicationException("ernb.01", new Object[]{"BcBind response empty"}); //TODO check error handling
+      }
+
+      return resp.getOut().get(0).getValue();
+
+    } catch (final JsonProcessingException | SZRException_Exception e) {
+      log.warn("Requesting bcBind by using SZR FAILED. Reason: {}", e.getMessage(), null, e);
+      throw new SzrCommunicationException("ernb.02",
+          new Object[]{e.getMessage()}, e);
+    }
+  }
+
   @PostConstruct
   private void initialize() {
     log.info("Starting SZR-Client initialization .... ");
-    final URL url = SzrClient.class.getResource("/szr_client/SZR-1.1.WSDL");
+    final URL url = SzrClient.class.getResource("/szr_client/SZR_v4.0.wsdl");
 
     final boolean useTestSzr = basicConfig.getBasicConfigurationBoolean(
         Constants.CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE,
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 88c3515b..e4a22cbc 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -19,28 +19,10 @@
  * file for details on the various modules and licenses.
  * The "NOTICE" text file is part of the distribution. Any derivative works
  * that you distribute must include a readable copy of the "NOTICE" text file.
-*/
+ */
 
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
 
-import java.io.InputStream;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang3.StringUtils;
-import org.joda.time.DateTime;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
-
 import at.asitplus.eidas.specific.connector.MsConnectorEventCodes;
 import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
@@ -60,6 +42,8 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
@@ -67,20 +51,38 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
 import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
 import eu.eidas.auth.commons.attribute.AttributeValue;
 import eu.eidas.auth.commons.light.ILightResponse;
 import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
 import lombok.extern.slf4j.Slf4j;
+import lombok.val;
+import org.apache.commons.lang3.StringUtils;
+import org.joda.time.DateTime;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
 import szrservices.IdentityLinkType;
 import szrservices.PersonInfoType;
 import szrservices.TravelDocumentType;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.InputStream;
+import java.security.KeyStoreException;
+import java.util.Base64;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
 /**
  * Task that creates the IdentityLink for an eIDAS authenticated person.
- * 
- * @author tlenz
  *
+ * @author tlenz
  */
 @Slf4j
 @Component("CreateIdentityLinkTask")
@@ -95,7 +97,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 
   /*
    * (non-Javadoc)
-   * 
+   *
    * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.
    * egovernment.moa.id.process.api.ExecutionContext,
    * javax.servlet.http.HttpServletRequest,
@@ -103,7 +105,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
    */
   @Override
   public void execute(ExecutionContext executionContext,
-      HttpServletRequest request, HttpServletResponse response)
+                      HttpServletRequest request, HttpServletResponse response)
       throws TaskExecutionException {
     try {
       final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
@@ -217,43 +219,64 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
           }
         }
 
-        final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo);
+        String eidMode = pendingReq.getServiceProviderConfiguration().getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old");
+        if (eidMode.equals("new")) {
 
-        final Element idlFromSzr = (Element) result.getAssertion();
-        identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink();
+          String vsz = szrClient.getEncryptedStammzahl(personInfo);
 
-        // write ERnB inputdata into revisionlog
-        if (basicConfig.getBasicConfigurationBoolean(
-            Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) {
-          revisionsLogger.logEvent(pendingReq,
-              MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID,
-              (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
-          revisionsLogger.logEvent(pendingReq,
-              MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym());
+          // build Keystore
+          String pK64 = getPkFromKeystore();
+          // setzte Keystore in config ?path? lade rein
+          // key pair art siehe jose utils
 
-        }
 
-        // get bPK from SZR
-        if (basicConfig.getBasicConfigurationBoolean(
-            Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) {
-          bpk = szrClient.getBpk(
-              personInfo,
-              pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(),
-              basicConfig.getBasicConfiguration(
-                  Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ,
-                  "no VKZ defined"));
+          String signedEidasBind = szrClient.getBcBind(vsz, pK64, "urn:eidgvat:eid.status.eidas"); //eidstatus TODO as config?
+
+          //build AuthBlock JWS
+          ObjectMapper mapper = new ObjectMapper();
+          String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier());
+
+//          JoseUtils.createSignature(new Pair<>(ks, ks.getProvider()), "connectorkeypair", passord.chararray(), jwsPayload, false, ); //TODO joseutils kopiern
 
         } else {
-          log.debug("Calculating bPK from baseId ... ");
-          new BpkBuilder();
-          final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier(
-              identityLink.getIdentificationValue(),
-              identityLink.getIdentificationType(),
-              pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
-          bpk = bpkCalc.getFirst();
 
-        }
+          final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo);
 
+          final Element idlFromSzr = (Element) result.getAssertion();
+          identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink();
+
+          // write ERnB inputdata into revisionlog
+          if (basicConfig.getBasicConfigurationBoolean(
+              Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) {
+            revisionsLogger.logEvent(pendingReq,
+                MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID,
+                (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
+            revisionsLogger.logEvent(pendingReq,
+                MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym());
+
+          }
+
+          // get bPK from SZR
+          if (basicConfig.getBasicConfigurationBoolean(
+              Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) {
+            bpk = szrClient.getBpk(
+                personInfo,
+                pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(),
+                basicConfig.getBasicConfiguration(
+                    Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ,
+                    "no VKZ defined")).get(0);
+
+          } else {
+            log.debug("Calculating bPK from baseId ... ");
+            new BpkBuilder();
+            final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier(
+                identityLink.getIdentificationValue(),
+                identityLink.getIdentificationType(),
+                pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+            bpk = bpkCalc.getFirst();
+
+          }
+        }
       }
 
       if (identityLink == null) {
@@ -307,6 +330,20 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
     }
   }
 
+  private String getPkFromKeystore() throws EaafException, KeyStoreException {
+    EaafKeyStoreFactory keyStoreFactory = new EaafKeyStoreFactory();
+    KeyStoreConfiguration configuration = new KeyStoreConfiguration();
+
+    final String current = new java.io.File(".").toURI().toString();
+    configuration.setSoftKeyStoreFilePath(current + "src/test/resources/keystore/teststore.jks");
+
+    configuration.setSoftKeyStorePassword("f/+saJBc3a}*/T^s");
+    configuration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.JKS);
+    val ks = keyStoreFactory.buildNewKeyStore(configuration);
+    val publicKey = ks.getFirst().getCertificate("connectorkeypair").getPublicKey();
+    return Base64.getEncoder().encodeToString(publicKey.getEncoded());
+  }
+
   private String extendBpkByPrefix(String bpk, String type) {
     String bpkType = null;
 
