From 7bf7c3c03fd3a1efeaf3f8e3dd75922e2f5f9921 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Tue, 8 Mar 2022 19:06:10 +0100
Subject: refactor(core): move all project libs into sub-project 'modules'

---
 .../eidas/specific/core/MsConnectorEventCodes.java |  52 +++++
 .../eidas/specific/core/MsEidasNodeConstants.java  | 229 +++++++++++++++++++++
 .../core/config/BasicConfigurationProvider.java    | 155 ++++++++++++++
 .../core/config/ServiceProviderConfiguration.java  | 171 +++++++++++++++
 .../SpringBootBasicConfigurationProvider.java      | 122 +++++++++++
 .../core/gui/DefaultVelocityGuiBuilderImpl.java    |  77 +++++++
 .../core/gui/GuiBuilderConfigurationFactory.java   |  69 +++++++
 .../core/gui/StaticGuiBuilderConfiguration.java    | 148 +++++++++++++
 .../src/main/resources/common_gui.beans.xml        |  60 ++++++
 .../core/test/config/BasicConfigProviderTest.java  | 156 ++++++++++++++
 .../config/ServiceProviderConfigurationTest.java   |  54 +++++
 .../SpringBootBasicConfigurationProviderTest.java  | 148 +++++++++++++
 .../config/dummy/MsConnectorDummyConfigMap.java    | 120 +++++++++++
 .../dummy/MsConnectorDummySpConfiguration.java     |  28 +++
 .../SpringTest-context_basic_realConfig.xml        |  25 +++
 .../resources/config/junit_config_1.properties     | 124 +++++++++++
 16 files changed, 1738 insertions(+)
 create mode 100644 modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsConnectorEventCodes.java
 create mode 100644 modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsEidasNodeConstants.java
 create mode 100644 modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/BasicConfigurationProvider.java
 create mode 100644 modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java
 create mode 100644 modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/SpringBootBasicConfigurationProvider.java
 create mode 100644 modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/DefaultVelocityGuiBuilderImpl.java
 create mode 100644 modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/GuiBuilderConfigurationFactory.java
 create mode 100644 modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/StaticGuiBuilderConfiguration.java
 create mode 100644 modules/core_common_lib/src/main/resources/common_gui.beans.xml
 create mode 100644 modules/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/BasicConfigProviderTest.java
 create mode 100644 modules/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/ServiceProviderConfigurationTest.java
 create mode 100644 modules/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/SpringBootBasicConfigurationProviderTest.java
 create mode 100644 modules/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/dummy/MsConnectorDummyConfigMap.java
 create mode 100644 modules/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/dummy/MsConnectorDummySpConfiguration.java
 create mode 100644 modules/core_common_lib/src/test/resources/SpringTest-context_basic_realConfig.xml
 create mode 100644 modules/core_common_lib/src/test/resources/config/junit_config_1.properties

(limited to 'modules/core_common_lib/src')

