From 0f0dcfc7a01c4b3a8b15b12b5257f08797fd0926 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Fri, 3 Jun 2022 16:04:40 +0200
Subject: refactor(connector): move MS-Connector from new directory 'connector'
 to 'ms_specific_connector'

---
 .../connector/test/FullStartUpAndProcessTest.java  | 606 +++++++++++++++++++++
 .../test/MainClassExecutableModeTest.java          | 119 ++++
 .../connector/test/MainClassWebAppModeTest.java    | 141 +++++
 .../MsConnectorSpringResourceProviderTest.java     |  56 ++
 .../attributes/AuthBlockAttributeBuilderTest.java  | 114 ++++
 .../attributes/EidasBindAttributeBuilderTest.java  | 105 ++++
 .../test/config/BasicConfigurationTest.java        | 137 +++++
 .../test/config/MsConnectorMessageSourceTest.java  |  71 +++
 .../ProcessEngineSignalControllerTest.java         |  77 +++
 .../test/saml2/Pvp2SProfileEndPointTest.java       | 337 ++++++++++++
 .../task/EvaluateCountrySelectionTaskTest.java     | 193 +++++++
 ...nerateCountrySelectionFrameBmiTemplateTest.java | 110 ++++
 .../GenerateCountrySelectionFrameTaskTest.java     | 157 ++++++
 .../test/utils/AuthnRequestValidatorTest.java      | 336 ++++++++++++
 .../utils/CountrySelectionProcessImplTest.java     | 120 ++++
 15 files changed, 2679 insertions(+)
 create mode 100644 ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
 create mode 100644 ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java
 create mode 100644 ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java
 create mode 100644 ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/MsConnectorSpringResourceProviderTest.java
 create mode 100644 ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java
 create mode 100644 ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java
 create mode 100644 ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/config/BasicConfigurationTest.java
 create mode 100644 ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/config/MsConnectorMessageSourceTest.java
 create mode 100644 ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java
 create mode 100644 ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java
 create mode 100644 ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/task/EvaluateCountrySelectionTaskTest.java
 create mode 100644 ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/task/GenerateCountrySelectionFrameBmiTemplateTest.java
 create mode 100644 ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/task/GenerateCountrySelectionFrameTaskTest.java
 create mode 100644 ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java
 create mode 100644 ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/CountrySelectionProcessImplTest.java

(limited to 'ms_specific_connector/src/test/java/at/asitplus')

diff --git a/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
new file mode 100644
index 00000000..9f62d41e
--- /dev/null
+++ b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
@@ -0,0 +1,606 @@
+package at.asitplus.eidas.specific.connector.test;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.lang.reflect.Field;
+import java.math.BigInteger;
+import java.net.URISyntaxException;
+import java.time.Instant;
+import java.util.Map;
+import java.util.Timer;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.transform.TransformerException;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.ignite.Ignition;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.config.InitializationException;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.MarshallingException;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.metadata.resolver.impl.ResourceBackedMetadataResolver;
+import org.opensaml.saml.saml2.core.RequestAbstractType;
+import org.opensaml.saml.saml2.core.StatusResponseType;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.web.servlet.setup.DefaultMockMvcBuilder;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.util.Base64Utils;
+import org.springframework.web.context.WebApplicationContext;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import com.github.skjolber.mockito.soap.SoapServiceRule;
+
+import at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController;
+import at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint;
+import at.asitplus.eidas.specific.connector.provider.PvpEndPointCredentialProvider;
+import at.asitplus.eidas.specific.connector.provider.PvpMetadataProvider;
+import at.asitplus.eidas.specific.connector.test.saml2.Pvp2SProfileEndPointTest;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
+import at.gv.bmi.namespace.zmr_su.base._20040201.ResponseType;
+import at.gv.bmi.namespace.zmr_su.base._20040201.WorkflowInfoServer;
+import at.gv.bmi.namespace.zmr_su.base._20040201_.ServicePort;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.EidasIdentitaetErgebnisType;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.NatuerlichePersonErgebnisType;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.NatuerlichePersonErgebnisType.PersonenName;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonErgebnisSatzType;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonErgebnisType;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenResponse;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.Personendaten;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonensuchergebnisType;
+import at.gv.e_government.reference.namespace.persondata.de._20040201.IdentificationType;
+import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer;
+import at.gv.egiz.eaaf.core.api.IStatusMessenger;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController;
+import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
+import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication;
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.light.ILightRequest;
+import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse;
+import eu.eidas.auth.commons.tx.BinaryLightToken;
+import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames;
+import eu.eidas.specificcommunication.exception.SpecificCommunicationException;
+import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
+import lombok.SneakyThrows;
+import lombok.val;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.xml.XMLParserException;
+import okhttp3.mockwebserver.MockResponse;
+import okhttp3.mockwebserver.MockWebServer;
+import szrservices.GetIdentityLinkEidasResponse;
+import szrservices.PersonInfoType;
+import szrservices.SZR;
+import szrservices.SZRException_Exception;
+import szrservices.SignContentEntry;
+import szrservices.SignContentResponseType;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@SpringBootTest
+@ContextConfiguration(initializers = {
+    org.springframework.boot.context.config.DelegatingApplicationContextInitializer.class,
+    SpringBootApplicationContextInitializer.class
+    })
+@TestPropertySource(locations = { "file:src/test/resources/config/junit_config_1_springboot.properties" })
+@DirtiesContext(classMode = ClassMode.AFTER_CLASS)
+@ActiveProfiles(profiles = {"JUNIT", "jUnitTestMode"})
+public class FullStartUpAndProcessTest {
+
+  private static final String FINAL_REDIRECT = "http://localhost/public/secure/finalizeAuthProtocol?pendingid=";
+
+  @Autowired private WebApplicationContext wac;
+  @Autowired private PvpEndPointCredentialProvider credentialProvider;
+  @Autowired private PvpMetadataProvider metadataProvider;
+  @Autowired private ResourceLoader resourceLoader;
+  @Autowired private EidasAttributeRegistry attrRegistry;
+
+  @Autowired private Pvp2SProfileEndpoint sProfile;
+  @Autowired private ProcessEngineSignalController signal;
+  @Autowired private EidasSignalServlet eidasSignal;
+  @Autowired private ProtocolFinalizationController finalize;
+
+  @Autowired private IStatusMessenger messager;
+
+  @Rule
+  public final SoapServiceRule soap = SoapServiceRule.newInstance();
+
+  private SZR szrMock;
+  private ServicePort zmrClient;
+  
+  private static MockWebServer mockWebServer;
+  
+  private String cc;
+  private String givenName;
+  private String familyName;
+  private String dateOfBirth;
+  private String personalId;
+  private String pseudonym;
+  private String vsz;
+  private String eidasBind;
+
+
+
+
+
+
+  /**
+   * jUnit class initializer.
+   * @throws InterruptedException In case of an error
+   * @throws ComponentInitializationException  In case of an error
+   * @throws InitializationException In case of an error
+   *
+   */
+  @BeforeClass
+  @SneakyThrows
+  public static void classInitializer() {
+    final String current = new java.io.File(".").toURI().toString();
+    System.clearProperty("eidas.ms.configuration");
+
+    //eIDAS Ref. Impl. properties
+    System.setProperty("EIDAS_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    System.setProperty("SPECIFIC_CONNECTOR_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    System.setProperty("SPECIFIC_PROXY_SERVICE_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+
+    EaafOpenSaml3xInitializer.eaafInitialize();
+
+    // start ERnP mockup WebServer
+    mockWebServer = new MockWebServer();
+    mockWebServer.start(1718);
+    
+  }
+
+  /**
+   * Test shut-down.
+   *
+   * @throws Exception In case of an error
+   */
+  @AfterClass
+  @SneakyThrows
+  public static void closeIgniteNode() {
+    System.out.println("Closiong Ignite Node ... ");
+    Ignition.stopAll(true);
+
+    //set Ignite-node holder to 'null' because static holders are shared between different tests
+    final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance");
+    field.setAccessible(true);
+    field.set(null, null);
+    
+    // shut-down ERnP mock-up WebServer
+    mockWebServer.shutdown();
+
+  }
+
+  /**
+   * jUnit test set-up.
+   *
+   *
+   */
+  @Before
+  public void setup() throws IOException {
+    DefaultMockMvcBuilder builder = MockMvcBuilders.webAppContextSetup(this.wac);
+    @SuppressWarnings("rawtypes")
+    Map<String, FilterRegistrationBean> filters = wac.getBeansOfType(FilterRegistrationBean.class);
+    for (FilterRegistrationBean<?> filter : filters.values()) {
+      if (filter.isEnabled()) {
+        builder.addFilter(filter.getFilter(), "/*");
+
+      }
+    }
+
+    LogMessageProviderFactory.setStatusMessager(messager);
+
+    szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr");
+    zmrClient = soap.mock(ServicePort.class,  "http://localhost:1234/demozmr");
+
+
+    cc = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    pseudonym = RandomStringUtils.randomNumeric(64);
+    personalId = cc + "/AT/" + pseudonym;
+    familyName = RandomStringUtils.randomAlphabetic(10);
+    givenName = RandomStringUtils.randomAlphabetic(10);
+    dateOfBirth = "2015-10-12";
+
+    vsz = RandomStringUtils.randomNumeric(10);
+    eidasBind = RandomStringUtils.randomAlphanumeric(50);
+
+  }
+
+  @Test
+  public void userStopProcess() throws UnsupportedEncodingException, XMLParserException, UnmarshallingException,
+      TransformerException, IOException, MarshallingException, ComponentInitializationException, EaafException {
+    //start authentication process by sending a SAML2 Authn-Request
+    MockHttpServletRequest saml2Req = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+    injectSaml2AuthnReq(saml2Req);
+    MockHttpServletResponse selectCountryResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(saml2Req, selectCountryResp));
+
+    // send SAML2 AuthnRequest
