aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java97
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java4
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyAuthConfigMap.java144
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyOA.java304
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/IAhSpConfiguration.java152
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java346
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_mapConfig1.xml24
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test1.xml63
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test1.xml145
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1-.properties252
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_classpath_entity.xml146
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/pvp_postbinding_template.html3
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/sp_metadata_junit.xml66
13 files changed, 1679 insertions, 67 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java
index 0f3c1281..b105eb82 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java
@@ -1,33 +1,20 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
-import java.io.IOException;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.impl.http.HttpUtils;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
-import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder;
-
-import org.apache.commons.lang3.StringUtils;
+import com.google.common.net.MediaType;
+import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
-import com.google.common.net.MediaType;
-import lombok.extern.slf4j.Slf4j;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
/**
* Controller that generates SAML2 metadata for eIDAS authentication client.
@@ -39,7 +26,7 @@ import lombok.extern.slf4j.Slf4j;
@Controller
public class IdAustriaClientAuthMetadataController extends AbstractController {
- private static final String ERROR_CODE_INTERNAL_00 = "eaaf.core.00";
+ //private static final String ERROR_CODE_INTERNAL_00 = "eaaf.core.00";
@Autowired
PvpMetadataBuilder metadatabuilder;
@@ -74,12 +61,12 @@ public class IdAustriaClientAuthMetadataController extends AbstractController {
EaafException {
// check PublicURL prefix
try {
- final String authUrl = getAuthUrlFromHttpContext(req);
+ final String authUrl = "https://eid.egiz.gv.at/idp/shibboleth";//TODO load from config
// initialize metadata builder configuration
final IdAustriaClientAuthMetadataConfiguration metadataConfig =
new IdAustriaClientAuthMetadataConfiguration(authUrl, credentialProvider, pvpConfiguration);
- metadataConfig.setAdditionalRequiredAttributes(getAdditionalRequiredAttributes());
+ // metadataConfig.setAdditionalRequiredAttributes(getAdditionalRequiredAttributes());
// build metadata
final String xmlMetadata = metadatabuilder.buildPvpMetadata(metadataConfig);
@@ -99,51 +86,29 @@ public class IdAustriaClientAuthMetadataController extends AbstractController {
}
- private String getAuthUrlFromHttpContext(HttpServletRequest req) throws EaafException {
- // check if End-Point is valid
- final String authUrlString = HttpUtils.extractAuthUrlFromRequest(req);
- URL authReqUrl;
- try {
- authReqUrl = new URL(authUrlString);
-
- } catch (final MalformedURLException e) {
- log.warn("Requested URL: {} is not a valid URL.", authUrlString);
- throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }, e);
-
- }
- //TODO remove
- final String idpAuthUrl = authConfig.validateIdpUrl(authReqUrl);
- if (idpAuthUrl == null) {
- log.warn("Requested URL: {} is NOT found in configuration.", authReqUrl);
- throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString });
-
- }
- return idpAuthUrl;
- }
-
- private List<Pair<String, Boolean>> getAdditionalRequiredAttributes() {
- final List<Pair<String, Boolean>> result = new ArrayList<>();
-
- // load attributes from configuration
- final Map<String, String> addReqAttributes = authConfig.getBasicConfigurationWithPrefix(
- IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST);
- for (final String el : addReqAttributes.values()) {
- if (StringUtils.isNotEmpty(el)) {
- log.trace("Parse additional attr. definition: " + el);
- final List<String> attr = KeyValueUtils.getListOfCsvValues(el.trim());
- if (attr.size() == 2) {
- result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1))));
-
- } else {
- log.info("IGNORE additional attr. definition: " + el
- + " Reason: Format not valid");
- }
- }
- }
-
- return result;
-
- }
+ // private List<Pair<String, Boolean>> getAdditionalRequiredAttributes() {
+ // final List<Pair<String, Boolean>> result = new ArrayList<>();
+ //
+ // // load attributes from configuration
+ // final Map<String, String> addReqAttributes = authConfig.getBasicConfigurationWithPrefix(
+ // IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST);
+ // for (final String el : addReqAttributes.values()) {
+ // if (StringUtils.isNotEmpty(el)) {
+ // log.trace("Parse additional attr. definition: " + el);
+ // final List<String> attr = KeyValueUtils.getListOfCsvValues(el.trim());
+ // if (attr.size() == 2) {
+ // result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1))));
+ //
+ // } else {
+ // log.info("IGNORE additional attr. definition: " + el
+ // + " Reason: Format not valid");
+ // }
+ // }
+ // }
+ //
+ // return result;
+ //
+ // }
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
index af1ef6f7..76f78a78 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
@@ -83,7 +83,8 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet
//step 15a
// get entityID for ms-specific eIDAS node
- final String msNodeEntityID = "TODO";
+ //TODO load from config
+ final String msNodeEntityID = "classpath:/data/idp_metadata_classpath_entity.xml";
if (StringUtils.isEmpty(msNodeEntityID)) {
log.info("eIDAS authentication not possible -> NO EntityID for central eIDAS node FOUND!");
@@ -130,6 +131,7 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet
//TODO
} catch (final Exception e) {
+ e.printStackTrace();
log.error("Initial search FAILED.", e);
throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e);
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyAuthConfigMap.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyAuthConfigMap.java
new file mode 100644
index 00000000..ba531029
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyAuthConfigMap.java
@@ -0,0 +1,144 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
+import org.apache.commons.lang3.StringUtils;
+
+/**
+ * Dummy Application-configuration implementation for jUnit tests.
+ *
+ * @author tlenz
+ *
+ */
+public class DummyAuthConfigMap implements IConfigurationWithSP {
+
+ private Map<String, String> config = new HashMap<>();
+
+ /**
+ * Empty Dummy Application-configuration.
+ *
+ */
+ public DummyAuthConfigMap() {
+
+ }
+
+ /**
+ * Dummy Application-configuration.
+ *
+ * @param configIs Property based configuration
+ * @throws IOException In case of an configuration read error
+ */
+ public DummyAuthConfigMap(final InputStream configIs) throws IOException {
+
+ final Properties props = new Properties();
+ props.load(configIs);
+
+ config = KeyValueUtils.convertPropertiesToMap(props);
+
+ }
+
+ /**
+ * Dummy Application-configuration.