diff --git a/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsConnectorEventCodes.java b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsConnectorEventCodes.java
new file mode 100644
index 00000000..d15cf77c
--- /dev/null
+++ b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsConnectorEventCodes.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.asitplus.eidas.specific.core;
+
+public class MsConnectorEventCodes {
+
+  public static final int STARTING_COUNTRY_SELECTION = 4100;
+  public static final int COUNTRY_SELECTED = 4101;
+
+  public static final int PROCESS_STOPPED_BY_USER = 4102;
+
+  public static final int EIDAS_NODE_CONNECTED = 6101;
+  public static final int RESPONSE_FROM_EIDAS_NODE = 6102;
+  public static final int RESPONSE_FROM_EIDAS_NODE_VALID = 6103;
+  public static final int RESPONSE_FROM_EIDAS_NODE_NOT_VALID = 6104;
+  public static final int RESPONSE_FROM_EIDAS_MDSDATA = 6105;
+
+  public static final int SZR_IDL_RECEIVED = 6200;
+  public static final int SZR_BPK_RECEIVED = 6201;
+  public static final int SZR_VSZ_RECEIVED = 6202;
+  public static final int SZR_EIDASBIND_RECEIVED = 6203;
+  public static final int TECH_AUCHBLOCK_CREATED = 6204;
+
+  public static final int SZR_ERNB_EIDAS_RAW_ID = 6210;
+  public static final int SZR_ERNB_EIDAS_ERNB_ID = 6211;
+
+  
+  private MsConnectorEventCodes() {
+    // hidden constructor for class with static values only.
+  }
+}
diff --git a/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsEidasNodeConstants.java b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsEidasNodeConstants.java
new file mode 100644
index 00000000..ecf5cf67
--- /dev/null
+++ b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsEidasNodeConstants.java
@@ -0,0 +1,229 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.core;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.impl.data.Triple;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
+
+public class MsEidasNodeConstants {
+  // ************ configuration properties ************
+  public static final String PROP_CONFIG_APPLICATION_PREFIX = "eidas.ms.";
+  public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX = "context.url.prefix";
+  public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION =
+      "context.url.request.validation";
+  public static final String PROP_CONFIG_REVISIONLOG_LOG_IP_ADDRESS_OF_USER =
+      "revisionlog.logIPAddressOfUser";
+  public static final String PROP_CONFIG_REVISIONLOG_WRITE_MDS_INTO_REVISION_LOG =
+      "revisionlog.write.MDS.into.revisionlog";
+  public static final String PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG =
+      "technicallog.write.MDS.into.techlog";
+
+  public static final String PROP_CONFIG_WEBCONTENT_STATIC_PATH = "webcontent.static.directory";
+  public static final String PROP_CONFIG_WEBCONTENT_PROPERTIES_PATH = "webcontent.properties";
+  public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH = "webcontent.templates";
+
+  public static final String PROP_CONFIG_WEBCONTENT_TEMPLATES_CCSELECTION = "webcontent.templates.countryselection";
+  
+  public static final String PROP_CONFIG_MONITORING_EIDASNODE_METADATAURL =
+      "monitoring.eIDASNode.metadata.url";
+
+  private static final String PROP_CONFIG_PVP2_PREFIX = "pvp2.";
+  public static final String CONFIG_PROPS_KEYSTORE_TYPE = PROP_CONFIG_PVP2_PREFIX + "keystore.type";
+  public static final String CONFIG_PROPS_KEYSTORE_NAME = PROP_CONFIG_PVP2_PREFIX + "keystore.name";
+  public static final String PROP_CONFIG_PVP2_KEYSTORE_PATH = PROP_CONFIG_PVP2_PREFIX + "keystore.path";
+  public static final String PROP_CONFIG_PVP2_KEYSTORE_PASSWORD = PROP_CONFIG_PVP2_PREFIX
+      + "keystore.password";
+  public static final String PROP_CONFIG_PVP2_KEY_METADATA_ALIAS = PROP_CONFIG_PVP2_PREFIX
+      + "key.metadata.alias";
+  public static final String PROP_CONFIG_PVP2_KEY_METADATA_PASSWORD = PROP_CONFIG_PVP2_PREFIX
+      + "key.metadata.password";
+  public static final String PROP_CONFIG_PVP2_KEY_SIGNING_ALIAS = PROP_CONFIG_PVP2_PREFIX
+      + "key.signing.alias";
+  public static final String PROP_CONFIG_PVP2_KEY_SIGNING_PASSWORD = PROP_CONFIG_PVP2_PREFIX
+      + "key.signing.password";
+  public static final String PROP_CONFIG_PVP2_METADATA_VALIDITY = PROP_CONFIG_PVP2_PREFIX
+      + "metadata.validity";
+
+  public static final String CONFIG_PROPS_METADATA_CONTACT_GIVENNAME =
+      PROP_CONFIG_PVP2_PREFIX + "metadata.contact.givenname";
+  public static final String CONFIG_PROPS_METADATA_CONTACT_SURNAME =
+      PROP_CONFIG_PVP2_PREFIX + "metadata.contact.surname";
+  public static final String CONFIG_PROPS_METADATA_CONTACT_EMAIL =
+      PROP_CONFIG_PVP2_PREFIX + "metadata.contact.email";
+  public static final String CONFIG_PROPS_METADATA_ORGANISATION_NAME =
+      PROP_CONFIG_PVP2_PREFIX + "metadata.organisation.name";
+  public static final String CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME =
+      PROP_CONFIG_PVP2_PREFIX + "metadata.organisation.friendyname";
+  public static final String CONFIG_PROPS_METADATA_ORGANISATION_URL =
+      PROP_CONFIG_PVP2_PREFIX + "metadata.organisation.url";
+  
+  // TODO: is not implemented yet
+  public static final String PROP_CONFIG_SP_VALIDATION_DISABLED =
+      "configuration.sp.disableRegistrationRequirement";
+
+  public static final String PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL =
+      "auth.eIDAS.node_v2.loa.requested.minimum";
+
+  public static final String PROP_CONFIG_AUTHBLOCK_KEYSTORE_TYPE =
+      "auth.eIDAS.authblock.keystore.type";
+  public static final String PROP_CONFIG_AUTHBLOCK_KEYSTORE_PATH =
+      "auth.eIDAS.authblock.keystore.path";
+  public static final String PROP_CONFIG_AUTHBLOCK_KEYSTORE_PASSWORD =
+      "auth.eIDAS.authblock.keystore.password";
+  public static final String PROP_CONFIG_AUTHBLOCK_KEYSTORE_NAME =
+      "auth.eIDAS.authblock.keystore.name";  
+  public static final String PROP_CONFIG_AUTHBLOCK_KEY_ALIAS =
+      "auth.eIDAS.authblock.key.alias";
+  public static final String PROP_CONFIG_AUTHBLOCK_KEY_PASSWORD =
+      "auth.eIDAS.authblock.key.password";
+  
+  
+  
+
+  public static final String PROP_CONFIG_SP_LIST_PREFIX = "sp";
+  public static final String PROP_CONFIG_SP_UNIQUEIDENTIFIER = EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER;
+  public static final String PROP_CONFIG_SP_FRIENDLYNAME = "friendlyName";
+  public static final String PROP_CONFIG_SP_PVP2_METADATA_URL = "pvp2.metadata.url";
+  public static final String PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE = "pvp2.metadata.truststore";
+  public static final String PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE_PASSWORD =
+      "pvp2.metadata.truststore.password";
+  public static final String PROP_CONFIG_SP_NEW_EID_MODE =
+      "newEidMode";
+
+  public static final String PROP_CONFIG_SP_POLICY_ALLOWED_TARGETS = "policy.allowed.requested.targets";
+  public static final String PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION =
+      "policy.hasBaseIdTransferRestriction";
+
+  public static final String PROP_CONFIG_PVP_SCHEME_VALIDATION = "configuration.pvp.scheme.validation";
+  public static final String PROP_CONFIG_PVP_ENABLE_ENTITYCATEGORIES =
+      "configuration.pvp.enable.entitycategories";
+
+  // ********** default values ***************
+
+  // Default policy for SP-targets requested by MOA-ID to ms-specific eIDAS
+  // Connector
+  public static final String POLICY_DEFAULT_ALLOWED_TARGETS = ".*";
+  // EAAFConstants.URN_PREFIX_CDID.replaceAll("\\.", "\\\\.").replaceAll("\\+",
+  // "\\\\+") + ".*";
+
+  public static final int METADATA_SOCKED_TIMEOUT = 20 * 1000; // 20 seconds metadata socked timeout
+  public static final int DEFAULT_PVP_METADATA_VALIDITY = 24; // 24 hours
+  public static final int DEFAULT_PVP_ASSERTION_VALIDITY = 5; // 5 minutes
+
+  // ************ application end-points *************
+  public static final String ENDPOINT_PVP_METADATA = "/pvp/metadata";
+  public static final String ENDPOINT_PVP_POST = "/pvp/post";
+  public static final String ENDPOINT_PVP_REDIRECT = "/pvp/redirect";
+
+  public static final String ENDPOINT_COUNTRYSELECTION = "/myHomeCountry";
+
+  public static final String ENDPOINT_MONITORING_MONITOR = "/monitoring";
+  public static final String ENDPOINT_MONITORING_VERIFY = "/verify";
+
+  // ************ paths and templates ************
+  public static final String CLASSPATH_TEMPLATE_DIR = "/templates/";
+  public static final String FILESYSTEM_TEMPLATE_DIR = "./templates/";
+
+  public static final String TEMPLATE_HTML_ERROR = "error_message.html";
+  public static final String TEMPLATE_HTML_PVP_POSTBINDING = "pvp2_post_binding.html";
+  public static final String TEMPLATE_HTML_COUNTRYSELECTION = "countrySelection.html";
+
+  // ************ execution context and generic data ************
+  public static final String REQ_PARAM_SELECTED_COUNTRY = "selectedCountry";
+  public static final String REQ_PARAM_SELECTED_ENVIRONMENT = "selectedEnvironment";
+  public static final String REQ_PARAM_STOP_PROCESS = "stopAuthProcess";
+
+  public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_PRODUCTION = "prod";
+  public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS = "qs";
+  public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING = "test";
+  public static final String REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT = "dev";
+
+  public static final String DATA_REQUESTERID = "req_requesterId";
+  public static final String DATA_PROVIDERNAME = "req_providerName";
+  public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA";
+  public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision";
+
+  public static final List<String> COUNTRY_SELECTION_PARAM_WHITELIST =
+      Arrays.asList(REQ_PARAM_SELECTED_COUNTRY, REQ_PARAM_SELECTED_ENVIRONMENT);
+
+  
+  public static final String EID_BINDING_PUBLIC_KEY_NAME = "urn:eidgvat:attributes.binding.pubkey";
+  
+  
+  // ----   Attribute configuration  ------  
+  public static final String ATTR_EIDAS_PERSONAL_IDENTIFIER = 
+      AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + PvpAttributeDefinitions.BPK_NAME;
+  public static final String ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER = 
+      AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME;
+  public static final String ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER = 
+      AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER 
+      + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME;
+  
+  public static final String AUTH_DATA_SZR_AUTHBLOCK = "authData_AUTHBLOCK";
+  public static final String AUTH_DATA_EIDAS_BIND = "authData_EIDAS_BIND";
+  
+  
+  public static final List<Triple<String, String, Boolean>> DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES =
+      Collections.unmodifiableList(new ArrayList<Triple<String, String, Boolean>>() {
+        private static final long serialVersionUID = 1L;
+        {
+          add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME,
+              PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false));
+          add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME,
+              PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false));
+          add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME,
+              PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false));
+          add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME,
+              PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false));
+                    
+        }
+      });
+  
+  public static final List<Triple<String, String, Boolean>> DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES =
+      Collections.unmodifiableList(new ArrayList<Triple<String, String, Boolean>>() {
+        private static final long serialVersionUID = 1L;
+        {
+          add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
+              PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false));
+          add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
+              PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false));
+          add(Triple.newInstance(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME,
+              PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false));
+                    
+        }
+      });
+  
+  
+  private MsEidasNodeConstants() {
+    //hidden Constructor for class with static values only.
+  }
+  
+}
diff --git a/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/BasicConfigurationProvider.java b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/BasicConfigurationProvider.java
new file mode 100644
index 00000000..3a1bdc9c
--- /dev/null
+++ b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/BasicConfigurationProvider.java
@@ -0,0 +1,155 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.core.config;
+
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Service;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.idp.conf.AbstractConfigurationImpl;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
+@Service("BasicMSSpecificNodeConfig")
+@Profile("deprecatedConfig")
+public class BasicConfigurationProvider extends AbstractConfigurationImpl {
+  private static final Logger log = LoggerFactory.getLogger(BasicConfigurationProvider.class);
+
+  private final Map<String, ISpConfiguration> spConfigCache = new HashMap<>();
+
+  public BasicConfigurationProvider(String configPath) throws EaafConfigurationException {
+    super(configPath);
+
+  }
+
+  @Override
+  public ISpConfiguration getServiceProviderConfiguration(String entityId) throws EaafConfigurationException {
+    if (!spConfigCache.containsKey(entityId)) {
+      log.debug("SP: " + entityId + " is NOT cached. Starting load operation ...  ");
+      final Map<String, String> allSPs = getBasicConfigurationWithPrefix(
+          MsEidasNodeConstants.PROP_CONFIG_SP_LIST_PREFIX + KeyValueUtils.KEY_DELIMITER);
+      for (Entry<String, String> entry : allSPs.entrySet()) {
+        if (entry.getKey().endsWith(MsEidasNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER) 
+            && entry.getValue().equals(entityId)) {
+          final String listId = KeyValueUtils.getParentKey(entry.getKey());
+          log.trace("Find SP configuration with list-Id: " + listId
+              + ". Extracting configuration elements ... ");
+          final Map<String, String> spConfig = KeyValueUtils.getSubSetWithPrefix(allSPs, listId
+              + KeyValueUtils.KEY_DELIMITER);
+          spConfigCache.put(entityId,
+              new ServiceProviderConfiguration(spConfig, this));
+          break;
+        }
+      }
+
+      if (spConfigCache.containsKey(entityId)) {
+        log.info("SP: " + entityId + " is loaded. Continuing auth. process ... ");
+      } else {
+        log.warn("SP: " + entityId + " is NOT found in configuration. Stopping auth. process ... ");
+        return null;
+
+      }
+
+    } else {
+      log.trace("SP: " + entityId + " is already cached. Use configuration from there ... ");
+    }
+
+    return spConfigCache.get(entityId);
+  }
+
+  @Override
+  public <T> T getServiceProviderConfiguration(String entityId, Class<T> decorator)
+      throws EaafConfigurationException {
+    final ISpConfiguration spConfig = getServiceProviderConfiguration(entityId);
+    if (spConfig != null && decorator != null) {
+      if (decorator.isInstance(spConfig)) {
+        return (T) spConfig;
+      } else {
+        log.error("SPConfig: " + spConfig.getClass().getName() + " is NOT instance of: " + decorator
+            .getName());
+      }
+
+    }
+
+    return null;
+
+  }
+
+  @Override
+  public String validateIdpUrl(URL url) throws EaafException {
+    log.trace("Validate requested URL: " + url);
+    String urlPrefixFromConfig = getBasicConfiguration(
+        MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX);
+    if (StringUtils.isEmpty(urlPrefixFromConfig)) {
+      log.warn("Application config containts NO URL prefix");
+      throw new EaafConfigurationException("config.27",
+          new Object[] { "Application config containts NO "
+              + getApplicationSpecificKeyPrefix()
+              + MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX });
+
+    }
+
+    // remove last slash
+    if (urlPrefixFromConfig.endsWith("/")) {
+      urlPrefixFromConfig = urlPrefixFromConfig.substring(0, urlPrefixFromConfig.length() - 1);
+    }
+
+    if (getBasicConfigurationBoolean(
+        MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION, false)) {
+      if (url != null && url.toExternalForm().startsWith(urlPrefixFromConfig)) {
+        return urlPrefixFromConfig;
+      }
+
+      log.info("URL: " + url + " does NOT match to allowed application prefix: " + urlPrefixFromConfig);
+      return null;
+
+    } else {
+      return urlPrefixFromConfig;
+
+    }
+  }
+
+  @Override
+  public String getApplicationSpecificKeyPrefix() {
+    return MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PREFIX;
+
+  }
+
+  @Override
+  protected String getBackupConfigPath() {
+    return null;
+
+  }
+
+}
diff --git a/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java
new file mode 100644
index 00000000..5ca1c8c5
--- /dev/null
+++ b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java
@@ -0,0 +1,171 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.core.config;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.idp.conf.SpConfigurationImpl;
+import lombok.Getter;
+import lombok.Setter;
+
+public class ServiceProviderConfiguration extends SpConfigurationImpl {
+  private static final long serialVersionUID = 1L;
+  private static final Logger log = LoggerFactory.getLogger(ServiceProviderConfiguration.class);
+
+  private List<String> minimumLoA = Arrays.asList(EaafConstants.EIDAS_LOA_HIGH);
+  private String bpkTargetIdentifier;
+  private String loaMachtingMode = EaafConstants.EIDAS_LOA_MATCHING_MINIMUM;
+
+  @Setter
+  @Getter
+  private List<String> mandateProfiles;  
+  
+  @Getter
+  @Setter
+  private SpMandateModes mandateMode = SpMandateModes.NONE;
+  
+  public ServiceProviderConfiguration(Map<String, String> spConfig, IConfiguration authConfig) {
+    super(spConfig, authConfig);
+
+  }
+
+  @Override
+  public boolean hasBaseIdInternalProcessingRestriction() {
+    return false;
+
+  }
+
+  
+  @Override
+  public boolean hasBaseIdTransferRestriction() {
+    final Boolean spConfigPolicy = isConfigurationValue(
+        MsEidasNodeConstants.PROP_CONFIG_SP_POLICY_BASEIDTRANSFER_RESTRICTION);
+    if (spConfigPolicy) {
+      return spConfigPolicy;
+
+    } else {
+      log.trace("SP configuration defines no baseID transfer restriction. Enforce default policy ...");
+      for (final String el : getTargetsWithNoBaseIdTransferRestriction()) {
+        if (this.bpkTargetIdentifier != null && this.bpkTargetIdentifier.startsWith(el)) {
+          log.debug("SP-Target: " + this.bpkTargetIdentifier
+              + " has NO baseID transfer restriction in default policy");
+          return false;
+
+        }
+      }
+    }
+
+    log.debug("Default-policy defines baseID transfer restriction for SP-Target: "
+        + this.bpkTargetIdentifier);
+    return true;
+  }
+
+  @Override
+  public List<String> getRequiredLoA() {
+    return minimumLoA;
+
+  }
+
+  @Override
+  public String getLoAMatchingMode() {
+    return loaMachtingMode;
+
+  }
+
+  @Override
+  public String getAreaSpecificTargetIdentifier() {
+    return bpkTargetIdentifier;
+  }
+
+  @Override
+  public String getFriendlyName() {
+    return getConfigurationValue(
+        MsEidasNodeConstants.PROP_CONFIG_SP_FRIENDLYNAME,
+        "NO FRIENDLYNAME SET");
+
+  }
+
+  /**
+   * Set the minimum level of eIDAS authentication for this SP <br>
+   * <b>Default:</b> http://eidas.europa.eu/LoA/high <br>
+   * <b>Info:</b> In case of MINIMUM matching-mode, only one entry is allowed
+   * 
+   * @param minimumLoA eIDAS LoA URIs
+   */
+
+  public void setRequiredLoA(List<String> minimumLoA) {
+    this.minimumLoA = minimumLoA;
+  }
+
+  /**
+   * Set the mode of operation for LoA matching for this SP. <b>Default:
+   * minimum</b> <br>
+   * <b>Info:</b> Currently only 'minimum' and 'exact' are supported
+   * 
+   * @param mode LoA matching mode according to SAML2 core specification
+   */
+  public void setLoAMachtingMode(String mode) {
+    this.loaMachtingMode = mode;
+  }
+
+  /**
+   * Set the bPK Target for this service provider.
+   * 
+   * @param bpkTargetIdentifier Set the bPK sector
+   * @throws EAAFException If the bPKTargetIdentifier is NOT ALLOWED for this
+   *                       service provider
+   */
+  public void setBpkTargetIdentifier(String bpkTargetIdentifier) throws EaafException {
+    final String allowedTargetIdentifierRegExPattern = getConfigurationValue(
+        MsEidasNodeConstants.PROP_CONFIG_SP_POLICY_ALLOWED_TARGETS,
+        MsEidasNodeConstants.POLICY_DEFAULT_ALLOWED_TARGETS);
+    log.trace("Use bPK-target regex pattern: " + allowedTargetIdentifierRegExPattern);
+
+    final Pattern p = Pattern.compile(allowedTargetIdentifierRegExPattern);
+    final Matcher m = p.matcher(bpkTargetIdentifier);
+    if (m.matches()) {
+      log.debug("Requested bPK-target: " + bpkTargetIdentifier + " matches regex pattern");
+      this.bpkTargetIdentifier = bpkTargetIdentifier;
+
+    } else {
+      log.warn("Requested bPK-target: " + bpkTargetIdentifier + " does NOT match regex pattern.");
+      throw new EaafException("auth.37", new Object[] { bpkTargetIdentifier, getUniqueIdentifier() });
+
+    }
+
+  }
+
+}
diff --git a/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/SpringBootBasicConfigurationProvider.java b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/SpringBootBasicConfigurationProvider.java
new file mode 100644
index 00000000..f5492913
--- /dev/null
+++ b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/SpringBootBasicConfigurationProvider.java
@@ -0,0 +1,122 @@
+package at.asitplus.eidas.specific.core.config;
+
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.idp.conf.AbstractSpringBootConfigurationImpl;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class SpringBootBasicConfigurationProvider extends AbstractSpringBootConfigurationImpl {
+
+  private final Map<String, ISpConfiguration> spConfigCache = new HashMap<>();
+  
+  @Override
+  public ISpConfiguration getServiceProviderConfiguration(String entityId) throws EaafConfigurationException {
+    if (!spConfigCache.containsKey(entityId)) {
+      log.debug("SP: " + entityId + " is NOT cached. Starting load operation ...  ");
+      final Map<String, String> allSPs = getBasicConfigurationWithPrefix(
+          MsEidasNodeConstants.PROP_CONFIG_SP_LIST_PREFIX);
+      for (Entry<String, String> entry : allSPs.entrySet()) {
+        if (entry.getKey().endsWith(MsEidasNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER) 
+            && entry.getValue().equals(entityId)) {
+          final String listId = KeyValueUtils.getParentKey(entry.getKey());
+          log.trace("Find SP configuration with list-Id: " + listId
+              + ". Extracting configuration elements ... ");
+          final Map<String, String> spConfig = KeyValueUtils.getSubSetWithPrefix(allSPs, listId
+              + KeyValueUtils.KEY_DELIMITER);
+          spConfigCache.put(entityId,
+              new ServiceProviderConfiguration(spConfig, this));
+          break;
+        }
+      }
+
+      if (spConfigCache.containsKey(entityId)) {
+        log.info("SP: " + entityId + " is loaded. Continuing auth. process ... ");
+      } else {
+        log.warn("SP: " + entityId + " is NOT found in configuration. Stopping auth. process ... ");
+        return null;
+
+      }
+
+    } else {
+      log.trace("SP: " + entityId + " is already cached. Use configuration from there ... ");
+    }
+
+    return spConfigCache.get(entityId);
+  }
+
+  @Override
+  public <T> T getServiceProviderConfiguration(String entityId, Class<T> decorator)
+      throws EaafConfigurationException {
+    final ISpConfiguration spConfig = getServiceProviderConfiguration(entityId);
+    if (spConfig != null && decorator != null) {
+      if (decorator.isInstance(spConfig)) {
+        return (T) spConfig;
+      } else {
+        log.error("SPConfig: " + spConfig.getClass().getName() + " is NOT instance of: " + decorator
+            .getName());
+      }
+
+    }
+
+    return null;
+
+  }
+
+  @Override
+  public String validateIdpUrl(URL url) throws EaafException {
+    log.trace("Validate requested URL: " + url);
+    String urlPrefixFromConfig = getBasicConfiguration(
+        MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX);
+    if (StringUtils.isEmpty(urlPrefixFromConfig)) {
+      log.warn("Application config containts NO URL prefix");
+      throw new EaafConfigurationException("config.27",
+          new Object[] { "Application config containts NO "
+              + getApplicationSpecificKeyPrefix()
+              + MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX });
+
+    }
+
+    // remove last slash
+    if (urlPrefixFromConfig.endsWith("/")) {
+      urlPrefixFromConfig = urlPrefixFromConfig.substring(0, urlPrefixFromConfig.length() - 1);
+    }
+
+    if (getBasicConfigurationBoolean(
+        MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION, false)) {
+      if (url != null && url.toExternalForm().startsWith(urlPrefixFromConfig)) {
+        return urlPrefixFromConfig;
+      }
+
+      log.info("URL: " + url + " does NOT match to allowed application prefix: " + urlPrefixFromConfig);
+      return null;
+
+    } else {
+      return urlPrefixFromConfig;
+
+    }
+  }
+
+  @Override
+  public String getApplicationSpecificKeyPrefix() {
+    return MsEidasNodeConstants.PROP_CONFIG_APPLICATION_PREFIX;
+
+  }
+
+  @Override
+  protected String getBackupConfigPath() {
+    return null;
+
+  }
+
+}
diff --git a/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/DefaultVelocityGuiBuilderImpl.java b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/DefaultVelocityGuiBuilderImpl.java
new file mode 100644
index 00000000..96d58def
--- /dev/null
+++ b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/DefaultVelocityGuiBuilderImpl.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.core.gui;
+
+import java.io.InputStream;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.MediaType;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.GuiBuildException;
+import at.gv.egiz.eaaf.core.impl.gui.AbstractVelocityGuiFormBuilderImpl;
+
+@Service("velocityGUIBuilderImpl")
+public class DefaultVelocityGuiBuilderImpl extends AbstractVelocityGuiFormBuilderImpl {
+  private static final Logger log = LoggerFactory.getLogger(DefaultVelocityGuiBuilderImpl.class);
+
+  private static final String CLASSPATH_HTMLTEMPLATES_DIR = "templates/";
+
+  public DefaultVelocityGuiBuilderImpl() throws GuiBuildException {
+    super();
+
+  }
+
+  @Override
+  protected InputStream getInternalTemplate(IVelocityGuiBuilderConfiguration config)
+      throws GuiBuildException {
+    final String viewName = config.getViewName();
+    log.debug("GUI template:" + viewName + " is not found in configuration directory. "
+        + " Load template from project library ... ");
+    final String pathLocation = getInternalClasspathTemplateDir(config, CLASSPATH_HTMLTEMPLATES_DIR)
+        + viewName;
+    try {
+      final InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(pathLocation);
+      return is;
+
+    } catch (final Exception e1) {
+      log.error("GUI template:" + pathLocation + " is NOT loadable  from classpath!", e1);
+      throw new GuiBuildException("GUI template:" + pathLocation + " is NOT loadable from classpath!", e1);
+
+    }
+  }
+
+  @Override
+  public String evaluateResponseContentType(HttpServletRequest httpReq, IGuiBuilderConfiguration config,
+      String loggerName) throws GuiBuildException {
+    return MediaType.TEXT_HTML_VALUE;
+    
+  }
+
+}
diff --git a/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/GuiBuilderConfigurationFactory.java b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/GuiBuilderConfigurationFactory.java
new file mode 100644
index 00000000..62a0005d
--- /dev/null
+++ b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/GuiBuilderConfigurationFactory.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.core.gui;
+
+import java.net.MalformedURLException;
+import java.net.URI;
+
+import javax.annotation.Nonnull;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.stereotype.Service;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfigurationFactory;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+
+@Service("GUIBuilderConfigurationFactory")
+public class GuiBuilderConfigurationFactory implements IGuiBuilderConfigurationFactory {
+  @Autowired(required = true) private IConfiguration basicConfig;
+  @Autowired(required = true) private ResourceLoader resourceLoader;
+
+  @Override
+  public IGuiBuilderConfiguration getDefaultErrorGui(String authUrl) {
+    return new StaticGuiBuilderConfiguration(basicConfig, authUrl, MsEidasNodeConstants.TEMPLATE_HTML_ERROR,
+        null, resourceLoader);
+  }
+
+  @Override
+  public IVelocityGuiBuilderConfiguration getSpSpecificSaml2PostConfiguration(IRequest pendingReq,
+      String viewName, URI configRootContextDir)
+      throws MalformedURLException {
+    return new StaticGuiBuilderConfiguration(basicConfig, pendingReq,
+        MsEidasNodeConstants.TEMPLATE_HTML_PVP_POSTBINDING, null, resourceLoader);
+  }
+
+  @Override
+  public IGuiBuilderConfiguration getDefaultIFrameParentHopGui(IRequest pendingReq, 
+      @Nonnull String endpoint, @Nonnull String errorId) {  
+    //TODO: implement if iFrame to parent hop is needed
+    throw new RuntimeException("Operation not supported yet.");
+    
+  }
+
+}
diff --git a/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/StaticGuiBuilderConfiguration.java b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/StaticGuiBuilderConfiguration.java
new file mode 100644
index 00000000..0fd85d3d
--- /dev/null
+++ b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/gui/StaticGuiBuilderConfiguration.java
@@ -0,0 +1,148 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.core.gui;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.apache.commons.text.StringEscapeUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.GroupDefinition;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+
