From e8e75813ab549d03b0ac482fe0e1e86ee660b8b0 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Fri, 11 Mar 2022 11:49:05 +0100
Subject: chore(proxy): add module for stand-alone ms-specific proxy-service
 application

---
 ...MsSpecificEidasProxySpringResourceProvider.java |  55 +++++++++
 ...ficSpringBootApplicationContextInitializer.java |  83 +++++++++++++
 .../proxy/SpringBootApplicationInitializer.java    | 106 +++++++++++++++++
 ...iz.components.spring.api.SpringResourceProvider |   1 +
 .../src/main/resources/application.properties      | 116 ++++++++++++++++++
 .../src/main/resources/applicationContext.xml      |  43 +++++++
 .../src/main/resources/logback.xml                 |  30 +++++
 .../properties/external_statuscodes_map.properties |  76 ++++++++++++
 .../main/resources/properties/messages.properties  | 128 ++++++++++++++++++++
 .../resources/properties/messages_de.properties    | 129 +++++++++++++++++++++
 .../properties/status_messages_en.properties       |  74 ++++++++++++
 .../main/resources/specific_eIDAS_proxy.beans.xml  |  17 +++
 .../src/main/resources/tomcat.properties           |  15 +++
 13 files changed, 873 insertions(+)
 create mode 100644 ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/MsSpecificEidasProxySpringResourceProvider.java
 create mode 100644 ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/MsSpecificSpringBootApplicationContextInitializer.java
 create mode 100644 ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/SpringBootApplicationInitializer.java
 create mode 100644 ms_specific_proxyservice/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
 create mode 100644 ms_specific_proxyservice/src/main/resources/application.properties
 create mode 100644 ms_specific_proxyservice/src/main/resources/applicationContext.xml
 create mode 100644 ms_specific_proxyservice/src/main/resources/logback.xml
 create mode 100644 ms_specific_proxyservice/src/main/resources/properties/external_statuscodes_map.properties
 create mode 100644 ms_specific_proxyservice/src/main/resources/properties/messages.properties
 create mode 100644 ms_specific_proxyservice/src/main/resources/properties/messages_de.properties
 create mode 100644 ms_specific_proxyservice/src/main/resources/properties/status_messages_en.properties
 create mode 100644 ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml
 create mode 100644 ms_specific_proxyservice/src/main/resources/tomcat.properties

(limited to 'ms_specific_proxyservice/src/main')

diff --git a/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/MsSpecificEidasProxySpringResourceProvider.java b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/MsSpecificEidasProxySpringResourceProvider.java
new file mode 100644
index 00000000..5f845108
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/MsSpecificEidasProxySpringResourceProvider.java
@@ -0,0 +1,55 @@
+package at.asitplus.eidas.specific.proxy;
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+public class MsSpecificEidasProxySpringResourceProvider implements SpringResourceProvider {
+
+  @Override
+  public Resource[] getResourcesToLoad() {
+    final ClassPathResource generic =
+        new ClassPathResource("/applicationContext.xml", MsSpecificEidasProxySpringResourceProvider.class);   
+    final ClassPathResource msEidasNode = new ClassPathResource(
+        "/specific_eIDAS_proxy.beans.xml", MsSpecificEidasProxySpringResourceProvider.class);
+        
+    return new Resource[] { generic, msEidasNode};
+    
+  }
+
+  @Override
+  public String[] getPackagesToScan() {
+    return null;
+  }
+
+  @Override
+  public String getName() {
+    return "MS-specific eIDAS-Proxy-Service SpringResourceProvider";
+  }
+
+}
diff --git a/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/MsSpecificSpringBootApplicationContextInitializer.java b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/MsSpecificSpringBootApplicationContextInitializer.java
new file mode 100644
index 00000000..2ec08b17
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/MsSpecificSpringBootApplicationContextInitializer.java
@@ -0,0 +1,83 @@
+package at.asitplus.eidas.specific.proxy;
+
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.Properties;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.core.env.MutablePropertySources;
+import org.springframework.core.env.PropertiesPropertySource;
+
+import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class MsSpecificSpringBootApplicationContextInitializer extends
+    SpringBootApplicationContextInitializer {
+
+  private static final String SYSTEMD_PROP_NAME = "eidas.ms.configuration";
+  private static final String PATH_FILE_PREFIX = "file:";
+  
+  @Override
+  public void initialize(ConfigurableApplicationContext applicationContext) {    
+    String configPath = System.getProperty(SYSTEMD_PROP_NAME);
+    if (StringUtils.isNotEmpty(configPath)) {
+      log.debug("Find configuration-source from SystemD Property: '{}' ...", SYSTEMD_PROP_NAME);      
+      if (configPath.startsWith(PATH_FILE_PREFIX)) {
+        configPath = configPath.substring(PATH_FILE_PREFIX.length());
+        
+      }      
+      injectConfiguration(configPath, applicationContext);            
+
+    } else {
+      log.info("Find NO SystemD Property: '{}' Maybe no configuration available", SYSTEMD_PROP_NAME);
+      
+    }
+    
+    super.initialize(applicationContext);
+        
+  }
+  
+  private void injectConfiguration(String configPath, ConfigurableApplicationContext applicationContext) {
+    InputStream is = null;
+    try {
+      Path path = Paths.get(configPath);
+      if (Files.exists(path)) {
+        File file = new File(configPath);             
+        Properties props = new Properties();
+        is = new FileInputStream(file);
+        props.load(is);      
+        MutablePropertySources sources = applicationContext.getEnvironment().getPropertySources();       
+        sources.addFirst(new PropertiesPropertySource(SYSTEMD_PROP_NAME, props));
+        log.info("Set configuration-source from SystemD-Property: {}", SYSTEMD_PROP_NAME);
+      
+      } else {
+        log.error("Configuration from SystemD Property: '{}' at Location: {} DOES NOT exist", 
+            SYSTEMD_PROP_NAME, configPath);
+        
+      }
+      
+    } catch (IOException e) {
+      log.error("Configuration from SystemD Property: '{}' at Location: {} CAN NOT be loaded", 
+          SYSTEMD_PROP_NAME, configPath, e);
+      
+    } finally {
+      try {
+        if (is != null) {
+          is.close();
+          
+        }        
+      } catch (IOException e) {
+        log.error("Can not close InputStream of configLoader: {}", configPath, e);
+        
+      }
+    }        
+  }
+}
diff --git a/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/SpringBootApplicationInitializer.java b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/SpringBootApplicationInitializer.java
new file mode 100644
index 00000000..7dcc9abf
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/SpringBootApplicationInitializer.java
@@ -0,0 +1,106 @@
+package at.asitplus.eidas.specific.proxy;
+
+
+import org.opensaml.core.config.InitializationException;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.web.context.WebApplicationContext;
+
+import at.gv.egiz.eaaf.core.api.IStatusMessenger;
+import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory;
+import at.gv.egiz.eaaf.core.impl.logging.SimpleStatusMessager;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import lombok.extern.slf4j.Slf4j;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+
+@Slf4j
+@SpringBootApplication(scanBasePackages = {
+    "at.asitplus.eidas.specific.connector", 
+    "at.gv.egiz.eaaf.utils.springboot.ajp"
+    })
+public class SpringBootApplicationInitializer extends SpringBootServletInitializer {
+
+  private static ConfigurableApplicationContext ctx;
+
+  /**
+   * Starts MS-specific eIDAS-Implementation SpringBoot application.
+   *
+   * @param args Starting parameters
+   * @throws Throwable In case of a start-up error
+   */
+  public static void main(final String[] args) throws Throwable {
+    try {
+      log.info("=============== Initializing Spring-Boot context! ===============");
+      LogMessageProviderFactory.setStatusMessager(new SimpleStatusMessager());
+      final SpringApplication springApp =
+          new SpringApplication(SpringBootApplicationInitializer.class);
+      springApp.addInitializers(new MsSpecificSpringBootApplicationContextInitializer());
+
+      log.info("Bootstrap openSAML .... ");
+      EaafOpenSaml3xInitializer.eaafInitialize();
+      
+      log.debug("Run SpringBoot initialization process ... ");
+      ctx = springApp.run(args);
+
+      // initialize status messenger
+      LogMessageProviderFactory.setStatusMessager(ctx.getBean(IStatusMessenger.class));
+      
+      log.info("Initialization of MS-specific eIDAS-Proxy-Service finished.");
+
+    } catch (final Throwable e) {
+      log.error("MS-specific eIDAS-Proxy-Service initialization FAILED!", e);
+      throw e;
+
+    }
+
+  }
+
+  
+  protected SpringApplicationBuilder createSpringApplicationBuilder() {    
+    try {
+      log.info("Bootstrap openSAML .... ");
+      EaafOpenSaml3xInitializer.eaafInitialize();
+           
+    } catch (InitializationException | ComponentInitializationException e) {
+      throw new RuntimeException(e);
+      
+    }
+    
+    SpringApplicationBuilder builder = new SpringApplicationBuilder();
+    builder.initializers(new MsSpecificSpringBootApplicationContextInitializer());    
+    return builder;
+    
+  }
+  
+  protected WebApplicationContext run(SpringApplication application) {
+    WebApplicationContext internalContext = (WebApplicationContext) application.run();
+   
+    // initialize status messenger
+    LogMessageProviderFactory.setStatusMessager(internalContext.getBean(IStatusMessenger.class));
+   
+    log.info("Initialization of MS-specific eIDAS-Proxy-Service finished.");
+    
+    return internalContext;
+  }
+  
+  /**
+   * Stops SpringBoot application of MS-specific eIDAS-Implementation.
+   * 
+   */
+  public static void exit() {
+    if (ctx != null) {
+      log.info("Stopping SpringBoot application ... ");
+      SpringApplication.exit(ctx, () -> 0);
+      ctx = null;
+      
+    } else {
+      log.info("No SpringBoot context. Nothing todo");
+      
+    }
+
+  }
+
+}
diff --git a/ms_specific_proxyservice/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/ms_specific_proxyservice/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
new file mode 100644
index 00000000..a39e8422
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
@@ -0,0 +1 @@
+at.asitplus.eidas.specific.proxy.MsSpecificEidasProxySpringResourceProvider
\ No newline at end of file
diff --git a/ms_specific_proxyservice/src/main/resources/application.properties b/ms_specific_proxyservice/src/main/resources/application.properties
new file mode 100644
index 00000000..9f1b68e2
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/resources/application.properties
@@ -0,0 +1,116 @@
+## Set Spring-Boot profile-configuration to 2.3 style
+spring.config.use-legacy-processing=true
+
+## ApplicationServer configuration 
+server.servlet.contextPath=/ms_proxyservice
+#server.port=7080
+
+app.build.artifactId=ms_proxyservice
+
+
+
+#############################################################################
+## SpringBoot Admin client
+spring.boot.admin.client.enabled=false
+
+#############################################################################
+## SpringBoot Actuator
+management.endpoints.web.exposure.include=health,info
+
+#############################################################################
+## Common parts of MS-speccific eIDAS application configuration
+
+#eidas.ms.context.url.prefix=
+eidas.ms.context.url.request.validation=false
+#eidas.ms.configRootDir=file:/.../config/
+eidas.ms.context.use.clustermode=true
+eidas.ms.core.logging.level.info.errorcodes=auth.21
+
+##Monitoring
+eidas.ms.monitoring.eIDASNode.metadata.url=
+
+
+##Specific logger configuration
+eidas.ms.technicallog.write.MDS.into.techlog=true
+eidas.ms.revisionlog.write.MDS.into.revisionlog=true
+eidas.ms.revisionlog.logIPAddressOfUser=true
+
+
+##Directory for static Web content
+eidas.ms.webcontent.static.directory=webcontent/
+eidas.ms.webcontent.templates=templates/
+eidas.ms.webcontent.properties=properties/messages
+
+
+## extended validation of pending-request Id's
+eidas.ms.core.pendingrequestid.maxlifetime=300
+eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256
+#eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret
+
+
+## HTTP-client defaults
+eidas.ms.client.http.connection.timeout.socket=15
+eidas.ms.client.http.connection.timeout.connection=15
+eidas.ms.client.http.connection.timeout.request=15
+
+
+## Common PVP2 S-Profile (SAML2) configuration
+#eidas.ms.pvp2.metadata.organisation.name=JUnit
+#eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit
+#eidas.ms.pvp2.metadata.organisation.url=http://junit.test
+#eidas.ms.pvp2.metadata.contact.givenname=Max
+#eidas.ms.pvp2.metadata.contact.surname=Mustermann
+#eidas.ms.pvp2.metadata.contact.email=max@junit.test
+
+##only for advanced config
+eidas.ms.configuration.pvp.scheme.validation=true
+eidas.ms.configuration.pvp.enable.entitycategories=false
+
+
+#############################################################################
+## MS-speccific eIDAS-Proxy-Service configuration
+
+#### eIDAS ms-specific Proxy-Service configuration
+eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy
+#eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=
+
+# Mandate configuration
+eidas.ms.auth.eIDAS.proxy.mandates.enabled=false
+#eidas.ms.auth.eIDAS.proxy.mandates.profiles.natural.default=
+#eidas.ms.auth.eIDAS.proxy.mandates.profiles.legal.default=
+
+
+## special foreign eIDAS-Connector configuration
+#eidas.ms.connector.0.uniqueID=https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata
+#eidas.ms.connector.0.countryCode=CC
+#eidas.ms.connector.0.mandates.enabled=false
+#eidas.ms.connector.0.mandates.natural=
+#eidas.ms.connector.0.mandates.legal=
+#eidas.ms.connector.0.auth.idaustria.entityId=
+
+
+## PVP2 S-Profile communication with ID Austria System 
+# EntityId and optional metadata of ID Austria System
+#eidas.ms.modules.idaustriaauth.idp.entityId=
+#eidas.ms.modules.idaustriaauth.idp.metadataUrl=
+
+# SAML2 client configuration
+eidas.ms.modules.idaustriaauth.keystore.type=jks
+#eidas.ms.modules.idaustriaauth.keystore.name=
+#eidas.ms.modules.idaustriaauth.keystore.path=
+#eidas.ms.modules.idaustriaauth.keystore.password=
+#eidas.ms.modules.idaustriaauth.metadata.sign.alias=
+#eidas.ms.modules.idaustriaauth.metadata.sign.password=
+#eidas.ms.modules.idaustriaauth.request.sign.alias=
+#eidas.ms.modules.idaustriaauth.request.sign.password=
+#eidas.ms.modules.idaustriaauth.response.encryption.alias=
+#eidas.ms.modules.idaustriaauth.response.encryption.password=
+
+# TrustStore to validate SAML2 metadata from ID Austria 
+#eidas.ms.modules.idaustriaauth.truststore.type=jks
+#eidas.ms.modules.idaustriaauth.truststore.name=
+#eidas.ms.modules.idaustriaauth.truststore.path=
+#eidas.ms.modules.idaustriaauth.truststore.password=
+
+
+
diff --git a/ms_specific_proxyservice/src/main/resources/applicationContext.xml b/ms_specific_proxyservice/src/main/resources/applicationContext.xml
new file mode 100644
index 00000000..ec8e79f4
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/resources/applicationContext.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:context="http://www.springframework.org/schema/context"
+  xmlns:mvc="http://www.springframework.org/schema/mvc"
+  xsi:schemaLocation="
+    http://www.springframework.org/schema/beans 
+    http://www.springframework.org/schema/beans/spring-beans.xsd
+    http://www.springframework.org/schema/context 
+    http://www.springframework.org/schema/context/spring-context.xsd
+    http://www.springframework.org/schema/mvc
+    http://www.springframework.org/schema/mvc/spring-mvc.xsd
+    http://www.springframework.org/schema/tx
+    http://www.springframework.org/schema/tx/spring-tx.xsd">
+
+  <context:annotation-config />
+  <context:component-scan base-package="at.gv.egiz.eaaf.utils.springboot.ajp"/>
+    
+  <mvc:interceptors>
+    <bean
+      class="at.asitplus.eidas.specific.core.interceptor.WebFrontEndSecurityInterceptor" />
+    <bean
+      class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
+      <property name="paramName" value="lang" />
+    </bean>
+  </mvc:interceptors>
+
+  <bean id="springContextClosingHandler"
+        class="at.asitplus.eidas.specific.core.SpringContextCloseHandler" />
+
+  <beans profile="deprecatedConfig">
+  <bean id="BasicMSSpecificNodeConfig"
+    class="at.asitplus.eidas.specific.core.config.BasicConfigurationProvider">
+    <constructor-arg value="#{systemProperties['eidas.ms.configuration']}" />
+  </bean>
+  </beans>
+  <beans profile="!deprecatedConfig">
+    <bean id="springBootMsSpecificNodeConfig"
+          class="at.asitplus.eidas.specific.core.config.SpringBootBasicConfigurationProvider" />
+          
+  </beans>
+
+</beans>
diff --git a/ms_specific_proxyservice/src/main/resources/logback.xml b/ms_specific_proxyservice/src/main/resources/logback.xml
new file mode 100644
index 00000000..9679d9e4
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/resources/logback.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- For assistance related to logback-translator or configuration -->
+<!-- files in general, please contact the logback user mailing list -->
+<!-- at http://www.qos.ch/mailman/listinfo/logback-user -->
+<!-- -->
+<!-- For professional support please see -->
+<!-- http://www.qos.ch/shop/products/professionalSupport -->
+<!-- -->
+<configuration>
+  <appender name="console"
+    class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n</pattern>
+    </encoder>
+  </appender>
+  <logger name="at.gv.egiz.eaaf" level="info">
+    <appender-ref ref="console" />
+  </logger>
+  <logger name="eu.eidas" additivity="false" level="info">
+    <appender-ref ref="console" />
+  </logger>
+  <logger name="at.gv.egiz.eidas.specific" additivity="false"
+    level="info">
+    <appender-ref ref="console" />
+  </logger>
+  <root level="info">
+    <appender-ref ref="console" />
+  </root>
+</configuration>
diff --git a/ms_specific_proxyservice/src/main/resources/properties/external_statuscodes_map.properties b/ms_specific_proxyservice/src/main/resources/properties/external_statuscodes_map.properties
new file mode 100644
index 00000000..a0951dfb
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/resources/properties/external_statuscodes_map.properties
@@ -0,0 +1,76 @@
+eidas.00=1302 
+eidas.01=1302 
+eidas.02=1301
+eidas.03=1300
+eidas.04=1100
+eidas.05=1302
+eidas.06=1302
+eidas.07=1302
+
+config.01=9099
+config.03=9099
+config.18=9099
+config.24=9099
+
+
+ernb.00=4601
+ernb.01=4601
+ernb.02=4600
+ernb.03=4602
+
+auth.00=1100     
+
+auth.21=1005
+auth.26=1100
+auth.28=1100  
+
+auth.37=1101
+auth.38=1101
+auth.39=1099
+
+process.01=9105
+process.02=9104
+process.03=9104
+process.04=9105
+
+builder.00=9102
+builder.11=1099
+
+parser.01=1101
+
+gui.00=9103
+
+pvp2.01=6100
+pvp2.02=6100
+pvp2.05=6105
+pvp2.07=6104
+pvp2.09=6199
+pvp2.10=6100
+pvp2.11=6105
+pvp2.12=6105 
+pvp2.13=6199
+pvp2.14=6199
+pvp2.15=6103
+pvp2.16=6101
+pvp2.17=6102   
+pvp2.20=6103
+pvp2.21=6104
+pvp2.22=6105
+pvp2.23=6105
+pvp2.24=6105
+pvp2.26=6103
+pvp2.27=6199
+pvp2.28=6105
+
+
+internal.00=9105 
+internal.01=9199
+internal.02=9101
+internal.03=9199
+internal.04=9101
+internal.05=9106
+internal.06=9106
+
+config.08=9008
+config.27=9008
+config.30=9008 
\ No newline at end of file
diff --git a/ms_specific_proxyservice/src/main/resources/properties/messages.properties b/ms_specific_proxyservice/src/main/resources/properties/messages.properties
new file mode 100644
index 00000000..cc60cd6e
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/resources/properties/messages.properties
@@ -0,0 +1,128 @@
+####### GUI elements ####
+gui.general.language.selection.title=Language selection
+gui.general.language.selection.de=Deutsch
+gui.general.language.selection.en=English
+
+##Errorpage template
+gui.errorpage.msg.title=Authentication error arise
+gui.errorpage.msg.information=The authentication stops on account of a process error:
+gui.errorpage.msg.errorcode=Error    Code:
+gui.errorpage.msg.errormsg=Error Message:
+gui.errorpage.msg.stacktrace=Stacktrace:
+
+##Country-Selection page
+gui.countryselection.title=eIDAS-Login Countryselection
+gui.countryselection.logo.bmi.alt=Logo BMI
+gui.countryselection.link.bmi=Mainpage BMI
+gui.countryselection.header1=Federal Ministry of Internal Affairs
+gui.countryselection.header2=Austrian Central eIDAS Node
+gui.countryselection.header3=Operated by Federal Ministry of Internal Affairs
+gui.countryselection.header.selection=Select your country
+gui.countryselection.cancel=Cancel
+gui.countryselection.notsupportedinfo=If you cannot find your country in this list then your electronic identity (eID) is not yet supported.
+
+gui.countryselection.infos.general.header=Information on Logins with European eIDs
+gui.countryselection.infos.general.link.1=eIDAS regulation of the European Union
+gui.countryselection.infos.general.link.2=Austrian Supplementary Register for Natural Persons (ERnP)
+gui.countryselection.infos.general.part.1=This is the central eIDAS node of the Republic of Austria, operated by the  
+gui.countryselection.infos.general.part.2=It enables logins at Austrian online services using an electronic identity (eID) of another EU member state. You have been redirected to this page, as you have initiated a login to an online service using the option "EU Login".
+gui.countryselection.infos.general.part.3=The central eIDAS node of the Republic of Austria allows you to login to Austrian online services using the eID of your home country. This way, compliance with the 
+gui.countryselection.infos.general.part.4=, which regulates the mutual cross-border acceptance of national eIDs, is achieved. The mutual cross-border acceptance of national eIDs is implemented successively within the EU. Currently, the central eIDAS node of the Republic of Austria supports logins using the eID systems of the Member States mentioned above. More Member States will be added according to availability of their respective eID solutions.
+gui.countryselection.infos.general.part.5=After selecting your home country on this page, you are forwarded to the familiar login environment of the selected member state. There, you can login with your eID as usual. After successful completion of the login process, you are automatically forwarded and logged in to the online service, from which you have been redirected to this page. During your first login, your eID data is also registered in the 
+gui.countryselection.infos.general.part.6=This ensures that you will also be successfully and uniquely identified in subsequent logins at Austrian online services.
+
+gui.countryselection.country.be=Belgium
+gui.countryselection.country.be.logo.alt=Belgium-eID
+gui.countryselection.country.hr=Croatia
+gui.countryselection.country.hr.logo.alt=Croatia-eID
+gui.countryselection.country.cy=Cyprus
+gui.countryselection.country.cy.logo.alt=Cyprus-eID
+gui.countryselection.country.cz=Czech Republic
+gui.countryselection.country.cz.logo.alt=Czech Republic-eID
+gui.countryselection.country.ee=Estonia
+gui.countryselection.country.ee.logo.alt=Estonia-eID
+gui.countryselection.country.de=Germany
+gui.countryselection.country.de.logo.alt=German-eID
+gui.countryselection.country.is=Iceland
+gui.countryselection.country.is.logo.alt=Iceland-eID
+gui.countryselection.country.it=Italy
+gui.countryselection.country.it.logo.alt=Italy-eID
+gui.countryselection.country.li=Lichtenstein
+gui.countryselection.country.li.logo.alt=Lichtensteinische-eID
+gui.countryselection.country.lt=Lithuania
+gui.countryselection.country.lt.logo.alt=Lithuania-eID
+gui.countryselection.country.lv=Latvia
+gui.countryselection.country.lv.logo.alt=Latvia-eID
+gui.countryselection.country.nl=Netherlands
+gui.countryselection.country.nl.logo.alt=Netherlands-eID
+gui.countryselection.country.pl=Poland
+gui.countryselection.country.pl.logo.alt=Poland-eID
+gui.countryselection.country.pt=Portugal
+gui.countryselection.country.pt.logo.alt=Portugal-eID
+gui.countryselection.country.si=Slovenia
+gui.countryselection.country.si.logo.alt=Slovenia-eID
+gui.countryselection.country.es=SSpain
+gui.countryselection.country.es.logo.alt=Spain-eID
+
+gui.countryselection.country.bg=Bulgaria
+gui.countryselection.country.bg.logo.alt=Bulgaria-eID
+gui.countryselection.country.dk=Denmark
+gui.countryselection.country.dk.logo.alt=Denmark-eID
+gui.countryselection.country.fi=Finland
+gui.countryselection.country.fi.logo.alt=Finland-eID
+gui.countryselection.country.fr=France
+gui.countryselection.country.fr.logo.alt=France-eID
+gui.countryselection.country.gr=Greece
+gui.countryselection.country.gr.logo.alt=Greece-eID
+gui.countryselection.country.hu=Hungary
+gui.countryselection.country.hu.logo.alt=Hungary-eID
+gui.countryselection.country.ir=Ireland
+gui.countryselection.country.ir.logo.alt=Ireland-eID
+gui.countryselection.country.lu=Luxembourg
+gui.countryselection.country.lu.logo.alt=Luxembourg-eID
+gui.countryselection.country.mt=Malta
+gui.countryselection.country.mt.logo.alt=Malta-eID
+gui.countryselection.country.ro=Romania
+gui.countryselection.country.ro.logo.alt=Romania-eID
+gui.countryselection.country.sk=Slovakia
+gui.countryselection.country.sk.logo.alt=Slovakia-eID
+gui.countryselection.country.se=Sweden
+gui.countryselection.country.se.logo.alt=Sweden-eID
+gui.countryselection.country.uk=United Kingdom
+gui.countryselection.country.uk.logo.alt=United Kingdom-eID
+
+gui.countryselection.country.testcountry=TestCountry
+gui.countryselection.country.testcountry.logo.alt=Testcountry-eID
+
+gui.countryselection.mode.prod=Production
+gui.countryselection.mode.qs=QS
+gui.countryselection.mode.test=Test
+gui.countryselection.mode.dev=Development
+
+##Other Login Methods page
+gui.otherlogin.title=eIDAS-Login Other Login Methods
+gui.otherlogin.header.selection=Select an alternative login method
+gui.otherlogin.hs=Mobile Signature ("Handy-Signatur")
+gui.otherlogin.eidas=Alternative eIDAS ID
+gui.otherlogin.none=No alternative login methods
+gui.otherlogin.cancel=Cancel
+
+##Austrian Residency page
+gui.residency.title=Austrian Residency
+gui.residency.header.selection=Search for your Austrian Residency
+gui.residency.header.help=You can search for the address that you have been registered at in the past. Please enter a \
+  postcode, municipality or village first to start the search.
+gui.residency.header.inputinvalid=Be sure to enter a value for Municipality or Village
+gui.residency.cancel=Cancel
+gui.residency.search=Search
+gui.residency.clear=Clear
+gui.residency.proceed=Proceed
+gui.residency.updated=Updated your input
+gui.residency.found=Found {0} results, click on one result to refine your search
+gui.residency.unique=Unique result found, please proceed
+gui.residency.error=Error on Backend Call
+gui.residency.input.postleitzahl=Postcode
+gui.residency.input.municipality=Municipality
+gui.residency.input.village=Village
+gui.residency.input.street=Street
+gui.residency.input.number=Number
\ No newline at end of file
diff --git a/ms_specific_proxyservice/src/main/resources/properties/messages_de.properties b/ms_specific_proxyservice/src/main/resources/properties/messages_de.properties
new file mode 100644
index 00000000..6f470ea0
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/resources/properties/messages_de.properties
@@ -0,0 +1,129 @@
+####### GUI elements ####
+gui.general.language.selection.title=Sprachauswahl
+gui.general.language.selection.de=Deutsch
+gui.general.language.selection.en=English
+
+##Errorpage template
+gui.errorpage.msg.title=Es ist ein Fehler aufgetreten
+gui.errorpage.msg.information=Der Anmeldevorgang wurde aufgrund eines Fehlers beendet:
+gui.errorpage.msg.errorcode=Fehlercode   :
+gui.errorpage.msg.errormsg=Fehlermeldung:
+gui.errorpage.msg.stacktrace=Stacktrace:
+
+##Country-Selection page
+gui.countryselection.title=eIDAS-Login Länderauswahl
+gui.countryselection.logo.bmi.alt=Logo BMI
+gui.countryselection.link.bmi=Startseite BMI
+gui.countryselection.header1=Bundesministerium für Inneres
+gui.countryselection.header2=Zentraler eIDAS Knoten der Republik Österreich
+gui.countryselection.header3=Betrieben durch das Bundesministerium für Inneres
+gui.countryselection.header.selection=Wählen Sie Ihr Land
+gui.countryselection.cancel=Abbrechen
+gui.countryselection.notsupportedinfo=Wenn Sie Ihr Land in dieser Aufzählung nicht entdecken, dann wird Ihre elektronische Identität (eID) leider noch nicht unterstützt.
+
+gui.countryselection.infos.general.header=Information zur Anmeldung über Europäische eIDs
+gui.countryselection.infos.general.link.1=eIDAS-Verordnung der Europäischen Union
+gui.countryselection.infos.general.link.2=Ergänzungsregister für natürliche Personen (ERnP)
+gui.countryselection.infos.general.part.1=Sie befinden sich am zentralen eIDAS-Knoten der Republik Österreich. Dieser wird vom Österreichischen 
+gui.countryselection.infos.general.part.2=betrieben und ermöglicht eine Anmeldungen zu österreichischen Online-Anwendungen unter Verwendung einer elektronischen Identität (eID) anderer EU-Mitgliedstaaten. Sie wurden hierher weitergeleitet, da Sie in einer Online-Anwendung eine Anmeldung via EU-Login initiiert haben.
+gui.countryselection.infos.general.part.3=Der zentrale eIDAS-Knoten der Republik Österreich ermöglicht Ihnen eine Anmeldung zu österreichischen Online-Anwendungen mit der eID Ihres Herkunftsstaates. Damit werden die Vorgaben der 
+gui.countryselection.infos.general.part.4=erfüllt, die eine staatenübergreifende Akzeptanz nationaler eIDs vorsieht. Die wechselseitige Anerkennung nationaler eIDs erfolgt in der EU schrittweise. Aktuell unterstützt der zentrale eIDAS-Knoten der Republik Österreich Anmeldungen mit den eID-Systemen der oben angeführten Mitgliedstaaten. Diese Liste wird laufend erweitert.
+gui.countryselection.infos.general.part.5=Nachdem Sie auf dieser Seite einen Mitgliedsstaat ausgewählt haben, werden Sie an die gewohnte Anmeldeumgebung des jeweiligen Mitgliedsstaats weitergeleitet. Dort können Sie sich mit Ihrer eID wie gewohnt anmelden. Haben Sie den Anmeldeprozess erfolgreich abgeschlossen, werden Sie automatisch an die Online-Anwendung, von der aus Sie auf diese Auswahlseite gelangt sind, weitergeleitet und dort mit den Identitätsdaten Ihrer eID angemeldet. Gleichzeitig werden Sie bei Ihrer ersten Anmeldung auf diesem Weg mit Ihren eID-Daten in das österreichische
+gui.countryselection.infos.general.part.6=eingetragen. Damit wird sichergestellt, dass Sie auch im Rahmen zukünftiger Anmeldeprozesse zu österreichischen Online-Anwendungen erfolgreich und eindeutig identifiziert werden können.
+
+
+gui.countryselection.country.be=Belgien
+gui.countryselection.country.be.logo.alt=Belgische-eID
+gui.countryselection.country.hr=Kroatien
+gui.countryselection.country.hr.logo.alt=Kroatische-eID
+gui.countryselection.country.cy=Zypern
+gui.countryselection.country.cy.logo.alt=Zypriotische-eID
+gui.countryselection.country.cz=Tschechische Republik
+gui.countryselection.country.cz.logo.alt=Tschechische Republik-eID
+gui.countryselection.country.ee=Estland
+gui.countryselection.country.ee.logo.alt=Estländische-eID
+gui.countryselection.country.de=Deutschland
+gui.countryselection.country.de.logo.alt=Deutsche-eID
+gui.countryselection.country.is=Island
+gui.countryselection.country.is.logo.alt=Isländische-eID
+gui.countryselection.country.it=Italien
+gui.countryselection.country.it.logo.alt=Italienische-eID
+gui.countryselection.country.li=Lichtenstein
+gui.countryselection.country.li.logo.alt=Lichtensteinische-eID
+gui.countryselection.country.lt=Litauen
+gui.countryselection.country.lt.logo.alt=Litauische-eID
+gui.countryselection.country.lv=Lettland
+gui.countryselection.country.lv.logo.alt=Lettländische-eID
+gui.countryselection.country.nl=Niederlande
+gui.countryselection.country.nl.logo.alt=Niederländische-eID
+gui.countryselection.country.pl=Polen
+gui.countryselection.country.pl.logo.alt=Polnische-eID
+gui.countryselection.country.pt=Portugal
+gui.countryselection.country.pt.logo.alt=Portugisische-eID
+gui.countryselection.country.si=Slovenien
+gui.countryselection.country.si.logo.alt=Slovenische-eID
+gui.countryselection.country.es=Spanien
+gui.countryselection.country.es.logo.alt=Spanische-eID
+
+gui.countryselection.country.bg=Bulgarien
+gui.countryselection.country.bg.logo.alt=Bulgarische-eID
+gui.countryselection.country.dk=Dänemark
+gui.countryselection.country.dk.logo.alt=Dänische-eID
+gui.countryselection.country.fi=Finnland
+gui.countryselection.country.fi.logo.alt=Finische-eID
+gui.countryselection.country.fr=Frankreich
+gui.countryselection.country.fr.logo.alt=Französiche-eID
+gui.countryselection.country.gr=Grichenland
+gui.countryselection.country.gr.logo.alt=Grichische-eID
+gui.countryselection.country.hu=Ungarn
+gui.countryselection.country.hu.logo.alt=Ungarische-eID
+gui.countryselection.country.ir=Irland
+gui.countryselection.country.ir.logo.alt=Irische-eID
+gui.countryselection.country.lu=Luxenburg
+gui.countryselection.country.lu.logo.alt=Luxenburgische-eID
+gui.countryselection.country.mt=Malta
+gui.countryselection.country.mt.logo.alt=Malta-eID
+gui.countryselection.country.ro=Romänien
+gui.countryselection.country.ro.logo.alt=Romänische-eID
+gui.countryselection.country.sk=Slovakei
+gui.countryselection.country.sk.logo.alt=Slovakische-eID
+gui.countryselection.country.se=Schweden
+gui.countryselection.country.se.logo.alt=Schwedische-eID
+gui.countryselection.country.uk=Großbritanien
+gui.countryselection.country.uk.logo.alt=Britische-eID
+
+gui.countryselection.country.testcountry=Testland
+gui.countryselection.country.testcountry.logo.alt=Testland-eID
+
+gui.countryselection.mode.prod=Produktion
+gui.countryselection.mode.qs=Qualitätsicherung
+gui.countryselection.mode.test=Test
+gui.countryselection.mode.dev=Development
+
+##Other Login Methods page
+gui.otherlogin.title=eIDAS-Login Alternative Anmeldemethoden
+gui.otherlogin.header.selection=Wählen Sie eine alternative Anmeldemethode
+gui.otherlogin.hs=Handy-Signatur
+gui.otherlogin.eidas=Alternativer eIDAS Login
+gui.otherlogin.none=Keine
+gui.otherlogin.cancel=Abbrechen
+
+##Austrian Residency page
+gui.residency.title=Österreichischer Wohnsitz
+gui.residency.header.selection=Suche nach Österreichischem Wohnsitz
+gui.residency.header.help=Hier können Sie nach einem Wohnsitze in Österreich suchen. Bitte geben Sie zuerst eine \
+  Postleitzahl, Gemeinde oder Ortschaft ein um die Suche zu starten.
+gui.residency.header.inputinvalid=Bitte geben Sie einen Wert für Gemeinde oder Ortschaft ein
+gui.residency.cancel=Abbrechen
+gui.residency.search=Suche
+gui.residency.clear=Löschen
+gui.residency.proceed=Fortfahren
+gui.residency.updated=Eingabe aktualisiert
+gui.residency.found={0} Ergebnisse gefunden, klicken Sie auf ein Ergebnis um die Suche zu verfeinern
+gui.residency.unique=Eindeutiges Ergebnis gefunden, bitte fortfahren
+gui.residency.error=Fehler bei Addresssuche
+gui.residency.input.postleitzahl=PLZ
+gui.residency.input.municipality=Gemeinde
+gui.residency.input.village=Ortschaft
+gui.residency.input.street=Straße
+gui.residency.input.number=Nummer
\ No newline at end of file
diff --git a/ms_specific_proxyservice/src/main/resources/properties/status_messages_en.properties b/ms_specific_proxyservice/src/main/resources/properties/status_messages_en.properties
new file mode 100644
index 00000000..80228a47
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/resources/properties/status_messages_en.properties
@@ -0,0 +1,74 @@
+eidas.00=eIDAS Attribute {0} not found. Can not finish authentication process 
+eidas.01=NO eIDAS response-message found. Can not finish authentication process 
+eidas.02=eIDAS response-message contains an error. ErrorCode: {0}, ErrorMsg: {1}
+eidas.03=No CitizenCountry available. Can not start eIDAS authentication process
+eidas.04=Request contains no sessionToken. Authentication process stops
+eidas.05=Received eIDAS response-message is not valid. Reason: {0}
+eidas.06=LoA from eIDAS response-message {0} does not match to requested LoA
+eidas.07=eIDAS Response attribute-validation FAILED. Attribute:{0} Reason: {1}
+
+config.01=No configuration-file parameter found. Maybe Java SystemD parameter is missing
+config.03=Can not load configuration from path {0} (See logs for more details)
+config.18=Configuration file {0} is not available on filesystem
+config.24=Configuration file {1} does not start with {0} prefix.
+
+
+ernb.00=Receive no identity-link from SZR
+ernb.01=Receive no bPK from SZR
+ernb.02=SZR response contains an error. ErrorMsg: {0}
+ernb.03=Post-processing of eIDAS attributes failed. Reason: {0}
+
+auth.00=Service provider: {0} is unknown   
+auth.21=The authentication process was stopped by user
+auth.26=No transaction identifier
+auth.28=Found no active transaction with Id: {0}. Maybe, the transaction was removed after timeout  
+auth.37=Requested bPK-Target: {0} does not match allowed targets for service provider: {1}
+auth.38=Passive authentication was requested but user as no active session
+auth.39=Error: '{0}' in post-processing of authentication data. Can not finish authentication process
+
+process.01=Can not execute authentication process
+process.02=Find no applicable authentication process for transaction with Id: {0}
+process.03=Can not resume the authentication process. Reason: {0}
+process.04=Can not execute authentication process. Problem with an internal state
+
+builder.00=Can not generate data structure "{0}": {1}
+builder.11=Error: '{0}' in post-processing of authentication data. Can not finish authentication process
+
+parser.01=Error during eID-data processing. Reason: {0}
+
+gui.00=Can not build GUI component. Reason: {0}
+
+pvp2.01=General error during SAML2 response encoding
+pvp2.02=SAML2 attribute contains an wrong encoded value
+pvp2.05=LoA from SAML2 Authn. request: {0} is not supported
+pvp2.07=SAML2 Authn. request contains is not signed
+pvp2.09=SAML2 request contains an unsupported operation. (OperationId: {0})
+pvp2.10=SAML2 Attribute: {0} is not available
+pvp2.11=SAML2 Binding: {0} is not supported
+pvp2.12=SAML2 NameID Format {0} is not supported 
+pvp2.13=Internal server error during SAML2 processing
+pvp2.14=SAML2 authentication not available
+pvp2.15=No SAML2 metadata available or metadata processing failed
+pvp2.16=Encryption of SAML2 assertion failed
+pvp2.17=LoA from SAML2 Authn. request: {1} does not match to authenticated LoA: {0} by using matching-mode: {2}   
+pvp2.20=SAML2 Authn. request contains an unknown or empty EntityID.
+pvp2.21=Signature validation of SAML2 Authn. request failed. Reason: {0}
+pvp2.22=Validation of SAML2 Authn. request failed. Reason: {0}
+pvp2.23=Validation of SAML2 Authn. request failed. Reason: AssertionConsumerServiceURL {0} is not valid.
+pvp2.24=General error during SAML2 Auth. request pre-processing. Reason: {0}
+pvp2.26=SAML2 metadata validation failed. Reason: {0}
+pvp2.27=General error during SAML2 metadata generation
+pvp2.28=Validation of SAML2 Authn. request failed. Reason: AssertionConsumerServiceIndex {0} is not valid.
+
+
+internal.00=The authentication process stops by reason of an internal problem 
+internal.01=The LogOut process stops by reason of an internal problem
+internal.02=Internal error. Can not access data cache.
+internal.03=Internal error. Can not initialize a cryptographic method.
+internal.04=Internal error. Can not access data cache (Reason: {0}).
+internal.05=Internal error. Can not access SQLite database for identity-data storage (Reason: {0}) 
+internal.06=Internal error. Can not query SQLite database for identity-data storage (Reason: {0})
+
+config.08=Configuration value: {0} is missing. 
+config.27=Configuration parameter processing failed. Reason: {0}
+config.30=External configuration not found. File: {0} 
diff --git a/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml b/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml
new file mode 100644
index 00000000..c5312751
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:context="http://www.springframework.org/schema/context"
+  xmlns:tx="http://www.springframework.org/schema/tx"
+  xmlns:aop="http://www.springframework.org/schema/aop"
+  xmlns:mvc="http://www.springframework.org/schema/mvc"
+  xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
+    http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
+
+  <import resource="specific_eIDAS_core.beans.xml"/>
+
+ 
+</beans>
\ No newline at end of file
diff --git a/ms_specific_proxyservice/src/main/resources/tomcat.properties b/ms_specific_proxyservice/src/main/resources/tomcat.properties
new file mode 100644
index 00000000..38ab5a64
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/resources/tomcat.properties
@@ -0,0 +1,15 @@
+tomcat.ajp.enabled=true
+#tomcat.ajp.port=41009
+#tomcat.ajp.additionalAttributes.secretrequired=true
+#tomcat.ajp.additionalAttributes.secret=
+
+server.tomcat.accesslog.buffered=false
+server.tomcat.accesslog.prefix=tomcat-access_log
+server.tomcat.accesslog.directory=logs/
+server.tomcat.accesslog.enabled=true
+server.tomcat.accesslog.file-date-format=.yyyy-MM-dd
+server.tomcat.accesslog.pattern=common
+server.tomcat.accesslog.rename-on-rotate=false
+server.tomcat.accesslog.request-attributes-enabled=true
+server.tomcat.accesslog.rotate=true
+server.tomcat.accesslog.suffix=.log
\ No newline at end of file
-- 
cgit v1.2.3