+ *
+ * @param path Path to property based configuration
+ * @throws IOException In case of an configuration read error
+ */
+ public DummyAuthConfigMap(final String path) throws IOException {
+
+ final Properties props = new Properties();
+ props.load(this.getClass().getResourceAsStream(path));
+
+ config = KeyValueUtils.convertPropertiesToMap(props);
+
+ }
+
+
+ @Override
+ public String getBasicConfiguration(final String key) {
+ return config.get(key);
+
+ }
+
+ @Override
+ public String getBasicConfiguration(final String key, final String defaultValue) {
+ final String value = getBasicConfiguration(key);
+ if (StringUtils.isEmpty(value)) {
+ return defaultValue;
+ } else {
+ return value;
+ }
+
+ }
+
+ @Override
+ public boolean getBasicConfigurationBoolean(final String key) {
+ final String value = getBasicConfiguration(key);
+ if (StringUtils.isEmpty(value)) {
+ return false;
+ } else {
+ return Boolean.valueOf(value);
+ }
+ }
+
+ @Override
+ public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue) {
+ return Boolean.parseBoolean(getBasicConfiguration(key, String.valueOf(defaultValue)));
+
+ }
+
+ @Override
+ public Map<String, String> getBasicConfigurationWithPrefix(final String prefix) {
+ return KeyValueUtils.getSubSetWithPrefix(config, prefix);
+
+ }
+
+ @Override
+ public ISpConfiguration getServiceProviderConfiguration(final String uniqueID)
+ throws EaafConfigurationException {
+ return null;
+ }
+
+ @Override
+ public <T> T getServiceProviderConfiguration(final String spIdentifier, final Class<T> decorator)
+ throws EaafConfigurationException {
+ return null;
+ }
+
+ @Override
+ public URI getConfigurationRootDirectory() {
+ return new java.io.File(".").toURI();
+
+ }
+
+ @Override
+ public String validateIdpUrl(final URL authReqUrl) throws EaafException {
+ return authReqUrl.toString();
+ }
+
+ public void putConfigValue(final String key, final String value) {
+ config.put(key, value);
+ }
+
+ public void removeConfigValue(final String key) {
+ config.remove(key);
+
+ }
+
+ public void removeAll() {
+ config.clear();
+
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyOA.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyOA.java
new file mode 100644
index 00000000..cf879562
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyOA.java
@@ -0,0 +1,304 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
+import lombok.Getter;
+import lombok.Setter;
+
+public class DummyOA implements IAhSpConfiguration{
+
+ private static final long serialVersionUID = 1L;
+ private String uniqueAppId = null;
+ private String targetIdentifier = null;
+ private String friendlyName = null;
+ private String cc = "AT";
+ private final Map<String, String> config = new HashMap<>();
+ private final List<Pair<String, String>> reqAttributes = new ArrayList<>();
+
+ private boolean mandateEnabled = false;
+ private boolean onlyMandateEnabled = false;
+ private String mandateProfilesCsv;
+
+ private boolean eidasEnabled = false;
+
+ private boolean testCredentialEnabled = true;
+ private String additionalBpkTargetCsv;
+ private List<Pair<String, String>> additionalEncBpkTargets;
+
+ @Setter
+ private boolean restricted = true;
+
+ @Setter
+ private long latestVdaAuthentication = 60 * 365 * 5;
+
+ @Getter
+ @Setter
+ private boolean publicServiceProvider;
+
+ @Getter
+ @Setter
+ private boolean multiMandateEnabled;
+
+ @Setter
+ private String bmiUniqueIdentifier;
+
+ @Override
+ public Map<String, String> getFullConfiguration() {
+ return this.config;
+ }
+
+ @Override
+ public String getConfigurationValue(final String key) {
+ return this.config.get(key);
+ }
+
+ @Override
+ public String getConfigurationValue(final String key, final String defaultValue) {
+ if (StringUtils.isNotEmpty(getConfigurationValue(key))) {
+ return getConfigurationValue(key);
+ } else {
+ return defaultValue;
+ }
+ }
+
+ @Override
+ public boolean isConfigurationValue(final String key) {
+ if (StringUtils.isNotEmpty(getConfigurationValue(key))) {
+ return Boolean.valueOf(getConfigurationValue(key));
+ } else {
+ return false;
+ }
+
+ }
+
+ @Override
+ public boolean isConfigurationValue(final String key, final boolean defaultValue) {
+ return Boolean.parseBoolean(getConfigurationValue(key, String.valueOf(defaultValue)));
+
+ }
+
+ @Override
+ public boolean containsConfigurationKey(final String key) {
+ return this.config.containsKey(key);
+ }
+
+ @Override
+ public String getUniqueIdentifier() {
+ return this.uniqueAppId;
+ }
+
+ @Override
+ public String getUniqueApplicationRegisterIdentifier() {
+ return this.bmiUniqueIdentifier;
+
+ }
+
+ @Override
+ public String getFriendlyName() {
+ return this.friendlyName;
+ }
+
+ @Override
+ public boolean hasBaseIdInternalProcessingRestriction() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean hasBaseIdTransferRestriction() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public List<String> getTargetsWithNoBaseIdInternalProcessingRestriction() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<String> getTargetsWithNoBaseIdTransferRestriction() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<String> getRequiredLoA() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getLoAMatchingMode() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getAreaSpecificTargetIdentifier() {
+ return this.targetIdentifier;
+ }
+
+ @Override
+ public boolean isTestCredentialEnabled() {
+ return this.testCredentialEnabled;
+ }
+
+ @Override
+ public List<String> getTestCredentialOids() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<Pair<String, String>> getRequiredAttributes() {
+ return this.reqAttributes;
+
+ }
+
+ public void setUniqueAppId(final String uniqueAppId) {
+ this.uniqueAppId = uniqueAppId;
+ }
+
+ @Override
+ public String getCountryCode() {
+ return cc;
+ }
+
+ @Override
+ public void setCountryCode(final String cc) {
+ this.cc = cc;
+
+ }
+
+ public void setTargetIdentifier(final String targetIdentifier) {
+ this.targetIdentifier = BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(targetIdentifier);
+
+ }
+
+ public void setFriendlyName(final String friendlyName) {
+ this.friendlyName = friendlyName;
+ }
+
+ public void putGenericConfigurationKey(final String key, final String value) {
+ this.config.put(key, value);
+
+ }
+
+ public void addRequiredAttribute(final String attrUri) {
+ this.reqAttributes.add(Pair.newInstance(attrUri, null));
+
+ }
+
+ public void removeRequiredAttribute(final String attrUri) {
+ for (final Pair<String, String> el : reqAttributes) {
+ if (el.getFirst().equals(attrUri)) {
+ reqAttributes.remove(el);
+ break;
+
+ }
+
+
+ }
+ }
+
+ public void addRequiredAttribute(final String attrUri, String param) {
+ this.reqAttributes.add(Pair.newInstance(attrUri, param));
+
+ }
+
+ @Override
+ public boolean isMandateEnabled() {
+ return this.mandateEnabled;
+ }
+
+ @Override
+ public boolean isOnlyMandateEnabled() {
+ return this.onlyMandateEnabled;
+
+ }
+
+ @Override
+ public List<String> getMandateProfiles() {
+ return KeyValueUtils.getListOfCsvValues(mandateProfilesCsv);
+ }
+
+ @Override
+ public List<String> getAdditionalBpkTargets() {
+ return KeyValueUtils.getListOfCsvValues(additionalBpkTargetCsv);
+
+ }
+
+ @Override
+ public List<Pair<String, String>> getAdditionalForeignBpkTargets() {
+ if (additionalEncBpkTargets == null) {
+ return Collections.emptyList();
+
+ } else {
+ return additionalEncBpkTargets;
+
+ }
+ }
+
+ @Override
+ public long lastVdaAuthenticationDelay() {
+ return latestVdaAuthentication;
+
+ }
+
+ @Override
+ public boolean isRestrictedServiceProvider() {
+ return this.restricted ;
+ }
+
+
+ public void setMandateEnabled(final boolean mandateEnabled) {
+ this.mandateEnabled = mandateEnabled;
+ }
+
+ public void setOnlyMandateEnabled(final boolean onlyMandateEnabled) {
+ this.onlyMandateEnabled = onlyMandateEnabled;
+ }
+
+ public void setMandateProfilesCsv(final String mandateProfilesCsv) {
+ this.mandateProfilesCsv = mandateProfilesCsv;
+ }
+
+ public void setTestCredentialEnabled(final boolean testCredentialEnabled) {
+ this.testCredentialEnabled = testCredentialEnabled;
+ }
+
+ public void setAdditionalBpkTargetCsv(String additionalBpkTargetCsv) {
+ this.additionalBpkTargetCsv = additionalBpkTargetCsv;
+ }
+
+ public void setAdditionalEncBpkTargets(List<Pair<String, String>> additionalEncBpkTargets) {
+ this.additionalEncBpkTargets = additionalEncBpkTargets;
+ }
+
+ @Override
+ public boolean isEnabled() {
+ return true;
+ }
+
+ @Override
+ public boolean isEidasEnabled() {
+ return this.eidasEnabled;
+
+ }
+
+ public void setEidasEnabled(boolean eidasEnabled) {
+ this.eidasEnabled = eidasEnabled;
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/IAhSpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/IAhSpConfiguration.java
new file mode 100644
index 00000000..13d61f15
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/IAhSpConfiguration.java
@@ -0,0 +1,152 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy;
+
+import java.util.List;
+
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+
+public interface IAhSpConfiguration extends ISpConfiguration {
+
+
+ /**
+ * Flag if this Service Provider is enabled.