+public class StaticGuiBuilderConfiguration extends AbstractGuiFormBuilderConfiguration implements
+    IVelocityGuiBuilderConfiguration, ModifyableGuiBuilderConfiguration {
+  private static final Logger log = LoggerFactory.getLogger(StaticGuiBuilderConfiguration.class);
+
+  private IRequest pendingReq = null;
+  private IConfiguration basicConfig = null;
+  private ResourceLoader resourceLoader;
+  
+  /**
+   * Static resource configuration for GUI Builder implementations.
+   * 
+   * @param basicConfig basicConfig
+   * @param authUrl Public URL of the application
+   * @param viewName Name of the template
+   * @param formSubmitEndpoint Form Submit end-point, if template contains a form.
+   * @param resourceLoader Spring ResourceLoader implementation
+   */
+  public StaticGuiBuilderConfiguration(IConfiguration basicConfig, String authUrl, String viewName,
+      String formSubmitEndpoint, ResourceLoader resourceLoader) {
+    super(authUrl, viewName, formSubmitEndpoint);
+    this.basicConfig = basicConfig;
+    this.resourceLoader = resourceLoader;
+    
+  }
+
+  /**
+   * Static resource configuration for GUI Builder implementations.
+   * 
+   * @param basicConfig Application configuration
+   * @param pendingReq Current pending request
+   * @param viewName Name of the template
+   * @param formSubmitEndpoint Form Submit end-point, if template contains a form.
+   * @param resourceLoader Spring ResourceLoader implementation
+   */
+  public StaticGuiBuilderConfiguration(IConfiguration basicConfig, IRequest pendingReq, String viewName,
+      String formSubmitEndpoint, ResourceLoader resourceLoader) {
+    super(pendingReq.getAuthUrl(), viewName, formSubmitEndpoint);
+    this.pendingReq = pendingReq;
+    this.basicConfig = basicConfig;
+    this.resourceLoader = resourceLoader;
+
+  }
+
+  @Override
+  public String getClasspathTemplateDir() {
+    return MsEidasNodeConstants.CLASSPATH_TEMPLATE_DIR;
+
+  }
+
+  @Override
+  public String getDefaultContentType() {
+    return null;
+
+  }
+
+  @Override
+  public InputStream getTemplate(String viewName) {
+    final String templateUrl = MsEidasNodeConstants.FILESYSTEM_TEMPLATE_DIR + viewName;
+    try {
+      final String absUrl = FileUtils.makeAbsoluteUrl(templateUrl, this.basicConfig
+          .getConfigurationRootDirectory());
+      log.debug("Load template URL for view: " + viewName + " from: " + absUrl);
+      Resource resource = resourceLoader.getResource(absUrl);
+      return resource.getInputStream();
+      
+    } catch (IOException e) {
+      log.info("Can can build filesytem path to template: " + templateUrl
+          + " Reason: " + e.getMessage());
+
+    }
+
+    return null;
+  }
+
+  @Override
+  public void putCustomParameterWithOutEscaption(GroupDefinition group, String key, Object value) {
+    setViewParameter(getFromGroup(), key, value);
+
+  }
+
+  @Override
+  public void putCustomParameter(GroupDefinition group, String key, String value) {
+    setViewParameter(getFromGroup(), key, StringEscapeUtils.escapeHtml4(value));
+
+  }
+
+  @Override
+  protected void putSpecificViewParameters() {
+    if (pendingReq != null) {
+      setViewParameter(getFromGroup(), PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml4(pendingReq
+          .getPendingRequestId()));
+      setViewParameter(getFromGroup(), PARAM_PENDINGREQUESTID_DEPRECATED, StringEscapeUtils.escapeHtml4(
+          pendingReq.getPendingRequestId()));
+
+    }
+
+  }
+
+  @Override
+  protected GroupDefinition getFromGroup() {
+    return null;
+
+  }
+
+}
diff --git a/modules/core_common_lib/src/main/resources/common_gui.beans.xml b/modules/core_common_lib/src/main/resources/common_gui.beans.xml
new file mode 100644
index 00000000..969a40f7
--- /dev/null
+++ b/modules/core_common_lib/src/main/resources/common_gui.beans.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:context="http://www.springframework.org/schema/context"
+  xmlns:tx="http://www.springframework.org/schema/tx"
+  xmlns:aop="http://www.springframework.org/schema/aop"
+  xmlns:task="http://www.springframework.org/schema/task"
+  xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd 
+    http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.0.xsd">
+
+  <bean id="contentNegotiationManager"
+    class="org.springframework.web.accept.ContentNegotiationManagerFactoryBean"
+    primary="true">
+    <property name="parameterName" value="mediaType" />
+    <property name="defaultContentType" value="application/json" />
+    <property name="useRegisteredExtensionsOnly" value="false" />
+    <property name="mediaTypes">
+      <map>
+        <entry key="json" value="application/json" />
+        <entry key="html" value="text/html" />
+      </map>
+    </property>
+  </bean>
+
+  <bean
+    class="org.springframework.web.servlet.view.ContentNegotiatingViewResolver">
+    <property name="order" value="1" />
+    <property name="defaultViews">
+      <list>
+        <!-- JSON View -->
+        <bean
+          class="org.springframework.web.servlet.view.json.MappingJackson2JsonView">
+          <property name="contentType" value="application/json" />
+        </bean>
+      </list>
+    </property>
+  </bean>
+
+
+  <bean id="templateEngine"
+    class="org.thymeleaf.spring5.SpringTemplateEngine">
+    <property name="templateResolver" ref="templateResolver" />
+  </bean>
+
+  <bean class="org.thymeleaf.spring5.view.ThymeleafViewResolver">
+    <property name="order" value="2" />
+    <property name="templateEngine" ref="templateEngine" />
+    <property name="characterEncoding" value="UTF-8" />
+  </bean>
+
+  <bean id="valitatorWithI18nSupport"
+    class="org.springframework.validation.beanvalidation.LocalValidatorFactoryBean">
+    <property name="validationMessageSource"
+      ref="messageSource" />
+  </bean>
+
+</beans>
\ No newline at end of file
diff --git a/modules/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/BasicConfigProviderTest.java b/modules/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/BasicConfigProviderTest.java
new file mode 100644
index 00000000..224618b9
--- /dev/null
+++ b/modules/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/BasicConfigProviderTest.java
@@ -0,0 +1,156 @@
+package at.asitplus.eidas.specific.core.test.config;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Map;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = {
+    "/SpringTest-context_basic_realConfig.xml"})
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
+public class BasicConfigProviderTest {
+
+  @Autowired private IConfigurationWithSP basicConfig;
+  
+  /**
+   * jUnit class initializer.
+   * 
+   */
+  @BeforeClass
+  public static void classInitializer() {
+    final String current = new java.io.File(".").toURI().toString();
+    System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties");
+    
+  }
+  
+  @Test
+  public void configPropInfos() {
+    Assert.assertEquals("size", 2, MsEidasNodeConstants.COUNTRY_SELECTION_PARAM_WHITELIST.size());
+    
+  }
+  
+  @Test
+  public void loadSpNoExist() throws EaafConfigurationException {
+    ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration(
+        RandomStringUtils.randomAlphabetic(5));
+    Assert.assertNull("spConfig", spConfig);
+    
+  }
+  
+  @Test
+  public void loadSpConfigBasicMode() throws EaafConfigurationException {
+    ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration("jUnitTest1");
+    
+    Assert.assertNotNull("spConfig", spConfig);
+    Assert.assertEquals("uniqueId", "jUnitTest1", spConfig.getUniqueIdentifier());
+    Assert.assertEquals("friendlyName", "NO FRIENDLYNAME SET", spConfig.getFriendlyName());
+    Assert.assertEquals("pvp2.truststore", "", spConfig.getConfigurationValue("pvp2.metadata.truststore"));
+    String test = RandomStringUtils.randomAlphabetic(5);
+    Assert.assertEquals("pvp2.password", "1234pass", 
+        spConfig.getConfigurationValue("pvp2.metadata.truststore.password", test));
+    Assert.assertEquals("eidMode", true, spConfig.isConfigurationValue("newEidMode"));
+    Assert.assertEquals("notexistflag", false, spConfig.isConfigurationValue("notexist", false));
+    Assert.assertNotNull("fullConfig", spConfig.getFullConfiguration());
+    Assert.assertEquals("fullConfig", 4, spConfig.getFullConfiguration().size());
+    
+  }
+  
+  @Test
+  public void loadSpConfigAdvancedMode() throws EaafConfigurationException {
+    ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration(
+        "jUnitTest2", ServiceProviderConfiguration.class);
+    
+    Assert.assertNotNull("spConfig", spConfig);
+    Assert.assertEquals("uniqueId", "jUnitTest2", spConfig.getUniqueIdentifier());
+    Assert.assertEquals("friendlyName", "jUnit tester 2", spConfig.getFriendlyName());
+    Assert.assertEquals("pvp2.truststore", "", spConfig.getConfigurationValue("pvp2.metadata.truststore"));
+    String test = RandomStringUtils.randomAlphabetic(5);
+    Assert.assertEquals("pvp2.password", test, 
+        spConfig.getConfigurationValue("pvp2.metadata.truststore.notexist", test));
+    Assert.assertEquals("eidMode", false, spConfig.isConfigurationValue("newEidMode"));
+    Assert.assertEquals("notexistflag", false, spConfig.isConfigurationValue("notexist", false));
+    Assert.assertNotNull("fullConfig", spConfig.getFullConfiguration());
+    Assert.assertEquals("fullConfig", 5, spConfig.getFullConfiguration().size());
+    Assert.assertFalse("baseIdInternal", spConfig.hasBaseIdInternalProcessingRestriction());
+    Assert.assertTrue("baseIdTransfer", spConfig.hasBaseIdTransferRestriction());
+    
+  }
+  
+  @Test
+  public void loadSpConfigAdvancedModeWrongDecorator() throws EaafConfigurationException {
+    ISpConfiguration spConfig1 = basicConfig.getServiceProviderConfiguration(
+        "jUnitTest2", null);    
+    Assert.assertNull("spConfig", spConfig1);
+
+    String spConfig2 = basicConfig.getServiceProviderConfiguration(
+        "jUnitTest2", String.class);    
+    Assert.assertNull("spConfig", spConfig2);
+    
+  }
+  
+  @Test
+  public void loadConfigValuesString() {
+    Assert.assertEquals("without default", "ownSpecificConnector", 
+        basicConfig.getBasicConfiguration("auth.eIDAS.node_v2.entityId"));
+    
+    Assert.assertEquals("with default", "", 
+        basicConfig.getBasicConfiguration("auth.eIDAS.szrclient.endpoint.prod", 
+            RandomStringUtils.randomAlphabetic(5)));
+    
+    String rand1 = RandomStringUtils.randomAlphanumeric(5);
+    Assert.assertEquals("unknown with default", rand1, 
+        basicConfig.getBasicConfiguration("notexist", rand1));
+    
+  }
+  
+  @Test
+  public void loadConfigValuesBoolean() {
+    Assert.assertEquals("without default", true, 
+        basicConfig.getBasicConfigurationBoolean("auth.eIDAS.szrclient.useTestService"));
+    
+    Assert.assertEquals("with default", false, 
+        basicConfig.getBasicConfigurationBoolean("auth.notexist", 
+            false));
+    
+    Assert.assertEquals("unknown with default", false, 
+        basicConfig.getBasicConfigurationBoolean("auth.eIDAS.szrclient.params.vkz", true));
+    
+  }
+  
+  @Test
+  public void loadConfigMap() {
+    Map<String, String> entries = basicConfig.getBasicConfigurationWithPrefix("auth.eIDAS.szrclient");
+    Assert.assertEquals("wrong size", 16, entries.size());
+    Assert.assertTrue("missing element", entries.containsKey("endpoint.test"));
+    Assert.assertEquals("wrong entry", "http://localhost:1234/demoszr", entries.get("endpoint.test"));
+    
+  }
+  
+  @Test
+  public void validateUrl() throws MalformedURLException, EaafException {
+    Assert.assertEquals("wrong URL", "http://localhost/test", 
+        basicConfig.validateIdpUrl(new URL("http://localhost/test/" + RandomStringUtils.randomAlphabetic(5))));
+   
+    Assert.assertNull("wrong URL",
+        basicConfig.validateIdpUrl(new URL("http://localhost/wrong/" + RandomStringUtils.randomAlphabetic(5))));
+    
+  }
+}
diff --git a/modules/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/ServiceProviderConfigurationTest.java b/modules/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/ServiceProviderConfigurationTest.java
new file mode 100644
index 00000000..99ea2a47
--- /dev/null
+++ b/modules/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/ServiceProviderConfigurationTest.java
@@ -0,0 +1,54 @@
+package at.asitplus.eidas.specific.core.test.config;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class ServiceProviderConfigurationTest {
+
+  
+  
+  @Test
+  public void spConfigLoad() throws EaafException {
+    IConfiguration authConfig = new MsConnectorDummyConfigMap();
+    
+    Map<String, String> map = new HashMap<>();
+    map.put("uniqueID", RandomStringUtils.randomAlphabetic(10));
+    map.put("policy.allowed.requested.targets", "urn:publicid:gv.at:cdid\\+.*");
+
+    ServiceProviderConfiguration spConfig = new ServiceProviderConfiguration(map, authConfig);
+    
+    spConfig.setRequiredLoA(Arrays.asList(EaafConstants.EIDAS_LOA_LOW));
+    Assert.assertEquals("LoA", 1, spConfig.getRequiredLoA().size());
+    Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/low", spConfig.getRequiredLoA().get(0));
+    
+    spConfig.setLoAMachtingMode("exact");
+    Assert.assertEquals("wrong machtingMode", "exact", spConfig.getLoAMatchingMode());
+    
+    String bpkTarget = EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2);
+    spConfig.setBpkTargetIdentifier(bpkTarget);
+    Assert.assertEquals("wrong bPK", bpkTarget, spConfig.getAreaSpecificTargetIdentifier());
+    
+    
+    try {
+      spConfig.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_WBPK + RandomStringUtils.randomAlphabetic(2));
+      
+    } catch (EaafException e) {
+      Assert.assertEquals("ErrorId", "auth.37", e.getErrorId());
+    }
+    
+  }
+}
diff --git a/modules/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/SpringBootBasicConfigurationProviderTest.java b/modules/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/SpringBootBasicConfigurationProviderTest.java
new file mode 100644
index 00000000..0dd34494
--- /dev/null
+++ b/modules/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/SpringBootBasicConfigurationProviderTest.java
@@ -0,0 +1,148 @@
+package at.asitplus.eidas.specific.core.test.config;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Map;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = {
+    "/SpringTest-context_basic_realConfig.xml"})
+@TestPropertySource(locations = { "/config/junit_config_1.properties" })
+@ActiveProfiles("springBoot")
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
+public class SpringBootBasicConfigurationProviderTest {
+
+ @Autowired private IConfigurationWithSP basicConfig;
+ 
+  @Test
+  public void configPropInfos() {
+    Assert.assertEquals("size", 2, MsEidasNodeConstants.COUNTRY_SELECTION_PARAM_WHITELIST.size());
+    
+  }
+  
+  @Test
+  public void loadSpNoExist() throws EaafConfigurationException {
+    ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration(
+        RandomStringUtils.randomAlphabetic(5));
+    Assert.assertNull("spConfig", spConfig);
+    
+  }
+  
+  @Test
+  public void loadSpConfigBasicMode() throws EaafConfigurationException {
+    ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration("jUnitTest1");
+    
+    Assert.assertNotNull("spConfig", spConfig);
+    Assert.assertEquals("uniqueId", "jUnitTest1", spConfig.getUniqueIdentifier());
+    Assert.assertEquals("friendlyName", "NO FRIENDLYNAME SET", spConfig.getFriendlyName());
+    Assert.assertEquals("pvp2.truststore", "", spConfig.getConfigurationValue("pvp2.metadata.truststore"));
+    String test = RandomStringUtils.randomAlphabetic(5);
+    Assert.assertEquals("pvp2.password", "1234pass", 
+        spConfig.getConfigurationValue("pvp2.metadata.truststore.password", test));
+    Assert.assertEquals("eidMode", true, spConfig.isConfigurationValue("newEidMode"));
+    Assert.assertEquals("notexistflag", false, spConfig.isConfigurationValue("notexist", false));
+    Assert.assertNotNull("fullConfig", spConfig.getFullConfiguration());
+    Assert.assertEquals("fullConfig", 4, spConfig.getFullConfiguration().size());
+    
+  }
+  
+  @Test
+  public void loadSpConfigAdvancedMode() throws EaafConfigurationException {
+    ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration(
+        "jUnitTest2", ServiceProviderConfiguration.class);
+    
+    Assert.assertNotNull("spConfig", spConfig);
+    Assert.assertEquals("uniqueId", "jUnitTest2", spConfig.getUniqueIdentifier());
+    Assert.assertEquals("friendlyName", "jUnit tester 2", spConfig.getFriendlyName());
+    Assert.assertEquals("pvp2.truststore", "", spConfig.getConfigurationValue("pvp2.metadata.truststore"));
+    String test = RandomStringUtils.randomAlphabetic(5);
+    Assert.assertEquals("pvp2.password", test, 
+        spConfig.getConfigurationValue("pvp2.metadata.truststore.notexist", test));
+    Assert.assertEquals("eidMode", false, spConfig.isConfigurationValue("newEidMode"));
+    Assert.assertEquals("notexistflag", false, spConfig.isConfigurationValue("notexist", false));
+    Assert.assertNotNull("fullConfig", spConfig.getFullConfiguration());
+    Assert.assertEquals("fullConfig", 5, spConfig.getFullConfiguration().size());
+    Assert.assertFalse("baseIdInternal", spConfig.hasBaseIdInternalProcessingRestriction());
+    Assert.assertTrue("baseIdTransfer", spConfig.hasBaseIdTransferRestriction());
+    
+  }
+  
+  @Test
+  public void loadSpConfigAdvancedModeWrongDecorator() throws EaafConfigurationException {
+    ISpConfiguration spConfig1 = basicConfig.getServiceProviderConfiguration(
+        "jUnitTest2", null);    
+    Assert.assertNull("spConfig", spConfig1);
+
+    String spConfig2 = basicConfig.getServiceProviderConfiguration(
+        "jUnitTest2", String.class);    
+    Assert.assertNull("spConfig", spConfig2);
+    
+  }
+  
+  @Test
+  public void loadConfigValuesString() {
+    Assert.assertEquals("without default", "ownSpecificConnector", 
+        basicConfig.getBasicConfiguration("auth.eIDAS.node_v2.entityId"));
+    
+    Assert.assertEquals("with default", "", 
+        basicConfig.getBasicConfiguration("auth.eIDAS.szrclient.endpoint.prod", 
+            RandomStringUtils.randomAlphabetic(5)));
+    
+    String rand1 = RandomStringUtils.randomAlphanumeric(5);
+    Assert.assertEquals("unknown with default", rand1, 
+        basicConfig.getBasicConfiguration("notexist", rand1));
+    
+  }
+  
+  @Test
+  public void loadConfigValuesBoolean() {
+    Assert.assertEquals("without default", true, 
+        basicConfig.getBasicConfigurationBoolean("auth.eIDAS.szrclient.useTestService"));
+    
+    Assert.assertEquals("not exist with default", false, 
+        basicConfig.getBasicConfigurationBoolean("auth.notexist", 
+            false));
+    
+    Assert.assertEquals("exist but empty with default", true, 
+        basicConfig.getBasicConfigurationBoolean("auth.eIDAS.szrclient.params.vkz", true));
+    
+  }
+  
+  @Test
+  public void loadConfigMap() {
+    Map<String, String> entries = basicConfig.getBasicConfigurationWithPrefix("auth.eIDAS.szrclient");
+    Assert.assertEquals("wrong size", 16, entries.size());
+    Assert.assertTrue("missing element", entries.containsKey("endpoint.test"));
+    Assert.assertEquals("wrong entry", "http://localhost:1234/demoszr", entries.get("endpoint.test"));
+    
+  }
+  
+  @Test
+  public void validateUrl() throws MalformedURLException, EaafException {
+    Assert.assertEquals("wrong URL", "http://localhost/test", 
+        basicConfig.validateIdpUrl(new URL("http://localhost/test/" + RandomStringUtils.randomAlphabetic(5))));
+   
+    Assert.assertNull("wrong URL",
+        basicConfig.validateIdpUrl(new URL("http://localhost/wrong/" + RandomStringUtils.randomAlphabetic(5))));
+    
+  }
+}
diff --git a/modules/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/dummy/MsConnectorDummyConfigMap.java b/modules/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/dummy/MsConnectorDummyConfigMap.java
new file mode 100644
index 00000000..59ae5aff
--- /dev/null
+++ b/modules/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/dummy/MsConnectorDummyConfigMap.java
@@ -0,0 +1,120 @@
+package at.asitplus.eidas.specific.core.test.config.dummy;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URL;
+import java.util.Map;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
+import lombok.Setter;
+
+/**
+ * MS-Connector specific dummy basic-config implementation.
+ * 
+ * @author tlenz
+ *
+ */
+public class MsConnectorDummyConfigMap extends DummyAuthConfigMap {
+
+  private static final String CONFIG_PREFIX = "eidas.ms.";
+  
+  @Setter
+  private String configRootDirSufix;
+  
+  /**
+   * Creates an emptry configuration.
+   *
+   */
+  public MsConnectorDummyConfigMap() {
+
+  }
+
+  /**
+   * Dummy Application-configuration.
+   *
+   * @param configIs Property based configuration
+   * @throws IOException In case of an configuration read error
+   */
+  public MsConnectorDummyConfigMap(final InputStream configIs) throws IOException {
+    super(configIs);
+
+  }
+
+  /**
+   * Dummy Application-configuration.
+   *
+   * @param path Path to property based configuration
+   * @throws IOException In case of an configuration read error
+   */
+  public MsConnectorDummyConfigMap(final String path) throws IOException {
+    super(path);
+
+  }
+  
+  
+  @Override
+  public String getBasicConfiguration(final String key) {
+    return super.getBasicConfiguration(addPrefixToKey(key));
+
+  }
+  
+  @Override
+  public String validateIdpUrl(final URL authReqUrl) throws EaafException {
+    return authReqUrl.toExternalForm();
+    
+  }
+  
+  @Override
+  public Map<String, String> getBasicConfigurationWithPrefix(final String prefix) {
+    return super.getBasicConfigurationWithPrefix(addPrefixToKey(prefix));
+
+  }
+  
+  @Override
+  public void putConfigValue(final String key, final String value) {
+    super.putConfigValue(addPrefixToKey(key), value);
+  }
+
+  @Override
+  public void removeConfigValue(final String key) {
+    super.removeConfigValue(addPrefixToKey(key));
+
+  }
+  
+  @Override
+  public URI getConfigurationRootDirectory() {
+    URI basePath = super.getConfigurationRootDirectory();
+    if (StringUtils.isNotEmpty(configRootDirSufix)) {
+     try {
+      return new URI(basePath.toString() + configRootDirSufix);
+            
+    } catch (URISyntaxException e) {
+      throw new RuntimeException("Wrong Dummyconfig", e);
+      
+    } 
+      
+    } else {    
+      return basePath;
+      
+    }
+    
+
+  }
+  
+  private String addPrefixToKey(final String key) {
+    if (key.startsWith(CONFIG_PREFIX)) {
+      return key;
+      
+    }  else {
+      return CONFIG_PREFIX + key;
+      
+    }
+  }
+
+         
+}
diff --git a/modules/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/dummy/MsConnectorDummySpConfiguration.java b/modules/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/dummy/MsConnectorDummySpConfiguration.java
new file mode 100644
index 00000000..922a13b7
--- /dev/null
+++ b/modules/core_common_lib/src/test/java/at/asitplus/eidas/specific/core/test/config/dummy/MsConnectorDummySpConfiguration.java
@@ -0,0 +1,28 @@
+package at.asitplus.eidas.specific.core.test.config.dummy;
+
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
+import lombok.Setter;
+
+public class MsConnectorDummySpConfiguration extends DummySpConfiguration {
+  
+  private static final long serialVersionUID = -3249018889871026127L;
+
+  @Setter
+  private List<String> loa;
+  
+  public MsConnectorDummySpConfiguration(Map<String, String> spConfig, IConfiguration authConfig) {
+    super(spConfig, authConfig);
+
+  }
+  
+  @Override
+  public List<String> getRequiredLoA() {
+    return loa;
+    
+  }
+
+}
diff --git a/modules/core_common_lib/src/test/resources/SpringTest-context_basic_realConfig.xml b/modules/core_common_lib/src/test/resources/SpringTest-context_basic_realConfig.xml
new file mode 100644
index 00000000..66abbb39
--- /dev/null
+++ b/modules/core_common_lib/src/test/resources/SpringTest-context_basic_realConfig.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:context="http://www.springframework.org/schema/context"
+  xmlns:tx="http://www.springframework.org/schema/tx"
+  xmlns:aop="http://www.springframework.org/schema/aop"
+  xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+  <context:annotation-config />
+
+  <beans profile="!springBoot">
+  <bean id="BasicMSSpecificNodeConfig"
+    class="at.asitplus.eidas.specific.core.config.BasicConfigurationProvider">
+    <constructor-arg value="#{systemProperties['eidas.ms.configuration']}" />
+  </bean>
+  </beans>
+  <beans profile="springBoot">
+    <bean id="springBootMsSpecificNodeConfig"
+          class="at.asitplus.eidas.specific.core.config.SpringBootBasicConfigurationProvider" />
+  </beans>
+
+</beans>
\ No newline at end of file
diff --git a/modules/core_common_lib/src/test/resources/config/junit_config_1.properties b/modules/core_common_lib/src/test/resources/config/junit_config_1.properties
new file mode 100644
index 00000000..160725d4
--- /dev/null
+++ b/modules/core_common_lib/src/test/resources/config/junit_config_1.properties
@@ -0,0 +1,124 @@
+## Basic service configuration
+eidas.ms.context.url.prefix=http://localhost/test/
+eidas.ms.context.url.request.validation=true
+eidas.ms.core.configRootDir=file:./src/test/resources/config/
+
+eidas.ms.context.use.clustermode=true
+
+##Monitoring
+eidas.ms.monitoring.eIDASNode.metadata.url=
+
+
+##Specific logger configuration
+eidas.ms.technicallog.write.MDS.into.techlog=true
+eidas.ms.revisionlog.write.MDS.into.revisionlog=true
+eidas.ms.revisionlog.logIPAddressOfUser=true
+
+##Directory for static Web content
+eidas.ms.webcontent.static.directory=webcontent/
+eidas.ms.webcontent.templates=templates/
+eidas.ms.webcontent.properties=properties/messages
+
+## extended validation of pending-request Id's
+eidas.ms.core.pendingrequestid.maxlifetime=300
+eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256
+eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret
+
+## eIDAS Ref. Implementation connector ###
+eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector
+eidas.ms.auth.eIDAS.node_v2.forward.endpoint=
+eidas.ms.auth.eIDAS.node_v2.forward.method=POST
+eidas.ms.auth.eIDAS.node_v2.countrycode=AT
+eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.*
+eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true
+eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true
+eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true
+eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs=myNode
+
+eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high
+
+eidas.ms.auth.eIDAS.szrclient.useTestService=true
+eidas.ms.auth.eIDAS.szrclient.endpoint.prod=
+eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr
+eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/.....
+eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password=
+eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path=
+eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password=
+eidas.ms.auth.eIDAS.szrclient.timeout.connection=15
+eidas.ms.auth.eIDAS.szrclient.timeout.response=30
+eidas.ms.auth.eIDAS.szrclient.params.vkz=
+
+eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false
+
+
+eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s
+eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair
+eidas.ms.auth.eIDAS.authblock.keystore.path=./../keystore/teststore.jks
+eidas.ms.auth.eIDAS.authblock.keystore.type=jks
+eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair
+eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s
+
+
+#Raw eIDAS Id data storage
+eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true
+
+eidas.ms.auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true
+eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true
+
+eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true
+eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=true
+
+##without mandates
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.2=FirstName,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.3=DateOfBirth,true
+
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.4=PlaceOfBirth,false
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.5=BirthName,false
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.6=Gender,false
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.7=CurrentAddress,false
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.8=testtest,false
+
+##with mandates ---- NOT FULLY SUPPORTED AT THE MOMENT -----
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.0=PersonIdentifier,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.1=FamilyName,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.2=FirstName,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.3=DateOfBirth,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,true
+eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true
+
+
+## PVP2 S-Profile end-point configuration
+eidas.ms.pvp2.keystore.path=keys/.....
+eidas.ms.pvp2.keystore.password=
+eidas.ms.pvp2.key.metadata.alias=
+eidas.ms.pvp2.key.metadata.password=
+eidas.ms.pvp2.key.signing.alias=
+eidas.ms.pvp2.key.signing.password=
+eidas.ms.pvp2.metadata.validity=24
+
+## Service Provider configuration
+eidas.ms.sp.0.uniqueID=jUnitTest1
+eidas.ms.sp.0.pvp2.metadata.truststore=
+eidas.ms.sp.0.pvp2.metadata.truststore.password=1234pass
+eidas.ms.sp.0.newEidMode=true
+
+eidas.ms.sp.1.uniqueID=jUnitTest2
+eidas.ms.sp.1.friendlyName=jUnit tester 2
+eidas.ms.sp.1.pvp2.metadata.truststore=
+eidas.ms.sp.1.pvp2.metadata.truststore.password=
+eidas.ms.sp.1.newEidMode=false
+
+#eidas.ms.sp.0.friendlyName=
+#eidas.ms.sp.0.pvp2.metadata.url=
+#eidas.ms.sp.0.policy.allowed.requested.targets=.*
+#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false
+
+
+##only for advanced config
+eidas.ms.configuration.sp.disableRegistrationRequirement=
+eidas.ms.configuration.restrictions.baseID.spTransmission=
+eidas.ms.configuration.auth.default.countrycode=
+eidas.ms.configuration.pvp.scheme.validation=
+eidas.ms.configuration.pvp.enable.entitycategories=
\ No newline at end of file
-- 
cgit v1.2.3


