From 7bf7c3c03fd3a1efeaf3f8e3dd75922e2f5f9921 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Tue, 8 Mar 2022 19:06:10 +0100
Subject: refactor(core): move all project libs into sub-project 'modules'

---
 .../test/EidasProxyMessageSourceTest.java          |  50 ++
 .../MsProxyServiceSpringResourceProviderTest.java  |  56 ++
 .../protocol/EidasProxyServiceControllerTest.java  | 666 +++++++++++++++++++++
 .../ProxyServiceAuthenticationActionTest.java      | 637 ++++++++++++++++++++
 .../resources/config/additional-attributes.xml     |  39 ++
 .../src/test/resources/config/eidas-attributes.xml | 376 ++++++++++++
 .../resources/config/junit_config_1.properties     |   6 +
 .../spring/SpringTest-context_basic_mapConfig.xml  |  20 +
 .../spring/SpringTest-context_basic_test.xml       |  42 ++
 9 files changed, 1892 insertions(+)
 create mode 100644 modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/EidasProxyMessageSourceTest.java
 create mode 100644 modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/MsProxyServiceSpringResourceProviderTest.java
 create mode 100644 modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java
 create mode 100644 modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java
 create mode 100644 modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml
 create mode 100644 modules/eidas_proxy-sevice/src/test/resources/config/eidas-attributes.xml
 create mode 100644 modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
 create mode 100644 modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig.xml
 create mode 100644 modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_test.xml

(limited to 'modules/eidas_proxy-sevice/src/test')

diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/EidasProxyMessageSourceTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/EidasProxyMessageSourceTest.java
new file mode 100644
index 00000000..efe572b5
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/EidasProxyMessageSourceTest.java
@@ -0,0 +1,50 @@
+package at.asitplus.eidas.specific.modules.auth.idaustria.test;
+
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.asitplus.eidas.specific.modules.msproxyservice.EidasProxyMessageSource;
+import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = {
+    "/spring/SpringTest-context_basic_test.xml",
+    "/spring/SpringTest-context_basic_mapConfig.xml",
+  })
+public class EidasProxyMessageSourceTest {
+
+  @Autowired
+  private ResourceLoader loader;
+  @Autowired(required = false)
+  private List<IMessageSourceLocation> messageSources;
+
+  @Test
+  public void checkMessageSources() {
+    Assert.assertNotNull("No messageSource", messageSources);
+    Assert.assertFalse("No message source", messageSources.isEmpty());
+    
+    boolean found = false;
+    
+    for (final IMessageSourceLocation messageSource : messageSources) {
+      found = found ? found : messageSource instanceof EidasProxyMessageSource;
+
+      Assert.assertNotNull("No sourcePath", messageSource.getMessageSourceLocation());
+      for (final String el : messageSource.getMessageSourceLocation()) {
+        final Resource messages = loader.getResource(el + ".properties");
+        Assert.assertTrue("Source not exist", messages.exists());
+
+      }
+    }
+    
+    Assert.assertTrue("Internal messagesource not found", found);
+    
+  }
+}
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/MsProxyServiceSpringResourceProviderTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/MsProxyServiceSpringResourceProviderTest.java
new file mode 100644
index 00000000..8c6da366
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/MsProxyServiceSpringResourceProviderTest.java
@@ -0,0 +1,56 @@
+package at.asitplus.eidas.specific.modules.auth.idaustria.test;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.apache.commons.io.IOUtils;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+import org.springframework.core.io.Resource;
+
+import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceSpringResourceProvider;
+import at.gv.egiz.eaaf.core.test.TestConstants;
+
+
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class MsProxyServiceSpringResourceProviderTest {
+
+  @Test
+  public void testSpringConfig() {
+    final MsProxyServiceSpringResourceProvider test =
+        new MsProxyServiceSpringResourceProvider();
+    for (final Resource el : test.getResourcesToLoad()) {
+      try {
+        IOUtils.toByteArray(el.getInputStream());
+
+      } catch (final IOException e) {
+        Assert.fail("Ressouce: " + el.getFilename() + " not found");
+      }
+
+    }
+
+    Assert.assertNotNull("no Name", test.getName());
+    Assert.assertNull("Find package definitions", test.getPackagesToScan());
+
+  }
+ 
+  @Test
+  public void testSpILoaderConfig() {
+    final InputStream el = this.getClass().getResourceAsStream(TestConstants.TEST_SPI_LOADER_PATH);
+    try {
+      final String spiFile = IOUtils.toString(el, "UTF-8");
+
+      Assert.assertEquals("Wrong classpath in SPI file",
+          MsProxyServiceSpringResourceProvider.class.getName(), spiFile);
+
+
+    } catch (final IOException e) {
+      Assert.fail("Ressouce: " + TestConstants.TEST_SPI_LOADER_PATH + " not found");
+
+    }
+  }
+
+}
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java
new file mode 100644
index 00000000..55958d9e
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java
@@ -0,0 +1,666 @@
+package at.asitplus.eidas.specific.modules.auth.idaustria.test.protocol;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertThrows;
+import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.net.URLDecoder;
+import java.text.MessageFormat;
+import java.util.Arrays;
+import java.util.List;
+import java.util.UUID;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.saml.saml2.core.NameIDType;
+import org.opensaml.saml.saml2.core.StatusCode;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+
+import com.google.common.collect.ImmutableSortedSet;
+
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService;
+import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
+import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException;
+import at.asitplus.eidas.specific.modules.msproxyservice.protocol.EidasProxyServiceController;
+import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePendingRequest;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyProtocolAuthService;
+import eu.eidas.auth.commons.EidasParameterKeys;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.light.ILightResponse;
+import eu.eidas.auth.commons.light.impl.LightRequest;
+import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames;
+import eu.eidas.specificcommunication.exception.SpecificCommunicationException;
+import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@PrepareForTest(CreateIdentityLinkTask.class)
+@ContextConfiguration(locations = {
+    "/spring/SpringTest-context_basic_test.xml",
+    "/spring/SpringTest-context_basic_mapConfig.xml",
+  })
+@EnableWebMvc
+public class EidasProxyServiceControllerTest {
+
+  @Autowired private EidasProxyServiceController controller;
+  
+  @Autowired private DummySpecificCommunicationService proxyService;
+  @Autowired private DummyProtocolAuthService authService;
+  @Autowired private EidasAttributeRegistry attrRegistry;
+  @Autowired private ApplicationContext context;
+  
+  @Autowired MsConnectorDummyConfigMap config;
+  
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+  
+  private SpecificCommunicationService springManagedSpecificConnectorCommunicationService;
+  
+  /**
+   * jUnit test set-up.
