From de03adfbe79968f65bb711d7b3a583eeb1054140 Mon Sep 17 00:00:00 2001
From: Alexander Marsalek <amarsalek@iaik.tugraz.at>
Date: Mon, 1 Feb 2021 09:42:38 +0100
Subject: more transitions & tests

---
 eidas_modules/authmodule-eIDAS-v2/pom.xml          |  21 +-
 .../specific/modules/auth/eidas/v2/Constants.java  |   8 +
 .../v2/exception/InvalidUserInputException.java    |  33 +++
 .../IdAustriaAuthPvpConfiguration.java             | 121 ++++++++++
 .../IdAustriaClientAuthCredentialProvider.java     |   2 +-
 .../GenerateMobilePhoneSignatureRequestTask.java   |   3 -
 .../auth/eidas/v2/tasks/InitialSearchTask.java     |   6 +-
 .../ReceiveGuiAustrianResidenceResponseTask.java   |  79 ++++--
 .../eidas/v2/tasks/ReceiveGuiResponseTask.java     |  16 +-
 ...eSignatureResponseAndSearchInRegistersTask.java | 266 ++++++++++-----------
 .../resources/eIDAS.Authentication.process.xml     |   8 +-
 .../src/main/resources/eidas_v2_auth.beans.xml     |  12 +-
 .../IdAustriaClientAuthMetadataControllerTest.java | 169 +++++++++++++
 .../eidas/v2/test/tasks/InitialSearchTaskTest.java | 131 ++++++++--
 .../EidasRequestPreProcessingFirstTest.java        |   7 +-
 .../resources/SpringTest-context_tasks_test.xml    |  27 +++
 .../resources/config/junit_config_1.properties     |  34 ++-
 .../config/junit_config_1_springboot.properties    | 119 +++++++++
 .../src/test/resources/config/keys/junit_test.jks  | Bin 0 -> 8410 bytes
 .../src/test/resources/config/keys/teststore.jks   | Bin 0 -> 2028 bytes
 .../src/test/resources/keystore/junit_test.jks     | Bin 0 -> 8410 bytes
 21 files changed, 845 insertions(+), 217 deletions(-)
 create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java
 create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java
 create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java
 create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties
 create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jks
 create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jks
 create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jks

(limited to 'eidas_modules')

diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml
index f578c52d..6773cc41 100644
--- a/eidas_modules/authmodule-eIDAS-v2/pom.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml
@@ -50,6 +50,15 @@
       <artifactId>eaaf-core</artifactId>
     </dependency>
 
+    <dependency>
+      <groupId>at.gv.egiz.eaaf</groupId>
+      <artifactId>eaaf_module_pvp2_core</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>at.gv.egiz.eaaf</groupId>
+      <artifactId>eaaf_module_pvp2_sp</artifactId>
+    </dependency>
+
     <dependency>
       <groupId>iaik.prod</groupId>
       <artifactId>iaik_jce_full</artifactId>
@@ -189,17 +198,7 @@
       <artifactId>jose4j</artifactId>
       <version>0.7.2</version>
     </dependency>
-      <dependency>
-          <groupId>at.gv.egiz.eaaf</groupId>
-          <artifactId>eaaf_module_pvp2_core</artifactId>
-          <version>1.1.11</version>
-          <scope>compile</scope>
-      </dependency>
-    <dependency>
-      <groupId>at.gv.egiz.eaaf</groupId>
-      <artifactId>eaaf_module_pvp2_sp</artifactId>
-      <scope>compile</scope>
-    </dependency>
+
   </dependencies>
 
   <build>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index 858637e9..ba57b28e 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -180,4 +180,12 @@ public class Constants {
 
   public static final String COUNTRY_CODE_DE = "DE";
   public static final String COUNTRY_CODE_IT = "IT";
+
+  public static final String TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK = "TASK_CreateNewErnpEntryTask";
+  public static final String TRANSITION_TO_CREATE_GENERATE_GUI_TASK = "TASK_GenerateGuiTask";
+  public static final String TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK =
+      "Task_GenerateGuiQueryAustrianResidenceTask";
+  public static final String TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK =
+      "TASK_GenerateMobilePhoneSignatureRequestTask";
+  public static final String TRANSITION_TO_GENERATE_EIDAS_LOGIN = "TASK_TODO";
 }
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java
new file mode 100644
index 00000000..f28d8afa
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2020 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception;
+
+public class InvalidUserInputException extends EidasSAuthenticationException {
+  private static final long serialVersionUID = 1L;
+
+  public InvalidUserInputException() {
+    super("eidas.10", null);
+  }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java
new file mode 100644
index 00000000..30c8b65f
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java
@@ -0,0 +1,121 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.saml.saml2.metadata.ContactPerson;
+import org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration;
+import org.opensaml.saml.saml2.metadata.EmailAddress;
+import org.opensaml.saml.saml2.metadata.GivenName;
+import org.opensaml.saml.saml2.metadata.Organization;
+import org.opensaml.saml.saml2.metadata.OrganizationDisplayName;
+import org.opensaml.saml.saml2.metadata.OrganizationName;
+import org.opensaml.saml.saml2.metadata.OrganizationURL;
+import org.opensaml.saml.saml2.metadata.SurName;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import java.util.Arrays;
+import java.util.List;
+
+public class IdAustriaAuthPvpConfiguration implements IPvp2BasicConfiguration {
+
+  private static final String DEFAULT_XML_LANG = "en";
+
+  @Autowired
+  private IConfiguration basicConfig;
+
+  @Override
+  public String getIdpEntityId(String authUrl) throws EaafException {
+    return authUrl + IdAustriaClientAuthConstants.ENDPOINT_METADATA;
+
+  }
+
+  @Override
+  public String getIdpSsoPostService(String authUrl) throws EaafException {
+    return null;
+
+  }
+
+  @Override
+  public String getIdpSsoRedirectService(String authUrl) throws EaafException {
+    return null;
+
+  }
+
+  @Override
+  public String getIdpSsoSoapService(String extractAuthUrlFromRequest) throws EaafException {
+    return null;
+
+  }
+
+  @Override
+  public List<ContactPerson> getIdpContacts() throws EaafException {
+    final ContactPerson contactPerson = Saml2Utils.createSamlObject(ContactPerson.class);
+    final GivenName givenName = Saml2Utils.createSamlObject(GivenName.class);
+    final SurName surname = Saml2Utils.createSamlObject(SurName.class);
+    final EmailAddress emailAddress = Saml2Utils.createSamlObject(EmailAddress.class);
+
+    givenName.setName(getAndVerifyFromConfiguration(
+        IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_GIVENNAME));
+    surname.setName(getAndVerifyFromConfiguration(
+        IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_SURNAME));
+    emailAddress.setAddress(getAndVerifyFromConfiguration(
+        IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_EMAIL));
+
+    contactPerson.setType(ContactPersonTypeEnumeration.TECHNICAL);
+    contactPerson.setGivenName(givenName);
+    contactPerson.setSurName(surname);
+    contactPerson.getEmailAddresses().add(emailAddress);
+
+    return Arrays.asList(contactPerson);
+
+  }
+
+  @Override
+  public Organization getIdpOrganisation() throws EaafException {
+    final Organization organisation = Saml2Utils.createSamlObject(Organization.class);
+    final OrganizationName orgName = Saml2Utils.createSamlObject(OrganizationName.class);
+    final OrganizationDisplayName orgDisplayName = Saml2Utils.createSamlObject(OrganizationDisplayName.class);
+    final OrganizationURL orgUrl = Saml2Utils.createSamlObject(OrganizationURL.class);
+
+    orgName.setXMLLang(DEFAULT_XML_LANG);
+    orgName.setValue(getAndVerifyFromConfiguration(
+        IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_NAME));
+
+    orgDisplayName.setXMLLang(DEFAULT_XML_LANG);
+    orgDisplayName.setValue(getAndVerifyFromConfiguration(
+        IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME));
+
+    orgUrl.setXMLLang(DEFAULT_XML_LANG);
+    orgUrl.setValue(getAndVerifyFromConfiguration(
+        IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_URL));
+
+
+    organisation.getOrganizationNames().add(orgName);
+    organisation.getDisplayNames().add(orgDisplayName);
+    organisation.getURLs().add(orgUrl);
+
+    return organisation;
+  }
+
+
+  @Override
+  public IConfiguration getBasicConfiguration() {
+    return basicConfig;
+
+  }
+
+  private String getAndVerifyFromConfiguration(String configKey) throws EaafConfigurationException {
+    final String value = basicConfig.getBasicConfiguration(configKey);
+    if (StringUtils.isEmpty(value)) {
+      throw new EaafConfigurationException("module.eidasauth.00",
+          new Object[]{configKey});
+
+    }
+
+    return value;
+  }
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java
index 69386194..2608cad1 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java
@@ -19,7 +19,7 @@ public class IdAustriaClientAuthCredentialProvider extends AbstractCredentialPro
   @Autowired
   IConfiguration authConfig;
 