From db3af28b79296b6f5650a85c5a41ad5015c57222 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Tue, 7 Jun 2022 13:48:34 +0200
Subject: feat(eidas): include IDA releated requested attributes into
 service-provider configuration

---
 .../core/config/ServiceProviderConfiguration.java  |  8 +++++
 .../protocol/EidasProxyServiceController.java      | 35 +++++++++++++++++-----
 .../protocol/EidasProxyServiceControllerTest.java  | 14 ++++++++-
 3 files changed, 49 insertions(+), 8 deletions(-)

(limited to 'modules/core_common_lib/src')

diff --git a/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java
index 5ca1c8c5..2ecbf7d0 100644
--- a/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java
+++ b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java
@@ -26,6 +26,7 @@ package at.asitplus.eidas.specific.core.config;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -52,6 +53,13 @@ public class ServiceProviderConfiguration extends SpConfigurationImpl {
   @Setter
   @Getter
   private List<String> mandateProfiles;  
+    
+  /**
+   * IDA specific requested attributes
+   */
+  @Getter
+  @Setter
+  private Set<String> requestedAttributes;
   
   @Getter
   @Setter
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
index cd404cee..26cc51ee 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
@@ -2,9 +2,11 @@ package at.asitplus.eidas.specific.modules.msproxyservice.protocol;
 
 import java.io.IOException;
 import java.text.MessageFormat;
+import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Objects;
 import java.util.UUID;
 import java.util.stream.Collectors;
 
@@ -22,13 +24,14 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
 import com.google.common.collect.ImmutableSortedSet;
+import com.google.common.collect.Streams;
 
 import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
 import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
-import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
 import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException;
+import at.asitplus.eidas.specific.modules.msproxyservice.service.ProxyEidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils;
 import at.gv.egiz.components.eventlog.api.EventConstants;
 import at.gv.egiz.eaaf.core.api.IRequest;
@@ -76,7 +79,7 @@ public class EidasProxyServiceController extends AbstractController implements I
   
   public static final String PROTOCOL_ID = "eidasProxy";
 
-  @Autowired EidasAttributeRegistry attrRegistry;  
+  @Autowired ProxyEidasAttributeRegistry attrRegistry;
   @Autowired ProxyServiceAuthenticationAction responseAction;
 
   /**
@@ -115,7 +118,7 @@ public class EidasProxyServiceController extends AbstractController implements I
                   .toString());
       final ILightRequest eidasRequest = specificProxyCommunicationService.getAndRemoveRequest(
           tokenBase64,
-          ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes()));
+          ImmutableSortedSet.copyOf(attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getAttributes()));
       if (eidasRequest == null) {
         log.info("Find no eIDAS Authn. Request with stated token.");
         throw new EidasProxyServiceException(ERROR_11, null);
@@ -317,9 +320,12 @@ public class EidasProxyServiceController extends AbstractController implements I
       spConfig.setRequiredLoA(
           eidasRequest.getLevelsOfAssurance().stream().map(el -> el.getValue()).collect(Collectors.toList()));
 
-      //build mandate profiles for this specific request
+      // build mandate profiles for this specific request
       buildMandateProfileConfiguration(spConfig, eidasRequest);
-          
+      
+      // map eIDAS attributes to national attributes
+      buildNationalRequestedAttributes(spConfig, eidasRequest);
+      
       return spConfig;
 
     } catch (EidasProxyServiceException e) {
@@ -332,6 +338,22 @@ public class EidasProxyServiceController extends AbstractController implements I
   }
 
   
+  private void buildNationalRequestedAttributes(
+      ServiceProviderConfiguration spConfig, ILightRequest eidasRequest) {    
+    boolean mandatesEnabled = !SpMandateModes.NONE.equals(spConfig.getMandateMode());    
+    spConfig.setRequestedAttributes(
+        Streams.concat(
+            eidasRequest.getRequestedAttributes().getAttributeMap().keySet().stream()
+                .map(el -> attrRegistry.getIdaAttributesForEidasAttribute(
+                    el.getNameUri().toString(), mandatesEnabled))
+                .flatMap(Collection::stream)
+                .filter(Objects::nonNull),
+            attrRegistry.getAlwaysRequestedAttributes(mandatesEnabled))
+        .collect(Collectors.toSet()));
+    log.debug("Inject #{} attributes to request from IDA system", spConfig.getRequestedAttributes().size());
+    
+  }
+
   private Map<String, String> extractRawConnectorConfiguration(ILightRequest eidasRequest) {    
     Map<String, String> allConnectorConfigs = authConfig.getBasicConfigurationWithPrefix(
         MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_PREFIX);
@@ -341,8 +363,7 @@ public class EidasProxyServiceController extends AbstractController implements I
           el -> log.trace("Key: {} -> Value: {}", el.getKey(), el.getValue()));
       
     }
-      
-    
+          
     Map<String, String> connectorConfig = allConnectorConfigs.entrySet().stream()
         .filter(el -> el.getKey().endsWith(MsEidasNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER) 
             && el.getValue().equals(eidasRequest.getIssuer()))
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
index 189378e0..ef1abbcd 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
@@ -277,7 +277,10 @@ public class EidasProxyServiceControllerTest {
         .spType("public")
         .requestedAttributes(ImmutableAttributeMap.builder()
             .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-                EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
+                EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_BIRTHNAME).first())
+            .build());
     
     proxyService.setiLightRequest(authnReqBuilder.build());
     
@@ -326,6 +329,9 @@ public class EidasProxyServiceControllerTest {
     assertTrue("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
     assertEquals("MandateMode", SpMandateModes.NONE, spConfig.getMandateMode());
         
+    assertEquals("requested IDA attributes", 3, spConfig.getRequestedAttributes().size());
+    
+    
   }
 
   @Test
@@ -370,6 +376,8 @@ public class EidasProxyServiceControllerTest {
         .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfilesNat.contains(el)));
     assertEquals("MandateMode", SpMandateModes.NATURAL, spConfig.getMandateMode());
     
+    assertEquals("requested IDA attributes", 6, spConfig.getRequestedAttributes().size());
+    
   }
   
   @Test
@@ -414,6 +422,8 @@ public class EidasProxyServiceControllerTest {
         .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfilesJur.contains(el)));
     assertEquals("MandateMode", SpMandateModes.LEGAL_FORCE, spConfig.getMandateMode());
     
+    assertEquals("requested IDA attributes", 9, spConfig.getRequestedAttributes().size());
+    
   }
   
   @Test
@@ -481,6 +491,8 @@ public class EidasProxyServiceControllerTest {
     assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
     assertTrue("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
     assertEquals("MandateMode", SpMandateModes.NONE, spConfig.getMandateMode());
+    
+    assertEquals("requested IDA attributes", 3, spConfig.getRequestedAttributes().size());
         
   }
   
-- 
cgit v1.2.3


From 3d9d419a40b17de1f94d46cbc2f5b345a93bff00 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Wed, 8 Jun 2022 12:32:16 +0200
Subject: feat(eidas): perform mapping between IDA and eIDAS attributes based
 on external configuration

---
 .../ms-proxyservice/misc/idaAttributeMapping.json  | 170 +++++++++
 .../SpRequiredAttributersAttributeBuilder.java     |  63 ++++
 .../tasks/ReceiveFromIdAustriaSystemTask.java      |  30 +-
 .../tasks/RequestIdAustriaSystemTask.java          |   6 +
 .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder |   1 +
 .../SpRequiredAttributersAttributeBuilderTest.java |  72 ++++
 .../test/task/ReceiveAuthnResponseTaskTest.java    |  24 +-
 .../test/task/RequestIdAustriaSystemTaskTest.java  |  72 ++--
 .../eidas/specific/core/MsEidasNodeConstants.java  |  13 +-
 .../core/builder/AuthenticationDataBuilder.java    | 185 ++++++++--
 .../main/resources/specific_eIDAS_core.beans.xml   |   3 -
 .../test/utils/AuthenticationDataBuilderTest.java  | 311 +++++++++++++++-
 .../msproxyservice/dto/attributes/Type.java        |   7 +
 .../protocol/ProxyServiceAuthenticationAction.java | 297 +++++++---------
 .../service/ProxyEidasAttributeRegistry.java       |  34 +-
 .../ProxyServiceAuthenticationActionTest.java      | 217 +++++++++--
 .../services/ProxyEidasAttributeRegistryTest.java  |  35 ++
 .../test/resources/config/idaAttributeMapping.json |  56 ++-
 .../resources/specific_eIDAS_connector.beans.xml   |   3 +
 .../builder/ProxyAuthenticationDataBuilder.java    |  38 ++
 .../main/resources/specific_eIDAS_proxy.beans.xml  |   3 +
 .../ProxyAuthenticationDataBuilderTest.java        | 395 +++++++++++++++++++++
 .../config/junit_config_1_springboot.properties    |   2 +-
 pom.xml                                            |   2 +-
 24 files changed, 1713 insertions(+), 326 deletions(-)
 create mode 100644 basicConfig/ms-proxyservice/misc/idaAttributeMapping.json
 create mode 100644 modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/builder/attributes/SpRequiredAttributersAttributeBuilder.java
 create mode 100644 modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/builder/attributes/SpRequiredAttributersAttributeBuilderTest.java
 create mode 100644 ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/builder/ProxyAuthenticationDataBuilder.java
 create mode 100644 ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/builder/ProxyAuthenticationDataBuilderTest.java

(limited to 'modules/core_common_lib/src')

diff --git a/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json b/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json
new file mode 100644
index 00000000..7c44b48a
--- /dev/null
+++ b/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json
@@ -0,0 +1,170 @@
+[
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier",
+    "idaAttribute": {
+      "basic": "urn:oid:1.2.40.0.10.2.1.1.149",
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.98"
+    },
+    "type": {
+      "mds": true,
+      "autoIncludeWithMandates": false
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName",
+    "idaAttribute": {
+      "basic": "urn:oid:2.5.4.42",
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.78"
+    },
+    "type": {
+      "mds": true,
+      "autoIncludeWithMandates": false
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName",
+    "idaAttribute": {
+      "basic": "urn:oid:1.2.40.0.10.2.1.1.261.20",
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.80"
+    },
+    "type": {
+      "mds": true,
+      "autoIncludeWithMandates": false
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/DateOfBirth",
+    "idaAttribute": {
+      "basic": "urn:oid:1.2.40.0.10.2.1.1.55",
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.82"
+    },
+    "type": {
+      "mds": true,
+      "autoIncludeWithMandates": false
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth",
+    "idaAttribute": {},
+    "type": {
+      "mds": false,
+      "autoIncludeWithMandates": false
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/BirthName",
+    "idaAttribute": {},
+    "type": {
+      "mds": false,
+      "autoIncludeWithMandates": false
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier",
+    "idaAttribute": {
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.100"
+    },
+    "addionalRequiredAttributes" : [
+      "urn:oid:1.2.40.0.10.2.1.1.149", 
+      "urn:oid:2.5.4.42", 
+      "urn:oid:1.2.40.0.10.2.1.1.261.20", 
+      "urn:oid:1.2.40.0.10.2.1.1.55"
+    ],
+    "type": {
+      "mds": true,
+      "autoIncludeWithMandates": false
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/legalperson/LegalName",
+    "idaAttribute": {
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.84"
+    },
+    "type": {
+      "mds": true,
+      "autoIncludeWithMandates": false
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/representative/PersonIdentifier",
+    "idaAttribute": {
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.149"
+    },
+    "type": {
+      "mds": true,
+      "autoIncludeWithMandates": true
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/representative/CurrentFamilyName",
+    "idaAttribute": {
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.20"
+    },
+    "type": {
+      "mds": true,
+      "autoIncludeWithMandates": true
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/representative/CurrentGivenName",
+    "idaAttribute": {
+      "withMandates": "urn:oid:2.5.4.42"
+    },
+    "type": {
+      "mds": true,
+      "autoIncludeWithMandates": true
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/representative/DateOfBirth",
+    "idaAttribute": {
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.55"
+    },
+    "type": {
+      "mds": true,
+      "autoIncludeWithMandates": true
+    }
+  },
+  {
+    "eidasAttribute": "*",
+    "idaAttribute": {
+      "basic": "urn:oid:1.2.40.0.10.2.1.1.261.32",
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.32"
+    },
+    "type": {
+      "mds": false,
+      "autoIncludeWithMandates": false      
+    }
+  },
+  {
+    "eidasAttribute": "*",
+    "idaAttribute": {
+      "basic": "urn:oid:1.2.40.0.10.2.1.1.261.108",
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.108"
+    },
+    "type": {
+      "mds": false,
+      "autoIncludeWithMandates": false  
+    }
+  },
+  {
+    "eidasAttribute": "*",
+    "idaAttribute": {
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.68"
+    },
+    "type": {
+      "mds": false,
+      "autoIncludeWithMandates": false  
+    }
+  },
+  {
+    "eidasAttribute": "*",
+    "idaAttribute": {
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.106"
+    },
+    "type": {
+      "mds": false,
+      "autoIncludeWithMandates": false  
+    }
+  }
+]
diff --git a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/builder/attributes/SpRequiredAttributersAttributeBuilder.java b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/builder/attributes/SpRequiredAttributersAttributeBuilder.java
new file mode 100644
index 00000000..61687088
--- /dev/null
+++ b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/builder/attributes/SpRequiredAttributersAttributeBuilder.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.modules.auth.idaustria.builder.attributes;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class SpRequiredAttributersAttributeBuilder
+    implements IAttributeBuilder, ExtendedPvpAttributeDefinitions {
+
+  @Override
+  public String getName() {
+    return SP_REQUIRED_ATTRIBUTES_NAME;
+  }
+
+  @Override
+  public <ATT> ATT build(final ISpConfiguration oaParam, final IAuthData authData,
+      final IAttributeGenerator<ATT> g)
+      throws AttributeBuilderException {
+    if (oaParam instanceof ServiceProviderConfiguration) {
+      return g.buildStringAttribute(SP_REQUIRED_ATTRIBUTES_FRIENDLY_NAME, SP_REQUIRED_ATTRIBUTES_NAME,
+          StringUtils.join(((ServiceProviderConfiguration)oaParam).getRequestedAttributes(), ","));
+      
+    } else {
+      log.warn("Can not build attribute for required IDA attributes, because SP config-implementation does not match.");
+      return null;
+      
+    }
+  }
+
+  @Override
+  public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) {
+    return g.buildEmptyAttribute(SP_REQUIRED_ATTRIBUTES_FRIENDLY_NAME, SP_REQUIRED_ATTRIBUTES_NAME);
+
+  }
+
+}
diff --git a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java
index e486b851..17e0e0d5 100644
--- a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java
+++ b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java
@@ -16,7 +16,6 @@ import org.opensaml.saml.saml2.core.StatusCode;
 import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
 import org.springframework.beans.factory.annotation.Autowired;
 
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants;
 import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider;
 import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMetadataProvider;
@@ -234,8 +233,7 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask {
       // inject all attributes into session
       final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
       for (final String attrName : includedAttrNames) {
-        injectAuthInfosIntoSession(session, attrName,
-            extractor.getSingleAttributeValue(attrName));
+        injectAuthInfosIntoSession(session, attrName, extractor.getSingleAttributeValue(attrName));
 
       }
       
@@ -306,31 +304,11 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask {
   private void injectAuthInfosIntoSession(AuthProcessDataWrapper session,
       String attrName, String attrValue) throws EaafStorageException, IOException {
     log.trace("Inject attribute: {} with value: {} into  AuthSession", attrName, attrValue);
-    log.debug("Inject attribute: {} into  AuthSession", attrName);
-    if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) {
-      log.trace("Find bPK attribute. Extract eIDAS identifier ... ");
-      session.setGenericDataToSession(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER,
-          extractBpkFromResponse(attrValue));
-      
-    } else {      
-      session.setGenericDataToSession(attrName, attrValue);
-
-    }
-
+    log.debug("Inject attribute: {} into  AuthSession", attrName);          
+    session.setGenericDataToSession(attrName, attrValue);
+         
   }
   
-  private String extractBpkFromResponse(String pvpBpkAttrValue) {
-    final String[] split = pvpBpkAttrValue.split(":", 2);
-    if (split.length == 2) {
-      return split[1];
-
-    } else {
-      log.warn("PVP bPK attribute: {} has wrong format. Use it as it is.", pvpBpkAttrValue);
-      return pvpBpkAttrValue;
-
-    }
-  }
-
   private Pair<PvpSProfileResponse, Boolean> preProcessAuthResponse(PvpSProfileResponse msg)
       throws IOException, MarshallingException, TransformerException,
       CredentialsNotAvailableException, AuthnResponseValidationException, SamlAssertionValidationExeption {
diff --git a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java
index 66aadde6..bbe9b45f 100644
--- a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java
+++ b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java
@@ -160,6 +160,12 @@ public class RequestIdAustriaSystemTask extends AbstractAuthServletTask {
     injectAttribute(attributs, PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME,
         selectHighestLoa(pendingReq.getServiceProviderConfiguration().getRequiredLoA()));
         
+    // set list of IDA attributes as attribute 
+    injectAttribute(attributs, ExtendedPvpAttributeDefinitions.SP_REQUIRED_ATTRIBUTES_NAME,
+        StringUtils.join(
+            pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).getRequestedAttributes(), 
+            ","));
+    
     //set ProviderName if available
     String providerName = ((ProxyServicePendingRequest)pendingReq).getEidasRequest().getProviderName();
     if (StringUtils.isNotEmpty(providerName)) {
diff --git a/modules/authmodule_id-austria/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/modules/authmodule_id-austria/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index 65e9482c..3b20d687 100644
--- a/modules/authmodule_id-austria/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
+++ b/modules/authmodule_id-austria/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -1 +1,2 @@
 at.asitplus.eidas.specific.modules.auth.idaustria.builder.attributes.EidasConnecorUniqueIdAttributeBuilder
+at.asitplus.eidas.specific.modules.auth.idaustria.builder.attributes.SpRequiredAttributersAttributeBuilder
diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/builder/attributes/SpRequiredAttributersAttributeBuilderTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/builder/attributes/SpRequiredAttributersAttributeBuilderTest.java
new file mode 100644
index 00000000..2fe420df
--- /dev/null
+++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/builder/attributes/SpRequiredAttributersAttributeBuilderTest.java
@@ -0,0 +1,72 @@
+package at.asitplus.eidas.specific.modules.auth.idaustria.test.builder.attributes;
+
+import static org.junit.Assert.assertEquals;
+
+import java.util.List;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.internal.util.collections.Sets;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.asitplus.eidas.specific.modules.auth.idaustria.builder.attributes.SpRequiredAttributersAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.attributes.AbstractAttributeBuilderTest;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = {
+    "/spring/SpringTest-context_basic_mapConfig.xml",
+    "/spring/SpringTest-context_basic_test.xml",
+})
+public class SpRequiredAttributersAttributeBuilderTest extends AbstractAttributeBuilderTest {
+
+private final IAttributeBuilder attrBuilder = new SpRequiredAttributersAttributeBuilder();
+  
+  @Test
+  public void attributeName() {
+    Assert.assertEquals("Wrong attribute name", 
+        "urn:eidgvat:attributes.RequiredAttributes", attrBuilder.getName());
+    
+  }
+  
+  @Test
+  public void checkEmptyAttribute() {    
+    String value = attrBuilder.buildEmpty(gen);    
+    Assert.assertNull("Attr. not null", value);
+        
+  }
+ 
+  @Test
+  public void withWrongSpConfig() throws AttributeBuilderException, Exception {      
+    String value = attrBuilder.build(spConfig, buildAuthData(), gen);    
+    Assert.assertNull("Attr. not null", value);
+        
+  }
+  
+  @Test
+  public void withAttributeValue() throws AttributeBuilderException, Exception {          
+    ServiceProviderConfiguration sp = new ServiceProviderConfiguration(spConfigMap, new DummyConfiguration());
+    sp.setRequestedAttributes(Sets.newSet(
+        "aabbccdd",
+        RandomStringUtils.randomAlphanumeric(10),
+        PvpAttributeDefinitions.BIRTHDATE_NAME));
+    
+    
+    String value = attrBuilder.build(sp, buildAuthData(), gen);    
+    
+    List<String> elements = KeyValueUtils.getListOfCsvValues(value);
+    assertEquals("wrong number of attributes", sp.getRequestedAttributes().size(), elements.size());
+    sp.getRequestedAttributes().forEach(
+        el -> elements.contains(el));
+           
+  }
+  
+}
diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java
index c452fe22..c3be6dad 100644
--- a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java
+++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java
@@ -36,7 +36,6 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
 import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants;
@@ -542,14 +541,14 @@ public class ReceiveAuthnResponseTaskTest {
     assertTrue("eidProcess flag", session.isEidProcess());
     assertFalse("useMandate flag", session.isMandateUsed());
     