+    sProfile.pvpIdpPostRequest(saml2Req, selectCountryResp);
+
+    //check country-selection response
+    Assert.assertEquals("no country-selection page", 200, selectCountryResp.getStatus());
+    Assert.assertEquals("cc-selection page", "text/html;charset=UTF-8", selectCountryResp.getContentType());
+    String selectionPage = selectCountryResp.getContentAsString();
+    Assert.assertNotNull("selectionPage is null", selectionPage);
+    Assert.assertFalse("selectionPage is empty", selectionPage.isEmpty());
+
+    String pendingReqId = extractRequestToken(selectionPage,
+        "<input type=\"hidden\" name=\"pendingid\" value=\"");
+    Assert.assertFalse("PendingReqId", pendingReqId.isEmpty());
+
+
+    // set-up user-stop request
+    MockHttpServletRequest userStopReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+    userStopReq.setParameter("pendingid", pendingReqId);
+    userStopReq.setParameter(EaafConstants.PARAM_HTTP_STOP_PROCESS, "true");
+
+    MockHttpServletResponse finalizeResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(userStopReq, finalizeResp));
+
+    // send user-stop request
+    signal.performGenericAuthenticationProcess(userStopReq, finalizeResp);
+
+    //validate state
+    Assert.assertEquals("forward to finalization", 302, finalizeResp.getStatus());
+    Assert.assertNotNull("missing redirect header", finalizeResp.getHeader("Location"));
+    Assert.assertTrue("wrong redirect header", finalizeResp.getHeader("Location").startsWith(FINAL_REDIRECT));
+    String finalPendingReqId = finalizeResp.getHeader("Location").substring(FINAL_REDIRECT.length());
+    Assert.assertFalse("final pendingRequestId", finalPendingReqId.isEmpty());
+
+    //set-up finalization request
+    MockHttpServletRequest finalizationReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+    finalizationReq.setParameter("pendingid", finalPendingReqId);
+
+    MockHttpServletResponse saml2Resp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(finalizationReq, saml2Resp));
+
+    // exexcute finalization step
+    finalize.finalizeAuthProtocol(finalizationReq, saml2Resp);
+
+    //validate state
+    Assert.assertEquals("forward to finalization", 200, saml2Resp.getStatus());
+    Assert.assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", saml2Resp.getContentType());
+    String saml2RespPage = saml2Resp.getContentAsString();
+    Assert.assertNotNull("selectionPage is null", saml2RespPage);
+    Assert.assertFalse("selectionPage is empty", saml2RespPage.isEmpty());
+
+    //validate SAML2 response
+    String saml2RespB64 = extractRequestToken(saml2RespPage,
+        "<input type=\"hidden\" name=\"SAMLResponse\" value=\"");
+    Assert.assertNotNull("SAML2 response", saml2RespB64);
+
+    StatusResponseType saml2 = (StatusResponseType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        new ByteArrayInputStream(Base64Utils.decodeFromString(saml2RespB64)));
+    Assert.assertEquals("SAML2 status", "urn:oasis:names:tc:SAML:2.0:status:Responder",
+        saml2.getStatus().getStatusCode().getValue());
+    Assert.assertEquals("ms-connector status", "1005",
+        saml2.getStatus().getStatusCode().getStatusCode().getValue());
+
+  }
+
+  @Test
+  public void fullSuccessProcess() throws EaafException, Exception {
+    //start authentication process by sending a SAML2 Authn-Request
+    MockHttpServletRequest saml2Req = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+    injectSaml2AuthnReq(saml2Req);
+    MockHttpServletResponse selectCountryResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(saml2Req, selectCountryResp));
+
+    // send SAML2 AuthnRequest
+    sProfile.pvpIdpPostRequest(saml2Req, selectCountryResp);
+
+    //check country-selection response
+    Assert.assertEquals("no country-selection page", 200, selectCountryResp.getStatus());
+    Assert.assertEquals("cc-selection page", "text/html;charset=UTF-8", selectCountryResp.getContentType());
+    String selectionPage = selectCountryResp.getContentAsString();
+    Assert.assertNotNull("selectionPage is null", selectionPage);
+    Assert.assertFalse("selectionPage is empty", selectionPage.isEmpty());
+
+    String pendingReqId = extractRequestToken(selectionPage,
+        "<input type=\"hidden\" name=\"pendingid\" value=\"");
+    Assert.assertFalse("PendingReqId", pendingReqId.isEmpty());
+
+
+    // set-up country-selection request
+    MockHttpServletRequest selectCountryReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+    selectCountryReq.setParameter("pendingid", pendingReqId);
+    selectCountryReq.setParameter("selectedCountry", cc);
+
+    MockHttpServletResponse forwardEidasNodeResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(selectCountryReq, forwardEidasNodeResp));
+
+    // send country-selection request
+    signal.performGenericAuthenticationProcess(selectCountryReq, forwardEidasNodeResp);
+
+    //check forward to eIDAS node response
+    Assert.assertEquals("forward to eIDAS Node", 200, forwardEidasNodeResp.getStatus());
+    Assert.assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", forwardEidasNodeResp.getContentType());
+    String forwardPage = forwardEidasNodeResp.getContentAsString();
+    Assert.assertNotNull("forward to eIDAS Node is null", forwardPage);
+    Assert.assertFalse("forward to eIDAS Node is empty", forwardPage.isEmpty());
+
+    String eidasNodeReqToken = extractRequestToken(forwardPage,
+        "<input type=\"hidden\" name=\"token\" value=\"");
+    Assert.assertFalse("eidas req. token", eidasNodeReqToken.isEmpty());
+
+    //check eIDAS node request and build respose
+    String eidasRespToken = validateEidasNodeRequestAndBuildResponse(eidasNodeReqToken);
+    Assert.assertFalse("eidas resp. token", eidasRespToken.isEmpty());
+
+
+    // set-up eIDAS-node response
+    MockHttpServletRequest eidasNodeRespReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+    eidasNodeRespReq.setParameter("token", eidasRespToken);
+
+    MockHttpServletResponse finalizeResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(eidasNodeRespReq, finalizeResp));
+
+    // inject ZMR, ERnP and SZR responses for matching
+    injectZmrResponse();
+    injectSzrResponse();    
+    mockWebServer.enqueue(new MockResponse().setResponseCode(200)
+        .setBody("{}") // empty response because we simulate result from ZMR
+        .setHeader("Content-Type", "application/json;charset=utf-8"));
+    
+    //excute eIDAS node response
+    eidasSignal.restoreEidasAuthProcess(eidasNodeRespReq, finalizeResp);
+
+    //validate state
+    Assert.assertEquals("forward to finalization", 302, finalizeResp.getStatus());
+    Assert.assertNotNull("missing redirect header", finalizeResp.getHeader("Location"));
+    Assert.assertTrue("wrong redirect header", finalizeResp.getHeader("Location").startsWith(FINAL_REDIRECT));
+    String finalPendingReqId = finalizeResp.getHeader("Location").substring(FINAL_REDIRECT.length());
+    Assert.assertFalse("final pendingRequestId", finalPendingReqId.isEmpty());
+
+
+    //set-up finalization request
+    MockHttpServletRequest finalizationReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+    finalizationReq.setParameter("pendingid", finalPendingReqId);
+
+    MockHttpServletResponse saml2Resp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(finalizationReq, saml2Resp));
+
+    // exexcute finalization step
+    finalize.finalizeAuthProtocol(finalizationReq, saml2Resp);
+
+    //validate state
+    Assert.assertEquals("forward to finalization", 200, saml2Resp.getStatus());
+    Assert.assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", saml2Resp.getContentType());
+    String saml2RespPage = saml2Resp.getContentAsString();
+    Assert.assertNotNull("selectionPage is null", saml2RespPage);
+    Assert.assertFalse("selectionPage is empty", saml2RespPage.isEmpty());
+
+    //validate SAML2 response
+    String saml2RespB64 = extractRequestToken(saml2RespPage,
+        "<input type=\"hidden\" name=\"SAMLResponse\" value=\"");
+    Assert.assertNotNull("SAML2 response", saml2RespB64);
+
+    StatusResponseType saml2 = (StatusResponseType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        new ByteArrayInputStream(Base64Utils.decodeFromString(saml2RespB64)));
+    Assert.assertEquals("SAML2 status", EidasConstants.SUCCESS_URI, saml2.getStatus().getStatusCode().getValue());
+
+    final AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(saml2);
+
+    Assert.assertEquals("wrong resp attr. size", 7, extractor.getAllIncludeAttributeNames().size());
+    Assert.assertEquals("Wrong attr: LoA ", "http://eidas.europa.eu/LoA/high",
+        extractor.getSingleAttributeValue("urn:oid:1.2.40.0.10.2.1.1.261.108"));
+    Assert.assertEquals("Wrong attr: PVP_VERSION ", "2.2",
+        extractor.getSingleAttributeValue("urn:oid:1.2.40.0.10.2.1.1.261.10"));
+    Assert.assertEquals("Wrong attr: EID_ISSUER_NATION  ", cc,
+        extractor.getSingleAttributeValue("urn:oid:1.2.40.0.10.2.1.1.261.32"));
+    Assert.assertEquals("Wrong attr: eidasBind", eidasBind,
+        extractor.getSingleAttributeValue("urn:eidgvat:attributes.eidbind"));
+    Assert.assertNotNull("Wrong attr:  authBlock",
+        extractor.getSingleAttributeValue("urn:eidgvat:attributes.authblock.signed"));
+    Assert.assertNotNull("Wrong attr: piiTras.Id ",
+        extractor.getSingleAttributeValue("urn:eidgvat:attributes.piiTransactionId"));
+    Assert.assertEquals("Wrong attr:EID_STATUS_LEVEL ", "http://eid.gv.at/eID/status/identity",
+        extractor.getSingleAttributeValue(PvpAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_NAME));
+
+  }
+
+  private void injectSzrResponse() throws Exception {
+    when(szrMock.getStammzahlEncrypted(any(), any())).thenReturn(vsz);
+
+    val signContentResp = new SignContentResponseType();
+    final SignContentEntry signContentEntry = new SignContentEntry();
+    signContentEntry.setValue(eidasBind);
+    signContentResp.getOut().add(signContentEntry);
+    when(szrMock.signContent(any(), any(), any())).thenReturn(signContentResp);
+
+  }
+
+  private void injectZmrResponse() throws Exception {
+    ResponseType resp = new ResponseType();
+
+    WorkflowInfoServer workflow = new WorkflowInfoServer();
+    workflow.setProzessInstanzID(new BigInteger(RandomStringUtils.randomNumeric(10)));
+    resp.setWorkflowInfoServer(workflow);
+
+    PersonSuchenResponse persRespObj = new PersonSuchenResponse();
+    PersonensuchergebnisType searchResult = new PersonensuchergebnisType();
+    PersonErgebnisSatzType personInfoObj = new PersonErgebnisSatzType();
+    resp.setPersonSuchenResponse(persRespObj);
+    persRespObj.setPersonensuchergebnis(searchResult);
+
+    searchResult.setGefundeneSaetzeERnP(0);
+    searchResult.setGefundeneSaetze(1);
+    searchResult.getPersonErgebnisSatz().add(personInfoObj);
+
+    PersonErgebnisType personInfo = new PersonErgebnisType();
+    Personendaten personDataObj = new Personendaten();
+    personInfoObj.setPersonendaten(personDataObj);
+    personDataObj.getPersonErgebnis().add(personInfo);
+
+    EidasIdentitaetErgebnisType eidasPersonalIdentifier = new EidasIdentitaetErgebnisType();
+    personInfo.getEidasIdentitaet().add(eidasPersonalIdentifier);
+    eidasPersonalIdentifier.setEidasWert(pseudonym);
+    eidasPersonalIdentifier.setEidasArt(EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER);
+    eidasPersonalIdentifier.setStaatscode2(cc);