From 38d7758281b9cb8ba0f1a7e8a8d10098bcf2dcb8 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Fri, 3 Jun 2022 11:40:52 +0200
Subject: refactor(eidas): split 'authmodule-eIDAS-v2' into 'common-eidas' 
 code and connector-specific elements

---
 build_reporting/pom.xml                            |   6 +-
 .../connector/test/FullStartUpAndProcessTest.java  |  22 +--
 .../checks/spotbugs-exclude.xml                    |   8 +-
 modules/authmodule-eIDAS-v2/pom.xml                |  11 +-
 .../specific/modules/auth/eidas/v2/Constants.java  |  78 +++------
 .../modules/auth/eidas/v2/EidasSignalServlet.java  |   2 +-
 .../auth/eidas/v2/clients/ernp/ErnpRestClient.java |  23 +--
 .../auth/eidas/v2/clients/zmr/ZmrSoapClient.java   |  23 +--
 .../eidas/v2/handler/AbstractEidProcessor.java     |  39 +++--
 .../auth/eidas/v2/handler/DeEidProcessor.java      |   8 +-
 .../handler/DeSpecificDetailSearchProcessor.java   |   5 +-
 .../v2/service/CcSpecificEidProcessingService.java |   8 +-
 .../service/ConnectorEidasAttributeRegistry.java   | 107 ++++++++++++
 .../eidas/v2/service/EidasAttributeRegistry.java   | 180 ---------------------
 .../eidas/v2/tasks/CreateIdentityLinkTask.java     |   1 +
 .../eidas/v2/tasks/GenerateAuthnRequestTask.java   |  20 +--
 .../tasks/ReceiveAuthnResponseAlternativeTask.java |   5 +-
 .../eidas/v2/tasks/ReceiveAuthnResponseTask.java   |   8 +-
 .../auth/eidas/v2/utils/EidasResponseUtils.java    |  43 ++---
 .../eidas/v2/validator/EidasResponseValidator.java |  24 +--
 .../src/main/resources/eidas_v2_auth.beans.xml     |   5 +-
 .../auth/eidas/v2/test/EidasSignalServletTest.java |   9 +-
 .../v2/test/clients/ZmrClientProductionTest.java   |   8 +-
 .../auth/eidas/v2/test/clients/ZmrClientTest.java  |   8 +-
 .../dummy/DummySpecificCommunicationService.java   |  66 --------
 .../AlternativeSearchTaskWithRegisterTest.java     |  15 +-
 .../tasks/CreateIdentityLinkTaskEidNewTest.java    |  19 +--
 .../v2/test/tasks/CreateIdentityLinkTaskTest.java  |  11 +-
 .../test/tasks/GenerateAuthnRequestTaskTest.java   |   7 +-
 .../eidas/v2/test/tasks/InitialSearchTaskTest.java |  15 +-
 .../tasks/InitialSearchTaskWithRegistersTest.java  |  15 +-
 .../test/tasks/ReceiveAuthnResponseTaskTest.java   |  17 +-
 .../test/tasks/ReceiveEidasResponseTaskTest.java   |  19 +--
 .../EidasAttributePostProcessingTest.java          |  15 +-
 .../validation/EidasResponseValidatorTest.java     |   8 +-
 .../resources/SpringTest-context_basic_test.xml    |   9 +-
 .../resources/SpringTest-context_tasks_test.xml    |  14 +-
 .../core_commons_eidas/checks/spotbugs-exclude.xml |   9 ++
 modules/core_commons_eidas/pom.xml                 | 174 ++++++++++++++++++++
 .../modules/core/eidas/EidasConstants.java         |  85 ++++++++++
 .../core/eidas/service/EidasAttributeRegistry.java | 102 ++++++++++++
 .../dummy/DummySpecificCommunicationService.java   |  66 ++++++++
 modules/eidas_proxy-sevice/pom.xml                 |  16 +-
 .../msproxyservice/MsProxyServiceConstants.java    |  14 +-
 .../protocol/EidasProxyServiceController.java      |   8 +-
 .../protocol/ProxyServiceAuthenticationAction.java |  46 +++---
 .../utils/EidasProxyServiceUtils.java              |   6 +-
 .../protocol/EidasProxyServiceControllerTest.java  |  31 ++--
 .../ProxyServiceAuthenticationActionTest.java      |  76 +++++----
 .../spring/SpringTest-context_basic_test.xml       |   4 +-
 modules/pom.xml                                    |   1 +
 .../checks/spotbugs-exclude.xml                    |   6 +-
 ms_specific_proxyservice/pom.xml                   |   6 +-
 .../src/main/webapp/WEB-INF/web.xml                |  22 +++
 .../src/main/webapp/autocommit.js                  |   5 +
 .../src/main/webapp/css/css_error.css              |  26 +++
 .../src/main/webapp/img/ajax-loader.gif            | Bin 0 -> 673 bytes
 .../src/main/webapp/img/globus_eu.png              | Bin 0 -> 301722 bytes
 .../src/main/webapp/index.html                     |  24 +++
 pom.xml                                            |  20 ++-
 60 files changed, 1011 insertions(+), 617 deletions(-)
 create mode 100644 modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ConnectorEidasAttributeRegistry.java
 delete mode 100644 modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java
 delete mode 100644 modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummySpecificCommunicationService.java
 create mode 100644 modules/core_commons_eidas/checks/spotbugs-exclude.xml
 create mode 100644 modules/core_commons_eidas/pom.xml
 create mode 100644 modules/core_commons_eidas/src/main/java/at/asitplus/eidas/specific/modules/core/eidas/EidasConstants.java
 create mode 100644 modules/core_commons_eidas/src/main/java/at/asitplus/eidas/specific/modules/core/eidas/service/EidasAttributeRegistry.java
 create mode 100644 modules/core_commons_eidas/src/test/java/at/asitplus/eidas/specific/modules/core/eidas/test/dummy/DummySpecificCommunicationService.java
 create mode 100644 ms_specific_proxyservice/src/main/webapp/WEB-INF/web.xml
 create mode 100644 ms_specific_proxyservice/src/main/webapp/autocommit.js
 create mode 100644 ms_specific_proxyservice/src/main/webapp/css/css_error.css
 create mode 100644 ms_specific_proxyservice/src/main/webapp/img/ajax-loader.gif
 create mode 100644 ms_specific_proxyservice/src/main/webapp/img/globus_eu.png
 create mode 100644 ms_specific_proxyservice/src/main/webapp/index.html

(limited to 'ms_specific_proxyservice/src/main')

diff --git a/build_reporting/pom.xml b/build_reporting/pom.xml
index e2b9e99a..fedf9e18 100644
--- a/build_reporting/pom.xml
+++ b/build_reporting/pom.xml
@@ -20,7 +20,11 @@
     <dependency>
       <groupId>at.asitplus.eidas.ms_specific</groupId>
       <artifactId>core_common_webapp</artifactId>
-    </dependency>    
+    </dependency>
+    <dependency>
+      <groupId>at.asitplus.eidas.ms_specific</groupId>
+      <artifactId>core_commons_eidas</artifactId>
+    </dependency>          
     <dependency>
       <groupId>at.asitplus.eidas.ms_specific.modules</groupId>
       <artifactId>authmodule-eIDAS-v2</artifactId>
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
index b9525de5..9f62d41e 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
@@ -61,9 +61,9 @@ import at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint;
 import at.asitplus.eidas.specific.connector.provider.PvpEndPointCredentialProvider;
 import at.asitplus.eidas.specific.connector.provider.PvpMetadataProvider;
 import at.asitplus.eidas.specific.connector.test.saml2.Pvp2SProfileEndPointTest;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
 import at.gv.bmi.namespace.zmr_su.base._20040201.ResponseType;
 import at.gv.bmi.namespace.zmr_su.base._20040201.WorkflowInfoServer;
 import at.gv.bmi.namespace.zmr_su.base._20040201_.ServicePort;
@@ -144,7 +144,7 @@ public class FullStartUpAndProcessTest {
 
   private SZR szrMock;
   private ServicePort zmrClient;
-
+  
   private static MockWebServer mockWebServer;
   
   private String cc;
@@ -159,6 +159,8 @@ public class FullStartUpAndProcessTest {
 
 
 
+
+
   /**
    * jUnit class initializer.
    * @throws InterruptedException In case of an error
@@ -425,7 +427,7 @@ public class FullStartUpAndProcessTest {
     StatusResponseType saml2 = (StatusResponseType) XMLObjectSupport.unmarshallFromInputStream(
         XMLObjectProviderRegistrySupport.getParserPool(),
         new ByteArrayInputStream(Base64Utils.decodeFromString(saml2RespB64)));
-    Assert.assertEquals("SAML2 status", Constants.SUCCESS_URI, saml2.getStatus().getStatusCode().getValue());
+    Assert.assertEquals("SAML2 status", EidasConstants.SUCCESS_URI, saml2.getStatus().getStatusCode().getValue());
 
     final AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(saml2);
 
@@ -483,7 +485,7 @@ public class FullStartUpAndProcessTest {
     EidasIdentitaetErgebnisType eidasPersonalIdentifier = new EidasIdentitaetErgebnisType();
     personInfo.getEidasIdentitaet().add(eidasPersonalIdentifier);
     eidasPersonalIdentifier.setEidasWert(pseudonym);
-    eidasPersonalIdentifier.setEidasArt(Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER);
+    eidasPersonalIdentifier.setEidasArt(EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER);
     eidasPersonalIdentifier.setStaatscode2(cc);
 
     NatuerlichePersonErgebnisType natInfo = new NatuerlichePersonErgebnisType();
@@ -521,20 +523,20 @@ public class FullStartUpAndProcessTest {
 
     //set response from eIDAS node
     BinaryLightToken respoToken = springManagedSpecificConnectorCommunicationService.putResponse(
-        buildDummyAuthResponse(Constants.SUCCESS_URI, req.getId()));
+        buildDummyAuthResponse(EidasConstants.SUCCESS_URI, req.getId()));
     return Base64Utils.encodeToString(respoToken.getTokenBytes());
 
   }
 
   private AuthenticationResponse buildDummyAuthResponse(String statusCode, String reqId) throws URISyntaxException {
     final AttributeDefinition<?> attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
+        EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
     final AttributeDefinition<?> attributeDef2 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
+        EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
     final AttributeDefinition<?> attributeDef3 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_CURRENTGIVENNAME).first();
+        EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first();
     final AttributeDefinition<?> attributeDef4 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_DATEOFBIRTH).first();
+        EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first();
 
     final ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder()
         .put(attributeDef, personalId)
diff --git a/modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml b/modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml
index 9b12a750..84efc85d 100644
--- a/modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml
+++ b/modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml
@@ -23,13 +23,7 @@
       <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet" />
       <Method name="restoreEidasAuthProcess" />
       <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" />               
-    </Match>
-    <Match>
-      <!-- File path is only loaded from configuration -->
-      <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry" />
-      <Method name="initialize" />
-      <Bug pattern="PATH_TRAVERSAL_IN" />               
-    </Match>
+    </Match>    
     <Match>
       <!-- Redirect URL is only loaded from configuration -->
       <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask" />
diff --git a/modules/authmodule-eIDAS-v2/pom.xml b/modules/authmodule-eIDAS-v2/pom.xml
index bcec12b6..cfc7ac94 100644
--- a/modules/authmodule-eIDAS-v2/pom.xml
+++ b/modules/authmodule-eIDAS-v2/pom.xml
@@ -45,6 +45,10 @@
       <groupId>at.asitplus.eidas.ms_specific</groupId>
       <artifactId>core_common_lib</artifactId>
     </dependency>
+    <dependency>
+      <groupId>at.asitplus.eidas.ms_specific</groupId>
+      <artifactId>core_commons_eidas</artifactId>
+    </dependency>     
     <dependency>
       <groupId>at.gv.egiz.eaaf</groupId>
       <artifactId>eaaf-core</artifactId>
@@ -194,7 +198,12 @@
       <scope>test</scope>
       <type>test-jar</type>
     </dependency>
-
+    <dependency>
+      <groupId>at.asitplus.eidas.ms_specific</groupId>
+      <artifactId>core_commons_eidas</artifactId>
+      <scope>test</scope>
+      <type>test-jar</type>        
+    </dependency>          
     <dependency>
       <groupId>at.gv.egiz.eaaf</groupId>
       <artifactId>eaaf_core_utils</artifactId>
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index 4b234c41..e766fc49 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -23,6 +23,7 @@
 
 package at.asitplus.eidas.specific.modules.auth.eidas.v2;
 
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 
 public class Constants {
@@ -54,21 +55,16 @@ public class Constants {
    */
   public static final String DATA_PERSON_MATCH_RESULT = "matching_result";
 
-  // templates for post-binding forwarding
-  public static final String TEMPLATE_POST_FORWARD_NAME = "eidas_node_forward.html";
-  public static final String TEMPLATE_POST_FORWARD_ENDPOINT = "endPoint";
-  public static final String TEMPLATE_POST_FORWARD_TOKEN_NAME = "tokenName";
-  public static final String TEMPLATE_POST_FORWARD_TOKEN_VALUE = "tokenValue";
+
 
   // configuration properties
-  public static final String CONIG_PROPS_EIDAS_PREFIX = "auth.eIDAS";
-  
+    
   public static final String CONIG_PROPS_EIDAS_WORKAROUND_STAGING_MS_CONNECTOR =
-      CONIG_PROPS_EIDAS_PREFIX + ".workarounds.staging.msconnector.endpoint";  
+      EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".workarounds.staging.msconnector.endpoint";  
   public static final String CONIG_PROPS_EIDAS_IS_TEST_IDENTITY = 
-      CONIG_PROPS_EIDAS_PREFIX  + ".eid.testidentity.default";
+      EidasConstants.CONIG_PROPS_EIDAS_PREFIX  + ".eid.testidentity.default";
   
-  public static final String CONIG_PROPS_EIDAS_NODE = CONIG_PROPS_EIDAS_PREFIX + ".node_v2";
+  public static final String CONIG_PROPS_EIDAS_NODE = EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".node_v2";
   public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode";
   public static final String CONIG_PROPS_EIDAS_NODE_PUBLICSECTOR_TARGETS = CONIG_PROPS_EIDAS_NODE
       + ".publicSectorTargets";
@@ -78,15 +74,17 @@ public class Constants {
     
   public static final String CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD = CONIG_PROPS_EIDAS_NODE
       + ".forward.method";
+  
   public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_DEFAULT_ONLYNATURAL =
-      CONIG_PROPS_EIDAS_NODE + ".attributes.requested.onlynatural";
+      EidasConstants.CONIG_PROPS_EIDAS_NODE + ".attributes.requested.onlynatural";
   public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_CC_SPECIFIC_ONLYNATURAL =
-      CONIG_PROPS_EIDAS_NODE + ".attributes.requested.{0}.onlynatural";
+      EidasConstants.CONIG_PROPS_EIDAS_NODE + ".attributes.requested.{0}.onlynatural";
   public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_REPRESENTATION =
-      CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation";
+      EidasConstants.CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation";
+  
 
   public static final String CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION =
-      CONIG_PROPS_EIDAS_NODE + ".requesterId.useHashedForm";
+      EidasConstants.CONIG_PROPS_EIDAS_NODE + ".requesterId.useHashedForm";
   public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_REQUESTERID_FOR_LUX =
       CONIG_PROPS_EIDAS_NODE + ".requesterId.lu.useStaticRequesterForAll";
 
@@ -107,7 +105,8 @@ public class Constants {
 
   
   // Common SSL client configuration 
-  public static final String CONIG_PROPS_EIDAS_COMMON_CLIENT = CONIG_PROPS_EIDAS_PREFIX + ".client.common";
+  public static final String CONIG_PROPS_EIDAS_COMMON_CLIENT = 
+      EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".client.common";
   public static final String CONIG_PROPS_EIDAS_COMMON_CLIENT_SSL_KEYSTORE_PATH = CONIG_PROPS_EIDAS_COMMON_CLIENT
       + ".ssl.keyStore.path";
   public static final String CONIG_PROPS_EIDAS_COMMON_CLIENT_SSL_KEYSTORE_PASSWORD = CONIG_PROPS_EIDAS_COMMON_CLIENT
@@ -131,7 +130,8 @@ public class Constants {
   
     
   // ZMR Client configuration properties
-  public static final String CONIG_PROPS_EIDAS_ZMRCLIENT = CONIG_PROPS_EIDAS_PREFIX + ".zmrclient";
+  public static final String CONIG_PROPS_EIDAS_ZMRCLIENT = 
+      EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".zmrclient";
   public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_ENDPOINT = CONIG_PROPS_EIDAS_ZMRCLIENT
       + ".endpoint";
   public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_DEBUG_TRACEMESSAGES = CONIG_PROPS_EIDAS_ZMRCLIENT
@@ -168,7 +168,8 @@ public class Constants {
       + ".ssl.trustStore.name";
   
   // ErnP Client configuration properties
-  public static final String CONIG_PROPS_EIDAS_ERNPCLIENT = CONIG_PROPS_EIDAS_PREFIX + ".ernpclient";
+  public static final String CONIG_PROPS_EIDAS_ERNPCLIENT = 
+      EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".ernpclient";
   public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_ENDPOINT = CONIG_PROPS_EIDAS_ERNPCLIENT
       + ".endpoint";
   public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYSTORE_PATH = CONIG_PROPS_EIDAS_ERNPCLIENT
@@ -203,7 +204,8 @@ public class Constants {
   
   
   // SZR Client configuration properties
-  public static final String CONIG_PROPS_EIDAS_SZRCLIENT = CONIG_PROPS_EIDAS_PREFIX + ".szrclient";
+  public static final String CONIG_PROPS_EIDAS_SZRCLIENT = 
+      EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".szrclient";
   public static final String CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE = CONIG_PROPS_EIDAS_SZRCLIENT
       + ".useTestService";
   public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES = CONIG_PROPS_EIDAS_SZRCLIENT
@@ -261,7 +263,7 @@ public class Constants {
   public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE =
       CONIG_PROPS_EIDAS_SZRCLIENT + ".revisionlog.eidmapping.active";
 
-  public static final String DEFAULT_MS_NODE_COUNTRY_CODE = "AT";
+  
   
   @Deprecated
   public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_URL =
@@ -279,50 +281,12 @@ public class Constants {
   // eIDAS request parameters
   public static final String eIDAS_REQ_NAMEID_FORMAT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent";
 
-  // eIDAS attribute names
-  public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
-  public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
-  public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName";
-  public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName";
-  public static final String eIDAS_ATTR_PLACEOFBIRTH = "PlaceOfBirth";
-  public static final String eIDAS_ATTR_BIRTHNAME = "BirthName";
-  public static final String eIDAS_ATTR_CURRENTADDRESS = "CurrentAddress";
-  public static final String eIDAS_ATTR_TAXREFERENCE = "TaxReference";
-
-  public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier";
-  public static final String eIDAS_ATTR_LEGALNAME = "LegalName";
-
-  public static final String eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER = "RepresentativePersonIdentifier";
-  public static final String eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH = "RepresentativeDateOfBirth";
-  public static final String eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME = "RepresentativeFirstName";
-  public static final String eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME = "RepresentativeFamilyName";
-    
-  //eIDAS attribute URN
-  public static final String eIDAS_ATTRURN_PREFIX = "http://eidas.europa.eu/attributes/";
-  public static final String eIDAS_ATTRURN_PREFIX_NATURAL = eIDAS_ATTRURN_PREFIX + "naturalperson/";
-
-  public static final String eIDAS_ATTRURN_PERSONALIDENTIFIER =
-      eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_PERSONALIDENTIFIER;  
-  public static final String eIDAS_ATTRURN_CURRENTGIVENNAME =
-      eIDAS_ATTRURN_PREFIX_NATURAL + "CurrentGivenName";
-  public static final String eIDAS_ATTRURN_CURRENTFAMILYNAME =
-      eIDAS_ATTRURN_PREFIX_NATURAL + "CurrentFamilyName";
-  public static final String eIDAS_ATTRURN_DATEOFBIRTH =
-      eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_DATEOFBIRTH;  
-  public static final String eIDAS_ATTRURN_PLACEOFBIRTH =
-      eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_PLACEOFBIRTH;
-  public static final String eIDAS_ATTRURN_BIRTHNAME =
-      eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_BIRTHNAME;
-
   public static final String eIDAS_REQ_PARAM_SECTOR_PUBLIC = "public";
   public static final String eIDAS_REQ_PARAM_SECTOR_PRIVATE = "private";
 
   public static final String POLICY_DEFAULT_ALLOWED_TARGETS =
       EaafConstants.URN_PREFIX_CDID.replaceAll("\\.", "\\\\.").replaceAll("\\+", "\\\\+") + ".*";
 
-  // SAML2 Constants
-  public static final String SUCCESS_URI = "urn:oasis:names:tc:SAML:2.0:status:Success";
-  public static final String ERROR_URI = "urn:oasis:names:tc:SAML:2.0:status:Responder";
 
   public static final String HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION = "30"; // seconds
   public static final String HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE = "60"; // seconds
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java
index d3cac80c..e3600329 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java
@@ -40,7 +40,7 @@ import org.springframework.web.bind.annotation.RequestMethod;
 import com.google.common.collect.ImmutableSortedSet;
 
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
 import eu.eidas.auth.commons.EidasParameterKeys;
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java
index 119a7c60..a847a519 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java
@@ -65,6 +65,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenti
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ErnpRestCommunicationException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.VersionHolder;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
 import at.gv.bmi.namespace.zmr_su.base._20040201_.ServiceFault;
 import at.gv.bmi.namespace.zmr_su.zmr._20040201.EidasSuchdatenType;
 import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest;
@@ -104,7 +105,7 @@ public class ErnpRestClient implements IErnpClient {
   //    "ERnP anwser for transaction: {0} with code: {1} and message: {2}";
 
   private static final String PROCESS_SEARCH_PERSONAL_IDENTIFIER =
-      "Searching " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER;
+      "Searching " + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER;
   private static final String PROCESS_SEARCH_MDS_ONLY = "Searching with MDS only";
   private static final String PROCESS_SEARCH_COUNTRY_SPECIFIC = "Searching {0} specific";
 
@@ -139,7 +140,7 @@ public class ErnpRestClient implements IErnpClient {
 
       // build search request
       final SuchEidas eidasInfos = new SuchEidas();
-      eidasInfos.setArt(Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER);
+      eidasInfos.setArt(EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER);
       eidasInfos.setWert(personIdentifier);
       eidasInfos.setStaatscode2(citizenCountryCode);
 
@@ -427,15 +428,15 @@ public class ErnpRestClient implements IErnpClient {
     // build result
     return RegisterResult.builder()
         .pseudonym(selectAllEidasDocument(person, citizenCountryCode,
-            Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER))
+            EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER))
         .familyName(person.getPersonendaten().getFamilienname())
         .givenName(person.getPersonendaten().getVorname())
         .dateOfBirth(getTextualBirthday(person.getPersonendaten().getGeburtsdatum()))
         .bpk(person.getPersonendaten().getBpkZp())
         .placeOfBirth(selectSingleEidasDocument(person, citizenCountryCode,
-            Constants.eIDAS_ATTRURN_PLACEOFBIRTH))
+            EidasConstants.eIDAS_ATTRURN_PLACEOFBIRTH))
         .birthName(selectSingleEidasDocument(person, citizenCountryCode,
-            Constants.eIDAS_ATTRURN_BIRTHNAME))
+            EidasConstants.eIDAS_ATTRURN_BIRTHNAME))
         .build();
 
   }
@@ -501,11 +502,11 @@ public class ErnpRestClient implements IErnpClient {
     //TODO: maybe we should re-factor SimpleEidasData to a generic data-model to facilitate arbitrary eIDAS attributes  
     Set<Eidas> result = new HashSet<>();   
     addEidasDocumentIfNotAvailable(result, ernpPersonToKitt, eidData.getCitizenCountryCode(), 
-        Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER, eidData.getPseudonym(), true);    
+        EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER, eidData.getPseudonym(), true);    
     addEidasDocumentIfNotAvailable(result, ernpPersonToKitt, eidData.getCitizenCountryCode(), 
-        Constants.eIDAS_ATTRURN_PLACEOFBIRTH, eidData.getPlaceOfBirth(), false);
+        EidasConstants.eIDAS_ATTRURN_PLACEOFBIRTH, eidData.getPlaceOfBirth(), false);
     addEidasDocumentIfNotAvailable(result, ernpPersonToKitt, eidData.getCitizenCountryCode(), 
-        Constants.eIDAS_ATTRURN_BIRTHNAME, eidData.getBirthName(), false);
+        EidasConstants.eIDAS_ATTRURN_BIRTHNAME, eidData.getBirthName(), false);
         
     return result;
     
@@ -596,17 +597,17 @@ public class ErnpRestClient implements IErnpClient {
   
   private void buildNewEidasDocumens(PersonAnlegen ernpReq, SimpleEidasData eidData) {
     ernpReq.addEidasItem(buildNewEidasDocument(eidData.getCitizenCountryCode(), 
-        Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER, eidData.getPseudonym()));
+        EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER, eidData.getPseudonym()));
     
     if (StringUtils.isNotEmpty(eidData.getPlaceOfBirth())) {
       ernpReq.addEidasItem(buildNewEidasDocument(eidData.getCitizenCountryCode(),
-          Constants.eIDAS_ATTRURN_PLACEOFBIRTH, eidData.getPlaceOfBirth()));
+          EidasConstants.eIDAS_ATTRURN_PLACEOFBIRTH, eidData.getPlaceOfBirth()));
         
     }
         
     if (StringUtils.isNotEmpty(eidData.getBirthName())) {
       ernpReq.addEidasItem(buildNewEidasDocument(eidData.getCitizenCountryCode(), 
-          Constants.eIDAS_ATTRURN_BIRTHNAME, eidData.getBirthName()));
+          EidasConstants.eIDAS_ATTRURN_BIRTHNAME, eidData.getBirthName()));
       
     }        
   }
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java
index 8dbd0632..904afc37 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java
@@ -31,6 +31,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenti
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ZmrCommunicationException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.VersionHolder;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
 import at.gv.bmi.namespace.zmr_su.base._20040201.ClientInfoType;
 import at.gv.bmi.namespace.zmr_su.base._20040201.Organisation;
 import at.gv.bmi.namespace.zmr_su.base._20040201.RequestType;
@@ -95,7 +96,7 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient {
   private static final String PROCESS_TASK_UPDATE = "ZPR_VO_Person_aendern";
   
   private static final String PROCESS_SEARCH_PERSONAL_IDENTIFIER = 
-      "Searching " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER;
+      "Searching " + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER;
   private static final String PROCESS_SEARCH_MDS_ONLY = "Searching with MDS only";
   private static final String PROCESS_SEARCH_COUNTRY_SPECIFIC = "Searching {0} specific";
   private static final String PROCESS_SEARCH_BY_RESIDENCE = "Searching by residence";
@@ -133,7 +134,7 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient {
       req.setPersonSuchenRequest(searchPersonReq);
       final EidasSuchdatenType eidasInfos = new EidasSuchdatenType();
       searchPersonReq.getEidasSuchdaten().add(eidasInfos);
-      eidasInfos.setEidasArt(Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER);
+      eidasInfos.setEidasArt(EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER);
       eidasInfos.setEidasWert(personPseudonym);
       eidasInfos.setStaatscode2(citizenCountryCode);
       
@@ -589,15 +590,15 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient {
     // build result
     return RegisterResult.builder()
         .pseudonym(selectAllEidasDocument(person, citizenCountryCode,
-            Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER))
+            EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER))
         .familyName(person.getNatuerlichePerson().getPersonenName().getFamilienname())
         .givenName(person.getNatuerlichePerson().getPersonenName().getVorname())
         .dateOfBirth(person.getNatuerlichePerson().getGeburtsdatum())
         .bpk(extractBpkZp(person.getNatuerlichePerson()))
         .placeOfBirth(selectSingleEidasDocument(person, citizenCountryCode,
-            Constants.eIDAS_ATTRURN_PLACEOFBIRTH))
+            EidasConstants.eIDAS_ATTRURN_PLACEOFBIRTH))
         .birthName(selectSingleEidasDocument(person, citizenCountryCode,
-            Constants.eIDAS_ATTRURN_BIRTHNAME))        
+            EidasConstants.eIDAS_ATTRURN_BIRTHNAME))        
         .build();
 
   }
@@ -765,19 +766,19 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient {
     //TODO: maybe we should re-factor SimpleEidasData to a generic data-model to facilitate arbitrary eIDAS attributes  
     Set<EidasIdentitaetAnlageType> result = new HashSet<>();   
     addEidasDocumentIfNotAvailable(result, zmrPersonToKitt, eidData.getCitizenCountryCode(), 
-        Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER, eidData.getPseudonym(), true);    
+        EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER, eidData.getPseudonym(), true);    
     addEidasDocumentIfNotAvailable(result, zmrPersonToKitt, eidData.getCitizenCountryCode(), 
-        Constants.eIDAS_ATTRURN_PLACEOFBIRTH, eidData.getPlaceOfBirth(), false);
+        EidasConstants.eIDAS_ATTRURN_PLACEOFBIRTH, eidData.getPlaceOfBirth(), false);
     addEidasDocumentIfNotAvailable(result, zmrPersonToKitt, eidData.getCitizenCountryCode(), 
-        Constants.eIDAS_ATTRURN_BIRTHNAME, eidData.getBirthName(), false);
+        EidasConstants.eIDAS_ATTRURN_BIRTHNAME, eidData.getBirthName(), false);
     