-    checkAttributeInSession(session,PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max");
-    checkAttributeInSession(session,PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann");
-    checkAttributeInSession(session,PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01");
-    checkAttributeInSession(session,PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, "http://eidas.europa.eu/LoA/high");
-    checkAttributeInSession(session,PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT");
+    checkAttributeInSession(session, PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max");
+    checkAttributeInSession(session, PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann");
+    checkAttributeInSession(session, PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01");
+    checkAttributeInSession(session, PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, "http://eidas.europa.eu/LoA/high");
+    checkAttributeInSession(session, PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT");
     
     //pre-generated eIDAS identifer
-    checkAttributeInSession(session, MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcM4UcyhDTNGYmVdrIoY=");
+    checkAttributeInSession(session, PvpAttributeDefinitions.BPK_NAME, "AT+XX:QVGm48cqcM4UcyhDTNGYmVdrIoY=");
         
   }
 
@@ -587,7 +586,7 @@ public class ReceiveAuthnResponseTaskTest {
     checkAttributeInSession(session,PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01");
     checkAttributeInSession(session,PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT");
     
-    checkAttributeInSession(session,MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcM4UcyhDTNGYmVdrIoY=");
+    checkAttributeInSession(session,PvpAttributeDefinitions.BPK_NAME, "AT+CC:QVGm48cqcM4UcyhDTNGYmVdrIoY=");
 
   }
   
@@ -625,7 +624,7 @@ public class ReceiveAuthnResponseTaskTest {
     checkAttributeInSession(session,PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT");
     
     //pre-generated eIDAS identifer
-    checkAttributeInSession(session,MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcasfasfsafsafdM4UcyhDTNGYmVdrIoY=");
+    checkAttributeInSession(session,PvpAttributeDefinitions.BPK_NAME, "QVGm48cqcasfasfsafsafdM4UcyhDTNGYmVdrIoY=");
         
   }
   
@@ -663,7 +662,7 @@ public class ReceiveAuthnResponseTaskTest {
     checkAttributeInSession(session,PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT");
     
     //pre-generated eIDAS identifer
-    checkAttributeInSession(session,MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcasfasfsafsafdM4UcyhDTNGYmVdrIoY=");
+    checkAttributeInSession(session,PvpAttributeDefinitions.BPK_NAME, "AT+AB:QVGm48cqcasfasfsafsafdM4UcyhDTNGYmVdrIoY=");
         
   }
   
@@ -708,7 +707,7 @@ public class ReceiveAuthnResponseTaskTest {
     checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, "urn:publicid:gv.at:baseid+XERSB");
     
     //pre-generated eIDAS identifer
-    checkAttributeInSession(session, MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcM4UcyhDTNGYmVdrIoY=");
+    checkAttributeInSession(session, PvpAttributeDefinitions.BPK_NAME, "AT+XX:QVGm48cqcM4UcyhDTNGYmVdrIoY=");
     assertNull("find nat. person bpk for mandator", session.getGenericDataFromSession(
         PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, String.class));
     
@@ -758,8 +757,7 @@ public class ReceiveAuthnResponseTaskTest {
 
         
     //pre-generated eIDAS identifer
-    checkAttributeInSession(session, MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
-        "QVGm48cqcM4UcyhDTNGYmVdrIoY=");
+    checkAttributeInSession(session, PvpAttributeDefinitions.BPK_NAME, "AT+XX:QVGm48cqcM4UcyhDTNGYmVdrIoY=");
     
     
   }
diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java
index f6ffc729..1feb684d 100644
--- a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java
+++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java
@@ -18,6 +18,7 @@ import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.mockito.internal.util.collections.Sets;
 import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
 import org.opensaml.core.xml.schema.XSString;
 import org.opensaml.core.xml.util.XMLObjectSupport;
@@ -41,6 +42,7 @@ import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePe
 import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
@@ -213,7 +215,7 @@ public class RequestIdAustriaSystemTaskTest {
 
     //validate state
     final EaafRequestedAttributes reqAttr = validate();
-    Assert.assertEquals("#Req Attribute", 4, reqAttr.getAttributes().size());
+    Assert.assertEquals("#Req Attribute", 5, reqAttr.getAttributes().size());
 
     Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.eidas.uniqueId",
         reqAttr.getAttributes().get(0).getName());
@@ -246,15 +248,15 @@ public class RequestIdAustriaSystemTaskTest {
         ((XSString)reqAttr.getAttributes().get(2).getAttributeValues().get(0)).getValue());
     
     Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderMandateType",
-        reqAttr.getAttributes().get(3).getName());
-    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(3).getAttributeValues());
+        reqAttr.getAttributes().get(4).getName());
+    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(4).getAttributeValues());
     Assert.assertEquals("#Req. Attr value", 1,
-        reqAttr.getAttributes().get(3).getAttributeValues().size());
+        reqAttr.getAttributes().get(4).getAttributeValues().size());
     org.springframework.util.Assert.isInstanceOf(XSString.class,
-        reqAttr.getAttributes().get(3).getAttributeValues().get(0), "Wrong requested Attributes Value type");
+        reqAttr.getAttributes().get(4).getAttributeValues().get(0), "Wrong requested Attributes Value type");
     Assert.assertEquals("Req. Attr. Value", 
         pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).getMandateMode().getMode(),
-        ((XSString)reqAttr.getAttributes().get(3).getAttributeValues().get(0)).getValue());
+        ((XSString)reqAttr.getAttributes().get(4).getAttributeValues().get(0)).getValue());
     
   }
 
@@ -275,33 +277,55 @@ public class RequestIdAustriaSystemTaskTest {
     LightRequest eidasReq = eidasRequestBuilder.build();
     pendingReq.setEidasRequest(eidasReq);
     
+    oaParam.setRequestedAttributes(Sets.newSet(
+        "aabbccdd",
+        RandomStringUtils.randomAlphanumeric(10),
+        PvpAttributeDefinitions.BIRTHDATE_NAME));
+    
     //execute test
     task.execute(pendingReq, executionContext);
 
     //validate state
     final EaafRequestedAttributes reqAttr = validate();
-    Assert.assertEquals("#Req Attribute", 6, reqAttr.getAttributes().size());
+    Assert.assertEquals("#Req Attribute", 7, reqAttr.getAttributes().size());
     
-    Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderFriendlyName",
+    
+    Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.RequiredAttributes",
         reqAttr.getAttributes().get(3).getName());
-    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(1).getAttributeValues());
+    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(3).getAttributeValues());
     Assert.assertEquals("#Req. Attr value", 1,
         reqAttr.getAttributes().get(3).getAttributeValues().size());
     org.springframework.util.Assert.isInstanceOf(XSString.class,
         reqAttr.getAttributes().get(3).getAttributeValues().get(0), "Wrong requested Attributes Value type");
-    Assert.assertEquals("Req. Attr. Value", eidasReq.getProviderName(),
+    
+    List<String> reqProfiles = KeyValueUtils.getListOfCsvValues(
         ((XSString)reqAttr.getAttributes().get(3).getAttributeValues().get(0)).getValue());
+    reqProfiles.stream().forEach(
+        el -> assertTrue("missing IDA attribute: " + el, oaParam.getRequestedAttributes().contains(el)));
     
-    Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderUniqueId",
+    
+    Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderFriendlyName",
         reqAttr.getAttributes().get(4).getName());
-    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(1).getAttributeValues());
+    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(4).getAttributeValues());
     Assert.assertEquals("#Req. Attr value", 1,
         reqAttr.getAttributes().get(4).getAttributeValues().size());
     org.springframework.util.Assert.isInstanceOf(XSString.class,
         reqAttr.getAttributes().get(4).getAttributeValues().get(0), "Wrong requested Attributes Value type");
-    Assert.assertEquals("Req. Attr. Value", eidasReq.getRequesterId(),
+    Assert.assertEquals("Req. Attr. Value", eidasReq.getProviderName(),
         ((XSString)reqAttr.getAttributes().get(4).getAttributeValues().get(0)).getValue());
     
+    Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderUniqueId",
+        reqAttr.getAttributes().get(5).getName());
+    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(5).getAttributeValues());
+    Assert.assertEquals("#Req. Attr value", 1,
+        reqAttr.getAttributes().get(5).getAttributeValues().size());
+    org.springframework.util.Assert.isInstanceOf(XSString.class,
+        reqAttr.getAttributes().get(5).getAttributeValues().get(0), "Wrong requested Attributes Value type");
+    Assert.assertEquals("Req. Attr. Value", eidasReq.getRequesterId(),
+        ((XSString)reqAttr.getAttributes().get(5).getAttributeValues().get(0)).getValue());
+    
+    
+    
   }
   
   @Test
@@ -330,31 +354,31 @@ public class RequestIdAustriaSystemTaskTest {
 
     //validate state
     final EaafRequestedAttributes reqAttr = validate();
-    Assert.assertEquals("#Req Attribute", 7, reqAttr.getAttributes().size());
+    Assert.assertEquals("#Req Attribute", 8, reqAttr.getAttributes().size());
     
     Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderMandateProfiles",
-        reqAttr.getAttributes().get(5).getName());
-    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(1).getAttributeValues());
+        reqAttr.getAttributes().get(6).getName());
+    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(6).getAttributeValues());
     Assert.assertEquals("#Req. Attr value", 1,
-        reqAttr.getAttributes().get(5).getAttributeValues().size());
+        reqAttr.getAttributes().get(6).getAttributeValues().size());
     org.springframework.util.Assert.isInstanceOf(XSString.class,
-        reqAttr.getAttributes().get(5).getAttributeValues().get(0), "Wrong requested Attributes Value type");
+        reqAttr.getAttributes().get(6).getAttributeValues().get(0), "Wrong requested Attributes Value type");
     
     List<String> reqProfiles = KeyValueUtils.getListOfCsvValues(
-        ((XSString)reqAttr.getAttributes().get(5).getAttributeValues().get(0)).getValue());
+        ((XSString)reqAttr.getAttributes().get(6).getAttributeValues().get(0)).getValue());
     reqProfiles.stream().forEach(el -> assertTrue("missing profile: " + el, mandateProfiles.contains(el)));
     
     
     Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderMandateType",
-        reqAttr.getAttributes().get(6).getName());
-    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(6).getAttributeValues());
+        reqAttr.getAttributes().get(7).getName());
+    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(7).getAttributeValues());
     Assert.assertEquals("#Req. Attr value", 1,
-        reqAttr.getAttributes().get(6).getAttributeValues().size());
+        reqAttr.getAttributes().get(7).getAttributeValues().size());
     org.springframework.util.Assert.isInstanceOf(XSString.class,
-        reqAttr.getAttributes().get(6).getAttributeValues().get(0), "Wrong requested Attributes Value type");
+        reqAttr.getAttributes().get(7).getAttributeValues().get(0), "Wrong requested Attributes Value type");
     Assert.assertEquals("Req. Attr. Value", 
         SpMandateModes.LEGAL_FORCE.getMode(),
-        ((XSString)reqAttr.getAttributes().get(6).getAttributeValues().get(0)).getValue());
+        ((XSString)reqAttr.getAttributes().get(7).getAttributeValues().get(0)).getValue());
     
   }
   
diff --git a/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsEidasNodeConstants.java b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsEidasNodeConstants.java
index be5d7c7d..8da7ddd0 100644
--- a/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsEidasNodeConstants.java
+++ b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsEidasNodeConstants.java
@@ -31,7 +31,6 @@ import java.util.List;
 import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
 import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
 import at.gv.egiz.eaaf.core.impl.data.Triple;
-import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
 
 public class MsEidasNodeConstants {
   // ************ configuration properties ************
@@ -189,17 +188,7 @@ public class MsEidasNodeConstants {
 
   
   public static final String EID_BINDING_PUBLIC_KEY_NAME = "urn:eidgvat:attributes.binding.pubkey";
-  
-  
-  // ----   Attribute configuration  ------  
-  public static final String ATTR_EIDAS_PERSONAL_IDENTIFIER = 
-      AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + PvpAttributeDefinitions.BPK_NAME;
-  public static final String ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER = 
-      AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME;
-  public static final String ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER = 
-      AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER 
-      + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME;
-  
+    
   public static final String AUTH_DATA_SZR_AUTHBLOCK = "authData_AUTHBLOCK";
   public static final String AUTH_DATA_EIDAS_BIND = "authData_EIDAS_BIND";
   
diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
index e719735c..673b8ef5 100644
--- a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
@@ -24,73 +24,92 @@
 package at.asitplus.eidas.specific.core.builder;
 
 import java.time.Instant;
-
-import org.springframework.stereotype.Service;
+import java.util.Optional;
+import java.util.Set;
 
 import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
+import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Triple;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
 import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
 import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
 import lombok.extern.slf4j.Slf4j;
 
-@Service("AuthenticationDataBuilder")
 @Slf4j
 public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder {
 
+  private static final String ERROR_B11 = "builder.11";
+
   @Override
-  protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException {        
+  protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException {
     final EidAuthProcessDataWrapper authProcessData =
-        pendingReq.getSessionData(EidAuthProcessDataWrapper.class);    
-    EidAuthenticationData authData = new EidAuthenticationData();
-    
-    //set basis infos
+        pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
+    final EidAuthenticationData authData = new EidAuthenticationData();
+
+    // set basis infos
     super.generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData);
-    
+
     // set specific informations
     authData.setSsoSessionValidTo(
         Instant.now().plusSeconds(MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60));
-    authData.setEidStatus(authProcessData.isTestIdentity() 
-        ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY);
-    
+    authData.setEidStatus(authProcessData.isTestIdentity()
+        ? EidIdentityStatusLevelValues.TESTIDENTITY
+        : EidIdentityStatusLevelValues.IDENTITY);
+
     return authData;
 
   }
 
   @Override
-  protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) 
+  protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq)
       throws EaafException {
     if (authData instanceof EidAuthenticationData) {
-      ((EidAuthenticationData)authData).setGenericData(
-          ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, 
+      ((EidAuthenticationData) authData).setGenericData(
+          ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME,
           pendingReq.getUniquePiiTransactionIdentifier());
       log.trace("Inject piiTransactionId: {} into AuthData", pendingReq.getUniquePiiTransactionIdentifier());
-    
+
       // set specific informations
-      ((EidAuthenticationData)authData).setSsoSessionValidTo(
+      ((EidAuthenticationData) authData).setSsoSessionValidTo(
           Instant.now().plusSeconds(MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60));
 
-      //set E-ID status-level
+      // set E-ID status-level
       final EidAuthProcessDataWrapper authProcessData =
-          pendingReq.getSessionData(EidAuthProcessDataWrapper.class);        
-      ((EidAuthenticationData)authData).setEidStatus(authProcessData.isTestIdentity() 
-          ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY);
-      
+          pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
+      ((EidAuthenticationData) authData).setEidStatus(authProcessData.isTestIdentity()
+          ? EidIdentityStatusLevelValues.TESTIDENTITY
+          : EidIdentityStatusLevelValues.IDENTITY);
+
+      // forward all requested IDA attributes into authData
+      forwardAllRequestedIdaAttributes(authProcessData, (EidAuthenticationData) authData,
+          pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class)
+              .getRequestedAttributes());
+
+      // build specific bPK attribute
+      buildNatPersonInfos((EidAuthenticationData) authData, authProcessData);
+
+      // handle mandate informations
+      buildMandateInformation((EidAuthenticationData) authData, pendingReq, authProcessData);
+
     } else {
-      throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: " 
+      throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: "
           + authData.getClass().getName());
-      
+
     }
-        
+
   }
 
   @Override
@@ -119,4 +138,120 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 
   }
 
+  protected String customizeLegalPersonSourcePin(String sourcePin, String sourcePinType) {
+    log.trace("Use legal-person sourcePin as it is");
+    return sourcePin;
+
+  }
+
+  protected String customizeBpkAttribute(String pvpBpkAttrValue) {
+    log.trace("Use natural-person bPK as it is");
+    return pvpBpkAttrValue;
+
+  }
+
+  private void forwardAllRequestedIdaAttributes(EidAuthProcessDataWrapper authProcessData,
+      EidAuthenticationData authData, Set<String> requestedIdaAttributes) {
+    if (requestedIdaAttributes != null && !requestedIdaAttributes.isEmpty()) {
+      log.trace("Forwarding IDA requested attributes ... ");
+      authProcessData.getGenericSessionDataStream()
+          .filter(el -> requestedIdaAttributes.contains(el.getKey()))
+          .forEach(el -> {
+            try {
+              authData.setGenericData(el.getKey(), el.getValue());
+
+            } catch (final EaafStorageException e) {
+              log.error("Can not store attribute: {} into session.", el.getKey(), e);
+              throw new RuntimeException(e);
+
+            }
+          });
+    } else {
+      log.trace("No IDA requested attributes to forwarding. Nothing todo");
+
+    }
+  }
+
+  private void buildMandateInformation(EidAuthenticationData authData, IRequest pendingReq,
+      EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException,
+      EaafStorageException {
+    authData.setUseMandate(authProcessData.isMandateUsed());
+    if (authProcessData.isMandateUsed()) {
+      log.debug("Build mandate-releated authentication data ... ");
+      if (authProcessData.isForeigner()) {
+        buildMandateInformationForEidasIncoming();
+
+      } else {
+        buildMandateInformationForEidasOutgoing(authData, pendingReq, authProcessData);
+
+      }
+    }
+  }
+
+  private void buildMandateInformationForEidasIncoming() {
+    log.debug("Find eIDAS incoming process. Generated mandate-information for ID-Austria system ... ");
+
+    // TODO: implement IDA specific processing of foreign mandate
+
+  }
+
+  private void buildNatPersonInfos(EidAuthenticationData authData,
+      EidAuthProcessDataWrapper authProcessData) throws EaafStorageException {
+    // clean-up BPK attribute and forward it as new property
+    authData.setGenericData(PvpAttributeDefinitions.BPK_NAME,
+        customizeBpkAttribute(authProcessData.getGenericDataFromSession(
+            PvpAttributeDefinitions.BPK_NAME, String.class)));
+
+  }
+
+  private void buildMandateInformationForEidasOutgoing(EidAuthenticationData authData, IRequest pendingReq,
+      EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException,
+      EaafStorageException {
+    log.debug("Find eIDAS outgoing process. Generated mandate-information for other country ... ");
+    if (authProcessData.getGenericDataFromSession(
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME) != null) {
+      final Optional<Triple<String, String, Boolean>> missingAttribute =
+          MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES.stream()
+              .filter(el -> authProcessData.getGenericDataFromSession(el.getFirst()) == null)
+              .findFirst();
+      if (missingAttribute.isPresent()) {
+        log.error("ID-Austria response contains not all attributes for nat. person mandator. Missing: {}",
+            missingAttribute.get().getFirst());
+        throw new EaafAuthenticationException(ERROR_B11, new Object[] { "Nat. person mandate" });
+
+      } else {
+        log.trace("Find nat. person mandate. Mandate can be used as it is ");
+        authData.setGenericData(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME,
+            customizeBpkAttribute(authProcessData.getGenericDataFromSession(
+                PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, String.class)));
+
+      }
+
+    } else {
+      final Optional<Triple<String, String, Boolean>> missingAttribute =
+          MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES.stream()
+              .filter(el -> authProcessData.getGenericDataFromSession(el.getFirst()) == null)
+              .findFirst();
+      if (missingAttribute.isPresent()) {
+        log.error("ID-Austria response contains not all attributes for legal. person mandator. Missing: {}",
+            missingAttribute.get().getFirst());
+        throw new EaafAuthenticationException(ERROR_B11, new Object[] { "Legal. person mandate" });
+
+      } else {
+        log.trace(
+            "Find jur. person mandate. Generate eIDAS identifier from legal-person sourcePin and type ... ");
+        final String sourcePin = authProcessData.getGenericDataFromSession(
+            PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class);
+        final String sourcePinType = authProcessData.getGenericDataFromSession(
+            PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class);
+
+        // customize attribute-value for source-pin
+        final String sourcePinToUse = customizeLegalPersonSourcePin(sourcePin, sourcePinType);
+        log.debug("Use legal-person eIDAS identifer: {} from baseId: {} and baseIdType: {}",
+            sourcePinToUse, sourcePin, sourcePinType);
+        authData.setGenericData(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinToUse);
+
+      }
+    }
+  }
 }
diff --git a/modules/core_common_webapp/src/main/resources/specific_eIDAS_core.beans.xml b/modules/core_common_webapp/src/main/resources/specific_eIDAS_core.beans.xml
index ee67d712..af3594a5 100644
--- a/modules/core_common_webapp/src/main/resources/specific_eIDAS_core.beans.xml
+++ b/modules/core_common_webapp/src/main/resources/specific_eIDAS_core.beans.xml
@@ -23,9 +23,6 @@
   <bean id="AuthenticationManager"
         class="at.asitplus.eidas.specific.core.auth.AuthenticationManager" />
         