+
+    NatuerlichePersonErgebnisType natInfo = new NatuerlichePersonErgebnisType();
+    IdentificationType bpk = new IdentificationType();
+    PersonenName natName = new PersonenName();
+    natInfo.getIdentification().add(bpk);
+    natInfo.setPersonenName(natName);
+    personInfo.setNatuerlichePerson(natInfo);
+
+    bpk.setType(EaafConstants.URN_PREFIX_CDID + "ZP");
+    bpk.setValue(RandomStringUtils.randomAlphabetic(10));
+    natInfo.setGeburtsdatum(dateOfBirth);
+    natName.setFamilienname(familyName);
+    natName.setVorname(givenName);
+
+    when(zmrClient.service(any(), any())).thenReturn(resp);
+
+  }
+
+
+  private String validateEidasNodeRequestAndBuildResponse(String eidasNodeReqToken)
+      throws SpecificCommunicationException, URISyntaxException {
+    final SpecificCommunicationService springManagedSpecificConnectorCommunicationService =
+        (SpecificCommunicationService) wac.getBean(
+            SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString());
+
+    //read request and validate basic properties
+    ILightRequest req = springManagedSpecificConnectorCommunicationService.getAndRemoveRequest(eidasNodeReqToken,
+        attrRegistry.getCoreAttributeRegistry().getAttributes());
+
+    Assert.assertNotNull("eIDAS Node req", req);
+    Assert.assertEquals("Wrong CC", cc, req.getCitizenCountryCode());
+    Assert.assertEquals("Wrong CC", EaafConstants.EIDAS_LOA_HIGH, req.getLevelOfAssurance());
+
+
+    //set response from eIDAS node
+    BinaryLightToken respoToken = springManagedSpecificConnectorCommunicationService.putResponse(
+        buildDummyAuthResponse(EidasConstants.SUCCESS_URI, req.getId()));
+    return Base64Utils.encodeToString(respoToken.getTokenBytes());
+
+  }
+
+  private AuthenticationResponse buildDummyAuthResponse(String statusCode, String reqId) throws URISyntaxException {
+    final AttributeDefinition<?> attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+        EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
+    final AttributeDefinition<?> attributeDef2 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+        EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
+    final AttributeDefinition<?> attributeDef3 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+        EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first();
+    final AttributeDefinition<?> attributeDef4 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+        EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first();
+
+    final ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder()
+        .put(attributeDef, personalId)
+        .put(attributeDef2, familyName)
+        .put(attributeDef3, givenName)
+        .put(attributeDef4, dateOfBirth).build();
+
+    val b = new AuthenticationResponse.Builder();
+    return b.id("_".concat(Random.nextHexRandom16()))
+        .issuer(RandomStringUtils.randomAlphabetic(10))
+        .subject(RandomStringUtils.randomAlphabetic(10))
+        .statusCode(statusCode)
+        .inResponseTo(reqId)
+        .subjectNameIdFormat("afaf")
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .attributes(attributeMap)
+        .build();
+
+  }
+
+  private String extractRequestToken(String selectionPage, String selector) {
+    int start = selectionPage.indexOf(selector);
+    Assert.assertTrue("find no pendingReqId location start", start > 0);
+    int end = selectionPage.indexOf("\"", start + selector.length());
+    Assert.assertTrue("find no pendingReqId location end", end > 0);
+    return selectionPage.substring(start + selector.length(), end);
+
+  }
+
+  private void injectSaml2AuthnReq(MockHttpServletRequest saml2Req) throws XMLParserException, UnmarshallingException,
+      SamlSigningException, CredentialsNotAvailableException, UnsupportedEncodingException, TransformerException,
+      IOException, MarshallingException, ComponentInitializationException {
+    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_1.xml"));
+    authnReq.setIssueInstant(Instant.now());    
+    RequestAbstractType signedAuthnReq = 
+        Saml2Utils.signSamlObject(authnReq, credentialProvider.getMessageSigningCredential(), true);           
+    String b64 = Base64Utils.encodeToString(DomUtils.serializeNode(
+          XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8"));
+    saml2Req.setParameter("SAMLRequest", b64);
+
+    final org.springframework.core.io.Resource resource = resourceLoader.getResource(
+        "classpath:/data/metadata_valid_without_encryption.xml");
+    Timer timer = new Timer("PVP metadata-resolver refresh");
+    ResourceBackedMetadataResolver fileSystemResolver =
+        new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource));
+    fileSystemResolver.setId("test");
+    fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
+    fileSystemResolver.initialize();
+    metadataProvider.addMetadataResolverIntoChain(fileSystemResolver);
+
+  }
+  
+  private void setSzrResponseIdentityLink(String responseXmlPath) throws JAXBException, SZRException_Exception {
+    final JAXBContext jaxbContext = JAXBContext
+        .newInstance(szrservices.ObjectFactory.class, org.w3._2001._04.xmldsig_more.ObjectFactory.class,
+                     org.w3._2000._09.xmldsig.ObjectFactory.class,
+                     at.gv.e_government.reference.namespace.persondata._20020228.ObjectFactory.class);
+    final Unmarshaller jaxbUnmarshaller = jaxbContext.createUnmarshaller();
+    final GetIdentityLinkEidasResponse szrResponse = (GetIdentityLinkEidasResponse) jaxbUnmarshaller
+        .unmarshal(this.getClass().getResourceAsStream(responseXmlPath));        
+    org.mockito.Mockito.when(szrMock.getIdentityLinkEidas(any(PersonInfoType.class))).thenReturn(szrResponse.getGetIdentityLinkReturn());
+
+  }
+  
+}
diff --git a/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java
new file mode 100644
index 00000000..708560b2
--- /dev/null
+++ b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassExecutableModeTest.java
@@ -0,0 +1,119 @@
+package at.asitplus.eidas.specific.connector.test;
+
+import java.io.IOException;
+import java.lang.reflect.Field;
+
+import org.apache.http.client.ClientProtocolException;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.ignite.Ignition;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+
+import at.asitplus.eidas.specific.connector.SpringBootApplicationInitializer;
+import at.gv.egiz.eaaf.core.impl.logging.DummyStatusMessager;
+import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory;
+import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+@RunWith(BlockJUnit4ClassRunner.class)
+public class MainClassExecutableModeTest {
+
+  /**
+   * jUnit class initializer.
+   * @throws InterruptedException In case of an error
+   *
+   */
+  @BeforeClass
+  public static void classInitializer() throws InterruptedException {
+    final String current = new java.io.File(".").toURI().toString();
+    System.clearProperty("eidas.ms.configuration");
+    
+    //eIDAS Ref. Impl. properties
+    System.setProperty("EIDAS_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    System.setProperty("SPECIFIC_CONNECTOR_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    System.setProperty("SPECIFIC_PROXY_SERVICE_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+        
+  }
+
+  /**
+   * Initializer.
+   * @throws Exception In case of an error 
+   *
+   */
+  @AfterClass
+  public static void closeIgniteNode() throws Exception {
+    System.out.println("Closing Ignite Node ... ");
+    
+    log.info("Stopping already running Apache Ignite nodes ... ");
+    Ignition.stopAll(true);    
+    Thread.sleep(1000);
+    
+    //set Ignite-node holder to 'null' because static holders are shared between different tests
+    final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance");
+    field.setAccessible(true);
+    field.set(null, null);
+            
+  }
+  
+  /**
+   * Test reseter.
+   *
+   */
+  @After
+  public void cleanJvmState() throws NoSuchFieldException, SecurityException,
+      IllegalArgumentException, IllegalAccessException {
+    final Field field = LogMessageProviderFactory.class.getDeclaredField("internalMessager");
+    field.setAccessible(true);
+    field.set(null, new DummyStatusMessager());
+    
+    System.clearProperty("eidas.ms.configuration");
+    SpringBootApplicationInitializer.exit();
+    
+  }
+  
+   
+  @Test
+  public void validConfigLocation() throws Throwable {
+    SpringBootApplicationInitializer
+        .main(new String[] {
+            "--spring.config.location=src/test/resources/config/junit_config_2_springboot.properties,classpath:/application.properties",
+            "--spring.profiles.active=jUnitTestMode" });
+
+    System.out.println("Is started!");
+
+    // test Spring-Actuator http Basic-Auth
+    testSpringActuatorSecurity();
+
+  }
+
+  private void testSpringActuatorSecurity() throws ClientProtocolException, IOException {
+    // check if authentication works on actuator end-point
+    final HttpClientBuilder builder = HttpClients.custom();
+    final CloseableHttpClient client = builder.build();
+    Assert.assertNotNull("httpClient", client);
+
+    final HttpUriRequest httpGetInfo = new HttpGet("http://localhost:8080/ms_connector/actuator/info");
+    final CloseableHttpResponse httpRespInfo = client.execute(httpGetInfo);
+    Assert.assertEquals("http statusCode", 200, httpRespInfo.getStatusLine().getStatusCode());
+    
+    final HttpUriRequest httpGetHealth = new HttpGet("http://localhost:8080/ms_connector/actuator/health");
+    final CloseableHttpResponse httpRespHealth = client.execute(httpGetHealth);
+    Assert.assertEquals("http statusCode", 503, httpRespHealth.getStatusLine().getStatusCode());
+    
+  }
+
+}
diff --git a/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java
new file mode 100644
index 00000000..79d062ae
--- /dev/null
+++ b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/MainClassWebAppModeTest.java
@@ -0,0 +1,141 @@
+package at.asitplus.eidas.specific.connector.test;
+
+import java.io.IOException;
+import java.lang.reflect.Field;
+
+import org.apache.http.client.ClientProtocolException;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.ignite.Ignition;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+
+import at.asitplus.eidas.specific.connector.SpringBootApplicationInitializer;
+import at.gv.egiz.eaaf.core.impl.logging.DummyStatusMessager;
+import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory;
+import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication;
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class MainClassWebAppModeTest {
+
+  /**
+   * jUnit class initializer.
+   *
+   */
+  @BeforeClass
+  public static void classInitializer() {
+    final String current = new java.io.File(".").toURI().toString();
+    
+    //eIDAS Ref. Impl. properties
+    System.setProperty("EIDAS_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    System.setProperty("SPECIFIC_CONNECTOR_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    System.setProperty("SPECIFIC_PROXY_SERVICE_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    
+  }
+
+  /**
+   * Initializer.
+   *
+   */
+  @AfterClass
+  public static void closeIgniteNode() {
+    System.out.println("Closing Ignite Node ... ");
+    Ignition.stopAll(true);
+    
+  }
+  
+  /**
+   * Test reseter.