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/JoseUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/JoseUtils.java
new file mode 100644
index 00000000..e81c4c92
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/JoseUtils.java
@@ -0,0 +1,305 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils;
+
+import at.gv.egiz.eaaf.core.exception.EaafKeyUsageException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.utils.X509Utils;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.jose4j.jca.ProviderContext;
+import org.jose4j.jwa.AlgorithmConstraints;
+import org.jose4j.jws.AlgorithmIdentifiers;
+import org.jose4j.jws.JsonWebSignature;
+import org.jose4j.jwx.Headers;
+import org.jose4j.jwx.JsonWebStructure;
+import org.jose4j.keys.resolvers.X509VerificationKeyResolver;
+import org.jose4j.lang.JoseException;
+import org.springframework.util.Base64Utils;
+
+import javax.annotation.Nonnull;
+import java.io.IOException;
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.Provider;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+
+/**
+ * {@link JoseUtils} provides static methods JWS and JWE processing.
+ *
+ * @author tlenz
+ *
+ */
+@Slf4j
+public class JoseUtils {
+
+  /**
+   * Create a JWS signature.
+   *
+   * <p>
+   * Use {@link AlgorithmIdentifiers.RSA_PSS_USING_SHA256} in case
+   * of a RSA based key and
+   * {@link AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256}
+   * in case of an ECC based key.
+   * </p>
+   *
+   * @param keyStore               KeyStore that should be used
+   * @param keyAlias               Alias of the private key
+   * @param keyPassword            Password to access the key
+   * @param payLoad                PayLoad to sign
+   * @param addFullCertChain       If true the full certificate chain will be
+   *                               added, otherwise only the
+   *                               X509CertSha256Fingerprint is added into JOSE
+   *                               header
+   * @param friendlyNameForLogging FriendlyName for the used KeyStore for logging
+   *                               purposes only
+   * @return Signed PayLoad in serialized form
+   * @throws EaafException In case of a key-access or key-usage error
+   * @throws JoseException In case of a JOSE error
+   */
+  public static String createSignature(@Nonnull Pair<KeyStore, Provider> keyStore,
+      @Nonnull final String keyAlias, @Nonnull final char[] keyPassword,
+      @Nonnull final String payLoad, boolean addFullCertChain,
+      @Nonnull String friendlyNameForLogging) throws EaafException, JoseException {
+    return createSignature(keyStore, keyAlias, keyPassword, payLoad, addFullCertChain, Collections.emptyMap(),
+        AlgorithmIdentifiers.RSA_PSS_USING_SHA256, AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256,
+        friendlyNameForLogging);
+
+  }
+
+  /**
+   * Create a JWS signature.
+   *
+   * <p>
+   * Use {@link AlgorithmIdentifiers.RSA_PSS_USING_SHA256} in case
+   * of a RSA based key and
+   * {@link AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256}
+   * in case of an ECC based key.
+   * </p>
+   *
+   * @param keyStore               KeyStore that should be used
+   * @param keyAlias               Alias of the private key
+   * @param keyPassword            Password to access the key
+   * @param payLoad                PayLoad to sign
+   * @param addFullCertChain       If true the full certificate chain will be
+   *                               added, otherwise only the
+   *                               X509CertSha256Fingerprint is added into JOSE
+   *                               header
+   * @param joseHeaders            HeaderName and HeaderValue that should be set
+   *                               into JOSE header
+   * @param friendlyNameForLogging FriendlyName for the used KeyStore for logging
+   *                               purposes only
+   * @return Signed PayLoad in serialized form
+   * @throws EaafException In case of a key-access or key-usage error
+   * @throws JoseException In case of a JOSE error
+   */
+  public static String createSignature(@Nonnull Pair<KeyStore, Provider> keyStore,
+      @Nonnull final String keyAlias, @Nonnull final char[] keyPassword,
+      @Nonnull final String payLoad, boolean addFullCertChain,
+      @Nonnull final Map<String, String> joseHeaders,
+      @Nonnull String friendlyNameForLogging) throws EaafException, JoseException {
+    return createSignature(keyStore, keyAlias, keyPassword, payLoad, addFullCertChain, joseHeaders,
+        AlgorithmIdentifiers.RSA_PSS_USING_SHA256, AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256,
+        friendlyNameForLogging);
+
+  }
+
+  /**
+   * Create a JWS signature.
+   *
+   * @param keyStore               KeyStore that should be used
+   * @param keyAlias               Alias of the private key
+   * @param keyPassword            Password to access the key
+   * @param payLoad                PayLoad to sign
+   * @param addFullCertChain       If true the full certificate chain will be
+   *                               added, otherwise only the
+   *                               X509CertSha256Fingerprint is added into JOSE
+   *                               header
+   * @param joseHeaders            HeaderName and HeaderValue that should be set
+   *                               into JOSE header
+   * @param rsaAlgToUse            Signing algorithm that should be used in case
+   *                               of a signing key based on RSA
+   * @param eccAlgToUse            Signing algorithm that should be used in case
+   *                               of a signing key based on ECC
+   * @param friendlyNameForLogging FriendlyName for the used KeyStore for logging
+   *                               purposes only
+   * @return Signed PayLoad in serialized form
+   * @throws EaafException In case of a key-access or key-usage error
+   * @throws JoseException In case of a JOSE error
+   */
+  public static String createSignature(@Nonnull Pair<KeyStore, Provider> keyStore,
+      @Nonnull final String keyAlias, @Nonnull final char[] keyPassword,
+      @Nonnull final String payLoad, boolean addFullCertChain,
+      @Nonnull final Map<String, String> joseHeaders,
+      @Nonnull final String rsaAlgToUse, @Nonnull final String eccAlgToUse,
+      @Nonnull String friendlyNameForLogging) throws EaafException, JoseException {
+
+    final JsonWebSignature jws = new JsonWebSignature();
+
+    // set payload
+    jws.setPayload(payLoad);
+
+    // set JOSE headers
+    for (final Entry<String, String> el : joseHeaders.entrySet()) {
+      log.trace("Set JOSE header: {} with value: {} into JWS", el.getKey(), el.getValue());
+      jws.setHeader(el.getKey(), el.getValue());
+
+    }
+
+    // set signing information
+    final Pair<Key, X509Certificate[]> signingCred = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+        keyStore.getFirst(), keyAlias, keyPassword, true, friendlyNameForLogging);
+    jws.setKey(signingCred.getFirst());
+    jws.setAlgorithmHeaderValue(getKeyOperationAlgorithmFromCredential(
+        jws.getKey(), rsaAlgToUse, eccAlgToUse, friendlyNameForLogging));
+
+    // set special provider if required
+    if (keyStore.getSecond() != null) {
+      log.trace("Injecting special Java Security Provider: {}", keyStore.getSecond().getName());
+      final ProviderContext providerCtx = new ProviderContext();
+      providerCtx.getSuppliedKeyProviderContext().setSignatureProvider(
+          keyStore.getSecond().getName());
+      jws.setProviderContext(providerCtx);
+
+    }
+
+    if (addFullCertChain) {
+      jws.setCertificateChainHeaderValue(signingCred.getSecond());
+
+    }
+
+    jws.setX509CertSha256ThumbprintHeaderValue(signingCred.getSecond()[0]);
+
+    return jws.getCompactSerialization();
+
+  }
+
+  /**
+   * Verify a JOSE signature.
+   *
+   * @param serializedContent Serialized content that should be verified
+   * @param trustedCerts      Trusted certificates that should be used for
+   *                          verification
+   * @param constraints       {@link AlgorithmConstraints} for verification
+   * @return {@link JwsResult} object
+   * @throws JoseException In case of a signature verification error
+   * @throws IOException   In case of a general error
+   */
+  public static JwsResult validateSignature(@Nonnull final String serializedContent,
+      @Nonnull final List<X509Certificate> trustedCerts, @Nonnull final AlgorithmConstraints constraints)
+      throws JoseException, IOException {
+    final JsonWebSignature jws = new JsonWebSignature();
+    // set payload
+    jws.setCompactSerialization(serializedContent);
+
+    // set security constrains
+    jws.setAlgorithmConstraints(constraints);
+
+    // load signinc certs
+    Key selectedKey = null;
+    final List<X509Certificate> x5cCerts = jws.getCertificateChainHeaderValue();
+    final String x5t256 = jws.getX509CertSha256ThumbprintHeaderValue();
+    if (x5cCerts != null) {
+      log.debug("Found x509 certificate in JOSE header ... ");
+      log.trace("Sorting received X509 certificates ... ");
+      final List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts);
+
+      if (trustedCerts.contains(sortedX5cCerts.get(0))) {
+        selectedKey = sortedX5cCerts.get(0).getPublicKey();
+
+      } else {
+        log.info("Can NOT find JOSE certificate in truststore.");
+        if (log.isDebugEnabled()) {
+          try {
+            log.debug("Cert: {}", Base64Utils.encodeToString(sortedX5cCerts.get(0).getEncoded()));
+
+          } catch (final CertificateEncodingException e) {
+            log.warn("Can not create DEBUG output", e);
+
+          }
+        }
+      }
+
+    } else if (StringUtils.isNotEmpty(x5t256)) {
+      log.debug("Found x5t256 fingerprint in JOSE header .... ");
+      final X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(
+          trustedCerts);
+      selectedKey = x509VerificationKeyResolver.resolveKey(jws, Collections.<JsonWebStructure>emptyList());
+
+    } else {
+      throw new JoseException("JWS contains NO signature certificate or NO certificate fingerprint");
+
+    }
+
+    if (selectedKey == null) {
+      throw new JoseException("Can NOT select verification key for JWS. Signature verification FAILED");
+
+    }
+
+    // set verification key
+    jws.setKey(selectedKey);
+
+    // load payLoad
+    return new JwsResult(
+        jws.verifySignature(),
+        jws.getUnverifiedPayload(),
+        jws.getHeaders(),
+        x5cCerts);
+
+  }
+
+  /**
+   * Select signature algorithm for a given credential.
+   *
+   * @param key                    {@link X509Credential} that will be used for
+   *                               key operations
+   * @param rsaSigAlgorithm        RSA based algorithm that should be used in case
+   *                               of RSA credential
+   * @param ecSigAlgorithm         EC based algorithm that should be used in case
+   *                               of RSA credential
+   * @param friendlyNameForLogging KeyStore friendlyName for logging purposes
+   * @return either the RSA based algorithm or the EC based algorithm
+   * @throws EaafKeyUsageException In case of an unsupported private-key type
+   */
+  private static String getKeyOperationAlgorithmFromCredential(Key key,
+      String rsaSigAlgorithm, String ecSigAlgorithm, String friendlyNameForLogging)
+      throws EaafKeyUsageException {
+    if (key instanceof RSAPrivateKey) {
+      return rsaSigAlgorithm;
+
+    } else if (key instanceof ECPrivateKey) {
+      return ecSigAlgorithm;
+
+    } else {
+      log.warn("Could NOT select the cryptographic algorithm from Private-Key type");
+      throw new EaafKeyUsageException(EaafKeyUsageException.ERROR_CODE_01,
+          friendlyNameForLogging,
+          "Can not select cryptographic algorithm");
+
+    }
+
+  }
+
+  private JoseUtils() {
+
+  }
+
+  @Getter
+  @AllArgsConstructor
+  public static class JwsResult {
+    final boolean valid;
+    final String payLoad;
+    final Headers fullJoseHeader;
+    final List<X509Certificate> x5cCerts;
+
+  }
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR_v4.0.wsdl b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR_v4.0.wsdl
new file mode 100644
index 00000000..e7f296bd
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/SZR_v4.0.wsdl