-  <bean id="AuthenticationDataBuilder"
-        class="at.asitplus.eidas.specific.core.builder.AuthenticationDataBuilder" />
-
   <bean id="eaafProtocolAuthenticationService"
         class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService">
     <property name="guiBuilder" ref="mvcGUIBuilderImpl" />
diff --git a/modules/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/utils/AuthenticationDataBuilderTest.java b/modules/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/utils/AuthenticationDataBuilderTest.java
index 12936a59..8b2eebd4 100644
--- a/modules/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/utils/AuthenticationDataBuilderTest.java
+++ b/modules/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/utils/AuthenticationDataBuilderTest.java
@@ -1,6 +1,9 @@
 package at.asitplus.eidas.specific.core.test.utils;
 
 import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThrows;
+import static org.junit.Assert.assertTrue;
 
 import java.io.IOException;
 import java.security.PublicKey;
@@ -30,8 +33,11 @@ import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 import org.w3c.dom.Element;
 
+import com.google.common.collect.Sets;
+
 import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.core.builder.AuthenticationDataBuilder;
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
 import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
@@ -49,9 +55,9 @@ import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
-import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
 import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import lombok.SneakyThrows;
 import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
 
 @RunWith(SpringJUnit4ClassRunner.class)
@@ -71,7 +77,8 @@ public class AuthenticationDataBuilderTest {
   private MockHttpServletResponse httpResp;
   private TestRequestImpl pendingReq;
 
-  private DummySpConfiguration oaParam;
+  private Map<String, String> spConfig;
+  private ServiceProviderConfiguration oaParam;
 
   private String eidasBind;
   private String authBlock;
@@ -86,18 +93,20 @@ public class AuthenticationDataBuilderTest {
   }
 
   @Before
+  @SneakyThrows
   public void initialize() throws EaafStorageException {
     httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
     httpResp = new MockHttpServletResponse();
     RequestContextHolder.resetRequestAttributes();
     RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
 
-    final Map<String, String> spConfig = new HashMap<>();
+    spConfig = new HashMap<>();
     spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
     spConfig.put("target", "urn:publicid:gv.at:cdid+XX");
     spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true");
-    oaParam = new DummySpConfiguration(spConfig, basicConfig);
-
+    oaParam = new ServiceProviderConfiguration(spConfig, basicConfig);
+    oaParam.setBpkTargetIdentifier("urn:publicid:gv.at:cdid+XX");
+    
     pendingReq = new TestRequestImpl();
     pendingReq.setAuthUrl("https://localhost/ms_connector");
     pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
@@ -119,6 +128,260 @@ public class AuthenticationDataBuilderTest {
 
   }
 
+  @Test
+  public void eidasProxyModeWithJurMandate() throws EaafAuthenticationException, EaafStorageException {
+    // initialize state    
+    injectRepresentativeInfosIntoSession();
+    
+    String commonMandate = RandomStringUtils.randomAlphabetic(10);
+    
+    // set constant country-code and sourcePin to check hashed eIDAS identifier
+    String sourcePinMandate = "asfdsadfsadfsafsdafsadfasr";       
+    spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+EE");
+    
+    // set nat. person mandate information
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, 
+            EaafConstants.URN_PREFIX_BASEID + "+XFN");            
+    
+    oaParam.setRequestedAttributes(Sets.newHashSet(
+        PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, 
+        PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME));
+    
+    // execute test
+    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+    
+    // validate state
+    Assert.assertNotNull("AuthData null", authData);    
+    assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate());
+    
+    //check mandate informations
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinMandate);
+        
+  }
+  
+  @Test
+  public void eidasProxyModeWithJurMandateMissingAttribute() throws EaafAuthenticationException, EaafStorageException {
+    // initialize state    
+    injectRepresentativeInfosIntoSession();
+    
+    // set constant country-code and sourcePin to check hashed eIDAS identifier
+    String sourcePinMandate = "asfdsadfsadfsafsdafsadfasr";       
+    spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+EE");
+    
+    // set nat. person mandate information
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, 
+            EaafConstants.URN_PREFIX_BASEID + "+XFN");            
+    
+    // execute test
+    // execute test
+    EaafAuthenticationException error = assertThrows(EaafAuthenticationException.class, 
+        () -> authenticationDataBuilder.buildAuthenticationData(pendingReq));
+    Assert.assertEquals("wrong errorId", "builder.11", error.getErrorId());
+        
+  }
+  
+  @Test
+  public void eidasProxyModeWithNatMandate() throws EaafAuthenticationException, EaafStorageException {
+    // initialize state    
+    injectRepresentativeInfosIntoSession();
+    
+    String givenNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String familyNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String dateOfBirthMandate = "1957-09-15";
+    String bpkMandate = RandomStringUtils.randomAlphanumeric(10);
+        
+    // set nat. person mandate information
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, "AT+XX:" + bpkMandate);
+            
+    oaParam.setRequestedAttributes(Sets.newHashSet(
+        PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME,
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME));
+    
+    // execute test
+    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+    
+    // validate state
+    Assert.assertNotNull("AuthData null", authData);    
+    assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate());
+    
+    //check mandate informations
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1957-09-15");
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, "AT+XX:" + bpkMandate);
+        
+  }
+  
+  @Test
+  public void eidasProxyModeWithNatMandateWrongBpkFormat() throws EaafAuthenticationException, EaafStorageException {
+    // initialize state
+    injectRepresentativeInfosIntoSession();
+    
+    String givenNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String familyNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String dateOfBirthMandate = "1957-09-15";
+    String bpkMandate = RandomStringUtils.randomAlphanumeric(10);
+        
+    // set nat. person mandate information
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate);
+
+    oaParam.setRequestedAttributes(Sets.newHashSet(
+        PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME,
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME));
+    
+    // execute test
+    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+    
+    // validate state
+    Assert.assertNotNull("AuthData null", authData);    
+    assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate());
+    
+    //check mandate informations
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1957-09-15");
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate);
+        
+  }
+  
+  @Test
+  public void eidasProxyModeWithNatMandateMissingAttribute() throws EaafAuthenticationException, EaafStorageException {
+    // initialize state
+    injectRepresentativeInfosIntoSession();
+    
+    String familyNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String dateOfBirthMandate = "1957-09-15";
+    String bpkMandate = RandomStringUtils.randomAlphanumeric(10);
+        
+    // set nat. person mandate information
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate);
+    
+    // execute test
+    EaafAuthenticationException error = assertThrows(EaafAuthenticationException.class, 
+        () -> authenticationDataBuilder.buildAuthenticationData(pendingReq));
+    Assert.assertEquals("wrong errorId", "builder.11", error.getErrorId());
+        
+  }
+
+  
+  
+  @Test
+  @SneakyThrows
+  public void eidasProxyMode() throws EaafAuthenticationException {
+    // initialize state
+    pendingReq = new TestRequestImpl();
+    pendingReq.setAuthUrl("https://localhost/ms_connector");
+    pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setSpConfig(oaParam);
+    boolean isTestIdentity = RandomUtils.nextBoolean();
+    
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setForeigner(false);
+
+    String bpk = RandomStringUtils.randomAlphanumeric(10);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.BPK_NAME, "eidas+AT+XX:" + bpk);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max");
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann");
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01");
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME,
+        "http://eidas.europa.eu/LoA/high");
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+         PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
+         RandomStringUtils.randomAlphabetic(2));
+        
+    String randAttr = RandomStringUtils.randomAlphabetic(10);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        randAttr, RandomStringUtils.randomAlphabetic(10));
+
+    oaParam.setRequestedAttributes(Sets.newHashSet(randAttr,
+        PvpAttributeDefinitions.BPK_NAME,
+        PvpAttributeDefinitions.GIVEN_NAME_NAME, 
+        PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, 
+        PvpAttributeDefinitions.BIRTHDATE_NAME,
+        PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME,
+        PvpAttributeDefinitions.EID_ISSUING_NATION_NAME));
+    
+    
+    // execute
+    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+    // validate state
+    Assert.assertNotNull("AuthData null", authData);
+    Assert.assertNull("authBlock null", authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class));
+    Assert.assertNull("eidasBind null", authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class));
+    Assert.assertNotNull("LoA null", authData.getEidasQaaLevel());
+        
+    Assert.assertEquals("FamilyName", "Mustermann", authData.getFamilyName());
+    Assert.assertEquals("GivenName", "Max", authData.getGivenName());
+    Assert.assertEquals("DateOfBirth", "1940-01-01", authData.getDateOfBirth());
+    
+    Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/high", authData.getEidasQaaLevel());
+    Assert.assertEquals("EID-ISSUING-NATION",
+        pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(
+            PvpAttributeDefinitions.EID_ISSUING_NATION_NAME),
+        authData.getCiticenCountryCode());
+    
+    checkGenericAttribute(authData, PvpAttributeDefinitions.BPK_NAME, "eidas+AT+XX:" + bpk);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max");
+    checkGenericAttribute(authData, PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann");
+    checkGenericAttribute(authData, PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01");
+    
+    Assert.assertEquals("random optional attr.",
+        pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(
+            randAttr),
+        authData.getGenericData(randAttr, String.class));
+    
+  }
+  
+  
+  
   @Test
   public void eidMode() throws EaafAuthenticationException {
     // initialize state
@@ -207,10 +470,48 @@ public class AuthenticationDataBuilderTest {
         authData.getBpk());
     Assert.assertEquals("bPKType", EaafConstants.URN_PREFIX_CDID + "XX", authData.getBpkType());
     Assert.assertNotNull("IDL", authData.getIdentityLink());
+       
+  }
+
+  private void injectRepresentativeInfosIntoSession() throws EaafStorageException {
+    boolean isTestIdentity = RandomUtils.nextBoolean();
+    pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
     
+    String givenName = RandomStringUtils.randomAlphabetic(10);
+    String familyName = RandomStringUtils.randomAlphabetic(10);
+    String dateOfBirth = "1956-12-08";
+    String bpk = RandomStringUtils.randomAlphanumeric(10);
+    String cc = pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class);
+    String spC = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + cc + "+" + spC);
+    
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setForeigner(false);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.GIVEN_NAME_NAME, givenName);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, familyName);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.BIRTHDATE_NAME, dateOfBirth);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, bpk);
+    
+    //set LoA level attribute instead of explicit session-data
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+    .setGenericDataToSession(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, 
+        pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel());
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setQaaLevel(null);
     
   }
+  
+  private void checkGenericAttribute(IAuthData authData, String attrName, String expected) {
+    assertEquals("Wrong: " + attrName, expected, authData.getGenericData(attrName, String.class));
+    
+   }
 
+  
   private IIdentityLink buildDummyIdl() {
     return new IIdentityLink() {
       
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java
index 86ca49fa..f66bb799 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java
@@ -15,6 +15,7 @@ import lombok.Data;
 @JsonInclude(JsonInclude.Include.NON_NULL)
 @JsonPropertyOrder({
     "mds",
+    "autoIncludeWithMandates",
     "mandator"
 })
 @Data
@@ -27,6 +28,12 @@ public class Type {
   @JsonProperty("mds")
   private Boolean mds;
 
+  /**
+   * <code>true</code> if that attribute has to be included into eIDAS response in case of mandates.  
+   */
+  @JsonProperty("autoIncludeWithMandates")
+  private Boolean autoIncludeWithMandates;
+  
   /**
    * Classifie that attribute to specific mandate modes.
    */
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
index 92165412..bf1c5e5f 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
@@ -1,6 +1,7 @@
 package at.asitplus.eidas.specific.modules.msproxyservice.protocol;
 
 import java.io.IOException;
+import java.util.Optional;
 import java.util.UUID;
 
 import javax.annotation.PostConstruct;
@@ -15,12 +16,11 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.core.io.ResourceLoader;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration;
 import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
-import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
 import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException;
+import at.asitplus.eidas.specific.modules.msproxyservice.service.ProxyEidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
@@ -69,35 +69,35 @@ public class ProxyServiceAuthenticationAction implements IAction {
   @Autowired
   ISpringMvcGuiFormBuilder guiBuilder;
   @Autowired
-  EidasAttributeRegistry attrRegistry;
+  ProxyEidasAttributeRegistry attrRegistry;
 
   @Override
   public SloInformationInterface processRequest(IRequest pendingReq, HttpServletRequest httpReq,
       HttpServletResponse httpResp, IAuthData authData) throws EaafException {
     if (pendingReq instanceof ProxyServicePendingRequest) {
-      try {        
-        ILightRequest eidasReq = ((ProxyServicePendingRequest) pendingReq).getEidasRequest();
-        
-        //build eIDAS response
-        Builder lightRespBuilder = LightResponse.builder();
+      try {
+        final ILightRequest eidasReq = ((ProxyServicePendingRequest) pendingReq).getEidasRequest();
+
+        // build eIDAS response
+        final Builder lightRespBuilder = LightResponse.builder();
         lightRespBuilder.id(UUID.randomUUID().toString());
         lightRespBuilder.inResponseToId(eidasReq.getId());
         lightRespBuilder.relayState(eidasReq.getRelayState());
-        
+
         lightRespBuilder.status(ResponseStatus.builder()
             .statusCode(EidasConstants.SUCCESS_URI)
             .build());
-        
-        //TODO: check if we can use transient subjectNameIds
+
+        // TODO: check if we can use transient subjectNameIds
         lightRespBuilder.subject(UUID.randomUUID().toString());
         lightRespBuilder.subjectNameIdFormat(NameIDType.TRANSIENT);
-        
-        //TODO:
+
+        // TODO:
         lightRespBuilder.issuer(basicConfig.getBasicConfiguration(
             MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID));
-        lightRespBuilder.levelOfAssurance(authData.getEidasQaaLevel());       
+        lightRespBuilder.levelOfAssurance(authData.getEidasQaaLevel());
         lightRespBuilder.attributes(buildAttributesFromAuthData(authData, eidasReq));
-        
+
         // set SLO response object of EAAF framework
         final SloInformationImpl sloInformation = new SloInformationImpl();
         sloInformation.setProtocolType(pendingReq.requestedModule());
@@ -121,7 +121,7 @@ public class ProxyServiceAuthenticationAction implements IAction {
 
     }
   }
-  
+
   @Override
   public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
     return true;
@@ -133,28 +133,29 @@ public class ProxyServiceAuthenticationAction implements IAction {
     return PROXYSERVICE_AUTH_ACTION_NAME;
 
   }
-  
 
   /**
    * Forward eIDAS Light response to eIDAS node.
-   *     
-   * @param pendingReq Current pending request.
-   * @param httpReq Current HTTP request
-   * @param httpResp  Current HTTP response
+   *
+   * @param pendingReq    Current pending request.
+   * @param httpReq       Current HTTP request
+   * @param httpResp      Current HTTP response
    * @param lightResponse eIDAS LightResponse
    * @throws EaafConfigurationException In case of a configuration error
-   * @throws IOException In case of a general error
-   * @throws GuiBuildException In case of a GUI rendering error, if http POST binding is used
-   * @throws ServletException In case of a general error
+   * @throws IOException                In case of a general error
+   * @throws GuiBuildException          In case of a GUI rendering error, if http
+   *                                    POST binding is used
+   * @throws ServletException           In case of a general error
    */
   public void forwardToEidasProxy(IRequest pendingReq, HttpServletRequest httpReq,
-      HttpServletResponse httpResp, LightResponse lightResponse) throws EaafConfigurationException, IOException,
+      HttpServletResponse httpResp, LightResponse lightResponse) throws EaafConfigurationException,
+      IOException,
       GuiBuildException, ServletException {
 
     // put request into shared cache
     final BinaryLightToken token = putResponseInCommunicationCache(lightResponse);
     final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token);
-        
+
     // select forward URL regarding the selected environment
     final String forwardUrl = basicConfig.getBasicConfiguration(
         MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_FORWARD_URL);
@@ -196,148 +197,80 @@ public class ProxyServiceAuthenticationAction implements IAction {
 
     }
   }
-  
-  @PostConstruct 
+
+  @PostConstruct
   private void checkConfiguration() {
-    //TODO: validate configuration on start-up
-    
+    // TODO: validate configuration on start-up
+
   }
-  
-  
-  private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData, 
+
+  private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData,
       ILightRequest eidasReq) {
-    IEidAuthData eidAuthData = (IEidAuthData) authData;
+    final IEidAuthData eidAuthData = (IEidAuthData) authData;
+    final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder();
+
+    // inject all requested attributres
+    injectRequestedAttributes(attributeMap, eidasReq, eidAuthData);
+
     if (eidAuthData.isUseMandate()) {
       log.debug("Building eIDAS Proxy-Service response with mandate ... ");
-      final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder();
-      injectRepesentativeInformation(attributeMap, eidAuthData);
-      injectMandatorInformation(attributeMap, eidAuthData);
-      
-      // work-around that injects nat. person subject to bypass validation on eIDAS Node
+      injectMdsRepesentativeInformation(attributeMap, eidAuthData, eidasReq.getRequestedAttributes());
+
+      // work-around that injects nat. person subject to bypass validation on eIDAS
+      // Node
       injectJurPersonWorkaroundIfRequired(attributeMap, eidasReq, authData);
-      
-      return attributeMap.build();
-            
-    } else {
-      log.debug("Building eIDAS Proxy-Service response without mandates ... ");
-      return buildAttributesWithoutMandate(eidAuthData);
-      
-    }   
-  }
-    
-  private void injectMandatorInformation(
-      ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) {    
-    String natMandatorId = eidAuthData.getGenericData(
-        MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, String.class);
-    
-    if (StringUtils.isNotEmpty(natMandatorId)) {
-      log.debug("Injecting natural mandator informations ... ");
-      final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-          EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
-      final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-          EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
-      final AttributeDefinition<?> attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-          EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first();
-      final AttributeDefinition<?> attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-          EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first();
-      
-      attributeMap.put(attrDefPersonalId, natMandatorId);
-      attributeMap.put(attrDefFamilyName, eidAuthData.getGenericData(
-          PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class));
-      attributeMap.put(attrDefGivenName, eidAuthData.getGenericData(
-          PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class));
-      attributeMap.put(attrDefDateOfBirth, eidAuthData.getGenericData(
-          PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, String.class));
-      
-    } else {
-      log.debug("Injecting legal mandator informations ... ");
-      final AttributeDefinition<?> commonName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-          EidasConstants.eIDAS_ATTR_LEGALNAME).first();
-      final AttributeDefinition<?> legalPersonId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-          EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first();
-      
-      attributeMap.put(commonName, eidAuthData.getGenericData(
-          PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, String.class));
-      attributeMap.put(legalPersonId, eidAuthData.getGenericData(
-          MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class));
-            
-    }            
-  }
 
-  private void injectRepesentativeInformation(
-      ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) {
-    final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER).first();
-    final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME).first();
-    final AttributeDefinition<?> attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME).first();
-    final AttributeDefinition<?> attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH).first();
-   
-    attributeMap.put(attrDefPersonalId, 
-            eidAuthData.getGenericData(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class));
-    attributeMap.put(attrDefFamilyName, eidAuthData.getFamilyName());
-    attributeMap.put(attrDefGivenName, eidAuthData.getGivenName());
-    
-    //TODO: throw an error in case of SZR Date with month or day = "00"
-    attributeMap.put(attrDefDateOfBirth, eidAuthData.getDateOfBirth());
-    
+    }
+
+    return attributeMap.build();
+
   }
 