+   *
+   */
+  @After
+  public void cleanJvmState() throws NoSuchFieldException, SecurityException,
+      IllegalArgumentException, IllegalAccessException {
+    final Field field = LogMessageProviderFactory.class.getDeclaredField("internalMessager");
+    field.setAccessible(true);
+    field.set(null, new DummyStatusMessager());
+
+    System.clearProperty("eidas.ms.configuration");
+    SpringBootApplicationInitializer.exit();
+    
+    
+    //set Ignite-node holder to 'null' because static holders are shared between different tests
+    final Field field1 = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance");
+    field1.setAccessible(true);
+    field1.set(null, null);
+       
+  }
+  
+  @Test
+  public void wrongConfigLocation() throws Throwable {
+    //MS-specific connector property
+    final String current = new java.io.File(".").toURI().toString();
+    System.setProperty("eidas.ms.configuration", current
+        + "src/test/resources/config/notextist.properties");
+    
+    try {
+    //starting application
+      SpringBootApplicationInitializer
+          .main(new String[] {
+              "--spring.profiles.active=jUnitTestMode" });
+      Assert.fail("Missing configuration not detected");
+
+    } catch (final Exception e) {
+      Assert.assertNotNull("Exception is null", e);      
+
+    }
+  }
+  
+  
+  @Test
+  public void systemdConfigLocation() throws Throwable {    
+    //MS-specific connector property
+    final String current = new java.io.File(".").toURI().toString();
+    System.setProperty("eidas.ms.configuration", current
+        + "src/test/resources/config/junit_config_1_springboot.properties");
+        
+    //starting application
+    SpringBootApplicationInitializer
+        .main(new String[] {
+            "--spring.profiles.active=jUnitTestMode,springBoot" });
+
+    System.out.println("Is started!");
+
+    // test Spring-Actuator http Basic-Auth
+    testSpringActuatorSecurity();
+
+    
+    
+    
+  }
+  
+  private void testSpringActuatorSecurity() throws ClientProtocolException, IOException {
+    // check if authentication works on actuator end-point
+    final HttpClientBuilder builder = HttpClients.custom();
+    final CloseableHttpClient client = builder.build();
+    Assert.assertNotNull("httpClient", client);
+
+    final HttpUriRequest httpGetInfo = new HttpGet("http://localhost:8080/ms_connector/actuator/info");
+    final CloseableHttpResponse httpRespInfo = client.execute(httpGetInfo);
+    Assert.assertEquals("http statusCode", 200, httpRespInfo.getStatusLine().getStatusCode());
+
+    
+    final HttpUriRequest httpGetHealth = new HttpGet("http://localhost:8080/ms_connector/actuator/health");
+    final CloseableHttpResponse httpRespHealth = client.execute(httpGetHealth);
+    Assert.assertEquals("http statusCode", 503, httpRespHealth.getStatusLine().getStatusCode());
+    
+  }
+
+}
diff --git a/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/MsConnectorSpringResourceProviderTest.java b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/MsConnectorSpringResourceProviderTest.java
new file mode 100644
index 00000000..5d73e3de
--- /dev/null
+++ b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/MsConnectorSpringResourceProviderTest.java
@@ -0,0 +1,56 @@
+package at.asitplus.eidas.specific.connector.test;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.apache.commons.io.IOUtils;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+import org.springframework.core.io.Resource;
+
+import at.asitplus.eidas.specific.connector.MsSpecificEidasNodeSpringResourceProvider;
+import at.gv.egiz.eaaf.core.test.TestConstants;
+
+
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class MsConnectorSpringResourceProviderTest {
+
+  @Test
+  public void testSpringConfig() {
+    final MsSpecificEidasNodeSpringResourceProvider test =
+        new MsSpecificEidasNodeSpringResourceProvider();
+    for (final Resource el : test.getResourcesToLoad()) {
+      try {
+        IOUtils.toByteArray(el.getInputStream());
+
+      } catch (final IOException e) {
+        Assert.fail("Ressouce: " + el.getFilename() + " not found");
+      }
+
+    }
+
+    Assert.assertNotNull("no Name", test.getName());
+    Assert.assertNull("Find package definitions", test.getPackagesToScan());
+
+  }
+
+  @Test
+  public void testSpILoaderConfig() {
+    final InputStream el = this.getClass().getResourceAsStream(TestConstants.TEST_SPI_LOADER_PATH);
+    try {
+      final String spiFile = IOUtils.toString(el, "UTF-8");
+
+      Assert.assertEquals("Wrong classpath in SPI file",
+          MsSpecificEidasNodeSpringResourceProvider.class.getName(), spiFile);
+
+
+    } catch (final IOException e) {
+      Assert.fail("Ressouce: " + TestConstants.TEST_SPI_LOADER_PATH + " not found");
+
+    }
+  }
+
+}
diff --git a/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java
new file mode 100644
index 00000000..6c6276c3
--- /dev/null
+++ b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java
@@ -0,0 +1,114 @@
+package at.asitplus.eidas.specific.connector.test.attributes;
+
+import static at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME;
+
+import java.util.Base64;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.asitplus.eidas.specific.connector.attributes.AuthBlockAttributeBuilder;
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.auth.attributes.AbstractAttributeBuilderTest;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/SpringTest-context_eaaf_core.xml")
+public class AuthBlockAttributeBuilderTest extends AbstractAttributeBuilderTest {
+
+  private final String JSW =
+      "eyJhbGciOiJQUzI1NiIsIng1dCNTMjU2IjoiTjBDZUJRdzlMX1BleEt6SlhVM2w2dkF1aExGb3hkWFlIUjNSX01ubTZnRSJ9.ImF2YWFz" +
+          "YmF2Ig.dpzCcHFlISXyKEZaXgvRj0ja1cenfMuy0VKwK_rmHZLkUCb58V4X5balpQduDTyRfTyFE0zmBjm8_cmDVNOYTIG4NsEtvY" +
+          "qW4ee9JH-VpkU0w5-7HTH81R3JOd9g7XaHGPXYyUuqceZQRmkl1Vw4HSsnIAT3bb0Di0us6zmFkOPmRtbXQAym_ygGFwTVGLskUTm" +
+          "epCxmDQC7OJoIV9oqDavLySP7Ram4NHfi043uF_DmBf6csTjmQu3g2vKJWwlkD8RXDzqksozO8fLDFyVWjA8G1IcvnuHDW1nTTkuG" +
+          "_fBIU6yBZ7kQe9vtjqKiGhGa1zD-F_Lem2zsY7d7dVUvyQ";
+  private final IAttributeBuilder attrBuilde = new AuthBlockAttributeBuilder();
+
+  @Rule
+  public TestName mTestName = new TestName();
+
+  @Before
+  public void init() {
+    log.info("setting up");
+  }
+
+  @Test
+  public void checkName() {
+    Assert.assertEquals("Wrong attr. name", 
+        ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, attrBuilde.getName());
+    
+  }
+  
+  @Test
+  public void checkEmptyAttribute() {
+    Assert.assertNull("empty attr.", attrBuilde.buildEmpty(gen));
+    
+  }
+  
+  @Test
+  public void okTest() {
+    log.info("starting: " + mTestName);
+    try {
+      final IAuthData authData = buildAuthData();
+      ((AuthenticationData) authData).setGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, JSW);
+
+      final String value = attrBuilde.build(spConfig, authData, gen);
+
+      Assert.assertNotNull("AuthBlock", value);
+      Assert.assertEquals("Authblock build wrong", JSW, new String(Base64.getDecoder().decode(value)));
+
+    } catch (final Exception e) {
+      Assert.assertNull("Attr. builder has an exception", e);
+    }
+  }
+
+
+  @Test
+  public void nullTest() {
+    log.info("starting: " + mTestName);
+    try {
+      final IAuthData authData = buildAuthData();
+      ((AuthenticationData) authData).setGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, null);
+
+      final String value = attrBuilde.build(spConfig, authData, gen);
+      Assert.fail("Attr. Builder provide no 'UnavailableAttributeException'");
+
+    } catch (final Exception e) {
+      Assert.assertTrue("Attr. builder provide wrong exception",
+                        e instanceof UnavailableAttributeException);
+      Assert.assertEquals("Attr. name in exception does NOT match",
+                          EID_AUTHBLOCK_SIGNED_NAME,
+                          ((UnavailableAttributeException) e).getAttributeName());
+    }
+  }
+
+  @Test
+  public void emptyTest() {
+    log.info("starting: " + mTestName);
+    try {
+      final IAuthData authData = buildAuthData();
+      ((AuthenticationData) authData).setGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, "");
+
+      final String value = attrBuilde.build(spConfig, authData, gen);
+      Assert.fail("Attr. Builder provide no 'UnavailableAttributeException'");
+
+    } catch (final Exception e) {
+      Assert.assertTrue("Attr. builder provide wrong exception",
+                        e instanceof UnavailableAttributeException);
+      Assert.assertEquals("Attr. name in exception does NOT match",
+                          EID_AUTHBLOCK_SIGNED_NAME,
+                          ((UnavailableAttributeException) e).getAttributeName());    }
+  }
+}
diff --git a/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java
new file mode 100644
index 00000000..969a22fb
--- /dev/null
+++ b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java
@@ -0,0 +1,105 @@
+package at.asitplus.eidas.specific.connector.test.attributes;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.asitplus.eidas.specific.connector.attributes.EidasBindAttributeBuilder;
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.auth.attributes.AbstractAttributeBuilderTest;
+import lombok.extern.slf4j.Slf4j;
+
+
+@Slf4j
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/SpringTest-context_eaaf_core.xml")
+public class EidasBindAttributeBuilderTest extends AbstractAttributeBuilderTest {
+
+  private final IAttributeBuilder attrBuilde = new EidasBindAttributeBuilder();
+
+  @Rule
+  public TestName mTestName = new TestName();
+
+  @Before
+  public void init() {
+    log.info("setting up");
+  }
+
+  @Test
+  public void checkName() {
+    Assert.assertEquals("Wrong attr. name", 
+        ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, attrBuilde.getName());
+    
+  }
+  
+  @Test
+  public void checkEmptyAttribute() {
+    Assert.assertNull("empty attr.", attrBuilde.buildEmpty(gen));
+    
+  }
+  
+  @Test
+  public void okTest() {
+    log.info("starting: " + mTestName);
+    try {
+      final IAuthData authData = buildAuthData();
+      ((AuthenticationData) authData).setGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, "vuG8w29GT0");
+
+      final String value = attrBuilde.build(spConfig, authData, gen);
+
+      Assert.assertEquals("eDIAS bind build wrong", "vuG8w29GT0", value);
+
+    } catch (final Exception e) {
+      Assert.assertNull("Attr. builder has an exception", e);
+    }
+  }
+
+  @Test
+  public void nullTest() {
+    log.info("starting: " + mTestName);
+    try {
+      final IAuthData authData = buildAuthData();
+      ((AuthenticationData) authData).setGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, null);
+
+      final String value = attrBuilde.build(spConfig, authData, gen);
+      Assert.fail("Attr. Builder provide no 'UnavailableAttributeException'");
+
+    } catch (final Exception e) {
+      Assert.assertTrue("Attr. builder provide wrong exception",
+                        e instanceof UnavailableAttributeException);
+      Assert.assertEquals("Attr. name in exception does NOT match",
+                          ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME,
+                          ((UnavailableAttributeException) e).getAttributeName());
+    }
+  }
+
+  @Test
+  public void emptyTest() {
+    log.info("starting: " + mTestName);
+    try {
+      final IAuthData authData = buildAuthData();
+      ((AuthenticationData) authData).setGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, "");
+
+      final String value = attrBuilde.build(spConfig, authData, gen);
+      Assert.fail("Attr. Builder provide no 'UnavailableAttributeException'");
+
+    } catch (final Exception e) {
+      Assert.assertTrue("Attr. builder provide wrong exception",
+                        e instanceof UnavailableAttributeException);
+      Assert.assertEquals("Attr. name in exception does NOT match",
+                          ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME,
+                          ((UnavailableAttributeException) e).getAttributeName());    }
+  }
+
+
+}
diff --git a/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/config/BasicConfigurationTest.java b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/config/BasicConfigurationTest.java
new file mode 100644
index 00000000..f9a43b52
--- /dev/null
+++ b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/config/BasicConfigurationTest.java
@@ -0,0 +1,137 @@
+package at.asitplus.eidas.specific.connector.test.config;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.cert.CertificateException;
+
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.config.InitializationException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+    "/applicationContext.xml",
+    "/spring/SpringTest_connector.beans.xml",
+    "/eaaf_core.beans.xml",
+    "/eaaf_pvp.beans.xml",
+    "/eaaf_pvp_idp.beans.xml",
+    "/spring/SpringTest-context_simple_storage.xml" })
+@WebAppConfiguration
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
+@ActiveProfiles(profiles = {"deprecatedConfig"})
+public class BasicConfigurationTest {
+
+  @Autowired private IConfigurationWithSP basicConfig;
+  
+  /**
+   * jUnit class initializer.