+   */
+  @Before
+  public void setUp() throws EaafStorageException, URISyntaxException {
+    httpReq = new MockHttpServletRequest("POST", "http://localhost/ms_connector/eidas/light/idp/redirect");
+    httpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+       
+    proxyService.setiLightRequest(null);
+    proxyService.setError(null);
+            
+    config.putConfigValue("eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint", 
+        "http://eidas.proxy/endpoint");
+    
+    springManagedSpecificConnectorCommunicationService =
+        (SpecificCommunicationService) context.getBean(
+            SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE
+                .toString());
+    
+  }
+  
+  @Test
+  public void generateErrorResponseWrongPendingReq() throws Throwable {    
+    Assert.assertFalse("wrong statusCode", controller.generateErrorMessage(
+        new EaafException("1000"), 
+        httpReq, httpResp, null));    
+    
+  }
+  
+  @Test
+  public void generateErrorResponse() throws Throwable {    
+    ProxyServicePendingRequest pendingReq = new ProxyServicePendingRequest();
+    pendingReq.initialize(httpReq, config);
+    
+    LightRequest.Builder eidasRequestBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(RandomStringUtils.randomAlphabetic(10))
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .spType("public")
+        .requesterId(RandomStringUtils.randomAlphanumeric(10))
+        .providerName(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    
+    // execute test
+    Assert.assertTrue("wrong statusCode", controller.generateErrorMessage(
+        new EaafException("1000"), 
+        httpReq, httpResp, 
+        pendingReq));    
+    
+    // validate state
+    assertNotNull("not redirct Header", httpResp.getHeader("Location"));
+    assertTrue("wrong redirect URL", httpResp.getHeader("Location").startsWith("http://eidas.proxy/endpoint?token="));    
+    String token = httpResp.getHeader("Location").substring("http://eidas.proxy/endpoint?token=".length());
+    
+    ILightResponse resp = springManagedSpecificConnectorCommunicationService.getAndRemoveResponse(URLDecoder.decode(token, "UTF-8"), 
+        ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes()));    
+    
+    assertNotNull("responseId", resp.getId());
+    assertEquals("inResponseTo", pendingReq.getEidasRequest().getId(), resp.getInResponseToId());
+    assertEquals("relayState", pendingReq.getEidasRequest().getRelayState(), resp.getRelayState());
+    
+    assertNotNull("subjectNameId", resp.getSubject());
+    assertEquals("subjectNameIdFormat", NameIDType.TRANSIENT, resp.getSubjectNameIdFormat());  
+    assertTrue("not attributes", resp.getAttributes().isEmpty());    
+
+    assertEquals("StatusCode", StatusCode.RESPONDER, resp.getStatus().getStatusCode());
+    //assertEquals("SubStatusCode", "", resp.getStatus().getSubStatusCode());
+    //assertEquals("StatusMsg", "", resp.getStatus().getStatusMessage());
+    
+  }
+  
+  @Test
+  public void missingEidasToken() {       
+    EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class,
+        () -> controller.receiveEidasAuthnRequest(httpReq, httpResp));
+    Assert.assertEquals("wrong errorCode", "eidas.proxyservice.02", exception.getErrorId());
+   
+  }
+  
+  @Test
+  public void wrongEidasTokenWithNullpointerException() {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));
+    
+    //validate state
+    EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class,
+        () -> controller.receiveEidasAuthnRequest(httpReq, httpResp));
+    Assert.assertEquals("wrong errorCode", "eidas.proxyservice.11", exception.getErrorId());
+   
+  }
+  
+  @Test
+  public void wrongEidasTokenCacheCommunicationError() {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    proxyService.setError(new SpecificCommunicationException(RandomStringUtils.randomAlphanumeric(10)));
+    
+    //validate state
+    EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class,
+        () -> controller.receiveEidasAuthnRequest(httpReq, httpResp));
+    Assert.assertEquals("wrong errorCode", "eidas.proxyservice.03", exception.getErrorId());
+    Assert.assertTrue("Wrong exception", (exception.getCause() instanceof SpecificCommunicationException));
+    
+  }
+    
+  @Test
+  public void missingServiceProviderCountry() {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(RandomStringUtils.randomAlphabetic(10))
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH);
+    
+    proxyService.setiLightRequest(authnReqBuilder.build());
+    
+    //validate state
+    EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class,
+        () -> controller.receiveEidasAuthnRequest(httpReq, httpResp));
+    Assert.assertEquals("wrong errorCode", "eidas.proxyservice.07", exception.getErrorId());
+    
+  }
+    
+  @Test
+  public void requestingLegalAndNaturalPerson() {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(RandomStringUtils.randomAlphabetic(10))
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .requestedAttributes(ImmutableAttributeMap.builder()
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+            .build());
+    
+    proxyService.setiLightRequest(authnReqBuilder.build());
+    
+    //validate state
+    EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class,
+        () -> controller.receiveEidasAuthnRequest(httpReq, httpResp));
+    Assert.assertEquals("wrong errorCode", "eidas.proxyservice.08", exception.getErrorId());
+    
+  }
+  
+  @Test
+  public void requestLegalPersonButNoMandates() throws IOException, EaafException {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(RandomStringUtils.randomAlphabetic(10))
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(spCountryCode)
+        .spType("public")
+        .requestedAttributes(ImmutableAttributeMap.builder()
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build());
+    
+    proxyService.setiLightRequest(authnReqBuilder.build());
+    
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "false");
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, 
+        StringUtils.join(Arrays.asList(
+            RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ","));
+    
+  //validate state
+    EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class,
+        () -> controller.receiveEidasAuthnRequest(httpReq, httpResp));
+    Assert.assertEquals("wrong errorCode", "eidas.proxyservice.09", exception.getErrorId());  
+  
+  }
+  
+  @Test
+  public void validAuthnRequest() throws IOException, EaafException {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(RandomStringUtils.randomAlphabetic(10))
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(spCountryCode)
+        .spType("public")
+        .requestedAttributes(ImmutableAttributeMap.builder()
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
+    
+    proxyService.setiLightRequest(authnReqBuilder.build());
+    
+    
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "false");
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, 
+        StringUtils.join(Arrays.asList(
+            RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ","));
+    
+    
+    //execute
+    controller.receiveEidasAuthnRequest(httpReq, httpResp);
+    
+    //validate state
+    Assert.assertNotNull("pendingRequest", authService.getPendingReq());
+    Assert.assertTrue("wrong pendingRequest", authService.getPendingReq() instanceof ProxyServicePendingRequest);
+    ProxyServicePendingRequest pendingReq = (ProxyServicePendingRequest) authService.getPendingReq();        
+    Assert.assertNotNull("missing uniqueSpId", pendingReq.getSpEntityId());        
+    Assert.assertNotNull("missing eidasReq", pendingReq.getEidasRequest());
+    
+    Assert.assertFalse("isPassive", pendingReq.isPassiv());
+    Assert.assertTrue("isPassive", pendingReq.forceAuth());
+    Assert.assertFalse("isPassive", pendingReq.isAuthenticated());
+    Assert.assertFalse("isPassive", pendingReq.isAbortedByUser());
+    Assert.assertTrue("isPassive", pendingReq.isNeedAuthentication());
+
+    Assert.assertNotNull("missing spConfig", pendingReq.getServiceProviderConfiguration());
+    ServiceProviderConfiguration spConfig = 
+        pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+    Assert.assertNotNull("uniqueId", spConfig.getUniqueIdentifier());
+    Assert.assertEquals("uniqueId wrong pattern", 
+        authnReqBuilder.build().getIssuer(), 
+        spConfig.getUniqueIdentifier());    
+    Assert.assertEquals("friendlyName wrong pattern", 
+        MessageFormat.format(MsProxyServiceConstants.TEMPLATE_SP_UNIQUE_ID, spCountryCode, "public"), 
+        spConfig.getFriendlyName());
+    
+    Assert.assertEquals("uniqueId not match to pendingReq", 
+        pendingReq.getSpEntityId(), spConfig.getUniqueIdentifier());
+    Assert.assertNotNull("bpkTarget", spConfig.getAreaSpecificTargetIdentifier());
+    Assert.assertEquals("wrong bPK Target", 
+        EaafConstants.URN_PREFIX_EIDAS + "AT+" + spCountryCode, 
+        spConfig.getAreaSpecificTargetIdentifier());
+    
+    assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+    assertTrue("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+    assertEquals("MandateMode", SpMandateModes.NONE, spConfig.getMandateMode());
+        
+  }
+
+  @Test
+  public void validAuthnRequestWithMandatesDefaultProfilesNat() throws IOException, EaafException {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(RandomStringUtils.randomAlphabetic(10))
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(spCountryCode)
+        .spType("public")
+        .requestedAttributes(ImmutableAttributeMap.builder()