@@ -0,0 +1,441 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<definitions targetNamespace="urn:SZRServices" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pd="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:pvp="http://egov.gv.at/pvp1.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:szr="urn:SZRServices" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+    <types>
+			<xs:schema>
+				<xs:import namespace="urn:SZRServices" schemaLocation="szr_v4.0.xsd"/>
+			</xs:schema>
+		</types>
+	<message name="Header">
+		<part name="SecurityHeader" element="wsse:Security" />
+	</message>
+	<message name="GetIdentityLinkRequest">
+		<part element="szr:GetIdentityLink" name="parameters" />
+	</message>
+	<message name="GetIdentityLinkResponse">
+		<part element="szr:GetIdentityLinkResponse" name="parameters" />
+	</message>
+	<message name="GetIdentityLinkEidasRequest">
+		<part element="szr:GetIdentityLinkEidas" name="parameters" />
+	</message>
+	<message name="GetIdentityLinkEidasResponse">
+		<part element="szr:GetIdentityLinkEidasResponse" name="parameters" />
+	</message>
+	<message name="GetBPKRequest">
+		<part element="szr:GetBPK" name="parameters" />
+	</message>
+	<message name="GetBPKResponse">
+		<part element="szr:GetBPKResponse" name="parameters" />
+	</message>
+	<message name="GetBPKsRequest">
+		<part element="szr:GetBPKs" name="parameters" />
+	</message>
+	<message name="GetBPKsResponse">
+		<part element="szr:GetBPKsResponse" name="parameters" />
+	</message>
+	<message name="GetBPKKombiRequest">
+		<part element="szr:GetBPKKombi" name="parameters" />
+	</message>
+	<message name="GetBPKKombiResponse">
+		<part element="szr:GetBPKKombiResponse" name="parameters" />
+	</message>
+	<message name="GetBPKZPVRequest">
+		<part element="szr:GetBPKZPV" name="parameters" />
+	</message>
+	<message name="GetBPKZPVResponse">
+		<part element="szr:GetBPKZPVResponse" name="parameters" />
+	</message>
+	<message name="GetBPKFromStammzahlEncryptedRequest">
+		<part element="szr:GetBPKFromStammzahlEncrypted" name="parameters" />
+	</message>
+	<message name="GetBPKFromStammzahlEncryptedResponse">
+		<part element="szr:GetBPKFromStammzahlEncryptedResponse" name="parameters" />
+	</message>
+	<message name="SignContentRequest">
+		<part element="szr:SignContent" name="parameters" />
+	</message>
+	<message name="SignContentResponse">
+		<part element="szr:SignContentResponse" name="parameters" />
+	</message>
+	<message name="BPKzuBasiszahlRequest">
+		<part element="szr:BPKzuBasiszahl" name="parameters" />
+	</message>
+	<message name="BPKzuBasiszahlResponse">
+		<part element="szr:BPKzuBasiszahlResponse" name="parameters" />
+	</message>
+	<message name="BasiszahlZuBPKRequest">
+		<part element="szr:BasiszahlZuBPK" name="parameters" />
+	</message>
+	<message name="BasiszahlZuBPKResponse">
+		<part element="szr:BasiszahlZuBPKResponse" name="parameters" />
+	</message>
+	<message name="ValidateIdentityLinkRequest">
+		<part element="szr:ValidateIdentityLink" name="parameters" />
+	</message>
+	<message name="ValidateIdentityLinkResponse">
+		<part element="szr:ValidateIdentityLinkResponse" name="parameters" />
+	</message>
+	<message name="TransformBPKRequest">
+		<part element="szr:TransformBPK" name="parameters" />
+	</message>
+	<message name="TransformBPKResponse">
+		<part element="szr:TransformBPKResponse" name="parameters" />
+	</message>
+	<message name="GetVKZPermissionRequest">
+		<part element="szr:GetVKZPermission" name="parameters" />
+	</message>
+	<message name="GetVKZPermissionResponse">
+		<part element="szr:GetVKZPermissionResponse" name="parameters" />
+	</message>
+	<message name="ZMRAnwendungsIntegrationRequest">
+		<part element="szr:ZMRAnwendungsIntegration" name="parameters" />
+	</message>
+	<message name="ZMRAnwendungsIntegrationResponse">
+		<part element="szr:ZMRAnwendungsIntegrationResponse" name="parameters" />
+	</message>
+	<message name="GetStammzahlRequest">
+		<part element="szr:GetStammzahl" name="parameters" />
+	</message>
+	<message name="GetStammzahlResponse">
+		<part element="szr:GetStammzahlResponse" name="parameters" />
+	</message>
+	<message name="GetStammzahlEncryptedRequest">
+		<part element="szr:GetStammzahlEncrypted" name="parameters" />
+	</message>
+	<message name="GetStammzahlEncryptedResponse">
+		<part element="szr:GetStammzahlEncryptedResponse" name="parameters" />
+	</message>
+	<message name="GetVersionRequest">
+		<part element="szr:GetVersion" name="parameters" />
+	</message>
+	<message name="GetVersionResponse">
+		<part element="szr:GetVersionResponse" name="parameters" />
+	</message>
+	<message name="SZRException">
+		<part element="szr:SZRException" name="fault" />
+	</message>
+	<portType name="SZR">
+		<operation name="GetIdentityLink">
+			<input message="szr:GetIdentityLinkRequest" name="GetIdentityLinkRequest" />
+			<output message="szr:GetIdentityLinkResponse" name="GetIdentityLinkResponse" />
+			<fault message="szr:SZRException" name="SZRException" />
+		</operation>
+		<operation name="GetIdentityLinkEidas">
+			<input message="szr:GetIdentityLinkEidasRequest" name="GetIdentityLinkEidasRequest" />
+			<output message="szr:GetIdentityLinkEidasResponse" name="GetIdentityLinkEidasResponse" />
+			<fault message="szr:SZRException" name="SZRException" />
+		</operation>
+		<operation name="GetBPK">
+			<jaxws:bindings xmlns:jaxws="http://java.sun.com/xml/ns/jaxws">
+				<jaxws:enableWrapperStyle>false</jaxws:enableWrapperStyle>
+			</jaxws:bindings>
+			<input message="szr:GetBPKRequest" name="GetBPKRequest" />
+			<output message="szr:GetBPKResponse" name="GetBPKResponse" />
+			<fault message="szr:SZRException" name="SZRException" />
+		</operation>
+		<operation name="GetBPKs">
+			<input message="szr:GetBPKsRequest" name="GetBPKsRequest" />
+			<output message="szr:GetBPKsResponse" name="GetBPKsResponse" />
+			<fault message="szr:SZRException" name="SZRException" />
+		</operation>
+		<operation name="GetBPKKombi">
+			<input message="szr:GetBPKKombiRequest" name="GetBPKKombiRequest" />
+			<output message="szr:GetBPKKombiResponse" name="GetBPKKombiResponse" />
+			<fault message="szr:SZRException" name="SZRException" />
+		</operation>
+		<operation name="GetBPKZPV">
+			<input message="szr:GetBPKZPVRequest" name="GetBPKZPVRequest" />
+			<output message="szr:GetBPKZPVResponse" name="GetBPKZPVResponse" />
+			<fault message="szr:SZRException" name="SZRException" />
+		</operation>
+		<operation name="GetBPKFromStammzahlEncrypted">
+			<input message="szr:GetBPKFromStammzahlEncryptedRequest" name="GetBPKFromStammzahlEncryptedRequest" />
+			<output message="szr:GetBPKFromStammzahlEncryptedResponse" name="GetBPKFromStammzahlEncryptedResponse" />
+			<fault message="szr:SZRException" name="SZRException" />
+		</operation>
+		<operation name="SignContent">
+			<input message="szr:SignContentRequest" name="SignContentRequest" />
+			<output message="szr:SignContentResponse" name="SignContentResponse" />
+			<fault message="szr:SZRException" name="SZRException" />
+		</operation>
+		<operation name="ValidateIdentityLink">
+			<input message="szr:ValidateIdentityLinkRequest" name="ValidateIdentityLinkRequest" />
+			<output message="szr:ValidateIdentityLinkResponse" name="ValidateIdentityLinkResponse" />
+			<fault message="szr:SZRException" name="SZRException" />
+		</operation>
+		<operation name="TransformBPK">
+			<input message="szr:TransformBPKRequest" name="TransformBPKRequest" />
+			<output message="szr:TransformBPKResponse" name="TransformBPKResponse" />
+			<fault message="szr:SZRException" name="SZRException" />
+		</operation>
+		<operation name="GetVKZPermission">
+			<input message="szr:GetVKZPermissionRequest" name="GetVKZPermissionRequest" />
+			<output message="szr:GetVKZPermissionResponse" name="GetVKZPermissionResponse" />
+			<fault message="szr:SZRException" name="SZRException" />
+		</operation>
+		<operation name="BPKzuBasiszahl">
+			<input message="szr:BPKzuBasiszahlRequest" name="BPKzuBasiszahlRequest" />
+			<output message="szr:BPKzuBasiszahlResponse" name="BPKzuBasiszahlResponse" />
+			<fault message="szr:SZRException" name="SZRException" />
+		</operation>
+		<operation name="BasiszahlZuBPK">
+			<input message="szr:BasiszahlZuBPKRequest" name="BasiszahlZuBPKRequest" />
+			<output message="szr:BasiszahlZuBPKResponse" name="BasiszahlZuBPKResponse" />
+			<fault message="szr:SZRException" name="SZRException" />
+		</operation>
+		<operation name="ZMRAnwendungsIntegration">
+			<input message="szr:ZMRAnwendungsIntegrationRequest" name="ZMRAnwendungsIntegrationRequest" />
+			<output message="szr:ZMRAnwendungsIntegrationResponse" name="ZMRAnwendungsIntegrationResponse" />
+			<fault message="szr:SZRException" name="SZRException" />
+		</operation>
+		<operation name="GetStammzahl">
+			<input message="szr:GetStammzahlRequest" name="GetStammzahlRequest" />
+			<output message="szr:GetStammzahlResponse" name="GetStammzahlResponse" />
+			<fault message="szr:SZRException" name="SZRException" />
+		</operation>
+		<operation name="GetStammzahlEncrypted">
+			<input message="szr:GetStammzahlEncryptedRequest" name="GetStammzahlEncryptedRequest" />
+			<output message="szr:GetStammzahlEncryptedResponse" name="GetStammzahlEncryptedResponse" />
+			<fault message="szr:SZRException" name="SZRException" />
+		</operation>
+		<operation name="GetVersion">
+			<input message="szr:GetVersionRequest" name="GetVersionRequest" />
+			<output message="szr:GetVersionResponse" name="GetVersionResponse" />
+			<fault message="szr:SZRException" name="SZRException" />
+		</operation>
+	</portType>
+	<binding name="SZRSoapBinding" type="szr:SZR">
+		<wsdlsoap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
+		<operation name="GetIdentityLink">
+			<wsdlsoap:operation soapAction="" />
+			<input name="GetIdentityLinkRequest">
+				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+				<wsdlsoap:body use="literal" />
+			</input>
+			<output name="GetIdentityLinkResponse">
+				<wsdlsoap:body use="literal" />
+			</output>
+			<fault name="SZRException">
+				<wsdlsoap:fault name="SZRException" use="literal" />
+			</fault>
+		</operation>
+		<operation name="GetIdentityLinkEidas">
+			<wsdlsoap:operation soapAction="" />
+			<input name="GetIdentityLinkEidasRequest">
+				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+				<wsdlsoap:body use="literal" />
+			</input>
+			<output name="GetIdentityLinkEidasResponse">
+				<wsdlsoap:body use="literal" />
+			</output>
+			<fault name="SZRException">
+				<wsdlsoap:fault name="SZRException" use="literal" />
+			</fault>
+		</operation>
+		<operation name="GetBPK">
+			<wsdlsoap:operation soapAction="" />
+			<input name="GetBPKRequest">
+				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+				<wsdlsoap:body use="literal" />
+			</input>
+			<output name="GetBPKResponse">
+				<wsdlsoap:body use="literal" />
+			</output>
+			<fault name="SZRException">
+				<wsdlsoap:fault name="SZRException" use="literal" />
+			</fault>
+		</operation>
+		<operation name="GetBPKs">
+			<wsdlsoap:operation soapAction="" />
+			<input name="GetBPKsRequest">
+				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+				<wsdlsoap:body use="literal" />
+			</input>
+			<output name="GetBPKsResponse">
+				<wsdlsoap:body use="literal" />
+			</output>
+			<fault name="SZRException">
+				<wsdlsoap:fault name="SZRException" use="literal" />
+			</fault>
+		</operation>
+		<operation name="GetBPKKombi">
+			<wsdlsoap:operation soapAction="" />
+			<input name="GetBPKKombiRequest">
+				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+				<wsdlsoap:body use="literal" />
+			</input>
+			<output name="GetBPKKombiResponse">
+				<wsdlsoap:body use="literal" />
+			</output>
+			<fault name="SZRException">
+				<wsdlsoap:fault name="SZRException" use="literal" />
+			</fault>
+		</operation>
+		<operation name="GetBPKZPV">
+			<wsdlsoap:operation soapAction="" />
+			<input name="GetBPKZPVRequest">
+				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+				<wsdlsoap:body use="literal" />
+			</input>
+			<output name="GetBPKZPVResponse">
+				<wsdlsoap:body use="literal" />
+			</output>
+			<fault name="SZRException">
+				<wsdlsoap:fault name="SZRException" use="literal" />
+			</fault>
+		</operation>