     // add MDS attributes as 'eIDAS-Documents' too, because ZMR does not allow a MDS update on regular places.
     addEidasDocumentIfNotAvailable(result, zmrPersonToKitt, eidData.getCitizenCountryCode(), 
-        Constants.eIDAS_ATTRURN_CURRENTGIVENNAME, eidData.getGivenName(), false);
+        EidasConstants.eIDAS_ATTRURN_CURRENTGIVENNAME, eidData.getGivenName(), false);
     addEidasDocumentIfNotAvailable(result, zmrPersonToKitt, eidData.getCitizenCountryCode(), 
-        Constants.eIDAS_ATTRURN_CURRENTFAMILYNAME, eidData.getFamilyName(), false);
+        EidasConstants.eIDAS_ATTRURN_CURRENTFAMILYNAME, eidData.getFamilyName(), false);
     addEidasDocumentIfNotAvailable(result, zmrPersonToKitt,  eidData.getCitizenCountryCode(), 
-        Constants.eIDAS_ATTRURN_DATEOFBIRTH, eidData.getDateOfBirth(), false);
+        EidasConstants.eIDAS_ATTRURN_DATEOFBIRTH, eidData.getDateOfBirth(), false);
         
     return result;
     
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
index f626e986..8716f80d 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
@@ -48,8 +48,9 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ConnectorEidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
 import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
@@ -65,7 +66,7 @@ import lombok.extern.slf4j.Slf4j;
 public abstract class AbstractEidProcessor implements INationalEidProcessor {
 
   @Autowired
-  protected EidasAttributeRegistry attrRegistry;
+  protected ConnectorEidasAttributeRegistry attrRegistry;
   @Autowired
   protected IConfigurationWithSP basicConfig;
 
@@ -81,28 +82,31 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
   @Override
   public final SimpleEidasData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException,
       EidasAttributeException {
+
     SimpleEidasData.SimpleEidasDataBuilder builder = SimpleEidasData.builder()
         .personalIdentifier(EidasResponseUtils.processPersonalIdentifier(
-            eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)))
+            eidasAttrMap.get(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER)))
         
         // MDS attributes
-        .citizenCountryCode(processCountryCode(eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)))
-        .pseudonym(processPseudonym(eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)))
-        .familyName(processFamilyName(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME)))
-        .givenName(processGivenName(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME)))
-        .dateOfBirth(processDateOfBirthToString(eidasAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH)))
+        .citizenCountryCode(processCountryCode(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER)))
+        .pseudonym(processPseudonym(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER)))
+        .familyName(processFamilyName(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME)))
+        .givenName(processGivenName(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME)))
+        .dateOfBirth(processDateOfBirthToString(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_DATEOFBIRTH)))
 
         // additional attributes
-        .placeOfBirth(processPlaceOfBirth(eidasAttrMap.get(Constants.eIDAS_ATTR_PLACEOFBIRTH)))
-        .birthName(processBirthName(eidasAttrMap.get(Constants.eIDAS_ATTR_BIRTHNAME)))
-        .address(processAddress(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTADDRESS)));
+        .placeOfBirth(processPlaceOfBirth(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_PLACEOFBIRTH)))
+        .birthName(processBirthName(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_BIRTHNAME)))
+        .address(processAddress(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_CURRENTADDRESS)));
     
-    if (eidasAttrMap.containsKey(Constants.eIDAS_ATTR_TAXREFERENCE)) {
-      builder.taxNumber(EidasResponseUtils.processTaxReference(eidasAttrMap.get(Constants.eIDAS_ATTR_TAXREFERENCE)));
+    if (eidasAttrMap.containsKey(EidasConstants.eIDAS_ATTR_TAXREFERENCE)) {
+      builder.taxNumber(EidasResponseUtils.processTaxReference(
+          eidasAttrMap.get(EidasConstants.eIDAS_ATTR_TAXREFERENCE)));
       
     }
     
     return builder.build();
+
   }
 
 
@@ -125,6 +129,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
   protected PostalAddressType processAddress(Object currentAddressObj) throws EidPostProcessingException,
       EidasAttributeException {
     return EidasResponseUtils.processAddress(currentAddressObj);
+    
   }
 
   /**
@@ -138,6 +143,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
   protected String processBirthName(Object birthNameObj) throws EidPostProcessingException,
       EidasAttributeException {
     return EidasResponseUtils.processBirthName(birthNameObj);
+
   }
 
   /**
@@ -151,6 +157,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
   protected String processPlaceOfBirth(Object placeOfBirthObj) throws EidPostProcessingException,
       EidasAttributeException {
     return EidasResponseUtils.processPlaceOfBirth(placeOfBirthObj);
+
   }
 
   /**
@@ -164,6 +171,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
   protected DateTime processDateOfBirth(Object dateOfBirthObj) throws EidPostProcessingException,
       EidasAttributeException {
     return EidasResponseUtils.processDateOfBirth(dateOfBirthObj);
+
   }
 
   /**
@@ -177,6 +185,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
   protected String processGivenName(Object givenNameObj) throws EidPostProcessingException,
       EidasAttributeException {
     return EidasResponseUtils.processGivenName(givenNameObj);
+
   }
 
   /**
@@ -190,6 +199,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
   protected String processFamilyName(Object familyNameObj) throws EidPostProcessingException,
       EidasAttributeException {
     return EidasResponseUtils.processFamilyName(familyNameObj);
+
   }
 
   /**
@@ -203,6 +213,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
   protected String processPseudonym(Object personalIdObj) throws EidPostProcessingException,
       EidasAttributeException {
     return EidasResponseUtils.processPseudonym(personalIdObj);
+
   }
 
   /**
@@ -334,7 +345,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
     final ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder();
     for (final Map.Entry<String, Boolean> attribute : requiredAttributes.entrySet()) {
       final String name = attribute.getKey();
-      final ImmutableSortedSet<AttributeDefinition<?>> byFriendlyName = attrRegistry
+      final ImmutableSortedSet<AttributeDefinition<?>> byFriendlyName = attrRegistry.getCoreRegistry()
           .getCoreAttributeRegistry().getByFriendlyName(name);
       if (!byFriendlyName.isEmpty()) {
         final AttributeDefinition<?> attributeDefinition = byFriendlyName.first();
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeEidProcessor.java
index 6dc08181..2c1e8fdd 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeEidProcessor.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeEidProcessor.java
@@ -32,10 +32,10 @@ import org.apache.commons.codec.binary.Hex;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
 import at.gv.egiz.eaaf.core.impl.data.Triple;
 
 
@@ -70,15 +70,15 @@ public class DeEidProcessor extends AbstractEidProcessor {
   protected String processPseudonym(Object uniqeIdentifierObj) throws EidPostProcessingException,
       EidasAttributeException {
     if (uniqeIdentifierObj == null || !(uniqeIdentifierObj instanceof String)) {
-      throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
+      throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER);
     }
 
     final Triple<String, String, String> eIdentifier =
         EidasResponseUtils.parseEidasPersonalIdentifier((String) uniqeIdentifierObj);
 
-    log.trace(getName() + " starts processing of attribute: " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
+    log.trace(getName() + " starts processing of attribute: " + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER);
     final String result = convertDeIdentifier(eIdentifier.getThird());
-    log.debug(getName() + " finished processing of attribute: " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
+    log.debug(getName() + " finished processing of attribute: " + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER);
 
     return result;
 
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java
index e05fe86b..64db9eed 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java
@@ -27,6 +27,7 @@ import org.apache.commons.lang3.StringUtils;
 
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
 import at.gv.bmi.namespace.zmr_su.zmr._20040201.EidasSuchdatenType;
 import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest;
 import at.gv.e_government.reference.namespace.persondata.de._20040201.NatuerlichePersonTyp;
@@ -62,9 +63,9 @@ public class DeSpecificDetailSearchProcessor implements CountrySpecificDetailSea
     
     //add addtional eIDAS attributes from DE
     req.getEidasSuchdaten().add(buildEidasSuchData(
-        Constants.eIDAS_ATTRURN_PLACEOFBIRTH, eidData.getPlaceOfBirth()));
+        EidasConstants.eIDAS_ATTRURN_PLACEOFBIRTH, eidData.getPlaceOfBirth()));
     req.getEidasSuchdaten().add(buildEidasSuchData(
-        Constants.eIDAS_ATTRURN_BIRTHNAME, eidData.getBirthName()));
+        EidasConstants.eIDAS_ATTRURN_BIRTHNAME, eidData.getBirthName()));
   
     return req;
     
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java
index b5493edb..bbfcb5ff 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/CcSpecificEidProcessingService.java
@@ -32,7 +32,6 @@ import java.util.Map.Entry;
 
 import javax.annotation.PostConstruct;
 
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -40,11 +39,12 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;
 
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.INationalEidProcessor;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.impl.data.Triple;
 import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
@@ -107,9 +107,9 @@ public class CcSpecificEidProcessingService implements ICcSpecificEidProcessingS
   public SimpleEidasData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException,
       EidasAttributeException {
     // extract citizen country from eIDAS unique identifier
-    final Object eIdentifierObj = eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
+    final Object eIdentifierObj = eidasAttrMap.get(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER);
     if (eIdentifierObj == null || !(eIdentifierObj instanceof String)) {
-      throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
+      throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER);
     }
 
     final Triple<String, String, String> eIdentifier =
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ConnectorEidasAttributeRegistry.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ConnectorEidasAttributeRegistry.java
new file mode 100644
index 00000000..8a120093
--- /dev/null
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/ConnectorEidasAttributeRegistry.java
@@ -0,0 +1,107 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.service;
+
+import java.text.MessageFormat;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.lang.NonNull;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import lombok.Getter;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class ConnectorEidasAttributeRegistry {
+
+  @Autowired IConfigurationWithSP basicConfig;
+  
+  @Getter
+  private EidasAttributeRegistry coreRegistry;
+  
+  /**
+   * Attribute Registry for eIDAS Connector implementation.
+   * @param registry Core attribute registry
+   */
+  public ConnectorEidasAttributeRegistry(@Autowired EidasAttributeRegistry registry) {
+    this.coreRegistry = registry;
+        
+  }
+  
+  
+  /**
+   * Get Map of attributes that are requested by default.
+   * 
+   * @return Map of AttributeIdentifier, isRequired flag
+   */
+  @NonNull
+  public Map<String, Boolean> getDefaultAttributeSetFromConfiguration() {
+    /*
+     * TODO: select set for representation if mandates should be used. It's an open
+     * task in respect to requested eIDAS attributes and isRequired flag, because
+     * there can be a decision problem in case of natural or legal person
+     * representation! From an Austrian use-case point of view, an Austrian service
+     * provider can support mandates for natural and legal persons at the same time.
+     * However, we CAN NOT request attributes for natural AND legal persons on the
+     * same time, because it's not possible to represent both simultaneously.
+     */
+    final Map<String, String> configAttributes =
+        basicConfig.getBasicConfigurationWithPrefix(
+            Constants.CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_DEFAULT_ONLYNATURAL);
+    return processAttributeInfosFromConfig(configAttributes);
+
+  }
+
+  /**
+   * Get a Map of attributes that are additionally requested for a specific country.
+   * 
+   * @param countryCode Country Code
+   * @return Map of AttributeIdentifier, isRequired flag
+   */
+  @NonNull
+  public Map<String, Boolean> getAttributeSetFromConfiguration(String countryCode) {
+
+    /*
+     * TODO: select set for representation if mandates should be used. It's an open
+     * task in respect to requested eIDAS attributes and isRequired flag, because
+     * there can be a decision problem in case of natural or legal person
+     * representation! From an Austrian use-case point of view, an Austrian service
+     * provider can support mandates for natural and legal persons at the same time.
+     * However, we CAN NOT request attributes for natural AND legal persons on the
+     * same time, because it's not possible to represent both simultaneously.
+     */
+    final Map<String, String> configAttributes =
+        basicConfig.getBasicConfigurationWithPrefix(
+            MessageFormat.format(
+                Constants.CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_CC_SPECIFIC_ONLYNATURAL,
+                countryCode.toLowerCase()));
+    return processAttributeInfosFromConfig(configAttributes);
+
+  }
+  
+  private Map<String, Boolean> processAttributeInfosFromConfig(Map<String, String> configAttributes) {
+
+    final Map<String, Boolean> result = new HashMap<>();
+    for (final String el : configAttributes.values()) {
+      if (StringUtils.isNotEmpty(el.trim())) {
+        final List<String> attrDef = KeyValueUtils.getListOfCsvValues(el.trim());
+        boolean isRequired = false;
+        if (attrDef.size() == 2) {
+          isRequired = Boolean.parseBoolean(attrDef.get(1));
+        }
+
+        result.put(attrDef.get(0), isRequired);
+
+      }
+    }
+
+    log.trace("Load #" + result.size() + " requested attributes from configuration");
+    return result;
+
+  }
+}
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java
deleted file mode 100644
index e73491ab..00000000
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/EidasAttributeRegistry.java
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Copyright 2018 A-SIT Plus GmbH
- * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
- * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "License");
- * You may not use this work except in compliance with the License.
- * You may obtain a copy of the License at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
-*/
-
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.service;
-
-import java.io.File;
-import java.text.MessageFormat;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.annotation.PostConstruct;
-
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.lang.NonNull;
-import org.springframework.stereotype.Service;
-
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
-import eu.eidas.auth.commons.attribute.AttributeRegistries;
-import eu.eidas.auth.commons.attribute.AttributeRegistry;
-
-@Service("attributeRegistry")
-public class EidasAttributeRegistry {
-  private static final Logger log = LoggerFactory.getLogger(EidasAttributeRegistry.class);
-  @Autowired
-  private IConfigurationWithSP basicConfig;
-
-  private AttributeRegistry coreAttributeRegistry;
-
-  private String eidasAttributesFile;
-  private String additionalAttributesFile;
-
-  @PostConstruct
-  private void initialize() throws RuntimeException {
-    try {
-      if (eidasAttributesFile.isEmpty()) {
-        log.error("Basic eIDAS addribute definition NOT defined");
-        throw new EaafConfigurationException("config.30",
-            new Object[] { "eidas-attributes.xml" });
-
-      }
-
-      boolean additionalAttrAvailabe = false;
-      if (!additionalAttributesFile.isEmpty()) {
-        final File file = new File(additionalAttributesFile);
-        if (file.exists()) {
-          additionalAttrAvailabe = true;
-        }
-
-      }
-
-      if (!additionalAttrAvailabe) {
-        log.info("Start eIDAS ref. impl. Core without additional eIDAS attribute definitions ... ");
-        coreAttributeRegistry = AttributeRegistries.fromFiles(eidasAttributesFile, null);
-
-      } else {
-        // load attribute definitions
-        log.info("Start eIDAS ref. impl. Core with additional eIDAS attribute definitions ... ");
-        coreAttributeRegistry = AttributeRegistries.fromFiles(eidasAttributesFile, null,
-            additionalAttributesFile);
-
-      }
-
-    } catch (final Throwable e) {
-      log.error("Can NOT initialize eIDAS attribute definition.", e);
-      throw new RuntimeException("Can NOT initialize eIDAS attribute definition.", e);
-
-    }
-  }
-
-  public AttributeRegistry getCoreAttributeRegistry() {
-    return coreAttributeRegistry;
-  }
-
-  /**
-   * Get Map of attributes that are requested by default.
-   * 
-   * @return Map of AttributeIdentifier, isRequired flag
-   */
-  @NonNull
-  public Map<String, Boolean> getDefaultAttributeSetFromConfiguration() {
-    /*
-     * TODO: select set for representation if mandates should be used. It's an open
-     * task in respect to requested eIDAS attributes and isRequired flag, because
-     * there can be a decision problem in case of natural or legal person
-     * representation! From an Austrian use-case point of view, an Austrian service
-     * provider can support mandates for natural and legal persons at the same time.
-     * However, we CAN NOT request attributes for natural AND legal persons on the
-     * same time, because it's not possible to represent both simultaneously.
-     */
-    final Map<String, String> configAttributes =
-        basicConfig.getBasicConfigurationWithPrefix(
-            Constants.CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_DEFAULT_ONLYNATURAL);
-    return processAttributeInfosFromConfig(configAttributes);
-
-  }
-
-  /**
-   * Get a Map of attributes that are additionally requested for a specific country.
-   * 
-   * @param countryCode Country Code
-   * @return Map of AttributeIdentifier, isRequired flag
-   */
-  @NonNull
-  public Map<String, Boolean> getAttributeSetFromConfiguration(String countryCode) {
-
-    /*
-     * TODO: select set for representation if mandates should be used. It's an open
-     * task in respect to requested eIDAS attributes and isRequired flag, because
-     * there can be a decision problem in case of natural or legal person
-     * representation! From an Austrian use-case point of view, an Austrian service
-     * provider can support mandates for natural and legal persons at the same time.
-     * However, we CAN NOT request attributes for natural AND legal persons on the
-     * same time, because it's not possible to represent both simultaneously.
-     */
-    final Map<String, String> configAttributes =
-        basicConfig.getBasicConfigurationWithPrefix(
-            MessageFormat.format(
-                Constants.CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_CC_SPECIFIC_ONLYNATURAL,
-                countryCode.toLowerCase()));
-    return processAttributeInfosFromConfig(configAttributes);
-
-  }
-
-  private Map<String, Boolean> processAttributeInfosFromConfig(Map<String, String> configAttributes) {
-
-    final Map<String, Boolean> result = new HashMap<>();
-    for (final String el : configAttributes.values()) {
-      if (StringUtils.isNotEmpty(el.trim())) {
-        final List<String> attrDef = KeyValueUtils.getListOfCsvValues(el.trim());
-        boolean isRequired = false;
-        if (attrDef.size() == 2) {
-          isRequired = Boolean.parseBoolean(attrDef.get(1));
-        }
-
-        result.put(attrDef.get(0), isRequired);
-
-      }
-    }
-
-    log.trace("Load #" + result.size() + " requested attributes from configuration");
-    return result;
-
-  }
-
-  public void setEidasAttributesFile(String eidasAttributesFile) {
-    this.eidasAttributesFile = eidasAttributesFile;
-  }
-
-  public void setAdditionalAttributesFile(String additionalAttributesFile) {
-    this.additionalAttributesFile = additionalAttributesFile;
-  }
-
-}
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 6d315b0a..e8b7b2c1 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -146,6 +146,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
     }
   }
 
+
   private void storeGenericInfoToSession(SimpleEidasData eidData) throws EaafStorageException {
     AuthProcessDataWrapper authProcessData = MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq);
     authProcessData.setForeigner(true);
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
index 774d27d6..535c2958 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
@@ -44,6 +44,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
 import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
@@ -131,6 +132,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 
       } else {
         sendPost(request, response, tokenBase64, forwardUrl);
+
       }
 
       revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.EIDAS_NODE_CONNECTED, lightAuthnReq.getId());
@@ -257,20 +259,20 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
   private String selectedForwardUrlForEnvironment(String environment) {
     log.trace("Starting endpoint selection process for environment: {} ... ", environment);
     if (environment.equalsIgnoreCase(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_PRODUCTION)) {
-      return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL);
-      
+      return basicConfig.getBasicConfiguration(EidasConstants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL);
+
     } else if (environment.equalsIgnoreCase(MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS)) {
-      return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL
+      return basicConfig.getBasicConfiguration(EidasConstants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL
           + "." + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_QS);
       
     } else if (environment.equalsIgnoreCase(
         MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING)) {
-      return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL
+      return basicConfig.getBasicConfiguration(EidasConstants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL
           + "." + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_TESTING);
       
     } else if (environment.equalsIgnoreCase(
         MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT)) {
-      return basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL
+      return basicConfig.getBasicConfiguration(EidasConstants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL
           + "." + MsEidasNodeConstants.REQ_PARAM_SELECTED_ENVIRONMENT_VALUE_DEVELOPMENT);
       
     }
@@ -292,11 +294,11 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
       throws GuiBuildException {
     log.debug("Use http-post for eIDAS node forwarding ...  ");
     final StaticGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration(
-        basicConfig, pendingReq, Constants.TEMPLATE_POST_FORWARD_NAME, null, resourceLoader);
-    config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardUrl);
+        basicConfig, pendingReq, EidasConstants.TEMPLATE_POST_FORWARD_NAME, null, resourceLoader);
+    config.putCustomParameter(null, EidasConstants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardUrl);
     String token = EidasParameterKeys.TOKEN.toString();
-    config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME, token);
-    config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE, tokenBase64);
+    config.putCustomParameter(null, EidasConstants.TEMPLATE_POST_FORWARD_TOKEN_NAME, token);
+    config.putCustomParameter(null, EidasConstants.TEMPLATE_POST_FORWARD_TOKEN_VALUE, tokenBase64);
     guiBuilder.build(request, response, config, "Forward to eIDASNode form");
   }
 
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java
index d2bd0128..ac70a2ac 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java
@@ -39,8 +39,9 @@ import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasValidationException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.validator.EidasResponseValidator;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
@@ -135,7 +136,7 @@ public class ReceiveAuthnResponseAlternativeTask extends AbstractAuthServletTask
   }
 
   private void checkStatusCode(ILightResponse eidasResponse) throws EidasSAuthenticationException {
-    if (!eidasResponse.getStatus().getStatusCode().equals(Constants.SUCCESS_URI)) {
+    if (!eidasResponse.getStatus().getStatusCode().equals(EidasConstants.SUCCESS_URI)) {
       log.info("Receive eIDAS Response with StatusCode: {} Subcode: {} Msg: {}",
           eidasResponse.getStatus().getStatusCode(),
           eidasResponse.getStatus().getSubStatusCode(),
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
index 5e4075de..a16da17f 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
@@ -40,8 +40,9 @@ import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasValidationException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.validator.EidasResponseValidator;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
@@ -162,17 +163,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
     return eidasResponse;
   }
 
+
   private void checkStatusCode(ILightResponse eidasResponse) throws EidasSAuthenticationException {
-    if (!eidasResponse.getStatus().getStatusCode().equals(Constants.SUCCESS_URI)) {
+    if (!eidasResponse.getStatus().getStatusCode().equals(EidasConstants.SUCCESS_URI)) {
       log.info("Receive eIDAS Response with StatusCode: {} Subcode: {} Msg: {}",
           eidasResponse.getStatus().getStatusCode(),
           eidasResponse.getStatus().getSubStatusCode(),
           eidasResponse.getStatus().getStatusMessage());
       throw new EidasSAuthenticationException("eidas.02", new Object[]{eidasResponse.getStatus()
           .getStatusCode(), eidasResponse.getStatus().getStatusMessage()});
+      
     }
   }
 
+
   private void validateMsSpecificResponse(ExecutionContext executionContext, ILightResponse eidasResponse)
       throws EidasValidationException {
     final String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT");
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java
index 2853d8ab..91a6ce42 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java
@@ -38,8 +38,8 @@ import org.joda.time.DateTime;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
 
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
 import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType;
 import at.gv.egiz.eaaf.core.impl.data.Triple;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
@@ -84,8 +84,9 @@ public class EidasResponseUtils {
    */
   public static Triple<String, String, String> parseEidasPersonalIdentifier(String uniqueID) {
     if (!validateEidasPersonalIdentifier(uniqueID)) {
-      log.error("eIDAS attribute value for {} looks wrong formated. Value: {}",
-          Constants.eIDAS_ATTR_PERSONALIDENTIFIER, uniqueID);
+      log.error("eIDAS attribute value for {} looks wrong formated. Value: {}", 
+          EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, uniqueID);
+
       return null;
 
     }
@@ -210,11 +211,11 @@ public class EidasResponseUtils {
         // TODO: add more mappings
         return result;
       } else {
-        log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_CURRENTADDRESS + " is of WRONG type");
-        throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTADDRESS);
+        log.warn("eIDAS attr: " + EidasConstants.eIDAS_ATTR_CURRENTADDRESS + " is of WRONG type");
+        throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_CURRENTADDRESS);
       }
     } else {
-      log.debug("NO '" + Constants.eIDAS_ATTR_CURRENTADDRESS + "' attribute. Post-Processing skipped ... ");
+      log.debug("NO '" + EidasConstants.eIDAS_ATTR_CURRENTADDRESS + "' attribute. Post-Processing skipped ... ");
     }
     return null;
   }
@@ -231,11 +232,11 @@ public class EidasResponseUtils {
       if (birthNameObj instanceof String) {
         return (String) birthNameObj;
       } else {
-        log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_BIRTHNAME + " is of WRONG type");
-        throw new EidasAttributeException(Constants.eIDAS_ATTR_BIRTHNAME);
+        log.warn("eIDAS attr: " + EidasConstants.eIDAS_ATTR_BIRTHNAME + " is of WRONG type");
+        throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_BIRTHNAME);
       }
     } else {
-      log.debug("NO '" + Constants.eIDAS_ATTR_BIRTHNAME + "' attribute. Post-Processing skipped ... ");
+      log.debug("NO '" + EidasConstants.eIDAS_ATTR_BIRTHNAME + "' attribute. Post-Processing skipped ... ");
     }
     return null;
   }
@@ -253,13 +254,13 @@ public class EidasResponseUtils {
         return (String) placeOfBirthObj;
 
       } else {
-        log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_PLACEOFBIRTH + " is of WRONG type");
-        throw new EidasAttributeException(Constants.eIDAS_ATTR_PLACEOFBIRTH);
+        log.warn("eIDAS attr: " + EidasConstants.eIDAS_ATTR_PLACEOFBIRTH + " is of WRONG type");
+        throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_PLACEOFBIRTH);
 
       }
 
     } else {
-      log.debug("NO '" + Constants.eIDAS_ATTR_PLACEOFBIRTH + "' attribute. Post-Processing skipped ... ");
+      log.debug("NO '" + EidasConstants.eIDAS_ATTR_PLACEOFBIRTH + "' attribute. Post-Processing skipped ... ");
     }
     return null;
   }
@@ -273,7 +274,7 @@ public class EidasResponseUtils {
    */
   public static DateTime processDateOfBirth(Object dateOfBirthObj) throws EidasAttributeException {
     if (!(dateOfBirthObj instanceof DateTime)) {
-      throw new EidasAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH);
+      throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_DATEOFBIRTH);
     }
     return (DateTime) dateOfBirthObj;
   }
@@ -291,11 +292,11 @@ public class EidasResponseUtils {
         new SimpleDateFormat("yyyy-MM-dd").parse((String) dateOfBirthObj);
         return (String) dateOfBirthObj;
       } catch (ParseException e) {
-        throw new EidasAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH);
+        throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_DATEOFBIRTH);
       }
     }
     if (!(dateOfBirthObj instanceof DateTime)) {
-      throw new EidasAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH);
+      throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_DATEOFBIRTH);
     }
     return new SimpleDateFormat("yyyy-MM-dd").format(((DateTime) dateOfBirthObj).toDate());
   }
@@ -309,7 +310,7 @@ public class EidasResponseUtils {
    */
   public static String processGivenName(Object givenNameObj) throws EidasAttributeException {
     if (!(givenNameObj instanceof String)) {
-      throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME);
+      throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME);
     }
     return (String) givenNameObj;
   }
@@ -323,7 +324,7 @@ public class EidasResponseUtils {
    */
   public static String processFamilyName(Object familyNameObj) throws EidasAttributeException {
     if (!(familyNameObj instanceof String)) {
-      throw new EidasAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME);
+      throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME);
     }
     return (String) familyNameObj;
   }
@@ -337,7 +338,7 @@ public class EidasResponseUtils {
    */
   public static String processPersonalIdentifier(Object personalIdentifierObj) throws EidasAttributeException {
     if (!(personalIdentifierObj instanceof String)) {
-      throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
+      throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER);
     }
     return (String) personalIdentifierObj;
   }
@@ -352,7 +353,7 @@ public class EidasResponseUtils {
    */
   public static String processPseudonym(Object personalIdObj) throws EidasAttributeException {
     if (!(personalIdObj instanceof String)) {
-      throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
+      throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER);
     }
     final Triple<String, String, String> eIdentifier =
         EidasResponseUtils.parseEidasPersonalIdentifier((String) personalIdObj);
@@ -371,7 +372,7 @@ public class EidasResponseUtils {
    */
   public static String processCountryCode(Object personalIdObj) throws EidasAttributeException {
     if (!(personalIdObj instanceof String)) {
-      throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
+      throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER);
     }
     final Triple<String, String, String> eIdentifier =
         EidasResponseUtils.parseEidasPersonalIdentifier((String) personalIdObj);
@@ -390,7 +391,7 @@ public class EidasResponseUtils {
    */
   public static String processTaxReference(Object taxReferenceObj) throws EidasAttributeException {
     if (!(taxReferenceObj instanceof String)) {
-      throw new EidasAttributeException(Constants.eIDAS_ATTR_TAXREFERENCE);
+      throw new EidasAttributeException(EidasConstants.eIDAS_ATTR_TAXREFERENCE);
     }
     return (String) taxReferenceObj;
   }
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java
index 9d9a0647..d1962654 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/validator/EidasResponseValidator.java
@@ -31,10 +31,10 @@ import org.slf4j.LoggerFactory;
 
 import com.google.common.collect.ImmutableSet;
 
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasValidationException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.impl.data.Triple;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
@@ -97,7 +97,7 @@ public class EidasResponseValidator {
      *_____________________________________________________|
      */
     final AttributeDefinition<?> attrDefinition = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
+        EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
     final ImmutableSet<? extends AttributeValue<?>> attributeValues = eidasResponse.getAttributes()
         .getAttributeMap().get(attrDefinition);
     final List<String> personalIdObj = EidasResponseUtils.translateStringListAttribute(attrDefinition,
@@ -123,48 +123,48 @@ public class EidasResponseValidator {
       if (split == null) {
         throw new EidasValidationException("eidas.07",
             new Object[] {
-                Constants.eIDAS_ATTR_PERSONALIDENTIFIER,
+                EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER,
                 "Wrong identifier format" });
 
       } else {
         // validation according to eIDAS SAML Attribute Profile, Section 2.2.3
         if (StringUtils.isEmpty(split.getSecond())) {
-          log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER
+          log.warn("eIDAS attribute value for " + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER
               + " includes NO destination country. Value:" + natPersId);
           throw new EidasValidationException("eidas.07",
               new Object[] {
-                  Constants.eIDAS_ATTR_PERSONALIDENTIFIER,
+                  EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER,
                   "No or empty destination country" });
 
         }
         if (!split.getSecond().equalsIgnoreCase(spCountry)) {
-          log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER
+          log.warn("eIDAS attribute value for " + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER
               + " includes wrong destination country. Value:" + natPersId
               + " SP-Country:" + spCountry);
           throw new EidasValidationException("eidas.07",
               new Object[] {
-                  Constants.eIDAS_ATTR_PERSONALIDENTIFIER,
+                  EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER,
                   "Destination country does not match to SP country" });
 
         }
 
         if (StringUtils.isEmpty(split.getFirst())) {
-          log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER
+          log.warn("eIDAS attribute value for " + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER
               + " includes NO citizen country. Value:" + natPersId);
           throw new EidasValidationException("eidas.07",
               new Object[] {
-                  Constants.eIDAS_ATTR_PERSONALIDENTIFIER,
+                  EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER,
                   "No or empty citizen country" });
 
         }
         if (!split.getFirst().equalsIgnoreCase(citizenCountryCode)) {
-          log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER
+          log.warn("eIDAS attribute value for " + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER
               + " includes a citizen country that does not match to service-provider country. "
               + " Value:" + natPersId
               + " citiczen Country:" + spCountry);
           throw new EidasValidationException("eidas.07",
               new Object[] {
-                  Constants.eIDAS_ATTR_PERSONALIDENTIFIER,
+                  EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER,
                   "Citizen country does not match to eIDAS-node country that generates the response" });
 
         }
diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
index 178d768f..ab4228fd 100644
--- a/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
+++ b/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
@@ -38,13 +38,16 @@
     class="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet" />
 
   <bean id="attributeRegistry"
-    class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry">
+    class="at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry">
     <property name="eidasAttributesFile"
       ref="specificConnectorAttributesFileWithPath" />
     <property name="additionalAttributesFile"
       ref="specificConnectorAdditionalAttributesFileWithPath" />
   </bean>
 
+  <bean id="connectorAttributeRegistry"
+        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ConnectorEidasAttributeRegistry" />
+
   <!-- <bean id="eIDASDataStore" class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.eIDASDataStore"
     /> -->
 
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasSignalServletTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasSignalServletTest.java
index 4d4ac47d..3bc06092 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasSignalServletTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasSignalServletTest.java
@@ -29,7 +29,8 @@ import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummySpConfi
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.test.dummy.DummySpecificCommunicationService;
 import at.gv.egiz.eaaf.core.api.IRequestStorage;
 import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
@@ -138,7 +139,7 @@ public class EidasSignalServletTest {
     iLightResponse.id("_".concat(Random.nextHexRandom16()))
         .issuer(RandomStringUtils.randomAlphabetic(10))
         .subject(RandomStringUtils.randomAlphabetic(10))
-        .statusCode(Constants.SUCCESS_URI)
+        .statusCode(EidasConstants.SUCCESS_URI)
         .inResponseTo("_".concat(Random.nextHexRandom16()))
         .subjectNameIdFormat("afaf")
         .relayState(relayState);
@@ -177,7 +178,7 @@ public class EidasSignalServletTest {
     iLightResponse.id("_".concat(Random.nextHexRandom16()))
         .issuer(RandomStringUtils.randomAlphabetic(10))
         .subject(RandomStringUtils.randomAlphabetic(10))
-        .statusCode(Constants.SUCCESS_URI)
+        .statusCode(EidasConstants.SUCCESS_URI)
         .inResponseTo(inResponseTo)
         .subjectNameIdFormat("afaf");
 
@@ -213,7 +214,7 @@ public class EidasSignalServletTest {
     iLightResponse.id("_".concat(Random.nextHexRandom16()))
         .issuer(RandomStringUtils.randomAlphabetic(10))
         .subject(RandomStringUtils.randomAlphabetic(10))
-        .statusCode(Constants.SUCCESS_URI)
+        .statusCode(EidasConstants.SUCCESS_URI)
         .inResponseTo(inResponseTo)
         .subjectNameIdFormat("afaf");
 
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/ZmrClientProductionTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/ZmrClientProductionTest.java
index cb9df7e5..af1867e7 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/ZmrClientProductionTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/ZmrClientProductionTest.java
@@ -19,12 +19,12 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.ZmrSoapClient;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.ZmrSoapClient.ZmrRegisterResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.LoggingHandler;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
 import at.gv.bmi.namespace.zmr_su.zmr._20040201.EidasSuchdatenType;
 import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest;
 import at.gv.e_government.reference.namespace.persondata.de._20040201.NatuerlichePersonTyp;
@@ -453,9 +453,9 @@ public class ZmrClientProductionTest {
     searchNatPerson.setGeburtsdatum(dateOfBirth);
 
     // add addtional eIDAS attributes if available
-    addIfAvailable(req.getEidasSuchdaten(), cc, Constants.eIDAS_ATTRURN_PLACEOFBIRTH, placeOfBirth);
-    addIfAvailable(req.getEidasSuchdaten(), cc, Constants.eIDAS_ATTRURN_BIRTHNAME, birthName);
-    addIfAvailable(req.getEidasSuchdaten(), cc, Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER, personalId);
+    addIfAvailable(req.getEidasSuchdaten(), cc, EidasConstants.eIDAS_ATTRURN_PLACEOFBIRTH, placeOfBirth);
+    addIfAvailable(req.getEidasSuchdaten(), cc, EidasConstants.eIDAS_ATTRURN_BIRTHNAME, birthName);
+    addIfAvailable(req.getEidasSuchdaten(), cc, EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER, personalId);
 
     return req;
 