-  private static final String FRIENDLYNAME = "eIDAS centrial authentication";
+  private static final String FRIENDLYNAME = "ID Austria authentication";
 
   @Override
   public KeyStoreConfiguration getBasicKeyStoreConfig() throws EaafConfigurationException {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
index 546a2039..af1ef6f7 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
@@ -82,9 +82,6 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet
       log.trace("Starting GenerateMobilePhoneSignatureRequestTask");
       //step 15a
 
-      //final IAhSpConfiguration spConfig = pendingReq.getServiceProviderConfiguration(
-      //    IAhSpConfiguration.class);
-
       // get entityID for ms-specific eIDAS node
       final String msNodeEntityID = "TODO";
 
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
index 99da21a1..2e754e14 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
@@ -207,13 +207,13 @@ public class InitialSearchTask extends AbstractAuthServletTask {
 
     MergedRegisterSearchResult mdsSearchResult = new MergedRegisterSearchResult(resultsZmr, resultsErnp);
     if (mdsSearchResult.getResultCount() == 0) {
-      executionContext.put("TASK_CreateNewErnpEntryTask", true);
+      executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK, true);
     } else {
-      executionContext.put("TASK_GenerateGuiTask", true);
+      executionContext.put(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK, true);
     }
 
     //TODO implement next phase and return correct value
-    return "TODO-Temporary-Endnode-105";
+    return null;
   }
 
   private MergedRegisterSearchResult searchInZmrAndErnp(String personIdentifier) {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java
index 34fbf507..977262bb 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiAustrianResidenceResponseTask.java
@@ -23,7 +23,9 @@
 
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
 
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
@@ -46,33 +48,70 @@ import java.util.Enumeration;
 @Component("ReceiveGuiAustrianResidenceResponseTask")
 public class ReceiveGuiAustrianResidenceResponseTask extends AbstractAuthServletTask {
 
-  final String loginMethod = "loginSelection";
+  final String formerResidenceAvailableParameterName = "formerResidenceAvailable";
+  final String streetParameterName = "street";
+  final String zipCodeParameterName = "zipcode";
+  final String cityParameterName = "city";
+  private final IZmrClient zmrClient;
+
+  public ReceiveGuiAustrianResidenceResponseTask(IZmrClient zmrClient) {
+    this.zmrClient = zmrClient;
+  }
 
   //TODO
   @Override
   public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
       throws TaskExecutionException {
-    try {
-      log.trace("Starting ReceiveGuiAustrianResidenceResponseTask");
-      // set parameter execution context
-      final Enumeration<String> reqParamNames = request.getParameterNames();
-      while (reqParamNames.hasMoreElements()) {
-        final String paramName = reqParamNames.nextElement();
-        if (StringUtils.isNotEmpty(paramName)
-            && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)
-            && loginMethod.equalsIgnoreCase(paramName)) {
 
-          String value = StringEscapeUtils.escapeHtml(request.getParameter(paramName));
-          SelectedLoginMethod selection = SelectedLoginMethod.valueOf(value);
-          executionContext.put(loginMethod, selection);
-
-        }
+    log.trace("Starting ReceiveGuiAustrianResidenceResponseTask");
+    // set parameter execution context
+    final Enumeration<String> reqParamNames = request.getParameterNames();
+    String street = null;
+    String city = null;
+    String zipcode = null;
+    Boolean formerResidenceAvailable = false;
+    while (reqParamNames.hasMoreElements()) {
+      final String paramName = reqParamNames.nextElement();
+      if (StringUtils.isNotEmpty(paramName)
+          && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)
+          && formerResidenceAvailableParameterName.equalsIgnoreCase(paramName)) {
+        formerResidenceAvailable =
+            Boolean.parseBoolean(StringEscapeUtils.escapeHtml(request.getParameter(paramName)));
+      }
+      if (StringUtils.isNotEmpty(paramName)
+          && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)
+          && streetParameterName.equalsIgnoreCase(paramName)) {
+        street = StringEscapeUtils.escapeHtml(request.getParameter(paramName));
+      }
+      if (StringUtils.isNotEmpty(paramName)
+          && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)
+          && cityParameterName.equalsIgnoreCase(paramName)) {
+        city = StringEscapeUtils.escapeHtml(request.getParameter(paramName));
+      }
+      if (StringUtils.isNotEmpty(paramName)
+          && !EaafConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)
+          && zipCodeParameterName.equalsIgnoreCase(paramName)) {
+        zipcode = StringEscapeUtils.escapeHtml(request.getParameter(paramName));
       }
-
-    } catch (final Exception e) {
-      log.error("Parsing selected login method FAILED.", e);
-      throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", e);
     }
+    if (formerResidenceAvailable) {
+      //step 18
+      if (street.isEmpty() || city.isEmpty() || zipcode.isEmpty()) {
+        //form should ensure that mandatory fields are field =>
+        //this can never happen, expect somebody manipulated the response
+        throw new TaskExecutionException(pendingReq, "Invalid user input", new InvalidUserInputException());
+      }
+      step18_RegisterSearch(street, city, zipcode);//TODO also MDS?
+    } else {
+      //step 20 or for now (phase 1) step 9
+      executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK, true);
+    }
+
+
+  }
+
+  private void step18_RegisterSearch(String street, String city, String zipcode) {
+    System.out.println(street + city + zipcode + zmrClient);//TODO
   }
 
 }
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java
index fa787792..f8f22ce2 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveGuiResponseTask.java
@@ -23,7 +23,9 @@
 