+		<operation name="GetBPKFromStammzahlEncrypted">
+			<wsdlsoap:operation soapAction="" />
+			<input name="GetBPKFromStammzahlEncryptedRequest">
+				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+				<wsdlsoap:body use="literal" />
+			</input>
+			<output name="GetBPKFromStammzahlEncryptedResponse">
+				<wsdlsoap:body use="literal" />
+			</output>
+			<fault name="SZRException">
+				<wsdlsoap:fault name="SZRException" use="literal" />
+			</fault>
+		</operation>
+		<operation name="SignContent">
+			<wsdlsoap:operation soapAction="" />
+			<input name="SignContentRequest">
+				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+				<wsdlsoap:body use="literal" />
+			</input>
+			<output name="SignContentResponse">
+				<wsdlsoap:body use="literal" />
+			</output>
+			<fault name="SZRException">
+				<wsdlsoap:fault name="SZRException" use="literal" />
+			</fault>
+		</operation>
+		<operation name="GetVKZPermission">
+			<wsdlsoap:operation soapAction="" />
+			<input name="GetVKZPermissionRequest">
+				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+				<wsdlsoap:body use="literal" />
+			</input>
+			<output name="GetVKZPermissionResponse">
+				<wsdlsoap:body use="literal" />
+			</output>
+			<fault name="SZRException">
+				<wsdlsoap:fault name="SZRException" use="literal" />
+			</fault>
+		</operation>
+		<operation name="ValidateIdentityLink">
+			<wsdlsoap:operation soapAction="" />
+			<input name="ValidateIdentityLinkRequest">
+				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+				<wsdlsoap:body use="literal" />
+			</input>
+			<output name="ValidateIdentityLinkResponse">
+				<wsdlsoap:body use="literal" />
+			</output>
+			<fault name="SZRException">
+				<wsdlsoap:fault name="SZRException" use="literal" />
+			</fault>
+		</operation>
+		<operation name="TransformBPK">
+			<wsdlsoap:operation soapAction="" />
+			<input name="TransformBPKRequest">
+				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+				<wsdlsoap:body use="literal" />
+			</input>
+			<output name="TransformBPKResponse">
+				<wsdlsoap:body use="literal" />
+			</output>
+			<fault name="SZRException">
+				<wsdlsoap:fault name="SZRException" use="literal" />
+			</fault>
+		</operation>
+		<operation name="BPKzuBasiszahl">
+			<wsdlsoap:operation soapAction="" />
+			<input name="BPKzuBasiszahlRequest">
+				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+				<wsdlsoap:body use="literal" />
+			</input>
+			<output name="BPKzuBasiszahlResponse">
+				<wsdlsoap:body use="literal" />
+			</output>
+			<fault name="SZRException">
+				<wsdlsoap:fault name="SZRException" use="literal" />
+			</fault>
+		</operation>
+		<operation name="BasiszahlZuBPK">
+			<wsdlsoap:operation soapAction="" />
+			<input name="BasiszahlZuBPKRequest">
+				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+				<wsdlsoap:body use="literal" />
+			</input>
+			<output name="BasiszahlZuBPKResponse">
+				<wsdlsoap:body use="literal" />
+			</output>
+			<fault name="SZRException">
+				<wsdlsoap:fault name="SZRException" use="literal" />
+			</fault>
+		</operation>
+		<operation name="ZMRAnwendungsIntegration">
+			<wsdlsoap:operation soapAction="" />
+			<input name="ZMRAnwendungsIntegrationRequest">
+				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+				<wsdlsoap:body use="literal" />
+			</input>
+			<output name="ZMRAnwendungsIntegrationResponse">
+				<wsdlsoap:body use="literal" />
+			</output>
+			<fault name="SZRException">
+				<wsdlsoap:fault name="SZRException" use="literal" />
+			</fault>
+		</operation>
+		<operation name="GetStammzahl">
+			<wsdlsoap:operation soapAction="" />
+			<input name="GetStammzahlRequest">
+				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+				<wsdlsoap:body use="literal" />
+			</input>
+			<output name="GetStammzahlResponse">
+				<wsdlsoap:body use="literal" />
+			</output>
+			<fault name="SZRException">
+				<wsdlsoap:fault name="SZRException" use="literal" />
+			</fault>
+		</operation>
+		<operation name="GetStammzahlEncrypted">
+			<wsdlsoap:operation soapAction="" />
+			<input name="GetStammzahlEncryptedRequest">
+				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+				<wsdlsoap:body use="literal" />
+			</input>
+			<output name="GetStammzahlEncryptedResponse">
+				<wsdlsoap:body use="literal" />
+			</output>
+			<fault name="SZRException">
+				<wsdlsoap:fault name="SZRException" use="literal" />
+			</fault>
+		</operation>
+		<operation name="GetVersion">
+			<wsdlsoap:operation soapAction="" />
+			<input name="GetVersionRequest">
+				<wsdlsoap:header message="szr:Header" part="SecurityHeader" use="literal" />
+				<wsdlsoap:body use="literal" />
+			</input>
+			<output name="GetVersionResponse">
+				<wsdlsoap:body use="literal" />
+			</output>
+			<fault name="SZRException">
+				<wsdlsoap:fault name="SZRException" use="literal" />
+			</fault>
+		</operation>
+	</binding>
+	<service name="SZRService">
+		<port binding="szr:SZRSoapBinding" name="SZRBusinesspartnerTestumgebung">
+			<wsdlsoap:address location="https://pvawp.bmi.gv.at/at.gv.bmi.szrsrv-b/services/SZR" />
+		</port>
+		<port binding="szr:SZRSoapBinding" name="SZRTestumgebung">
+			<wsdlsoap:address location="https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services-T/services/SZR" />
+		</port>
+		<port binding="szr:SZRSoapBinding" name="SZRProduktionsumgebung">
+			<wsdlsoap:address location="https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services/services/SZR" />
+		</port>
+	</service>
+</definitions>
\ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp19.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp19.xsd
new file mode 100644
index 00000000..596a2b99
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/pvp19.xsd
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v2004 rel. 2 U (http://www.xmlspy.com) by BM (Bundeskanzleramt) -->
+<!-- PVP Schema 1.8.10 -->
+<!-- pvpToken wird über das Element <Security> aus der Spezifikation WS-Security in den SOAP-Header eingebunden -->
+<!--erstellt: rainer.hoerbe@bmi.gv.at 2004-04-30 -->
+<!--geändert: rainer.hoerbe@beko.at 2007-04-04: Extensions Points definiert -->
+<xs:schema targetNamespace="http://egov.gv.at/pvp1.xsd" xmlns="http://egov.gv.at/pvp1.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">
+	<xs:element name="pvpToken">
+		<xs:complexType>
+			<xs:complexContent>
+				<xs:extension base="pvpTokenType" />
+			</xs:complexContent>
+		</xs:complexType>
+	</xs:element>
+	<xs:complexType name="pvpTokenType">
+		<xs:sequence>
+			<xs:element name="authenticate">
+				<xs:complexType>
+					<xs:sequence>
+						<xs:element name="participantId" type="xs:string" />
+						<xs:element name="gvOuDomain" type="xs:string" minOccurs="0" maxOccurs="1" />
+						<xs:choice>
+							<xs:element name="userPrincipal">
+								<xs:complexType>
+									<xs:complexContent>
+										<xs:extension base="pvpPrincipalType">
+											<xs:sequence>
+												<xs:element name="gvGid" type="xs:string" />
+												<xs:element name="mail" type="xs:string" minOccurs="0" maxOccurs="1" />
+												<xs:element name="tel" type="xs:string" minOccurs="0" maxOccurs="1" />
+												<xs:element name="bpk" type="xs:string" minOccurs="0" maxOccurs="1" />
+												<xs:element name="gvFunction" type="xs:string" minOccurs="0" maxOccurs="1" />
+											</xs:sequence>
+										</xs:extension>
+									</xs:complexContent>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="systemPrincipal" type="pvpPrincipalType" />
+						</xs:choice>
+						<xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
+							<xs:annotation>
+								<xs:documentation>additional authentication properties</xs:documentation>
+							</xs:annotation>
+						</xs:any>
+					</xs:sequence>
+				</xs:complexType>
+			</xs:element>
+			<xs:element name="authorize" minOccurs="0" maxOccurs="1">
+				<xs:complexType>
+					<xs:sequence>
+						<xs:sequence minOccurs="0">
+							<xs:element name="gvOuId" type="xs:string" />
+							<xs:element name="ou" type="xs:string" />
+						</xs:sequence>
+						<xs:element name="role" maxOccurs="unbounded">
+							<xs:complexType>
+								<xs:sequence>
+									<xs:any namespace="##any" processContents="skip" minOccurs="0" maxOccurs="unbounded" />
+								</xs:sequence>
+								<xs:attribute name="value" type="xs:string" use="required" />
+							</xs:complexType>
+						</xs:element>
+						<xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
+							<xs:annotation>
+								<xs:documentation>additional authorization properties</xs:documentation>
+							</xs:annotation>
+						</xs:any>
+					</xs:sequence>
+				</xs:complexType>
+			</xs:element>
+			<xs:element name="accounting" minOccurs="0">
+				<xs:complexType>
+					<xs:sequence>
+						<xs:any processContents="skip" minOccurs="0" maxOccurs="unbounded" />
+					</xs:sequence>
+				</xs:complexType>
+			</xs:element>
+			<xs:element name="pvpChainedToken" type="pvpTokenType" minOccurs="0" />
+			<xs:element name="pvpExtension" block="extension" minOccurs="0">
+				<xs:complexType>
+					<xs:sequence>
+						<xs:any namespace="##any" processContents="skip" minOccurs="0" maxOccurs="unbounded" />
+					</xs:sequence>
+				</xs:complexType>
+			</xs:element>
+		</xs:sequence>
+		<xs:attribute name="version" type="gvVersionType" use="required" />
+		<xs:anyAttribute namespace="##any" processContents="lax" />
+	</xs:complexType>
+	<xs:complexType name="pvpPrincipalType">
+		<xs:sequence>
+			<xs:element name="userId" type="xs:string" />
+			<xs:element name="cn" type="xs:string" />
+			<xs:element name="gvOuId" type="xs:string" />
+			<xs:element name="ou" type="xs:string" />
+			<xs:element name="gvOuOKZ" type="xs:string" minOccurs="0" />
+			<xs:element name="gvSecClass" type="gvSecClassType" minOccurs="0" />
+			<xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>additional principal attributes</xs:documentation>
+				</xs:annotation>
+			</xs:any>
+		</xs:sequence>
+		<xs:anyAttribute namespace="##any" processContents="lax" />
+	</xs:complexType>
+	<xs:simpleType name="gvSecClassType">
+		<xs:restriction base="xs:integer">
+			<xs:enumeration value="0" />
+			<xs:enumeration value="1" />
+			<xs:enumeration value="2" />
+			<xs:enumeration value="3" />
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:simpleType name="gvVersionType">
+		<xs:restriction base="xs:string">
+			<xs:enumeration value="1.0" />
+			<xs:enumeration value="1.1" />
+			<xs:enumeration value="1.2" />
+			<xs:enumeration value="1.8" />
+			<xs:enumeration value="1.9" />
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:simpleType name="logLevelType">
+		<xs:restriction base="xs:integer">
+			<xs:enumeration value="0" />
+			<xs:enumeration value="1" />
+			<xs:enumeration value="2" />
+			<xs:enumeration value="3" />
+			<xs:enumeration value="4" />
+			<xs:enumeration value="5" />
+		</xs:restriction>
+	</xs:simpleType>
+</xs:schema>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_ecdsa.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_ecdsa.xsd
new file mode 100644
index 00000000..87ee80be
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_ecdsa.xsd
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema"
+           targetNamespace="http://www.w3.org/2001/04/xmldsig-more#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#">
+    <xs:element name="ECDSAKeyValue" type="ecdsa:ECDSAKeyValueType" />
+    <xs:complexType name="ECDSAKeyValueType">
+        <xs:sequence>
+            <xs:element name="DomainParameters" type="ecdsa:DomainParamsType"
+                        minOccurs="0" />
+            <xs:element name="PublicKey" type="ecdsa:ECPointType" />
+        </xs:sequence>
+    </xs:complexType>
+    <xs:complexType name="DomainParamsType">
+        <xs:sequence>
+            <xs:element name="NamedCurve" minOccurs="0"
+                        type="ecdsa:NamedCurveType" />
+        </xs:sequence>
+    </xs:complexType>
+    <xs:complexType name="NamedCurveType">
+        <xs:attribute name="URN" type="xs:string" use="required" />
+    </xs:complexType>
+    <xs:complexType name="ECPointType">
+        <xs:sequence minOccurs="0">
+            <xs:element name="X" type="ecdsa:PrimeFieldElemType" />
+            <xs:element name="Y" type="ecdsa:PrimeFieldElemType" />
+        </xs:sequence>