+ *
+ * @return true if the SP is enabled, otherwise false
+ */
+ boolean isEnabled();
+
+ /**
+ * Get unique identifier that is used in Application-Register from BM.I.
+ *
+ * <p>If no BM.I specific identifier is available then this method returns
+ * the same identifier as <code>getUniqueIdentifier()</code></p>
+ *
+ * @return unique identifier from BM.I AppReg, or generic uniqueId of no specific exists
+ */
+ String getUniqueApplicationRegisterIdentifier();
+
+ /**
+ * Flag that marks this Service-Provider as <i>public</i> or <i>private</i>.
+ *
+ * <p><b>Default:</b> If it is not set or has an unknown value, its <i>private</i> by default</p>
+ *
+ * @return <code>true</code> if it is from <i>public</i>, otherwise <code>false</code>
+ */
+ boolean isPublicServiceProvider();
+
+ /**
+ * Enable test identities for this Service Provider.
+ *
+ * @return true if test identities are allowed, otherwise false
+ */
+ boolean isTestCredentialEnabled();
+
+ /**
+ * Get a List of OID's that refine the set of allowed test identities.
+ *
+ * @return @link {@link List} of test-identity OID's
+ */
+ @Nullable
+ List<String> getTestCredentialOids();
+
+
+ /**
+ * Get a List of unique attribute URI's that are required by this SP.
+ *
+ * @return {@link List} of attribute URI's / parameter {@link Pair}s
+ */
+ List<Pair<String, String>> getRequiredAttributes();
+
+
+ /**
+ * Get the CountryCode for this service. <br>
+ * <br>
+ * <b>Default:</b> AT
+ *
+ * @return
+ */
+ String getCountryCode();
+
+ /**
+ * Set the CountryCode for this service. If not countryCode is set, AT is used as default.
+ *
+ * @param cc Service-Provider country-code
+ */
+ void setCountryCode(String cc);
+
+ /**
+ * Enable mandates for this service provider.
+ *
+ * @return <code>true</code> if mandates are enabled, otherwise <code>false</code>
+ */
+ boolean isMandateEnabled();
+
+ /**
+ * Enables multi-mandates for this service-provider.
+ *
+ * @return <code>true</code> if multi-mandates are enabled, otherwise <code>false</code>
+ */
+ boolean isMultiMandateEnabled();
+
+ /**
+ * Only mandates are allowed for this service provider.
+ *
+ * @return <code>true</code> if only mandates are allowed, otherwise <code>false</code>
+ */
+ boolean isOnlyMandateEnabled();
+
+ /**
+ * Get a {@link List} of mandate profiles that are supported by this Service provider.
+ *
+ * @return
+ */
+ @Nonnull List<String> getMandateProfiles();
+
+
+ /**
+ * eIDAS authentication allowed flag.
+ *
+ * @return <code>true</code> if eIDAS authentication is enabled, otherwise <code>false</code>
+ */
+ boolean isEidasEnabled();
+
+ /**
+ * Get a List of targets for additional bPKs that are required by this service provider.
+ *
+ * @return List of prefixed bPK targets
+ */
+ @Nonnull List<String> getAdditionalBpkTargets();
+
+ /**
+ * Get a list of foreign bPK targets that are required by this service provider.
+ *
+ * @return List of pairs with prefixed bPK targets as first element and VKZ as second element
+ */
+ @Nonnull List<Pair<String, String>> getAdditionalForeignBpkTargets();
+
+ /**
+ * Flag that indicates that service-provider as restricted or unrestricted.
+ *
+ * <p>A restricted service-provider can only used by test-identities that contains a
+ * valid application-restriction in User-Certificate Pinning</p>
+ *
+ * <p><b>Default:</b> true</p>
+ *
+ * @return <code>true</code> if it is restricted, otherwise <code>false</code>
+ */
+ boolean isRestrictedServiceProvider();
+
+
+/**
+ * Defines the time in minutes how long the last VDA registration h@Override
+ ave passed as maximum.
+ *
+ * @return time in minutes
+ */
+long lastVdaAuthenticationDelay();
+
+}
+
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java
new file mode 100644
index 00000000..379f64ee
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java
@@ -0,0 +1,346 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateMobilePhoneSignatureRequestTask;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyAuthConfigMap;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.schema.XSString;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.util.Base64;
+import java.util.Map;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@TestPropertySource(locations = {"classpath:/config/junit_config_1-.properties" })
+//@ContextConfiguration({"/spring/SpringTest-context_mapConfig_full.xml", "classpath:/spring/test_eaaf_core.beans.xml"})
+//@TestPropertySource(locations = { "classpath:/config/junit_config_1_springboot.properties" })
+@ContextConfiguration(locations = {
+ "/SpringTest-context_tasks_test1.xml",
+ "/SpringTest-context_basic_mapConfig1.xml"
+})
+
+public class GenerateMobilePhoneSignatureRequestTaskTest {
+
+ private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml";
+ private static final String METADATA_SP_PATH = "classpath:/data/sp_metadata_junit.xml";
+
+ @Autowired(required = true)
+ private ApplicationContext context;
+ @Autowired(required = true)
+ protected DummyAuthConfigMap authConfig;
+ @Autowired
+ private IdAustriaClientAuthMetadataProvider metadataProvider;
+ @Autowired
+ private PvpMetadataResolverFactory metadataFactory;
+ @Autowired
+ private DummyGuiBuilderConfigurationFactory guiBuilderConfigFactory;
+// @Autowired
+// private SamlVerificationEngine samlVerifyEngine;
+// @Autowired
+// private ITransactionStorage transactionStorage;
+
+ final ExecutionContext executionContext = new ExecutionContextImpl();
+ private MockHttpServletRequest httpReq;
+ private MockHttpServletResponse httpResp;
+ private TestRequestImpl pendingReq;
+ private DummyOA oaParam;
+
+ private GenerateMobilePhoneSignatureRequestTask task;
+
+ /**
+ * JUnit class initializer.
+ *
+ * @throws Exception In case of an OpenSAML3 initialization error
+ */
+ @BeforeClass
+ public static void initialize() throws Exception {
+ EaafOpenSaml3xInitializer.eaafInitialize();
+
+ }
+
+ /**
+ * jUnit test set-up.