+   * @throws ComponentInitializationException In case of an error
+   * @throws InitializationException In case of an error
+   * @throws CertificateException 
+   * 
+   */
+  @BeforeClass
+  public static void classInitializer() throws InitializationException, 
+      ComponentInitializationException, CertificateException  {
+    final String current = new java.io.File(".").toURI().toString();
+    System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties");
+    
+  }
+  
+  
+  @Test
+  public void basicConfig() throws MalformedURLException, EaafException {    
+    Assert.assertEquals("validate req. URL", "http://localhost", 
+        basicConfig.validateIdpUrl(new URL("http://junit/test")));
+    
+    Assert.assertEquals("validate req. URL", "http://localhost", 
+        basicConfig.validateIdpUrl(new URL("http://localhost/test1/test")));
+    
+  }
+  
+  @Test
+  public void loadSpNotExist() throws EaafConfigurationException {
+    //check
+    ISpConfiguration sp = basicConfig.getServiceProviderConfiguration(
+        "https://not/exist");
+        
+    //validate state
+    Assert.assertNull("spConfig", sp);
+    
+    
+  }
+  
+  @Test
+  public void loadSpDefault() throws EaafConfigurationException {
+    //check
+    ISpConfiguration sp = basicConfig.getServiceProviderConfiguration(
+        "https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata");
+        
+    //validate state
+    Assert.assertNotNull("spConfig", sp);
+    Assert.assertEquals("BaseId transfare restrication", true, sp.hasBaseIdTransferRestriction());
+    Assert.assertEquals("BaseId process restrication", false, sp.hasBaseIdInternalProcessingRestriction());
+    
+    Assert.assertEquals("req. LoA size", 1, sp.getRequiredLoA().size());
+    Assert.assertEquals("req. LoA", EaafConstants.EIDAS_LOA_HIGH, sp.getRequiredLoA().get(0));
+    Assert.assertEquals("LoA matching mode", 
+        EaafConstants.EIDAS_LOA_MATCHING_MINIMUM, sp.getLoAMatchingMode());
+    
+  }
+  
+  @Test
+  public void loadSpNoBaseIdTransferRestriction() throws EaafException {
+    //check
+    ServiceProviderConfiguration sp = basicConfig.getServiceProviderConfiguration(
+        "https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata", ServiceProviderConfiguration.class);
+        
+    //validate state
+    Assert.assertNotNull("spConfig", sp);
+    Assert.assertNull("bPKTarget already set", sp.getAreaSpecificTargetIdentifier());
+        
+    //validate baseId transfer restriction
+    sp.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_CDID + "ZP");   
+    Assert.assertEquals("BaseId restrication", false, sp.hasBaseIdTransferRestriction());    
+    Assert.assertEquals("bPKTarget", EaafConstants.URN_PREFIX_CDID + "ZP", sp.getAreaSpecificTargetIdentifier());
+    
+    sp.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+123456h");   
+    Assert.assertEquals("BaseId restrication", true, sp.hasBaseIdTransferRestriction());
+    
+  }
+  
+  @Test
+  public void loadSpWithMsSpecificConfig() throws EaafConfigurationException {
+    //check
+    ServiceProviderConfiguration sp = basicConfig.getServiceProviderConfiguration(
+        "https://demo.egiz.gv.at/junit_test", ServiceProviderConfiguration.class);
+        
+    //validate state
+    Assert.assertNotNull("spConfig", sp);
+    Assert.assertEquals("friendlyName", "jUnit test", sp.getFriendlyName());
+    Assert.assertEquals("UniqueId", "https://demo.egiz.gv.at/junit_test", sp.getUniqueIdentifier());
+    Assert.assertEquals("BaseId restrication", true, sp.hasBaseIdTransferRestriction());
+    Assert.assertEquals("generic config value", false, 
+        sp.isConfigurationValue("policy.allowed.requested.targets"));
+    Assert.assertEquals("generic config value", "test", 
+        sp.getConfigurationValue("policy.allowed.requested.targets"));
+    Assert.assertEquals("not_exist_value", "true", sp.getConfigurationValue("not.exist", "true"));
+    
+  }
+}
diff --git a/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/config/MsConnectorMessageSourceTest.java b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/config/MsConnectorMessageSourceTest.java
new file mode 100644
index 00000000..4c9d825d
--- /dev/null
+++ b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/config/MsConnectorMessageSourceTest.java
@@ -0,0 +1,71 @@
+package at.asitplus.eidas.specific.connector.test.config;
+
+import java.security.cert.CertificateException;
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.config.InitializationException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+
+import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+    "/applicationContext.xml",
+    "/spring/SpringTest_connector.beans.xml",
+    "/eaaf_core.beans.xml",
+    "/eaaf_pvp.beans.xml",
+    "/eaaf_pvp_idp.beans.xml",
+    "/spring/SpringTest-context_simple_storage.xml" })
+@WebAppConfiguration
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
+@ActiveProfiles(profiles = {"deprecatedConfig"})
+public class MsConnectorMessageSourceTest {
+
+  /**
+   * jUnit class initializer.
+   * @throws ComponentInitializationException In case of an error
+   * @throws InitializationException In case of an error
+   * @throws CertificateException 
+   * 
+   */
+  @BeforeClass
+  public static void classInitializer() throws InitializationException, 
+      ComponentInitializationException, CertificateException  {
+    final String current = new java.io.File(".").toURI().toString();
+    System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties");
+    
+  }
+  
+  @Autowired
+  private ResourceLoader loader;
+  @Autowired(required = false)
+  private List<IMessageSourceLocation> messageSources;
+
+  @Test
+  public void checkMessageSources() {
+    Assert.assertNotNull("No messageSource", messageSources);
+
+    for (final IMessageSourceLocation messageSource : messageSources) {
+      Assert.assertNotNull("No sourcePath", messageSource.getMessageSourceLocation());
+
+      for (final String el : messageSource.getMessageSourceLocation()) {
+        final Resource messages = loader.getResource(el + ".properties");
+        Assert.assertTrue("Source not exist", messages.exists());
+
+      }
+    }
+  }
+}
diff --git a/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java
new file mode 100644
index 00000000..499c5937
--- /dev/null
+++ b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/controller/ProcessEngineSignalControllerTest.java
@@ -0,0 +1,77 @@
+package at.asitplus.eidas.specific.connector.test.controller;
+
+import java.io.IOException;
+import java.net.URISyntaxException;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+    "/applicationContext.xml",
+    "/spring/SpringTest_connector.beans.xml",
+    "/eaaf_core.beans.xml",
+    "/eaaf_pvp.beans.xml",
+    "/eaaf_pvp_idp.beans.xml",
+    "/spring/SpringTest-context_simple_storage.xml" })
+@ActiveProfiles(profiles = {"deprecatedConfig"})
+@WebAppConfiguration
+public class ProcessEngineSignalControllerTest {
+
+  @Autowired private ProcessEngineSignalController controller;
+  
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+  
+  @BeforeClass
+  public static void classInitializer() {
+    final String current = new java.io.File(".").toURI().toString();
+    System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties");
+    
+  }
+  
+  /**
+   * jUnit test set-up.
+   */
+  @Before
+  public void setUp() throws EaafStorageException, URISyntaxException {
+    httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
+    httpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+     
+  }
+  
+  @Test
+  public void noPendingRequestId() throws IOException, EaafException {
+  //set-up
+    
+    //execute test
+    controller.performGenericAuthenticationProcess(httpReq, httpResp);
+       
+    //validate state
+    Assert.assertEquals("http StatusCode", 302, httpResp.getStatus());
+    Assert.assertNotNull("redirect header", httpResp.getHeaderValue("Location"));
+    Assert.assertTrue("wrong redirect header", 
+        httpResp.getHeader("Location").startsWith("http://localhost/public/secure/errorHandling?errorid="));
+  
+  }
+  
+  
+}
diff --git a/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java
new file mode 100644
index 00000000..a9612297
--- /dev/null
+++ b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java
@@ -0,0 +1,337 @@
+package at.asitplus.eidas.specific.connector.test.saml2;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.time.Instant;
+import java.util.List;
+import java.util.Timer;
+
+import javax.xml.transform.TransformerException;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.config.InitializationException;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.MarshallingException;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.metadata.resolver.impl.ResourceBackedMetadataResolver;
+import org.opensaml.saml.saml2.core.RequestAbstractType;
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator;
+import org.opensaml.security.credential.Credential;
+import org.opensaml.security.x509.BasicX509Credential;
+import org.opensaml.xmlsec.signature.support.SignatureException;
+import org.opensaml.xmlsec.signature.support.SignatureValidator;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.util.Base64Utils;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint;
+import at.asitplus.eidas.specific.connector.provider.PvpEndPointCredentialProvider;
+import at.asitplus.eidas.specific.connector.provider.PvpMetadataProvider;
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequestStorage;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.xml.XMLParserException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+    "/applicationContext.xml",
+    "/spring/SpringTest_connector.beans.xml",
+    "/eaaf_core.beans.xml",
+    "/eaaf_pvp.beans.xml",
+    "/eaaf_pvp_idp.beans.xml",
+    "/spring/SpringTest-context_simple_storage.xml" })
+@ActiveProfiles(profiles = {"deprecatedConfig"})
+@WebAppConfiguration
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
+public class Pvp2SProfileEndPointTest {
+
+
+  @Autowired private Pvp2SProfileEndpoint controller;
+  @Autowired private PvpEndPointCredentialProvider credentialProvider;
+  @Autowired private PvpMetadataProvider metadataProvider;
+  @Autowired private ResourceLoader resourceLoader;
+  @Autowired private IRequestStorage storage;
+
+  private static CertificateFactory fact;
+
+
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+
+
+  /**
+   * jUnit class initializer.
+   * @throws ComponentInitializationException In case of an error
+   * @throws InitializationException In case of an error
+   * @throws CertificateException
+   *
+   */
+  @BeforeClass
+  public static void classInitializer() throws InitializationException,
+      ComponentInitializationException, CertificateException  {
+    final String current = new java.io.File(".").toURI().toString();
+    System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties");
+
+    EaafOpenSaml3xInitializer.eaafInitialize();
+
+    fact = CertificateFactory.getInstance("X.509");
+
+  }
+
+  /**
+   * jUnit test set-up.
+   * @throws EaafException
+   *
+   */
+  @Before
+  public void initialize() throws EaafException {
+    httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+    httpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+  }
+
+  @Test
+  public void authnReqWrongEndpoint() throws EaafException, XMLParserException, UnmarshallingException,
+      UnsupportedEncodingException, TransformerException, IOException, MarshallingException,
+      ComponentInitializationException {
+    //initialize test
+    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_3.xml"));
+    authnReq.setIssueInstant(Instant.now());    
+    RequestAbstractType signedAuthnReq = 
+        Saml2Utils.signSamlObject(authnReq, credentialProvider.getMetaDataSigningCredential(), true);           
+    String b64 = Base64Utils.encodeToString(DomUtils.serializeNode(
+          XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8"));
+    httpReq.setParameter("SAMLRequest", b64);
+
+    final org.springframework.core.io.Resource resource = resourceLoader.getResource(
+        "classpath:/data/metadata_valid.xml");
+    Timer timer = new Timer("PVP metadata-resolver refresh");
+    ResourceBackedMetadataResolver fileSystemResolver =
+        new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource));
+    fileSystemResolver.setId("test");
+    fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
+    fileSystemResolver.initialize();
+    metadataProvider.addMetadataResolverIntoChain(fileSystemResolver);
+
+
+    //request SAML2 authentication
+    try {
+      controller.pvpIdpPostRequest(httpReq, httpResp);
+      Assert.fail("wrong AuthnRequest not detected");
+
+    }catch (EaafException e) {
+      Assert.assertEquals("wrong errorId", "pvp2.22", e.getErrorId());
+
+    }
+  }
+
+  @Test
+  public void authnReqWrongSigned() throws EaafException, XMLParserException, UnmarshallingException,
+      UnsupportedEncodingException, TransformerException, IOException, MarshallingException,
+      ComponentInitializationException {
+    //initialize test
+    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_1.xml"));
+    authnReq.setIssueInstant(Instant.now());    
+    RequestAbstractType signedAuthnReq = 
+        Saml2Utils.signSamlObject(authnReq, credentialProvider.getMetaDataSigningCredential(), true);           
+    String b64 = Base64Utils.encodeToString(DomUtils.serializeNode(
+          XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8"));
+    httpReq.setParameter("SAMLRequest", b64);
+
+    final org.springframework.core.io.Resource resource = resourceLoader.getResource(
+        "classpath:/data/metadata_valid.xml");
+    Timer timer = new Timer("PVP metadata-resolver refresh");
+    ResourceBackedMetadataResolver fileSystemResolver =
+        new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource));
+    fileSystemResolver.setId("test");
+    fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
+    fileSystemResolver.initialize();
+    metadataProvider.addMetadataResolverIntoChain(fileSystemResolver);
+
+
+    //request SAML2 authentication
+    try {
+      controller.pvpIdpPostRequest(httpReq, httpResp);
+      Assert.fail("wrong AuthnRequest not detected");
+
+    }catch (EaafException e) {
+      Assert.assertEquals("wrong errorId", "pvp2.21", e.getErrorId());
+
+    }
+  }
+
+  @Test
+  public void authnReqMetadataExpired() throws EaafException, XMLParserException, UnmarshallingException,
+      UnsupportedEncodingException, TransformerException, IOException, MarshallingException,
+      ComponentInitializationException {
+    //initialize test
+    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_1.xml"));
+    authnReq.setIssueInstant(Instant.now());    
+    RequestAbstractType signedAuthnReq = 
+        Saml2Utils.signSamlObject(authnReq, credentialProvider.getMetaDataSigningCredential(), true);           
+    String b64 = Base64Utils.encodeToString(DomUtils.serializeNode(
+          XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8"));
+    httpReq.setParameter("SAMLRequest", b64);
+
+    final org.springframework.core.io.Resource resource = resourceLoader.getResource(