+    </xs:complexType>
+    <xs:complexType name="PrimeFieldElemType">
+        <xs:attribute name="Value" type="xs:string" use="required" />
+    </xs:complexType>
+</xs:schema>
\ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_persondata.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_persondata.xsd
new file mode 100644
index 00000000..3c9ac932
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_persondata.xsd
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema elementFormDefault="qualified" xmlns:pd="http://reference.e-government.gv.at/namespace/persondata/20020228#"
+	targetNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <xs:complexType name="PhysicalPersonType">
+    <xs:sequence>
+      <xs:element minOccurs="0" name="Identification" type="pd:IdentificationType" />
+      <xs:element minOccurs="1" name="Name" type="pd:PersonNameType" />
+      <xs:element minOccurs="0" name="AlternativeName" type="pd:AlternativeNameType" />
+      <xs:element minOccurs="0" name="Sex" type="xs:string" />
+      <xs:element minOccurs="0" name="DateOfBirth" type="xs:string" />
+      <xs:element minOccurs="0" name="PlaceOfBirth" type="xs:string" />
+      <xs:element minOccurs="0" name="CountryOfBirth" type="xs:string" />
+      <xs:element minOccurs="0" name="Nationality" type="xs:string" />
+    </xs:sequence>
+  </xs:complexType>
+  <xs:complexType name="IdentificationType">
+    <xs:sequence>
+      <xs:element minOccurs="0" name="Value" type="xs:string" />
+      <xs:element minOccurs="0" name="Type" type="xs:string" />
+    </xs:sequence>
+  </xs:complexType>
+  <xs:complexType name="PersonNameType">
+    <xs:sequence>
+      <xs:element minOccurs="0" name="PrefixedDegree" type="xs:string" />
+      <xs:element name="GivenName" type="xs:string" nillable="true" />
+      <xs:element name="FamilyName" type="xs:string" nillable="true" />
+      <xs:element minOccurs="0" name="SuffixedDegree" type="xs:string" />
+    </xs:sequence>
+  </xs:complexType>
+  <xs:complexType name="AlternativeNameType">
+    <xs:sequence>
+      <xs:element name="FamilyName" type="xs:string" nillable="true" />
+    </xs:sequence>
+  </xs:complexType>
+  <xs:complexType name="PostalAddressType">
+    <xs:sequence>
+      <xs:element minOccurs="0" name="PostalCode" type="xs:string" />
+      <xs:element minOccurs="0" name="Municipality" type="xs:string" />
+      <xs:element minOccurs="0" name="Locality" type="xs:string" />
+      <xs:element minOccurs="0" name="StateCode3" type="xs:string" />
+      <xs:element minOccurs="0" name="DeliveryAddress" type="pd:DeliveryAddressType" />
+      <xs:element minOccurs="0" name="HistoricRecord" type="xs:boolean" />
+    </xs:sequence>
+  </xs:complexType>
+  <xs:complexType name="DeliveryAddressType">
+    <xs:sequence>
+      <xs:element minOccurs="0" name="AddressLine" type="xs:string" />
+      <xs:element minOccurs="0" name="StreetName" type="xs:string" />
+      <xs:element minOccurs="0" name="BuildingNumber" type="xs:string" />
+      <xs:element minOccurs="0" name="Unit" type="xs:string" />
+      <xs:element minOccurs="0" name="DoorNumber" type="xs:string" />
+    </xs:sequence>
+  </xs:complexType>
+</xs:schema>
\ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_pvp_sec.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_pvp_sec.xsd
new file mode 100644
index 00000000..5001c1b8
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_pvp_sec.xsd
@@ -0,0 +1,10 @@
+<xs:schema xmlns:pvp="http://egov.gv.at/pvp1.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://schemas.xmlsoap.org/ws/2002/04/secext" elementFormDefault="qualified">
+	<xs:import namespace="http://egov.gv.at/pvp1.xsd" schemaLocation="pvp19.xsd"/>
+	<xs:element name="Security">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element ref="pvp:pvpToken"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element> 
+</xs:schema>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-schemas.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-schemas.xml
new file mode 100644
index 00000000..d40efa45
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-schemas.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<bindings version="2.0" xmlns="http://java.sun.com/xml/ns/jaxb"
+	xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+	xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc">
+
+  <bindings schemaLocation="../szr_v4/szr_v4.0.xsd">
+		<bindings node="/xsd:schema">
+			<schemaBindings>
+				<package name="at.gv.util.xsd.szr_v4" />
+			</schemaBindings>
+		</bindings>
+	</bindings>
+  
+	<bindings schemaLocation="../szr/szr_ecdsa.xsd">
+		<bindings node="/xsd:schema">
+			<schemaBindings>
+				<package name="at.gv.util.xsd.szr.ecdsa" />
+			</schemaBindings>
+		</bindings>
+	</bindings>
+
+	<bindings schemaLocation="../szr_v4/szr_persondata.xsd">
+		<bindings node="/xsd:schema">
+			<schemaBindings>
+				<package name="at.gv.util.xsd.szr.persondata" />
+			</schemaBindings>
+		</bindings>
+	</bindings>
+
+	<bindings schemaLocation="../szr_v4/szr_pvp_sec.xsd">
+		<bindings node="/xsd:schema">
+			<schemaBindings>
+				<package name="at.gv.util.xsd.szr.pvp19.sec" />
+			</schemaBindings>
+		</bindings>
+	</bindings>
+
+	<bindings schemaLocation="../szr_v4/pvp19.xsd">
+		<bindings node="/xsd:schema">
+			<schemaBindings>
+				<package name="at.gv.util.xsd.szr.pvp19" />
+			</schemaBindings>
+		</bindings>
+	</bindings>
+
+  <bindings schemaLocation="../szr/szr_xmldsig.xsd">
+		<bindings node="/xsd:schema">
+			<schemaBindings>
+				<package name="at.gv.util.xsd.szr.xmldsig" />
+			</schemaBindings>
+		</bindings>
+	</bindings>
+
+</bindings>
\ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-wsdl.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-wsdl.xml
new file mode 100644
index 00000000..f95c35f0
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0-wsdl.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<bindings xmlns="http://java.sun.com/xml/ns/jaxws"
+               xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
+               xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+               xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
+
+  <enableWrapperStyle>false</enableWrapperStyle>
+  <package name="at.gv.util.wsdl.szr_v4"/> 
+     
+</bindings>
\ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0.xsd
new file mode 100644
index 00000000..2d25f2dc
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_v4.0.xsd
@@ -0,0 +1,443 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:szr="urn:SZRServices" xmlns:pd="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="urn:SZRServices" elementFormDefault="qualified">
+	<xs:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="szr_persondata.xsd"/>
+	<xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="szr_xmldsig.xsd"/>
+	<xs:element name="SZRException" type="szr:SZRException"/>
+	<xs:complexType name="SZRException"/>
+	<xs:complexType name="PersonInfoType">
+		<xs:sequence>
+			<xs:element name="Person" type="pd:PhysicalPersonType"/>
+			<xs:element name="RegularDomicile" type="pd:PostalAddressType" minOccurs="0"/>
+			<xs:element name="AddressCodes" type="szr:AddressCodesType" minOccurs="0"/>
+			<xs:element name="TravelDocument" type="szr:TravelDocumentType" minOccurs="0"/>
+			<xs:element name="DateOfBirthWildcard" type="xs:boolean" minOccurs="0"/>
+			<xs:element name="AuskunftssperreGesetzt" type="xs:boolean" minOccurs="0"/>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="TravelDocumentType">
+		<xs:sequence>
+			<xs:element name="DocumentNumber" type="xs:string" minOccurs="0"/>
+			<xs:element name="DocumentType" type="xs:string" minOccurs="0"/>
+			<xs:element name="IssueDate" type="xs:string" minOccurs="0"/>
+			<xs:element name="IssuingAuthority" type="xs:string" minOccurs="0"/>
+			<xs:element name="IssuingCountry" type="xs:string" minOccurs="0"/>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="AddressCodesType">
+		<xs:sequence>
+			<xs:element name="GKZ" type="xs:string" minOccurs="0"/>
+			<xs:element name="OKZ" type="xs:string" minOccurs="0"/>
+			<xs:element name="SKZ" type="xs:string" minOccurs="0"/>
+			<xs:element name="ADRCD" type="xs:string" minOccurs="0"/>
+			<xs:element name="SUBCD" type="xs:string" minOccurs="0"/>
+			<xs:element name="OBJNR" type="xs:string" minOccurs="0"/>
+			<xs:element name="NTZLNR" type="xs:string" minOccurs="0"/>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:element name="TransformBPK">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="PersonInfo" type="szr:PersonInfoType"/>
+				<xs:element name="InputBPK" type="xs:string"/>
+				<xs:element name="InputBereichsKennung" type="xs:string"/>
+				<xs:element name="Begruendung" type="xs:string"/>
+				<xs:element name="Target" type="szr:FremdBPKRequestType" maxOccurs="unbounded"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="TransformBPKResponse">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="TransformBPKReturn" type="szr:FremdBPKType" maxOccurs="unbounded"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="GetVKZPermission">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="VKZ" type="xs:string"/>
+				<xs:element name="BereichsKennung" type="xs:string"/>
+				<xs:element name="ParticipantId" type="xs:string" minOccurs="0"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="GetVKZPermissionResponse">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="GetVKZPermissionReturn" type="szr:GetVKZPermissionResponseType"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:complexType name="IdentityLinkType">
+		<xs:sequence>
+			<xs:element name="PersonInfo" type="szr:PersonInfoType"/>
+			<xs:element name="Assertion" type="xs:anyType"/>
+			<xs:element name="AdditionalInfo" type="xs:string" minOccurs="0"/>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="ResultRecord">
+		<xs:sequence>
+			<xs:element name="PersonInfo" type="szr:PersonInfoType"/>
+			<xs:element name="Register" type="xs:string"/>
+			<xs:element name="bPK" type="xs:string"/>
+			<xs:element name="FremdBPK" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="GetBPKKombiRequestType">
+		<xs:sequence>
+			<xs:element name="PersonInfo" type="szr:PersonInfoType"/>
+			<xs:element name="InsertERnP" minOccurs="0">
+				<xs:simpleType>
+					<xs:restriction base="xs:string">
+						<xs:enumeration value="NoInsert"/>
+						<xs:enumeration value="InsertOnNoMatch"/>
+						<xs:enumeration value="ForceInsert"/>
+					</xs:restriction>
+				</xs:simpleType>
+			</xs:element>
+			<xs:element name="Suchwizard" type="xs:boolean" minOccurs="0"/>
+			<xs:element name="VKZ" type="xs:string" nillable="true"/>
+			<xs:element name="BehoerdenKennzeichen" type="xs:string" minOccurs="0"/>
+			<xs:element name="BereichsKennung" type="xs:string" minOccurs="0"/>
+			<xs:element name="Target" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/>
+			<xs:element name="Sessionid" type="xs:string" minOccurs="0"/>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="GetBPKKombiResponseType">
+		<xs:complexContent>
+			<xs:extension base="szr:GetBPKZPVResponseType">
+				<xs:sequence>
+					<xs:element name="FoundWithSuchwizard" type="xs:boolean"/>
+					<xs:element name="Sessionid" type="xs:string"/>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="GetBPKZPVRequestType">
+		<xs:sequence>
+			<xs:element name="PersonInfo" type="szr:PersonInfoType"/>
+			<xs:element name="InsertERnP" type="xs:boolean" default="false" minOccurs="0"/>
+			<xs:element name="VKZ" type="xs:string" minOccurs="1"/>
+			<xs:element name="BehoerdenKennzeichen" type="xs:string" minOccurs="0"/>
+			<xs:element name="BereichsKennung" type="xs:string" minOccurs="0"/>
+			<xs:element name="Target" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="GetBPKZPVResponseType">
+		<xs:sequence>
+			<xs:element name="ResultRecord" type="szr:ResultRecord" maxOccurs="unbounded"/>
+			<xs:element name="InsertERnPResult" type="xs:boolean"/>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="GetBPKFromStammzahlEncryptedRequestType">
+		<xs:sequence>
+			<xs:element name="StammzahlEncrypted" type="xs:string" minOccurs="1"/>
+			<xs:element name="PersonInfo" type="szr:PersonInfoType" minOccurs="0"/>
+			<xs:element name="VKZ" type="xs:string" minOccurs="1"/>