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
 
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
@@ -62,7 +64,19 @@ public class ReceiveGuiResponseTask extends AbstractAuthServletTask {
           String value = StringEscapeUtils.escapeHtml(request.getParameter(paramName));
           SelectedLoginMethod selection = SelectedLoginMethod.valueOf(value);
           executionContext.put(loginMethod, selection);
-
+          switch (selection) {
+            case EIDAS_LOGIN:
+              executionContext.put(Constants.TRANSITION_TO_GENERATE_EIDAS_LOGIN, true);
+              break;
+            case MOBILE_PHONE_SIGNATURE_LOGIN:
+              executionContext.put(Constants.TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK, true);
+              break;
+            case NO_OTHER_LOGIN:
+              executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true);
+              break;
+            default:
+              throw new InvalidUserInputException();
+          }
         }
       }
     } catch (final Exception e) {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
index 9d30b581..8b58f2e1 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
@@ -35,14 +35,13 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustri
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient;
-import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
 import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
 import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;
@@ -68,12 +67,13 @@ import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-import javax.naming.ConfigurationException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.xml.transform.TransformerException;
 import java.io.IOException;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Set;
 
 /**
  * Task that searches ErnB and ZMR before adding person to SZR.
@@ -132,140 +132,120 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
 
       InboundMessage msg = null;
 
-      try {
+      IDecoder decoder = null;
+      EaafUriCompare comperator = null;
+      // select Response Binding
+      if (request.getMethod().equalsIgnoreCase("POST")) {
+        decoder = new PostBinding();
+        comperator = new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_POST);
+        log.trace("Receive PVP Response from 'ID Austria node', by using POST-Binding.");
 
-        IDecoder decoder = null;
-        EaafUriCompare comperator = null;
-        // select Response Binding
-        if (request.getMethod().equalsIgnoreCase("POST")) {
-          decoder = new PostBinding();
-          comperator = new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_POST);
-          log.trace("Receive PVP Response from 'ID Austria node', by using POST-Binding.");
+      } else if (request.getMethod().equalsIgnoreCase("GET")) {
+        decoder = new RedirectBinding();
+        comperator = new EaafUriCompare(pendingReq.getAuthUrl()
+            + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT);
+        log.trace("Receive PVP Response from 'ID Austria node', by using Redirect-Binding.");
 
-        } else if (request.getMethod().equalsIgnoreCase("GET")) {
-          decoder = new RedirectBinding();
-          comperator = new EaafUriCompare(pendingReq.getAuthUrl()
-              + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT);
-          log.trace("Receive PVP Response from 'ID Austria node', by using Redirect-Binding.");
-
-        } else {
-          log.warn("Receive PVP Response, but Binding ("
-              + request.getMethod() + ") is not supported.");
-          throw new AuthnResponseValidationException(ERROR_PVP_03, new Object[]{
-              IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING});
-
-        }
-
-        // decode PVP response object
-        msg = (InboundMessage) decoder.decode(
-            request, response, metadataProvider, IDPSSODescriptor.DEFAULT_ELEMENT_NAME,
-            comperator);
-
-        // validate response signature
-        if (!msg.isVerified()) {
-          samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(
-              metadataProvider));
-          msg.setVerified(true);
-
-        }
-
-        // validate assertion
-        final Pair<PvpSProfileResponse, Boolean> processedMsg =
-            preProcessAuthResponse((PvpSProfileResponse) msg);
-
-        //check if SAML2 response contains user-stop decision
-        if (processedMsg.getSecond()) {
-          stopProcessFromUserDecision(executionContext, request, response);
-
-        } else {
-          // validate entityId of response
-          final String msNodeEntityID = authConfig.getBasicConfiguration(
-              IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
-          final String respEntityId = msg.getEntityID();
-          if (!msNodeEntityID.equals(respEntityId)) {
-            log.warn("Response Issuer is not a 'ms-specific eIDAS node'. Stopping eIDAS authentication ...");
-            throw new AuthnResponseValidationException(ERROR_PVP_08,
-                new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING,
-                    msg.getEntityID()});
-
-          }
+      } else {
+        log.warn("Receive PVP Response, but Binding ("
+            + request.getMethod() + ") is not supported.");
+        throw new AuthnResponseValidationException(ERROR_PVP_03, new Object[]{
+            IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING});
 
-          // initialize Attribute extractor
-          final AssertionAttributeExtractor extractor =
-              new AssertionAttributeExtractor(processedMsg.getFirst().getResponse());
+      }
 
-          getAuthDataFromInterfederation(extractor);
+      // decode PVP response object
+      msg = (InboundMessage) decoder.decode(
+          request, response, metadataProvider, IDPSSODescriptor.DEFAULT_ELEMENT_NAME,
+          comperator);
 
-          // set NeedConsent to false, because user gives consont during authentication
-          pendingReq.setNeedUserConsent(false);
+      // validate response signature
+      if (!msg.isVerified()) {
+        samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(
+            metadataProvider));
+        msg.setVerified(true);
 
-          // store pending-request
-          requestStoreage.storePendingRequest(pendingReq);
+      }
 
-          //set E-ID process flag to execution context
-          //          final AhAuthProcessDataWrapper session = pendingReq.getSessionData(
-          //              AhAuthProcessDataWrapper.class);
-          //          executionContext.put(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS, session.isEidProcess());
-          //          executionContext.put(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES, session.isMandateUsed());
+      // validate assertion
+      final Pair<PvpSProfileResponse, Boolean> processedMsg =
+          preProcessAuthResponse((PvpSProfileResponse) msg);
 
+      //check if SAML2 response contains user-stop decision
+      if (processedMsg.getSecond()) {
+        stopProcessFromUserDecision(executionContext, request, response);
 
-          log.info("Receive a valid assertion from IDP " + msg.getEntityID());
+      } else {
+        // validate entityId of response
+        final String msNodeEntityID = authConfig.getBasicConfiguration(
+            IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+        final String respEntityId = msg.getEntityID();
+        if (!msNodeEntityID.equals(respEntityId)) {
+          log.warn("Response Issuer is not a 'ID Austria node'. Stopping eIDAS authentication ...");
+          throw new AuthnResponseValidationException(ERROR_PVP_08,
+              new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING,
+                  msg.getEntityID()});
 
         }
 
-      } catch (final AuthnResponseValidationException e) {
-        throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e);
-
-      } catch (MessageDecodingException | SecurityException | SamlSigningException e) {
-        //final String samlRequest = request.getParameter("SAMLRequest");
-        //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}",
-        //    samlRequest, null, e);
-        throw new TaskExecutionException(pendingReq, ERROR_MSG_00,
-            new AuthnResponseValidationException(ERROR_PVP_11,
-                new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e));
-
-      } catch (IOException | MarshallingException | TransformerException e) {
-        log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
-        throw new TaskExecutionException(pendingReq, ERROR_MSG_01,
-            new AuthnResponseValidationException(ERROR_PVP_12,
-                new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()},
-                e));
-
-      } catch (final CredentialsNotAvailableException e) {
-        log.debug("PVP response decrytion FAILED. No credential found.", e);
-        throw new TaskExecutionException(pendingReq, ERROR_MSG_02,
-            new AuthnResponseValidationException(ERROR_PVP_10,
-                new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e));
-
-      } catch (final Exception e) {
-        log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e);
-        throw new TaskExecutionException(pendingReq, ERROR_MSG_03,
-            new AuthnResponseValidationException(ERROR_PVP_12,
-                new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));
+        // initialize Attribute extractor
+        final AssertionAttributeExtractor extractor =
+            new AssertionAttributeExtractor(processedMsg.getFirst().getResponse());
+
+        String bpkzp = getAuthDataFromInterfederation(extractor);
+
+        MergedRegisterSearchResult result = searchInZmrAndErnp(bpkzp);
+        if (result.getResultCount() == 0) {
+          //go to step 16
+          executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true);
+          return;
+        } else if (result.getResultCount() == 1) {
+          String bpk =
+              Utils.step7aKittProcess(ernpClient, zmrClient, initialSearchResult, result, eidData, pendingReq);
+          authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk);
+          //node 110
+        } else if (result.getResultCount() > 1) {
+          throw new ManualFixNecessaryException("bpkzp:" + bpkzp);// node 108
+        }
 