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
+    
+    
+    proxyService.setiLightRequest(authnReqBuilder.build());
+    
+    List<String> mandateProfilesNat = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    List<String> mandateProfilesJur = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true");
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, 
+        StringUtils.join(mandateProfilesNat, ","));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, 
+        StringUtils.join(mandateProfilesJur, ","));
+    
+    //execute
+    controller.receiveEidasAuthnRequest(httpReq, httpResp);
+    
+    //validate state
+    ServiceProviderConfiguration spConfig = 
+        authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+    assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+    assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+    assertEquals("mandateprofile size", mandateProfilesNat.size(), spConfig.getMandateProfiles().size());
+    spConfig.getMandateProfiles().stream()
+        .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfilesNat.contains(el)));
+    assertEquals("MandateMode", SpMandateModes.NATURAL, spConfig.getMandateMode());
+    
+  }
+  
+  @Test
+  public void validAuthnRequestWithMandatesDefaultProfilesJur() throws IOException, EaafException {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(RandomStringUtils.randomAlphabetic(10))
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(spCountryCode)
+        .spType("public")
+        .requestedAttributes(ImmutableAttributeMap.builder()
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build());
+    
+    
+    proxyService.setiLightRequest(authnReqBuilder.build());
+    
+    List<String> mandateProfilesNat = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    List<String> mandateProfilesJur = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true");
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, 
+        StringUtils.join(mandateProfilesNat, ","));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, 
+        StringUtils.join(mandateProfilesJur, ","));
+    
+    //execute
+    controller.receiveEidasAuthnRequest(httpReq, httpResp);
+    
+    //validate state
+    ServiceProviderConfiguration spConfig = 
+        authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+    assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+    assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+    assertEquals("mandateprofile size", mandateProfilesJur.size(), spConfig.getMandateProfiles().size());
+    spConfig.getMandateProfiles().stream()
+        .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfilesJur.contains(el)));
+    assertEquals("MandateMode", SpMandateModes.LEGAL_FORCE, spConfig.getMandateMode());
+    
+  }
+  
+  @Test
+  public void validAuthnRequestWithMandatesDefaultNoJurProfiles() throws IOException, EaafException {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(RandomStringUtils.randomAlphabetic(10))
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(spCountryCode)
+        .spType("public")
+        .requestedAttributes(ImmutableAttributeMap.builder()
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build());
+    
+    
+    proxyService.setiLightRequest(authnReqBuilder.build());
+    
+    List<String> mandateProfilesNat = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true");
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, 
+        StringUtils.join(mandateProfilesNat, ","));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, "");
+    
+    //validate state
+    EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class,
+        () -> controller.receiveEidasAuthnRequest(httpReq, httpResp));
+    Assert.assertEquals("wrong errorCode", "eidas.proxyservice.10", exception.getErrorId());
+        
+  }
+  
+  @Test
+  public void validAuthnRequestWithMandatesDefaultNoNatProfiles() throws IOException, EaafException {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(RandomStringUtils.randomAlphabetic(10))
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(spCountryCode)
+        .spType("public")
+        .requestedAttributes(ImmutableAttributeMap.builder()
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
+    
+    
+    proxyService.setiLightRequest(authnReqBuilder.build());
+    
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true");
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, ""); 
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, "");
+    
+    //execute
+    controller.receiveEidasAuthnRequest(httpReq, httpResp);
+    
+    //validate state
+    ServiceProviderConfiguration spConfig = 
+        authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+    assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+    assertTrue("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+    assertEquals("MandateMode", SpMandateModes.NONE, spConfig.getMandateMode());
+        
+  }
+  
+  @Test
+  public void validAuthnRequestIssueSpecificNoMandates() throws IOException, EaafException {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    
+    String issuer = RandomStringUtils.randomAlphabetic(10);    
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(issuer)
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .spType("public")
+        .requestedAttributes(ImmutableAttributeMap.builder()
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
+    
+    proxyService.setiLightRequest(authnReqBuilder.build());
+    
+    
+    // set default mandate configuration    
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true");
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, 
+        StringUtils.join(Arrays.asList(
+            RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ","));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, 
+        StringUtils.join(Arrays.asList(
+            RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ","));
+    
+    // set specific mandate configuration
+    String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    addConnectorConfig(0,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_UNIQUEID, issuer);
+    addConnectorConfig(0,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_COUNTRYCODE, spCountryCode);
+    addConnectorConfig(0,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_ENABLED, "false");
+    
+    List<String> mandateProfiles = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    addConnectorConfig(0,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL, 
+        StringUtils.join(mandateProfiles, ","));
+    addConnectorConfig(0,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL, 
+        StringUtils.join(Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ","));
+        
+    //execute
+    controller.receiveEidasAuthnRequest(httpReq, httpResp);
+    
+    //validate state
+    ServiceProviderConfiguration spConfig = 
+        authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+    assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+    assertTrue("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+    assertEquals("MandateMode", SpMandateModes.NONE, spConfig.getMandateMode());
+    
+  }
+  
+  @Test
+  public void validAuthnRequestIssueSpecificMandatesNat() throws IOException, EaafException {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    
+    String issuer = "https://apps.egiz.gv.at/EidasNode//ConnectorMetadata";    
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(issuer)
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .spType("public")
+        .requestedAttributes(ImmutableAttributeMap.builder()
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
+    
+    proxyService.setiLightRequest(authnReqBuilder.build());
+    
+    
+    // set default mandate configuration    
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "false");
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, 
+        StringUtils.join(Arrays.asList(
+            RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ","));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, 
+        StringUtils.join(Arrays.asList(
+            RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ","));
+    
+    // set specific mandate configuration
+    String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    addConnectorConfig(0,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_UNIQUEID, issuer);
+    addConnectorConfig(0,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_COUNTRYCODE, spCountryCode);
+    addConnectorConfig(0,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_ENABLED, "true");
+    
+    List<String> mandateProfiles = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    addConnectorConfig(0,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL, 
+        StringUtils.join(mandateProfiles, ","));
+    addConnectorConfig(0,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL, 
+        StringUtils.join(Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ","));
+        
+    //execute
+    controller.receiveEidasAuthnRequest(httpReq, httpResp);
+    
+    //validate state
+    ServiceProviderConfiguration spConfig = 
+        authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+    assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+    assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+    assertEquals("mandateprofile size", mandateProfiles.size(), spConfig.getMandateProfiles().size());
+    spConfig.getMandateProfiles().stream()
+        .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfiles.contains(el)));