+			<xs:element name="BereichsKennung" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+			<xs:element name="Target" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/>
+		</xs:sequence>
+		<xs:attribute name="key"/>
+	</xs:complexType>
+	<xs:complexType name="GetBPKFromStammzahlEncryptedResponseType">
+		<xs:sequence>
+			<xs:element name="bPK" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+			<xs:element name="FremdBPK" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/>
+			<xs:element name="Fault" type="szr:Fault" minOccurs="0"/>
+		</xs:sequence>
+		<xs:attribute name="key"/>
+	</xs:complexType>
+	<xs:complexType name="Fault">
+		<xs:attribute name="Code" type="xs:string"/>
+		<xs:attribute name="String" type="xs:string"/>
+	</xs:complexType>
+	<xs:complexType name="SignContentResponseType">
+		<xs:sequence>
+			<xs:element name="JwsAlg" type="xs:string" minOccurs="0"/>
+			<xs:element name="Out" type="szr:SignContentEntry" minOccurs="0" maxOccurs="unbounded"/>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="SignContentEntry">
+		<xs:simpleContent>
+			<xs:extension base="xs:string">
+				<xs:attribute name="key"/>
+			</xs:extension>
+		</xs:simpleContent>
+	</xs:complexType>
+	<xs:element name="GetIdentityLink">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="PersonInfo" type="szr:PersonInfoType"/>
+				<xs:element name="KeyValue" type="dsig:KeyValueType" minOccurs="0" maxOccurs="unbounded"/>
+				<xs:element name="InsertERnP" type="xs:boolean" minOccurs="0"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="GetIdentityLinkResponse">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="GetIdentityLinkReturn" type="szr:IdentityLinkType"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="GetIdentityLinkEidas">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="PersonInfo" type="szr:PersonInfoType"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="GetIdentityLinkEidasResponse">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="GetIdentityLinkReturn" type="szr:IdentityLinkType"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="GetBPK">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="PersonInfo" type="szr:PersonInfoType"/>
+				<xs:element name="BereichsKennung" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+				<xs:element name="VKZ" type="xs:string" minOccurs="0"/>
+				<xs:element name="Target" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/>
+				<xs:element name="ListMultiplePersons" type="xs:boolean" minOccurs="0"/>
+				<xs:element name="InsertERnP" type="xs:boolean" minOccurs="0"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="GetBPKResponse">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="GetBPKReturn" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+				<xs:element name="FremdBPK" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/>
+				<xs:element name="PersonInfo" type="szr:PersonInfoType" minOccurs="0" maxOccurs="5"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="GetBPKs">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="PersonInfo" type="szr:PersonInfoType" maxOccurs="unbounded"/>
+				<xs:element name="BereichsKennung" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+				<xs:element name="VKZ" type="xs:string"/>
+				<xs:element name="Target" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="GetBPKsResponse">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="ResultRecord" type="szr:GetBPKsResponseType" maxOccurs="unbounded"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:complexType name="GetBPKsResponseType">
+		<xs:sequence>
+			<xs:element name="BPK" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+			<xs:element name="FremdBPK" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/>
+			<xs:element name="Fault" minOccurs="0">
+				<xs:complexType>
+					<xs:attribute name="Code" type="xs:string"/>
+					<xs:attribute name="String" type="xs:string"/>
+				</xs:complexType>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:element name="GetBPKKombi">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="GetBPKKombiRequest" type="szr:GetBPKKombiRequestType"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="GetBPKKombiResponse">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="GetBPKKombiResponse" type="szr:GetBPKKombiResponseType"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="GetBPKZPV">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="GetBPKZPVRequest" type="szr:GetBPKZPVRequestType"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="GetBPKZPVResponse">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="GetBPKZPVResponse" type="szr:GetBPKZPVResponseType"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="GetBPKFromStammzahlEncrypted">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="In" type="szr:GetBPKFromStammzahlEncryptedRequestType" maxOccurs="unbounded"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="GetBPKFromStammzahlEncryptedResponse">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="Out" type="szr:GetBPKFromStammzahlEncryptedResponseType" maxOccurs="unbounded"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="SignContent">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="AppendCert" type="xs:boolean" default="false" minOccurs="0"/>
+				<xs:element name="JWSHeaderParam" type="szr:JwsHeaderParam" minOccurs="0" maxOccurs="unbounded"/>
+				<xs:element name="In" type="szr:SignContentEntry" minOccurs="0" maxOccurs="unbounded"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:complexType name="JwsHeaderParam">
+		<xs:attribute name="key" type="xs:string" use="required"/>
+		<xs:attribute name="value" type="xs:string" use="required"/>
+	</xs:complexType>
+	<xs:element name="SignContentResponse">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="SignContentResponse" type="szr:SignContentResponseType"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="ValidateIdentityLink">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="IdentityLink" type="szr:IdentityLinkType"/>
+				<xs:element name="BereichsKennung" type="xs:string"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="ValidateIdentityLinkResponse">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="ValidateIdentityLinkReturn" type="xs:string"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="BPKzuBasiszahl">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="Bereich" type="xs:string"/>
+				<xs:element name="BPK" type="xs:string"/>
+				<xs:element name="BasisZahl" type="xs:string" maxOccurs="unbounded"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="BPKzuBasiszahlResponse">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="BPKzuBasiszahlReturn" type="xs:string"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:complexType name="FremdBPKRequestType">
+		<xs:sequence>
+			<xs:element name="BereichsKennung" type="xs:string"/>
+			<xs:element name="VKZ" type="xs:string"/>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="FremdBPKType">
+		<xs:sequence>
+			<xs:element name="BereichsKennung" type="xs:string"/>
+			<xs:element name="FremdBPK" type="xs:string"/>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="GetVKZPermissionResponseType">
+		<xs:sequence>
+			<xs:element name="isAllowed" type="xs:boolean"/>
+			<xs:element name="behSchluessel" type="xs:string" minOccurs="0"/>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:element name="BasiszahlZuBPK">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="VKZ" type="xs:string" minOccurs="0"/>
+				<xs:element name="BasisZahl" type="xs:string" maxOccurs="unbounded"/>
+				<xs:element name="Bereich" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+				<xs:element name="FremdBPKTargets" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:complexType name="BasiszahlZuBPKReturnType">
+		<xs:sequence>
+			<xs:element name="BPK" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+			<xs:element name="FremdBPKs" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:element name="BasiszahlZuBPKResponse">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="BasiszahlZuBPKReturn" type="szr:BasiszahlZuBPKReturnType" maxOccurs="unbounded"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="ZMRAnwendungsIntegration">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="Bereich" type="xs:string"/>
+				<xs:element name="FremdBPKTargets" type="szr:FremdBPKRequestType" minOccurs="0" maxOccurs="unbounded"/>
+				<xs:element name="ZMRfremdbPK" type="xs:string" maxOccurs="unbounded"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:complexType name="ZMRAnwendungsIntegrationReturnType">
+		<xs:sequence>
+			<xs:element name="BPK" type="xs:string"/>
+			<xs:element name="FremdBPKs" type="szr:FremdBPKType" minOccurs="0" maxOccurs="unbounded"/>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:element name="ZMRAnwendungsIntegrationResponse">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="ZMRAnwendungsIntegrationReturn" type="szr:ZMRAnwendungsIntegrationReturnType" maxOccurs="unbounded"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="GetStammzahl">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="PersonInfo" type="szr:PersonInfoType"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="GetStammzahlResponse">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="Stammzahl" type="xs:string"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="GetStammzahlEncrypted">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="PersonInfo" type="szr:PersonInfoType"/>
+				<xs:element name="InsertERnP" type="xs:boolean" minOccurs="0"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="GetStammzahlEncryptedResponse">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="Stammzahl" type="xs:string"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:element name="GetVersion" nillable="true"/>
+	<xs:element name="GetVersionResponse">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="Version" type="xs:string"/>
+				<xs:element name="Revision" type="xs:string"/>
+				<xs:element name="Time" type="xs:string"/>
+				<xs:element name="IdentityLinkNotAfter" type="xs:string"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+</xs:schema>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_xmldsig.xsd b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_xmldsig.xsd
new file mode 100644
index 00000000..96b50b40
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/szr_client/szr_xmldsig.xsd
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#"
+           targetNamespace="http://www.w3.org/2000/09/xmldsig#" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+    <xs:import namespace="http://www.w3.org/2001/04/xmldsig-more#" schemaLocation="szr_ecdsa.xsd"/>
+    <xs:complexType name="KeyValueType">
+        <xs:sequence>
+            <xs:element name="DSAKeyValue" minOccurs="0"
+                        type="dsig:DSAKeyValueType" />
+            <xs:element name="RSAKeyValue" minOccurs="0"
+                        type="dsig:RSAKeyValueType" />
+            <xs:element ref="ecdsa:ECDSAKeyValue" />
+        </xs:sequence>
+    </xs:complexType>
+    <xs:complexType name="DSAKeyValueType">
+        <xs:sequence>
+            <xs:element name="P" minOccurs="0" type="xs:string" />
+            <xs:element name="Q" minOccurs="0" type="xs:string" />
+            <xs:element name="J" minOccurs="0" type="xs:string" />
+            <xs:element name="G" minOccurs="0" type="xs:string" />
+            <xs:element name="Y" minOccurs="0" type="xs:string" />
+            <xs:element name="PgenCounter" minOccurs="0" type="xs:string" />
+            <xs:element name="Seed" minOccurs="0" type="xs:string" />
+        </xs:sequence>
+    </xs:complexType>
+    <xs:complexType name="RSAKeyValueType">
+        <xs:sequence>
+            <xs:element name="Modulus" minOccurs="0" type="xs:string" />
+            <xs:element name="Exponent" minOccurs="0" type="xs:string" />
+        </xs:sequence>
+    </xs:complexType>
+</xs:schema>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java
index fca548b7..d9275089 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java
@@ -19,17 +19,20 @@
  * file for details on the various modules and licenses.
  * The "NOTICE" text file is part of the distribution. Any derivative works
  * that you distribute must include a readable copy of the "NOTICE" text file.
-*/
+ */
 