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/ZmrClientTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/ZmrClientTest.java
index 4e0a1f28..ef9cc9b7 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/ZmrClientTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/ZmrClientTest.java
@@ -38,7 +38,6 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import com.github.skjolber.mockito.soap.SoapServiceRule;
 
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.ZmrSoapClient;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.ZmrSoapClient.ZmrRegisterResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.controller.AdresssucheController.AdresssucheOutput;
@@ -46,6 +45,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
 import at.gv.bmi.namespace.zmr_su.base._20040201.RequestType;
 import at.gv.bmi.namespace.zmr_su.base._20040201.ResponseType;
 import at.gv.bmi.namespace.zmr_su.base._20040201_.ServicePort;
@@ -1139,9 +1139,9 @@ public class ZmrClientTest {
     searchNatPerson.setGeburtsdatum(dateOfBirth);
 
     // add addtional eIDAS attributes if available
-    addIfAvailable(req.getEidasSuchdaten(), cc, Constants.eIDAS_ATTRURN_PLACEOFBIRTH, placeOfBirth);
-    addIfAvailable(req.getEidasSuchdaten(), cc, Constants.eIDAS_ATTRURN_BIRTHNAME, birthName);
-    addIfAvailable(req.getEidasSuchdaten(), cc, Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER, personalId);
+    addIfAvailable(req.getEidasSuchdaten(), cc, EidasConstants.eIDAS_ATTRURN_PLACEOFBIRTH, placeOfBirth);
+    addIfAvailable(req.getEidasSuchdaten(), cc, EidasConstants.eIDAS_ATTRURN_BIRTHNAME, birthName);
+    addIfAvailable(req.getEidasSuchdaten(), cc, EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER, personalId);
 
     return req;
 
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummySpecificCommunicationService.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummySpecificCommunicationService.java
deleted file mode 100644
index 78294047..00000000
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummySpecificCommunicationService.java
+++ /dev/null
@@ -1,66 +0,0 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy;
-
-import java.util.Collection;
-
-import eu.eidas.auth.commons.attribute.AttributeDefinition;
-import eu.eidas.auth.commons.light.ILightRequest;
-import eu.eidas.auth.commons.light.ILightResponse;
-import eu.eidas.auth.commons.tx.BinaryLightToken;
-import eu.eidas.specificcommunication.BinaryLightTokenHelper;
-import eu.eidas.specificcommunication.exception.SpecificCommunicationException;
-import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
-import lombok.Setter;
-
-public class DummySpecificCommunicationService implements SpecificCommunicationService {
-
-  private ILightRequest lightRequest;
-  private ILightResponse lightResponse;
-
-  @Setter
-  private SpecificCommunicationException error;
-  
-  @Override
-  public BinaryLightToken putRequest(ILightRequest lightRequest) throws SpecificCommunicationException {
-    this.lightRequest = lightRequest;
-    return BinaryLightTokenHelper.createBinaryLightToken("Test", "TestSecret", "SHA-256");
-  }
-
-  @Override
-  public ILightRequest getAndRemoveRequest(String tokenBase64, Collection<AttributeDefinition<?>> registry)
-      throws SpecificCommunicationException {
-    if (error != null) {
-      throw error;
-      
-    }
-    return lightRequest;
-  }
-
-  @Override
-  public BinaryLightToken putResponse(ILightResponse lightResponse) throws SpecificCommunicationException {
-    this.lightResponse = lightResponse;
-    return BinaryLightTokenHelper.createBinaryLightToken("Test", "TestSecret", "SHA-256");
-  }
-
-  @Override
-  public ILightResponse getAndRemoveResponse(String tokenBase64, Collection<AttributeDefinition<?>> registry)
-      throws SpecificCommunicationException {
-    return lightResponse;
-  }
-
-  public ILightRequest getiLightRequest() {
-    return lightRequest;
-  }
-
-  public void setiLightRequest(ILightRequest lightReques) {
-    this.lightRequest = lightReques;
-  }
-
-  public ILightResponse getiLightResponse() {
-    return lightResponse;
-  }
-
-  public void setiLightResponse(ILightResponse lightResponse) {
-    this.lightResponse = lightResponse;
-  }
-
-}
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/AlternativeSearchTaskWithRegisterTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/AlternativeSearchTaskWithRegisterTest.java
index 682db41e..176e95cb 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/AlternativeSearchTaskWithRegisterTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/AlternativeSearchTaskWithRegisterTest.java
@@ -67,6 +67,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchSe
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.AlternativeSearchTask;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.clients.ZmrClientTest;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
 import at.gv.bmi.namespace.zmr_su.base._20040201.RequestType;
 import at.gv.bmi.namespace.zmr_su.base._20040201.ResponseType;
 import at.gv.bmi.namespace.zmr_su.base._20040201_.ServicePort;
@@ -913,24 +914,24 @@ public class AlternativeSearchTaskWithRegisterTest {
                                                         String dateOfBirth, String taxNumber, String placeOfBirth,
                                                         String birthName) throws URISyntaxException {
     ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder()
-        .put(generateStringAttribute(Constants.eIDAS_ATTR_PERSONALIDENTIFIER,
+        .put(generateStringAttribute(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER,
             randomAlphabetic(2), randomAlphabetic(2)), identifier)
-        .put(generateStringAttribute(Constants.eIDAS_ATTR_CURRENTFAMILYNAME,
+        .put(generateStringAttribute(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME,
             randomAlphabetic(3), randomAlphabetic(3)), familyName)
-        .put(generateStringAttribute(Constants.eIDAS_ATTR_CURRENTGIVENNAME,
+        .put(generateStringAttribute(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME,
             randomAlphabetic(4), randomAlphabetic(4)), givenName)
-        .put(generateDateTimeAttribute(Constants.eIDAS_ATTR_DATEOFBIRTH,
+        .put(generateDateTimeAttribute(EidasConstants.eIDAS_ATTR_DATEOFBIRTH,
             randomAlphabetic(5), randomAlphabetic(5)), dateOfBirth);
     if (taxNumber != null) {
-      builder.put(generateStringAttribute(Constants.eIDAS_ATTR_TAXREFERENCE,
+      builder.put(generateStringAttribute(EidasConstants.eIDAS_ATTR_TAXREFERENCE,
           randomAlphabetic(6), randomAlphabetic(6)), taxNumber);
     }
     if (birthName != null) {
-      builder.put(generateStringAttribute(Constants.eIDAS_ATTR_BIRTHNAME,
+      builder.put(generateStringAttribute(EidasConstants.eIDAS_ATTR_BIRTHNAME,
           randomAlphabetic(7), randomAlphabetic(7)), birthName);
     }
     if (placeOfBirth != null) {
-      builder.put(generateStringAttribute(Constants.eIDAS_ATTR_PLACEOFBIRTH,
+      builder.put(generateStringAttribute(EidasConstants.eIDAS_ATTR_PLACEOFBIRTH,
           randomAlphabetic(8), randomAlphabetic(8)), placeOfBirth);
     }
     final ImmutableAttributeMap attributeMap = builder.build();
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index 023c196c..36c0c2af 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -57,13 +57,14 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils.JwsResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.IRequestStorage;
 import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
@@ -605,18 +606,18 @@ public class CreateIdentityLinkTaskEidNewTest {
   @Nonnull
   private AuthenticationResponse buildDummyAuthResponse(boolean withAll, boolean withEmpty) throws URISyntaxException {
     final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
+        EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
     final AttributeDefinition attributeDef2 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
+        EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
     final AttributeDefinition attributeDef3 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_CURRENTGIVENNAME).first();
+        EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first();
     final AttributeDefinition attributeDef4 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_DATEOFBIRTH).first();
+        EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first();
     final AttributeDefinition attributeDef5 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_PLACEOFBIRTH).first();
+        EidasConstants.eIDAS_ATTR_PLACEOFBIRTH).first();
     final AttributeDefinition attributeDef6 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_BIRTHNAME).first();
-
+        EidasConstants.eIDAS_ATTR_BIRTHNAME).first();
+   
     final Builder attributeMap = ImmutableAttributeMap.builder();
     attributeMap.put(attributeDef, "LU/AT/" + RandomStringUtils.randomNumeric(64));
     attributeMap.put(attributeDef2, RandomStringUtils.randomAlphabetic(10));
@@ -638,7 +639,7 @@ public class CreateIdentityLinkTaskEidNewTest {
     return b.id("_".concat(Random.nextHexRandom16()))
         .issuer(RandomStringUtils.randomAlphabetic(10))
         .subject(RandomStringUtils.randomAlphabetic(10))
-        .statusCode(Constants.SUCCESS_URI)
+        .statusCode(EidasConstants.SUCCESS_URI)
         .inResponseTo("_".concat(Random.nextHexRandom16()))
         .subjectNameIdFormat("afaf")
         .levelOfAssurance(EaafConstants.EIDAS_LOA_PREFIX + RandomStringUtils.randomAlphabetic(5))
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java
index 5c528532..5db6e95d 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java
@@ -41,11 +41,12 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.IRequestStorage;
 import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
@@ -475,13 +476,13 @@ public class CreateIdentityLinkTaskTest {
   @NotNull
   private AuthenticationResponse buildDummyAuthResponse() throws URISyntaxException {
     final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
+        EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
     final AttributeDefinition attributeDef2 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
+        EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
     final AttributeDefinition attributeDef3 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_CURRENTGIVENNAME).first();
+        EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first();
     final AttributeDefinition attributeDef4 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_DATEOFBIRTH).first();
+        EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first();
 
     final ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder()
         .put(attributeDef, "LU/AT/" + RandomStringUtils.randomNumeric(64))
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
index 9521e348..761738aa 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java
@@ -26,7 +26,8 @@ import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigM
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.test.dummy.DummySpecificCommunicationService;
 import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
@@ -138,7 +139,7 @@ public class GenerateAuthnRequestTaskTest {
           .getErrorId());
       Assert.assertEquals("wrong parameter size", 1, ((EaafException) e.getOriginalException())
           .getParams().length);
-      Assert.assertEquals("wrong errorMsg", Constants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL, ((EaafException) e
+      Assert.assertEquals("wrong errorMsg", EidasConstants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL, ((EaafException) e
           .getOriginalException()).getParams()[0]);
 
     }
@@ -163,7 +164,7 @@ public class GenerateAuthnRequestTaskTest {
           .getErrorId());
       Assert.assertEquals("wrong parameter size", 1, ((EaafException) e.getOriginalException())
           .getParams().length);
-      Assert.assertEquals("wrong errorMsg", Constants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL + "." + stage, ((EaafException) e
+      Assert.assertEquals("wrong errorMsg", EidasConstants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL + "." + stage, ((EaafException) e
           .getOriginalException()).getParams()[0]);
 
     }
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
index 74ac065e..eef31a02 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java
@@ -83,6 +83,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchSe
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterStatusResults;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.InitialSearchTask;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
 import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
@@ -887,24 +888,24 @@ public class InitialSearchTaskTest {
                                                         String dateOfBirth, String taxNumber, String placeOfBirth,
                                                         String birthName) throws URISyntaxException {
     ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder()
-        .put(generateStringAttribute(Constants.eIDAS_ATTR_PERSONALIDENTIFIER,
+        .put(generateStringAttribute(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER,
             randomAlphabetic(2), randomAlphabetic(2)), identifier)
-        .put(generateStringAttribute(Constants.eIDAS_ATTR_CURRENTFAMILYNAME,
+        .put(generateStringAttribute(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME,
             randomAlphabetic(3), randomAlphabetic(3)), familyName)
-        .put(generateStringAttribute(Constants.eIDAS_ATTR_CURRENTGIVENNAME,
+        .put(generateStringAttribute(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME,
             randomAlphabetic(4), randomAlphabetic(4)), givenName)
-        .put(generateDateTimeAttribute(Constants.eIDAS_ATTR_DATEOFBIRTH,
+        .put(generateDateTimeAttribute(EidasConstants.eIDAS_ATTR_DATEOFBIRTH,
             randomAlphabetic(5), randomAlphabetic(5)), dateOfBirth);
     if (taxNumber != null) {
-      builder.put(generateStringAttribute(Constants.eIDAS_ATTR_TAXREFERENCE,
+      builder.put(generateStringAttribute(EidasConstants.eIDAS_ATTR_TAXREFERENCE,
           randomAlphabetic(6), randomAlphabetic(6)), taxNumber);
     }
     if (birthName != null) {
-      builder.put(generateStringAttribute(Constants.eIDAS_ATTR_BIRTHNAME,
+      builder.put(generateStringAttribute(EidasConstants.eIDAS_ATTR_BIRTHNAME,
           randomAlphabetic(7), randomAlphabetic(7)), birthName);
     }
     if (placeOfBirth != null) {
-      builder.put(generateStringAttribute(Constants.eIDAS_ATTR_PLACEOFBIRTH,
+      builder.put(generateStringAttribute(EidasConstants.eIDAS_ATTR_PLACEOFBIRTH,
           randomAlphabetic(8), randomAlphabetic(8)), placeOfBirth);
     }
     final ImmutableAttributeMap attributeMap = builder.build();
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskWithRegistersTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskWithRegistersTest.java
index 6d0e7c31..4b9e9fe2 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskWithRegistersTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskWithRegistersTest.java
@@ -88,6 +88,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.InitialSearchTask;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.clients.ErnpRestClientTest;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.clients.ZmrClientTest;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
 import at.gv.bmi.namespace.zmr_su.base._20040201.RequestType;
 import at.gv.bmi.namespace.zmr_su.base._20040201.ResponseType;
 import at.gv.bmi.namespace.zmr_su.base._20040201_.ServicePort;
@@ -607,24 +608,24 @@ public class InitialSearchTaskWithRegistersTest {
                                                         String dateOfBirth, String taxNumber, String placeOfBirth,
                                                         String birthName) throws URISyntaxException {
     ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder()
-        .put(generateStringAttribute(Constants.eIDAS_ATTR_PERSONALIDENTIFIER,
+        .put(generateStringAttribute(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER,
             randomAlphabetic(2), randomAlphabetic(2)), identifier)
-        .put(generateStringAttribute(Constants.eIDAS_ATTR_CURRENTFAMILYNAME,
+        .put(generateStringAttribute(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME,
             randomAlphabetic(3), randomAlphabetic(3)), familyName)
-        .put(generateStringAttribute(Constants.eIDAS_ATTR_CURRENTGIVENNAME,
+        .put(generateStringAttribute(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME,
             randomAlphabetic(4), randomAlphabetic(4)), givenName)
-        .put(generateDateTimeAttribute(Constants.eIDAS_ATTR_DATEOFBIRTH,
+        .put(generateDateTimeAttribute(EidasConstants.eIDAS_ATTR_DATEOFBIRTH,
             randomAlphabetic(5), randomAlphabetic(5)), dateOfBirth);
     if (taxNumber != null) {
-      builder.put(generateStringAttribute(Constants.eIDAS_ATTR_TAXREFERENCE,
+      builder.put(generateStringAttribute(EidasConstants.eIDAS_ATTR_TAXREFERENCE,
           randomAlphabetic(6), randomAlphabetic(6)), taxNumber);
     }
     if (birthName != null) {
-      builder.put(generateStringAttribute(Constants.eIDAS_ATTR_BIRTHNAME,
+      builder.put(generateStringAttribute(EidasConstants.eIDAS_ATTR_BIRTHNAME,
           randomAlphabetic(7), randomAlphabetic(7)), birthName);
     }
     if (placeOfBirth != null) {
-      builder.put(generateStringAttribute(Constants.eIDAS_ATTR_PLACEOFBIRTH,
+      builder.put(generateStringAttribute(EidasConstants.eIDAS_ATTR_PLACEOFBIRTH,
           randomAlphabetic(8), randomAlphabetic(8)), placeOfBirth);
     }
     final ImmutableAttributeMap attributeMap = builder.build();
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java
index 842c8bf7..53f83095 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java
@@ -27,8 +27,9 @@ import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummySpConfiguration;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAuthnResponseTask;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.IRequestStorage;
 import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
@@ -142,7 +143,7 @@ public class ReceiveAuthnResponseTaskTest {
   public void successAndForward() throws URISyntaxException, TaskExecutionException, 
       PendingReqIdValidationException, EaafStorageException {    
     
-    AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI);
+    AuthenticationResponse eidasResponse = buildDummyAuthResponse(EidasConstants.SUCCESS_URI);
     httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
         
     String alternativReturnEndpoint = "http://ms-connector.alternative/" + RandomStringUtils.randomAlphabetic(10);
@@ -172,7 +173,7 @@ public class ReceiveAuthnResponseTaskTest {
   
   public void success() throws URISyntaxException, TaskExecutionException, PendingReqIdValidationException {
     @Nonnull
-    AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI);
+    AuthenticationResponse eidasResponse = buildDummyAuthResponse(EidasConstants.SUCCESS_URI);
     httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
     executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU");
 
@@ -200,7 +201,7 @@ public class ReceiveAuthnResponseTaskTest {
     basicConfig.putConfigValue("eidas.ms.auth.eIDAS.eid.testidentity.default", "true");
     
     @Nonnull      
-    AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI);
+    AuthenticationResponse eidasResponse = buildDummyAuthResponse(EidasConstants.SUCCESS_URI);
     httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
     executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU");    
       
@@ -226,13 +227,13 @@ public class ReceiveAuthnResponseTaskTest {
   @Nonnull
   private AuthenticationResponse buildDummyAuthResponse(String statusCode) throws URISyntaxException {
     final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
+        EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
     final AttributeDefinition attributeDef2 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
+        EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
     final AttributeDefinition attributeDef3 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_CURRENTGIVENNAME).first();
+        EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first();
     final AttributeDefinition attributeDef4 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_DATEOFBIRTH).first();
+        EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first();
 
     final ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder()
         .put(attributeDef, "LU/AT/" + RandomStringUtils.randomNumeric(64))
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java
index 4148b138..4112e047 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java
@@ -27,8 +27,9 @@ import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummySpConfiguration;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAuthnResponseAlternativeTask;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.IRequestStorage;
 import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
@@ -141,7 +142,7 @@ public class ReceiveEidasResponseTaskTest {
   public void successAndForward() throws URISyntaxException, TaskExecutionException, 
       PendingReqIdValidationException, EaafStorageException {    
     
-    AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI);
+    AuthenticationResponse eidasResponse = buildDummyAuthResponse(EidasConstants.SUCCESS_URI);
     httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
         
     String alternativReturnEndpoint = "http://ms-connector.alternative/" + RandomStringUtils.randomAlphabetic(10);
@@ -171,7 +172,7 @@ public class ReceiveEidasResponseTaskTest {
   
   public void success() throws URISyntaxException, TaskExecutionException, PendingReqIdValidationException {
     @Nonnull
-    AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI);
+    AuthenticationResponse eidasResponse = buildDummyAuthResponse(EidasConstants.SUCCESS_URI);
     httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
 
     //execute test
@@ -198,7 +199,7 @@ public class ReceiveEidasResponseTaskTest {
     basicConfig.putConfigValue("eidas.ms.auth.eIDAS.eid.testidentity.default", "true");
     
     @Nonnull      
-    AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI);
+    AuthenticationResponse eidasResponse = buildDummyAuthResponse(EidasConstants.SUCCESS_URI);
     httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
       
     //execute test
@@ -223,14 +224,14 @@ public class ReceiveEidasResponseTaskTest {
   @Nonnull
   private AuthenticationResponse buildDummyAuthResponse(String statusCode) throws URISyntaxException {
     final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
+        EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
     final AttributeDefinition attributeDef2 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
+        EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
     final AttributeDefinition attributeDef3 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_CURRENTGIVENNAME).first();
+        EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first();
     final AttributeDefinition attributeDef4 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_DATEOFBIRTH).first();
-
+        EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first();
+   
     final ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder()
         .put(attributeDef, "LU/AT/" + RandomStringUtils.randomNumeric(64))
         .put(attributeDef2, RandomStringUtils.randomAlphabetic(10))
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasAttributePostProcessingTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasAttributePostProcessingTest.java
index 16efd84b..b8cb0642 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasAttributePostProcessingTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasAttributePostProcessingTest.java
@@ -40,12 +40,13 @@ import org.springframework.test.annotation.DirtiesContext.ClassMode;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
 import lombok.SneakyThrows;
 
+
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(locations = {
     "/SpringTest-context_tasks_test.xml",
@@ -352,12 +353,12 @@ public class EidasAttributePostProcessingTest {
   private Map<String, Object> generateInputData(String id, String familyName, String givenName,
       String dateOfBirth, String placeOfBirth, String birthName) {
     final Map<String, Object> result = new HashMap<>();
-    result.put(Constants.eIDAS_ATTR_PERSONALIDENTIFIER, id);
-    result.put(Constants.eIDAS_ATTR_CURRENTGIVENNAME, givenName);
-    result.put(Constants.eIDAS_ATTR_CURRENTFAMILYNAME, familyName);
-    result.put(Constants.eIDAS_ATTR_DATEOFBIRTH, dateOfBirth);
-    result.put(Constants.eIDAS_ATTR_PLACEOFBIRTH, placeOfBirth);
-    result.put(Constants.eIDAS_ATTR_BIRTHNAME, birthName);
+    result.put(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, id);
+    result.put(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, givenName);
+    result.put(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, familyName);
+    result.put(EidasConstants.eIDAS_ATTR_DATEOFBIRTH, dateOfBirth);
+    result.put(EidasConstants.eIDAS_ATTR_PLACEOFBIRTH, placeOfBirth);
+    result.put(EidasConstants.eIDAS_ATTR_BIRTHNAME, birthName);
     return result;
 
   }
diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasResponseValidatorTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasResponseValidatorTest.java
index bbba56e2..91a50d28 100644
--- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasResponseValidatorTest.java
+++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasResponseValidatorTest.java
@@ -21,10 +21,10 @@ import com.google.common.collect.ImmutableSet;
 
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummySpConfiguration;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasValidationException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.validator.EidasResponseValidator;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
 import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
@@ -300,7 +300,7 @@ public class EidasResponseValidatorTest {
 
 
     final AttributeDefinition personIdattributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
+        EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
 
     final Builder attributeMap = ImmutableAttributeMap.builder();
     if (personalId != null) {
@@ -319,7 +319,7 @@ public class EidasResponseValidatorTest {
     return b.id("_".concat(Random.nextHexRandom16()))
         .issuer(RandomStringUtils.randomAlphabetic(10))
         .subject(RandomStringUtils.randomAlphabetic(10))
-        .statusCode(Constants.SUCCESS_URI)
+        .statusCode(EidasConstants.SUCCESS_URI)
         .inResponseTo("_".concat(Random.nextHexRandom16()))
         .subjectNameIdFormat("afaf")
         .levelOfAssurance(loa)
diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml b/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
index c843c40c..d71a47dc 100644
--- a/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
+++ b/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml
@@ -17,13 +17,13 @@
         class="at.asitplus.eidas.specific.modules.auth.eidas.v2.config.EidasConnectorMessageSource"/>
   
   <bean id="SZRClientForeIDAS"
-    class="at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient" />
+    class="at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient" />
 
   <!-- <bean id="eIDASDataStore" class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.eIDASDataStore" 
     /> -->
 
   <bean id="springManagedSpecificConnectorCommunicationService"
-    class="at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService" />
+    class="at.asitplus.eidas.specific.modules.core.eidas.test.dummy.DummySpecificCommunicationService" />
 
   <bean id="specificConnectorAttributesFileWithPath"
     class="java.lang.String">
@@ -38,13 +38,16 @@
   </bean>
 
   <bean id="attributeRegistry"
-    class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry">
+    class="at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry">
     <property name="eidasAttributesFile"
       ref="specificConnectorAttributesFileWithPath" />
     <property name="additionalAttributesFile"
       ref="specificConnectorAdditionalAttributesFileWithPath" />
   </bean>
 
+  <bean id="connectorAttributeRegistry"
+        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ConnectorEidasAttributeRegistry" />
+
   <bean id="EIDPostProcessingService"
     class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService" />
 
diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml b/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml
index 0afa0d7d..1b5391d5 100644
--- a/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml
+++ b/modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml
@@ -25,7 +25,7 @@
     class="at.gv.egiz.eaaf.core.impl.gui.builder.SpringMvcGuiFormBuilderImpl" />
 
   <bean id="springManagedSpecificConnectorCommunicationService"
-    class="at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService" />
+    class="at.asitplus.eidas.specific.modules.core.eidas.test.dummy.DummySpecificCommunicationService" />
 
   <bean id="dummyPvpConfig"
         class="at.gv.egiz.eaaf.modules.pvp2.idp.test.dummy.DummyPvpConfiguration" />
@@ -36,17 +36,5 @@
   <bean id="dummyVelocityBuilder"
         class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyVelocityGuiFormBuilder" />
 
-  <bean id="specificConnectorAttributesFileWithPath"
-    class="java.lang.String">
-    <constructor-arg
-      value="src/test/resources/config/eidas-attributes.xml" />
-  </bean>
-
-  <bean id="specificConnectorAdditionalAttributesFileWithPath"
-    class="java.lang.String">
-    <constructor-arg
-      value="src/test/resources/config/additional-attributes.xml" />
-  </bean>
-
 
 </beans>
\ No newline at end of file
diff --git a/modules/core_commons_eidas/checks/spotbugs-exclude.xml b/modules/core_commons_eidas/checks/spotbugs-exclude.xml
new file mode 100644
index 00000000..bcb1402f
--- /dev/null
+++ b/modules/core_commons_eidas/checks/spotbugs-exclude.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<FindBugsFilter>
+  <Match>
+    <!-- File path is only loaded from configuration -->
+    <Class name="at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry" />
+    <Method name="initialize" />
+    <Bug pattern="PATH_TRAVERSAL_IN" />               
+  </Match>        
+</FindBugsFilter>
diff --git a/modules/core_commons_eidas/pom.xml b/modules/core_commons_eidas/pom.xml
new file mode 100644
index 00000000..2a1e2575
--- /dev/null
+++ b/modules/core_commons_eidas/pom.xml
@@ -0,0 +1,174 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>at.asitplus.eidas.ms_specific</groupId>
+    <artifactId>modules</artifactId>
+    <version>1.3.1-SNAPSHOT</version>
+  </parent>
+  <artifactId>core_commons_eidas</artifactId>
+  <name>Commons for eIDAS Node communication</name>
+  
+  <profiles>
+    <profile>
+      <id>default</id>
+      <activation>
+        <activeByDefault>true</activeByDefault>
+      </activation>
+      <repositories>
+        <repository>
+          <id>egiz-commons</id>
+          <url>https://apps.egiz.gv.at/maven/</url>
+          <releases>
+            <enabled>true</enabled>
+          </releases>
+        </repository>
+        <repository>
+          <id>eIDASNode-local</id>
+          <name>local</name>
+          <url>file:${basedir}/../../repository</url>
+        </repository>
+      </repositories>
+    </profile>
+  </profiles>
+
+  <dependencies>
+    <dependency>
+      <groupId>at.gv.egiz.components</groupId>
+      <artifactId>egiz-spring-api</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>at.asitplus.eidas.ms_specific</groupId>
+      <artifactId>core_common_lib</artifactId>
+    </dependency>  
+    <dependency>
+      <groupId>at.gv.egiz.eaaf</groupId>
+      <artifactId>eaaf-core</artifactId>
+    </dependency>
+
+    <!-- eIDAS reference implemenation libs -->
+    <dependency>
+      <groupId>eu.eidas</groupId>
+      <artifactId>eidas-commons</artifactId>
+      <exclusions>
+        <exclusion>
+          <groupId>log4j</groupId>
+          <artifactId>log4j</artifactId>
+        </exclusion>
+        <exclusion>
+          <artifactId>log4j-over-slf4j</artifactId>
+          <groupId>org.slf4j</groupId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+    <dependency>
+      <groupId>eu.eidas</groupId>
+      <artifactId>eidas-specific-communication-definition</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>eu.eidas</groupId>
+      <artifactId>eidas-jcache-ignite-specific-communication</artifactId>
+    </dependency>    
+    
+
+  <!-- Testing -->
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-test</artifactId>
+      <scope>test</scope>
+    </dependency>
+    
+    <dependency>
+      <groupId>at.asitplus.eidas.ms_specific</groupId>
+      <artifactId>core_common_lib</artifactId>
+      <scope>test</scope>
+      <type>test-jar</type>
+    </dependency>
+    
+    <dependency>
+      <groupId>at.gv.egiz.eaaf</groupId>
+      <artifactId>eaaf_core_utils</artifactId>
+      <scope>test</scope>
+      <type>test-jar</type>
+    </dependency>
+    <dependency>
+      <groupId>at.gv.egiz.eaaf</groupId>
+      <artifactId>eaaf-core</artifactId>
+      <scope>test</scope>
+      <type>test-jar</type>
+    </dependency>    
+    
+  </dependencies>
+  
+  <build>
+    <resources>
+      <resource>
+        <directory>src/main/resources</directory>
+      </resource>
+      <resource>
+        <directory>target/generated-sources/cxf</directory>
+      </resource>
+    </resources>
+
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <configuration>
+          <source>1.8</source>
+          <target>1.8</target>
+        </configuration>
+      </plugin>
+      
+      <plugin>
+        <groupId>com.github.spotbugs</groupId>
+        <artifactId>spotbugs-maven-plugin</artifactId>
+        <version>${spotbugs-maven-plugin.version}</version>
+        <configuration>
+          <excludeFilterFile>checks/spotbugs-exclude.xml</excludeFilterFile>
+        </configuration>
+      </plugin>
+
+      <plugin>
+        <groupId>org.jacoco</groupId>
+        <artifactId>jacoco-maven-plugin</artifactId>
+        <executions>
+          <execution>
+            <id>post-unit-check</id>
+            <phase>test</phase>
+            <goals>
+              <goal>check</goal>
+              <goal>report</goal>
+            </goals>
+            <configuration>
+              <haltOnFailure>true</haltOnFailure>
+              <excludes />                                                    
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+
+      <!-- enable co-existence of testng and junit -->
+      <plugin>
+        <artifactId>maven-surefire-plugin</artifactId>
+        <configuration>
+          <threadCount>1</threadCount>
+        </configuration>
+        <dependencies>
+          <dependency>
+            <groupId>org.apache.maven.surefire</groupId>
+            <artifactId>surefire-junit47</artifactId>
+            <version>${surefire.version}</version>
+          </dependency>
+        </dependencies>
+      </plugin>
+    </plugins>
+  </build> 
+  
+  
+  
+</project>
\ No newline at end of file
diff --git a/modules/core_commons_eidas/src/main/java/at/asitplus/eidas/specific/modules/core/eidas/EidasConstants.java b/modules/core_commons_eidas/src/main/java/at/asitplus/eidas/specific/modules/core/eidas/EidasConstants.java
new file mode 100644
index 00000000..ac17c30f
--- /dev/null
+++ b/modules/core_commons_eidas/src/main/java/at/asitplus/eidas/specific/modules/core/eidas/EidasConstants.java
@@ -0,0 +1,85 @@
+package at.asitplus.eidas.specific.modules.core.eidas;
+
+/**
+ * Constants to communicate with eIDAS Node.
+ * 
+ * @author tlenz
+ *
+ */
+public class EidasConstants {
+
+  // common config ore-fixes
+  public static final String CONIG_PROPS_EIDAS_PREFIX = "auth.eIDAS";
+  public static final String CONIG_PROPS_EIDAS_NODE = EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".node_v2";
+  
+  public static final String CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL = 
+      EidasConstants.CONIG_PROPS_EIDAS_NODE + ".forward.endpoint";
+  public static final String CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD = 
+      EidasConstants.CONIG_PROPS_EIDAS_NODE + ".forward.method";
+  
+  public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = 
+      CONIG_PROPS_EIDAS_NODE + ".countrycode";
+  
+  
+  // templates for post-binding forwarding
+  public static final String TEMPLATE_POST_FORWARD_NAME = "eidas_node_forward.html";
+  public static final String TEMPLATE_POST_FORWARD_ENDPOINT = "endPoint";
+  public static final String TEMPLATE_POST_FORWARD_TOKEN_NAME = "tokenName";
+  public static final String TEMPLATE_POST_FORWARD_TOKEN_VALUE = "tokenValue";
+  
+  
+  // common default values
+  public static final String FORWARD_METHOD_POST = "POST";
+  public static final String FORWARD_METHOD_GET = "GET";  
+  public static final String DEFAULT_MS_NODE_COUNTRY_CODE = "AT";
+  
+  
+  // SAML2 Constants
+  public static final String SUCCESS_URI = "urn:oasis:names:tc:SAML:2.0:status:Success";
+  public static final String ERROR_URI = "urn:oasis:names:tc:SAML:2.0:status:Responder";
+  
+  
+  // eIDAS attribute names
+  public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
+  public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
+  public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName";
+  public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName";
+  public static final String eIDAS_ATTR_PLACEOFBIRTH = "PlaceOfBirth";
+  public static final String eIDAS_ATTR_BIRTHNAME = "BirthName";
+  public static final String eIDAS_ATTR_CURRENTADDRESS = "CurrentAddress";
+  
+  //TODO: set parameter if it's defined
+  public static final String eIDAS_ATTR_TAXREFERENCE = "notYetDefined";
+  
+  public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier";
+  public static final String eIDAS_ATTR_LEGALNAME = "LegalName";
+
+  public static final String eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER = "RepresentativePersonIdentifier";
+  public static final String eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH = "RepresentativeDateOfBirth";
+  public static final String eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME = "RepresentativeFirstName";
+  public static final String eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME = "RepresentativeFamilyName";
+
+  //eIDAS attribute URN
+  public static final String eIDAS_ATTRURN_PREFIX = "http://eidas.europa.eu/attributes/";
+  public static final String eIDAS_ATTRURN_PREFIX_NATURAL = eIDAS_ATTRURN_PREFIX + "naturalperson/";
+  
+  public static final String eIDAS_ATTRURN_PERSONALIDENTIFIER =
+      eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_PERSONALIDENTIFIER;  
+  public static final String eIDAS_ATTRURN_CURRENTGIVENNAME =
+      eIDAS_ATTRURN_PREFIX_NATURAL + "CurrentGivenName";
+  public static final String eIDAS_ATTRURN_CURRENTFAMILYNAME =
+      eIDAS_ATTRURN_PREFIX_NATURAL + "CurrentFamilyName";
+  public static final String eIDAS_ATTRURN_DATEOFBIRTH =
+      eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_DATEOFBIRTH;  
+  public static final String eIDAS_ATTRURN_PLACEOFBIRTH =
+      eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_PLACEOFBIRTH;
+  public static final String eIDAS_ATTRURN_BIRTHNAME =
+      eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_BIRTHNAME;
+  
+  
+  
+  private EidasConstants() {
+    // hide Constructor for class with static content only. 
+  }
+  
+}
diff --git a/modules/core_commons_eidas/src/main/java/at/asitplus/eidas/specific/modules/core/eidas/service/EidasAttributeRegistry.java b/modules/core_commons_eidas/src/main/java/at/asitplus/eidas/specific/modules/core/eidas/service/EidasAttributeRegistry.java
new file mode 100644
index 00000000..15c8b3c0
--- /dev/null
+++ b/modules/core_commons_eidas/src/main/java/at/asitplus/eidas/specific/modules/core/eidas/service/EidasAttributeRegistry.java
@@ -0,0 +1,102 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.modules.core.eidas.service;
+
+import java.io.File;
+
+import javax.annotation.PostConstruct;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import eu.eidas.auth.commons.attribute.AttributeRegistries;
+import eu.eidas.auth.commons.attribute.AttributeRegistry;
+
+@Service("attributeRegistry")
+public class EidasAttributeRegistry {
+  private static final Logger log = LoggerFactory.getLogger(EidasAttributeRegistry.class);
+  @Autowired
+  protected IConfigurationWithSP basicConfig;
+
+  private AttributeRegistry coreAttributeRegistry;
+
+  private String eidasAttributesFile;
+  private String additionalAttributesFile;
+
+  @PostConstruct
+  private void initialize() throws RuntimeException {
+    try {
+      if (eidasAttributesFile.isEmpty()) {
+        log.error("Basic eIDAS addribute definition NOT defined");
+        throw new EaafConfigurationException("config.30",
+            new Object[] { "eidas-attributes.xml" });
+
+      }
+
+      boolean additionalAttrAvailabe = false;
+      if (!additionalAttributesFile.isEmpty()) {
+        final File file = new File(additionalAttributesFile);
+        if (file.exists()) {
+          additionalAttrAvailabe = true;
+        }
+
+      }
+
+      if (!additionalAttrAvailabe) {
+        log.info("Start eIDAS ref. impl. Core without additional eIDAS attribute definitions ... ");
+        coreAttributeRegistry = AttributeRegistries.fromFiles(eidasAttributesFile, null);
+
+      } else {
+        // load attribute definitions
+        log.info("Start eIDAS ref. impl. Core with additional eIDAS attribute definitions ... ");
+        coreAttributeRegistry = AttributeRegistries.fromFiles(eidasAttributesFile, null,
+            additionalAttributesFile);
+
+      }
+
+    } catch (final Throwable e) {
+      log.error("Can NOT initialize eIDAS attribute definition.", e);
+      throw new RuntimeException("Can NOT initialize eIDAS attribute definition.", e);
+
+    }
+  }
+
+  public AttributeRegistry getCoreAttributeRegistry() {
+    return coreAttributeRegistry;
+  }
+
+ 
+  public void setEidasAttributesFile(String eidasAttributesFile) {
+    this.eidasAttributesFile = eidasAttributesFile;
+  }
+
+  public void setAdditionalAttributesFile(String additionalAttributesFile) {
+    this.additionalAttributesFile = additionalAttributesFile;
+  }
+
+}
diff --git a/modules/core_commons_eidas/src/test/java/at/asitplus/eidas/specific/modules/core/eidas/test/dummy/DummySpecificCommunicationService.java b/modules/core_commons_eidas/src/test/java/at/asitplus/eidas/specific/modules/core/eidas/test/dummy/DummySpecificCommunicationService.java
new file mode 100644
index 00000000..97ccade4
--- /dev/null
+++ b/modules/core_commons_eidas/src/test/java/at/asitplus/eidas/specific/modules/core/eidas/test/dummy/DummySpecificCommunicationService.java
@@ -0,0 +1,66 @@
+package at.asitplus.eidas.specific.modules.core.eidas.test.dummy;
+
+import java.util.Collection;
+
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.commons.light.ILightRequest;
+import eu.eidas.auth.commons.light.ILightResponse;
+import eu.eidas.auth.commons.tx.BinaryLightToken;
+import eu.eidas.specificcommunication.BinaryLightTokenHelper;
+import eu.eidas.specificcommunication.exception.SpecificCommunicationException;
+import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
+import lombok.Setter;
+
+public class DummySpecificCommunicationService implements SpecificCommunicationService {
+
+  private ILightRequest lightRequest;
+  private ILightResponse lightResponse;
+
+  @Setter
+  private SpecificCommunicationException error;
+  
+  @Override
+  public BinaryLightToken putRequest(ILightRequest lightRequest) throws SpecificCommunicationException {
+    this.lightRequest = lightRequest;
+    return BinaryLightTokenHelper.createBinaryLightToken("Test", "TestSecret", "SHA-256");
+  }
+
+  @Override
+  public ILightRequest getAndRemoveRequest(String tokenBase64, Collection<AttributeDefinition<?>> registry)
+      throws SpecificCommunicationException {
+    if (error != null) {
+      throw error;
+      
+    }
+    return lightRequest;
+  }
+
+  @Override
+  public BinaryLightToken putResponse(ILightResponse lightResponse) throws SpecificCommunicationException {
+    this.lightResponse = lightResponse;
+    return BinaryLightTokenHelper.createBinaryLightToken("Test", "TestSecret", "SHA-256");
+  }
+
+  @Override
+  public ILightResponse getAndRemoveResponse(String tokenBase64, Collection<AttributeDefinition<?>> registry)
+      throws SpecificCommunicationException {
+    return lightResponse;
+  }
+
+  public ILightRequest getiLightRequest() {
+    return lightRequest;
+  }
+
+  public void setiLightRequest(ILightRequest lightReques) {
+    this.lightRequest = lightReques;
+  }
+
+  public ILightResponse getiLightResponse() {
+    return lightResponse;
+  }
+
+  public void setiLightResponse(ILightResponse lightResponse) {
+    this.lightResponse = lightResponse;
+  }
+
+}
diff --git a/modules/eidas_proxy-sevice/pom.xml b/modules/eidas_proxy-sevice/pom.xml
index 39763edf..e45d6ee0 100644
--- a/modules/eidas_proxy-sevice/pom.xml
+++ b/modules/eidas_proxy-sevice/pom.xml
@@ -25,12 +25,12 @@
     </dependency>
     <dependency>
       <groupId>at.asitplus.eidas.ms_specific</groupId>
-      <artifactId>core_common_lib</artifactId>
+      <artifactId>core_common_lib</artifactId>      
     </dependency>
     <dependency>
-      <groupId>at.asitplus.eidas.ms_specific.modules</groupId>
-      <artifactId>authmodule-eIDAS-v2</artifactId>
-    </dependency>
+      <groupId>at.asitplus.eidas.ms_specific</groupId>
+      <artifactId>core_commons_eidas</artifactId>
+    </dependency>      
     <dependency>
       <groupId>at.gv.egiz.eaaf</groupId>
       <artifactId>eaaf-core</artifactId>
@@ -101,11 +101,17 @@
       <type>test-jar</type>
     </dependency>
     <dependency>
+      <groupId>at.asitplus.eidas.ms_specific</groupId>
+      <artifactId>core_commons_eidas</artifactId>
+      <scope>test</scope>
+      <type>test-jar</type>        
+    </dependency>    
+    <!-- dependency>
       <groupId>at.asitplus.eidas.ms_specific.modules</groupId>
       <artifactId>authmodule-eIDAS-v2</artifactId>
       <scope>test</scope>
       <type>test-jar</type>
-    </dependency>      
+    </dependency>-->      
     