+    assertEquals("MandateMode", SpMandateModes.NATURAL, spConfig.getMandateMode());
+    
+  }
+  
+  @Test
+  public void validAuthnRequestIssueSpecificMandatesJur() throws IOException, EaafException {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    
+    String issuer = RandomStringUtils.randomAlphabetic(10);    
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(issuer)
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .spType("public")
+        .requestedAttributes(ImmutableAttributeMap.builder()
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build());
+    
+    proxyService.setiLightRequest(authnReqBuilder.build());
+    
+    
+    // set default mandate configuration    
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true");
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, 
+        StringUtils.join(Arrays.asList(
+            RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ","));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, 
+        StringUtils.join(Arrays.asList(
+            RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ","));
+    
+    // set specific mandate configuration
+    String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    addConnectorConfig(0,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_UNIQUEID, issuer);
+    addConnectorConfig(0,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_COUNTRYCODE, spCountryCode);
+    addConnectorConfig(0,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_ENABLED, "true");
+    
+    List<String> mandateProfiles = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    addConnectorConfig(0,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL, 
+        StringUtils.join(mandateProfiles, ","));
+    addConnectorConfig(0,  MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL, 
+        StringUtils.join(Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ","));
+        
+    //execute
+    controller.receiveEidasAuthnRequest(httpReq, httpResp);
+    
+    //validate state
+    ServiceProviderConfiguration spConfig = 
+        authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+    assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+    assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+    assertEquals("mandateprofile size", mandateProfiles.size(), spConfig.getMandateProfiles().size());
+    spConfig.getMandateProfiles().stream()
+        .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfiles.contains(el)));
+    assertEquals("MandateMode", SpMandateModes.LEGAL_FORCE, spConfig.getMandateMode());
+    
+  }
+  
+  private void addConnectorConfig(int i, String key, String value) {
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_PREFIX + String.valueOf(i)  + "." + key, 
+        value); 
+    
+  }
+  
+}
+
+
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java
new file mode 100644
index 00000000..52cc01d4
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java
@@ -0,0 +1,637 @@
+package at.asitplus.eidas.specific.modules.auth.idaustria.test.protocol;
+
+import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertThrows;
+import static org.junit.Assert.assertTrue;
+
+import java.net.URISyntaxException;
+import java.net.URLDecoder;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.joda.time.DateTime;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.saml.saml2.core.NameIDType;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import com.google.common.collect.ImmutableSortedSet;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
+import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummySpConfiguration;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask;
+import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServiceAuthenticationAction;
+import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePendingRequest;
+import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.light.ILightResponse;
+import eu.eidas.auth.commons.light.impl.LightRequest;
+import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
+import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames;
+import eu.eidas.specificcommunication.exception.SpecificCommunicationException;
+import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@PrepareForTest(CreateIdentityLinkTask.class)
+@ContextConfiguration(locations = {
+    "/spring/SpringTest-context_basic_test.xml",
+    "/spring/SpringTest-context_basic_mapConfig.xml",
+  })
+public class ProxyServiceAuthenticationActionTest {
+
+  @Autowired private MsConnectorDummyConfigMap basicConfig;
+  @Autowired private ProxyServiceAuthenticationAction action;
+  @Autowired private ApplicationContext context;
+  @Autowired EidasAttributeRegistry attrRegistry;
+  
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+  private ProxyServicePendingRequest pendingReq;
+  private MsConnectorDummySpConfiguration oaParam;
+  private SpecificCommunicationService springManagedSpecificConnectorCommunicationService;
+  
+   
+  /**
+   * jUnit test set-up.
+   * @throws EaafException In case of an error
+   */
+  @Before
+  public void setUp() throws URISyntaxException, EaafException {
+    httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
+    httpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+    
+    basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint", 
+        "http://eidas.proxy/endpoint");    
+    basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson", 
+        "false");
+    
+    final Map<String, String> spConfig = new HashMap<>();
+    spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
+    spConfig.put("target", "urn:publicid:gv.at:cdid+XX");
+    spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true");
+    oaParam = new MsConnectorDummySpConfiguration(spConfig, basicConfig);
+    oaParam.setLoa(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH));
+        
+    pendingReq = new ProxyServicePendingRequest();
+    pendingReq.initialize(httpReq, basicConfig);
+    pendingReq.setOnlineApplicationConfiguration(oaParam);
+    
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    
+    springManagedSpecificConnectorCommunicationService =
+        (SpecificCommunicationService) context.getBean(
+            SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE
+                .toString());
+    
+  }
+  
+  @Test
+  public void wrongPendingRequestType() {    
+    IAuthData authData = generateDummyAuthData();
+    TestRequestImpl internalPendingReq = new TestRequestImpl();
+    
+    EaafException exception = assertThrows(EaafException.class,
+        () ->  action.processRequest(internalPendingReq, httpReq, httpResp, authData));
+    Assert.assertEquals("wrong errorCode", "eidas.proxyservice.99", exception.getErrorId());
+    
+  }
+
+  @Test
+  public void missingForwardUrl() {        
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false);
+    basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint");
+        
+    EaafException exception = assertThrows(EaafException.class,
+        () ->  action.processRequest(pendingReq, httpReq, httpResp, authData));
+    Assert.assertEquals("wrong errorCode", "config.08", exception.getErrorId());
+    
+  }
+  
+  @Test 
+  public void responseWithoutMandate() throws EaafException, SpecificCommunicationException {
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false);
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 4, respAttr.size());    
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER, 
+        (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName());
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName());
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH, 
+        authData.getDateOfBirth());
+        
+  }
+  
+  @Test 
+  public void responseWithNatMandate() throws EaafException, SpecificCommunicationException {
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    
+    attr.put(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME,
+        "1985-11-15");
+    
+    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 8, respAttr.size());    
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, 
+        (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName());
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName());
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth());
+
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER, 
+        (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER));
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME, 
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME));
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME, 
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME));
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH, 
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME));
+           
+  }
+  
+  @Test 
+  public void responseWithJurMandate() throws EaafException, SpecificCommunicationException {
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+    
+    attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 6, respAttr.size());  
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, 
+        (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName());
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName());
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth());
+   
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER, 
+        (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER));
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_LEGALNAME, 
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME));
+    
+    assertNull("find nat. person subject: personalId", 