+        "classpath:/data/metadata_expired.xml");
+    Timer timer = new Timer("PVP metadata-resolver refresh");
+    ResourceBackedMetadataResolver fileSystemResolver =
+        new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource));
+    fileSystemResolver.setId("test");
+    fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
+    fileSystemResolver.initialize();
+    metadataProvider.addMetadataResolverIntoChain(fileSystemResolver);
+
+
+    //request SAML2 authentication
+    try {
+      controller.pvpIdpPostRequest(httpReq, httpResp);
+      Assert.fail("wrong AuthnRequest not detected");
+
+    }catch (EaafException e) {
+      Assert.assertEquals("wrong errorId", "pvp2.21", e.getErrorId());
+
+    }
+  }
+
+  @Test
+  public void authnReqValid() throws EaafException, XMLParserException, UnmarshallingException,
+      UnsupportedEncodingException, TransformerException, IOException, MarshallingException,
+      ComponentInitializationException {
+    //initialize test
+    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_1.xml"));
+    authnReq.setIssueInstant(Instant.now());    
+    RequestAbstractType signedAuthnReq = 
+        Saml2Utils.signSamlObject(authnReq, credentialProvider.getMessageSigningCredential(), true);           
+    String b64 = Base64Utils.encodeToString(DomUtils.serializeNode(
+          XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8"));
+    httpReq.setParameter("SAMLRequest", b64);
+
+    final org.springframework.core.io.Resource resource = resourceLoader.getResource(
+        "classpath:/data/metadata_valid.xml");
+    Timer timer = new Timer("PVP metadata-resolver refresh");
+    ResourceBackedMetadataResolver fileSystemResolver =
+        new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource));
+    fileSystemResolver.setId("test");
+    fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
+    fileSystemResolver.initialize();
+    metadataProvider.addMetadataResolverIntoChain(fileSystemResolver);
+
+
+    //request SAML2 authentication
+    controller.pvpIdpPostRequest(httpReq, httpResp);
+
+
+    //validate state
+    Assert.assertEquals("http statuscode", 200, httpResp.getStatus());
+    Assert.assertEquals("Wrong http ContentType", "text/html;charset=UTF-8", httpResp.getContentType());
+
+    String html = httpResp.getContentAsString();
+    Assert.assertNotNull("html result is null", html);
+    Assert.assertFalse("html result is empty", html.isEmpty());
+    Assert.assertTrue("Wrong page", html.contains("action=\"/myHomeCountry\""));
+
+    String pattern = "<input type=\"hidden\" name=\"pendingid\" value=\"";
+    int pendingIdStart = html.indexOf(pattern) + pattern.length();
+    int pendingIdEnd = html.indexOf("\"", pendingIdStart);
+    String pendingReqId = html.substring(pendingIdStart, pendingIdEnd);
+    Assert.assertFalse("pendingReqId is empty", pendingReqId.isEmpty());
+
+    IRequest pendingReq = storage.getPendingRequest(pendingReqId);
+    Assert.assertNotNull("pendingReq", pendingReq);
+    Assert.assertNotNull("piiTransId", pendingReq.getUniquePiiTransactionIdentifier());
+    Assert.assertNotNull("piiTransId", pendingReq.getUniqueTransactionIdentifier());
+
+    Assert.assertEquals("wrong OA Id", "https://demo.egiz.gv.at/demoportal-openID_demo",
+        pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class));
+    Assert.assertEquals("wrong bPK Target", "urn:publicid:gv.at:cdid+BF",
+        pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+
+
+  }
+
+  @Test
+  public void checkSaml2Metadata() throws EaafException, UnsupportedEncodingException, XMLParserException,
+      UnmarshallingException, CertificateException, SignatureException {
+
+    //request SAML2 Metadata
+    controller.pvpMetadataRequest(httpReq, httpResp);
+
+    //validate state
+    Assert.assertEquals("http statuscode", 200, httpResp.getStatus());
+    Assert.assertEquals("Wrong http ContentType", "application/xml", httpResp.getContentType());
+
+    String html = httpResp.getContentAsString();
+    Assert.assertNotNull("html result is null", html);
+    Assert.assertFalse("html result is empty", html.isEmpty());
+
+
+    final EntityDescriptor entity = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        new ByteArrayInputStream(html.getBytes("UTF-8")));
+
+    Assert.assertNotNull("Unmarshalling failed", entity);
+    Assert.assertNotNull("EntityId is null", entity.getEntityID());
+
+    Assert.assertNotNull("Signature is null", entity.getSignature());
+    final SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
+    sigValidator.validate(entity.getSignature());
+
+    final Credential cred = new BasicX509Credential((X509Certificate) fact.generateCertificate(
+        Pvp2SProfileEndPointTest.class.getResourceAsStream("/config/keys/Metadata.pem")));
+    SignatureValidator.validate(entity.getSignature(), cred);
+
+    Assert.assertEquals("wrong entityId", "http://localhost/pvp/metadata", entity.getEntityID());
+    Assert.assertNotNull("IDPSSODescr", entity.getRoleDescriptors(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
+    Assert.assertNotNull("SPSSODescr", entity.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
+    Assert.assertEquals("SPSSODescr. size", 0,
+        entity.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME).size());
+
+    List<RoleDescriptor> idp = entity.getRoleDescriptors(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+    Assert.assertEquals("IDP descr. size", 1, idp.size());
+    Assert.assertEquals("IDP descr. endpoints", 2, idp.get(0).getEndpoints().size());
+    Assert.assertEquals("IDP descr. keyDescr", 1, idp.get(0).getKeyDescriptors().size());
+
+  }
+
+}
diff --git a/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/task/EvaluateCountrySelectionTaskTest.java b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/task/EvaluateCountrySelectionTaskTest.java
new file mode 100644
index 00000000..abfc60ff
--- /dev/null
+++ b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/task/EvaluateCountrySelectionTaskTest.java
@@ -0,0 +1,193 @@
+package at.asitplus.eidas.specific.connector.test.task;
+
+import java.io.UnsupportedEncodingException;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.i18n.LocaleContextHolder;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import at.asitplus.eidas.specific.connector.processes.tasks.EvaluateCountrySelectionTask;
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+    "/applicationContext.xml",
+    "/spring/SpringTest_connector.beans.xml",
+    "/eaaf_core.beans.xml",
+    "/eaaf_pvp.beans.xml",
+    "/eaaf_pvp_idp.beans.xml",
+    "/spring/SpringTest-context_simple_storage.xml" })
+@ActiveProfiles(profiles = {"deprecatedConfig"})
+@WebAppConfiguration
+public class EvaluateCountrySelectionTaskTest {
+
+  @Autowired private EvaluateCountrySelectionTask task;
+  
+  private ExecutionContextImpl executionContext = new ExecutionContextImpl();
+  private TestRequestImpl pendingReq;
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+  
+  /**
+   * jUnit class initializer.
+   * 
+   */
+  @BeforeClass
+  public static void classInitializer() {
+    final String current = new java.io.File(".").toURI().toString();
+    System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties");
+    
+  }
+  
+  /**
+   * jUnit test set-up.
+   * 
+   */
+  @Before
+  public void initialize() {
+    httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+    httpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+    
+    pendingReq = new TestRequestImpl();
+    pendingReq.setAuthUrl("https://localhost/ms_connector");
+    pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+    
+    LocaleContextHolder.resetLocaleContext();
+  }
+  
+  @Test
+  public void withoutCountrySelection() throws TaskExecutionException, UnsupportedEncodingException {            
+    
+    
+    task.execute(pendingReq, executionContext);
+    
+    //result validation
+    Assert.assertFalse("wrong pendingReq auth flag", pendingReq.isAuthenticated());
+    Assert.assertFalse("wrong process-cancelled flag", executionContext.isProcessCancelled());
+    Assert.assertEquals("wrong change-language flag", false, 
+        executionContext.get(EaafConstants.PROCESSCONTEXT_SWITCH_LANGUAGE));
+    Assert.assertNull("Country-selection found", 
+        executionContext.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY));
+    Assert.assertNull("Environment-selection found", 
+        executionContext.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT));
+        
+  }
+  
+  @Test
+  public void withCountrySelection() throws TaskExecutionException, UnsupportedEncodingException {            
+    String ccc = RandomStringUtils.randomAlphabetic(2);
+    httpReq.setParameter(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, ccc);
+    
+    task.execute(pendingReq, executionContext);
+    
+    //result validation
+    Assert.assertFalse("wrong pendingReq auth flag", pendingReq.isAuthenticated());
+    Assert.assertFalse("wrong process-cancelled flag", executionContext.isProcessCancelled());
+    Assert.assertEquals("wrong change-language flag", false, 
+        executionContext.get(EaafConstants.PROCESSCONTEXT_SWITCH_LANGUAGE));
+    Assert.assertNotNull("no Country-selection found", 
+        executionContext.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY));
+    Assert.assertEquals("Wrong country found", ccc, 
+        executionContext.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY));
+    
+    Assert.assertNull("Environment-selection found", 
+        executionContext.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT));
+        
+  }
+  
+  @Test
+  public void withCountrySelectionAndEnvironment() 
+      throws TaskExecutionException, UnsupportedEncodingException {            
+    String ccc = RandomStringUtils.randomAlphabetic(2);
+    String environment = RandomStringUtils.randomAlphabetic(5);
+    httpReq.setParameter(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, ccc);
+    httpReq.setParameter(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT, environment);
+    
+    task.execute(pendingReq, executionContext);
+    
+    //result validation
+    Assert.assertFalse("wrong pendingReq auth flag", pendingReq.isAuthenticated());
+    Assert.assertFalse("wrong process-cancelled flag", executionContext.isProcessCancelled());
+    Assert.assertEquals("wrong change-language flag", false, 
+        executionContext.get(EaafConstants.PROCESSCONTEXT_SWITCH_LANGUAGE));
+    Assert.assertNotNull("no Country-selection found", 
+        executionContext.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY));
+    Assert.assertEquals("Wrong country found", ccc, 
+        executionContext.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY));
+    
+    Assert.assertNotNull("No environment-selection found", 
+        executionContext.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT));
+    Assert.assertEquals("Wrong environment-selection", environment, 
+        executionContext.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT));
+        
+  }
+  
+  @Test
+  public void withCountrySelectionAndEnvironmentAndLangSelection() 
+      throws TaskExecutionException, UnsupportedEncodingException {            
+    String ccc = RandomStringUtils.randomAlphabetic(2);
+    String environment = RandomStringUtils.randomAlphabetic(5);
+    String lang = RandomStringUtils.randomAlphabetic(2);
+    httpReq.setParameter(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, ccc);
+    httpReq.setParameter(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT, environment);
+    httpReq.setParameter(AbstractLocaleAuthServletTask.PROP_REQ_PARAM_LOCALE, lang);
+    
+    task.execute(pendingReq, executionContext);
+    
+    //result validation
+    Assert.assertFalse("wrong pendingReq auth flag", pendingReq.isAuthenticated());
+    Assert.assertFalse("wrong process-cancelled flag", executionContext.isProcessCancelled());
+    Assert.assertEquals("wrong change-language flag", true, 
+        executionContext.get(EaafConstants.PROCESSCONTEXT_SWITCH_LANGUAGE));
+    Assert.assertNull("Country-selection found", 
+        executionContext.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY));
+    Assert.assertNull("Environment-selection found", 
+        executionContext.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT));
+        
+  }
+  
+  @Test
+  public void withCountrySelectionAndEnvironmentAndStopSelection() 
+      throws TaskExecutionException, UnsupportedEncodingException {            
+    String ccc = RandomStringUtils.randomAlphabetic(2);
+    String environment = RandomStringUtils.randomAlphabetic(5);
+    httpReq.setParameter(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, ccc);
+    httpReq.setParameter(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT, environment);
+    httpReq.setParameter(EaafConstants.PARAM_HTTP_STOP_PROCESS, "true");
+    
+    task.execute(pendingReq, executionContext);
+    
+    //result validation
+    Assert.assertTrue("wrong process-cancelled flag", executionContext.isProcessCancelled());
+    Assert.assertTrue("wrong pendingReq stop flag", pendingReq.isAbortedByUser());
+    Assert.assertFalse("wrong pendingReq auth flag", pendingReq.isAuthenticated());
+    
+    Assert.assertEquals("wrong change-language flag", false, 
+        executionContext.get(EaafConstants.PROCESSCONTEXT_SWITCH_LANGUAGE));
+    Assert.assertNull("Country-selection found", 
+        executionContext.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY));
+    Assert.assertNull("Environment-selection found", 
+        executionContext.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT));
+        
+  }
+}
diff --git a/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/task/GenerateCountrySelectionFrameBmiTemplateTest.java b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/task/GenerateCountrySelectionFrameBmiTemplateTest.java
new file mode 100644
index 00000000..491dfa81
--- /dev/null
+++ b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/task/GenerateCountrySelectionFrameBmiTemplateTest.java
@@ -0,0 +1,110 @@
+package at.asitplus.eidas.specific.connector.test.task;
+
+import java.io.UnsupportedEncodingException;
+import java.util.Locale;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.i18n.LocaleContextHolder;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import at.asitplus.eidas.specific.connector.processes.tasks.GenerateCountrySelectionFrameTask;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+    "/applicationContext.xml",
+    "/spring/SpringTest_connector.beans.xml",
+    "/eaaf_core.beans.xml",
+    "/eaaf_pvp.beans.xml",
+    "/eaaf_pvp_idp.beans.xml",
+    "/spring/SpringTest-context_simple_storage.xml" })
+@ActiveProfiles(profiles = {"deprecatedConfig"})
+@WebAppConfiguration
+public class GenerateCountrySelectionFrameBmiTemplateTest {
+
+  @Autowired private GenerateCountrySelectionFrameTask task;
+  
+  private ExecutionContextImpl executionContext = new ExecutionContextImpl();
+  private TestRequestImpl pendingReq;
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+  
+  /**
+   * jUnit class initializer.