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.test;
 
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyList;
 import static org.mockito.Mockito.when;
 
 import java.io.IOException;
 import java.security.InvalidKeyException;
 import java.security.MessageDigest;
 import java.security.NoSuchProviderException;
+import java.util.Arrays;
+import java.util.List;
 
 import javax.xml.bind.JAXBContext;
 import javax.xml.bind.JAXBException;
@@ -37,6 +40,7 @@ import javax.xml.bind.Unmarshaller;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.ws.soap.SOAPFaultException;
 
+import org.apache.commons.lang3.RandomStringUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.cxf.binding.soap.SoapFault;
 import org.junit.Assert;
@@ -70,12 +74,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafParserException;
 import at.gv.egiz.eaaf.core.impl.data.Triple;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
 import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
-import szrservices.GetIdentityLinkEidasResponse;
-import szrservices.IdentityLinkType;
-import szrservices.PersonInfoType;
-import szrservices.SZR;
-import szrservices.SZRException_Exception;
-import szrservices.TravelDocumentType;
+import szrservices.*;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration("/SpringTest-context_tasks_test.xml")
@@ -91,12 +90,11 @@ public class SzrClientTest {
   private static final String familyName = "Mustermann";
   private static final String dateOfBirth = "1989-05-05";
   private static final String eIDASeID = "IS/AT/1234sdgsdfg56789ABCDEF";
-
   private static final String DUMMY_TARGET = EaafConstants.URN_PREFIX_CDID + "ZP";
 
   /**
    * jUnit class initializer.
-   * 
+   *
    * @throws IOException In case of an error
    */
   @BeforeClass
@@ -109,6 +107,49 @@ public class SzrClientTest {
   @Rule
   public SoapServiceRule soap = SoapServiceRule.newInstance();
 
+
+
+  @Test
+public void getStammzahlenEcryptedTest() throws JAXBException, SZRException_Exception {
+    SZR szrMock = soap.mock(SZR.class, "hhttp://localhost:1234/demoszr");
+
+    final GetBPKFromStammzahlEncryptedResponse szrResponse = new GetBPKFromStammzahlEncryptedResponse();
+    final GetBPKFromStammzahlEncryptedResponseType result1 = new GetBPKFromStammzahlEncryptedResponseType();
+    szrResponse.getOut().add(result1);
+
+    when(szrMock.getBPKFromStammzahlEncrypted(anyList()))
+        .thenReturn(Arrays.asList(result1));
+
+//    szrMock.getStammzahlEncrypted() TODO ???
+  }
+
+  @Test
+  public void getBcBindValid() throws SZRException_Exception, SzrCommunicationException {
+    SZR szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr");
+
+    final SignContentResponse szrResponse = new SignContentResponse();
+    final SignContentEntry result1 = new SignContentEntry();
+    final SignContentResponseType content = new SignContentResponseType();
+    content.getOut().add(result1);
+    szrResponse.setSignContentResponse(content);
+
+    result1.setKey("bcBindReq");
+    result1.setValue(RandomStringUtils.randomAlphanumeric(100));
+
+    when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(content);
+
+    final String bcBind = szrClient.getBcBind(
+        RandomStringUtils.randomAlphabetic(10),
+        RandomStringUtils.randomAlphabetic(10),
+        RandomStringUtils.randomAlphabetic(10));
+
+    Assert.assertNotNull("bcBind is null", bcBind);
+    Assert.assertEquals("bcBind not match", result1.getValue(), bcBind);
+
+
+  }
+
+
   @Test
   public void getIdentityLinkRawModeValidResponse() throws SZRException_Exception, EaafParserException,
       NoSuchProviderException, IOException, InvalidKeyException, EidasSAuthenticationException, JAXBException {
@@ -164,7 +205,7 @@ public class SzrClientTest {
       checkElement("p344:F455", ((SOAPFaultException) e.getCause()).getFault().getFaultCode());
       checkElement(
           "The travel document you sent to insert a person already exists for another person. "
-          + "Either check the document or have the person altered accordingly",
+              + "Either check the document or have the person altered accordingly",
           ((SOAPFaultException) e.getCause()).getFault().getFaultString());
 
     }
@@ -174,13 +215,18 @@ public class SzrClientTest {
   @Ignore
   @Test
   public void getBpkTest() throws SZRException_Exception, EidasSAuthenticationException {
-    final String bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET,
+    final List<String> bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET,
         basicConfig.getBasicConfiguration(
             Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ,
             "no VKZ defined"));
 
-    if (StringUtils.isEmpty(bPK)) {
-      throw new SzrCommunicationException("ernb.01", new Object[] { "bPK is null or empty" });
+    if (bPK.isEmpty()) {
+      throw new SzrCommunicationException("ernb.01", new Object[]{"bPK list is empty"});
+    }
+    for (String b : bPK) {
+      if (StringUtils.isEmpty(b)) {
+        throw new SzrCommunicationException("ernb.01", new Object[]{"bPK is null or empty"});
+      }
     }
 
   }
@@ -217,7 +263,7 @@ public class SzrClientTest {
     final javax.xml.namespace.QName qName = new javax.xml.namespace.QName("urn:SZRServices", "F455", "p344");
     final SoapFault fault = new SoapFault(
         "The travel document you sent to insert a person already exists for another person. "
-        + "Either check the document or have the person altered accordingly",
+            + "Either check the document or have the person altered accordingly",
         qName);
     fault.setRole("urn:SZRServices");
     fault.setDetail(detailerror);
@@ -233,7 +279,7 @@ public class SzrClientTest {
       return hashBase64;
 
     } catch (final Exception ex) {
-      throw new EidasSAuthenticationException("internal.03", new Object[] {}, ex);
+      throw new EidasSAuthenticationException("internal.03", new Object[]{}, ex);
 
     }
   }
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
index 2f6a989e..a30ea2a0 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
@@ -27,6 +27,7 @@ import java.io.IOException;
 import java.security.InvalidKeyException;
 import java.security.MessageDigest;
 import java.security.NoSuchProviderException;
+import java.util.List;
 
 import org.apache.commons.lang3.StringUtils;
 import org.junit.Ignore;
@@ -132,13 +133,18 @@ public class SzrClientTestProduction {
   @Ignore
   @Test
   public void getBpkTest() throws SZRException_Exception, EidasSAuthenticationException {
-    final String bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET,
+    final List<String> bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET,
         basicConfig.getBasicConfiguration(
             Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ,
             "no VKZ defined"));
 
-    if (StringUtils.isEmpty(bPK)) {
-      throw new SzrCommunicationException("ernb.01", new Object[] { "bPK is null or empty" });
+    if (bPK.isEmpty()) {
+      throw new SzrCommunicationException("ernb.01", new Object[]{"bPK list is empty"});
+    }
+    for (String b : bPK) {
+      if (StringUtils.isEmpty(b)) {
+        throw new SzrCommunicationException("ernb.01", new Object[]{"bPK is null or empty"});
+      }
     }
 