+        getAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
+    assertNull("find nat. person subject: familyName", 
+        getAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME));
+    assertNull("find nat. person subject: givenName", 
+        getAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME));
+    assertNull("find nat. person subject: dateOfBirth", 
+        getAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH));
+    
+  }
+  
+  @Test
+  public void responseWithNatMandateWithWorkAround() throws EaafException, SpecificCommunicationException {
+    basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson", 
+        "true");
+    
+    //request natural person subject only
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder().put(
+        attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    
+    attr.put(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME,
+        "1985-11-15");
+    
+    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 8, respAttr.size());    
+            
+  }
+  
+  @Test
+  public void responseWithJurMandateWithWorkAround() throws EaafException, SpecificCommunicationException {
+    basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson", 
+        "true");
+    
+    //request natural person subject only
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+        
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+    
+    attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 10, respAttr.size());  
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER, 
+        (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName());
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName());
+    checkAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH, authData.getDateOfBirth());
+   
+  }
+  
+  @Test
+  public void responseWithJurMandateWithWorkAroundNoNatSubject() throws EaafException, SpecificCommunicationException {
+    basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson", 
+        "true");
+    
+    //request natural person subject only
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+        
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+    
+    attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 6, respAttr.size());     
+    assertNull("find nat. person subject: personalId", 
+        getAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
+    assertNull("find nat. person subject: familyName", 
+        getAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME));
+    assertNull("find nat. person subject: givenName", 
+        getAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME));
+    assertNull("find nat. person subject: dateOfBirth", 
+        getAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH));
+    
+  }
+  
+  @Test
+  public void checkBasicConstrainsInAction() {
+    
+    Assert.assertTrue("Wrong NeedAuthentication", action.needAuthentication(pendingReq, httpReq, httpResp));
+    Assert.assertNotNull("Missing ActionName", action.getDefaultActionName());
+    
+    Assert.assertNotNull("missing ActionBean", context.getBean(ProxyServiceAuthenticationAction.class));
+    
+  }
+  
+  private IAuthData generateDummyAuthData() {
+    return generateDummyAuthData(Collections.emptyMap(), EaafConstants.EIDAS_LOA_LOW, 
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1940-01-01", false);
+    
+  }
+  
+  private Object getAttrValue(ImmutableAttributeMap respAttr, String attrName) {
+    final AttributeDefinition<?> attrDef = 
+        attrRegistry.getCoreAttributeRegistry().getByFriendlyName(attrName).first();
+    return respAttr.getFirstValue(attrDef); 
+    
+  }
+  
+  private void checkAttrValue(ImmutableAttributeMap respAttr, String attrName, String expected) {
+    Object value = getAttrValue(respAttr, attrName);  
+    assertNotNull("not attr value: " + attrName, value);
+   
+    if (value instanceof String) {
+      assertEquals("wrong attr. value: " + attrName, expected, value);
+     
+    } else if ( value instanceof DateTime) {
+      assertEquals("wrong attr. value: " + attrName, expected, ((DateTime)value).toString("yyyy-MM-dd"));
+          
+    }       
+  }
+  
+  private ImmutableAttributeMap validateBasicEidasResponse(IAuthData authData) throws SpecificCommunicationException {
+    assertNotNull("not redirct Header", httpResp.getHeader("Location"));
+    assertTrue("wrong redirect URL", httpResp.getHeader("Location").startsWith("http://eidas.proxy/endpoint?token="));    
+    String token = httpResp.getHeader("Location").substring("http://eidas.proxy/endpoint?token=".length());
+    
+    ILightResponse resp = springManagedSpecificConnectorCommunicationService.getAndRemoveResponse(URLDecoder.decode(token), 
+        ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes()));    
+    
+    assertNotNull("responseId", resp.getId());
+    assertEquals("inResponseTo", pendingReq.getEidasRequest().getId(), resp.getInResponseToId());
+    assertEquals("relayState", pendingReq.getEidasRequest().getRelayState(), resp.getRelayState());
+    assertEquals("LoA", authData.getEidasQaaLevel(), resp.getLevelOfAssurance());
+    
+    assertNotNull("subjectNameId", resp.getSubject());
+    assertEquals("subjectNameIdFormat", NameIDType.TRANSIENT, resp.getSubjectNameIdFormat());
+    
+    assertFalse("not attributes", resp.getAttributes().isEmpty());    
+    return resp.getAttributes();
+    
+  }
+  
+  private Builder generateBasicLightRequest() {
+    return LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(RandomStringUtils.randomAlphabetic(10))
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .spType("public")
+        .requesterId(RandomStringUtils.randomAlphanumeric(10))
+        .providerName(RandomStringUtils.randomAlphanumeric(10));
+    
+  }
+  
+  private IAuthData generateDummyAuthData(Map<String, Object> attrs, String loa, String familyName, String givenName, String dateOfBirth, 
+      boolean useMandates) {
+    return new IEidAuthData() {
+      
+      @Override
+      public boolean isSsoSession() {
+        // TODO Auto-generated method stub
+        return false;
+      }
+      
+      @Override
+      public boolean isForeigner() {
+        // TODO Auto-generated method stub
+        return false;
+      }
+      
+      @Override
+      public boolean isBaseIdTransferRestrication() {
+        // TODO Auto-generated method stub
+        return false;
+      }
+      
+      @Override
+      public Date getSsoSessionValidTo() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public String getSessionIndex() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public String getNameIdFormat() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public String getNameID() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public IIdentityLink getIdentityLink() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public String getIdentificationValue() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public String getIdentificationType() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public String getGivenName() {
+        return givenName;
+      }
+      
+      @Override
+      public <T> T getGenericData(String key, Class<T> clazz) {
+        if (attrs.containsKey(key)) {
+          return (T) attrs.get(key);
+          
+        } else {
+          return null;  
+        }
+        
+      }
+      
+      @Override
+      public String getDateOfBirth() {
+        return dateOfBirth;
+      }
+      
+      @Override
+      public String getFamilyName() {
+        return familyName;
+      }
+      
+      @Override
+      public String getEncryptedSourceIdType() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public String getEncryptedSourceId() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public String getEidasQaaLevel() {
+        return loa;
+        
+      }
+      
+      
+      @Override
+      public String getCiticenCountryCode() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public String getBpkType() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public String getBpk() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public String getAuthenticationIssuer() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public String getAuthenticationIssueInstantString() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public Date getAuthenticationIssueInstant() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+
+      @Override
+      public byte[] getSignerCertificate() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+
+      @Override
+      public byte[] getEidToken() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+
+      @Override
+      public EidIdentityStatusLevelValues getEidStatus() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+
+      @Override
+      public String getVdaEndPointUrl() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+
+      @Override
+      public boolean isUseMandate() {
+        return useMandates;
+        
+      }
+
+      @Override
+      public String getDateOfBirthFormated(String pattern) {
+        // TODO Auto-generated method stub
+        return null;
+      }
+    };
+    
+  }
+}
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml b/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml
new file mode 100644
index 00000000..6510546e
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- 
+#   Copyright (c) 2017 European Commission  
+#   Licensed under the EUPL, Version 1.2 or – as soon they will be 
+#   approved by the European Commission - subsequent versions of the 
+#    EUPL (the "Licence"); 
+#    You may not use this work except in compliance with the Licence. 