-  /**
-   * Work-around to inject representative information as nat. person subject to bypass eIDAS Node validation. 
-   * 
-   * <p><b>Injection will only be done if this work-around is enabled by configuration, 
-   * the mandator is a legal person, and both legal and natural person subject's is requested.</b></p>
-   * 
-   * @param attributeMap Attribute set for eIDAS response
-   * @param eidasReq Incoming eIDAS request
-   * @param authData Authentication data
-   */
-  private void injectJurPersonWorkaroundIfRequired(
-      ImmutableAttributeMap.Builder attributeMap, ILightRequest eidasReq, IAuthData authData) {
-    if (isLegalPersonWorkaroundActive() && isLegalPersonMandateAvailable(authData) 
-        && EidasProxyServiceUtils.isNaturalPersonRequested(eidasReq)
-        && EidasProxyServiceUtils.isLegalPersonRequested(eidasReq)) {
-      log.debug("Injecting representative information as nat. person subject to bypass eIDAS Node validation");
-      attributeMap.putAll(buildAttributesWithoutMandate(authData));
-      
-    }        
+  private void injectRequestedAttributes(ImmutableAttributeMap.Builder attributeMap, ILightRequest eidasReq,
+      IEidAuthData eidAuthData) {
+    eidasReq.getRequestedAttributes().getAttributeMap().keySet().stream()
+        .forEach(el -> injectEidasAttribute(attributeMap, eidAuthData,
+            el.getNameUri().toString(), eidAuthData.isUseMandate()));
+
   }
-  
-  private ImmutableAttributeMap buildAttributesWithoutMandate(IAuthData eidAuthData) {        
-    //TODO: throw an error in case of SZR Date with month or day = "00"
-    return buildAttributesWithoutMandate(
-        eidAuthData.getGenericData(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class), 
-        eidAuthData.getFamilyName(), 
-        eidAuthData.getGivenName(), 
-        eidAuthData.getDateOfBirth());
-    
+
+  private void injectMdsRepesentativeInformation(
+      ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData,
+      ImmutableAttributeMap requestedAttributes) {
+    attrRegistry.getRepresentativeAttributesToAddByDefault()
+        .filter(el -> requestedAttributes.getAttributeValuesByNameUri(el) == null)
+        .forEach(el -> injectEidasAttribute(attributeMap, eidAuthData, el, true));
+
   }
 
-  private ImmutableAttributeMap buildAttributesWithoutMandate(String personalIdentifier, String familyName,
-      String givenName, String dateOfBirth) {
-    final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
-    final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
-    final AttributeDefinition<?> attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first();
-    final AttributeDefinition<?> attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first();
-   
-    final ImmutableAttributeMap.Builder attributeMap = 
-        ImmutableAttributeMap.builder()
-        .put(attrDefPersonalId, personalIdentifier)
-        .put(attrDefFamilyName, familyName)
-        .put(attrDefGivenName, givenName)        
-        .put(attrDefDateOfBirth, dateOfBirth);
-    
-    return attributeMap.build();
-    
+  private void injectEidasAttribute(ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData,
+      String eidasAttrName, boolean mandatesUsed) {
+    final Optional<String> releatedIdaAttribute =
+        attrRegistry.mapEidasAttributeToSpecificIdaAttribute(eidasAttrName, mandatesUsed);
+    if (releatedIdaAttribute.isPresent()) {
+      log.trace("Mapping IDA attribute: {} to eIDAS attribute: {}", releatedIdaAttribute.get(),
+          eidasAttrName);
+      final String idaAttrValue = eidAuthData.getGenericData(releatedIdaAttribute.get(), String.class);
+      if (StringUtils.isNotEmpty(idaAttrValue)) {
+        log.debug("Build eIDAS attribute: {} from IDA attribute: {}", eidasAttrName, releatedIdaAttribute
+            .get());
+        attributeMap.put(
+            attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByName(eidasAttrName),
+            idaAttrValue);
+
+      } else {
+        log.info("No IDA attribute: {}, eIDAS attribute: {} will be ignored", releatedIdaAttribute.get(),
+            eidasAttrName);
+
+      }
+
+    } else {
+      log.warn("Can not build eIDAS attribute: {}, because there is not corresponding IDA attribute defined",
+          eidasAttrName);
+
+    }
   }
-  
+
   private BinaryLightToken putResponseInCommunicationCache(ILightResponse lightResponse)
       throws ServletException {
     final BinaryLightToken binaryLightToken;
@@ -358,17 +291,61 @@ public class ProxyServiceAuthenticationAction implements IAction {
     return binaryLightToken;
   }
 
+  /**
+   * Work-around to inject representative information as nat. person subject to
+   * bypass eIDAS Node validation.
+   *
+   * <p>
+   * <b>Injection will only be done if this work-around is enabled by
+   * configuration, the mandator is a legal person, and both legal and natural
+   * person subject's is requested.</b>
+   * </p>
+   *
+   * @param attributeMap Attribute set for eIDAS response
+   * @param eidasReq     Incoming eIDAS request
+   * @param authData     Authentication data
+   */
+  private void injectJurPersonWorkaroundIfRequired(
+      ImmutableAttributeMap.Builder attributeMap, ILightRequest eidasReq, IAuthData authData) {
+    if (isLegalPersonWorkaroundActive() && isLegalPersonMandateAvailable(authData)
+        && EidasProxyServiceUtils.isNaturalPersonRequested(eidasReq)
+        && EidasProxyServiceUtils.isLegalPersonRequested(eidasReq)) {
+      log.debug(
+          "Injecting representative information as nat. person subject to bypass eIDAS Node validation");
+
+      final AttributeDefinition<?> attrDefPersonalId =
+          attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName(
+              EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
+      final AttributeDefinition<?> attrDefFamilyName =
+          attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName(
+              EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
+      final AttributeDefinition<?> attrDefGivenName =
+          attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName(
+              EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first();
+      final AttributeDefinition<?> attrDefDateOfBirth =
+          attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName(
+              EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first();
+
+      attributeMap.put(attrDefPersonalId, authData.getGenericData(PvpAttributeDefinitions.BPK_NAME,
+          String.class));
+      attributeMap.put(attrDefFamilyName, authData.getFamilyName());
+      attributeMap.put(attrDefGivenName, authData.getGivenName());
+      attributeMap.put(attrDefDateOfBirth, authData.getDateOfBirth());
+
+    }
+  }
+
   private boolean isLegalPersonWorkaroundActive() {
     return basicConfig.getBasicConfigurationBoolean(
-        MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_WORKAROUND_MANDATES_LEGAL_PERSON, 
+        MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_WORKAROUND_MANDATES_LEGAL_PERSON,
         false);
-    
+
   }
-  
+
   private boolean isLegalPersonMandateAvailable(IAuthData authData) {
     return StringUtils.isNoneEmpty(authData.getGenericData(
-        MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class));
-    
+        PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class));
+
   }
 
 }
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java
index b9e0c488..a6a50100 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java
@@ -7,6 +7,7 @@ import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
 import java.util.Objects;
+import java.util.Optional;
 import java.util.Set;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
@@ -76,6 +77,19 @@ public class ProxyEidasAttributeRegistry {
             
   }
 
+  /**
+   * Get all eIDAS attributes that are added by default in case of mandates.
+   * 
+   * @return {@link Stream} of eIDAS attributes
+   */
+  @NonNull
+  public Stream<String> getRepresentativeAttributesToAddByDefault() {
+    return attributeConfiguration.stream()
+        .filter(el -> el.getType() != null && el.getType().getAutoIncludeWithMandates())
+        .map(el -> el.getEidasAttributeName());
+    
+  }
+  
   /**
    * Get IDA attributes for a specific eIDAS attribute.
    *   
@@ -95,8 +109,24 @@ public class ProxyEidasAttributeRegistry {
         .collect(Collectors.toSet());
                 
   }
-  
-  
+
+  /**
+   * Get eIDAS related IDA attribute.
+   *  
+   * @param eidasAttributeName Name of the eIDAS attribute.
+   * @param withMandates <code>true</code> if mandates are supported, otherwise <code>false</code>
+   * @return Name of the related IDA attribute if available 
+   */
+  public Optional<String> mapEidasAttributeToSpecificIdaAttribute(
+      String eidasAttributeName, boolean withMandates) {
+    return attributeConfiguration.stream()
+        .filter(el -> el.getEidasAttributeName().equals(eidasAttributeName))
+        .findFirst()
+        .map(el -> withMandates ? el.getIdaAttribute().getWithMandates() : el.getIdaAttribute().getBasic())
+        .filter(el -> StringUtils.isNotEmpty(el));
+            
+  }
+    
   @PostConstruct
   private void initialize() throws EaafConfigurationException {
     final String attrConfPath = basicConfig.getBasicConfiguration(
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java
index c41d6c99..d44ffc2d 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java
@@ -12,7 +12,6 @@ import java.net.URISyntaxException;
 import java.net.URLDecoder;
 import java.time.Instant;
 import java.util.Arrays;
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.UUID;
@@ -35,7 +34,6 @@ import org.springframework.web.context.request.ServletRequestAttributes;
 
 import com.google.common.collect.ImmutableSortedSet;
 
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummySpConfiguration;
 import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
@@ -132,7 +130,7 @@ public class ProxyServiceAuthenticationActionTest {
   @Test
   public void missingForwardUrl() {        
     Map<String, Object> attr = new HashMap<>();
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
         "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
     IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
         RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false);
@@ -147,8 +145,7 @@ public class ProxyServiceAuthenticationActionTest {
   @Test 
   public void responseWithoutMandate() throws EaafException, SpecificCommunicationException {
     Map<String, Object> attr = new HashMap<>();
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
-        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    attr.put(PvpAttributeDefinitions.BPK_NAME, RandomStringUtils.randomAlphanumeric(10));    
     IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
         RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false);
     
@@ -161,7 +158,7 @@ public class ProxyServiceAuthenticationActionTest {
     ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
     assertEquals("wrong attr. size", 4, respAttr.size());    
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, 
-        (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
+        (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName());
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName());
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH, 
@@ -170,12 +167,89 @@ public class ProxyServiceAuthenticationActionTest {
   }
   
   @Test 
-  public void responseWithNatMandate() throws EaafException, SpecificCommunicationException {
+  public void responseWithoutMandateAndOptionalAttributesExist() throws EaafException, SpecificCommunicationException {
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByName("http://eidas.europa.eu/attributes/naturalperson/BirthName"))
+        .build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    
     Map<String, Object> attr = new HashMap<>();
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
-        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
+    attr.put("ida_birthname", RandomStringUtils.randomAlphanumeric(10));
+    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false);
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 5, respAttr.size());    
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, 
+        (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH, 
+        authData.getDateOfBirth());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_BIRTHNAME, 
+        (String) attr.get("ida_birthname"));
+    
+  }
+  
+  @Test 
+  public void responseWithoutMandateAndOptionalAttributesNotExist() throws EaafException, SpecificCommunicationException {
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByName("http://eidas.europa.eu/attributes/naturalperson/BirthName"))
+        .build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
+    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false);
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
     
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER,
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 4, respAttr.size());    
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, 
+        (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH, 
+        authData.getDateOfBirth());
+    
+  }
+  
+  
+  @Test 
+  public void responseWithNatMandate() throws EaafException, SpecificCommunicationException {
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));        
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME,
         RandomStringUtils.randomAlphabetic(10));
     attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME,
         RandomStringUtils.randomAlphabetic(10));
@@ -197,13 +271,13 @@ public class ProxyServiceAuthenticationActionTest {
     ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
     assertEquals("wrong attr. size", 8, respAttr.size());    
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, 
-        (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
+        (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName());
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName());
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth());
 
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, 
-        (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER));
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME));
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, 
         (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME));
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, 
@@ -213,19 +287,86 @@ public class ProxyServiceAuthenticationActionTest {
            
   }
   
+  @Test 
+  public void responseWithNatMandateOptionalAttribute() throws EaafException, SpecificCommunicationException {    
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByName("http://eidas.europa.eu/attributes/naturalperson/BirthName"))
+        .build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    attr.put("ida_birthName_mandator", RandomStringUtils.randomAlphanumeric(10));
+    attr.put("ida_birthName", RandomStringUtils.randomAlphanumeric(10));
+    
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME,
+        "1985-11-15");
+    
+    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 9, respAttr.size());    
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, 
+        (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth());
+
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, 
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME));
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, 
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME));
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, 
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME));
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH, 
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME));
+
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_BIRTHNAME, 
+        (String) attr.get("ida_birthName_mandator"));
+    
+  }
+  
   @Test 
   public void responseWithJurMandate() throws EaafException, SpecificCommunicationException {
     Map<String, Object> attr = new HashMap<>();
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
         "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
     IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
         RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
     
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER,
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
         RandomStringUtils.randomAlphabetic(10));
     attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
         RandomStringUtils.randomAlphabetic(10));
     
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
+        .build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    
     //perform test
     SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
     
@@ -235,13 +376,13 @@ public class ProxyServiceAuthenticationActionTest {
     ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
     assertEquals("wrong attr. size", 6, respAttr.size());  
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, 
-        (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
+        (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName());
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName());
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth());
    
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER, 
-        (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER));
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME));
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_LEGALNAME, 
         (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME));
     
@@ -260,19 +401,12 @@ public class ProxyServiceAuthenticationActionTest {
   public void responseWithNatMandateWithWorkAround() throws EaafException, SpecificCommunicationException {
     basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson", 
         "true");
-    
-    //request natural person subject only
-    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
-    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder().put(
-        attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
-    pendingReq.setEidasRequest(eidasRequestBuilder.build());
-    
-    
+        
     Map<String, Object> attr = new HashMap<>();
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
         "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
     
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER,
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME,
         RandomStringUtils.randomAlphabetic(10));
     attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME,
         RandomStringUtils.randomAlphabetic(10));
@@ -306,16 +440,17 @@ public class ProxyServiceAuthenticationActionTest {
     eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
         .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
         .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
         .build());
     pendingReq.setEidasRequest(eidasRequestBuilder.build());
         
     Map<String, Object> attr = new HashMap<>();
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
         "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
     IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
         RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
     
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER,
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
         RandomStringUtils.randomAlphabetic(10));
     attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
         RandomStringUtils.randomAlphabetic(10));
@@ -329,7 +464,7 @@ public class ProxyServiceAuthenticationActionTest {
     ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
     assertEquals("wrong attr. size", 10, respAttr.size());  
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, 
-        (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
+        (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName());
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName());
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH, authData.getDateOfBirth());
@@ -344,18 +479,18 @@ public class ProxyServiceAuthenticationActionTest {
     //request natural person subject only
     LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
     eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
-        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-            EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
         .build());
     pendingReq.setEidasRequest(eidasRequestBuilder.build());
         
     Map<String, Object> attr = new HashMap<>();
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
         "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
     IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
         RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
     
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER,
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
         RandomStringUtils.randomAlphabetic(10));
     attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
         RandomStringUtils.randomAlphabetic(10));
@@ -390,7 +525,7 @@ public class ProxyServiceAuthenticationActionTest {
   }
   
   private IAuthData generateDummyAuthData() {
-    return generateDummyAuthData(Collections.emptyMap(), EaafConstants.EIDAS_LOA_LOW, 
+    return generateDummyAuthData(new HashMap<>(), EaafConstants.EIDAS_LOA_LOW, 
         RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1940-01-01", false);
     
   }
@@ -445,12 +580,22 @@ public class ProxyServiceAuthenticationActionTest {
         .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
         .spType("public")
         .requesterId(RandomStringUtils.randomAlphanumeric(10))
-        .providerName(RandomStringUtils.randomAlphanumeric(10));
-    
+        .providerName(RandomStringUtils.randomAlphanumeric(10))
+        .requestedAttributes(ImmutableAttributeMap.builder()    
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first())
+            .build()
+         );
   }
   
   private IAuthData generateDummyAuthData(Map<String, Object> attrs, String loa, String familyName, String givenName, String dateOfBirth, 
       boolean useMandates) {
+    attrs.put(PvpAttributeDefinitions.BIRTHDATE_NAME, dateOfBirth);
+    attrs.put(PvpAttributeDefinitions.GIVEN_NAME_NAME, givenName);
+    attrs.put(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, familyName);
+    
     return new IEidAuthData() {
       
       @Override
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java
index d3e787bb..8d417c1a 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java
@@ -1,11 +1,13 @@
 package at.asitplus.eidas.specific.modules.msproxyservice.test.services;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
+import java.util.Optional;
 import java.util.Set;
 
 import org.apache.commons.lang3.RandomStringUtils;
@@ -92,6 +94,39 @@ public class ProxyEidasAttributeRegistryTest {
           
   }
   
+  @Test
+  public void attributeResponseMapping() {    
+    assertFalse("find wrong IDA mapping", attrRegistry.mapEidasAttributeToSpecificIdaAttribute(
+        "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth", false).isPresent());
+    assertFalse("find wrong IDA mapping", attrRegistry.mapEidasAttributeToSpecificIdaAttribute(
+        "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth", true).isPresent());
+    
+    
+    Optional<String> attr1 = attrRegistry.mapEidasAttributeToSpecificIdaAttribute(
+        "http://eidas.europa.eu/attributes/naturalperson/BirthName", false);
+    assertTrue("find wrong IDA mapping", attr1.isPresent());
+    assertEquals("find wrong IDA mapping value", "ida_birthname", attr1.get());
+    
+    Optional<String> attr2 = attrRegistry.mapEidasAttributeToSpecificIdaAttribute(
+        "http://eidas.europa.eu/attributes/naturalperson/BirthName", true);
+    assertTrue("find wrong IDA mapping", attr2.isPresent());
+    assertEquals("find wrong IDA mapping value", "ida_birthName_mandator", attr2.get());
+    
+    
+    assertTrue("find wrong IDA mapping", attrRegistry.mapEidasAttributeToSpecificIdaAttribute(
+        "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", false).isPresent());
+    assertTrue("find wrong IDA mapping", attrRegistry.mapEidasAttributeToSpecificIdaAttribute(
+        "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", true).isPresent());
+        
+  }
+  
+  @Test
+  public void defaultRepresentativeAttributes() {    
+    assertEquals("wrong number of rep. attributes", 4, 
+        attrRegistry.getRepresentativeAttributesToAddByDefault().count());
+    
+  }
+  
   private void checkAttributeMapping(String eidasAttr, boolean withMandates, List<String> idaAttributes) {    
     @NonNull
     Set<String> idaAttrResult = attrRegistry.getIdaAttributesForEidasAttribute(eidasAttr, withMandates);
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
index 2d375acb..7e41d8f6 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
@@ -6,7 +6,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.98"
     },
     "type": {
-      "mds": true
+      "mds": true,
+      "autoIncludeWithMandates": false
     }
   },
   {
@@ -16,7 +17,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.78"
     },
     "type": {
-      "mds": true
+      "mds": true,
+      "autoIncludeWithMandates": false
     }
   },
   {
@@ -26,7 +28,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.80"
     },
     "type": {
-      "mds": true
+      "mds": true,
+      "autoIncludeWithMandates": false
     }
   },
   {
@@ -36,21 +39,27 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.82"
     },
     "type": {
-      "mds": true
+      "mds": true,
+      "autoIncludeWithMandates": false
     }
   },
   {
     "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth",
     "idaAttribute": {},
     "type": {
-      "mds": false
+      "mds": false,
+      "autoIncludeWithMandates": false
     }
   },
   {
     "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/BirthName",
-    "idaAttribute": {},
+    "idaAttribute": {
+      "basic": "ida_birthname",
+      "withMandates": "ida_birthName_mandator"
+    },
     "type": {
-      "mds": false
+      "mds": false,
+      "autoIncludeWithMandates": false
     }
   },
   {
@@ -65,7 +74,8 @@
       "urn:oid:1.2.40.0.10.2.1.1.55"
     ],
     "type": {
-      "mds": true
+      "mds": true,
+      "autoIncludeWithMandates": false
     }
   },
   {
@@ -74,7 +84,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.84"
     },
     "type": {
-      "mds": true
+      "mds": true,
+      "autoIncludeWithMandates": false
     }
   },
   {
@@ -83,7 +94,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.149"
     },
     "type": {
-      "mds": true
+      "mds": true,
+      "autoIncludeWithMandates": true
     }
   },
   {
@@ -92,7 +104,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.20"
     },
     "type": {
-      "mds": true
+      "mds": true,
+      "autoIncludeWithMandates": true
     }
   },
   {
@@ -101,7 +114,8 @@
       "withMandates": "urn:oid:2.5.4.42"
     },
     "type": {
-      "mds": true
+      "mds": true,
+      "autoIncludeWithMandates": true
     }
   },
   {
@@ -110,7 +124,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.55"
     },
     "type": {
-      "mds": true
+      "mds": true,
+      "autoIncludeWithMandates": true
     }
   },
   {
@@ -120,7 +135,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.32"
     },
     "type": {
-      "mds": false
+      "mds": false,
+      "autoIncludeWithMandates": false      
     }
   },
   {
@@ -130,7 +146,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.108"
     },
     "type": {
-      "mds": false
+      "mds": false,
+      "autoIncludeWithMandates": false  
     }
   },
   {
@@ -139,7 +156,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.68"
     },
     "type": {
-      "mds": false
+      "mds": false,
+      "autoIncludeWithMandates": false  
     }
   },
   {
@@ -148,7 +166,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.106"
     },
     "type": {
-      "mds": false
+      "mds": false,
+      "autoIncludeWithMandates": false  
     }
   },
   {
@@ -157,7 +176,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.106"
     },
     "type": {
-      "mds": false
+      "mds": false,
+      "autoIncludeWithMandates": false  
     }
   }
 ]
\ No newline at end of file
diff --git a/ms_specific_connector/src/main/resources/specific_eIDAS_connector.beans.xml b/ms_specific_connector/src/main/resources/specific_eIDAS_connector.beans.xml
index 9861a7c6..0757327a 100644
--- a/ms_specific_connector/src/main/resources/specific_eIDAS_connector.beans.xml
+++ b/ms_specific_connector/src/main/resources/specific_eIDAS_connector.beans.xml
@@ -14,6 +14,9 @@
 