-      }
+        // set NeedConsent to false, because user gives consont during authentication
+        pendingReq.setNeedUserConsent(false);
 
+        log.info("Receive a valid assertion from IDP " + msg.getEntityID());
 
-      //TODO extract bPK-ZP from response
-      String bpkzp = "TODO";
-      MergedRegisterSearchResult result = searchInZmrAndErnp(bpkzp);
-      if (result.getResultCount() == 0) {
-        //go to step 16
-        //TODO set context variable
-        return;
-      } else if (result.getResultCount() == 1) {
-        String bpk = Utils.step7aKittProcess(ernpClient, zmrClient, initialSearchResult, result, eidData, pendingReq);
-        authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk);
-        //node 110
-        //TODO bpk vs bpkzp???? same?
-      } else if (result.getResultCount() > 1) {
-        throw new ManualFixNecessaryException("bpkzp:" + bpkzp);// node 108
       }
 
+    } catch (final AuthnResponseValidationException e) {
+      throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e);
+
+    } catch (MessageDecodingException | SecurityException | SamlSigningException e) {
+      //final String samlRequest = request.getParameter("SAMLRequest");
+      //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}",
+      //    samlRequest, null, e);
+      throw new TaskExecutionException(pendingReq, ERROR_MSG_00,
+          new AuthnResponseValidationException(ERROR_PVP_11,
+              new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e));
+
+    } catch (IOException | MarshallingException | TransformerException e) {
+      log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
+      throw new TaskExecutionException(pendingReq, ERROR_MSG_01,
+          new AuthnResponseValidationException(ERROR_PVP_12,
+              new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()},
+              e));
+
+    } catch (final CredentialsNotAvailableException e) {
+      log.debug("PVP response decrytion FAILED. No credential found.", e);
+      throw new TaskExecutionException(pendingReq, ERROR_MSG_02,
+          new AuthnResponseValidationException(ERROR_PVP_10,
+              new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e));
+
     } catch (final Exception e) {
-      log.error("Initial search FAILED.", e);
-      throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e);
+      log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e);
+      throw new TaskExecutionException(pendingReq, ERROR_MSG_03,
+          new AuthnResponseValidationException(ERROR_PVP_12,
+              new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));
     }
+
   }
 
   private Pair<PvpSProfileResponse, Boolean> preProcessAuthResponse(PvpSProfileResponse msg)
@@ -325,44 +305,47 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
     return null;
   }
 
-  private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor)
-      throws EaafBuilderException, ConfigurationException {
+  private String getAuthDataFromInterfederation(AssertionAttributeExtractor extractor)
+      throws EaafBuilderException {
 
     List<String> requiredEidasNodeAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES;
-
+    String bpk = null;
     try {
       // check if all attributes are include
       if (!extractor.containsAllRequiredAttributes()
           || !extractor.containsAllRequiredAttributes(
           requiredEidasNodeAttributes)) {
-        log.warn("PVP Response from 'ms-specific eIDAS node' contains not all requested attributes.");
+        log.warn("PVP Response from 'ID Austria node' contains not all requested attributes.");
         throw new AssertionValidationExeption(ERROR_PVP_06, new Object[]{
             IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING});
 
       }
 
-      // copy attributes into MOASession
-      //      final AhAuthProcessDataWrapper session = pendingReq.getSessionData(
-      //          AhAuthProcessDataWrapper.class);
-      //      final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
-      //      for (final String attrName : includedAttrNames) {
-      //        injectAuthInfosIntoSession(session, attrName,
-      //            extractor.getSingleAttributeValue(attrName));
-      //
-      //      }
-
-      //set piiTransactionId from eIDAS Connector
-      String piiTransactionId = extractor.getSingleAttributeValue(
-          ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME);
-      if (StringUtils.isNotEmpty(piiTransactionId) && pendingReq instanceof RequestImpl) {
-        log.info("Receive piiTransactionId from Austrian eIDAS Connector. Use this for further processing");
-        ((RequestImpl) pendingReq).setUniquePiiTransactionIdentifier(piiTransactionId);
+      HashMap<String, String> map = new HashMap<>();
+      final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
+      for (final String attrName : includedAttrNames) {
+        map.put(attrName, extractor.getSingleAttributeValue(attrName));
 
-      } else {
-        log.debug("Receive no piiTransactionId from Austrian eIDAS Connector.");
+        if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) {
+          bpk = extractor.getSingleAttributeValue(attrName);
+        }
+        //injectAuthInfosIntoSession(session, attrName,
+        //    extractor.getSingleAttributeValue(attrName));
 
       }
 
+      //set piiTransactionId from eIDAS Connector
+      //      String piiTransactionId = extractor.getSingleAttributeValue(
+      //          ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME);
+      //      if (StringUtils.isNotEmpty(piiTransactionId) && pendingReq instanceof RequestImpl) {
+      //        log.info("Receive piiTransactionId from Austrian eIDAS Connector. Use this for further processing");
+      //        ((RequestImpl) pendingReq).setUniquePiiTransactionIdentifier(piiTransactionId);
+      //
+      //      } else {
+      //        log.debug("Receive no piiTransactionId from Austrian eIDAS Connector.");
+      //
+      //      }
+
       // set foreigner flag
       //      session.setForeigner(true);
 
@@ -383,6 +366,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
       throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e);
 
     }
+    return bpk;
   }
 
   //  private void injectAuthInfosIntoSession(AhAuthProcessDataWrapper session, String attrName, String attrValue)
@@ -404,7 +388,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
   //    } else if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) {
   //      session.setQaaLevel(attrValue);
   //
-  //    //    } else if (ExtendedPvpAttributeDefinitions.EID_MIS_MANDATE_NAME.equals(attrName)
+  //    //          } else if (ExtendedPvpAttributeDefinitions.EID_MIS_MANDATE_NAME.equals(attrName)
   //    //        && authConfig.getBasicConfigurationBoolean(
   //    //        IdAustriaClientAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) {
   //    //      session.setMandateDate(new SignedMandateDao(attrValue));
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
index 992ad766..6b67379c 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
@@ -49,13 +49,14 @@
                   to="receiveGuiResponseTask" />
   <pd:Transition  from="receiveGuiResponseTask"
                   to="generateMobilePhoneSignatureRequestTask"
-                  conditionExpression="ctx['TASK_TODO']"/>
+                  conditionExpression="ctx['TASK_GenerateMobilePhoneSignatureRequestTask']"/>
   <pd:Transition  from="generateMobilePhoneSignatureRequestTask"
                   to="receiveMobilePhoneSignatureResponseTask" />
   <pd:Transition  from="receiveMobilePhoneSignatureResponseTask"
                   to="createNewErnpEntryTask" />
   <pd:Transition  from="receiveGuiResponseTask"
-                  to="generateGuiQueryAustrianResidenceTask" />
+                  to="generateGuiQueryAustrianResidenceTask"
+                  conditionExpression="ctx['Task_GenerateGuiQueryAustrianResidenceTask']"/>
 