     <dependency>
       <groupId>at.gv.egiz.eaaf</groupId>
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java
index f6a88aa3..fd6b45bb 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceConstants.java
@@ -1,6 +1,6 @@
 package at.asitplus.eidas.specific.modules.msproxyservice;
 
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
 import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
 
 /**
@@ -15,22 +15,22 @@ public class MsProxyServiceConstants {
   public static final String TEMPLATE_SP_UNIQUE_ID = "eidasProxyAuth_from_{0}_type_{1}";
   
   // configuration constants
-  public static final String CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID = Constants.CONIG_PROPS_EIDAS_NODE
+  public static final String CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID = EidasConstants.CONIG_PROPS_EIDAS_NODE
       + ".proxy.entityId";
-  public static final String CONIG_PROPS_EIDAS_PROXY_NODE_FORWARD_URL = Constants.CONIG_PROPS_EIDAS_NODE
+  public static final String CONIG_PROPS_EIDAS_PROXY_NODE_FORWARD_URL = EidasConstants.CONIG_PROPS_EIDAS_NODE
       + ".proxy.forward.endpoint";
   
   // mandate configuration
   public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED = 
-      Constants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.mandates.enabled";  
+      EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.mandates.enabled";  
   public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL = 
-      Constants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.mandates.profiles.natural.default";
+      EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.mandates.profiles.natural.default";
   public static final String CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL = 
-      Constants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.mandates.profiles.legal.default";
+      EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.mandates.profiles.legal.default";
   
   
   public static final String CONIG_PROPS_EIDAS_PROXY_WORKAROUND_MANDATES_LEGAL_PERSON = 
-      Constants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.workaround.mandates.legalperson";
+      EidasConstants.CONIG_PROPS_EIDAS_PREFIX + ".proxy.workaround.mandates.legalperson";
   
   // specific eIDAS-Connector configuration
   public static final String CONIG_PROPS_CONNECTOR_PREFIX = "connector";
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
index e24c753e..cd404cee 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
@@ -25,8 +25,8 @@ import com.google.common.collect.ImmutableSortedSet;
 
 import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
 import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException;
 import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils;
@@ -308,8 +308,8 @@ public class EidasProxyServiceController extends AbstractController implements I
       final ServiceProviderConfiguration spConfig = new ServiceProviderConfiguration(connectorConfigMap, authConfig);
 
       // build bPK target from Country-Code 
-      final String ccCountry = authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE,
-          Constants.DEFAULT_MS_NODE_COUNTRY_CODE);
+      final String ccCountry = authConfig.getBasicConfiguration(EidasConstants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE,
+          EidasConstants.DEFAULT_MS_NODE_COUNTRY_CODE);
       spConfig.setBpkTargetIdentifier(
           EaafConstants.URN_PREFIX_EIDAS + ccCountry + "+" + spCountry);
       
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
index 15524005..92165412 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
@@ -17,8 +17,8 @@ import org.springframework.web.util.UriComponentsBuilder;
 
 import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
 import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException;
 import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils;
@@ -85,7 +85,7 @@ public class ProxyServiceAuthenticationAction implements IAction {
         lightRespBuilder.relayState(eidasReq.getRelayState());
         
         lightRespBuilder.status(ResponseStatus.builder()
-            .statusCode(Constants.SUCCESS_URI)
+            .statusCode(EidasConstants.SUCCESS_URI)
             .build());
         
         //TODO: check if we can use transient subjectNameIds
@@ -168,8 +168,8 @@ public class ProxyServiceAuthenticationAction implements IAction {
     log.debug("ForwardURL: " + forwardUrl + " selected to forward eIDAS request");
 
     if (basicConfig.getBasicConfiguration(
-        Constants.CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD,
-        Constants.FORWARD_METHOD_GET).equals(Constants.FORWARD_METHOD_GET)) {
+        EidasConstants.CONIG_PROPS_EIDAS_NODE_FORWARD_METHOD,
+        EidasConstants.FORWARD_METHOD_GET).equals(EidasConstants.FORWARD_METHOD_GET)) {
 
       log.debug("Use http-redirect for eIDAS node forwarding ...  ");
       // send redirect
@@ -182,14 +182,14 @@ public class ProxyServiceAuthenticationAction implements IAction {
       final StaticGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration(
           basicConfig,
           pendingReq,
-          Constants.TEMPLATE_POST_FORWARD_NAME,
+          EidasConstants.TEMPLATE_POST_FORWARD_NAME,
           null,
           resourceLoader);
 
-      config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardUrl);
-      config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME,
+      config.putCustomParameter(null, EidasConstants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardUrl);
+      config.putCustomParameter(null, EidasConstants.TEMPLATE_POST_FORWARD_TOKEN_NAME,
           EidasParameterKeys.TOKEN.toString());
-      config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE,
+      config.putCustomParameter(null, EidasConstants.TEMPLATE_POST_FORWARD_TOKEN_VALUE,
           tokenBase64);
 
       guiBuilder.build(httpReq, httpResp, config, "Forward to eIDASNode form");
@@ -233,13 +233,13 @@ public class ProxyServiceAuthenticationAction implements IAction {
     if (StringUtils.isNotEmpty(natMandatorId)) {
       log.debug("Injecting natural mandator informations ... ");
       final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-          Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
+          EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
       final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-          Constants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
+          EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
       final AttributeDefinition<?> attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-          Constants.eIDAS_ATTR_CURRENTGIVENNAME).first();
+          EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first();
       final AttributeDefinition<?> attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-          Constants.eIDAS_ATTR_DATEOFBIRTH).first();
+          EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first();
       
       attributeMap.put(attrDefPersonalId, natMandatorId);
       attributeMap.put(attrDefFamilyName, eidAuthData.getGenericData(
@@ -252,9 +252,9 @@ public class ProxyServiceAuthenticationAction implements IAction {
     } else {
       log.debug("Injecting legal mandator informations ... ");
       final AttributeDefinition<?> commonName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-          Constants.eIDAS_ATTR_LEGALNAME).first();
+          EidasConstants.eIDAS_ATTR_LEGALNAME).first();
       final AttributeDefinition<?> legalPersonId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-          Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first();
+          EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first();
       
       attributeMap.put(commonName, eidAuthData.getGenericData(
           PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, String.class));
@@ -267,13 +267,13 @@ public class ProxyServiceAuthenticationAction implements IAction {
   private void injectRepesentativeInformation(
       ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) {
     final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER).first();
+        EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER).first();
     final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME).first();
+        EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME).first();
     final AttributeDefinition<?> attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME).first();
+        EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME).first();
     final AttributeDefinition<?> attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH).first();
+        EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH).first();
    
     attributeMap.put(attrDefPersonalId, 
             eidAuthData.getGenericData(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class));
@@ -319,13 +319,13 @@ public class ProxyServiceAuthenticationAction implements IAction {
   private ImmutableAttributeMap buildAttributesWithoutMandate(String personalIdentifier, String familyName,
       String givenName, String dateOfBirth) {
     final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
+        EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
     final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
+        EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
     final AttributeDefinition<?> attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_CURRENTGIVENNAME).first();
+        EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first();
     final AttributeDefinition<?> attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        Constants.eIDAS_ATTR_DATEOFBIRTH).first();
+        EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first();
    
     final ImmutableAttributeMap.Builder attributeMap = 
         ImmutableAttributeMap.builder()
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/utils/EidasProxyServiceUtils.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/utils/EidasProxyServiceUtils.java
index 4cd7ba6c..b8a4c598 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/utils/EidasProxyServiceUtils.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/utils/EidasProxyServiceUtils.java
@@ -1,6 +1,6 @@
 package at.asitplus.eidas.specific.modules.msproxyservice.utils;
 
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
 import eu.eidas.auth.commons.light.ILightRequest;
 
 /**
@@ -19,7 +19,7 @@ public class EidasProxyServiceUtils {
    */
   public static boolean isLegalPersonRequested(ILightRequest eidasRequest) {
     return eidasRequest.getRequestedAttributes().entrySet().stream()
-        .filter(el -> el.getKey().getFriendlyName().equals(Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER))
+        .filter(el -> el.getKey().getFriendlyName().equals(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER))
         .findFirst()
         .isPresent();
     
@@ -33,7 +33,7 @@ public class EidasProxyServiceUtils {
    */
   public static boolean isNaturalPersonRequested(ILightRequest eidasRequest) {
     return eidasRequest.getRequestedAttributes().entrySet().stream()
-        .filter(el -> el.getKey().getFriendlyName().equals(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
+        .filter(el -> el.getKey().getFriendlyName().equals(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER))
         .findFirst()
         .isPresent();
     
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java
index 55958d9e..2b652f79 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/EidasProxyServiceControllerTest.java
@@ -22,7 +22,6 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.opensaml.saml.saml2.core.NameIDType;
 import org.opensaml.saml.saml2.core.StatusCode;
-import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -37,10 +36,9 @@ import com.google.common.collect.ImmutableSortedSet;
 
 import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
+import at.asitplus.eidas.specific.modules.core.eidas.test.dummy.DummySpecificCommunicationService;
 import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
 import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException;
 import at.asitplus.eidas.specific.modules.msproxyservice.protocol.EidasProxyServiceController;
@@ -59,7 +57,6 @@ import eu.eidas.specificcommunication.exception.SpecificCommunicationException;
 import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
 
 @RunWith(SpringJUnit4ClassRunner.class)
-@PrepareForTest(CreateIdentityLinkTask.class)
 @ContextConfiguration(locations = {
     "/spring/SpringTest-context_basic_test.xml",
     "/spring/SpringTest-context_basic_mapConfig.xml",
@@ -222,9 +219,9 @@ public class EidasProxyServiceControllerTest {
         .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
         .requestedAttributes(ImmutableAttributeMap.builder()
             .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-                Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+                EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
             .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-                Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+                EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
             .build());
     
     proxyService.setiLightRequest(authnReqBuilder.build());
@@ -250,7 +247,7 @@ public class EidasProxyServiceControllerTest {
         .spType("public")
         .requestedAttributes(ImmutableAttributeMap.builder()
             .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-                Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build());
+                EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build());
     
     proxyService.setiLightRequest(authnReqBuilder.build());
     
@@ -280,7 +277,7 @@ public class EidasProxyServiceControllerTest {
         .spType("public")
         .requestedAttributes(ImmutableAttributeMap.builder()
             .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-                Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
+                EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
     
     proxyService.setiLightRequest(authnReqBuilder.build());
     
@@ -345,7 +342,7 @@ public class EidasProxyServiceControllerTest {
         .spType("public")
         .requestedAttributes(ImmutableAttributeMap.builder()
             .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-                Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
+                EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
     
     
     proxyService.setiLightRequest(authnReqBuilder.build());
@@ -389,7 +386,7 @@ public class EidasProxyServiceControllerTest {
         .spType("public")
         .requestedAttributes(ImmutableAttributeMap.builder()
             .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-                Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build());
+                EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build());
     
     
     proxyService.setiLightRequest(authnReqBuilder.build());
@@ -433,7 +430,7 @@ public class EidasProxyServiceControllerTest {
         .spType("public")
         .requestedAttributes(ImmutableAttributeMap.builder()
             .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-                Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build());
+                EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build());
     
     
     proxyService.setiLightRequest(authnReqBuilder.build());
@@ -466,7 +463,7 @@ public class EidasProxyServiceControllerTest {
         .spType("public")
         .requestedAttributes(ImmutableAttributeMap.builder()
             .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-                Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
+                EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
     
     
     proxyService.setiLightRequest(authnReqBuilder.build());
@@ -502,7 +499,7 @@ public class EidasProxyServiceControllerTest {
         .spType("public")
         .requestedAttributes(ImmutableAttributeMap.builder()
             .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-                Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
+                EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
     
     proxyService.setiLightRequest(authnReqBuilder.build());
     
@@ -556,7 +553,7 @@ public class EidasProxyServiceControllerTest {
         .spType("public")
         .requestedAttributes(ImmutableAttributeMap.builder()
             .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-                Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
+                EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
     
     proxyService.setiLightRequest(authnReqBuilder.build());
     
@@ -613,7 +610,7 @@ public class EidasProxyServiceControllerTest {
         .spType("public")
         .requestedAttributes(ImmutableAttributeMap.builder()
             .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-                Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build());
+                EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build());
     
     proxyService.setiLightRequest(authnReqBuilder.build());
     
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java
index 21d2f3b7..97b5bc03 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/protocol/ProxyServiceAuthenticationActionTest.java
@@ -24,7 +24,6 @@ import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.opensaml.saml.saml2.core.NameIDType;
-import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -39,9 +38,8 @@ import com.google.common.collect.ImmutableSortedSet;
 import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummySpConfiguration;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServiceAuthenticationAction;
 import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePendingRequest;
 import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
@@ -64,7 +62,6 @@ import eu.eidas.specificcommunication.exception.SpecificCommunicationException;
 import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
 
 @RunWith(SpringJUnit4ClassRunner.class)
-@PrepareForTest(CreateIdentityLinkTask.class)
 @ContextConfiguration(locations = {
     "/spring/SpringTest-context_basic_test.xml",
     "/spring/SpringTest-context_basic_mapConfig.xml",
@@ -163,11 +160,11 @@ public class ProxyServiceAuthenticationActionTest {
     
     ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
     assertEquals("wrong attr. size", 4, respAttr.size());    
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER, 
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, 
         (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName());
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName());
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH, 
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH, 
         authData.getDateOfBirth());
         
   }
@@ -199,19 +196,19 @@ public class ProxyServiceAuthenticationActionTest {
     
     ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
     assertEquals("wrong attr. size", 8, respAttr.size());    
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, 
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, 
         (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName());
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName());
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth());
 
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER, 
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, 
         (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER));
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME, 
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, 
         (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME));
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME, 
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, 
         (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME));
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH, 
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH, 
         (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME));
            
   }
@@ -237,25 +234,25 @@ public class ProxyServiceAuthenticationActionTest {
     
     ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
     assertEquals("wrong attr. size", 6, respAttr.size());  
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, 
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, 
         (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName());
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName());
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth());
    
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER, 
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER, 
         (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER));
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_LEGALNAME, 
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_LEGALNAME, 
         (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME));
     
     assertNull("find nat. person subject: personalId", 
-        getAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
+        getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER));
     assertNull("find nat. person subject: familyName", 
-        getAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME));
+        getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME));
     assertNull("find nat. person subject: givenName", 
-        getAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME));
+        getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME));
     assertNull("find nat. person subject: dateOfBirth", 
-        getAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH));
+        getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH));
     
   }
   
@@ -267,7 +264,7 @@ public class ProxyServiceAuthenticationActionTest {
     //request natural person subject only
     LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
     eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder().put(
-        attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
+        attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
     pendingReq.setEidasRequest(eidasRequestBuilder.build());
     
     
@@ -307,8 +304,8 @@ public class ProxyServiceAuthenticationActionTest {
     //request natural person subject only
     LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
     eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
-        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
-        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
         .build());
     pendingReq.setEidasRequest(eidasRequestBuilder.build());
         
@@ -331,11 +328,11 @@ public class ProxyServiceAuthenticationActionTest {
     
     ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
     assertEquals("wrong attr. size", 10, respAttr.size());  
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER, 
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, 
         (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName());
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName());
-    checkAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH, authData.getDateOfBirth());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH, authData.getDateOfBirth());
    
   }
   
@@ -347,7 +344,8 @@ public class ProxyServiceAuthenticationActionTest {
     //request natural person subject only
     LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
     eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
-        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(Constants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+            EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
         .build());
     pendingReq.setEidasRequest(eidasRequestBuilder.build());
         
@@ -371,13 +369,13 @@ public class ProxyServiceAuthenticationActionTest {
     ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
     assertEquals("wrong attr. size", 6, respAttr.size());     
     assertNull("find nat. person subject: personalId", 
-        getAttrValue(respAttr, Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
+        getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER));
     assertNull("find nat. person subject: familyName", 
-        getAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTFAMILYNAME));
+        getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME));
     assertNull("find nat. person subject: givenName", 
-        getAttrValue(respAttr, Constants.eIDAS_ATTR_CURRENTGIVENNAME));
+        getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME));
     assertNull("find nat. person subject: dateOfBirth", 
-        getAttrValue(respAttr, Constants.eIDAS_ATTR_DATEOFBIRTH));
+        getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH));
     
   }
   
diff --git a/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_test.xml b/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_test.xml
index 9870d22a..08b25f0f 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_test.xml
+++ b/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_test.xml
@@ -14,7 +14,7 @@
   <import resource="classpath:/spring/eidas_proxy-service.beans.xml"/>
 
   <bean id="springManagedSpecificProxyserviceCommunicationService"
-        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService" />
+        class="at.asitplus.eidas.specific.modules.core.eidas.test.dummy.DummySpecificCommunicationService" />
 
  <bean id="mvcGUIBuilderImpl"
     class="at.gv.egiz.eaaf.core.impl.gui.builder.SpringMvcGuiFormBuilderImpl" />
@@ -32,7 +32,7 @@
   </bean>
 
   <bean id="attributeRegistry"
-    class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry">
+    class="at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry">
     <property name="eidasAttributesFile"
       ref="specificConnectorAttributesFileWithPath" />
     <property name="additionalAttributesFile"
diff --git a/modules/pom.xml b/modules/pom.xml
index 6ff8440e..58d71cab 100644
--- a/modules/pom.xml
+++ b/modules/pom.xml
@@ -18,6 +18,7 @@
     <module>authmodule-eIDAS-v2</module>
     <module>authmodule_id-austria</module>
     <module>eidas_proxy-sevice</module>
+    <module>core_commons_eidas</module>
 	</modules>
 		
 </project>
diff --git a/ms_specific_proxyservice/checks/spotbugs-exclude.xml b/ms_specific_proxyservice/checks/spotbugs-exclude.xml
index c44b435f..f9df26fb 100644
--- a/ms_specific_proxyservice/checks/spotbugs-exclude.xml
+++ b/ms_specific_proxyservice/checks/spotbugs-exclude.xml
@@ -1,4 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <FindBugsFilter>
-  
+  <Match>
+    <!-- Path to application configuration is trusted -->
+    <Class name="at.asitplus.eidas.specific.proxy.MsSpecificSpringBootApplicationContextInitializer" />
+    <Bug pattern="PATH_TRAVERSAL_IN" />
+  </Match>  
 </FindBugsFilter>
diff --git a/ms_specific_proxyservice/pom.xml b/ms_specific_proxyservice/pom.xml
index 64704c93..16f25bf2 100644
--- a/ms_specific_proxyservice/pom.xml
+++ b/ms_specific_proxyservice/pom.xml
@@ -3,9 +3,11 @@
   <parent>
     <groupId>at.asitplus.eidas</groupId>
     <artifactId>ms_specific</artifactId>
-    <version>1.2.4-SNAPSHOT</version>
-  </parent>
+    <version>1.3.1-SNAPSHOT</version>
+  </parent>  
+  <groupId>at.asitplus.eidas.ms_specific</groupId>
   <artifactId>ms_specific_proxyservice</artifactId>
+  <packaging>war</packaging>
   <name>MS-specific Proxy-Service</name>
   <description>Austria specific eIDAS ms-specific Proxy-Service implementation</description>
   
diff --git a/ms_specific_proxyservice/src/main/webapp/WEB-INF/web.xml b/ms_specific_proxyservice/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 00000000..dfac815e
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_0.xsd"
+	version="3.0">
+	
+	<display-name>AT eIDAS Proxy-Service</display-name>
+	<description>MS specific eIDAS Proxy-Service to national eID infrastructure</description>
+	
+	<welcome-file-list>
+   		<welcome-file>index.html</welcome-file>
+	</welcome-file-list>
+	
+	<session-config>
+		<session-timeout>5</session-timeout>
+	</session-config>
+	
+	<error-page>
+		<error-code>500</error-code>
+		<location>/errorpage.jsp</location>
+	</error-page>
+	
+</web-app>
diff --git a/ms_specific_proxyservice/src/main/webapp/autocommit.js b/ms_specific_proxyservice/src/main/webapp/autocommit.js
new file mode 100644
index 00000000..d21a5651
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/webapp/autocommit.js
@@ -0,0 +1,5 @@
+function autoCommmit() {
+  document.forms[0].submit();
+}
+
+document.addEventListener('DOMContentLoaded', autoCommmit);
\ No newline at end of file
diff --git a/ms_specific_proxyservice/src/main/webapp/css/css_error.css b/ms_specific_proxyservice/src/main/webapp/css/css_error.css
new file mode 100644
index 00000000..d772df43
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/webapp/css/css_error.css
@@ -0,0 +1,26 @@
+@charset "utf-8";
+    body {
+        padding-left: 5%;
+                background-color: #F9F9F9;
+    }
+    #page {
+        padding-top: 2%;
+        padding-right: 10%;
+        padding-left: 5%;
+    }
+
+    .OA_header {
+        font-size: 2.1em;
+        padding-top:1%;
+        margin-bottom: 1%;
+        margin-top: 1%;
+        
+    }
+
+    #alert_area {
+        float:left;
+        width: 100%;
+      }
+
+
+
diff --git a/ms_specific_proxyservice/src/main/webapp/img/ajax-loader.gif b/ms_specific_proxyservice/src/main/webapp/img/ajax-loader.gif
new file mode 100644
index 00000000..f2a1bc0c
Binary files /dev/null and b/ms_specific_proxyservice/src/main/webapp/img/ajax-loader.gif differ
diff --git a/ms_specific_proxyservice/src/main/webapp/img/globus_eu.png b/ms_specific_proxyservice/src/main/webapp/img/globus_eu.png
new file mode 100644
index 00000000..7ac30cec
Binary files /dev/null and b/ms_specific_proxyservice/src/main/webapp/img/globus_eu.png differ
diff --git a/ms_specific_proxyservice/src/main/webapp/index.html b/ms_specific_proxyservice/src/main/webapp/index.html
new file mode 100644
index 00000000..55370ebe
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/webapp/index.html
@@ -0,0 +1,24 @@
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+<head>
+  <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+  <link rel="stylesheet" href="css/css_error.css" />
+  
+  <title>Austrian specific eIDAS-Connector</title>
+</head>
+
+<body>
+  <div id="page">
+		<div id="page1" class="case selected-case" role="main">
+			<h2 class="OA_header" role="heading">Austrian specific eIDAS-Connector</h2>
+                              
+	        <div class="hell" role="application" >
+            <p>Your are on the Austrian specific eIDAS-Connector.
+            <br><br> 
+            This service acts as a national gateway to eIDAS proxy-services and can by only used in combination with Austrian online applications. </p>
+
+	        </div>	
+                    
+		</div>
+	</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 9f3524d8..28e5ef1a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -136,9 +136,9 @@
 
   <modules>    
     <module>connector</module>
-    <module>modules</module>
-    <module>build_reporting</module>
     <module>ms_specific_proxyservice</module>
+    <module>modules</module>
+    <module>build_reporting</module>    
   </modules>
 
   <dependencyManagement>
@@ -221,7 +221,12 @@
         <artifactId>core_common_webapp</artifactId>
         <version>${egiz.eidas.version}</version>
       </dependency>
-
+      <dependency>
+        <groupId>at.asitplus.eidas.ms_specific</groupId>
+        <artifactId>core_commons_eidas</artifactId>
+        <version>${egiz.eidas.version}</version>
+      </dependency>      
+            
       <!-- eIDAS reference implemenation libs -->
       <dependency>
         <groupId>eu.eidas</groupId>
@@ -566,7 +571,14 @@
         <version>${egiz.eidas.version}</version>
         <scope>test</scope>
         <type>test-jar</type>
-      </dependency>            
+      </dependency>
+      <dependency>
+        <groupId>at.asitplus.eidas.ms_specific</groupId>
+        <artifactId>core_commons_eidas</artifactId>
+        <version>${egiz.eidas.version}</version>
+        <scope>test</scope>
+        <type>test-jar</type>        
+      </dependency>  
       <dependency>
         <groupId>at.asitplus.eidas.ms_specific.modules</groupId>
         <artifactId>authmodule-eIDAS-v2</artifactId>
-- 
cgit v1.2.3


From 7f0a925a72dc9841280e66fcba1515af62b9efdf Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Fri, 3 Jun 2022 15:24:01 +0200
Subject: test(core): add smoke test with full eIDAS OutGoing login and
 error-handling

---
 .../src/main/resources/application.properties      |   3 -
 .../eidas_v2_auth_ref_impl_config.beans.xml        |  39 --
 .../eidas_v2_auth_ref_impl_config.beans.xml        |  39 ++
 .../MsProxyServiceSpringResourceProvider.java      |   5 +-
 .../resources/spring/eidas_proxy-service.beans.xml |   7 +
 .../spring/SpringTest-context_basic_test.xml       |   8 -
 .../proxy/pvp/PvpEndPointConfiguration.java        | 154 +++++++
 .../src/main/resources/application.properties      |   1 +
 .../main/resources/specific_eIDAS_proxy.beans.xml  |   4 +-
 .../proxy/test/FullStartUpAndProcessTest.java      | 480 +++++++++++++++++++++
 .../config/eIDAS/additional-attributes.xml         |  39 ++
 .../resources/config/eIDAS/eidas-attributes.xml    | 376 ++++++++++++++++
 .../config/eIDAS/igniteSpecificCommunication.xml   | 109 +++++
 .../specificCommunicationDefinitionConnector.xml   |  37 ++
 ...specificCommunicationDefinitionProxyservice.xml |  37 ++
 .../config/junit_config_1_springboot.properties    | 116 +++++
 .../src/test/resources/config/keys/Metadata.pem    |  18 +
 .../src/test/resources/config/keys/junit.jks       | Bin 0 -> 3980 bytes
 .../src/test/resources/config/keys/junit_test.jks  | Bin 0 -> 8410 bytes
 .../src/test/resources/config/keys/teststore.jks   | Bin 0 -> 2028 bytes
 .../src/test/resources/config/logback_config.xml   | 102 +++++
 .../config/properties/messages.properties          |   0
 .../config/properties/messages_de.properties       |   0
 .../config/properties/messages_en.properties       |   0
 .../config/templates/eidas_node_forward.html       |  36 ++
 .../src/test/resources/config/templates/error.html |  53 +++
 .../resources/config/templates/error_message.html  |  37 ++
 .../config/templates/pvp2_post_binding.html        |  36 ++
 .../test/resources/config/webcontent/autocommit.js |   5 +
 .../resources/config/webcontent/css/css_error.css  |  26 ++
 .../config/webcontent/img/ajax-loader.gif          | Bin 0 -> 673 bytes
 .../src/test/resources/data/Response_with_EID.xml  |  49 +++
 .../data/idp_metadata_classpath_entity.xml         | 146 +++++++
 33 files changed, 1910 insertions(+), 52 deletions(-)
 delete mode 100644 modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml
 create mode 100644 modules/core_commons_eidas/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml
 create mode 100644 ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/pvp/PvpEndPointConfiguration.java
 create mode 100644 ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/eIDAS/additional-attributes.xml
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/eIDAS/eidas-attributes.xml
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/eIDAS/igniteSpecificCommunication.xml
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionConnector.xml
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionProxyservice.xml
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/keys/Metadata.pem
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/keys/junit.jks
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/keys/junit_test.jks
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/keys/teststore.jks
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/logback_config.xml
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/properties/messages.properties
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/properties/messages_de.properties
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/properties/messages_en.properties
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/templates/eidas_node_forward.html
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/templates/error.html
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/templates/error_message.html
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/templates/pvp2_post_binding.html
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/webcontent/autocommit.js
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/webcontent/css/css_error.css
 create mode 100644 ms_specific_proxyservice/src/test/resources/config/webcontent/img/ajax-loader.gif
 create mode 100644 ms_specific_proxyservice/src/test/resources/data/Response_with_EID.xml
 create mode 100644 ms_specific_proxyservice/src/test/resources/data/idp_metadata_classpath_entity.xml

(limited to 'ms_specific_proxyservice/src/main')

diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties
index e062c32b..700f4d74 100644
--- a/connector/src/main/resources/application.properties
+++ b/connector/src/main/resources/application.properties
@@ -159,9 +159,6 @@ eidas.ms.auth.eIDAS.zmrclient.debug.logfullmessages=false
 #eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.password=password
 #eidas.ms.auth.eIDAS.ernpclient.ssl.key.alias=meta
 #eidas.ms.auth.eIDAS.ernpclient.ssl.key.password=password
-eidas.ms.client.http.connection.timeout.request=15
-eidas.ms.client.http.connection.timeout.socket=30
-
 
