feat(eidas): generate advanced attributes in response-processing too

6 files changed, 313 insertions, 14 deletions

diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
index 52a69944..ec161b1a 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
@@ -1,5 +1,10 @@
 package at.asitplus.eidas.specific.modules.msproxyservice.handler;
 
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.stream.Collectors;
+
 import javax.annotation.PostConstruct;
 
 import org.apache.commons.lang3.StringUtils;
@@ -7,9 +12,12 @@ import org.springframework.beans.factory.annotation.Autowired;
 
 import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
 import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IExtendedConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import lombok.NonNull;
 import lombok.extern.slf4j.Slf4j;
 
 /**
@@ -25,32 +33,84 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler {
 
   public static final String CONFIG_PROP_IDA_MANDATE_PROFILE = "advanced.atributes.ejusticerole.mandate.profiles";
   public static final String CONFIG_PROP_IDA_MANDATE_MODE = "advanced.atributes.ejusticerole.mandate.mode";
-    
-  @Autowired IConfiguration config;
+  public static final String CONFIG_PROP_RESULT_PREFIX = "advanced.atributes.ejusticerole.value.";
+  public static final String CONFIG_PROP_RESULT_VALUE_DELIMITER = "=";
+  
+  
+  @Autowired IExtendedConfiguration config;
   
   private SpMandateModes mandateMode;
-  private String mandateProfiles;
+  private List<String> mandateProfiles;
+  private Map<String, String> resultMapper;
   
   @Override
   public void performSpConfigPostprocessing(ServiceProviderConfiguration spConfig) {    
     spConfig.setMandateMode(mandateMode);
-    spConfig.setMandateProfiles(KeyValueUtils.getListOfCsvValues(mandateProfiles));    
+    spConfig.setMandateProfiles(mandateProfiles);      
     log.info("Enforcing mandate-mode: {} with profile: {}", mandateMode, mandateProfiles);
     
   }
   
+  @Override
+  public String buildAttributeValue(@NonNull IEidAuthData eidAuthData) {
+    final String mandateType = eidAuthData.getGenericData(
+        PvpAttributeDefinitions.MANDATE_TYPE_NAME, String.class);    
+    if (StringUtils.isNotEmpty(mandateType)) {      
+      String attrValue = resultMapper.get(mandateType);
+      if (StringUtils.isNotEmpty(attrValue)) {
+        log.debug("Mapping mandate-type: {} to EJusticePersonRole: {}", mandateType, attrValue);
+        return attrValue;
+        
+      } else {
+        log.info("Ignore mandate-type: {}, because it is not mapped to a EJusticePersonRole", mandateType);
+        
+      }
+            
+    } else {
+      log.warn("Can not build: EJusticePersonRole, because IDA response contains no attribute: ",
+          PvpAttributeDefinitions.MANDATE_TYPE_NAME);
+      
+    }
+    
+    
+    return null;
+    
+  }
   
   
   @PostConstruct
   private void initialize() throws EaafConfigurationException {    
     mandateMode = SpMandateModes.fromString(loadConfigValue(CONFIG_PROP_IDA_MANDATE_MODE));
-    mandateProfiles = loadConfigValue(CONFIG_PROP_IDA_MANDATE_PROFILE);
-    
-    log.info("Initialize: {} with mandate-profile: {} mandate-mode: {}", 
+    mandateProfiles = KeyValueUtils.getListOfCsvValues(loadConfigValue(CONFIG_PROP_IDA_MANDATE_PROFILE));    
+    resultMapper = config.getBasicConfigurationWithPrefix(CONFIG_PROP_RESULT_PREFIX).values().stream()
+        .filter(el -> el.contains(CONFIG_PROP_RESULT_VALUE_DELIMITER))        
+        .collect(Collectors.toMap(x -> split(x, 0), x -> split(x, 1)));                            
+      
+    // validate requested profiles to result map
+    Optional<String> missingConfig = mandateProfiles.stream()
+        .filter(el -> !resultMapper.containsKey(el))
+        .findFirst();       
+    if (missingConfig.isPresent()) {
+      log.error("Missing mandate-profile: {} in result mapping", missingConfig.get());
+      throw new EaafConfigurationException("internal.configuration.00", 
+          new Object[]{CONFIG_PROP_RESULT_PREFIX}); 
+      
+    }
+                                    
+    log.info("Initialize: {} with mandate-profile: {} mandate-mode: {} and result-map:", 
         EJusticePersonRoleHandler.class.getSimpleName(), mandateProfiles, mandateMode);
+    resultMapper.entrySet().stream().forEach(el -> 
+        log.info("Profile: {} --> Attribute-Value: {}", el.getKey(), el.getValue()));
+
     
   }
 
+  private String split(String value, int i) {
+    return value.split(CONFIG_PROP_RESULT_VALUE_DELIMITER, 2)[i];
+    
+  }
+
+
   private String loadConfigValue(String configProp) throws EaafConfigurationException {
     String value = config.getBasicConfiguration(configProp);
     if (StringUtils.isEmpty(value)) {
@@ -62,5 +122,5 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler {
     return value;
 
   }
-
+  
 }
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
index 02e091ef..5a9c8d8c 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
@@ -1,6 +1,10 @@
 package at.asitplus.eidas.specific.modules.msproxyservice.handler;
 
+import javax.annotation.Nullable;
+
 import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
+import lombok.NonNull;
 