+   * 
+   */
+  @BeforeClass
+  public static void classInitializer() {
+    final String current = new java.io.File(".").toURI().toString();
+    System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1_bmi.properties");    
+    Locale.setDefault(Locale.ENGLISH);
+    
+  }
+  
+  /**
+   * jUnit test set-up.
+   * 
+   */
+  @Before
+  public void initialize() {
+    httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+    httpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+    
+    pendingReq = new TestRequestImpl();
+    pendingReq.setAuthUrl("https://localhost/ms_connector");
+    pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+    
+    Locale.setDefault(Locale.ENGLISH);
+    LocaleContextHolder.resetLocaleContext();
+    LocaleContextHolder.setDefaultLocale(Locale.ENGLISH);
+    
+  }
+  
+  @Test
+  public void validHtmlResponseWithDE() throws TaskExecutionException, UnsupportedEncodingException {    
+    LocaleContextHolder.setLocale(Locale.GERMAN);
+    httpReq.addHeader("Accept-Language", "de");
+    
+    task.execute(pendingReq, executionContext);
+    
+    //result validation
+    String html = doBasicValidation();
+    
+    Assert.assertTrue("No english text", 
+        html.contains("Information zur Anmeldung über Europäische eIDs"));
+    
+  }
+    
+  private String doBasicValidation() throws UnsupportedEncodingException {
+    Assert.assertEquals("Wrong http StatusCode", 200, httpResp.getStatus());
+    Assert.assertEquals("Wrong http ContentType", "text/html;charset=UTF-8", httpResp.getContentType());
+    
+    String html = httpResp.getContentAsString();
+    Assert.assertNotNull("html result is null", html);
+    Assert.assertFalse("html result is empty", html.isEmpty());    
+    Assert.assertTrue("No language selector with pendingRequestId", 
+        html.contains("/myHomeCountry?pendingid=" + pendingReq.getPendingRequestId()));
+    Assert.assertTrue("No country-selection form", 
+        html.contains("<form class=\"block\" method=\"post\" action=\"/myHomeCountry\">"));
+        
+    return html;
+    
+  }
+}
diff --git a/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/task/GenerateCountrySelectionFrameTaskTest.java b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/task/GenerateCountrySelectionFrameTaskTest.java
new file mode 100644
index 00000000..746c8375
--- /dev/null
+++ b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/task/GenerateCountrySelectionFrameTaskTest.java
@@ -0,0 +1,157 @@
+package at.asitplus.eidas.specific.connector.test.task;
+
+import java.io.UnsupportedEncodingException;
+import java.util.Locale;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.i18n.LocaleContextHolder;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import at.asitplus.eidas.specific.connector.processes.tasks.GenerateCountrySelectionFrameTask;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+    "/applicationContext.xml",
+    "/spring/SpringTest_connector.beans.xml",
+    "/eaaf_core.beans.xml",
+    "/eaaf_pvp.beans.xml",
+    "/eaaf_pvp_idp.beans.xml",
+    "/spring/SpringTest-context_simple_storage.xml" })
+@ActiveProfiles(profiles = {"deprecatedConfig"})
+@WebAppConfiguration
+public class GenerateCountrySelectionFrameTaskTest {
+
+  @Autowired private GenerateCountrySelectionFrameTask task;
+  
+  private ExecutionContextImpl executionContext = new ExecutionContextImpl();
+  private TestRequestImpl pendingReq;
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+  
+  /**
+   * jUnit class initializer.
+   * 
+   */
+  @BeforeClass
+  public static void classInitializer() {
+    final String current = new java.io.File(".").toURI().toString();
+    System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties");    
+    Locale.setDefault(Locale.ENGLISH);
+    
+  }
+  
+  /**
+   * jUnit test set-up.
+   * 
+   */
+  @Before
+  public void initialize() {
+    httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+    httpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+    
+    pendingReq = new TestRequestImpl();
+    pendingReq.setAuthUrl("https://localhost/ms_connector");
+    pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+    
+    Locale.setDefault(Locale.ENGLISH);
+    LocaleContextHolder.resetLocaleContext();
+    LocaleContextHolder.setDefaultLocale(Locale.ENGLISH);
+    
+  }
+  
+  @Ignore
+  @Test
+  public void validHtmlResponseWithOutLocale() throws TaskExecutionException, UnsupportedEncodingException {    
+    
+    task.execute(pendingReq, executionContext);
+    
+    //result validation
+    String html = doBasicValidation();
+    
+    Assert.assertTrue("No english text", 
+        html.contains("Information on Logins with European eIDs"));
+    
+  }
+  
+  @Test
+  public void validHtmlResponseWithDE() throws TaskExecutionException, UnsupportedEncodingException {    
+    LocaleContextHolder.setLocale(Locale.GERMAN);
+    httpReq.addHeader("Accept-Language", "de");
+    
+    task.execute(pendingReq, executionContext);
+    
+    //result validation
+    String html = doBasicValidation();
+    
+    Assert.assertTrue("No english text", 
+        html.contains("Information zur Anmeldung über Europäische eIDs"));
+    
+  }
+  
+  @Ignore
+  @Test
+  public void validHtmlResponseWithEN() throws TaskExecutionException, UnsupportedEncodingException {    
+    LocaleContextHolder.setLocale(Locale.ENGLISH);
+    
+    task.execute(pendingReq, executionContext);
+    
+    //result validation
+    String html = doBasicValidation();
+    
+    Assert.assertTrue("No english text", 
+        html.contains("Information on Logins with European eIDs"));
+    
+  }
+  
+  @Ignore
+  @Test
+  public void validHtmlResponseWithFR() throws TaskExecutionException, UnsupportedEncodingException {    
+    LocaleContextHolder.setDefaultLocale(null);
+    LocaleContextHolder.setLocale(Locale.FRANCE);
+    httpReq.addHeader("Accept-Language", "fr");
+    
+    task.execute(pendingReq, executionContext);
+    
+    //result validation
+    String html = doBasicValidation();
+    
+    Assert.assertTrue("No france text", 
+        html.contains("Information on Logins with European eIDs"));
+    
+  }
+  
+  private String doBasicValidation() throws UnsupportedEncodingException {
+    Assert.assertEquals("Wrong http StatusCode", 200, httpResp.getStatus());
+    Assert.assertEquals("Wrong http ContentType", "text/html;charset=UTF-8", httpResp.getContentType());
+    
+    String html = httpResp.getContentAsString();
+    Assert.assertNotNull("html result is null", html);
+    Assert.assertFalse("html result is empty", html.isEmpty());    
+    Assert.assertTrue("No language selector with pendingRequestId", 
+        html.contains("/myHomeCountry?pendingid=" + pendingReq.getPendingRequestId()));
+    Assert.assertTrue("No country-selection form", 
+        html.contains("<form class=\"block\" method=\"post\" action=\"/myHomeCountry\">"));
+        
+    return html;
+    
+  }
+}
diff --git a/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java
new file mode 100644
index 00000000..ea163e61
--- /dev/null
+++ b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthnRequestValidatorTest.java
@@ -0,0 +1,336 @@
+package at.asitplus.eidas.specific.connector.test.utils;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.config.InitializationException;
+import org.opensaml.core.xml.io.Unmarshaller;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PvpSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+    "/applicationContext.xml",
+    "/spring/SpringTest_connector.beans.xml",
+    "/eaaf_core.beans.xml",
+    "/eaaf_pvp.beans.xml",
+    "/eaaf_pvp_idp.beans.xml",
+    "/spring/SpringTest-context_simple_storage.xml"})
+@ActiveProfiles(profiles = {"deprecatedConfig"})
+@WebAppConfiguration
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
+public class AuthnRequestValidatorTest {
+
+  @Autowired private IConfigurationWithSP basicConfig;
+  @Autowired protected IAuthnRequestPostProcessor authRequestValidator;
+  
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+  private PvpSProfilePendingRequest pendingReq;
+  
+  /**
+   * jUnit class initializer.
+   * @throws ComponentInitializationException In case of an error
+   * @throws InitializationException In case of an error
+   * 
+   */
+  @BeforeClass
+  public static void classInitializer() throws InitializationException, ComponentInitializationException  {
+    final String current = new java.io.File(".").toURI().toString();
+    System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties");
+    
+    EaafOpenSaml3xInitializer.eaafInitialize();
+  }
+  
+  /**
+   * jUnit test set-up.