 # SAML2 ID Austria client for matching
 #eidas.ms.modules.idaustriaclient.keystore.type=jks
diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml b/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml
deleted file mode 100644
index cde9687e..00000000
--- a/modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xmlns:context="http://www.springframework.org/schema/context"
-  xmlns:tx="http://www.springframework.org/schema/tx"
-  xmlns:aop="http://www.springframework.org/schema/aop"
-  xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
-    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
-    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
-
-  <context:annotation-config />
-
-  <import
-    resource="classpath:specificCommunicationDefinitionApplicationContext.xml" />
-
-  <bean id="specificConnectorAttributesFile"
-    class="java.lang.String">
-    <constructor-arg value="eidas-attributes.xml" />
-  </bean>
-
-  <bean id="specificAdditionalAttributesFile"
-    class="java.lang.String">
-    <constructor-arg value="additional-attributes.xml" />
-  </bean>
-
-  <bean id="specificConnectorAttributesFileWithPath"
-    class="java.lang.String">
-    <constructor-arg
-      value="#{specificConnectorConfigRepository}#{specificConnectorAttributesFile}" />
-  </bean>
-
-  <bean id="specificConnectorAdditionalAttributesFileWithPath"
-    class="java.lang.String">
-    <constructor-arg
-      value="#{specificConnectorConfigRepository}#{specificAdditionalAttributesFile}" />
-  </bean>
-
-</beans>
\ No newline at end of file
diff --git a/modules/core_commons_eidas/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml b/modules/core_commons_eidas/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml
new file mode 100644
index 00000000..cde9687e
--- /dev/null
+++ b/modules/core_commons_eidas/src/main/resources/eidas_v2_auth_ref_impl_config.beans.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:context="http://www.springframework.org/schema/context"
+  xmlns:tx="http://www.springframework.org/schema/tx"
+  xmlns:aop="http://www.springframework.org/schema/aop"
+  xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+  <context:annotation-config />
+
+  <import
+    resource="classpath:specificCommunicationDefinitionApplicationContext.xml" />
+
+  <bean id="specificConnectorAttributesFile"
+    class="java.lang.String">
+    <constructor-arg value="eidas-attributes.xml" />
+  </bean>
+
+  <bean id="specificAdditionalAttributesFile"
+    class="java.lang.String">
+    <constructor-arg value="additional-attributes.xml" />
+  </bean>
+
+  <bean id="specificConnectorAttributesFileWithPath"
+    class="java.lang.String">
+    <constructor-arg
+      value="#{specificConnectorConfigRepository}#{specificConnectorAttributesFile}" />
+  </bean>
+
+  <bean id="specificConnectorAdditionalAttributesFileWithPath"
+    class="java.lang.String">
+    <constructor-arg
+      value="#{specificConnectorConfigRepository}#{specificAdditionalAttributesFile}" />
+  </bean>
+
+</beans>
\ No newline at end of file
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceSpringResourceProvider.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceSpringResourceProvider.java
index d36e4712..571ad8ab 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceSpringResourceProvider.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/MsProxyServiceSpringResourceProvider.java
@@ -45,8 +45,11 @@ public class MsProxyServiceSpringResourceProvider implements SpringResourceProvi
   public Resource[] getResourcesToLoad() {
     final ClassPathResource eidasProxyServiceConfig = 
         new ClassPathResource("/spring/eidas_proxy-service.beans.xml", MsProxyServiceSpringResourceProvider.class);
+    final ClassPathResource eidasRefImplConfig = new ClassPathResource("/eidas_v2_auth_ref_impl_config.beans.xml",
+        MsProxyServiceSpringResourceProvider.class);
+
         
-    return new Resource[] { eidasProxyServiceConfig };
+    return new Resource[] { eidasProxyServiceConfig, eidasRefImplConfig };
   }
 
 }
diff --git a/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml b/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml
index 2055b5a9..1eb33e93 100644
--- a/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml
+++ b/modules/eidas_proxy-sevice/src/main/resources/spring/eidas_proxy-service.beans.xml
@@ -24,5 +24,12 @@
   <bean id="eidasProxyMessageSource"
         class="at.asitplus.eidas.specific.modules.msproxyservice.EidasProxyMessageSource"/>
   
+  <bean id="attributeRegistry"
+        class="at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry">
+    <property name="eidasAttributesFile"
+              ref="specificConnectorAttributesFileWithPath" />
+    <property name="additionalAttributesFile"
+              ref="specificConnectorAdditionalAttributesFileWithPath" />
+  </bean>
   
 </beans>
\ No newline at end of file
diff --git a/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_test.xml b/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_test.xml
index 08b25f0f..0b7540f5 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_test.xml
+++ b/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_test.xml
@@ -31,12 +31,4 @@
       value="src/test/resources/config/additional-attributes.xml" />
   </bean>
 
-  <bean id="attributeRegistry"
-    class="at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry">
-    <property name="eidasAttributesFile"
-      ref="specificConnectorAttributesFileWithPath" />
-    <property name="additionalAttributesFile"
-      ref="specificConnectorAdditionalAttributesFileWithPath" />
-  </bean>
-
 </beans>
\ No newline at end of file
diff --git a/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/pvp/PvpEndPointConfiguration.java b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/pvp/PvpEndPointConfiguration.java
new file mode 100644
index 00000000..20caf7e5
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/pvp/PvpEndPointConfiguration.java
@@ -0,0 +1,154 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.proxy.pvp;
+
+import java.util.Arrays;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.saml.saml2.metadata.ContactPerson;
+import org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration;
+import org.opensaml.saml.saml2.metadata.EmailAddress;
+import org.opensaml.saml.saml2.metadata.GivenName;
+import org.opensaml.saml.saml2.metadata.Organization;
+import org.opensaml.saml.saml2.metadata.OrganizationDisplayName;
+import org.opensaml.saml.saml2.metadata.OrganizationName;
+import org.opensaml.saml.saml2.metadata.OrganizationURL;
+import org.opensaml.saml.saml2.metadata.SurName;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class PvpEndPointConfiguration implements IPvp2BasicConfiguration {
+  private static final String DEFAULT_XML_LANG = "en";
+  
+  @Autowired(required = true)
+  IConfiguration basicConfiguration;
+
+  @Override
+  public String getIdpEntityId(String authUrl) throws EaafException {
+    return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_METADATA;
+
+  }
+
+  @Override
+  public String getIdpSsoPostService(String authUrl) throws EaafException {
+    return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_POST;
+
+  }
+
+  @Override
+  public String getIdpSsoRedirectService(String authUrl) throws EaafException {
+    return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_REDIRECT;
+
+  }
+
+  @Override
+  public String getIdpSsoSoapService(String extractAuthUrlFromRequest) throws EaafException {
+    log.warn("PVP S-Profile End-Point does NOT support SOAP Binding");
+    return null;
+
+  }
+
+  @Override
+  public List<ContactPerson> getIdpContacts() throws EaafException {
+    final ContactPerson contactPerson = Saml2Utils.createSamlObject(ContactPerson.class);
+    final GivenName givenName = Saml2Utils.createSamlObject(GivenName.class);
+    final SurName surname = Saml2Utils.createSamlObject(SurName.class);
+    final EmailAddress emailAddress = Saml2Utils.createSamlObject(EmailAddress.class);
+
+    givenName.setValue(getAndVerifyFromConfiguration(
+        MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_GIVENNAME));
+    surname.setValue(getAndVerifyFromConfiguration(
+        MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_SURNAME));
+    emailAddress.setURI(getAndVerifyFromConfiguration(
+        MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_EMAIL));
+
+    contactPerson.setType(ContactPersonTypeEnumeration.TECHNICAL);
+    contactPerson.setGivenName(givenName);
+    contactPerson.setSurName(surname);
+    contactPerson.getEmailAddresses().add(emailAddress);
+
+    return Arrays.asList(contactPerson);
+
+  }
+
+  @Override
+  public Organization getIdpOrganisation() throws EaafException {
+    final Organization organisation = Saml2Utils.createSamlObject(Organization.class);
+    final OrganizationName orgName = Saml2Utils.createSamlObject(OrganizationName.class);
+    final OrganizationDisplayName orgDisplayName = Saml2Utils.createSamlObject(OrganizationDisplayName.class);
+    final OrganizationURL orgUrl = Saml2Utils.createSamlObject(OrganizationURL.class);
+
+    orgName.setXMLLang(DEFAULT_XML_LANG);
+    orgName.setValue(getAndVerifyFromConfiguration(
+        MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_NAME));
+
+    orgDisplayName.setXMLLang(DEFAULT_XML_LANG);
+    orgDisplayName.setValue(getAndVerifyFromConfiguration(
+        MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME));
+
+    orgUrl.setXMLLang(DEFAULT_XML_LANG);
+    orgUrl.setURI(getAndVerifyFromConfiguration(
+        MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_URL));
+
+
+    organisation.getOrganizationNames().add(orgName);
+    organisation.getDisplayNames().add(orgDisplayName);
+    organisation.getURLs().add(orgUrl);
+
+    return organisation;
+  }
+
+  @Override
+  public IConfiguration getBasicConfiguration() {
+    return basicConfiguration;
+  }
+  
+  private String removePostFix(String url) {
+    if (url != null && url.endsWith("/")) {
+      return url.substring(0, url.length() - 1);
+    } else {
+      return url;
+    }
+  }
+  
+  private String getAndVerifyFromConfiguration(String configKey) throws EaafConfigurationException {
+    final String value = basicConfiguration.getBasicConfiguration(configKey);
+    if (StringUtils.isEmpty(value)) {
+      throw new EaafConfigurationException("config.08",
+          new Object[] {configKey});
+
+    }
+
+    return value;
+  }
+}
diff --git a/ms_specific_proxyservice/src/main/resources/application.properties b/ms_specific_proxyservice/src/main/resources/application.properties
index 9f1b68e2..7d8c199f 100644
--- a/ms_specific_proxyservice/src/main/resources/application.properties
+++ b/ms_specific_proxyservice/src/main/resources/application.properties
@@ -73,6 +73,7 @@ eidas.ms.configuration.pvp.enable.entitycategories=false
 #### eIDAS ms-specific Proxy-Service configuration
 eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy
 #eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=
+eidas.ms.auth.eIDAS.node_v2.forward.method=POST
 
 # Mandate configuration
 eidas.ms.auth.eIDAS.proxy.mandates.enabled=false
diff --git a/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml b/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml
index c5312751..5633cb0e 100644
--- a/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml
+++ b/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml
@@ -12,6 +12,8 @@
     http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
 
   <import resource="specific_eIDAS_core.beans.xml"/>
-
+ 
+  <bean id="pvpEndpointConfig"
+        class="at.asitplus.eidas.specific.proxy.pvp.PvpEndPointConfiguration" />
  