   <pd:Transition  from="generateGuiQueryAustrianResidenceTask"
                   to="receiveGuiAustrianResidenceResponseTask" />
@@ -65,7 +66,8 @@
                   conditionExpression="ctx['TASK_TODO']"/>
 
   <pd:Transition  from="receiveGuiAustrianResidenceResponseTask"
-                  to="createNewErnpEntryTask" />
+                  to="createNewErnpEntryTask"
+                  conditionExpression="ctx['TASK_TODO']"/>
 
 
   <pd:Transition  from="createNewErnpEntryTask"
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
index 680ec19c..5897fc78 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
@@ -134,14 +134,16 @@
         class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveGuiAustrianResidenceResponseTask"
         scope="prototype" />
 
-  <bean id="eidasCentralAuthCredentialProvider"
+  <bean id="idAustriaClientAuthCredentialProvider"
         class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider" />
 
-  <bean id="eidasCentralAuthMetadataProvider"
-        class=" at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider" />
+  <bean id="idAustriaClientAuthMetadataProvider"
+        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider" />
+
+  <bean id="idAustriaClientAuthMetadataController"
+        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" />
+
 
-  <bean id="eidasCentralAuthMetadataController"
-        class=" at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" />
 
 
 </beans>
\ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java
new file mode 100644
index 00000000..c99c6e6a
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java
@@ -0,0 +1,169 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController;
+import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.metadata.resolver.filter.FilterException;
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.security.x509.BasicX509Credential;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter;
+import net.shibboleth.utilities.java.support.xml.XMLParserException;
+
+
+@RunWith(SpringJUnit4ClassRunner.class)
+//@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties"})
+@TestPropertySource(locations = { "classpath:/config/junit_config_1_springboot.properties" })
+@ContextConfiguration(locations = {
+    "/SpringTest-context_tasks_test.xml",
+    "/SpringTest-context_basic_mapConfig.xml"
+})
+@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS)
+@Ignore
+public class IdAustriaClientAuthMetadataControllerTest {
+
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+
+  @Autowired private IdAustriaClientAuthMetadataController controller;
+  @Autowired private IdAustriaClientAuthCredentialProvider credProvider;
+  @Autowired private DummyAuthConfigMap config;
+
+  /**
+   * JUnit class initializer.
+   *
+   * @throws Exception In case of an OpenSAML3 initialization error
+   */
+  @BeforeClass
+  public static void initialize() throws Exception {
+    EaafOpenSaml3xInitializer.eaafInitialize();
+
+  }
+
+  /**
+   * Single jUnit-test set-up.
+   */
+  @Before
+  public void testSetup() {
+    httpReq = new MockHttpServletRequest("GET", "http://localhost/authhandler");
+    httpReq.setContextPath("/authhandler");
+    httpResp = new MockHttpServletResponse();
+
+    config.removeConfigValue("core.legacy.allowLegacyMode");
+    config.removeConfigValue("modules.eidascentralauth.semper.mandates.active");
+    config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.1");
+    config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.2");
+    config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.3");
+    config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.4");
+    config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.5");
+    config.removeConfigValue("modules.eidascentralauth.required.additional.attributes.6");
+
+  }
+
+  @Test
+  public void buildMetadataValidInEidMode() throws IOException, EaafException,
+      XMLParserException, UnmarshallingException, FilterException {
+    config.putConfigValue("core.legacy.allowLegacyMode", "false");
+    config.putConfigValue("modules.eidascentralauth.semper.mandates.active", "false");
+
+    //build metdata
+    controller.getSpMetadata(httpReq, httpResp);
+
+    //check result
+    validateResponse(6);
+
+  }
+
+  private void validateResponse(int numberOfRequestedAttributes) throws UnsupportedEncodingException,
+      XMLParserException, UnmarshallingException, FilterException, CredentialsNotAvailableException {
+    Assert.assertEquals("HTTP Statuscode", 200, httpResp.getStatus());
+    Assert.assertEquals("ContentType", "text/xml; charset=utf-8", httpResp.getContentType());
+    Assert.assertEquals("ContentEncoding", "UTF-8", httpResp.getCharacterEncoding());
+
+    final String metadataXml = httpResp.getContentAsString();
+    Assert.assertNotNull("XML Metadata", metadataXml);
+
+    final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(), new ByteArrayInputStream(metadataXml.getBytes("UTF-8")));
+
+    Assert.assertEquals("EntityId",
+        "http://localhost/authhandler" + IdAustriaClientAuthConstants.ENDPOINT_METADATA,
+        metadata.getEntityID());
+
+    //check XML scheme
+    final SchemaValidationFilter schemaFilter = new SchemaValidationFilter();
+    schemaFilter.filter(metadata);
+
+    //check signature
+    final SimpleMetadataSignatureVerificationFilter sigFilter =
+        new SimpleMetadataSignatureVerificationFilter(credProvider.getKeyStore().getFirst(),
+            metadata.getEntityID());
+    sigFilter.filter(metadata);
+
+    //check content
+    final SPSSODescriptor spSsoDesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+    Assert.assertNotNull("SPSSODescr.", spSsoDesc);
+
+    Assert.assertFalse("AssertionConsumerServices",
+        spSsoDesc.getAssertionConsumerServices().isEmpty());
+    Assert.assertFalse("ContactPersons",
+        metadata.getContactPersons().isEmpty());
+    Assert.assertNotNull("ContactPersons",
+        metadata.getOrganization());
+
+    Assert.assertFalse("KeyDescriptors",
+        spSsoDesc.getKeyDescriptors().isEmpty());
+    Assert.assertEquals("#KeyDescriptors", 2, spSsoDesc.getKeyDescriptors().size());
+
+    Assert.assertFalse("NameIDFormats",
+        spSsoDesc.getNameIDFormats().isEmpty());
+    Assert.assertEquals("wrong NameIDFormats", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
+        spSsoDesc.getNameIDFormats().get(0).getFormat());
+
+    Assert.assertFalse("AttributeConsumingServices",
+        spSsoDesc.getAttributeConsumingServices().isEmpty());
+    Assert.assertEquals("#RequestAttributes", numberOfRequestedAttributes,
+        spSsoDesc.getAttributeConsumingServices().get(0).getRequestAttributes().size());
+
+  }
+
+  private List<BasicX509Credential> convertX509Certs(List<X509Certificate> certs) {
+    final List<BasicX509Credential> result = new ArrayList<>();
+    for (final X509Certificate cert : certs) {
+      result.add(new BasicX509Credential(cert));
+
+    }
+    return result;
+  }
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
index ac188cda..95986c49 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
@@ -46,7 +46,6 @@ import org.apache.commons.lang3.RandomStringUtils;
 import org.jetbrains.annotations.NotNull;
 import org.junit.Assert;
 import org.junit.Before;
-import org.junit.BeforeClass;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
@@ -62,7 +61,6 @@ import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
 import javax.xml.namespace.QName;
-import java.io.IOException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.ArrayList;
@@ -97,7 +95,7 @@ public class InitialSearchTaskTest {
   private final String randomGivenName = RandomStringUtils.randomAlphabetic(10);
   private final String randomPlaceOfBirth = RandomStringUtils.randomAlphabetic(10);
   private final String randomBirthName = RandomStringUtils.randomAlphabetic(10);
-  private final String randomDate = "2011-01-" + (10 + new Random().nextInt(18));
+  private final String randomBirthDate = "2011-01-" + (10 + new Random().nextInt(18));
 