+   * @throws EaafException 
+   * 
+   */
+  @Before
+  public void initialize() throws EaafException {
+    httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+    httpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+    
+    Map<String, String> spConfig = new HashMap<>();
+    spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphabetic(10));
+    
+    pendingReq = new PvpSProfilePendingRequest();
+    pendingReq.initialize(httpReq, basicConfig);
+    pendingReq.setPendingRequestId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setOnlineApplicationConfiguration(new ServiceProviderConfiguration(spConfig, basicConfig));    
+    ((RequestImpl)pendingReq).setUniqueTransactionIdentifier(null);
+    
+  }
+  
+  @Test
+  public void loaLowRequested() throws AuthnRequestValidatorException, ParserConfigurationException, 
+      SAXException, IOException, UnmarshallingException {
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_1.xml");
+    
+    //test
+    authRequestValidator.process(httpReq, pendingReq, authReq, null);
+        
+    //validate
+    Assert.assertNotNull("spEntityId is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID));
+    Assert.assertEquals("SP EntityId not match", 
+        "https://demo.egiz.gv.at/demoportal-openID_demo", 
+        pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID));
+    
+    Assert.assertNotNull("SP ProviderName  is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME));
+    Assert.assertEquals("SP ProviderName not match", 
+        "OpenID Connect Demo", 
+        pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME));
+    
+    Assert.assertNotNull("Requested SP LoA is null", 
+        pendingReq.getServiceProviderConfiguration().getRequiredLoA());
+    Assert.assertFalse("Requested SP LoA is null", 
+        pendingReq.getServiceProviderConfiguration().getRequiredLoA().isEmpty());
+    Assert.assertEquals("SP LoA count not match", 1, 
+        pendingReq.getServiceProviderConfiguration().getRequiredLoA().size());
+    Assert.assertEquals("SP LoA  not match", 
+        "http://eidas.europa.eu/LoA/substantial", 
+        pendingReq.getServiceProviderConfiguration().getRequiredLoA().get(0));
+    
+    Assert.assertNotNull("bPK Target is null", 
+        pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+    Assert.assertEquals("bPK target not match", "urn:publicid:gv.at:cdid+BF", 
+        pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+        
+    Assert.assertNull("wrong transactionId", pendingReq.getUniqueTransactionIdentifier());
+    
+  }
+  
+  @Test
+  public void loaSubstentialRequested() throws AuthnRequestValidatorException, ParserConfigurationException, 
+      SAXException, IOException, UnmarshallingException {
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_2.xml");
+    
+    //test
+    authRequestValidator.process(httpReq, pendingReq, authReq, null);
+        
+    //validate
+    Assert.assertNotNull("spEntityId is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID));
+    Assert.assertEquals("SP EntityId not match", 
+        "https://demo.egiz.gv.at/demoportal-openID_demo", 
+        pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID));
+    
+    Assert.assertNotNull("SP ProviderName  is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME));
+    Assert.assertEquals("SP ProviderName not match", 
+        "OpenID Connect Demo", 
+        pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME));
+    
+    Assert.assertNotNull("Requested SP LoA is null", 
+        pendingReq.getServiceProviderConfiguration().getRequiredLoA());
+    Assert.assertFalse("Requested SP LoA is null", 
+        pendingReq.getServiceProviderConfiguration().getRequiredLoA().isEmpty());
+    Assert.assertEquals("SP LoA count not match", 1, 
+        pendingReq.getServiceProviderConfiguration().getRequiredLoA().size());
+    Assert.assertEquals("SP LoA  not match", 
+        "http://eidas.europa.eu/LoA/substantial", 
+        pendingReq.getServiceProviderConfiguration().getRequiredLoA().get(0));
+    
+    Assert.assertNotNull("bPK Target is null", 
+        pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+    Assert.assertEquals("bPK target not match", "urn:publicid:gv.at:cdid+BF", 
+        pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+        
+    Assert.assertNull("wrong transactionId", pendingReq.getUniqueTransactionIdentifier());
+    
+  }
+  
+  @Test
+  public void loaHighRequested() throws AuthnRequestValidatorException, ParserConfigurationException, 
+      SAXException, IOException, UnmarshallingException {
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_3.xml");
+    
+    //test
+    authRequestValidator.process(httpReq, pendingReq, authReq, null);
+        
+    //validate
+    Assert.assertNotNull("spEntityId is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID));
+    Assert.assertEquals("SP EntityId not match", 
+        "https://demo.egiz.gv.at/demoportal-openID_demo", 
+        pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID));
+    
+    Assert.assertNotNull("SP ProviderName  is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME));
+    Assert.assertEquals("SP ProviderName not match", 
+        "OpenID Connect Demo", 
+        pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME));
+    
+    Assert.assertNotNull("Requested SP LoA is null", 
+        pendingReq.getServiceProviderConfiguration().getRequiredLoA());
+    Assert.assertFalse("Requested SP LoA is null", 
+        pendingReq.getServiceProviderConfiguration().getRequiredLoA().isEmpty());
+    Assert.assertEquals("SP LoA count not match", 1, 
+        pendingReq.getServiceProviderConfiguration().getRequiredLoA().size());
+    Assert.assertEquals("SP LoA  not match", 
+        "http://eidas.europa.eu/LoA/high", 
+        pendingReq.getServiceProviderConfiguration().getRequiredLoA().get(0));
+    
+    Assert.assertNotNull("bPK Target is null", 
+        pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+    Assert.assertEquals("bPK target not match", "urn:publicid:gv.at:cdid+XX", 
+        pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+        
+    Assert.assertEquals("wrong transactionId", "transId_11223344556677aabbcc", 
+        pendingReq.getUniqueTransactionIdentifier());
+   
+    Assert.assertEquals("wrong binding pubkey", "binding_pubKey_1144225247125dsfasfasdf", 
+        pendingReq.getRawData(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, String.class));
+    
+    
+    
+  }
+  
+  @Test
+  public void transactionIdWrongPendingReqType() throws AuthnRequestValidatorException, ParserConfigurationException, 
+      SAXException, IOException, UnmarshallingException {
+    
+    Map<String, String> spConfig = new HashMap<>();
+    spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphabetic(10));
+    
+    TestRequestImpl pendingReqLocal = new TestRequestImpl();
+    pendingReqLocal.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReqLocal.setSpConfig(new ServiceProviderConfiguration(spConfig, basicConfig));    
+    
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_3.xml");
+    
+    //test
+    authRequestValidator.process(httpReq, pendingReqLocal, authReq, null);
+        
+    //validate
+    Assert.assertNull("wrong transactionId", pendingReqLocal.getUniqueTransactionIdentifier());
+    
+  }
+  
+  @Test
+  public void invalidBpkTarget_1() throws ParserConfigurationException, 
+      SAXException, IOException, UnmarshallingException {
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_4.xml");
+    
+    //test
+    try {
+      authRequestValidator.process(httpReq, pendingReq, authReq, null);
+      Assert.fail("Invalid or missing bPK target not detected");
+      
+    } catch (AuthnRequestValidatorException e) {
+      Assert.assertEquals("Wrong errorCode", "pvp2.22", e.getErrorId());
+            
+    }              
+  }
+  
+  @Test
+  public void invalidBpkTarget_2() throws ParserConfigurationException, 
+      SAXException, IOException, UnmarshallingException {
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_5.xml");
+    
+    //test
+    try {
+      authRequestValidator.process(httpReq, pendingReq, authReq, null);
+      Assert.fail("Invalid or missing bPK target not detected");
+      
+    } catch (AuthnRequestValidatorException e) {
+      Assert.assertEquals("Wrong errorCode", "pvp2.22", e.getErrorId());
+      
+    }              
+  }
+  
+  @Test
+  public void invalidBpkTarget_3() throws ParserConfigurationException, 
+      SAXException, IOException, UnmarshallingException {
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_6.xml");
+    
+    //test
+    try {
+      authRequestValidator.process(httpReq, pendingReq, authReq, null);
+      Assert.fail("Invalid or missing bPK target not detected");
+      
+    } catch (AuthnRequestValidatorException e) {
+      Assert.assertEquals("Wrong errorCode", "pvp2.22", e.getErrorId());
+      
+    }              
+  }
+  
+  @Test
+  public void invalidBpkTarget_4() throws ParserConfigurationException, 
+      SAXException, IOException, UnmarshallingException {
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_7.xml");
+    
+    //test
+    try {
+      authRequestValidator.process(httpReq, pendingReq, authReq, null);
+      Assert.fail("Invalid or missing bPK target not detected");
+      
+    } catch (AuthnRequestValidatorException e) {
+      Assert.assertEquals("Wrong errorCode", "pvp2.22", e.getErrorId());
+      
+    }              
+  }
+  
+  @Test
+  public void invalidBpkTarget_5() throws ParserConfigurationException, 
+      SAXException, IOException, UnmarshallingException {
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_8.xml");
+    
+    //test
+    try {
+      authRequestValidator.process(httpReq, pendingReq, authReq, null);
+      Assert.fail("Invalid or missing bPK target not detected");
+      
+    } catch (AuthnRequestValidatorException e) {
+      Assert.assertEquals("Wrong errorCode", "pvp2.22", e.getErrorId());
+      
+    }              
+  }
+  
+  
+  private AuthnRequest getAuthRequest(String resource) throws 
+      ParserConfigurationException, SAXException, IOException, UnmarshallingException {
+    final Element authBlockDom =
+        DomUtils.parseXmlValidating(AuthnRequestValidatorTest.class.getResourceAsStream(resource));
+
+    final Unmarshaller unmarshaller = XMLObjectSupport.getUnmarshaller(authBlockDom);
+    return (AuthnRequest) unmarshaller.unmarshall(authBlockDom);
+    
+  }
+}
diff --git a/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/CountrySelectionProcessImplTest.java b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/CountrySelectionProcessImplTest.java
new file mode 100644
index 00000000..7d82c120
--- /dev/null
+++ b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/CountrySelectionProcessImplTest.java
@@ -0,0 +1,120 @@
+package at.asitplus.eidas.specific.connector.test.utils;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.asitplus.eidas.specific.connector.processes.CountrySelectionProcessImpl;
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/spring/SpringTest-context_basic_test.xml")
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
+public class CountrySelectionProcessImplTest {
+
+  @Autowired ModuleRegistration moduleReg; 
+  @Autowired ResourceLoader loader;
+  
+  private final ExecutionContext executionContext = new ExecutionContextImpl();
+  private DummySpConfiguration oaParam;
+  private TestRequestImpl pendingReq;
+  private CountrySelectionProcessImpl authProcess = new CountrySelectionProcessImpl();
+
+  /**
+   * jUnit class initializer.
+   * 
+   */
+  @BeforeClass
+  public static void classInitializer() {
+    final String current = new java.io.File(".").toURI().toString();
+    System.setProperty("eidas.ms.configuration", current + "../basicConfig/ms-connector/default_config.properties");
+    
+  }
+  
+  /**
+   * jUnit test set-up.
+   * 
+   */
+  @Before
+  public void initialize() {
+    Map<String, String> configMap = new HashMap<String, String>();
+    configMap.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "http://test.com/test");    
+    IConfiguration basicConfig = new DummyConfiguration();
+    oaParam = new DummySpConfiguration(configMap, basicConfig);
+    pendingReq = new TestRequestImpl();    
+    pendingReq.setSpConfig(oaParam);
+  }
+
+  @Test
+  public void checkProcessDefinition() {
+    Assert.assertNotNull("AuthModule is null", authProcess);
+    Assert.assertNotNull("AuthModule process is null", authProcess.getProcessDefinitions());
+    
+    for (String el : authProcess.getProcessDefinitions()) {
+      Resource res = loader.getResource(el);
+      Assert.assertTrue("AuthProcess description not extist", res.exists());
+      
+    }    
+  }
+  
+  @Test
+  public void noCountrySelected() throws Exception {  
+    final String result =
+        moduleReg.selectProcess(executionContext, pendingReq);   
+    Assert.assertNotNull("Process is null", result);
+    Assert.assertEquals("Process Id not match", "CountrySelectionProcess", result);
+
+  }
+  
+  @Test
+  public void selectCountryValid() throws Exception {
+    executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, RandomStringUtils.randomAlphanumeric(2));
+    final String result =
+        moduleReg.selectProcess(executionContext, pendingReq);
+    
+    Assert.assertNull("Select wrong process", result);
+
+  }
+  
+  @Test
+  public void selectCountryWrongType() throws Exception {
+    executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, 1);
+    final String result =
+        moduleReg.selectProcess(executionContext, pendingReq);   
+    Assert.assertNotNull("Process is null", result);
+    Assert.assertEquals("Process Id not match", "CountrySelectionProcess", result);
+
+  }
+  
+  @Test
+  public void selectCountryEmpty() throws Exception {
+    executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "");
+    final String result =
+        moduleReg.selectProcess(executionContext, pendingReq);   
+    Assert.assertNotNull("Process is null", result);
+    Assert.assertEquals("Process Id not match", "CountrySelectionProcess", result);
+
+  }
+  
+}
-- 
cgit v1.2.3