+ *
+ * @throws Exception In case of an set-up error
+ */
+ @Before
+ public void setUp() throws Exception {
+ task = (GenerateMobilePhoneSignatureRequestTask) context.getBean("GenerateMobilePhoneSignatureRequestTask");
+
+ httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
+ httpResp = new MockHttpServletResponse();
+ RequestContextHolder.resetRequestAttributes();
+ RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+ authConfig.putConfigValue("modules.idaustriaclient.request.sign.alias", "sig");
+
+ oaParam = new DummyOA();
+ oaParam.setUniqueAppId("http://test.com/test");
+ oaParam.setBmiUniqueIdentifier(oaParam.getUniqueIdentifier() + "#" + RandomStringUtils.randomAlphanumeric(5));
+ oaParam.setTargetIdentifier(
+ EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2));
+ oaParam.setEidasEnabled(true);
+ oaParam.putGenericConfigurationKey(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, null);
+ // oaParam.setMandateProfilesCsv(
+ // RandomStringUtils.randomAlphabetic(5)
+ // + "," + RandomStringUtils.randomAlphabetic(5)
+ // + "," + RandomStringUtils.randomAlphabetic(5));
+
+ pendingReq = new TestRequestImpl();
+ pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+ pendingReq.setSpConfig(oaParam);
+ pendingReq.setAuthUrl("https://localhost/authhandler");
+
+ metadataProvider.fullyDestroy();
+ guiBuilderConfigFactory.setVelocityBuilderConfig(createDummyGuiConfig());
+
+ }
+
+ @Test
+ public void noMetadataAvailableOnGlobalConfig() {
+ authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID,
+ RandomStringUtils.randomAlphabetic(10));
+
+ try {
+ task.execute(pendingReq, executionContext);
+ Assert.fail();
+
+ } catch (final TaskExecutionException e) {
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("module.eidasauth.02",
+ ((EaafConfigurationException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void noMetadataAvailableOnSpConfig() {
+ oaParam.putGenericConfigurationKey(IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL,
+ RandomStringUtils.randomAlphabetic(10));
+
+ try {
+ task.execute(pendingReq, executionContext);
+ Assert.fail();
+
+ } catch (final TaskExecutionException e) {
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("module.eidasauth.02",
+ ((EaafConfigurationException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void noMetadataSigningKeyStore() throws Pvp2MetadataException {
+ oaParam.putGenericConfigurationKey(IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL,
+ METADATA_PATH);
+
+ authConfig.removeConfigValue("modules.idaustriaclient.request.sign.alias");
+
+ metadataProvider.addMetadataResolverIntoChain(
+ metadataFactory.createMetadataProvider(METADATA_PATH, null, "jUnitTest", null));
+
+ try {
+ task.execute(pendingReq, executionContext);
+ Assert.fail();
+
+ } catch (final TaskExecutionException e) {
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(CredentialsNotAvailableException.class,
+ e.getOriginalException());
+ Assert.assertEquals("internal.pvp.01",
+ ((CredentialsNotAvailableException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void success() throws Exception {
+ oaParam.putGenericConfigurationKey(IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL,
+ METADATA_PATH);
+ metadataProvider.addMetadataResolverIntoChain(
+ metadataFactory.createMetadataProvider(METADATA_PATH, null, "jUnitTest", null));
+ pendingReq.setTransactionId(RandomStringUtils.randomAlphanumeric(10));
+
+ task.execute(pendingReq, executionContext);
+
+ final EaafRequestedAttributes reqAttr = validate();
+ Assert.assertEquals("#Req Attribute", 2, reqAttr.getAttributes().size());
+
+ Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.transactionId",
+ reqAttr.getAttributes().get(0).getName());
+ Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(0).getAttributeValues());
+ Assert.assertEquals("#Req. Attr value", 1,
+ reqAttr.getAttributes().get(0).getAttributeValues().size());
+ org.springframework.util.Assert.isInstanceOf(XSString.class,
+ reqAttr.getAttributes().get(0).getAttributeValues().get(0), "Wrong requested Attributes Value type");
+ Assert.assertEquals("Req. Attr. Value", pendingReq.getUniqueTransactionIdentifier(),
+ ((XSString) reqAttr.getAttributes().get(0).getAttributeValues().get(0)).getValue());
+
+ Assert.assertEquals("Wrong req attr.", "urn:oid:1.2.40.0.10.2.1.1.261.34",
+ reqAttr.getAttributes().get(1).getName());
+ Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(1).getAttributeValues());
+ Assert.assertEquals("#Req. Attr value", 1,
+ reqAttr.getAttributes().get(1).getAttributeValues().size());
+ org.springframework.util.Assert.isInstanceOf(XSString.class,
+ reqAttr.getAttributes().get(1).getAttributeValues().get(0), "Wrong requested Attributes Value type");
+ Assert.assertEquals("Req. Attr. Value", oaParam.getAreaSpecificTargetIdentifier(),
+ ((XSString) reqAttr.getAttributes().get(1).getAttributeValues().get(0)).getValue());
+
+ }
+
+ private EaafRequestedAttributes validate() throws Exception {
+ Assert.assertEquals("HTTP Statuscode", 200, httpResp.getStatus());
+ Assert.assertEquals("ContentType", "text/html;charset=UTF-8", httpResp.getContentType());
+ Assert.assertEquals("ContentEncoding", "UTF-8", httpResp.getCharacterEncoding());
+
+ final String html = httpResp.getContentAsString();
+ Assert.assertNotNull("XML Metadata", html);
+
+ final int startIndex = html.indexOf("SAMLRequest=");
+ Assert.assertTrue("No SAMLRequest in html", startIndex >= 0);
+ final String authnXml = html.substring(startIndex + "SAMLRequest=".length());
+ //TODO why do i have to do that?? => remove "} from end
+// String authnXml2 = authnXml1.substring(0,authnXml1.length()-2);
+
+ //check if relaystate was stored
+ final int startIndexRelayState = html.indexOf("RelayState=");
+ Assert.assertTrue("wrong RelayState in HTML",
+ startIndexRelayState >= 0);
+ String relayState = html.substring(startIndexRelayState + "RelayState=".length(), startIndex);
+// String storedPendingReqId = transactionStorage.get(relayState, String.class);
+// Assert.assertEquals("relayStore not map to pendingRequestId",
+// pendingReq.getPendingRequestId(), storedPendingReqId);
+
+
+ final AuthnRequest authnRequest = (AuthnRequest) XMLObjectSupport.unmarshallFromInputStream(
+ XMLObjectProviderRegistrySupport.getParserPool(), new ByteArrayInputStream(
+ Base64.getDecoder().decode(authnXml)));
+
+ Assert.assertNotNull("AuthnReq", authnRequest);
+ Assert.assertNotNull("Issuer", authnRequest.getIssuer());
+ Assert.assertEquals("EntityId",
+ "https://localhost/authhandler" + IdAustriaClientAuthConstants.ENDPOINT_METADATA,
+ authnRequest.getIssuer().getValue());
+
+ //check XML scheme
+ Saml2Utils.schemeValidation(authnRequest);
+
+
+ //check signature
+ final PvpSProfileRequest msg = new PvpSProfileRequest(
+ authnRequest,
+ SAMLConstants.SAML2_POST_BINDING_URI);
+ msg.setEntityID(authnRequest.getIssuer().getValue());
+ metadataProvider.addMetadataResolverIntoChain(
+ metadataFactory.createMetadataProvider(METADATA_SP_PATH, null, "jUnit SP", null));
+// samlVerifyEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+//TODO
+ //check other elements
+// Assert.assertNotNull("Proxy-Scope", authnRequest.getScoping());
+// Assert.assertNotNull("RequesterIds", authnRequest.getScoping().getRequesterIDs());
+// Assert.assertEquals("#RequesterIds", 1, authnRequest.getScoping().getRequesterIDs().size());
+// Assert.assertEquals("RequesterId", oaParam.getUniqueApplicationRegisterIdentifier(),
+// authnRequest.getScoping().getRequesterIDs().get(0).getRequesterID());
+
+ Assert.assertNotNull("RequestedAuthnContext", authnRequest.getRequestedAuthnContext());
+ Assert.assertNotNull("AuthnContextClassRef",
+ authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs());
+ Assert.assertEquals("#AuthnContextClassRef", 1,
+ authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().size());
+ Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/high",
+ authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().get(0).getAuthnContextClassRef());
+
+ Assert.assertNotNull("Extensions", authnRequest.getExtensions());
+ Assert.assertFalse("No Requested attributes",
+ authnRequest.getExtensions().getUnknownXMLObjects().isEmpty());
+
+ Assert.assertEquals("#ReqAttributes", 1, authnRequest.getExtensions().getUnknownXMLObjects().size());
+ org.springframework.util.Assert.isInstanceOf(EaafRequestedAttributes.class,
+ authnRequest.getExtensions().getUnknownXMLObjects().get(0), "No Requested Attributes object");
+
+ return (EaafRequestedAttributes) authnRequest.getExtensions().getUnknownXMLObjects().get(0);
+ }
+
+ private IVelocityGuiBuilderConfiguration createDummyGuiConfig() {
+ return new IVelocityGuiBuilderConfiguration() {
+
+ @Override
+ public Map<String, Object> getViewParameters() {
+ return null;
+ }
+
+ @Override
+ public String getViewName() {
+ return "SAML2 Post-Binding";
+ }
+
+ @Override
+ public String getDefaultContentType() {
+ return null;
+ }
+
+ @Override
+ public InputStream getTemplate(String viewName) {
+ return GenerateMobilePhoneSignatureRequestTaskTest.class.getResourceAsStream("/data/pvp_postbinding_template.html");
+ }
+
+ @Override
+ public String getClasspathTemplateDir() {
+ return null;
+
+ }
+ };
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_mapConfig1.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_mapConfig1.xml
new file mode 100644
index 00000000..56c7ed6e