 //  /**
 //   * jUnit class initializer.
@@ -138,7 +136,7 @@ public class InitialSearchTaskTest {
   public void testNode100_UserIdentifiedUpdateNecessary_a() throws Exception {
     String newFirstName = RandomStringUtils.randomAlphabetic(10);
     Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList(
-        new RegisterResult(randomBpk, randomIdentifier, newFirstName, randomFamilyName, randomDate)));
+        new RegisterResult(randomBpk, randomIdentifier, newFirstName, randomFamilyName, randomBirthDate)));
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
 
     task.execute(pendingReq, executionContext);
@@ -158,7 +156,7 @@ public class InitialSearchTaskTest {
     Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
     String newRandomGivenName = RandomStringUtils.randomAlphabetic(10);
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList(
-        new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate)));
+        new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate)));
 
     task.execute(pendingReq, executionContext);
     String bPk = (String)
@@ -175,9 +173,9 @@ public class InitialSearchTaskTest {
   @DirtiesContext
   public void testNode101_ManualFixNecessary_a() {
     ArrayList<RegisterResult> zmrResult = new ArrayList<>();
-    zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate));
+    zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate));
     String newRandomGivenName = randomGivenName + RandomStringUtils.randomAlphabetic(2);
-    zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate));
+    zmrResult.add(new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate));
     Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(zmrResult);
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
 
@@ -197,10 +195,10 @@ public class InitialSearchTaskTest {
   public void testNode101_ManualFixNecessary_b() {
     Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
     ArrayList<RegisterResult> ernpResult = new ArrayList<>();
-    ernpResult.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName, randomFamilyName, randomDate));
+    ernpResult.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName, randomFamilyName, randomBirthDate));
     String newRandomGivenName = randomGivenName + RandomStringUtils.randomAlphabetic(2);
     ernpResult.add(
-        new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomDate));
+        new RegisterResult(randomBpk, randomIdentifier, newRandomGivenName, randomFamilyName, randomBirthDate));
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(ernpResult);
 
     TaskExecutionException exception = assertThrows(TaskExecutionException.class,
@@ -218,7 +216,7 @@ public class InitialSearchTaskTest {
   public void testNode102_UserIdentified_a() throws Exception {
     Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList(
-        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate)));
+        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate)));
 
     task.execute(pendingReq, executionContext);
     String bPk = (String)
@@ -234,7 +232,7 @@ public class InitialSearchTaskTest {
   @DirtiesContext
   public void testNode102_UserIdentified_b() throws Exception {
     Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.singletonList(
-        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate)));
+        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate)));
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
 
     task.execute(pendingReq, executionContext);
@@ -260,7 +258,7 @@ public class InitialSearchTaskTest {
     String newRandomIdentifier = randomIdentifier + RandomStringUtils.randomNumeric(2);
     Mockito.when(zmrClient.searchItSpecific(taxNumber)).thenReturn(Collections.singletonList(
         new RegisterResult(randomBpk, newRandomIdentifier, randomGivenName, randomFamilyName,
-            randomDate, null, null, taxNumber, null)));
+            randomBirthDate, null, null, taxNumber, null)));
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
     task = new InitialSearchTask(
         Collections.singletonList(new ItSpecificDetailSearchProcessor(ernpClient, zmrClient)),
@@ -282,15 +280,15 @@ public class InitialSearchTaskTest {
   public void testNode103_UserIdentified_DE() throws Exception {
     final AuthenticationResponse response = buildDummyAuthResponseDE(randomGivenName, randomFamilyName,
         randomPseudonym,
-        randomDate, randomPlaceOfBirth, randomBirthName);
+        randomBirthDate, randomPlaceOfBirth, randomBirthName);
     TestRequestImpl pendingReq1 = new TestRequestImpl();
     pendingReq1.getSessionData(AuthProcessDataWrapper.class)
         .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response);
     Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
-    Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomDate, randomPlaceOfBirth,
+    Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomBirthDate, randomPlaceOfBirth,
         randomBirthName))
         .thenReturn(Collections.singletonList(new RegisterResult(randomBpk, randomIdentifier, randomGivenName,
-            randomFamilyName, randomDate, randomPlaceOfBirth, randomBirthName, null, null)));
+            randomFamilyName, randomBirthDate, randomPlaceOfBirth, randomBirthName, null, null)));
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
     task = new InitialSearchTask(
         Collections.singletonList(new DeSpecificDetailSearchProcessor(ernpClient, zmrClient)),
@@ -314,18 +312,18 @@ public class InitialSearchTaskTest {
     String newRandomBpk = randomBpk + RandomStringUtils.randomNumeric(6);
     final AuthenticationResponse response = buildDummyAuthResponseDE(randomGivenName, randomFamilyName,
         randomPseudonym,
-        randomDate, randomPlaceOfBirth, randomBirthName);
+        randomBirthDate, randomPlaceOfBirth, randomBirthName);
     TestRequestImpl pendingReq1 = new TestRequestImpl();
     pendingReq1.getSessionData(AuthProcessDataWrapper.class)
         .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response);
     Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
     ArrayList<RegisterResult> zmrResultSpecific = new ArrayList<>();
     zmrResultSpecific.add(
-        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomDate,
+        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate,
             randomPlaceOfBirth, randomBirthName, null, null));
-    zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName, randomFamilyName, randomDate,
+    zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName, randomFamilyName, randomBirthDate,
         randomPlaceOfBirth, randomBirthName, null, null));
-    Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomDate, randomPlaceOfBirth,
+    Mockito.when(zmrClient.searchDeSpecific(randomGivenName, randomFamilyName, randomBirthDate, randomPlaceOfBirth,
         randomBirthName)).thenReturn(zmrResultSpecific);
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
     task = new InitialSearchTask(
@@ -354,11 +352,11 @@ public class InitialSearchTaskTest {
     ArrayList<RegisterResult> zmrResultSpecific = new ArrayList<>();
     String randomPseudonym = IT_ST + randomIdentifier + "4";
     zmrResultSpecific.add(new RegisterResult(randomBpk, randomPseudonym, randomGivenName,
-        randomFamilyName, randomDate, null, null, randomTaxNumber, null));
+        randomFamilyName, randomBirthDate, null, null, randomTaxNumber, null));
     String newRandomPseudonym = IT_ST + randomIdentifier + "5";
     String newRandomBpk = RandomStringUtils.randomNumeric(6);
     zmrResultSpecific.add(new RegisterResult(newRandomBpk, newRandomPseudonym, randomGivenName,
-        randomFamilyName, randomDate, null, null, randomTaxNumber, null));
+        randomFamilyName, randomBirthDate, null, null, randomTaxNumber, null));
     Mockito.when(zmrClient.searchItSpecific(randomTaxNumber)).thenReturn(zmrResultSpecific);
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
     task = new InitialSearchTask(
@@ -373,11 +371,11 @@ public class InitialSearchTaskTest {
   }
 