 </beans>
\ No newline at end of file
diff --git a/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java
new file mode 100644
index 00000000..bc6f5317
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/FullStartUpAndProcessTest.java
@@ -0,0 +1,480 @@
+package at.asitplus.eidas.specific.proxy.test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.lang.reflect.Field;
+import java.text.SimpleDateFormat;
+import java.time.Instant;
+import java.util.Base64;
+import java.util.Map;
+import java.util.TimeZone;
+import java.util.Timer;
+import java.util.UUID;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.ignite.Ignition;
+import org.joda.time.DateTime;
+import org.joda.time.DateTimeZone;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.config.InitializationException;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.metadata.resolver.impl.ResourceBackedMetadataResolver;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.RequestAbstractType;
+import org.opensaml.saml.saml2.core.Response;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.web.servlet.setup.DefaultMockMvcBuilder;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.util.Base64Utils;
+import org.springframework.web.context.WebApplicationContext;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import com.google.common.collect.ImmutableSet;
+
+import at.asitplus.eidas.specific.modules.auth.idaustria.controller.IdAustriaAuthSignalController;
+import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider;
+import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMetadataProvider;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
+import at.asitplus.eidas.specific.modules.msproxyservice.protocol.EidasProxyServiceController;
+import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer;
+import at.gv.egiz.eaaf.core.api.IStatusMessenger;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController;
+import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication;
+import eu.eidas.auth.commons.EidasParameterKeys;
+import eu.eidas.auth.commons.attribute.AttributeValue;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.light.ILightResponse;
+import eu.eidas.auth.commons.light.impl.LightRequest;
+import eu.eidas.auth.commons.tx.BinaryLightToken;
+import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames;
+import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
+import lombok.SneakyThrows;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.xml.XMLParserException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@SpringBootTest
+@ContextConfiguration(initializers = {
+    org.springframework.boot.context.config.DelegatingApplicationContextInitializer.class,
+    SpringBootApplicationContextInitializer.class
+    })
+@TestPropertySource(locations = { "file:src/test/resources/config/junit_config_1_springboot.properties" })
+@DirtiesContext(classMode = ClassMode.AFTER_CLASS)
+@ActiveProfiles(profiles = {"JUNIT", "jUnitTestMode"})
+public class FullStartUpAndProcessTest {
+
+  private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml";
+  private static final String FINAL_REDIRECT = "https://localhost/ms_proxy/public/secure/finalizeAuthProtocol?pendingid=";
+  private static final String ERROR_REDIRECT = "https://localhost/ms_proxy/public/secure/errorHandling?errorid=";
+  
+  
+  @Autowired private WebApplicationContext wac;
+
+  @Autowired private ResourceLoader resourceLoader;
+  @Autowired private EidasAttributeRegistry attrRegistry;
+  
+  @Autowired private IdAustriaAuthSignalController idAustriaEndpoint;
+  @Autowired private IdAustriaAuthMetadataProvider idAustriaMetadata;
+  @Autowired private IdAustriaAuthCredentialProvider credentialProvider;
+  
+  @Autowired private EidasProxyServiceController eidasProxyEndpoint;
+  @Autowired private ProtocolFinalizationController finalize;
+
+  @Autowired private IStatusMessenger messager;
+
+  /**
+   * jUnit class initializer.
+   * @throws InterruptedException In case of an error
+   * @throws ComponentInitializationException  In case of an error
+   * @throws InitializationException In case of an error
+   *
+   */
+  @BeforeClass
+  @SneakyThrows
+  public static void classInitializer() {
+    final String current = new java.io.File(".").toURI().toString();
+    System.clearProperty("eidas.ms.configuration");
+
+    //eIDAS Ref. Impl. properties
+    System.setProperty("EIDAS_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    System.setProperty("SPECIFIC_CONNECTOR_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    System.setProperty("SPECIFIC_PROXY_SERVICE_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+
+    EaafOpenSaml3xInitializer.eaafInitialize();
+    
+  }
+
+  /**
+   * Test shut-down.
+   *
+   * @throws Exception In case of an error
+   */
+  @AfterClass
+  @SneakyThrows
+  public static void closeIgniteNode() {
+    System.out.println("Closiong Ignite Node ... ");
+    Ignition.stopAll(true);
+
+    //set Ignite-node holder to 'null' because static holders are shared between different tests
+    final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance");
+    field.setAccessible(true);
+    field.set(null, null);
+    
+  }
+
+  /**
+   * jUnit test set-up.
+   *
+   *
+   */
+  @Before
+  public void setup() throws IOException {
+    DefaultMockMvcBuilder builder = MockMvcBuilders.webAppContextSetup(this.wac);
+    @SuppressWarnings("rawtypes")
+    Map<String, FilterRegistrationBean> filters = wac.getBeansOfType(FilterRegistrationBean.class);
+    for (FilterRegistrationBean<?> filter : filters.values()) {
+      if (filter.isEnabled()) {
+        builder.addFilter(filter.getFilter(), "/*");
+
+      }
+    }
+
+    LogMessageProviderFactory.setStatusMessager(messager);
+
+  }
+
+  @Test
+  @SneakyThrows
+  public void simpleError() {
+    MockHttpServletRequest proxyHttpReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy");
+    String spCountryCode = injectEidas2AuthnReq(proxyHttpReq);
+    MockHttpServletResponse proxyHttpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(proxyHttpReq, proxyHttpResp));
+    
+    injectIdAustriaSaml2Metadata();
+        
+    
+    // send eIDAS Proxy-Service process hand-over
+    eidasProxyEndpoint.receiveEidasAuthnRequest(proxyHttpReq, proxyHttpResp);
+        
+    
+    // extract SAML2 AuthnRequest to IDA system
+    assertEquals("forward to finalization", 200, proxyHttpResp.getStatus());
+    assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", proxyHttpResp.getContentType());
+    String saml2ReqPage = proxyHttpResp.getContentAsString();
+    assertNotNull("selectionPage is null", saml2ReqPage);
+    assertFalse("selectionPage is empty", saml2ReqPage.isEmpty());
+
+    String saml2ReqB64 = extractRequestToken(saml2ReqPage, "<input type=\"hidden\" name=\"SAMLRequest\" value=\"");
+    String saml2RelayState = extractRequestToken(saml2ReqPage, "<input type=\"hidden\" name=\"RelayState\" value=\"");
+    assertNotNull("SAML2 request", saml2ReqB64);
+    assertNotNull("SAML2 relayState", saml2RelayState);
+    
+  
+    
+    // send WRONG response from IDA system to eIDAS Proxy-Service    
+    final MockHttpServletRequest idaHttpReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy");
+    idaHttpReq.setScheme("https");
+    idaHttpReq.setServerPort(443);
+    idaHttpReq.setContextPath("/ms_proxy");
+    idaHttpReq.addParameter(IdAustriaAuthSignalController.HTTP_PARAM_RELAYSTATE, RandomStringUtils.randomAlphanumeric(15));
+    idaHttpReq.addParameter("SAMLResponse", RandomStringUtils.randomAlphabetic(25));
+    final MockHttpServletResponse idaHttpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(idaHttpReq, idaHttpResp));
+    
+    idAustriaEndpoint.performEidasAuthentication(idaHttpReq, idaHttpResp);
+    
+    
+    // validate forwarding to protocol finalization
+    assertEquals("forward to finalization", 302, idaHttpResp.getStatus());
+    assertNotNull("missing redirect header", idaHttpResp.getHeader("Location"));
+    assertTrue("wrong redirect header", idaHttpResp.getHeader("Location").startsWith(ERROR_REDIRECT));
+    String finalPendingReqId = idaHttpResp.getHeader("Location").substring(ERROR_REDIRECT.length());
+    assertFalse("final errorId", finalPendingReqId.isEmpty());
+    
+    // set-up error-handling request
+    MockHttpServletRequest finalizationReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy");
+    finalizationReq.setParameter("errorid", finalPendingReqId);
+    MockHttpServletResponse respErrorPage = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(finalizationReq, respErrorPage));
+    
+    // execute error-handling step
+    finalize.errorHandling(finalizationReq, respErrorPage);
+
+    
+    // extract access-token for eIDAS node communication 
+    assertEquals("errorPage", 200, respErrorPage.getStatus());
+    assertEquals("errorPage", "text/html;charset=UTF-8", respErrorPage.getContentType());
+    String errorPage = respErrorPage.getContentAsString();
+    assertNotNull("errorPage is null", errorPage);
+    assertFalse("errorPage is empty", errorPage.isEmpty());   
+    assertTrue("Missing errorCode", errorPage.contains("auth.26"));
+    
+  }
+  
+  @Test
+  @SneakyThrows
+  public void simpleSuccess() {
+    MockHttpServletRequest proxyHttpReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy");
+    String spCountryCode = injectEidas2AuthnReq(proxyHttpReq);
+    MockHttpServletResponse proxyHttpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(proxyHttpReq, proxyHttpResp));
+    
+    injectIdAustriaSaml2Metadata();
+        
+    
+    // send eIDAS Proxy-Service process hand-over
+    eidasProxyEndpoint.receiveEidasAuthnRequest(proxyHttpReq, proxyHttpResp);
+        
+    
+    // extract SAML2 AuthnRequest to IDA system
+    assertEquals("forward to finalization", 200, proxyHttpResp.getStatus());
+    assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", proxyHttpResp.getContentType());
+    String saml2ReqPage = proxyHttpResp.getContentAsString();
+    assertNotNull("selectionPage is null", saml2ReqPage);
+    assertFalse("selectionPage is empty", saml2ReqPage.isEmpty());
+
+    String saml2ReqB64 = extractRequestToken(saml2ReqPage, "<input type=\"hidden\" name=\"SAMLRequest\" value=\"");
+    String saml2RelayState = extractRequestToken(saml2ReqPage, "<input type=\"hidden\" name=\"RelayState\" value=\"");
+    assertNotNull("SAML2 request", saml2ReqB64);
+    assertNotNull("SAML2 relayState", saml2RelayState);
+    
+    // validate SAML2 request to IDA system
+    String saml2ReqId = validateSaml2Request(saml2ReqB64, spCountryCode);
+    
+    // build SAML2 response from IDA system
+    String saml2RespB64 = buildSaml2Response(saml2ReqId);
+    
+    
+    // send response from IDA system to eIDAS Proxy-Service    
+    final MockHttpServletRequest idaHttpReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy");
+    idaHttpReq.setScheme("https");
+    idaHttpReq.setServerPort(443);
+    idaHttpReq.setContextPath("/ms_proxy");
+    idaHttpReq.addParameter(IdAustriaAuthSignalController.HTTP_PARAM_RELAYSTATE, saml2RelayState);
+    idaHttpReq.addParameter("SAMLResponse", saml2RespB64);
+    final MockHttpServletResponse idaHttpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(idaHttpReq, idaHttpResp));
+    
+    idAustriaEndpoint.performEidasAuthentication(idaHttpReq, idaHttpResp);
+    
+    
+    // validate forwarding to protocol finalization
+    assertEquals("forward to finalization", 302, idaHttpResp.getStatus());
+    assertNotNull("missing redirect header", idaHttpResp.getHeader("Location"));
+    assertTrue("wrong redirect header", idaHttpResp.getHeader("Location").startsWith(FINAL_REDIRECT));
+    String finalPendingReqId = idaHttpResp.getHeader("Location").substring(FINAL_REDIRECT.length());
+    assertFalse("final pendingRequestId", finalPendingReqId.isEmpty());
+
+    // set-up finalization request
+    MockHttpServletRequest finalizationReq = new MockHttpServletRequest("POST", "https://localhost/ms_proxy");
+    finalizationReq.setParameter("pendingid", finalPendingReqId);
+    MockHttpServletResponse respToEidasProxy = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(finalizationReq, respToEidasProxy));
+    
+    // exexcute finalization step
+    finalize.finalizeAuthProtocol(finalizationReq, respToEidasProxy);
+
+    
+    // extract access-token for eIDAS node communication 
+    assertEquals("forward to finalization", 200, respToEidasProxy.getStatus());
+    assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", respToEidasProxy.getContentType());
+    String forwardPage = respToEidasProxy.getContentAsString();
+    assertNotNull("forward to eIDAS Node is null", forwardPage);
+    assertFalse("forward to eIDAS Node is empty", forwardPage.isEmpty());
+
+    String eidasNodeRespToken = extractRequestToken(forwardPage, "<input type=\"hidden\" name=\"token\" value=\"");
+    assertFalse("eidas req. token", eidasNodeRespToken.isEmpty());
+    
+    // validate eIDAS light-response to eIDAS node
+    validateEidasLightResponse(eidasNodeRespToken);        
+    
+    
+  }
+
+
+  @SneakyThrows
+  private void validateEidasLightResponse(String eidasNodeRespToken) {    
+    final SpecificCommunicationService springManagedSpecificConnectorCommunicationService =
+        (SpecificCommunicationService) wac.getBean(
+            SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE.toString());
+    
+    ILightResponse lightResp = springManagedSpecificConnectorCommunicationService.getAndRemoveResponse(eidasNodeRespToken, 
+        attrRegistry.getCoreAttributeRegistry().getAttributes());
+
+    SimpleDateFormat dateTimeParser = new SimpleDateFormat("yyyy-MM-dd");
+    dateTimeParser.setTimeZone(TimeZone.getTimeZone("UTC"));
+       
+    assertNotNull("ligth-response", lightResp);    
+    assertEquals("eIDAS statusCode", "urn:oasis:names:tc:SAML:2.0:status:Success", lightResp.getStatus().getStatusCode());
+    assertEquals("eIDAS LoA", "http://eidas.europa.eu/LoA/high", lightResp.getLevelOfAssurance());
+    assertEquals("eIDAS attribute size", 4, lightResp.getAttributes().size());
+    checkEidasAttribute(lightResp.getAttributes(), 
+        "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", "QVGm48cqcM4UcyhDTNGYmVdrIoY=");    
+    checkEidasAttribute(lightResp.getAttributes(), 
+        "http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName", "Max");
+    checkEidasAttribute(lightResp.getAttributes(), 
+        "http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName", "Mustermann");
+    checkEidasAttribute(lightResp.getAttributes(), 
+        "http://eidas.europa.eu/attributes/naturalperson/DateOfBirth",
+        new DateTime(dateTimeParser.parse("1940-01-01").getTime(), DateTimeZone.UTC));
+
+
+                  
+  }
+
+  private void checkEidasAttribute(ImmutableAttributeMap attributes, String attrName, Object expected) {
+    ImmutableSet<? extends AttributeValue<Object>> attr = attributes.getAttributeValuesByNameUri(attrName);
+    assertNotNull("Attribute: " + attrName, attr);
+    assertFalse("Empty AttributeValue: " + attrName, attr.isEmpty());
+    assertNotNull("AttributeValue: " + attrName, attr.asList().get(0));
+    assertEquals("Wrong AttributeValue: " + attrName, expected, attr.asList().get(0).getValue());
+    
+  }
+
+  @SneakyThrows  
+  private String validateSaml2Request(String saml2ReqB64, String spCountryCode) {
+    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(), 
+        new ByteArrayInputStream(Base64Utils.decodeFromString(saml2ReqB64)));
+
+    // check requested attributes
+    assertEquals("wrong number of extension elements", 
+        1, authnReq.getExtensions().getOrderedChildren().size());
+    assertEquals("wrong number of requested attributes", 
+        4, authnReq.getExtensions().getOrderedChildren().get(0).getOrderedChildren().size());
+                
+    return authnReq.getID();
+  }
+
+  @SneakyThrows
+  private String buildSaml2Response(String saml2ReqId) {
+    final Response response = initializeResponse(
+        "classpath:/data/idp_metadata_classpath_entity.xml",
+        "/data/Response_with_EID.xml",
+        credentialProvider.getMessageSigningCredential(),
+        true, saml2ReqId);    
+    return Base64.getEncoder().encodeToString(
+        DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
+            "UTF-8"));
+    
+  }
+  
+  private Response initializeResponse(String idpEntityId, String responsePath, EaafX509Credential credential,
+      boolean validConditions, String saml2ReqId) throws SamlSigningException, XMLParserException, UnmarshallingException,
+      Pvp2MetadataException {
+
+    final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        FullStartUpAndProcessTest.class.getResourceAsStream(responsePath));
+    response.setIssueInstant(Instant.now());
+    final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
+    issuer.setValue(idpEntityId);
+    response.setIssuer(issuer);
+    response.setInResponseTo(saml2ReqId);
+    
+    if (validConditions) {
+      response.getAssertions().get(0).getConditions().setNotOnOrAfter(Instant.now().plusSeconds(5*60));
+
+    }
+
+    return Saml2Utils.signSamlObject(response, credential, true);
+  }
+  
+  @SneakyThrows
+  private void injectIdAustriaSaml2Metadata() {
+    final org.springframework.core.io.Resource resource = resourceLoader.getResource(METADATA_PATH);
+    Timer timer = new Timer("PVP metadata-resolver refresh");
+    ResourceBackedMetadataResolver fileSystemResolver =
+        new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource));
+    fileSystemResolver.setId("test");
+    fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
+    fileSystemResolver.initialize();
+    idAustriaMetadata.addMetadataResolverIntoChain(fileSystemResolver);
+    
+    
+  }
+
+  private String extractRequestToken(String selectionPage, String selector) {
+    int start = selectionPage.indexOf(selector);
+    assertTrue("find no starting element of selector", start > 0);
+    int end = selectionPage.indexOf("\"", start + selector.length());
+    assertTrue("find no end tag", end > 0);
+    return selectionPage.substring(start + selector.length(), end);
+
+  }
+  
+  @SneakyThrows
+  private String injectEidas2AuthnReq(MockHttpServletRequest proxyHttpReq) {    
+    String spCountryCode = "XX";
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(RandomStringUtils.randomAlphabetic(10))
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(spCountryCode)
+        .spType("public")
+        .requestedAttributes(ImmutableAttributeMap.builder()
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first())
+            .build());
+    
+    final SpecificCommunicationService springManagedSpecificConnectorCommunicationService =
+        (SpecificCommunicationService) wac.getBean(
+            SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE.toString());    
+    BinaryLightToken token = springManagedSpecificConnectorCommunicationService.putRequest(authnReqBuilder.build());        
+    proxyHttpReq.addParameter(EidasParameterKeys.TOKEN.toString(), Base64Utils.encodeToString(token.getTokenBytes()));
+    
+    return spCountryCode;
+    
+  }
+  
+}
diff --git a/ms_specific_proxyservice/src/test/resources/config/eIDAS/additional-attributes.xml b/ms_specific_proxyservice/src/test/resources/config/eIDAS/additional-attributes.xml
new file mode 100644
index 00000000..6510546e
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/resources/config/eIDAS/additional-attributes.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- 
+#   Copyright (c) 2017 European Commission  
+#   Licensed under the EUPL, Version 1.2 or – as soon they will be 
+#   approved by the European Commission - subsequent versions of the 
+#    EUPL (the "Licence"); 
+#    You may not use this work except in compliance with the Licence. 
+#    You may obtain a copy of the Licence at: 
+#    * https://joinup.ec.europa.eu/page/eupl-text-11-12  
+#    *
+#    Unless required by applicable law or agreed to in writing, software 
+#    distributed under the Licence is distributed on an "AS IS" basis, 
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+#    See the Licence for the specific language governing permissions and limitations under the Licence.
+ -->
+
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+<properties>
+    <comment>Dynamic attributes</comment>
+
+    <entry key="1.NameUri">http://eidas.europa.eu/attributes/naturalperson/AdditionalAttribute</entry>
+    <entry key="1.FriendlyName">AdditionalAttribute</entry>
+    <entry key="1.PersonType">NaturalPerson</entry>
+    <entry key="1.Required">false</entry>
+    <entry key="1.XmlType.NamespaceUri">http://www.w3.org/2001/XMLSchema</entry>
+    <entry key="1.XmlType.LocalPart">string</entry>
+    <entry key="1.XmlType.NamespacePrefix">xs</entry>
+    <entry key="1.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="2.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalAdditionalAttribute</entry>
+    <entry key="2.FriendlyName">LegalAdditionalAttribute</entry>
+    <entry key="2.PersonType">LegalPerson</entry>
+    <entry key="2.Required">false</entry>
+    <entry key="2.XmlType.NamespaceUri">http://www.w3.org/2001/XMLSchema</entry>
+    <entry key="2.XmlType.LocalPart">string</entry>
+    <entry key="2.XmlType.NamespacePrefix">xs</entry>
+    <entry key="2.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+</properties>
diff --git a/ms_specific_proxyservice/src/test/resources/config/eIDAS/eidas-attributes.xml b/ms_specific_proxyservice/src/test/resources/config/eIDAS/eidas-attributes.xml
new file mode 100644
index 00000000..cbae35db
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/resources/config/eIDAS/eidas-attributes.xml
@@ -0,0 +1,376 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- 
+#   Copyright (c) 2017 European Commission  
+#   Licensed under the EUPL, Version 1.2 or – as soon they will be 
+#   approved by the European Commission - subsequent versions of the 
+#    EUPL (the "Licence"); 
+#    You may not use this work except in compliance with the Licence. 
+#    You may obtain a copy of the Licence at: 
+#    * https://joinup.ec.europa.eu/page/eupl-text-11-12  
+#    *
+#    Unless required by applicable law or agreed to in writing, software 
+#    distributed under the Licence is distributed on an "AS IS" basis, 
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+#    See the Licence for the specific language governing permissions and limitations under the Licence.
+ -->
+
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+<properties>
+    <comment>eIDAS attributes</comment>
+
+    <entry key="1.NameUri">http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier</entry>
+    <entry key="1.FriendlyName">PersonIdentifier</entry>
+    <entry key="1.PersonType">NaturalPerson</entry>
+    <entry key="1.Required">true</entry>
+    <entry key="1.UniqueIdentifier">true</entry>
+    <entry key="1.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+    <entry key="1.XmlType.LocalPart">PersonIdentifierType</entry>
+    <entry key="1.XmlType.NamespacePrefix">eidas-natural</entry>
+    <entry key="1.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="2.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName</entry>
+    <entry key="2.FriendlyName">FamilyName</entry>
+    <entry key="2.PersonType">NaturalPerson</entry>
+    <entry key="2.Required">true</entry>
+    <entry key="2.TransliterationMandatory">true</entry>
+    <entry key="2.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+    <entry key="2.XmlType.LocalPart">CurrentFamilyNameType</entry>
+    <entry key="2.XmlType.NamespacePrefix">eidas-natural</entry>
+    <entry key="2.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="3.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName</entry>
+    <entry key="3.FriendlyName">FirstName</entry>
+    <entry key="3.PersonType">NaturalPerson</entry>
+    <entry key="3.Required">true</entry>
+    <entry key="3.TransliterationMandatory">true</entry>
+    <entry key="3.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+    <entry key="3.XmlType.LocalPart">CurrentGivenNameType</entry>
+    <entry key="3.XmlType.NamespacePrefix">eidas-natural</entry>
+    <entry key="3.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="4.NameUri">http://eidas.europa.eu/attributes/naturalperson/DateOfBirth</entry>
+    <entry key="4.FriendlyName">DateOfBirth</entry>
+    <entry key="4.PersonType">NaturalPerson</entry>
+    <entry key="4.Required">true</entry>
+    <entry key="4.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+    <entry key="4.XmlType.LocalPart">DateOfBirthType</entry>
+    <entry key="4.XmlType.NamespacePrefix">eidas-natural</entry>
+    <entry key="4.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller</entry>
+
+    <entry key="5.NameUri">http://eidas.europa.eu/attributes/naturalperson/BirthName</entry>
+    <entry key="5.FriendlyName">BirthName</entry>
+    <entry key="5.PersonType">NaturalPerson</entry>
+    <entry key="5.Required">false</entry>
+    <entry key="5.TransliterationMandatory">true</entry>
+    <entry key="5.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+    <entry key="5.XmlType.LocalPart">BirthNameType</entry>
+    <entry key="5.XmlType.NamespacePrefix">eidas-natural</entry>
+    <entry key="5.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="6.NameUri">http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth</entry>
+    <entry key="6.FriendlyName">PlaceOfBirth</entry>
+    <entry key="6.PersonType">NaturalPerson</entry>
+    <entry key="6.Required">false</entry>
+    <entry key="6.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+    <entry key="6.XmlType.LocalPart">PlaceOfBirthType</entry>
+    <entry key="6.XmlType.NamespacePrefix">eidas-natural</entry>
+    <entry key="6.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="7.NameUri">http://eidas.europa.eu/attributes/naturalperson/CurrentAddress</entry>
+    <entry key="7.FriendlyName">CurrentAddress</entry>
+    <entry key="7.PersonType">NaturalPerson</entry>
+    <entry key="7.Required">false</entry>
+    <entry key="7.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+    <entry key="7.XmlType.LocalPart">CurrentAddressType</entry>
+    <entry key="7.XmlType.NamespacePrefix">eidas-natural</entry>
+    <entry key="7.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.CurrentAddressAttributeValueMarshaller</entry>
+
+    <entry key="8.NameUri">http://eidas.europa.eu/attributes/naturalperson/Gender</entry>
+    <entry key="8.FriendlyName">Gender</entry>
+    <entry key="8.PersonType">NaturalPerson</entry>
+    <entry key="8.Required">false</entry>
+    <entry key="8.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson</entry>
+    <entry key="8.XmlType.LocalPart">GenderType</entry>
+    <entry key="8.XmlType.NamespacePrefix">eidas-natural</entry>
+    <entry key="8.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.GenderAttributeValueMarshaller</entry>
+
+    <entry key="9.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier</entry>
+    <entry key="9.FriendlyName">LegalPersonIdentifier</entry>
+    <entry key="9.PersonType">LegalPerson</entry>
+    <entry key="9.Required">true</entry>
+    <entry key="9.UniqueIdentifier">true</entry>
+    <entry key="9.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+    <entry key="9.XmlType.LocalPart">LegalPersonIdentifierType</entry>
+    <entry key="9.XmlType.NamespacePrefix">eidas-legal</entry>
+    <entry key="9.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="10.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalName</entry>
+    <entry key="10.FriendlyName">LegalName</entry>
+    <entry key="10.PersonType">LegalPerson</entry>
+    <entry key="10.Required">true</entry>
+    <entry key="10.TransliterationMandatory">true</entry>
+    <entry key="10.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+    <entry key="10.XmlType.LocalPart">LegalNameType</entry>
+    <entry key="10.XmlType.NamespacePrefix">eidas-legal</entry>
+    <entry key="10.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="11.NameUri">http://eidas.europa.eu/attributes/legalperson/LegalPersonAddress</entry>
+    <entry key="11.FriendlyName">LegalAddress</entry>
+    <entry key="11.PersonType">LegalPerson</entry>
+    <entry key="11.Required">false</entry>
+    <entry key="11.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+    <entry key="11.XmlType.LocalPart">LegalPersonAddressType</entry>
+    <entry key="11.XmlType.NamespacePrefix">eidas-legal</entry>
+    <entry key="11.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.LegalAddressAttributeValueMarshaller</entry>
+
+    <entry key="12.NameUri">http://eidas.europa.eu/attributes/legalperson/VATRegistrationNumber</entry>
+    <entry key="12.FriendlyName">VATRegistration</entry>
+    <entry key="12.PersonType">LegalPerson</entry>
+    <entry key="12.Required">false</entry>
+    <entry key="12.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+    <entry key="12.XmlType.LocalPart">VATRegistrationNumberType</entry>
+    <entry key="12.XmlType.NamespacePrefix">eidas-legal</entry>
+    <entry key="12.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="13.NameUri">http://eidas.europa.eu/attributes/legalperson/TaxReference</entry>
+    <entry key="13.FriendlyName">TaxReference</entry>
+    <entry key="13.PersonType">LegalPerson</entry>
+    <entry key="13.Required">false</entry>
+    <entry key="13.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+    <entry key="13.XmlType.LocalPart">TaxReferenceType</entry>
+    <entry key="13.XmlType.NamespacePrefix">eidas-legal</entry>
+    <entry key="13.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="14.NameUri">http://eidas.europa.eu/attributes/legalperson/D-2012-17-EUIdentifier</entry>
+    <entry key="14.FriendlyName">D-2012-17-EUIdentifier</entry>
+    <entry key="14.PersonType">LegalPerson</entry>
+    <entry key="14.Required">false</entry>
+    <entry key="14.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+    <entry key="14.XmlType.LocalPart">D-2012-17-EUIdentifierType</entry>
+    <entry key="14.XmlType.NamespacePrefix">eidas-legal</entry>
+    <entry key="14.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="15.NameUri">http://eidas.europa.eu/attributes/legalperson/LEI</entry>
+    <entry key="15.FriendlyName">LEI</entry>
+    <entry key="15.PersonType">LegalPerson</entry>
+    <entry key="15.Required">false</entry>
+    <entry key="15.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+    <entry key="15.XmlType.LocalPart">LEIType</entry>
+    <entry key="15.XmlType.NamespacePrefix">eidas-legal</entry>
+    <entry key="15.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="16.NameUri">http://eidas.europa.eu/attributes/legalperson/EORI</entry>
+    <entry key="16.FriendlyName">EORI</entry>
+    <entry key="16.PersonType">LegalPerson</entry>
+    <entry key="16.Required">false</entry>
+    <entry key="16.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+    <entry key="16.XmlType.LocalPart">EORIType</entry>
+    <entry key="16.XmlType.NamespacePrefix">eidas-legal</entry>
+    <entry key="16.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="17.NameUri">http://eidas.europa.eu/attributes/legalperson/SEED</entry>
+    <entry key="17.FriendlyName">SEED</entry>
+    <entry key="17.PersonType">LegalPerson</entry>
+    <entry key="17.Required">false</entry>
+    <entry key="17.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+    <entry key="17.XmlType.LocalPart">SEEDType</entry>
+    <entry key="17.XmlType.NamespacePrefix">eidas-legal</entry>
+    <entry key="17.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="18.NameUri">http://eidas.europa.eu/attributes/legalperson/SIC</entry>
+    <entry key="18.FriendlyName">SIC</entry>
+    <entry key="18.PersonType">LegalPerson</entry>
+    <entry key="18.Required">false</entry>
+    <entry key="18.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson</entry>
+    <entry key="18.XmlType.LocalPart">SICType</entry>
+    <entry key="18.XmlType.NamespacePrefix">eidas-legal</entry>
+    <entry key="18.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="19.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/PersonIdentifier</entry>
+    <entry key="19.FriendlyName">RepresentativePersonIdentifier</entry>
+    <entry key="19.PersonType">RepresentativeNaturalPerson</entry>
+    <entry key="19.Required">false</entry>
+    <entry key="19.UniqueIdentifier">true</entry>
+    <entry key="19.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+    <entry key="19.XmlType.LocalPart">PersonIdentifierType</entry>
+    <entry key="19.XmlType.NamespacePrefix">eidas-natural</entry>
+    <entry key="19.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="20.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentFamilyName</entry>
+    <entry key="20.FriendlyName">RepresentativeFamilyName</entry>
+    <entry key="20.PersonType">RepresentativeNaturalPerson</entry>
+    <entry key="20.Required">false</entry>
+    <entry key="20.TransliterationMandatory">true</entry>
+    <entry key="20.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+    <entry key="20.XmlType.LocalPart">CurrentFamilyNameType</entry>
+    <entry key="20.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+    <entry key="20.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="21.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentGivenName</entry>
+    <entry key="21.FriendlyName">RepresentativeFirstName</entry>
+    <entry key="21.PersonType">RepresentativeNaturalPerson</entry>
+    <entry key="21.Required">false</entry>
+    <entry key="21.TransliterationMandatory">true</entry>
+    <entry key="21.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+    <entry key="21.XmlType.LocalPart">CurrentGivenNameType</entry>
+    <entry key="21.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+    <entry key="21.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="22.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/DateOfBirth</entry>
+    <entry key="22.FriendlyName">RepresentativeDateOfBirth</entry>
+    <entry key="22.PersonType">RepresentativeNaturalPerson</entry>
+    <entry key="22.Required">false</entry>
+    <entry key="22.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+    <entry key="22.XmlType.LocalPart">DateOfBirthType</entry>
+    <entry key="22.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+    <entry key="22.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller</entry>
+
+    <entry key="23.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/BirthName</entry>
+    <entry key="23.FriendlyName">RepresentativeBirthName</entry>
+    <entry key="23.PersonType">RepresentativeNaturalPerson</entry>
+    <entry key="23.Required">false</entry>
+    <entry key="23.TransliterationMandatory">true</entry>
+    <entry key="23.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+    <entry key="23.XmlType.LocalPart">BirthNameType</entry>
+    <entry key="23.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+    <entry key="23.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="24.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/PlaceOfBirth</entry>
+    <entry key="24.FriendlyName">RepresentativePlaceOfBirth</entry>
+    <entry key="24.PersonType">RepresentativeNaturalPerson</entry>
+    <entry key="24.Required">false</entry>
+    <entry key="24.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+    <entry key="24.XmlType.LocalPart">PlaceOfBirthType</entry>
+    <entry key="24.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+    <entry key="24.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="25.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/CurrentAddress</entry>
+    <entry key="25.FriendlyName">RepresentativeCurrentAddress</entry>
+    <entry key="25.PersonType">RepresentativeNaturalPerson</entry>
+    <entry key="25.Required">false</entry>
+    <entry key="25.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+    <entry key="25.XmlType.LocalPart">CurrentAddressType</entry>
+    <entry key="25.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+    <entry key="25.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvCurrentAddressAttributeValueMarshaller</entry>
+
+    <entry key="26.NameUri">http://eidas.europa.eu/attributes/naturalperson/representative/Gender</entry>
+    <entry key="26.FriendlyName">RepresentativeGender</entry>
+    <entry key="26.PersonType">RepresentativeNaturalPerson</entry>
+    <entry key="26.Required">false</entry>
+    <entry key="26.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/naturalperson/representative</entry>
+    <entry key="26.XmlType.LocalPart">GenderType</entry>
+    <entry key="26.XmlType.NamespacePrefix">eidas-reprentative-natural</entry>
+    <entry key="26.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.GenderAttributeValueMarshaller</entry>
+
+    <entry key="27.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonIdentifier</entry>
+    <entry key="27.FriendlyName">RepresentativeLegalPersonIdentifier</entry>
+    <entry key="27.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="27.Required">false</entry>
+    <entry key="27.UniqueIdentifier">true</entry>
+    <entry key="27.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="27.XmlType.LocalPart">LegalPersonIdentifierType</entry>
+    <entry key="27.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="27.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="28.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalName</entry>
+    <entry key="28.FriendlyName">RepresentativeLegalName</entry>
+    <entry key="28.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="28.Required">false</entry>
+    <entry key="28.TransliterationMandatory">true</entry>
+    <entry key="28.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="28.XmlType.LocalPart">LegalNameType</entry>
+    <entry key="28.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="28.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="29.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonAddress</entry>
+    <entry key="29.FriendlyName">RepresentativeLegalAddress</entry>
+    <entry key="29.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="29.Required">false</entry>
+    <entry key="29.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="29.XmlType.LocalPart">LegalPersonAddressType</entry>
+    <entry key="29.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="29.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvLegalAddressAttributeValueMarshaller</entry>
+
+    <entry key="30.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/VATRegistrationNumber</entry>
+    <entry key="30.FriendlyName">RepresentativeVATRegistration</entry>
+    <entry key="30.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="30.Required">false</entry>
+    <entry key="30.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="30.XmlType.LocalPart">VATRegistrationNumberType</entry>
+    <entry key="30.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="30.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="31.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/TaxReference</entry>
+    <entry key="31.FriendlyName">RepresentativeTaxReference</entry>
+    <entry key="31.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="31.Required">false</entry>
+    <entry key="31.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="31.XmlType.LocalPart">TaxReferenceType</entry>
+    <entry key="31.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="31.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="32.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/D-2012-17-EUIdentifier</entry>
+    <entry key="32.FriendlyName">RepresentativeD-2012-17-EUIdentifier</entry>
+    <entry key="32.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="32.Required">false</entry>
+    <entry key="32.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="32.XmlType.LocalPart">D-2012-17-EUIdentifierType</entry>
+    <entry key="32.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="32.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="33.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LEI</entry>
+    <entry key="33.FriendlyName">RepresentativeLEI</entry>
+    <entry key="33.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="33.Required">false</entry>
+    <entry key="33.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="33.XmlType.LocalPart">LEIType</entry>
+    <entry key="33.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="33.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="34.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/EORI</entry>
+    <entry key="34.FriendlyName">RepresentativeEORI</entry>
+    <entry key="34.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="34.Required">false</entry>
+    <entry key="34.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="34.XmlType.LocalPart">EORIType</entry>
+    <entry key="34.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="34.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="35.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/SEED</entry>
+    <entry key="35.FriendlyName">RepresentativeSEED</entry>
+    <entry key="35.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="35.Required">false</entry>
+    <entry key="35.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="35.XmlType.LocalPart">SEEDType</entry>
+    <entry key="35.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="35.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="36.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/SIC</entry>
+    <entry key="36.FriendlyName">RepresentativeSIC</entry>
+    <entry key="36.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="36.Required">false</entry>
+    <entry key="36.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="36.XmlType.LocalPart">SICType</entry>
+    <entry key="36.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="36.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+    <entry key="39.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/LegalPersonAddress</entry>
+    <entry key="39.FriendlyName">RepresentativeLegalAddress</entry>
+    <entry key="39.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="39.Required">false</entry>
+    <entry key="39.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="39.XmlType.LocalPart">LegalPersonAddressType</entry>
+    <entry key="39.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="39.AttributeValueMarshaller">eu.eidas.auth.commons.protocol.eidas.impl.RepvLegalAddressAttributeValueMarshaller</entry>
+
+    <entry key="40.NameUri">http://eidas.europa.eu/attributes/legalperson/representative/VATRegistrationNumber</entry>
+    <entry key="40.FriendlyName">RepresentativeVATRegistration</entry>
+    <entry key="40.PersonType">RepresentativeLegalPerson</entry>
+    <entry key="40.Required">false</entry>
+    <entry key="40.XmlType.NamespaceUri">http://eidas.europa.eu/attributes/legalperson/representative</entry>
+    <entry key="40.XmlType.LocalPart">VATRegistrationNumberType</entry>
+    <entry key="40.XmlType.NamespacePrefix">eidas-reprentative-legal</entry>
+    <entry key="40.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+
+</properties>
diff --git a/ms_specific_proxyservice/src/test/resources/config/eIDAS/igniteSpecificCommunication.xml b/ms_specific_proxyservice/src/test/resources/config/eIDAS/igniteSpecificCommunication.xml
new file mode 100644
index 00000000..f817f5a4
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/resources/config/eIDAS/igniteSpecificCommunication.xml
@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ Copyright (c) 2018 by European Commission
+  ~
+  ~ Licensed under the EUPL, Version 1.2 or - as soon they will be
+  ~ approved by the European Commission - subsequent versions of the
+  ~ EUPL (the "Licence");
+  ~ You may not use this work except in compliance with the Licence.
+  ~ You may obtain a copy of the Licence at:
+  ~ https://joinup.ec.europa.eu/page/eupl-text-11-12
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the Licence is distributed on an "AS IS" basis,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+  ~ implied.
+  ~ See the Licence for the specific language governing permissions and
+  ~ limitations under the Licence.
+  -->
+
+<!--
+    Ignite Spring configuration file to startup Ignite cache.
+
+    This file demonstrates how to configure cache using Spring. Provided cache
+    will be created on node startup.
+
+    Use this configuration file when running HTTP REST examples (see 'examples/rest' folder).
+
+    When starting a standalone node, you need to execute the following command:
+    {IGNITE_HOME}/bin/ignite.{bat|sh} examples/config/ignite-cache.xml
+
+    When starting Ignite from Java IDE, pass path to this file to Ignition:
+    Ignition.start("examples/config/ignite-cache.xml");
+-->
+
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+    <bean id="igniteSpecificCommunication.cfg" class="org.apache.ignite.configuration.IgniteConfiguration">
+
+        <property name="igniteInstanceName" value="igniteSpecificCommunication"/>
+
+        <property name="cacheConfiguration">
+            <list>
+
+                <!--Specific Communication Caches-->
+                <!-- Partitioned cache example configuration (Atomic mode). -->
+                <bean class="org.apache.ignite.configuration.CacheConfiguration">
+                    <property name="name" value="specificNodeConnectorRequestCache"/>
+                    <property name="atomicityMode" value="ATOMIC"/>
+                    <property name="backups" value="1"/>
+                </bean>
+                <!-- Partitioned cache example configuration (Atomic mode). -->
+                <bean class="org.apache.ignite.configuration.CacheConfiguration">
+                    <property name="name" value="nodeSpecificProxyserviceRequestCache"/>
+                    <property name="atomicityMode" value="ATOMIC"/>
+                    <property name="backups" value="1"/>
+                </bean>
+                <!-- Partitioned cache example configuration (Atomic mode). -->
+                <bean class="org.apache.ignite.configuration.CacheConfiguration">
+                    <property name="name" value="specificNodeProxyserviceResponseCache"/>
+                    <property name="atomicityMode" value="ATOMIC"/>
+                    <property name="backups" value="1"/>
+                </bean>
+                <!-- Partitioned cache example configuration (Atomic mode). -->
+                <bean class="org.apache.ignite.configuration.CacheConfiguration">
+                    <property name="name" value="nodeSpecificConnectorResponseCache"/>
+                    <property name="atomicityMode" value="ATOMIC"/>
+                    <property name="backups" value="1"/>
+                </bean>
+                <!-- Partitioned cache example configuration (Atomic mode). -->
+                <bean class="org.apache.ignite.configuration.CacheConfiguration">
+                    <property name="name" value="msConnectorCache"/>
+                    <property name="atomicityMode" value="ATOMIC"/>
+                    <property name="backups" value="1"/>
+                </bean>
+
+            </list>
+        </property>
+
+        <!--Multicast discover of other nodes in the grid configuration-->
+        <property name="discoverySpi">
+            <bean class="org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi">
+                <property name="ipFinder">
+                    <bean class="org.apache.ignite.spi.discovery.tcp.ipfinder.multicast.TcpDiscoveryMulticastIpFinder">
+                        <property name="multicastGroup" value="228.10.10.157"/>
+                    </bean>
+                </property>
+            </bean>
+        </property>
+
+        <!-- how frequently Ignite will output basic node metrics into the log-->
+        <property name="metricsLogFrequency" value="#{60 * 10 * 1000}"/>
+
+    </bean>
+
+    <!--
+        Initialize property configurer so we can reference environment variables.
+    -->
+    <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+        <property name="systemPropertiesModeName" value="SYSTEM_PROPERTIES_MODE_FALLBACK"/>
+        <property name="searchSystemEnvironment" value="true"/>
+    </bean>
+
+</beans>
diff --git a/ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionConnector.xml b/ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionConnector.xml
new file mode 100644
index 00000000..d1fc042d
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionConnector.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- 
+#   Copyright (c) 2017 European Commission  
+#   Licensed under the EUPL, Version 1.2 or – as soon they will be 
+#   approved by the European Commission - subsequent versions of the 
+#    EUPL (the "Licence"); 
+#    You may not use this work except in compliance with the Licence. 
+#    You may obtain a copy of the Licence at: 
+#    * https://joinup.ec.europa.eu/page/eupl-text-11-12  
+#    *
+#    Unless required by applicable law or agreed to in writing, software 
+#    distributed under the Licence is distributed on an "AS IS" basis, 
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+#    See the Licence for the specific language governing permissions and limitations under the Licence.
+ -->
+
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+<properties>
+  <!-- issuer name -->
+  <entry key="lightToken.connector.request.issuer.name">specificCommunicationDefinitionConnectorRequest</entry>
+  <entry key="lightToken.connector.request.node.id">specificConnector</entry> 
+
+	<!--secrets and algorithms for request consent token-->
+	<entry key="lightToken.connector.request.secret">mySecretConnectorRequest</entry>
+	<entry key="lightToken.connector.request.algorithm">SHA-256</entry>
+
+	<!-- issuer name -->
+	<entry key="lightToken.connector.response.issuer.name">specificCommunicationDefinitionConnectorResponse</entry>
+  <entry key="lightToken.connector.response.node.id">specificConnector</entry>
+  
+	<!--secrets and algorithms for response consent token-->
+	<entry key="lightToken.connector.response.secret">mySecretConnectorResponse</entry>
+	<entry key="lightToken.connector.response.algorithm">SHA-256</entry>
+  
+  <!--The value of incoming lightRequest maximum number characters allowed-->
+	<entry key="incoming.lightRequest.max.number.characters">65535</entry>
+</properties>
diff --git a/ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionProxyservice.xml b/ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionProxyservice.xml
new file mode 100644
index 00000000..c8caf16b
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/resources/config/eIDAS/specificCommunicationDefinitionProxyservice.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- 
+#   Copyright (c) 2017 European Commission  
+#   Licensed under the EUPL, Version 1.2 or – as soon they will be 
+#   approved by the European Commission - subsequent versions of the 
+#    EUPL (the "Licence"); 
+#    You may not use this work except in compliance with the Licence. 
+#    You may obtain a copy of the Licence at: 
+#    * https://joinup.ec.europa.eu/page/eupl-text-11-12  
+#    *
+#    Unless required by applicable law or agreed to in writing, software 
+#    distributed under the Licence is distributed on an "AS IS" basis, 
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+#    See the Licence for the specific language governing permissions and limitations under the Licence.
+ -->
+
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+<properties>
+  <entry key="distributedCommunicationMaps">true</entry> 
+
+	<!-- issuer name -->
+	<entry key="lightToken.proxyservice.request.issuer.name">specificCommunicationDefinitionProxyserviceRequest</entry>
+  <entry key="lightToken.proxyservice.request.node.id">specificProxyService</entry>
+	<!--secrets and algorithms for request consent token-->
+	<entry key="lightToken.proxyservice.request.secret">mySecretProxyserviceRequest</entry>
+	<entry key="lightToken.proxyservice.request.algorithm">SHA-256</entry>
+
+	<!-- issuer name -->
+	<entry key="lightToken.proxyservice.response.issuer.name">specificCommunicationDefinitionProxyserviceResponse</entry>
+  <entry key="lightToken.proxyservice.response.node.id">specificProxyService</entry>
+	<!--secrets and algorithms for response consent token-->
+	<entry key="lightToken.proxyservice.response.secret">mySecretProxyserviceResponse</entry>
+	<entry key="lightToken.proxyservice.response.algorithm">SHA-256</entry>
+  
+  <!--The value of incoming Light Response maximum number characters allowed-->
+	<entry key="incoming.lightResponse.max.number.characters">65535</entry>
+</properties>
diff --git a/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties b/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties
new file mode 100644
index 00000000..8cd77046
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties
@@ -0,0 +1,116 @@
+## Set Spring-Boot profile-configuration to 2.3 style
+spring.config.use-legacy-processing=true
+
+## ApplicationServer configuration 
+server.servlet.contextPath=/ms_proxyservice
+#server.port=7080
+
+app.build.artifactId=ms_proxyservice
+
+
+
+#############################################################################
+## SpringBoot Admin client
+spring.boot.admin.client.enabled=false
+
+#############################################################################
+## SpringBoot Actuator
+management.endpoints.web.exposure.include=health,info
+
+#############################################################################
+## Common parts of MS-speccific eIDAS application configuration
+
+eidas.ms.context.url.prefix=https://localhost/ms_proxy/
+eidas.ms.context.url.request.validation=false
+eidas.ms.core.configRootDir=file:./src/test/resources/config/
+eidas.ms.context.use.clustermode=true
+eidas.ms.core.logging.level.info.errorcodes=auth.21
+
+##Monitoring
+eidas.ms.monitoring.eIDASNode.metadata.url=
+
+
+##Specific logger configuration
+eidas.ms.technicallog.write.MDS.into.techlog=true
+eidas.ms.revisionlog.write.MDS.into.revisionlog=true
+eidas.ms.revisionlog.logIPAddressOfUser=true
+
+
+##Directory for static Web content
+eidas.ms.webcontent.static.directory=webcontent/
+eidas.ms.webcontent.templates=templates/
+eidas.ms.webcontent.properties=properties/messages
+
+
+## extended validation of pending-request Id's
+eidas.ms.core.pendingrequestid.maxlifetime=300
+eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256
+eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret
+
+
+## HTTP-client defaults
+eidas.ms.client.http.connection.timeout.socket=15
+eidas.ms.client.http.connection.timeout.connection=15
+eidas.ms.client.http.connection.timeout.request=15
+
+
+## Common PVP2 S-Profile (SAML2) configuration
+eidas.ms.pvp2.metadata.organisation.name=JUnit
+eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit
+eidas.ms.pvp2.metadata.organisation.url=http://junit.test
+eidas.ms.pvp2.metadata.contact.givenname=Max
+eidas.ms.pvp2.metadata.contact.surname=Mustermann
+eidas.ms.pvp2.metadata.contact.email=max@junit.test
+
+##only for advanced config
+eidas.ms.configuration.pvp.scheme.validation=true
+eidas.ms.configuration.pvp.enable.entitycategories=false
+
+
+#############################################################################
+## MS-speccific eIDAS-Proxy-Service configuration
+
+
+#### eIDAS ms-specific Proxy-Service configuration
+eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy
+eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://localhost/EidasNode
+eidas.ms.auth.eIDAS.node_v2.forward.method=POST
+
+# Mandate configuration
+eidas.ms.auth.eIDAS.proxy.mandates.enabled=false
+#eidas.ms.auth.eIDAS.proxy.mandates.profiles.natural.default=
+#eidas.ms.auth.eIDAS.proxy.mandates.profiles.legal.default=
+
+
+## special foreign eIDAS-Connector configuration
+#eidas.ms.connector.0.uniqueID=https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata
+#eidas.ms.connector.0.countryCode=CC
+#eidas.ms.connector.0.mandates.enabled=false
+#eidas.ms.connector.0.mandates.natural=
+#eidas.ms.connector.0.mandates.legal=
+#eidas.ms.connector.0.auth.idaustria.entityId=
+
+
+## PVP2 S-Profile communication with ID Austria System 
+# EntityId and optional metadata of ID Austria System
+eidas.ms.modules.idaustriaauth.idp.entityId=classpath:/data/idp_metadata_classpath_entity.xml
+#eidas.ms.modules.idaustriaauth.idp.metadataUrl=
+
+# SAML2 client configuration
+eidas.ms.modules.idaustriaauth.keystore.path=keys/junit_test.jks
+eidas.ms.modules.idaustriaauth.keystore.password=password
+eidas.ms.modules.idaustriaauth.keystore.type=jks
+
+eidas.ms.modules.idaustriaauth.metadata.sign.alias=meta
+eidas.ms.modules.idaustriaauth.metadata.sign.password=password
+eidas.ms.modules.idaustriaauth.request.sign.alias=sig
+eidas.ms.modules.idaustriaauth.request.sign.password=password
+eidas.ms.modules.idaustriaauth.response.encryption.alias=enc
+eidas.ms.modules.idaustriaauth.response.encryption.password=password
+
+eidas.ms.modules.idaustriaauth.truststore.path=keys/junit_test.jks
+eidas.ms.modules.idaustriaauth.truststore.password=password
+eidas.ms.modules.idaustriaauth.truststore.type=jks
+
+
+
diff --git a/ms_specific_proxyservice/src/test/resources/config/keys/Metadata.pem b/ms_specific_proxyservice/src/test/resources/config/keys/Metadata.pem
new file mode 100644
index 00000000..b544c194
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/resources/config/keys/Metadata.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+jCCAeKgAwIBAgIEXjF+fTANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJB
+VDENMAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxETAPBgNVBAMMCE1ldGFk
+YXRhMB4XDTIwMDEyOTEyNDU0OVoXDTI2MDEyODEyNDU0OVowPzELMAkGA1UEBhMC
+QVQxDTALBgNVBAcMBEVHSVoxDjAMBgNVBAoMBWpVbml0MREwDwYDVQQDDAhNZXRh
+ZGF0YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK230G3dxNbNlSYA
+O5Kx/Js0aBAgxMt7q9m+dA35fK/dOvF/GjrqjWsMCnax+no9gLnq6x0gXiJclz6H
+rp/YDOfLrJjMpNL/r0FWT947vbnEj7eT8TdY5d6Yi8AZulZmjiCI5nbZh2zwrP4+
+WqRroLoPhXQj8mDyp26M4xHBBUhLMRc2HV4S+XH4uNZ/vTmb8vBg31XGHCY33gl7
+/KA54JNGxJdN8Dxv6yHYsm91ZfVrX39W0iYLUNhUCkolwuQmjDVfrExM8BTLIONb
+f+erJoCm3A9ghZyDYRQ/e69/UEUqDa6XOzykr88INkQscEiAXCDS+EBPMpKo+t3l
+PIA9r7kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAh/2mg4S03bdZy1OVtEAudBT9
+YZb9OF34hxPtNbkB/V04wSIg1d4TBr5KDhV7CdiUOxPZzHpS8LUCgfGX306FB6NX
+zh/b67uTOPaE72AB4VIT/Np0fsM7k5WhG9k9NoprIGiqCz2lXcfpZiT+LtSO1vWS
+YI87wR9KOSWjcw/5i5qZIAJuwvLCQj5JtUsmrhHK75222J3TJf4dS/gfN4xfY2rW
+9vcXtH6//8WdWp/zx9V7Z1ZsDb8TDKtBCEGuFDgVeU5ScKtVq8qRoUKD3Ve76cZi
+purO3KrRrVAuZP2EfLkZdHEHqe8GPigNnZ5kTn8V2VJ3iRAQ73hpJRR98tFd0A==
+-----END CERTIFICATE-----
diff --git a/ms_specific_proxyservice/src/test/resources/config/keys/junit.jks b/ms_specific_proxyservice/src/test/resources/config/keys/junit.jks
new file mode 100644
index 00000000..59e6ad13
Binary files /dev/null and b/ms_specific_proxyservice/src/test/resources/config/keys/junit.jks differ
diff --git a/ms_specific_proxyservice/src/test/resources/config/keys/junit_test.jks b/ms_specific_proxyservice/src/test/resources/config/keys/junit_test.jks
new file mode 100644
index 00000000..ee6254a9
Binary files /dev/null and b/ms_specific_proxyservice/src/test/resources/config/keys/junit_test.jks differ
diff --git a/ms_specific_proxyservice/src/test/resources/config/keys/teststore.jks b/ms_specific_proxyservice/src/test/resources/config/keys/teststore.jks
new file mode 100644
index 00000000..fcc6400c
Binary files /dev/null and b/ms_specific_proxyservice/src/test/resources/config/keys/teststore.jks differ
diff --git a/ms_specific_proxyservice/src/test/resources/config/logback_config.xml b/ms_specific_proxyservice/src/test/resources/config/logback_config.xml
new file mode 100644
index 00000000..bb3de3e8
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/resources/config/logback_config.xml
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- For assistance related to logback-translator or configuration  -->
+<!-- files in general, please contact the logback user mailing list -->
+<!-- at http://www.qos.ch/mailman/listinfo/logback-user             -->
+<!--                                                                -->
+<!-- For professional support please see                            -->
+<!--    http://www.qos.ch/shop/products/professionalSupport         -->
+<!--                                                                -->
+<configuration>
+  <appender name="EIDASNODE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+    <File>${catalina.base}/logs/eIDAS_node.log</File>
+    <encoder>
+      <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern>
+    </encoder>
+    <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <maxIndex>9999</maxIndex>
+      <FileNamePattern>${catalina.base}/logs/eIDAS_node.log.%i</FileNamePattern>
+    </rollingPolicy>
+    <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <MaxFileSize>10000KB</MaxFileSize>
+    </triggeringPolicy>
+  </appender>
+  <appender name="msnode" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+    <File>${catalina.base}/logs/eidas-ms-reversion.log</File>
+    <encoder>
+      <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern>
+    </encoder>
+    <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <maxIndex>9999</maxIndex>
+      <FileNamePattern>${catalina.base}/logs/eidas-ms-reversion.log.%i</FileNamePattern>
+    </rollingPolicy>
+    <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <MaxFileSize>10000KB</MaxFileSize>
+    </triggeringPolicy>
+  </appender>
+  <appender name="reversion" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+    <File>${catalina.base}/logs/eidas-ms-reversion.log</File>
+    <encoder>
+      <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern>
+    </encoder>
+    <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <maxIndex>9999</maxIndex>
+      <FileNamePattern>${catalina.base}/logs/eidas-ms-reversion.log.%i</FileNamePattern>
+    </rollingPolicy>
+    <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <MaxFileSize>10000KB</MaxFileSize>
+    </triggeringPolicy>
+  </appender>
+  <appender name="statistic" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+    <File>${catalina.base}/logs/eidas-ms-statistic.log</File>
+    <encoder>
+      <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern>
+    </encoder>
+    <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <maxIndex>9999</maxIndex>
+      <FileNamePattern>${catalina.base}/logs/eidas-ms-statistic.log.%i</FileNamePattern>
+    </rollingPolicy>
+    <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <MaxFileSize>10000KB</MaxFileSize>
+    </triggeringPolicy>
+  </appender>
+  <appender name="stdout" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+    <File>${catalina.base}/logs/console.log</File>
+    <encoder>
+      <pattern>%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n</pattern>
+    </encoder>
+    <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+      <maxIndex>9999</maxIndex>
+      <FileNamePattern>${catalina.base}/logs/console.log.%i</FileNamePattern>
+    </rollingPolicy>
+    <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+      <MaxFileSize>10000KB</MaxFileSize>
+    </triggeringPolicy>
+  </appender>
+  <appender name="console" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n</pattern>
+    </encoder>
+  </appender>
+  <logger name="eu.eidas" additivity="false" level="info">
+    <appender-ref ref="EIDASNODE"/>
+  </logger>
+  <logger name="at.gv.egiz.eidas.specific" additivity="false" level="info">
+    <appender-ref ref="msnode"/>
+  </logger>
+  <logger name="at.gv.egiz.eidas.specific.core.logger.RevisionLogger" additivity="false" level="info">
+    <appender-ref ref="reversion"/>
+  </logger>
+  <logger name="at.gv.egiz.eidas.specific.core.logger.StatisticLogger" additivity="false" level="info">
+    <appender-ref ref="statistic"/>
+  </logger>
+  <root level="warn">
+    <appender-ref ref="stdout"/>
+    <appender-ref ref="console"/>
+  </root>
+</configuration>
diff --git a/ms_specific_proxyservice/src/test/resources/config/properties/messages.properties b/ms_specific_proxyservice/src/test/resources/config/properties/messages.properties
new file mode 100644
index 00000000..e69de29b
diff --git a/ms_specific_proxyservice/src/test/resources/config/properties/messages_de.properties b/ms_specific_proxyservice/src/test/resources/config/properties/messages_de.properties
new file mode 100644
index 00000000..e69de29b
diff --git a/ms_specific_proxyservice/src/test/resources/config/properties/messages_en.properties b/ms_specific_proxyservice/src/test/resources/config/properties/messages_en.properties
new file mode 100644
index 00000000..e69de29b
diff --git a/ms_specific_proxyservice/src/test/resources/config/templates/eidas_node_forward.html b/ms_specific_proxyservice/src/test/resources/config/templates/eidas_node_forward.html
new file mode 100644
index 00000000..6dffa34b
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/resources/config/templates/eidas_node_forward.html
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org"
+      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
+      layout:decorator="fragments/base"
+      th:with="lang=${#locale.language}" th:lang="${lang}">
+<head>
+  <script src="../webcontent/autocommit.js"
+          th:attr="src=@{/autocommit.js}"></script>
+</head>
+<body>
+	<noscript>
+		<p>
+			<strong>Note:</strong> Since your browser does not support
+			JavaScript, you must press the Continue button once to proceed.
+		</p>
+	</noscript>
+
+	<div id="alert">Your login is being processed. Thank you for
+		waiting.</div>
+
+	<form 	action="${endPoint}" method="post" target="_parent"
+			th:attr="action=@{${endPoint}}">
+		<div>
+			<input type="hidden" name="${tokenName}" value="${tokenValue}"
+			 	   th:attr="value=${tokenValue},name=${tokenName}" />
+		</div>
+		<noscript>
+			<div>
+				<p>Your browser does not support JavaScript. Click the button to continuing the process .</p>
+				<input type="submit" value="Continue" />
+			</div>
+		</noscript>
+	</form>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/ms_specific_proxyservice/src/test/resources/config/templates/error.html b/ms_specific_proxyservice/src/test/resources/config/templates/error.html
new file mode 100644
index 00000000..21f589cd
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/resources/config/templates/error.html
@@ -0,0 +1,53 @@
+<!DOCTYPE HTML>
+<html xmlns:th="http://www.thymeleaf.org"
+      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
+      layout:decorator="fragments/base"
+      th:with="lang=${#locale.language}" th:lang="${lang}">
+
+<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+<link rel="stylesheet" href="../webcontent/css/css_error.css" th:href="@{/css/css_error.css}"/>
+
+<title th:text="#{gui.errorpage.msg.title}">An error arise ... </title>
+</head>
+
+<body>
+<div id="page">
+    <div id="page1" class="case selected-case" role="main">
+        <div class="hell" role="application">
+            <h2 class="OA_header" role="heading" th:text="#{gui.errorpage.msg.title}">Error Header</h2>
+
+            <div id="alert_area" class="hell" role="application">
+                <p th:text="#{gui.errorpage.msg.information}">Error Information</p>
+                <br/>
+                <p><b th:text="#{gui.errorpage.msg.errorcode}">Code :</b> <span th:text="${errorCode}"></span></p>
+                <p><b th:text="#{gui.errorpage.msg.errormsg}">Msg :</b> <span
+                        th:text="${#messages.msgWithParams('__${errorCode}__', '__${errorParams}__')}"></span></p>
+            </div>
+        </div>
+
+        <div th:if="${timestamp}">
+            <p><b>Timestamp:</b> <span th:text="${timestamp}"></span></p>
+        </div>
+        <div th:if="${error}">
+            <p><b>Error:</b> <span th:text="${error}"></span></p>
+        </div>
+        <div th:if="${status}">
+            <p><b>Status:</b> <span th:text="${status}"></span></p>
+        </div>
+        <div th:if="${message}">
+            <p><b>Message:</b> <span th:text="${message}"></span></p>
+        </div>
+        <div th:if="${exception}">
+            <p><b>Exception:</b> <span th:text="${exception}"></span></p>
+        </div>
+        <div th:if="${trace}">
+            <p><b>Trace:</b> <span th:text="${trace}"></span></p>
+        </div>
+        <div th:if="${Stacktrace}">
+            <p><b>Stacktrace:</b> <span th:text="${stacktrace}"></span></p>
+        </div>
+
+    </div>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/ms_specific_proxyservice/src/test/resources/config/templates/error_message.html b/ms_specific_proxyservice/src/test/resources/config/templates/error_message.html
new file mode 100644
index 00000000..caaf7136
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/resources/config/templates/error_message.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html xmlns:th="http://www.thymeleaf.org"
+      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
+      layout:decorator="fragments/base"
+      th:with="lang=${#locale.language}" th:lang="${lang}">
+
+  <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+  <link rel="stylesheet" href="../webcontent/css/css_error.css"  th:href="@{/css/css_error.css}" />
+
+  <title th:text="#{gui.errorpage.msg.title}">An error arise ...  </title>
+</head>
+
+<body>
+  <div id="page">
+		<div id="page1" class="case selected-case" role="main">
+			<h2 class="OA_header" role="heading">Authentication error arise</h2>
+
+	        <div class="hell" role="application" >
+            <h2 class="OA_header" role="heading" th:text="#{gui.errorpage.msg.title}">Error Header</h2>
+
+              <div id="alert_area" class="hell" role="application" >
+                <p th:text="#{gui.errorpage.msg.information}">Error Information</p>
+                  <br/>
+		              <p><b th:text="#{gui.errorpage.msg.errorcode}">Code :</b> <span th:text="${errorCode}"></span></p>
+                  <p><b th:text="#{gui.errorpage.msg.errormsg}">Msg   :</b > <span th:text="${#messages.msgWithParams('__${errorCode}__', '__${errorParams}__')}"></span></p>
+	            </div>
+                                                                                                      <!-- errorMsg -->
+	        </div>
+
+	        <div th:if="${stacktrace}">
+            <p><b th:text="#{gui.errorpage.msg.stacktrace}">fullError</b> <span th:text="${stacktrace}"></span></p>
+	        </div>
+
+		</div>
+	</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/ms_specific_proxyservice/src/test/resources/config/templates/pvp2_post_binding.html b/ms_specific_proxyservice/src/test/resources/config/templates/pvp2_post_binding.html
new file mode 100644
index 00000000..06b9b494
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/resources/config/templates/pvp2_post_binding.html
@@ -0,0 +1,36 @@
+## ## Velocity Template for SAML 2 HTTP-POST binding ## ## Velocity
+##context may contain the following properties ## action - String - the
+##action URL for the form ## RelayState - String - the relay state for the
+##message ## SAMLRequest - String - the Base64 encoded SAML Request ##
+##SAMLResponse - String - the Base64 encoded SAML Response
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+<head>
+  <script src="/autocommit.js"></script>
+</head>
+<body>
+	<noscript>
+		<p>
+			<strong>Note:</strong> Since your browser does not support
+			JavaScript, you must press the Continue button once to proceed.
+		</p>
+	</noscript>
+
+	<div id="alert">Your login is being processed. Thank you for
+		waiting.</div>
+
+	<form action="${action}" method="post" target="_parent">
+		<div>
+			#if($RelayState)   <input type="hidden" name="RelayState" value="${RelayState}"/>     #end
+			#if($SAMLRequest)  <input type="hidden" name="SAMLRequest" value="${SAMLRequest}" />  #end
+			#if($SAMLResponse) <input type="hidden" name="SAMLResponse" value="${SAMLResponse}" /> #end
+		</div>
+		<noscript>
+			<div>
+				<input type="submit" value="Continue" />
+			</div>
+		</noscript>
+	</form>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/ms_specific_proxyservice/src/test/resources/config/webcontent/autocommit.js b/ms_specific_proxyservice/src/test/resources/config/webcontent/autocommit.js
new file mode 100644
index 00000000..d21a5651
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/resources/config/webcontent/autocommit.js
@@ -0,0 +1,5 @@
+function autoCommmit() {
+  document.forms[0].submit();
+}
+
+document.addEventListener('DOMContentLoaded', autoCommmit);
\ No newline at end of file
diff --git a/ms_specific_proxyservice/src/test/resources/config/webcontent/css/css_error.css b/ms_specific_proxyservice/src/test/resources/config/webcontent/css/css_error.css
new file mode 100644
index 00000000..d772df43
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/resources/config/webcontent/css/css_error.css
@@ -0,0 +1,26 @@
+@charset "utf-8";
+    body {
+        padding-left: 5%;
+                background-color: #F9F9F9;
+    }
+    #page {
+        padding-top: 2%;
+        padding-right: 10%;
+        padding-left: 5%;
+    }
+
+    .OA_header {
+        font-size: 2.1em;
+        padding-top:1%;
+        margin-bottom: 1%;
+        margin-top: 1%;
+        
+    }
+
+    #alert_area {
+        float:left;
+        width: 100%;
+      }
+
+
+
diff --git a/ms_specific_proxyservice/src/test/resources/config/webcontent/img/ajax-loader.gif b/ms_specific_proxyservice/src/test/resources/config/webcontent/img/ajax-loader.gif
new file mode 100644
index 00000000..f2a1bc0c
Binary files /dev/null and b/ms_specific_proxyservice/src/test/resources/config/webcontent/img/ajax-loader.gif differ
diff --git a/ms_specific_proxyservice/src/test/resources/data/Response_with_EID.xml b/ms_specific_proxyservice/src/test/resources/data/Response_with_EID.xml
new file mode 100644
index 00000000..cf37a235
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/resources/data/Response_with_EID.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost/ms_proxy/sp/idaustria/eidas/post" ID="_aeebfae3ce681fe3ddcaf213a42f01d3" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+	<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">classpath:/data/idp_metadata_classpath_entity.xml</saml2:Issuer>
+	<saml2p:Status>
+		<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+	</saml2p:Status>
+	<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_602c3236bffaf71ac3ac88674e76ff9f" IssueInstant="2014-03-05T06:39:51.017Z" Version="2.0">
+		<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata</saml2:Issuer>
+		<saml2:Subject>
+			<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="urn:publicid:gv.at:cdid+BF">QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:NameID>
+			<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+				<saml2:SubjectConfirmationData InResponseTo="_aeebfae3ce681fe3ddcaf213a42f01d3" NotOnOrAfter="2014-03-05T06:44:51.017Z" Recipient="https://localhost/ms_proxy/sp/eidas/post"/>
+			</saml2:SubjectConfirmation>
+		</saml2:Subject>
+		<saml2:Conditions NotBefore="2014-03-05T06:39:51.017Z" NotOnOrAfter="2035-03-05T06:44:51.017Z">
+			<saml2:AudienceRestriction>
+				<saml2:Audience>https://localhost/ms_proxy/sp/idaustria/eidas/metadata</saml2:Audience>
+			</saml2:AudienceRestriction>
+		</saml2:Conditions>
+		<saml2:AuthnStatement AuthnInstant="2014-03-05T06:39:51.017Z" SessionIndex="_c0c683509a8ff6ac372a9cf9c5c5a406">
+			<saml2:AuthnContext>
+				<saml2:AuthnContextClassRef>http://eidas.europa.eu/LoA/high</saml2:AuthnContextClassRef>
+			</saml2:AuthnContext>
+		</saml2:AuthnStatement>
+		<saml2:AttributeStatement>
+			<saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">2.2</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-CITIZEN-QAA- EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">http://eidas.europa.eu/LoA/high</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AT</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Mustermann</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Max</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1940-01-01</saml2:AttributeValue>
+			</saml2:Attribute>
+			<saml2:Attribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+				<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AT+XX:QVGm48cqcM4UcyhDTNGYmVdrIoY=</saml2:AttributeValue>       
+			</saml2:Attribute>      
+		</saml2:AttributeStatement>
+	</saml2:Assertion>
+</saml2p:Response>
diff --git a/ms_specific_proxyservice/src/test/resources/data/idp_metadata_classpath_entity.xml b/ms_specific_proxyservice/src/test/resources/data/idp_metadata_classpath_entity.xml
new file mode 100644
index 00000000..de565887
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/resources/data/idp_metadata_classpath_entity.xml
@@ -0,0 +1,146 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<md:EntityDescriptor
+  xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+  ID="_1a48ec3432f2f3ba6222724a5b06f873"
+  entityID="classpath:/data/idp_metadata_classpath_entity.xml"
+  validUntil="2045-02-06T08:47:26.211Z">
+  <md:IDPSSODescriptor
+    WantAuthnRequestsSigned="true"
+    protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <md:KeyDescriptor use="signing">
+      <ds:KeyInfo
+        xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:X509Data>
+          <ds:X509Certificate>MIIDMzCCAhsCBFtIcPowDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH
+            SVoxJDAiBgNVBAsMG2NlbnRyYWwgbmF0aW9uYWwgZUlEQVMgbm9kZTEaMBgGA1UEAwwRQXNzZXJ0
+            aW9uIHNpZ25pbmcwHhcNMTgwNzEzMDkyOTMwWhcNMjEwNDA3MDkyOTMwWjBeMQswCQYDVQQGEwJB
+            VDENMAsGA1UECgwERUdJWjEkMCIGA1UECwwbY2VudHJhbCBuYXRpb25hbCBlSURBUyBub2RlMRow
+            GAYDVQQDDBFBc3NlcnRpb24gc2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+            AJ5zDYxMPRcz6AHaev1tS46Tq8sdgbGFM56uxk6c7LmMDC+HTzNX/3Q5S/YwSzgL3ue5TSw1ltOf
+            yMXMZ6D0+buWWcsxGEkQ8M3adKRFdQrEwafzwTA7pguq5WiHOkr4qwR7dLMome9z5cc3LRcwdOPP
+            gq7ahb5jM3hRqc5xkMWIuvql0NFXPzlHrjDLwy5nIWPOhL5abhVt4YsXbpbjXxFSGkDEAZ32K3EU
+            LNBr9FSUmJfbrVX9AU2T+BKIwiqXP8e/3UJHgPHQ0l5ljWp5P6u5+tvM21o8sUM4eArRa8BkdRsP
+            C92GVuASSUz2ZJ3JhAK1cSM8bnvaZVLQtTvPMAcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAp7z
+            TubWXW6YMpyLSvWBdZiiQ3X66XpSZLZJDIAkoPzEY0DSBp8I5YASIx4JTR5XJt+6MI9acgNIAYW8
+            DhtRwUMVaRWEtuCrfKhGLWm5KSxnhPcD3lzRZhY4ZcA7dUlirjf6hnqo2TFEmJ9fkM+rxwy1GkDD
+            7j2YDSOFmSq9/Ud9/IbIfSnRu/lO0dh7iRrmg3y0Y/+plPxYmp4AHqehP11OchTz2FGGHVsSC2Vs
+            IVBQI6ANZYyOlicgfEEFHA06jP9OnA0EwEFr2P+di9caZg8vfibyzxMGeuf6CY0c0eLHokBCn2W8
+            vkzvWiER3pozRvCmXFjCVZfRjUunaJf2ow==
+          </ds:X509Certificate>
+        </ds:X509Data>
+        <ds:X509Data>
+          <ds:X509Certificate>MIIC+DCCAeCgAwIBAgIEXh7TbTANBgkqhkiG9w0BAQsFADA+MQswCQYDVQQGEwJB
+            VDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxEDAOBgNVBAMMB3NpZ25p
+            bmcwHhcNMjAwMTE1MDg1NTA5WhcNMjkwMTE0MDg1NTA5WjA+MQswCQYDVQQGEwJB
+            VDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxEDAOBgNVBAMMB3NpZ25p
+            bmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUSiRjnDvPafZfhJ+L
+            1wM86FKJX3VIAV/8TD9qJ6HOBkn5WwYfpheyCfRb6XVDyIGpO8qnMWAgC17Ngbmh
+            zj8d8HXNQ2l3uppMv24oUTfXyYhQfZWAghx0sTlRIx/ZmlnduJilx2S53Sa7ruJw
+            lQcBFXj9h9B8dtyegc86Sx6D9BumP1xU7+mEBk8Gv9rR5Khg0Y7qGfZWB0t4aikg
+            aupWveVwiGifOOSfR8czqIg9qUpMYfZiTEBTSRmN6sPiNWhd4J0GyAI9Rn5C9jz/
+            sSlQrxpN+4DXzsqSU5F6gzq3yRux6wyOzDlt2birf21VPQ9HIy4YCjZXwgDWG7AO
+            821pAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADnwdaxUtQU6SIpYwIb2c0ljTmQi
+            7ryUcUpNHtK0M0E5Mw5Ex8zwrWbNQZ2sUyc4r07M66iOIqHsYZUQlRYvVKHifDpA
+            r8TCgD7iGGdB3By8Ou0RaNW+03w1fwmi98CufbHCGvpv0o2KxlejoHZminNdQ79i
+            bN+01nhocezJQATEQlnwHLiQSjilXpZeLYDk8HbrcUXNRxezN4ChdH+uU54vf+Ux
+            qcj9QHcmBe1+BM8EXfqS1DbTwZl+NTCnh5OYl8fvIFSOHMBxwFrI4pyY0faxg9Uc
+            rCogn/oQ+mV1gnVUDaDhvvEnVGZQtrlt7heVId2BeNellVgsrcmdW8j4U9U=
+          </ds:X509Certificate>
+        </ds:X509Data>
+        <ds:X509Data>
+          <ds:X509Certificate>MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQGEwJBVDEN
+            MAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRh
+            MB4XDTIwMDExNTA4NTQxNVoXDTMwMDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQx
+            DTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0
+            YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SY
+            O4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eTOWdiQX0GpDIBspYMZh8ZKcwwCgYI
+            KoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImn
+            AiA2KwFtzO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA==
+          </ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+    </md:NameIDFormat>
+    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+    </md:NameIDFormat>
+    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+    </md:NameIDFormat>
+    <md:SingleSignOnService
+      Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+      Location="https://vidp.gv.at/ms_connector/pvp/post" />
+    <md:SingleSignOnService
+      Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+      Location="https://vidp.gv.at/ms_connector/pvp/redirect" />
+    <saml2:Attribute
+      xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+      FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149"
+      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+    <saml2:Attribute
+      xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+      FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55"
+      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+    <saml2:Attribute
+      xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+      FriendlyName="PRINCIPAL-NAME"
+      Name="urn:oid:1.2.40.0.10.2.1.1.261.20"
+      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+    <saml2:Attribute
+      xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+      FriendlyName="EID-CCS-URL" Name="urn:oid:1.2.40.0.10.2.1.1.261.64"
+      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+    <saml2:Attribute
+      xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+      FriendlyName="EID-ISSUING-NATION"
+      Name="urn:oid:1.2.40.0.10.2.1.1.261.32"
+      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+    <saml2:Attribute
+      xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+      FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10"
+      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+    <saml2:Attribute
+      xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+      FriendlyName="EID-SOURCE-PIN"
+      Name="urn:oid:1.2.40.0.10.2.1.1.261.36"
+      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+    <saml2:Attribute
+      xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+      FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42"
+      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+    <saml2:Attribute
+      xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+      FriendlyName="EID-SIGNER-CERTIFICATE"
+      Name="urn:oid:1.2.40.0.10.2.1.1.261.66"
+      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+    <saml2:Attribute
+      xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+      FriendlyName="EID-SECTOR-FOR-IDENTIFIER"
+      Name="urn:oid:1.2.40.0.10.2.1.1.261.34"
+      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+    <saml2:Attribute
+      xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+      FriendlyName="EID-SOURCE-PIN-TYPE"
+      Name="urn:oid:1.2.40.0.10.2.1.1.261.104"
+      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+    <saml2:Attribute
+      xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+      FriendlyName="EID-E-ID-TOKEN"
+      Name="urn:oid:1.2.40.0.10.2.1.1.261.39"
+      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+    <saml2:Attribute
+      xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+      FriendlyName="EID-IDENTITY-LINK"
+      Name="urn:oid:1.2.40.0.10.2.1.1.261.38"
+      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+    <saml2:Attribute
+      xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+      FriendlyName="EID-CITIZEN-QAA-EIDAS-LEVEL"
+      Name="urn:oid:1.2.40.0.10.2.1.1.261.108"
+      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+    <saml2:Attribute
+      xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+      FriendlyName="EID-IDENTITY-STATUS-LEVEL"
+      Name="urn:oid:1.2.40.0.10.2.1.1.261.109"
+      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
+  </md:IDPSSODescriptor>
+</md:EntityDescriptor>
-- 
cgit v1.2.3