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_mapConfig1.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <context:annotation-config />
+
+<!-- <bean id="dummyMapBasedConfiguration"-->
+<!-- class="at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap">-->
+<!-- <constructor-arg value="/config/junit_config_1.properties" />-->
+<!-- <property name="configRootDirSufix" value="src/test/resources/config" />-->
+<!-- </bean>-->
+ <bean id="DummyAuthConfigMap"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyAuthConfigMap">
+ <constructor-arg value="/config/junit_config_1-.properties" />
+ </bean>
+
+</beans> \ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test1.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test1.xml
new file mode 100644
index 00000000..8363eb50
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test1.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <context:annotation-config />
+
+
+
+<!-- <bean id="SZRClientForeIDAS"-->
+<!-- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient" />-->
+
+ <!-- <bean id="eIDASDataStore" class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.eIDASDataStore"
+ /> -->
+
+ <bean id="springManagedSpecificConnectorCommunicationService"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService" />
+
+ <bean id="specificConnectorAttributesFileWithPath"
+ class="java.lang.String">
+ <constructor-arg
+ value="src/test/resources/config/eidas-attributes.xml" />
+ </bean>
+
+ <bean id="specificConnectorAdditionalAttributesFileWithPath"
+ class="java.lang.String">
+ <constructor-arg
+ value="src/test/resources/config/additional-attributes.xml" />
+ </bean>
+
+ <bean id="attributeRegistry"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry">
+ <property name="eidasAttributesFile"
+ ref="specificConnectorAttributesFileWithPath" />
+ <property name="additionalAttributesFile"
+ ref="specificConnectorAdditionalAttributesFileWithPath" />
+ </bean>
+
+ <bean id="EIDPostProcessingService"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService" />
+
+ <bean id="DE-PostProcessor"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeEidProcessor">
+ <property name="priority" value="1" />
+ </bean>
+
+ <bean id="eIDASAuthModule"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasAuthenticationModulImpl">
+ <property name="priority" value="2" />
+ </bean>
+
+ <bean id="Default-PostProcessor"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor">
+ <property name="priority" value="0" />
+ </bean>
+
+</beans> \ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test1.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test1.xml
new file mode 100644
index 00000000..7a1719d3
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test1.xml
@@ -0,0 +1,145 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xmlns:mvc="http://www.springframework.org/schema/mvc"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
+ http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
+
+ <context:annotation-config />
+ <mvc:annotation-driven />
+ <mvc:default-servlet-handler />
+
+
+ <import resource="SpringTest-context_authManager.xml" />
+ <import resource="SpringTest-context_basic_test1.xml" />
+
+ <bean id="mvcGUIBuilderImpl"
+ class="at.asitplus.eidas.specific.connector.gui.SpringMvcGuiFormBuilderImpl" />
+
+ <bean id="springManagedSpecificConnectorCommunicationService"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService" />
+
+ <bean id="specificConnectorAttributesFileWithPath"
+ class="java.lang.String">
+ <constructor-arg
+ value="src/test/resources/config/eidas-attributes.xml" />
+ </bean>
+
+ <bean id="specificConnectorAdditionalAttributesFileWithPath"
+ class="java.lang.String">
+ <constructor-arg
+ value="src/test/resources/config/additional-attributes.xml" />
+ </bean>
+
+ <bean id="attributeRegistry"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry">
+ <property name="eidasAttributesFile"
+ ref="specificConnectorAttributesFileWithPath" />
+ <property name="additionalAttributesFile"
+ ref="specificConnectorAdditionalAttributesFileWithPath" />
+ </bean>
+
+ <bean id="authBlockSigningService"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.AuthBlockSigningService" />
+
+ <bean id="EidasSignalServlet"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet" />
+
+ <!-- Authentication Process Tasks -->
+ <bean id="ConnecteIDASNodeTask"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask"
+ scope="prototype" />
+
+ <bean id="ReceiveResponseFromeIDASNodeTask"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAuthnResponseTask"
+ scope="prototype" />
+
+ <bean id="CreateIdentityLinkTask"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask"
+ scope="prototype" />
+
+ <bean id="InitialSearchTask"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.InitialSearchTask"
+ scope="prototype" />
+
+ <bean id="ErnbClientForeIDAS"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.DummyErnpClient" />
+
+ <bean id="ZmrClientForeIDAS"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.DummyZmrClient" />
+
+ <bean id="DE-Specific-Search"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeSpecificDetailSearchProcessor">
+ </bean>
+
+ <bean id="IT-Specific-Search"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ItSpecificDetailSearchProcessor">
+ </bean>
+
+ <bean id="CreateNewErnpEntryTask"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateNewErnpEntryTask"
+ scope="prototype" />
+
+ <bean id="GenerateGuiTask"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateLoginMethodGuiTask"
+ scope="prototype" />
+
+ <bean id="GenerateMobilePhoneSignatureRequestTask"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateMobilePhoneSignatureRequestTask"
+ scope="prototype" />
+
+ <bean id="ReceiveGuiResponseTask"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveLoginMethodGuiResponseTask"
+ scope="prototype" />
+
+ <bean id="ReceiveMobilePhoneSignatureResponseTask"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask"
+ scope="prototype" />
+
+ <bean id="GenerateGuiQueryAustrianResidenceTask"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateGuiQueryAustrianResidenceTask"
+ scope="prototype" />
+
+ <bean id="ReceiveGuiAustrianResidenceResponseTask"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveGuiAustrianResidenceResponseTask"
+ scope="prototype" />
+
+ <bean id="idAustriaClientAuthCredentialProvider"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider" />
+
+ <bean id="idAustriaClientAuthMetadataProvider"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider" />
+
+ <bean id="idAustriaClientAuthMetadataController"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" />
+
+ <bean id="idAustriaClientPvpMetadataResolverFactory"
+ class="at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory" />
+
+ <bean id="pvpMetadataBuilder"
+ class="at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder" />
+
+ <bean id="idAustriaAuthPvpConfiguration"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaAuthPvpConfiguration" />
+
+ <bean id="PvpAuthnRequestBuilder"
+ class="at.gv.egiz.eaaf.modules.pvp2.sp.impl.PvpAuthnRequestBuilder" />
+
+<!-- <bean id="DummyAuthConfigMap"-->
+<!-- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyAuthConfigMap" />-->
+
+ <bean id="PvpPostBinding"
+ class="at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding" />
+
+ <bean id="IVelocityGuiFormBuilder"
+ class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyVelocityGuiFormBuilder" />
+ <bean id="IGuiBuilderConfigurationFactory"
+ class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory" />
+
+</beans> \ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1-.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1-.properties
new file mode 100644
index 00000000..28f1552c
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1-.properties
@@ -0,0 +1,252 @@
+## Basic service configuration
+eidas.ms.context.url.prefix=
+eidas.ms.context.url.request.validation=false
+
+eidas.ms.context.use.clustermode=true
+
+##Monitoring
+eidas.ms.monitoring.eIDASNode.metadata.url=
+
+
+##Specific logger configuration
+eidas.ms.technicallog.write.MDS.into.techlog=true
+eidas.ms.revisionlog.write.MDS.into.revisionlog=true
+eidas.ms.revisionlog.logIPAddressOfUser=true
+
+##Directory for static Web content
+eidas.ms.webcontent.static.directory=webcontent/
+eidas.ms.webcontent.templates=templates/
+eidas.ms.webcontent.properties=properties/messages
+
+## extended validation of pending-request Id's
+eidas.ms.core.pendingrequestid.maxlifetime=300
+eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256
+eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret
+
+## eIDAS Ref. Implementation connector ###
+eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector
+eidas.ms.auth.eIDAS.node_v2.forward.endpoint=
+eidas.ms.auth.eIDAS.node_v2.forward.method=POST
+eidas.ms.auth.eIDAS.node_v2.countrycode=AT
+eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.*
+eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true
+eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true
+eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true
+eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs=myNode
+
+eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high
+
+eidas.ms.auth.eIDAS.szrclient.useTestService=true
+eidas.ms.auth.eIDAS.szrclient.endpoint.prod=
+eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr
+eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/.....
+eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password=
+eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path=
+eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password=
+eidas.ms.auth.eIDAS.szrclient.timeout.connection=15
+eidas.ms.auth.eIDAS.szrclient.timeout.response=30
+eidas.ms.auth.eIDAS.szrclient.params.vkz=
+
+eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false
+
+
+eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s
+eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair
+eidas.ms.auth.eIDAS.authblock.keystore.path=./../keystore/teststore.jks
+eidas.ms.auth.eIDAS.authblock.keystore.type=jks
+eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair1
+eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s
+
+
+#Raw eIDAS Id data storage
+eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true
+
+eidas.ms.auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true
+eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true
+
+eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true
+eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=true
+
+##without mandates
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.2=FirstName,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.3=DateOfBirth,true
+
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.4=PlaceOfBirth,false
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.5=BirthName,false
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.6=Gender,false
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.7=CurrentAddress,false
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.8=testtest,false
+
+##with mandates ---- NOT FULLY SUPPORTED AT THE MOMENT -----
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.0=PersonIdentifier,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.1=FamilyName,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.2=FirstName,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.3=DateOfBirth,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true
+
+
+## PVP2 S-Profile end-point configuration
+eidas.ms.pvp2.keystore.path=keys/.....
+eidas.ms.pvp2.keystore.password=
+eidas.ms.pvp2.key.metadata.alias=
+eidas.ms.pvp2.key.metadata.password=
+eidas.ms.pvp2.key.signing.alias=
+eidas.ms.pvp2.key.signing.password=
+eidas.ms.pvp2.metadata.validity=24
+
+## Service Provider configuration
+eidas.ms.sp.0.uniqueID=
+eidas.ms.sp.0.pvp2.metadata.truststore=
+eidas.ms.sp.0.pvp2.metadata.truststore.password=
+eidas.ms.sp.0.newEidMode=true
+
+#eidas.ms.sp.0.friendlyName=
+#eidas.ms.sp.0.pvp2.metadata.url=
+#eidas.ms.sp.0.policy.allowed.requested.targets=.*
+#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false
+
+
+##only for advanced config
+eidas.ms.configuration.sp.disableRegistrationRequirement=
+eidas.ms.configuration.restrictions.baseID.spTransmission=
+eidas.ms.configuration.auth.default.countrycode=
+eidas.ms.configuration.pvp.scheme.validation=
+eidas.ms.configuration.pvp.enable.entitycategories=
+
+
+
+
+## PVP2 S-Profile ID Austria client configuration
+
+eidas.ms.modules.idaustriaclient.keystore.path=../keystore/junit_test.jks
+eidas.ms.modules.idaustriaclient.keystore.password=password
+eidas.ms.modules.idaustriaclient.keystore.type=jks
+
+eidas.ms.modules.idaustriaclient.metadata.sign.alias=meta
+eidas.ms.modules.idaustriaclient.metadata.sign.password=password
+eidas.ms.modules.idaustriaclient.request.sign.alias=sig
+eidas.ms.modules.idaustriaclient.request.sign.password=password
+eidas.ms.modules.idaustriaclient.response.encryption.alias=enc
+eidas.ms.modules.idaustriaclient.response.encryption.password=password
+
+eidas.ms.modules.idaustriaclient.truststore.path=../keystore/junit_test.jks
+eidas.ms.modules.idaustriaclient.truststore.password=password
+eidas.ms.modules.idaustriaclient.truststore.type=jks
+
+eidas.ms.modules.idaustriaclient.node.entityId=
+eidas.ms.modules.idaustriaclient.sp.entityId=
+eidas.ms.modules.idaustriaclient.node.metadataUrl=
+
+eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit
+eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit
+eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test
+eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max
+eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann
+eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test
+
+
+
+
+
+
+auth.eIDAS.authblock.key.alias=connectorkeypair
+auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s
+auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair
+auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s
+auth.eIDAS.authblock.keystore.path=.//src/test/resources/keystore/teststore.jks
+auth.eIDAS.authblock.keystore.type=jks
+auth.eIDAS.node_v2.attributes.requested.de.onlynatural.4=PlaceOfBirth,false
+auth.eIDAS.node_v2.attributes.requested.de.onlynatural.5=BirthName,false
+auth.eIDAS.node_v2.attributes.requested.de.onlynatural.6=Gender,false
+auth.eIDAS.node_v2.attributes.requested.de.onlynatural.7=CurrentAddress,false
+auth.eIDAS.node_v2.attributes.requested.de.onlynatural.8=testtest,false
+auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true
+auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true
+auth.eIDAS.node_v2.attributes.requested.onlynatural.2=FirstName,true
+auth.eIDAS.node_v2.attributes.requested.onlynatural.3=DateOfBirth,true
+auth.eIDAS.node_v2.attributes.requested.representation.0=PersonIdentifier,true
+auth.eIDAS.node_v2.attributes.requested.representation.1=FamilyName,true
+auth.eIDAS.node_v2.attributes.requested.representation.2=FirstName,true
+auth.eIDAS.node_v2.attributes.requested.representation.3=DateOfBirth,true
+auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,true
+auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true
+auth.eIDAS.node_v2.countrycode=AT
+auth.eIDAS.node_v2.entityId=ownSpecificConnector
+auth.eIDAS.node_v2.forward.endpoint=
+auth.eIDAS.node_v2.forward.method=POST
+auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high
+auth.eIDAS.node_v2.publicSectorTargets=.*
+auth.eIDAS.node_v2.staticProviderNameForPublicSPs=myNode
+auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true
+auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true
+auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true
+auth.eIDAS.szrclient.debug.logfullmessages=true
+auth.eIDAS.szrclient.debug.useDummySolution=true
+auth.eIDAS.szrclient.endpoint.prod=
+auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr
+auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true
+auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true
+auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false
+auth.eIDAS.szrclient.params.vkz=
+auth.eIDAS.szrclient.ssl.keyStore.password=
+auth.eIDAS.szrclient.ssl.keyStore.path=keys/.....