+#    You may obtain a copy of the Licence at: 
+#    * https://joinup.ec.europa.eu/page/eupl-text-11-12  
+#    *
+#    Unless required by applicable law or agreed to in writing, software 
+#    distributed under the Licence is distributed on an "AS IS" basis, 
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+#    See the Licence for the specific language governing permissions and limitations under the Licence.
+ -->
+
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+<properties>
+    <comment>Dynamic attributes</comment>
+
+    <entry key="1.NameUri">http://eidas.europa.eu/attributes/naturalperson/AdditionalAttribute</entry>
+    <entry key="1.FriendlyName">AdditionalAttribute</entry>
+    <entry key="1.PersonType">NaturalPerson</entry>
+    <entry key="1.Required">false</entry>
+    <entry key="1.XmlType.NamespaceUri">http://www.w3.org/2001/XMLSchema</entry>
+    <entry key="1.XmlType.LocalPart">string</entry>
+    <entry key="1.XmlType.NamespacePrefix">xs</entry>
+    <entry key="1.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="2.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalAdditionalAttribute</entry>
+    <entry key="2.FriendlyName">LegalAdditionalAttribute</entry>
+    <entry key="2.PersonType">LegalPerson</entry>
+    <entry key="2.Required">false</entry>
+    <entry key="2.XmlType.NamespaceUri">http://www.w3.org/2001/XMLSchema</entry>
+    <entry key="2.XmlType.LocalPart">string</entry>
+    <entry key="2.XmlType.NamespacePrefix">xs</entry>
+    <entry key="2.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+</properties>
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/eidas-attributes.xml b/modules/eidas_proxy-sevice/src/test/resources/config/eidas-attributes.xml
new file mode 100644
index 00000000..cbae35db
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/eidas-attributes.xml
@@ -0,0 +1,376 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- 
+#   Copyright (c) 2017 European Commission  
+#   Licensed under the EUPL, Version 1.2 or – as soon they will be 
+#   approved by the European Commission - subsequent versions of the 
+#    EUPL (the "Licence"); 
+#    You may not use this work except in compliance with the Licence. 
+#    You may obtain a copy of the Licence at: 
+#    * https://joinup.ec.europa.eu/page/eupl-text-11-12  
+#    *
+#    Unless required by applicable law or agreed to in writing, software 
+#    distributed under the Licence is distributed on an "AS IS" basis, 
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+#    See the Licence for the specific language governing permissions and limitations under the Licence.
+ -->
+
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+<properties>
+    <comment>eIDAS attributes</comment>
+
+    <entry key="1.NameUri">http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier</entry>
+    <entry key="1.FriendlyName">PersonIdentifier</entry>
+    <entry key="1.PersonType">NaturalPerson</entry>
+    <entry key="1.Required">true</entry>
+    <entry key="1.UniqueIdentifier">true</entry>
+    <entry key="1.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+    <entry key="1.XmlType.LocalPart">PersonIdentifierType</entry>
+    <entry key="1.XmlType.NamespacePrefix">eidas-natural</entry>
+    <entry key="1.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="2.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName</entry>
+    <entry key="2.FriendlyName">FamilyName</entry>
+    <entry key="2.PersonType">NaturalPerson</entry>
+    <entry key="2.Required">true</entry>
+    <entry key="2.TransliterationMandatory">true</entry>
+    <entry key="2.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+    <entry key="2.XmlType.LocalPart">CurrentFamilyNameType</entry>
+    <entry key="2.XmlType.NamespacePrefix">eidas-natural</entry>
+    <entry key="2.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="3.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName</entry>
+    <entry key="3.FriendlyName">FirstName</entry>
+    <entry key="3.PersonType">NaturalPerson</entry>
+    <entry key="3.Required">true</entry>
+    <entry key="3.TransliterationMandatory">true</entry>
+    <entry key="3.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+    <entry key="3.XmlType.LocalPart">CurrentGivenNameType</entry>
+    <entry key="3.XmlType.NamespacePrefix">eidas-natural</entry>
+    <entry key="3.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="4.NameUri">http://eidas.europa.eu/attributes/naturalperson/DateOfBirth</entry>
+    <entry key="4.FriendlyName">DateOfBirth</entry>
+    <entry key="4.PersonType">NaturalPerson</entry>
+    <entry key="4.Required">true</entry>
+    <entry key="4.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+    <entry key="4.XmlType.LocalPart">DateOfBirthType</entry>
+    <entry key="4.XmlType.NamespacePrefix">eidas-natural</entry>
+    <entry key="4.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller</entry>
+
+    <entry key="5.NameUri">http://eidas.europa.eu/attributes/naturalperson/BirthName</entry>
+    <entry key="5.FriendlyName">BirthName</entry>
+    <entry key="5.PersonType">NaturalPerson</entry>
+    <entry key="5.Required">false</entry>
+    <entry key="5.TransliterationMandatory">true</entry>
+    <entry key="5.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+    <entry key="5.XmlType.LocalPart">BirthNameType</entry>
+    <entry key="5.XmlType.NamespacePrefix">eidas-natural</entry>
+    <entry key="5.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="6.NameUri">http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth</entry>
+    <entry key="6.FriendlyName">PlaceOfBirth</entry>
+    <entry key="6.PersonType">NaturalPerson</entry>
+    <entry key="6.Required">false</entry>
+    <entry key="6.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+    <entry key="6.XmlType.LocalPart">PlaceOfBirthType</entry>
+    <entry key="6.XmlType.NamespacePrefix">eidas-natural</entry>
+    <entry key="6.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="7.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentAddress</entry>
+    <entry key="7.FriendlyName">CurrentAddress</entry>
+    <entry key="7.PersonType">NaturalPerson</entry>
+    <entry key="7.Required">false</entry>
+    <entry key="7.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+    <entry key="7.XmlType.LocalPart">CurrentAddressType</entry>
+    <entry key="7.XmlType.NamespacePrefix">eidas-natural</entry>
+    <entry key="7.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller</entry>
+
+    <entry key="8.NameUri">http://eidas.europa.eu/attributes/naturalperson/Gender</entry>
+    <entry key="8.FriendlyName">Gender</entry>
+    <entry key="8.PersonType">NaturalPerson</entry>
+    <entry key="8.Required">false</entry>
+    <entry key="8.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+    <entry key="8.XmlType.LocalPart">GenderType</entry>
+    <entry key="8.XmlType.NamespacePrefix">eidas-natural</entry>
+    <entry key="8.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.GenderAttributeValueMarshaller</entry>
+
+    <entry key="9.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier</entry>
+    <entry key="9.FriendlyName">LegalPersonIdentifier</entry>
+    <entry key="9.PersonType">LegalPerson</entry>
+    <entry key="9.Required">true</entry>
+    <entry key="9.UniqueIdentifier">true</entry>
+    <entry key="9.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+    <entry key="9.XmlType.LocalPart">LegalPersonIdentifierType</entry>
+    <entry key="9.XmlType.NamespacePrefix">eidas-legal</entry>
+    <entry key="9.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="10.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalName</entry>
+    <entry key="10.FriendlyName">LegalName</entry>
+    <entry key="10.PersonType">LegalPerson</entry>
+    <entry key="10.Required">true</entry>
+    <entry key="10.TransliterationMandatory">true</entry>
+    <entry key="10.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+    <entry key="10.XmlType.LocalPart">LegalNameType</entry>
+    <entry key="10.XmlType.NamespacePrefix">eidas-legal</entry>
+    <entry key="10.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="11.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalPersonAddress</entry>
+    <entry key="11.FriendlyName">LegalAddress</entry>
+    <entry key="11.PersonType">LegalPerson</entry>
+    <entry key="11.Required">false</entry>
+    <entry key="11.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+    <entry key="11.XmlType.LocalPart">LegalPersonAddressType</entry>
+    <entry key="11.XmlType.NamespacePrefix">eidas-legal</entry>
+    <entry key="11.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.LegalAddressAttributeValueMarshaller</entry>