 /**
  * Handlers for attribute-processing that requires more features than a simple mapping.
@@ -15,7 +19,17 @@ public interface IEidasAttributeHandler {
    * 
    * @param spConfig SP configuration that was build from incoming eIDAS Authn. request.
    */
-  void performSpConfigPostprocessing(ServiceProviderConfiguration spConfig);
+  void performSpConfigPostprocessing(@NonNull ServiceProviderConfiguration spConfig);
+
+  
+  /**
+   * Build eIDAS attribute-value from authentication data.
+   * 
+   * @param eidAuthData Authentication data for current process
+   * @return attribute-value if attribute is available, otherwise <code>null</code>
+   */
+  @Nullable
+  String buildAttributeValue(@NonNull IEidAuthData eidAuthData);
 
   
   
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
index 8348558c..f1cb8f0b 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
@@ -20,6 +20,7 @@ import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration;
 import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
 import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
 import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException;
+import at.asitplus.eidas.specific.modules.msproxyservice.handler.IEidasAttributeHandler;
 import at.asitplus.eidas.specific.modules.msproxyservice.service.ProxyEidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils;
 import at.gv.egiz.eaaf.core.api.IRequest;
@@ -264,10 +265,29 @@ public class ProxyServiceAuthenticationAction implements IAction {
 
       }
 
-    } else {
-      log.warn("Can not build eIDAS attribute: {}, because there is not corresponding IDA attribute defined",
-          eidasAttrName);
-
+    } else {      
+      Optional<String> advancedAttributeHandler = attrRegistry.mapEidasAttributeToAttributeHandler(eidasAttrName);
+      if (advancedAttributeHandler.isPresent()) {                
+        final String idaAttrValue = context.getBean(advancedAttributeHandler.get(), IEidasAttributeHandler.class)
+            .buildAttributeValue(eidAuthData);                   
+        if (StringUtils.isNotEmpty(idaAttrValue)) {
+          log.debug("Build eIDAS attribute: {} by advanced attribute-handler: {}", 
+              eidasAttrName, advancedAttributeHandler.get());
+          attributeMap.put(
+              attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByName(eidasAttrName),
+              idaAttrValue);
+
+        } else {
+          log.info("Empty attribte-value returned by advanced attribute-handler, eIDAS attribute: {} will be ignored", 
+              eidasAttrName);
+
+        }
+        
+      } else {
+        log.warn("Can not build eIDAS attribute: {}, because there is not corresponding IDA attribute defined",
+            eidasAttrName);  
+        
+      }
     }
   }
 
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java
index 747c808c..edb21722 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java
@@ -124,6 +124,7 @@ public class ProxyEidasAttributeRegistry {
       String eidasAttributeName, boolean withMandates) {
     return attributeConfiguration.stream()
         .filter(el -> el.getEidasAttributeName().equals(eidasAttributeName))
+        .filter(el -> el.getIdaAttribute() != null)
         .findFirst()
         .map(el -> withMandates ? el.getIdaAttribute().getWithMandates() : el.getIdaAttribute().getBasic())
         .filter(el -> StringUtils.isNotEmpty(el));
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java
index d44ffc2d..d9bc017c 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java
@@ -397,6 +397,208 @@ public class ProxyServiceAuthenticationActionTest {
     
   }
   
+  @Test 
+  public void borisModeResponseWithJurMandate() throws EaafException, SpecificCommunicationException {
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+    
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME,
+        "MUST_BE_UPDATED");
+    
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first())
+        .build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 8, respAttr.size());  
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, 
+        (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth());
+   
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER, 
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME));
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_LEGALNAME, 
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME));
+    
+    checkAttrValue(respAttr, "eJusticeLegalPersonRole", "VIP1");
+    checkAttrValue(respAttr, "eJusticeNaturalPersonRole", "VIP1");
+    
+    assertNull("find nat. person subject: personalId", 
+        getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER));
+    assertNull("find nat. person subject: familyName", 
+        getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME));
+    assertNull("find nat. person subject: givenName", 
+        getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME));
+    assertNull("find nat. person subject: dateOfBirth", 
+        getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH));
+    
+  }
+  
+  @Test 
+  public void borisModeResponseWithJurMandate2() throws EaafException, SpecificCommunicationException {
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+    
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME,
+        "SECOND");
+    
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first())
+        .build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 8, respAttr.size());  
+    
+    checkAttrValue(respAttr, "eJusticeLegalPersonRole", "VIP2");
+    checkAttrValue(respAttr, "eJusticeNaturalPersonRole", "VIP2");
+
+    
+  }
+  
+  @Test 
+  public void borisModeNoMandateType() throws EaafException, SpecificCommunicationException {
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+    
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first())
+        .build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 6, respAttr.size());  
+    
+  }
+  
+  @Test 
+  public void borisModeEmptyMandateType() throws EaafException, SpecificCommunicationException {
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+    
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME, "");
+    
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first())
+        .build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 6, respAttr.size());  
+    
+  }
+  
+  @Test 
+  public void borisModeUnknownMandateType() throws EaafException, SpecificCommunicationException {
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+    
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME, RandomStringUtils.randomAlphanumeric(10));
+    
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first())
+        .build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 6, respAttr.size());  
+    
+  }
+  
   @Test
   public void responseWithNatMandateWithWorkAround() throws EaafException, SpecificCommunicationException {
     basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson", 
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
index 46e0bb69..b59cae5f 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
@@ -14,3 +14,5 @@ eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=idaAttributeMapping.json
 # BORIS attribute for eJustice
 eidas.ms.advanced.atributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED
 eidas.ms.advanced.atributes.ejusticerole.mandate.mode=legal
+eidas.ms.advanced.atributes.ejusticerole.value.1=MUST_BE_UPDATED=VIP1
+eidas.ms.advanced.atributes.ejusticerole.value.2=SECOND=VIP2