+auth.eIDAS.szrclient.ssl.trustStore.password=
+auth.eIDAS.szrclient.ssl.trustStore.path=
+auth.eIDAS.szrclient.timeout.connection=15
+auth.eIDAS.szrclient.timeout.response=30
+auth.eIDAS.szrclient.useTestService=true
+auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true
+configuration.auth.default.countrycode=
+configuration.pvp.enable.entitycategories=
+configuration.pvp.scheme.validation=
+configuration.restrictions.baseID.spTransmission=
+configuration.sp.disableRegistrationRequirement=
+context.url.prefix=
+context.url.request.validation=false
+context.use.clustermode=true
+core.pendingrequestid.digist.algorithm=HmacSHA256
+core.pendingrequestid.digist.secret=pendingReqIdSecret
+core.pendingrequestid.maxlifetime=300
+modules.idaustriaclient.keystore.password=password
+modules.idaustriaclient.keystore.path=.//src/test/resources/keystore/junit_test.jks
+modules.idaustriaclient.keystore.type=jks
+modules.idaustriaclient.metadata.contact.email=max@junit.test
+modules.idaustriaclient.metadata.contact.givenname=Max
+modules.idaustriaclient.metadata.contact.surname=Mustermann
+modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit
+modules.idaustriaclient.metadata.organisation.name=JUnit
+modules.idaustriaclient.metadata.organisation.url=http://junit.test
+modules.idaustriaclient.metadata.sign.alias=meta
+modules.idaustriaclient.metadata.sign.password=password
+modules.idaustriaclient.node.entityId=
+modules.idaustriaclient.node.metadataUrl=
+modules.idaustriaclient.request.sign.alias=sig
+modules.idaustriaclient.request.sign.password=password
+modules.idaustriaclient.response.encryption.alias=enc
+modules.idaustriaclient.response.encryption.password=password
+modules.idaustriaclient.sp.entityId=
+modules.idaustriaclient.truststore.password=password
+modules.idaustriaclient.truststore.path=./src/test/resources/keystore/junit_test.jks
+modules.idaustriaclient.truststore.type=jks
+monitoring.eIDASNode.metadata.url=
+pvp2.key.metadata.alias=
+pvp2.key.metadata.password=
+pvp2.key.signing.alias=
+pvp2.key.signing.password=
+pvp2.keystore.password=
+pvp2.keystore.path=keys/.....
+pvp2.metadata.validity=24
+revisionlog.logIPAddressOfUser=true
+revisionlog.write.MDS.into.revisionlog=true
+sp.0.newEidMode=true
+sp.0.pvp2.metadata.truststore.password=
+sp.0.pvp2.metadata.truststore=
+sp.0.uniqueID=
+technicallog.write.MDS.into.techlog=true
+webcontent.properties=properties/messages
+webcontent.static.directory=webcontent/
+webcontent.templates=templates/
+
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_classpath_entity.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_classpath_entity.xml
new file mode 100644
index 00000000..080a189f
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/idp_metadata_classpath_entity.xml
@@ -0,0 +1,146 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<md:EntityDescriptor
+ xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+ ID="_1a48ec3432f2f3ba6222724a5b06f873"
+ entityID="classpath:/data/idp_metadata_classpath_entity.xml"
+ validUntil="2045-02-06T08:47:26.211Z">
+ <md:IDPSSODescriptor
+ WantAuthnRequestsSigned="true"
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <md:KeyDescriptor use="signing">
+ <ds:KeyInfo
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>MIIDMzCCAhsCBFtIcPowDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH
+ SVoxJDAiBgNVBAsMG2NlbnRyYWwgbmF0aW9uYWwgZUlEQVMgbm9kZTEaMBgGA1UEAwwRQXNzZXJ0
+ aW9uIHNpZ25pbmcwHhcNMTgwNzEzMDkyOTMwWhcNMjEwNDA3MDkyOTMwWjBeMQswCQYDVQQGEwJB
+ VDENMAsGA1UECgwERUdJWjEkMCIGA1UECwwbY2VudHJhbCBuYXRpb25hbCBlSURBUyBub2RlMRow
+ GAYDVQQDDBFBc3NlcnRpb24gc2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ AJ5zDYxMPRcz6AHaev1tS46Tq8sdgbGFM56uxk6c7LmMDC+HTzNX/3Q5S/YwSzgL3ue5TSw1ltOf
+ yMXMZ6D0+buWWcsxGEkQ8M3adKRFdQrEwafzwTA7pguq5WiHOkr4qwR7dLMome9z5cc3LRcwdOPP
+ gq7ahb5jM3hRqc5xkMWIuvql0NFXPzlHrjDLwy5nIWPOhL5abhVt4YsXbpbjXxFSGkDEAZ32K3EU
+ LNBr9FSUmJfbrVX9AU2T+BKIwiqXP8e/3UJHgPHQ0l5ljWp5P6u5+tvM21o8sUM4eArRa8BkdRsP
+ C92GVuASSUz2ZJ3JhAK1cSM8bnvaZVLQtTvPMAcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAp7z
+ TubWXW6YMpyLSvWBdZiiQ3X66XpSZLZJDIAkoPzEY0DSBp8I5YASIx4JTR5XJt+6MI9acgNIAYW8
+ DhtRwUMVaRWEtuCrfKhGLWm5KSxnhPcD3lzRZhY4ZcA7dUlirjf6hnqo2TFEmJ9fkM+rxwy1GkDD
+ 7j2YDSOFmSq9/Ud9/IbIfSnRu/lO0dh7iRrmg3y0Y/+plPxYmp4AHqehP11OchTz2FGGHVsSC2Vs
+ IVBQI6ANZYyOlicgfEEFHA06jP9OnA0EwEFr2P+di9caZg8vfibyzxMGeuf6CY0c0eLHokBCn2W8
+ vkzvWiER3pozRvCmXFjCVZfRjUunaJf2ow==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ <ds:X509Data>
+ <ds:X509Certificate>MIIC+DCCAeCgAwIBAgIEXh7TbTANBgkqhkiG9w0BAQsFADA+MQswCQYDVQQGEwJB
+ VDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxEDAOBgNVBAMMB3NpZ25p
+ bmcwHhcNMjAwMTE1MDg1NTA5WhcNMjkwMTE0MDg1NTA5WjA+MQswCQYDVQQGEwJB
+ VDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxEDAOBgNVBAMMB3NpZ25p
+ bmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUSiRjnDvPafZfhJ+L
+ 1wM86FKJX3VIAV/8TD9qJ6HOBkn5WwYfpheyCfRb6XVDyIGpO8qnMWAgC17Ngbmh
+ zj8d8HXNQ2l3uppMv24oUTfXyYhQfZWAghx0sTlRIx/ZmlnduJilx2S53Sa7ruJw
+ lQcBFXj9h9B8dtyegc86Sx6D9BumP1xU7+mEBk8Gv9rR5Khg0Y7qGfZWB0t4aikg
+ aupWveVwiGifOOSfR8czqIg9qUpMYfZiTEBTSRmN6sPiNWhd4J0GyAI9Rn5C9jz/
+ sSlQrxpN+4DXzsqSU5F6gzq3yRux6wyOzDlt2birf21VPQ9HIy4YCjZXwgDWG7AO
+ 821pAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADnwdaxUtQU6SIpYwIb2c0ljTmQi
+ 7ryUcUpNHtK0M0E5Mw5Ex8zwrWbNQZ2sUyc4r07M66iOIqHsYZUQlRYvVKHifDpA
+ r8TCgD7iGGdB3By8Ou0RaNW+03w1fwmi98CufbHCGvpv0o2KxlejoHZminNdQ79i
+ bN+01nhocezJQATEQlnwHLiQSjilXpZeLYDk8HbrcUXNRxezN4ChdH+uU54vf+Ux
+ qcj9QHcmBe1+BM8EXfqS1DbTwZl+NTCnh5OYl8fvIFSOHMBxwFrI4pyY0faxg9Uc
+ rCogn/oQ+mV1gnVUDaDhvvEnVGZQtrlt7heVId2BeNellVgsrcmdW8j4U9U=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ <ds:X509Data>
+ <ds:X509Certificate>MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDEN
+ MAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRh
+ MB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQx
+ DTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0
+ YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SY
+ O4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYI
+ KoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImn
+ AiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </md:KeyDescriptor>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+ </md:NameIDFormat>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+ </md:NameIDFormat>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+ </md:NameIDFormat>
+ <md:SingleSignOnService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+ Location="https://vidp.gv.at/ms_connector/pvp/post" />
+ <md:SingleSignOnService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ Location="https://vidp.gv.at/ms_connector/pvp/redirect" />
+ <saml2:Attribute
+ xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149"
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+ <saml2:Attribute
+ xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55"
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+ <saml2:Attribute
+ xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ FriendlyName="PRINCIPAL-NAME"
+ Name="urn:oid:1.2.40.0.10.2.1.1.261.20"