+
+    <entry key="12.NameUri">http://eidas.europa.eu/attributes/legalperson/VATRegistrationNumber</entry>
+    <entry key="12.FriendlyName">VATRegistration</entry>
+    <entry key="12.PersonType">LegalPerson</entry>
+    <entry key="12.Required">false</entry>
+    <entry key="12.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+    <entry key="12.XmlType.LocalPart">VATRegistrationNumberType</entry>
+    <entry key="12.XmlType.NamespacePrefix">eidas-legal</entry>
+    <entry key="12.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="13.NameUri">http://eidas.europa.eu/attributes/legalperson/TaxReference</entry>
+    <entry key="13.FriendlyName">TaxReference</entry>
+    <entry key="13.PersonType">LegalPerson</entry>
+    <entry key="13.Required">false</entry>
+    <entry key="13.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+    <entry key="13.XmlType.LocalPart">TaxReferenceType</entry>
+    <entry key="13.XmlType.NamespacePrefix">eidas-legal</entry>
+    <entry key="13.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="14.NameUri">http://eidas.europa.eu/attributes/legalperson/D-2012-17-EUIdentifier</entry>
+    <entry key="14.FriendlyName">D-2012-17-EUIdentifier</entry>
+    <entry key="14.PersonType">LegalPerson</entry>
+    <entry key="14.Required">false</entry>
+    <entry key="14.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+    <entry key="14.XmlType.LocalPart">D-2012-17-EUIdentifierType</entry>
+    <entry key="14.XmlType.NamespacePrefix">eidas-legal</entry>
+    <entry key="14.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="15.NameUri">http://eidas.europa.eu/attributes/legalperson/LEI</entry>
+    <entry key="15.FriendlyName">LEI</entry>
+    <entry key="15.PersonType">LegalPerson</entry>
+    <entry key="15.Required">false</entry>
+    <entry key="15.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+    <entry key="15.XmlType.LocalPart">LEIType</entry>
+    <entry key="15.XmlType.NamespacePrefix">eidas-legal</entry>
+    <entry key="15.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="16.NameUri">http://eidas.europa.eu/attributes/legalperson/EORI</entry>
+    <entry key="16.FriendlyName">EORI</entry>
+    <entry key="16.PersonType">LegalPerson</entry>
+    <entry key="16.Required">false</entry>
+    <entry key="16.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+    <entry key="16.XmlType.LocalPart">EORIType</entry>
+    <entry key="16.XmlType.NamespacePrefix">eidas-legal</entry>
+    <entry key="16.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="17.NameUri">http://eidas.europa.eu/attributes/legalperson/SEED</entry>
+    <entry key="17.FriendlyName">SEED</entry>
+    <entry key="17.PersonType">LegalPerson</entry>
+    <entry key="17.Required">false</entry>
+    <entry key="17.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+    <entry key="17.XmlType.LocalPart">SEEDType</entry>
+    <entry key="17.XmlType.NamespacePrefix">eidas-legal</entry>
+    <entry key="17.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="18.NameUri">http://eidas.europa.eu/attributes/legalperson/SIC</entry>
+    <entry key="18.FriendlyName">SIC</entry>
+    <entry key="18.PersonType">LegalPerson</entry>
+    <entry key="18.Required">false</entry>
+    <entry key="18.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+    <entry key="18.XmlType.LocalPart">SICType</entry>
+    <entry key="18.XmlType.NamespacePrefix">eidas-legal</entry>
+    <entry key="18.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="19.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/PersonIdentifier</entry>
+    <entry key="19.FriendlyName">RepresentativePersonIdentifier</entry>
+    <entry key="19.PersonType">RepresentativeNaturalPerson</entry>
+    <entry key="19.Required">false</entry>
+    <entry key="19.UniqueIdentifier">true</entry>
+    <entry key="19.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+    <entry key="19.XmlType.LocalPart">PersonIdentifierType</entry>
+    <entry key="19.XmlType.NamespacePrefix">eidas-natural</entry>
+    <entry key="19.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="20.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentFamilyName</entry>
+    <entry key="20.FriendlyName">RepresentativeFamilyName</entry>
+    <entry key="20.PersonType">RepresentativeNaturalPerson</entry>
+    <entry key="20.Required">false</entry>
+    <entry key="20.TransliterationMandatory">true</entry>
+    <entry key="20.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+    <entry key="20.XmlType.LocalPart">CurrentFamilyNameType</entry>
+    <entry key="20.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+    <entry key="20.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="21.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentGivenName</entry>
+    <entry key="21.FriendlyName">RepresentativeFirstName</entry>
+    <entry key="21.PersonType">RepresentativeNaturalPerson</entry>
+    <entry key="21.Required">false</entry>
+    <entry key="21.TransliterationMandatory">true</entry>
+    <entry key="21.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+    <entry key="21.XmlType.LocalPart">CurrentGivenNameType</entry>
+    <entry key="21.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+    <entry key="21.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="22.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/DateOfBirth</entry>
+    <entry key="22.FriendlyName">RepresentativeDateOfBirth</entry>
+    <entry key="22.PersonType">RepresentativeNaturalPerson</entry>
+    <entry key="22.Required">false</entry>
+    <entry key="22.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+    <entry key="22.XmlType.LocalPart">DateOfBirthType</entry>
+    <entry key="22.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+    <entry key="22.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller</entry>
+
+    <entry key="23.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/BirthName</entry>
+    <entry key="23.FriendlyName">RepresentativeBirthName</entry>
+    <entry key="23.PersonType">RepresentativeNaturalPerson</entry>
+    <entry key="23.Required">false</entry>
+    <entry key="23.TransliterationMandatory">true</entry>
+    <entry key="23.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+    <entry key="23.XmlType.LocalPart">BirthNameType</entry>
+    <entry key="23.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+    <entry key="23.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="24.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/PlaceOfBirth</entry>
+    <entry key="24.FriendlyName">RepresentativePlaceOfBirth</entry>
+    <entry key="24.PersonType">RepresentativeNaturalPerson</entry>
+    <entry key="24.Required">false</entry>
+    <entry key="24.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+    <entry key="24.XmlType.LocalPart">PlaceOfBirthType</entry>
+    <entry key="24.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+    <entry key="24.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="25.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentAddress</entry>
+    <entry key="25.FriendlyName">RepresentativeCurrentAddress</entry>
+    <entry key="25.PersonType">RepresentativeNaturalPerson</entry>
+    <entry key="25.Required">false</entry>
+    <entry key="25.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+    <entry key="25.XmlType.LocalPart">CurrentAddressType</entry>
+    <entry key="25.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+    <entry key="25.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvCurrentAddressAttributeValueMarshaller</entry>
+
+    <entry key="26.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/Gender</entry>
+    <entry key="26.FriendlyName">RepresentativeGender</entry>
+    <entry key="26.PersonType">RepresentativeNaturalPerson</entry>
+    <entry key="26.Required">false</entry>
+    <entry key="26.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+    <entry key="26.XmlType.LocalPart">GenderType</entry>
+    <entry key="26.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+    <entry key="26.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.GenderAttributeValueMarshaller</entry>
+
+    <entry key="27.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonIdentifier</entry>
+    <entry key="27.FriendlyName">RepresentativeLegalPersonIdentifier</entry>
+    <entry key="27.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="27.Required">false</entry>
+    <entry key="27.UniqueIdentifier">true</entry>
+    <entry key="27.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="27.XmlType.LocalPart">LegalPersonIdentifierType</entry>