   /**
-   * NO match found in ZMR and ErnP with Initial search
+   * NO match found in ZMR and ErnP with Initial and MDS search
    */
   @Test
   @DirtiesContext
-  public void testNode105_TemporaryEnd() throws TaskExecutionException {
+  public void testNode505_TransitionToErnbTask() throws TaskExecutionException {
     Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
     Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
 
@@ -386,18 +384,99 @@ public class InitialSearchTaskTest {
     String bPk = (String)
         pendingReq.getSessionData(AuthProcessDataWrapper.class)
             .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK);
-    Assert.assertEquals("Wrong bpk", "TODO-Temporary-Endnode-105", bPk);
+    Assert.assertEquals("Wrong bpk", null, bPk);
+
+    Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK);
+    Assert.assertEquals("Wrong transition", null, transitionGUI);
+    Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK);
+    Assert.assertEquals("Wrong transition", true, transitionErnb);
+  }
+
+  /**
+   * NO match found in ZMR and ErnP with Initial search, one match with MDS search in Ernb
+   */
+  @Test
+  @DirtiesContext
+  public void testNode505_TransitionToGUI_Ernb() throws TaskExecutionException {
+    Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
+    Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
+
+    Mockito.when(ernpClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn(
+        Collections.singletonList(
+        new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate)));
+
+    task.execute(pendingReq, executionContext);
+
+    String bPk = (String)
+        pendingReq.getSessionData(AuthProcessDataWrapper.class)
+            .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK);
+    Assert.assertEquals("Wrong bpk", null, bPk);
+    Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK);
+    Assert.assertEquals("Wrong transition", true, transitionGUI);
+    Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK);
+    Assert.assertEquals("Wrong transition", null, transitionErnb);
+  }
+
+  /**
+   * NO match found in ZMR and ErnP with Initial search, one match with MDS search in ZMR
+   */
+  @Test
+  @DirtiesContext
+  public void testNode505_TransitionToGUI_Zmr() throws TaskExecutionException {
+    Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
+    Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
+
+    Mockito.when(zmrClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn(
+        Collections.singletonList(
+            new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName, randomBirthDate)));
+
+    task.execute(pendingReq, executionContext);
+
+    String bPk = (String)
+        pendingReq.getSessionData(AuthProcessDataWrapper.class)
+            .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK);
+    Assert.assertEquals("Wrong bpk", null, bPk);
+    Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK);
+    Assert.assertEquals("Wrong transition", true, transitionGUI);
+    Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK);
+    Assert.assertEquals("Wrong transition", null, transitionErnb);
   }
 
+  /**
+   * NO match found in ZMR and ErnP with Initial search, multiple matches found with MDS search
+   */
+  @Test
+  @DirtiesContext
+  public void testNode505_TransitionToGUI_Ernb_multi() throws TaskExecutionException {
+    Mockito.when(zmrClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
+    Mockito.when(ernpClient.searchWithPersonIdentifier(randomIdentifier)).thenReturn(Collections.emptyList());
+    ArrayList<RegisterResult> ernbResult = new ArrayList<>();
+    ernbResult.add(new RegisterResult(randomBpk, randomIdentifier, randomGivenName, randomFamilyName,
+        randomBirthDate));
+    ernbResult.add(new RegisterResult(randomBpk+"1", randomIdentifier, randomGivenName, randomFamilyName,
+        randomBirthDate));
+    Mockito.when(ernpClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)).thenReturn(ernbResult);
+
+    task.execute(pendingReq, executionContext);
+
+    String bPk = (String)
+        pendingReq.getSessionData(AuthProcessDataWrapper.class)
+            .getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK);
+    Assert.assertEquals("Wrong bpk", null, bPk);
+    Boolean transitionGUI = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_GENERATE_GUI_TASK);
+    Assert.assertEquals("Wrong transition", true, transitionGUI);
+    Boolean transitionErnb = (Boolean)executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK);
+    Assert.assertEquals("Wrong transition", null, transitionErnb);
+  }
 
   @NotNull
   private AuthenticationResponse buildDummyAuthResponseRandomPerson() throws URISyntaxException {
-    return buildDummyAuthResponse(randomGivenName, randomFamilyName, DE_ST + randomIdentifier, randomDate);
+    return buildDummyAuthResponse(randomGivenName, randomFamilyName, DE_ST + randomIdentifier, randomBirthDate);
   }
 
   private AuthenticationResponse buildDummyAuthResponseRandomPersonIT_Tax(String taxNumber)
       throws URISyntaxException {
-    return buildDummyAuthResponse(randomGivenName, randomFamilyName, IT_ST + randomIdentifier, randomDate,
+    return buildDummyAuthResponse(randomGivenName, randomFamilyName, IT_ST + randomIdentifier, randomBirthDate,
         taxNumber, null, null);
   }
 
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
index d0ab50f4..35f1a91b 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java
@@ -54,8 +54,11 @@ import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(locations = {
     "/SpringTest-context_tasks_test.xml",
-    "/SpringTest-context_basic_realConfig.xml"})
-@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties"})
+    "/SpringTest-context_basic_realConfig.xml",
+    //"/SpringTest-context_basic_mapConfig.xml"
+    })
+@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties", "classpath:/config" +
+    "/junit_config_1_springboot.properties"})
 @DirtiesContext(classMode = ClassMode.AFTER_CLASS)
 public class EidasRequestPreProcessingFirstTest {
 
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml
index 5a7f4161..ed636eed 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml
@@ -102,4 +102,31 @@
         class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask"
         scope="prototype" />
 