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+ <saml2:Attribute
+ xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ FriendlyName="EID-CCS-URL" Name="urn:oid:1.2.40.0.10.2.1.1.261.64"
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+ <saml2:Attribute
+ xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ FriendlyName="EID-ISSUING-NATION"
+ Name="urn:oid:1.2.40.0.10.2.1.1.261.32"
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+ <saml2:Attribute
+ xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10"
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+ <saml2:Attribute
+ xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ FriendlyName="EID-SOURCE-PIN"
+ Name="urn:oid:1.2.40.0.10.2.1.1.261.36"
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+ <saml2:Attribute
+ xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42"
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+ <saml2:Attribute
+ xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ FriendlyName="EID-SIGNER-CERTIFICATE"
+ Name="urn:oid:1.2.40.0.10.2.1.1.261.66"
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+ <saml2:Attribute
+ xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ FriendlyName="EID-SECTOR-FOR-IDENTIFIER"
+ Name="urn:oid:1.2.40.0.10.2.1.1.261.34"
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+ <saml2:Attribute
+ xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ FriendlyName="EID-SOURCE-PIN-TYPE"
+ Name="urn:oid:1.2.40.0.10.2.1.1.261.104"
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+ <saml2:Attribute
+ xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ FriendlyName="EID-E-ID-TOKEN"
+ Name="urn:oid:1.2.40.0.10.2.1.1.261.39"
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+ <saml2:Attribute
+ xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ FriendlyName="EID-IDENTITY-LINK"
+ Name="urn:oid:1.2.40.0.10.2.1.1.261.38"
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+ <saml2:Attribute
+ xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ FriendlyName="EID-CITIZEN-QAA-EIDAS-LEVEL"
+ Name="urn:oid:1.2.40.0.10.2.1.1.261.108"
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+ <saml2:Attribute
+ xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ FriendlyName="EID-IDENTITY-STATUS-LEVEL"
+ Name="urn:oid:1.2.40.0.10.2.1.1.261.109"
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+ </md:IDPSSODescriptor>
+</md:EntityDescriptor>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/pvp_postbinding_template.html b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/pvp_postbinding_template.html
new file mode 100644
index 00000000..68a797e6
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/pvp_postbinding_template.html
@@ -0,0 +1,3 @@
+#if($RelayState)RelayState=${RelayState}#end
+#if($SAMLRequest)SAMLRequest=${SAMLRequest}#end
+#if($SAMLResponse)SAMLResponse=${SAMLResponse}#end
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/sp_metadata_junit.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/sp_metadata_junit.xml
new file mode 100644
index 00000000..9c62db5d
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/data/sp_metadata_junit.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_1a48ec3432f2f3ba6222724a5b06f873" entityID="https://localhost/authhandler/sp/eidas/metadata" validUntil="2045-02-06T08:47:26.211Z">
+ <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <md:KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>MIIC+DCCAeCgAwIBAgIEXh7TbTANBgkqhkiG9w0BAQsFADA+MQswCQYDVQQGEwJBVDENMAsGA1UE
+ CgwERUdJWjEOMAwGA1UECwwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcwHhcNMjAwMTE1MDg1NTA5
+ WhcNMjkwMTE0MDg1NTA5WjA+MQswCQYDVQQGEwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwF
+ alVuaXQxEDAOBgNVBAMMB3NpZ25pbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCU
+ SiRjnDvPafZfhJ+L1wM86FKJX3VIAV/8TD9qJ6HOBkn5WwYfpheyCfRb6XVDyIGpO8qnMWAgC17N
+ gbmhzj8d8HXNQ2l3uppMv24oUTfXyYhQfZWAghx0sTlRIx/ZmlnduJilx2S53Sa7ruJwlQcBFXj9
+ h9B8dtyegc86Sx6D9BumP1xU7+mEBk8Gv9rR5Khg0Y7qGfZWB0t4aikgaupWveVwiGifOOSfR8cz
+ qIg9qUpMYfZiTEBTSRmN6sPiNWhd4J0GyAI9Rn5C9jz/sSlQrxpN+4DXzsqSU5F6gzq3yRux6wyO
+ zDlt2birf21VPQ9HIy4YCjZXwgDWG7AO821pAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADnwdaxU
+ tQU6SIpYwIb2c0ljTmQi7ryUcUpNHtK0M0E5Mw5Ex8zwrWbNQZ2sUyc4r07M66iOIqHsYZUQlRYv
+ VKHifDpAr8TCgD7iGGdB3By8Ou0RaNW+03w1fwmi98CufbHCGvpv0o2KxlejoHZminNdQ79ibN+0
+ 1nhocezJQATEQlnwHLiQSjilXpZeLYDk8HbrcUXNRxezN4ChdH+uU54vf+Uxqcj9QHcmBe1+BM8E
+ XfqS1DbTwZl+NTCnh5OYl8fvIFSOHMBxwFrI4pyY0faxg9UcrCogn/oQ+mV1gnVUDaDhvvEnVGZQ
+ trlt7heVId2BeNellVgsrcmdW8j4U9U=</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </md:KeyDescriptor>
+ <md:KeyDescriptor use="encryption">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH
+ SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W
+ ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w
+ CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ
+ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq
+ UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+
+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F
+ Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt
+ 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq
+ nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC
+ VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq
+ itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc
+ 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O
+ fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy
+ 4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </md:KeyDescriptor>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
+ <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/post" index="0" isDefault="true"/>
+ <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/redirect" index="1"/>
+ <md:AttributeConsumingService index="0" isDefault="true">
+ <md:ServiceName xml:lang="en">Default Service</md:ServiceName>
+ <md:RequestedAttribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.76" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+ <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-FULL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.84" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+ <md:RequestedAttribute FriendlyName="MANDATE-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.68" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+ <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN" Name="urn:oid:1.2.40.0.10.2.1.1.261.100" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+ <md:RequestedAttribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ <md:RequestedAttribute FriendlyName="MANDATE-TYPE-OID" Name="urn:oid:1.2.40.0.10.2.1.1.261.106" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+ <md:RequestedAttribute FriendlyName="EID-IDENTITY-LINK" Name="urn:oid:1.2.40.0.10.2.1.1.261.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
+ <md:RequestedAttribute FriendlyName="EID-CITIZEN-QAA-EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
+ </md:AttributeConsumingService>
+ </md:SPSSODescriptor>
+</md:EntityDescriptor>