+    <entry key="27.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="27.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="28.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalName</entry>
+    <entry key="28.FriendlyName">RepresentativeLegalName</entry>
+    <entry key="28.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="28.Required">false</entry>
+    <entry key="28.TransliterationMandatory">true</entry>
+    <entry key="28.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="28.XmlType.LocalPart">LegalNameType</entry>
+    <entry key="28.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="28.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="29.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonAddress</entry>
+    <entry key="29.FriendlyName">RepresentativeLegalAddress</entry>
+    <entry key="29.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="29.Required">false</entry>
+    <entry key="29.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="29.XmlType.LocalPart">LegalPersonAddressType</entry>
+    <entry key="29.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="29.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvLegalAddressAttributeValueMarshaller</entry>
+
+    <entry key="30.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/VATRegistrationNumber</entry>
+    <entry key="30.FriendlyName">RepresentativeVATRegistration</entry>
+    <entry key="30.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="30.Required">false</entry>
+    <entry key="30.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="30.XmlType.LocalPart">VATRegistrationNumberType</entry>
+    <entry key="30.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="30.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="31.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/TaxReference</entry>
+    <entry key="31.FriendlyName">RepresentativeTaxReference</entry>
+    <entry key="31.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="31.Required">false</entry>
+    <entry key="31.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="31.XmlType.LocalPart">TaxReferenceType</entry>
+    <entry key="31.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="31.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="32.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/D-2012-17-EUIdentifier</entry>
+    <entry key="32.FriendlyName">RepresentativeD-2012-17-EUIdentifier</entry>
+    <entry key="32.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="32.Required">false</entry>
+    <entry key="32.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="32.XmlType.LocalPart">D-2012-17-EUIdentifierType</entry>
+    <entry key="32.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="32.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="33.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LEI</entry>
+    <entry key="33.FriendlyName">RepresentativeLEI</entry>
+    <entry key="33.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="33.Required">false</entry>
+    <entry key="33.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="33.XmlType.LocalPart">LEIType</entry>
+    <entry key="33.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="33.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="34.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/EORI</entry>
+    <entry key="34.FriendlyName">RepresentativeEORI</entry>
+    <entry key="34.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="34.Required">false</entry>
+    <entry key="34.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="34.XmlType.LocalPart">EORIType</entry>
+    <entry key="34.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="34.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="35.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/SEED</entry>
+    <entry key="35.FriendlyName">RepresentativeSEED</entry>
+    <entry key="35.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="35.Required">false</entry>
+    <entry key="35.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="35.XmlType.LocalPart">SEEDType</entry>
+    <entry key="35.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="35.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="36.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/SIC</entry>
+    <entry key="36.FriendlyName">RepresentativeSIC</entry>
+    <entry key="36.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="36.Required">false</entry>
+    <entry key="36.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="36.XmlType.LocalPart">SICType</entry>
+    <entry key="36.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="36.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="39.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonAddress</entry>
+    <entry key="39.FriendlyName">RepresentativeLegalAddress</entry>
+    <entry key="39.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="39.Required">false</entry>
+    <entry key="39.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="39.XmlType.LocalPart">LegalPersonAddressType</entry>
+    <entry key="39.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="39.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvLegalAddressAttributeValueMarshaller</entry>
+
+    <entry key="40.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/VATRegistrationNumber</entry>
+    <entry key="40.FriendlyName">RepresentativeVATRegistration</entry>
+    <entry key="40.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="40.Required">false</entry>
+    <entry key="40.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="40.XmlType.LocalPart">VATRegistrationNumberType</entry>
+    <entry key="40.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="40.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+
+</properties>
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
new file mode 100644
index 00000000..4f3b82b5
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
@@ -0,0 +1,6 @@
+## Basic service configuration
+eidas.ms.context.url.prefix=http://localhost
+eidas.ms.context.url.request.validation=false
+
+eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy
+eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://eidas.proxy/endpoint
\ No newline at end of file
diff --git a/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig.xml b/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig.xml
new file mode 100644
index 00000000..fe9ff441
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:context="http://www.springframework.org/schema/context"
+  xmlns:tx="http://www.springframework.org/schema/tx"
+  xmlns:aop="http://www.springframework.org/schema/aop"
+  xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+  <context:annotation-config />
+
+  <bean id="dummyMapBasedConfiguration"
+        class="at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap">
+    <constructor-arg value="/config/junit_config_1.properties" />
+    <property name="configRootDirSufix" value="src/test/resources/config" />
+  </bean>
+
+</beans>
\ No newline at end of file
diff --git a/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_test.xml b/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_test.xml
new file mode 100644
index 00000000..9870d22a
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_test.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:context="http://www.springframework.org/schema/context"
+  xmlns:tx="http://www.springframework.org/schema/tx"
+  xmlns:aop="http://www.springframework.org/schema/aop"
+  xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+
+  <import resource="classpath:/SpringTest-context_authManager.xml" />
+  <import resource="classpath:/spring/eidas_proxy-service.beans.xml"/>
+
+  <bean id="springManagedSpecificProxyserviceCommunicationService"
+        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService" />
+
+ <bean id="mvcGUIBuilderImpl"
+    class="at.gv.egiz.eaaf.core.impl.gui.builder.SpringMvcGuiFormBuilderImpl" />
+
+  <bean id="specificConnectorAttributesFileWithPath"
+    class="java.lang.String">
+    <constructor-arg
+      value="src/test/resources/config/eidas-attributes.xml" />
+  </bean>
+
+  <bean id="specificConnectorAdditionalAttributesFileWithPath"
+    class="java.lang.String">
+    <constructor-arg
+      value="src/test/resources/config/additional-attributes.xml" />
+  </bean>
+
+  <bean id="attributeRegistry"
+    class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry">
+    <property name="eidasAttributesFile"
+      ref="specificConnectorAttributesFileWithPath" />
+    <property name="additionalAttributesFile"
+      ref="specificConnectorAdditionalAttributesFileWithPath" />
+  </bean>
+
+</beans>
\ No newline at end of file
-- 
cgit v1.2.3