+  <bean id="GenerateGuiQueryAustrianResidenceTask"
+        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateGuiQueryAustrianResidenceTask"
+        scope="prototype" />
+
+  <bean id="ReceiveGuiAustrianResidenceResponseTask"
+        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveGuiAustrianResidenceResponseTask"
+        scope="prototype" />
+
+  <bean id="idAustriaClientAuthCredentialProvider"
+        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider" />
+
+  <bean id="idAustriaClientAuthMetadataProvider"
+        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider" />
+
+  <bean id="idAustriaClientAuthMetadataController"
+        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" />
+
+  <bean id="idAustriaClientPvpMetadataResolverFactory"
+        class="at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory" />
+
+  <bean id="pvpMetadataBuilder"
+        class="at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder" />
+
+  <bean id="idAustriaAuthPvpConfiguration"
+        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaAuthPvpConfiguration" />
+
+
 </beans>
\ No newline at end of file
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties
index a662379c..df64b494 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties
@@ -114,4 +114,36 @@ eidas.ms.configuration.sp.disableRegistrationRequirement=
 eidas.ms.configuration.restrictions.baseID.spTransmission=
 eidas.ms.configuration.auth.default.countrycode=
 eidas.ms.configuration.pvp.scheme.validation=
-eidas.ms.configuration.pvp.enable.entitycategories=
\ No newline at end of file
+eidas.ms.configuration.pvp.enable.entitycategories=
+
+
+
+
+## PVP2 S-Profile ID Austria client configuration
+
+eidas.ms.modules.idaustriaclient.keystore.path=../keystore/junit_test.jks
+eidas.ms.modules.idaustriaclient.keystore.password=password
+eidas.ms.modules.idaustriaclient.keystore.type=jks
+
+eidas.ms.modules.idaustriaclient.metadata.sign.alias=meta
+eidas.ms.modules.idaustriaclient.metadata.sign.password=password
+eidas.ms.modules.idaustriaclient.request.sign.alias=sig
+eidas.ms.modules.idaustriaclient.request.sign.password=password
+eidas.ms.modules.idaustriaclient.response.encryption.alias=enc
+eidas.ms.modules.idaustriaclient.response.encryption.password=password
+
+eidas.ms.modules.idaustriaclient.truststore.path=../keystore/junit_test.jks
+eidas.ms.modules.idaustriaclient.truststore.password=password
+eidas.ms.modules.idaustriaclient.truststore.type=jks
+
+eidas.ms.modules.idaustriaclient.node.entityId=
+eidas.ms.modules.idaustriaclient.sp.entityId=
+eidas.ms.modules.idaustriaclient.node.metadataUrl=
+
+eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit
+eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit
+eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test
+eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max
+eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann
+eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test
+
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties
new file mode 100644
index 00000000..fc0c7241
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties
@@ -0,0 +1,119 @@
+## embbeded Tomcat
+tomcat.workingdir=./target/work
+tomcat.ajp.enabled=true
+tomcat.ajp.port=8009
+tomcat.ajp.networkAddress=127.0.0.1
+tomcat.ajp.additionalAttributes.secretrequired=true
+tomcat.ajp.additionalAttributes.secret=junit
+
+## Basic service configuration
+eidas.ms.context.url.prefix=http://localhost
+eidas.ms.core.configRootDir=file:./src/test/resources/config/
+
+eidas.ms.context.use.clustermode=true
+
+##Monitoring
+eidas.ms.monitoring.eIDASNode.metadata.url=http://localhost:40900/mockup
+
+## extended validation of pending-request Id's
+eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret
+
+## eIDAS Ref. Implementation connector ###
+eidas.ms.auth.eIDAS.node_v2.forward.endpoint=http://eidas.node/junit
+
+eidas.ms.auth.eIDAS.szrclient.useTestService=true
+eidas.ms.auth.eIDAS.szrclient.endpoint.prod=
+eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr
+eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/junit.jks
+eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password=password
+eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path=
+eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password=
+
+#tech. AuthBlock signing for E-ID process
+eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s
+eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair
+eidas.ms.auth.eIDAS.authblock.keystore.path=keys/teststore.jks
+eidas.ms.auth.eIDAS.authblock.keystore.type=jks
+eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair
+eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s
+
+
+#Raw eIDAS Id data storage
+eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true
+eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false
+
+
+
+## PVP2 S-Profile end-point configuration
+eidas.ms.pvp2.keystore.type=jks
+eidas.ms.pvp2.keystore.path=keys/junit.jks
+eidas.ms.pvp2.keystore.password=password
+eidas.ms.pvp2.key.metadata.alias=meta
+eidas.ms.pvp2.key.metadata.password=password
+eidas.ms.pvp2.key.signing.alias=sig
+eidas.ms.pvp2.key.signing.password=password
+eidas.ms.pvp2.metadata.validity=24
+
+eidas.ms.pvp2.metadata.organisation.name=JUnit
+eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit
+eidas.ms.pvp2.metadata.organisation.url=http://junit.test
+eidas.ms.pvp2.metadata.contact.givenname=Max
+eidas.ms.pvp2.metadata.contact.surname=Mustermann
+eidas.ms.pvp2.metadata.contact.email=max@junit.test
+
+## Service Provider configuration
+eidas.ms.sp.0.uniqueID=https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata
+eidas.ms.sp.0.pvp2.metadata.truststore=keys/junit.jks
+eidas.ms.sp.0.pvp2.metadata.truststore.password=password
+eidas.ms.sp.0.friendlyName=jUnit test
+eidas.ms.sp.0.newEidMode=true
+
+#eidas.ms.sp.0.pvp2.metadata.url=
+#eidas.ms.sp.0.policy.allowed.requested.targets=.*
+#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false
+
+## Service Provider configuration
+eidas.ms.sp.1.uniqueID=https://demo.egiz.gv.at/junit_test
+eidas.ms.sp.1.pvp2.metadata.truststore=keys/junit.jks
+eidas.ms.sp.1.pvp2.metadata.truststore.password=password
+eidas.ms.sp.1.friendlyName=jUnit test
+eidas.ms.sp.1.pvp2.metadata.url=http://junit.test/metadata
+eidas.ms.sp.1.policy.allowed.requested.targets=test
+eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true
+
+## PVP2 S-Profile client configuration
+#eidas.ms.modules.idaustriaclient.keystore.type=jks
+#eidas.ms.modules.idaustriaclient.keystore.path=keys/junit.jks1
+#eidas.ms.modules.idaustriaclient.keystore.password=password
+#eidas.ms.modules.idaustriaclient.key.metadata.alias=meta
+#eidas.ms.modules.idaustriaclient.key.metadata.password=password
+#eidas.ms.modules.idaustriaclient.key.signing.alias=sig
+#eidas.ms.modules.idaustriaclient.key.signing.password=password
+#eidas.ms.modules.idaustriaclient.metadata.validity=24
+
+eidas.ms.modules.idaustriaclient.keystore.path=keys/junit_test.jks
+eidas.ms.modules.idaustriaclient.keystore.password=password
+eidas.ms.modules.idaustriaclient.keystore.type=jks
+
+eidas.ms.modules.idaustriaclient.metadata.sign.alias=meta
+eidas.ms.modules.idaustriaclient.metadata.sign.password=password
+eidas.ms.modules.idaustriaclient.request.sign.alias=sig
+eidas.ms.modules.idaustriaclient.request.sign.password=password
+eidas.ms.modules.idaustriaclient.response.encryption.alias=enc
+eidas.ms.modules.idaustriaclient.response.encryption.password=password
+
+eidas.ms.modules.idaustriaclient.truststore.path=keys/junit_test.jks
+eidas.ms.modules.idaustriaclient.truststore.password=password
+eidas.ms.modules.idaustriaclient.truststore.type=jks
+
+eidas.ms.modules.idaustriaclient.node.entityId=
+eidas.ms.modules.idaustriaclient.sp.entityId=
+eidas.ms.modules.idaustriaclient.node.metadataUrl=
+
+eidas.ms.modules.idaustriaclient.metadata.organisation.name=JUnit
+eidas.ms.modules.idaustriaclient.metadata.organisation.friendyname=For testing with jUnit
+eidas.ms.modules.idaustriaclient.metadata.organisation.url=http://junit.test
+eidas.ms.modules.idaustriaclient.metadata.contact.givenname=Max
+eidas.ms.modules.idaustriaclient.metadata.contact.surname=Mustermann
+eidas.ms.modules.idaustriaclient.metadata.contact.email=max@junit.test
+
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jks
new file mode 100644
index 00000000..ee6254a9
Binary files /dev/null and b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/junit_test.jks differ
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jks
new file mode 100644
index 00000000..fcc6400c
Binary files /dev/null and b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/keys/teststore.jks differ
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jks
new file mode 100644
index 00000000..ee6254a9
Binary files /dev/null and b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/junit_test.jks differ
-- 
cgit v1.2.3