   <import resource="specific_eIDAS_core.beans.xml"/>
 
+  <bean id="AuthenticationDataBuilder"
+        class="at.asitplus.eidas.specific.core.builder.AuthenticationDataBuilder" />
+
   <bean id="msConnectorMessageSource"
         class="at.asitplus.eidas.specific.connector.config.MsConnectorMessageSource" />
 
diff --git a/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/builder/ProxyAuthenticationDataBuilder.java b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/builder/ProxyAuthenticationDataBuilder.java
new file mode 100644
index 00000000..bc7f88d4
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/builder/ProxyAuthenticationDataBuilder.java
@@ -0,0 +1,38 @@
+package at.asitplus.eidas.specific.proxy.builder;
+
+import at.asitplus.eidas.specific.core.builder.AuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * eIDAS Proxy-Service specific authentication-data builder.
+ * 
+ * @author tlenz
+ *
+ */
+@Slf4j
+public class ProxyAuthenticationDataBuilder extends AuthenticationDataBuilder {
+
+  private static final String PLUS = "+";
+  
+  @Override
+  protected String customizeLegalPersonSourcePin(String sourcePin, String sourcePinType) {   
+    String sectorType = sourcePinType.substring((EaafConstants.URN_PREFIX_BASEID + PLUS).length());       
+    return sectorType + PLUS + sourcePin;
+    
+  }
+
+  @Override
+  protected String customizeBpkAttribute(String pvpBpkAttrValue) {
+    final String[] split = pvpBpkAttrValue.split(":", 2);
+    if (split.length == 2) {
+      log.debug("Remove prefix from bPK attribute to transform it into eIDAS-Node format");
+      return split[1];
+
+    } else {
+      log.warn("PVP bPK attribute: {} has wrong format. Use it as it is.", pvpBpkAttrValue);
+      return pvpBpkAttrValue;
+
+    }
+  }
+}
diff --git a/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml b/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml
index 5633cb0e..cc4c904e 100644
--- a/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml
+++ b/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml
@@ -13,6 +13,9 @@
 
   <import resource="specific_eIDAS_core.beans.xml"/>
  
+   <bean id="ProxyAuthenticationDataBuilder"
+        class="at.asitplus.eidas.specific.proxy.builder.ProxyAuthenticationDataBuilder" />
+ 
   <bean id="pvpEndpointConfig"
         class="at.asitplus.eidas.specific.proxy.pvp.PvpEndPointConfiguration" />
  
diff --git a/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/builder/ProxyAuthenticationDataBuilderTest.java b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/builder/ProxyAuthenticationDataBuilderTest.java
new file mode 100644
index 00000000..ee2c8d8c
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/builder/ProxyAuthenticationDataBuilderTest.java
@@ -0,0 +1,395 @@
+package at.asitplus.eidas.specific.proxy.test.builder;
+
+import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.lang.reflect.Field;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.RandomUtils;
+import org.apache.ignite.Ignition;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.config.InitializationException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.context.i18n.LocaleContextHolder;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import com.google.common.collect.Sets;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.asitplus.eidas.specific.core.builder.AuthenticationDataBuilder;
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer;
+import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication;
+import lombok.SneakyThrows;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@SpringBootTest
+@ContextConfiguration(initializers = {
+    org.springframework.boot.context.config.DelegatingApplicationContextInitializer.class,
+    SpringBootApplicationContextInitializer.class
+    })
+@TestPropertySource(locations = { "file:src/test/resources/config/junit_config_1_springboot.properties" })
+@DirtiesContext(classMode = ClassMode.AFTER_CLASS)
+@ActiveProfiles(profiles = {"JUNIT", "jUnitTestMode"})
+public class ProxyAuthenticationDataBuilderTest {
+
+  
+  @Autowired
+  private AuthenticationDataBuilder authenticationDataBuilder;
+
+  @Autowired(required = true)
+  private IConfiguration basicConfig;
+
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+  private TestRequestImpl pendingReq;
+
+  private Map<String, String> spConfig;
+  private ServiceProviderConfiguration oaParam;
+
+  private String eidasBind;
+  private String authBlock;
+
+  @BeforeClass
+  public static void classInitializer() throws InitializationException, ComponentInitializationException {
+    final String current = new java.io.File(".").toURI().toString();
+    System.setProperty("eidas.ms.configuration", current
+        + "src/test/resources/config/junit_config_3.properties");
+
+    //eIDAS Ref. Impl. properties
+    System.setProperty("EIDAS_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    System.setProperty("SPECIFIC_CONNECTOR_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    System.setProperty("SPECIFIC_PROXY_SERVICE_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    
+    EaafOpenSaml3xInitializer.eaafInitialize();
+  }
+
+  /**
+   * Test shut-down.
+   *
+   * @throws Exception In case of an error
+   */
+  @AfterClass
+  @SneakyThrows
+  public static void closeIgniteNode() {
+    System.out.println("Closiong Ignite Node ... ");
+    Ignition.stopAll(true);
+
+    //set Ignite-node holder to 'null' because static holders are shared between different tests
+    final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance");
+    field.setAccessible(true);
+    field.set(null, null);
+    
+  }
+  
+  @Before
+  @SneakyThrows
+  public void initialize() throws EaafStorageException {
+    httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+    httpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+    spConfig = new HashMap<>();
+    spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
+    spConfig.put("target", "urn:publicid:gv.at:cdid+XX");
+    spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true");
+    oaParam = new ServiceProviderConfiguration(spConfig, basicConfig);
+    oaParam.setBpkTargetIdentifier("urn:publicid:gv.at:cdid+XX");
+    
+    pendingReq = new TestRequestImpl();
+    pendingReq.setAuthUrl("https://localhost/ms_connector");
+    pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setSpConfig(oaParam);
+    authBlock = RandomStringUtils.randomAlphanumeric(20);
+    eidasBind = RandomStringUtils.randomAlphanumeric(20);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, authBlock);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, eidasBind);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setQaaLevel(EaafConstants.EIDAS_LOA_PREFIX + RandomStringUtils.randomAlphabetic(5));
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
+        RandomStringUtils.randomAlphabetic(2));
+
+    LocaleContextHolder.resetLocaleContext();
+
+  }
+  
+  @Test
+  @SneakyThrows
+  public void eidasProxyModeSimple() throws EaafAuthenticationException {
+    // initialize state
+    pendingReq = new TestRequestImpl();
+    pendingReq.setAuthUrl("https://localhost/ms_connector");
+    pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setSpConfig(oaParam);
+    boolean isTestIdentity = RandomUtils.nextBoolean();
+    
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setForeigner(false);
+
+    String bpk = RandomStringUtils.randomAlphanumeric(10);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.BPK_NAME, "eidas+AT+XX:" + bpk);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max");
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann");
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01");
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME,
+        "http://eidas.europa.eu/LoA/high");
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+         PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
+         RandomStringUtils.randomAlphabetic(2));
+        
+    String randAttr = RandomStringUtils.randomAlphabetic(10);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        randAttr, RandomStringUtils.randomAlphabetic(10));
+
+    oaParam.setRequestedAttributes(Sets.newHashSet(randAttr, 
+        PvpAttributeDefinitions.BPK_NAME,
+        PvpAttributeDefinitions.GIVEN_NAME_NAME, 
+        PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, 
+        PvpAttributeDefinitions.BIRTHDATE_NAME,
+        PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME,
+        PvpAttributeDefinitions.EID_ISSUING_NATION_NAME));
+    
+    
+    // execute
+    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+    // validate state
+    Assert.assertNotNull("AuthData null", authData);
+    Assert.assertNull("authBlock null", authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class));
+    Assert.assertNull("eidasBind null", authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class));
+    Assert.assertNotNull("LoA null", authData.getEidasQaaLevel());
+        
+    Assert.assertEquals("FamilyName", "Mustermann", authData.getFamilyName());
+    Assert.assertEquals("GivenName", "Max", authData.getGivenName());
+    Assert.assertEquals("DateOfBirth", "1940-01-01", authData.getDateOfBirth());
+    
+    Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/high", authData.getEidasQaaLevel());
+    Assert.assertEquals("EID-ISSUING-NATION",
+        pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(
+            PvpAttributeDefinitions.EID_ISSUING_NATION_NAME),
+        authData.getCiticenCountryCode());
+    
+    checkGenericAttribute(authData, PvpAttributeDefinitions.BPK_NAME, bpk);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max");
+    checkGenericAttribute(authData, PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann");
+    checkGenericAttribute(authData, PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01");
+    
+    Assert.assertEquals("random optional attr.",
+        pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(
+            randAttr),
+        authData.getGenericData(randAttr, String.class));
+    
+  }
+  
+  
+  @Test
+  public void eidasProxyModeWithNatMandate() throws EaafAuthenticationException, EaafStorageException {
+    // initialize state    
+    injectRepresentativeInfosIntoSession();
+    
+    String givenNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String familyNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String dateOfBirthMandate = "1957-09-15";
+    String bpkMandate = RandomStringUtils.randomAlphanumeric(10);
+        
+    // set nat. person mandate information
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, "AT+XX:" + bpkMandate);
+            
+    oaParam.setRequestedAttributes(Sets.newHashSet(
+        PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME,
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME));
+    
+    // execute test
+    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+    
+    // validate state
+    Assert.assertNotNull("AuthData null", authData);    
+    assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate());
+    
+    //check mandate informations
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1957-09-15");
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate);
+        
+  }
+  
+  @Test
+  public void eidasProxyModeWithNatMandateWrongBpkFormat() throws EaafAuthenticationException, EaafStorageException {
+    // initialize state
+    injectRepresentativeInfosIntoSession();
+    
+    String givenNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String familyNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String dateOfBirthMandate = "1957-09-15";
+    String bpkMandate = RandomStringUtils.randomAlphanumeric(10);
+        
+    // set nat. person mandate information
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate);
+
+    oaParam.setRequestedAttributes(Sets.newHashSet(
+        PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME,
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME));
+    
+    // execute test
+    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+    
+    // validate state
+    Assert.assertNotNull("AuthData null", authData);    
+    assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate());
+    
+    //check mandate informations
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1957-09-15");
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate);
+        
+  }
+  
+  @Test
+  public void eidasProxyModeWithJurMandate() throws EaafAuthenticationException, EaafStorageException {
+    // initialize state    
+    injectRepresentativeInfosIntoSession();
+    
+    String commonMandate = RandomStringUtils.randomAlphabetic(10);
+    
+    // set constant country-code and sourcePin to check hashed eIDAS identifier
+    String sourcePinMandate = "asfdsadfsadfsafsdafsadfasr";       
+    spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+EE");
+    
+    // set nat. person mandate information
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, 
+            EaafConstants.URN_PREFIX_BASEID + "+XFN");            
+    
+    oaParam.setRequestedAttributes(Sets.newHashSet(
+        PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, 
+        PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME));
+    
+    // execute test
+    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+    
+    // validate state
+    Assert.assertNotNull("AuthData null", authData);    
+    assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate());
+    
+    //check mandate informations
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, "XFN+" + sourcePinMandate);
+        
+  }
+  
+  private void injectRepresentativeInfosIntoSession() throws EaafStorageException {
+    boolean isTestIdentity = RandomUtils.nextBoolean();
+    pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
+    
+    String givenName = RandomStringUtils.randomAlphabetic(10);
+    String familyName = RandomStringUtils.randomAlphabetic(10);
+    String dateOfBirth = "1956-12-08";
+    String bpk = RandomStringUtils.randomAlphanumeric(10);
+    String cc = pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class);
+    String spC = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + cc + "+" + spC);
+    
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setForeigner(false);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.GIVEN_NAME_NAME, givenName);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, familyName);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.BIRTHDATE_NAME, dateOfBirth);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, bpk);
+    
+    //set LoA level attribute instead of explicit session-data
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+    .setGenericDataToSession(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, 
+        pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel());
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setQaaLevel(null);
+    
+  }
+  
+  private void checkGenericAttribute(IAuthData authData, String attrName, String expected) {
+    assertEquals("Wrong: " + attrName, expected, authData.getGenericData(attrName, String.class));
+    
+   }
+  
+}
diff --git a/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties b/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties
index 8cd77046..47d50191 100644
--- a/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties
+++ b/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties
@@ -69,7 +69,7 @@ eidas.ms.configuration.pvp.enable.entitycategories=false
 
 #############################################################################
 ## MS-speccific eIDAS-Proxy-Service configuration
-
+eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=./../../../../../basicConfig/ms-proxyservice/misc/idaAttributeMapping.json
 
 #### eIDAS ms-specific Proxy-Service configuration
 eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy
diff --git a/pom.xml b/pom.xml
index 309fab68..e469f680 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
     <!-- ===================================================================== -->
     <egiz-spring-api>0.3</egiz-spring-api>
     <egiz-eventlog-slf4jBackend>0.4</egiz-eventlog-slf4jBackend>
-    <eaaf-core.version>1.3.2</eaaf-core.version>
+    <eaaf-core.version>1.3.3-SNAPSHOT</eaaf-core.version>
 
     <spring-boot-starter-web.version>2.5.13</spring-boot-starter-web.version>
     <spring-boot-admin-starter-client.version>2.5.6</spring-boot-admin-starter-client.version>
-- 
cgit v1.2.3


From cab2ab4ddb85b305d77798073b868cf42a7e0111 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Wed, 8 Jun 2022 14:56:42 +0200
Subject: chore(core): minory style, test and validation fixes

---
 .../specific/core/config/ServiceProviderConfiguration.java    |  2 +-
 .../specific/core/builder/AuthenticationDataBuilder.java      |  8 ++++----
 modules/eidas_proxy-sevice/checks/spotbugs-exclude.xml        | 11 +++++++++++
 .../specific/modules/msproxyservice/dto/attributes/Type.java  | 11 ++++++++---
 .../test/protocol/EidasProxyServiceControllerTest.java        |  2 +-
 .../eidas/specific/proxy/test/FullStartUpAndProcessTest.java  |  2 +-
 6 files changed, 26 insertions(+), 10 deletions(-)

(limited to 'modules/core_common_lib/src')

diff --git a/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java
index 2ecbf7d0..d2177323 100644
--- a/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java
+++ b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/config/ServiceProviderConfiguration.java
@@ -55,7 +55,7 @@ public class ServiceProviderConfiguration extends SpConfigurationImpl {
   private List<String> mandateProfiles;  
     
   /**
-   * IDA specific requested attributes
+   * IDA specific requested attributes.
    */
   @Getter
   @Setter
diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
index 673b8ef5..5a8992b5 100644
--- a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
@@ -102,7 +102,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
       buildNatPersonInfos((EidAuthenticationData) authData, authProcessData);
 
       // handle mandate informations
-      buildMandateInformation((EidAuthenticationData) authData, pendingReq, authProcessData);
+      buildMandateInformation((EidAuthenticationData) authData, authProcessData);
 
     } else {
       throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: "
@@ -172,7 +172,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
     }
   }
 
-  private void buildMandateInformation(EidAuthenticationData authData, IRequest pendingReq,
+  private void buildMandateInformation(EidAuthenticationData authData,
       EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException,
       EaafStorageException {
     authData.setUseMandate(authProcessData.isMandateUsed());
@@ -182,7 +182,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
         buildMandateInformationForEidasIncoming();
 
       } else {
-        buildMandateInformationForEidasOutgoing(authData, pendingReq, authProcessData);
+        buildMandateInformationForEidasOutgoing(authData, authProcessData);
 
       }
     }
@@ -204,7 +204,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 
   }
 
-  private void buildMandateInformationForEidasOutgoing(EidAuthenticationData authData, IRequest pendingReq,
+  private void buildMandateInformationForEidasOutgoing(EidAuthenticationData authData,
       EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException,
       EaafStorageException {
     log.debug("Find eIDAS outgoing process. Generated mandate-information for other country ... ");
diff --git a/modules/eidas_proxy-sevice/checks/spotbugs-exclude.xml b/modules/eidas_proxy-sevice/checks/spotbugs-exclude.xml
index cdc9fa95..22dbaa13 100644
--- a/modules/eidas_proxy-sevice/checks/spotbugs-exclude.xml
+++ b/modules/eidas_proxy-sevice/checks/spotbugs-exclude.xml
@@ -16,5 +16,16 @@
       <OR>
         <Bug pattern="UNVALIDATED_REDIRECT" />                
       </OR>
+    </Match>
+    <Match>
+      <!-- That elements are accessible by design -->
+      <OR>
+        <Class name="at.asitplus.eidas.specific.modules.msproxyservice.dto.attributes.AttrMappingElement" />
+        <Class name="at.asitplus.eidas.specific.modules.msproxyservice.service.ProxyEidasAttributeRegistry" />
+      </OR>
+      <OR>
+        <Bug pattern="EI_EXPOSE_REP" />
+        <Bug pattern="EI_EXPOSE_REP2" />
+      </OR>
     </Match>    
 </FindBugsFilter>
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java
index f66bb799..6a06a5b5 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java
@@ -22,8 +22,7 @@ import lombok.Data;
 public class Type {
 
   /**
-   * <code>true</code> if this attribute is part of MDS, otherwise
-   * <code>false</code>
+   * <code>true</code> if this attribute is part of MDS, otherwise <code>false</code>.
    */
   @JsonProperty("mds")
   private Boolean mds;
@@ -50,7 +49,7 @@ public class Type {
     NONE("none");
 
     private final String value;
-    private final static Map<String, Type.Mandator> CONSTANTS = new HashMap<>();
+    private static final Map<String, Type.Mandator> CONSTANTS = new HashMap<>();
 
     static {
       for (final Type.Mandator c : values()) {
@@ -72,6 +71,12 @@ public class Type {
       return this.value;
     }
 
+    /**
+     * Build {@link Mandator} from textual representation.
+     * 
+     * @param value textual representation
+     * @return Type of the mandator
+     */
     @JsonCreator
     public static Type.Mandator fromValue(String value) {
       final Type.Mandator constant = CONSTANTS.get(value);
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
index ef1abbcd..b491c2bf 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
@@ -329,7 +329,7 @@ public class EidasProxyServiceControllerTest {
     assertTrue("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
     assertEquals("MandateMode", SpMandateModes.NONE, spConfig.getMandateMode());
         
-    assertEquals("requested IDA attributes", 3, spConfig.getRequestedAttributes().size());
+    assertEquals("requested IDA attributes", 4, spConfig.getRequestedAttributes().size());
     
     
   }
diff --git a/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java
index bc6f5317..2fe7ee05 100644
--- a/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java
+++ b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java
@@ -384,7 +384,7 @@ public class FullStartUpAndProcessTest {
     assertEquals("wrong number of extension elements", 
         1, authnReq.getExtensions().getOrderedChildren().size());
     assertEquals("wrong number of requested attributes", 
-        4, authnReq.getExtensions().getOrderedChildren().get(0).getOrderedChildren().size());
+        5, authnReq.getExtensions().getOrderedChildren().get(0).getOrderedChildren().size());
                 
     return authnReq.getID();
   }
-- 
cgit v1.2.3