   }
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewSimpleTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewSimpleTest.java
new file mode 100644
index 00000000..6eeb437d
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewSimpleTest.java
@@ -0,0 +1,119 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
+
+import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService;
+import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType;
+import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+import com.google.common.collect.ImmutableMap;
+import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse;
+import lombok.val;
+import org.joda.time.DateTime;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+import org.powermock.modules.junit4.PowerMockRunnerDelegate;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import java.io.IOException;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.powermock.api.mockito.PowerMockito.doReturn;
+import static org.powermock.api.mockito.PowerMockito.spy;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/SpringTest-context_tasks_test.xml")
+@DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS)
+@PrepareForTest(CreateIdentityLinkTask.class)
+public class CreateIdentityLinkTaskEidNewSimpleTest {
+
+
+  @Autowired(required = true)
+  private CreateIdentityLinkTask task;
+  @Autowired(required = true)
+  private DummySpecificCommunicationService commService;
+  @Autowired(required = true)
+  private IConfiguration basicConfig;
+  @Autowired
+  protected EidasAttributeRegistry attrRegistry;
+
+  final ExecutionContext executionContext = new ExecutionContextImpl();
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+  private TestRequestImpl pendingReq;
+  private DummySpConfiguration oaParam;
+
+  /**
+   * jUnit class initializer.
+   *
+   * @throws IOException In case of an error
+   */
+  @BeforeClass
+  public static void classInitializer() throws IOException {
+    final String current = new java.io.File(".").toURI().toString();
+    System.setProperty("eidas.ms.configuration", current
+        + "src/test/resources/config/junit_config_3.properties");
+
+  }
+
+  /**
+   * jUnit test set-up.
+   */
+  @Before
+  public void setUp() throws EaafStorageException {
+
+    httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
+    httpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+    final Map<String, String> spConfig = new HashMap<>();
+    spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
+    spConfig.put("target", "urn:publicid:gv.at:cdid+XX");
+    oaParam = new DummySpConfiguration(spConfig, basicConfig);
+    pendingReq = new TestRequestImpl();
+    val b = new AuthenticationResponse.Builder();
+    val response = b.id("aasdf").issuer("asd").subject("asf").statusCode("200").inResponseTo("asdf").subjectNameIdFormat("afaf").build();
+
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response);
+    pendingReq.setSpConfig(oaParam);
+    pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue());
+    pendingReq.setAuthUrl("http://test.com/");
+
+    executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "XX");
+  }
+
+  @Test
+  public void getPkFromKeystoreTest() throws NoSuchMethodException, InvocationTargetException, IllegalAccessException {
+
+    Method method = CreateIdentityLinkTask.class.getDeclaredMethod("getPkFromKeystore");
+    method.setAccessible(true);
+    String returnValue = (String) method.invoke(task);
+  }
+}
+
+
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
new file mode 100644
index 00000000..185181dd
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -0,0 +1,217 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
+
+import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeEidProcessor;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService;
+import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType;
+import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSortedSet;
+import com.google.common.collect.Maps;
+import com.skjolberg.mockito.soap.SoapServiceRule;
+import eu.eidas.auth.commons.EIDASStatusCode;
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.commons.attribute.AttributeValueMarshaller;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.attribute.PersonType;
+import eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller;
+import eu.eidas.auth.commons.attribute.impl.StringAttributeValueMarshaller;
+import eu.eidas.auth.commons.light.ILightRequest;
+import eu.eidas.auth.commons.light.ILightResponse;
+import eu.eidas.auth.commons.light.impl.LightRequest;
+import eu.eidas.auth.commons.light.impl.LightResponse;
+import eu.eidas.auth.commons.light.impl.ResponseStatus;
+import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse;
+import eu.eidas.specificcommunication.exception.SpecificCommunicationException;
+import lombok.val;
+import org.apache.commons.codec.binary.Hex;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.jetbrains.annotations.NotNull;
+import org.joda.time.DateTime;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.internal.builders.JUnit3Builder;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mockito;
+import org.mockito.Spy;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+import org.powermock.modules.junit4.PowerMockRunnerDelegate;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import szrservices.SZR;
+import szrservices.SZRException_Exception;
+
+import javax.xml.namespace.QName;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Random;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.powermock.api.mockito.PowerMockito.*;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+//@RunWith(PowerMockRunner.class)
+//@PowerMockRunnerDelegate(SpringJUnit4ClassRunner.class)
+@PrepareForTest(CreateIdentityLinkTask.class)
+@DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS)
+@ContextConfiguration("/SpringTest-context_tasks_test.xml")
+public class CreateIdentityLinkTaskEidNewTest {
+
+
+  @Autowired(required = true)
+  private CreateIdentityLinkTask task;
+  @Autowired(required = true)
+  private DummySpecificCommunicationService commService;
+  @Autowired(required = true)
+  private IConfiguration basicConfig;
+  @Autowired
+  protected EidasAttributeRegistry attrRegistry;
+
+  final ExecutionContext executionContext = new ExecutionContextImpl();
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+  private TestRequestImpl pendingReq;
+  private DummySpConfiguration oaParam;
+  private SZR szrMock;
+  final SoapServiceRule soap = SoapServiceRule.newInstance();
+
+  /**
+   * jUnit class initializer.
+   *
+   * @throws IOException In case of an error
+   */
+  @BeforeClass
+  public static void classInitializer() throws IOException {
+    final String current = new java.io.File(".").toURI().toString();
+    System.setProperty("eidas.ms.configuration", current
+        + "src/test/resources/config/junit_config_3.properties");
+
+  }
+
+  /**
+   * jUnit test set-up.
+   */
+  @Before
+  public void setUp() throws EaafStorageException, URISyntaxException {
+
+    httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
+    httpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+    final Map<String, String> spConfig = new HashMap<>();
+    spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
+    spConfig.put("target", "urn:publicid:gv.at:cdid+XX");
+    spConfig.put("eidMode", "new");
+    oaParam = new DummySpConfiguration(spConfig, basicConfig);
+    pendingReq = new TestRequestImpl();
+
+    AuthenticationResponse response = buildDummyAuthResponse();
+
+
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response);
+    pendingReq.setSpConfig(oaParam);
+    pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue());
+    pendingReq.setAuthUrl("http://test.com/");
+
+    executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "XX");
+
+    szrMock = soap.mock(SZR.class, "http://localhost:2526/szrService");
+  }
+
+  @NotNull
+  private AuthenticationResponse buildDummyAuthResponse() throws URISyntaxException {
+    AttributeDefinition attributeDef = AttributeDefinition.builder().friendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)
+        .nameUri(new URI("ad", "sd", "ff")).personType(PersonType.LEGAL_PERSON)
+        .xmlType(new QName("http://saf", "as", "af"))
+        .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build();
+    AttributeDefinition attributeDef2 = AttributeDefinition.builder().friendlyName(Constants.eIDAS_ATTR_CURRENTFAMILYNAME)
+        .nameUri(new URI("ad", "sd", "fff")).personType(PersonType.LEGAL_PERSON)
+        .xmlType(new QName("http://saf", "as", "aff"))
+        .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build();
+    AttributeDefinition attributeDef3 = AttributeDefinition.builder().friendlyName(Constants.eIDAS_ATTR_CURRENTGIVENNAME)
+        .nameUri(new URI("ad", "sd", "ffff")).personType(PersonType.LEGAL_PERSON)
+        .xmlType(new QName("http://saf", "as", "afff"))
+        .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build();
+    AttributeDefinition attributeDef4 = AttributeDefinition.builder().friendlyName(Constants.eIDAS_ATTR_DATEOFBIRTH)
+        .nameUri(new URI("ad", "sd", "fffff")).personType(PersonType.LEGAL_PERSON)
+        .xmlType(new QName("http://saf", "as", "affff"))
+        .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller").build();
+
+    ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder().put(attributeDef, "de/st/" + RandomStringUtils.randomNumeric(64))
+        .put(attributeDef2, RandomStringUtils.randomAlphabetic(10))
+        .put(attributeDef3, RandomStringUtils.randomAlphabetic(10))
+        .put(attributeDef4, "2001-01-01")
+        .build();
+
+
+    val b = new AuthenticationResponse.Builder();
+    return b.id("aasdf").issuer("asd").subject("asf").statusCode("200").inResponseTo("asdf")
+        .subjectNameIdFormat("afaf").attributes(attributeMap).build();
+  }
+
+  @Test(expected = RuntimeException.class)
+  public void firstTest() {
+    // keystore password f/+saJBc3a}*/T^s
+    try {
+
+      SZR szrMock2 = Mockito.mock(SZR.class, Mockito.CALLS_REAL_METHODS);
+//      when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10));
+      when(szrMock2, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10));
+      // Wie kann ich das vom Bean rein gehängte SZR mit dem Mock überschreiben?
+
+      task.execute(pendingReq, executionContext);
+    } catch (Exception e) {
+      e.printStackTrace();
+      Assert.fail();
+    }
+
+//    val spyTask = spy(task);
+//    Map<String, Object> requiredAttributes = new HashMap<>();
+//    requiredAttributes.put(Constants.eIDAS_ATTR_PERSONALIDENTIFIER, "asdf");
+//    requiredAttributes.put(Constants.eIDAS_ATTR_CURRENTFAMILYNAME, "asdf");
+//    requiredAttributes.put(Constants.eIDAS_ATTR_CURRENTGIVENNAME, "asdf");
+//    requiredAttributes.put(Constants.eIDAS_ATTR_DATEOFBIRTH, new DateTime());
+//    requiredAttributes.put(Constants.eIDAS_ATTR_PLACEOFBIRTH, "adf");
+//    requiredAttributes.put(Constants.eIDAS_ATTR_BIRTHNAME, "adf");
+//    requiredAttributes.put(Constants.eIDAS_ATTR_CURRENTADDRESS, new PostalAddressType());
+//    try {
+//    doReturn(requiredAttributes).when(spyTask, "convertEidasAttrToSimpleMap", (any(ImmutableMap.class)));
+//      spyTask.execute(pendingReq, executionContext);
+//    } catch (final Exception e) {
+//      e.printStackTrace();
+//      Assert.fail();
+//    }
+  }
+
+}
+
+
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties
new file mode 100644
index 00000000..326e14fe
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties
@@ -0,0 +1,109 @@
+## Basic service configuration
+eidas.ms.context.url.prefix=
+eidas.ms.context.url.request.validation=false
+
+eidas.ms.context.use.clustermode=true
+
+##Monitoring
+eidas.ms.monitoring.eIDASNode.metadata.url=
+
+
+##Specific logger configuration
+eidas.ms.technicallog.write.MDS.into.techlog=true
+eidas.ms.revisionlog.write.MDS.into.revisionlog=true
+eidas.ms.revisionlog.logIPAddressOfUser=true
+
+##Directory for static Web content
+eidas.ms.webcontent.static.directory=webcontent/
+eidas.ms.webcontent.templates=templates/
+eidas.ms.webcontent.properties=properties/messages
+
+## extended validation of pending-request Id's
+eidas.ms.core.pendingrequestid.maxlifetime=300
+eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256
+eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret
+
+## eIDAS Ref. Implementation connector ###
+eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector
+eidas.ms.auth.eIDAS.node_v2.forward.endpoint=http://test.com/
+eidas.ms.auth.eIDAS.node_v2.forward.method=POST
+eidas.ms.auth.eIDAS.node_v2.countrycode=AT
+eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.*
+eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true
+eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true
+eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true
+eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs=myNode
+
+eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high
+
+eidas.ms.auth.eIDAS.szrclient.useTestService=true
+eidas.ms.auth.eIDAS.szrclient.endpoint.prod=
+eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr
+eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/.....
+eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password=
+eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path=
+eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password=
+eidas.ms.auth.eIDAS.szrclient.timeout.connection=15
+eidas.ms.auth.eIDAS.szrclient.timeout.response=30
+eidas.ms.auth.eIDAS.szrclient.params.vkz=
+
+eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false
+
+
+#Raw eIDAS Id data storage
+eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true
+
+eidas.ms.auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true
+eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true
+
+eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true
+eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false
+
+##without mandates
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.2=FirstName,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.3=DateOfBirth,true
+
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.4=PlaceOfBirth,false
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.5=BirthName,false
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.6=Gender,false
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.7=CurrentAddress,false
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.8=testtest,false
+
+##with mandates ---- NOT FULLY SUPPORTED AT THE MOMENT -----
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.0=PersonIdentifier,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.1=FamilyName,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.2=FirstName,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.3=DateOfBirth,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true
+
+
+## PVP2 S-Profile end-point configuration
+eidas.ms.pvp2.keystore.path=keys/.....
+eidas.ms.pvp2.keystore.password=
+eidas.ms.pvp2.key.metadata.alias=
+eidas.ms.pvp2.key.metadata.password=
+eidas.ms.pvp2.key.signing.alias=
+eidas.ms.pvp2.key.signing.password=
+eidas.ms.pvp2.metadata.validity=24
+
+## Service Provider configuration
+eidas.ms.sp.0.uniqueID=
+eidas.ms.sp.0.pvp2.metadata.truststore=
+eidas.ms.sp.0.pvp2.metadata.truststore.password=
+eidas.ms.sp.0.eidMode=new
+
+#eidas.ms.sp.0.friendlyName=
+#eidas.ms.sp.0.pvp2.metadata.url=
+#eidas.ms.sp.0.policy.allowed.requested.targets=.*
+#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false
+
+
+##only for advanced config
+eidas.ms.configuration.sp.disableRegistrationRequirement=
+eidas.ms.configuration.restrictions.baseID.spTransmission=
+eidas.ms.configuration.auth.default.countrycode=
+eidas.ms.configuration.pvp.scheme.validation=
+eidas.ms.configuration.pvp.enable.entitycategories=
\ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/teststore.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/teststore.jks
new file mode 100644
index 00000000..fcc6400c
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/teststore.jks