From 3d9d419a40b17de1f94d46cbc2f5b345a93bff00 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Wed, 8 Jun 2022 12:32:16 +0200
Subject: feat(eidas): perform mapping between IDA and eIDAS attributes based
 on external configuration

---
 .../ms-proxyservice/misc/idaAttributeMapping.json  | 170 +++++++++
 .../SpRequiredAttributersAttributeBuilder.java     |  63 ++++
 .../tasks/ReceiveFromIdAustriaSystemTask.java      |  30 +-
 .../tasks/RequestIdAustriaSystemTask.java          |   6 +
 .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder |   1 +
 .../SpRequiredAttributersAttributeBuilderTest.java |  72 ++++
 .../test/task/ReceiveAuthnResponseTaskTest.java    |  24 +-
 .../test/task/RequestIdAustriaSystemTaskTest.java  |  72 ++--
 .../eidas/specific/core/MsEidasNodeConstants.java  |  13 +-
 .../core/builder/AuthenticationDataBuilder.java    | 185 ++++++++--
 .../main/resources/specific_eIDAS_core.beans.xml   |   3 -
 .../test/utils/AuthenticationDataBuilderTest.java  | 311 +++++++++++++++-
 .../msproxyservice/dto/attributes/Type.java        |   7 +
 .../protocol/ProxyServiceAuthenticationAction.java | 297 +++++++---------
 .../service/ProxyEidasAttributeRegistry.java       |  34 +-
 .../ProxyServiceAuthenticationActionTest.java      | 217 +++++++++--
 .../services/ProxyEidasAttributeRegistryTest.java  |  35 ++
 .../test/resources/config/idaAttributeMapping.json |  56 ++-
 .../resources/specific_eIDAS_connector.beans.xml   |   3 +
 .../builder/ProxyAuthenticationDataBuilder.java    |  38 ++
 .../main/resources/specific_eIDAS_proxy.beans.xml  |   3 +
 .../ProxyAuthenticationDataBuilderTest.java        | 395 +++++++++++++++++++++
 .../config/junit_config_1_springboot.properties    |   2 +-
 pom.xml                                            |   2 +-
 24 files changed, 1713 insertions(+), 326 deletions(-)
 create mode 100644 basicConfig/ms-proxyservice/misc/idaAttributeMapping.json
 create mode 100644 modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/builder/attributes/SpRequiredAttributersAttributeBuilder.java
 create mode 100644 modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/builder/attributes/SpRequiredAttributersAttributeBuilderTest.java
 create mode 100644 ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/builder/ProxyAuthenticationDataBuilder.java
 create mode 100644 ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/builder/ProxyAuthenticationDataBuilderTest.java

(limited to 'ms_specific_proxyservice/src/main')

diff --git a/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json b/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json
new file mode 100644
index 00000000..7c44b48a
--- /dev/null
+++ b/basicConfig/ms-proxyservice/misc/idaAttributeMapping.json
@@ -0,0 +1,170 @@
+[
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier",
+    "idaAttribute": {
+      "basic": "urn:oid:1.2.40.0.10.2.1.1.149",
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.98"
+    },
+    "type": {
+      "mds": true,
+      "autoIncludeWithMandates": false
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName",
+    "idaAttribute": {
+      "basic": "urn:oid:2.5.4.42",
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.78"
+    },
+    "type": {
+      "mds": true,
+      "autoIncludeWithMandates": false
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName",
+    "idaAttribute": {
+      "basic": "urn:oid:1.2.40.0.10.2.1.1.261.20",
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.80"
+    },
+    "type": {
+      "mds": true,
+      "autoIncludeWithMandates": false
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/DateOfBirth",
+    "idaAttribute": {
+      "basic": "urn:oid:1.2.40.0.10.2.1.1.55",
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.82"
+    },
+    "type": {
+      "mds": true,
+      "autoIncludeWithMandates": false
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth",
+    "idaAttribute": {},
+    "type": {
+      "mds": false,
+      "autoIncludeWithMandates": false
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/BirthName",
+    "idaAttribute": {},
+    "type": {
+      "mds": false,
+      "autoIncludeWithMandates": false
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier",
+    "idaAttribute": {
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.100"
+    },
+    "addionalRequiredAttributes" : [
+      "urn:oid:1.2.40.0.10.2.1.1.149", 
+      "urn:oid:2.5.4.42", 
+      "urn:oid:1.2.40.0.10.2.1.1.261.20", 
+      "urn:oid:1.2.40.0.10.2.1.1.55"
+    ],
+    "type": {
+      "mds": true,
+      "autoIncludeWithMandates": false
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/legalperson/LegalName",
+    "idaAttribute": {
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.84"
+    },
+    "type": {
+      "mds": true,
+      "autoIncludeWithMandates": false
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/representative/PersonIdentifier",
+    "idaAttribute": {
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.149"
+    },
+    "type": {
+      "mds": true,
+      "autoIncludeWithMandates": true
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/representative/CurrentFamilyName",
+    "idaAttribute": {
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.20"
+    },
+    "type": {
+      "mds": true,
+      "autoIncludeWithMandates": true
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/representative/CurrentGivenName",
+    "idaAttribute": {
+      "withMandates": "urn:oid:2.5.4.42"
+    },
+    "type": {
+      "mds": true,
+      "autoIncludeWithMandates": true
+    }
+  },
+  {
+    "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/representative/DateOfBirth",
+    "idaAttribute": {
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.55"
+    },
+    "type": {
+      "mds": true,
+      "autoIncludeWithMandates": true
+    }
+  },
+  {
+    "eidasAttribute": "*",
+    "idaAttribute": {
+      "basic": "urn:oid:1.2.40.0.10.2.1.1.261.32",
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.32"
+    },
+    "type": {
+      "mds": false,
+      "autoIncludeWithMandates": false      
+    }
+  },
+  {
+    "eidasAttribute": "*",
+    "idaAttribute": {
+      "basic": "urn:oid:1.2.40.0.10.2.1.1.261.108",
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.108"
+    },
+    "type": {
+      "mds": false,
+      "autoIncludeWithMandates": false  
+    }
+  },
+  {
+    "eidasAttribute": "*",
+    "idaAttribute": {
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.68"
+    },
+    "type": {
+      "mds": false,
+      "autoIncludeWithMandates": false  
+    }
+  },
+  {
+    "eidasAttribute": "*",
+    "idaAttribute": {
+      "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.106"
+    },
+    "type": {
+      "mds": false,
+      "autoIncludeWithMandates": false  
+    }
+  }
+]
diff --git a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/builder/attributes/SpRequiredAttributersAttributeBuilder.java b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/builder/attributes/SpRequiredAttributersAttributeBuilder.java
new file mode 100644
index 00000000..61687088
--- /dev/null
+++ b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/builder/attributes/SpRequiredAttributersAttributeBuilder.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.modules.auth.idaustria.builder.attributes;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class SpRequiredAttributersAttributeBuilder
+    implements IAttributeBuilder, ExtendedPvpAttributeDefinitions {
+
+  @Override
+  public String getName() {
+    return SP_REQUIRED_ATTRIBUTES_NAME;
+  }
+
+  @Override
+  public <ATT> ATT build(final ISpConfiguration oaParam, final IAuthData authData,
+      final IAttributeGenerator<ATT> g)
+      throws AttributeBuilderException {
+    if (oaParam instanceof ServiceProviderConfiguration) {
+      return g.buildStringAttribute(SP_REQUIRED_ATTRIBUTES_FRIENDLY_NAME, SP_REQUIRED_ATTRIBUTES_NAME,
+          StringUtils.join(((ServiceProviderConfiguration)oaParam).getRequestedAttributes(), ","));
+      
+    } else {
+      log.warn("Can not build attribute for required IDA attributes, because SP config-implementation does not match.");
+      return null;
+      
+    }
+  }
+
+  @Override
+  public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) {
+    return g.buildEmptyAttribute(SP_REQUIRED_ATTRIBUTES_FRIENDLY_NAME, SP_REQUIRED_ATTRIBUTES_NAME);
+
+  }
+
+}
diff --git a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java
index e486b851..17e0e0d5 100644
--- a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java
+++ b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/ReceiveFromIdAustriaSystemTask.java
@@ -16,7 +16,6 @@ import org.opensaml.saml.saml2.core.StatusCode;
 import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
 import org.springframework.beans.factory.annotation.Autowired;
 
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants;
 import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider;
 import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMetadataProvider;
@@ -234,8 +233,7 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask {
       // inject all attributes into session
       final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
       for (final String attrName : includedAttrNames) {
-        injectAuthInfosIntoSession(session, attrName,
-            extractor.getSingleAttributeValue(attrName));
+        injectAuthInfosIntoSession(session, attrName, extractor.getSingleAttributeValue(attrName));
 
       }
       
@@ -306,31 +304,11 @@ public class ReceiveFromIdAustriaSystemTask extends AbstractAuthServletTask {
   private void injectAuthInfosIntoSession(AuthProcessDataWrapper session,
       String attrName, String attrValue) throws EaafStorageException, IOException {
     log.trace("Inject attribute: {} with value: {} into  AuthSession", attrName, attrValue);
-    log.debug("Inject attribute: {} into  AuthSession", attrName);
-    if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) {
-      log.trace("Find bPK attribute. Extract eIDAS identifier ... ");
-      session.setGenericDataToSession(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER,
-          extractBpkFromResponse(attrValue));
-      
-    } else {      
-      session.setGenericDataToSession(attrName, attrValue);
-
-    }
-
+    log.debug("Inject attribute: {} into  AuthSession", attrName);          
+    session.setGenericDataToSession(attrName, attrValue);
+         
   }
   
-  private String extractBpkFromResponse(String pvpBpkAttrValue) {
-    final String[] split = pvpBpkAttrValue.split(":", 2);
-    if (split.length == 2) {
-      return split[1];
-
-    } else {
-      log.warn("PVP bPK attribute: {} has wrong format. Use it as it is.", pvpBpkAttrValue);
-      return pvpBpkAttrValue;
-
-    }
-  }
-
   private Pair<PvpSProfileResponse, Boolean> preProcessAuthResponse(PvpSProfileResponse msg)
       throws IOException, MarshallingException, TransformerException,
       CredentialsNotAvailableException, AuthnResponseValidationException, SamlAssertionValidationExeption {
diff --git a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java
index 66aadde6..bbe9b45f 100644
--- a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java
+++ b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/tasks/RequestIdAustriaSystemTask.java
@@ -160,6 +160,12 @@ public class RequestIdAustriaSystemTask extends AbstractAuthServletTask {
     injectAttribute(attributs, PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME,
         selectHighestLoa(pendingReq.getServiceProviderConfiguration().getRequiredLoA()));
         
+    // set list of IDA attributes as attribute 
+    injectAttribute(attributs, ExtendedPvpAttributeDefinitions.SP_REQUIRED_ATTRIBUTES_NAME,
+        StringUtils.join(
+            pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).getRequestedAttributes(), 
+            ","));
+    
     //set ProviderName if available
     String providerName = ((ProxyServicePendingRequest)pendingReq).getEidasRequest().getProviderName();
     if (StringUtils.isNotEmpty(providerName)) {
diff --git a/modules/authmodule_id-austria/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/modules/authmodule_id-austria/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index 65e9482c..3b20d687 100644
--- a/modules/authmodule_id-austria/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
+++ b/modules/authmodule_id-austria/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -1 +1,2 @@
 at.asitplus.eidas.specific.modules.auth.idaustria.builder.attributes.EidasConnecorUniqueIdAttributeBuilder
+at.asitplus.eidas.specific.modules.auth.idaustria.builder.attributes.SpRequiredAttributersAttributeBuilder
diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/builder/attributes/SpRequiredAttributersAttributeBuilderTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/builder/attributes/SpRequiredAttributersAttributeBuilderTest.java
new file mode 100644
index 00000000..2fe420df
--- /dev/null
+++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/builder/attributes/SpRequiredAttributersAttributeBuilderTest.java
@@ -0,0 +1,72 @@
+package at.asitplus.eidas.specific.modules.auth.idaustria.test.builder.attributes;
+
+import static org.junit.Assert.assertEquals;
+
+import java.util.List;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.internal.util.collections.Sets;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.asitplus.eidas.specific.modules.auth.idaustria.builder.attributes.SpRequiredAttributersAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.attributes.AbstractAttributeBuilderTest;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = {
+    "/spring/SpringTest-context_basic_mapConfig.xml",
+    "/spring/SpringTest-context_basic_test.xml",
+})
+public class SpRequiredAttributersAttributeBuilderTest extends AbstractAttributeBuilderTest {
+
+private final IAttributeBuilder attrBuilder = new SpRequiredAttributersAttributeBuilder();
+  
+  @Test
+  public void attributeName() {
+    Assert.assertEquals("Wrong attribute name", 
+        "urn:eidgvat:attributes.RequiredAttributes", attrBuilder.getName());
+    
+  }
+  
+  @Test
+  public void checkEmptyAttribute() {    
+    String value = attrBuilder.buildEmpty(gen);    
+    Assert.assertNull("Attr. not null", value);
+        
+  }
+ 
+  @Test
+  public void withWrongSpConfig() throws AttributeBuilderException, Exception {      
+    String value = attrBuilder.build(spConfig, buildAuthData(), gen);    
+    Assert.assertNull("Attr. not null", value);
+        
+  }
+  
+  @Test
+  public void withAttributeValue() throws AttributeBuilderException, Exception {          
+    ServiceProviderConfiguration sp = new ServiceProviderConfiguration(spConfigMap, new DummyConfiguration());
+    sp.setRequestedAttributes(Sets.newSet(
+        "aabbccdd",
+        RandomStringUtils.randomAlphanumeric(10),
+        PvpAttributeDefinitions.BIRTHDATE_NAME));
+    
+    
+    String value = attrBuilder.build(sp, buildAuthData(), gen);    
+    
+    List<String> elements = KeyValueUtils.getListOfCsvValues(value);
+    assertEquals("wrong number of attributes", sp.getRequestedAttributes().size(), elements.size());
+    sp.getRequestedAttributes().forEach(
+        el -> elements.contains(el));
+           
+  }
+  
+}
diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java
index c452fe22..c3be6dad 100644
--- a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java
+++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java
@@ -36,7 +36,6 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
 import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants;
@@ -542,14 +541,14 @@ public class ReceiveAuthnResponseTaskTest {
     assertTrue("eidProcess flag", session.isEidProcess());
     assertFalse("useMandate flag", session.isMandateUsed());
     
-    checkAttributeInSession(session,PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max");
-    checkAttributeInSession(session,PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann");
-    checkAttributeInSession(session,PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01");
-    checkAttributeInSession(session,PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, "http://eidas.europa.eu/LoA/high");
-    checkAttributeInSession(session,PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT");
+    checkAttributeInSession(session, PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max");
+    checkAttributeInSession(session, PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann");
+    checkAttributeInSession(session, PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01");
+    checkAttributeInSession(session, PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, "http://eidas.europa.eu/LoA/high");
+    checkAttributeInSession(session, PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT");
     
     //pre-generated eIDAS identifer
-    checkAttributeInSession(session, MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcM4UcyhDTNGYmVdrIoY=");
+    checkAttributeInSession(session, PvpAttributeDefinitions.BPK_NAME, "AT+XX:QVGm48cqcM4UcyhDTNGYmVdrIoY=");
         
   }
 
@@ -587,7 +586,7 @@ public class ReceiveAuthnResponseTaskTest {
     checkAttributeInSession(session,PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01");
     checkAttributeInSession(session,PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT");
     
-    checkAttributeInSession(session,MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcM4UcyhDTNGYmVdrIoY=");
+    checkAttributeInSession(session,PvpAttributeDefinitions.BPK_NAME, "AT+CC:QVGm48cqcM4UcyhDTNGYmVdrIoY=");
 
   }
   
@@ -625,7 +624,7 @@ public class ReceiveAuthnResponseTaskTest {
     checkAttributeInSession(session,PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT");
     
     //pre-generated eIDAS identifer
-    checkAttributeInSession(session,MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcasfasfsafsafdM4UcyhDTNGYmVdrIoY=");
+    checkAttributeInSession(session,PvpAttributeDefinitions.BPK_NAME, "QVGm48cqcasfasfsafsafdM4UcyhDTNGYmVdrIoY=");
         
   }
   
@@ -663,7 +662,7 @@ public class ReceiveAuthnResponseTaskTest {
     checkAttributeInSession(session,PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT");
     
     //pre-generated eIDAS identifer
-    checkAttributeInSession(session,MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcasfasfsafsafdM4UcyhDTNGYmVdrIoY=");
+    checkAttributeInSession(session,PvpAttributeDefinitions.BPK_NAME, "AT+AB:QVGm48cqcasfasfsafsafdM4UcyhDTNGYmVdrIoY=");
         
   }
   
@@ -708,7 +707,7 @@ public class ReceiveAuthnResponseTaskTest {
     checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, "urn:publicid:gv.at:baseid+XERSB");
     
     //pre-generated eIDAS identifer
-    checkAttributeInSession(session, MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, "QVGm48cqcM4UcyhDTNGYmVdrIoY=");
+    checkAttributeInSession(session, PvpAttributeDefinitions.BPK_NAME, "AT+XX:QVGm48cqcM4UcyhDTNGYmVdrIoY=");
     assertNull("find nat. person bpk for mandator", session.getGenericDataFromSession(
         PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, String.class));
     
@@ -758,8 +757,7 @@ public class ReceiveAuthnResponseTaskTest {
 
         
     //pre-generated eIDAS identifer
-    checkAttributeInSession(session, MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
-        "QVGm48cqcM4UcyhDTNGYmVdrIoY=");
+    checkAttributeInSession(session, PvpAttributeDefinitions.BPK_NAME, "AT+XX:QVGm48cqcM4UcyhDTNGYmVdrIoY=");
     
     
   }
diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java
index f6ffc729..1feb684d 100644
--- a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java
+++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java
@@ -18,6 +18,7 @@ import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.mockito.internal.util.collections.Sets;
 import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
 import org.opensaml.core.xml.schema.XSString;
 import org.opensaml.core.xml.util.XMLObjectSupport;
@@ -41,6 +42,7 @@ import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePe
 import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
@@ -213,7 +215,7 @@ public class RequestIdAustriaSystemTaskTest {
 
     //validate state
     final EaafRequestedAttributes reqAttr = validate();
-    Assert.assertEquals("#Req Attribute", 4, reqAttr.getAttributes().size());
+    Assert.assertEquals("#Req Attribute", 5, reqAttr.getAttributes().size());
 
     Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.eidas.uniqueId",
         reqAttr.getAttributes().get(0).getName());
@@ -246,15 +248,15 @@ public class RequestIdAustriaSystemTaskTest {
         ((XSString)reqAttr.getAttributes().get(2).getAttributeValues().get(0)).getValue());
     
     Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderMandateType",
-        reqAttr.getAttributes().get(3).getName());
-    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(3).getAttributeValues());
+        reqAttr.getAttributes().get(4).getName());
+    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(4).getAttributeValues());
     Assert.assertEquals("#Req. Attr value", 1,
-        reqAttr.getAttributes().get(3).getAttributeValues().size());
+        reqAttr.getAttributes().get(4).getAttributeValues().size());
     org.springframework.util.Assert.isInstanceOf(XSString.class,
-        reqAttr.getAttributes().get(3).getAttributeValues().get(0), "Wrong requested Attributes Value type");
+        reqAttr.getAttributes().get(4).getAttributeValues().get(0), "Wrong requested Attributes Value type");
     Assert.assertEquals("Req. Attr. Value", 
         pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).getMandateMode().getMode(),
-        ((XSString)reqAttr.getAttributes().get(3).getAttributeValues().get(0)).getValue());
+        ((XSString)reqAttr.getAttributes().get(4).getAttributeValues().get(0)).getValue());
     
   }
 
@@ -275,33 +277,55 @@ public class RequestIdAustriaSystemTaskTest {
     LightRequest eidasReq = eidasRequestBuilder.build();
     pendingReq.setEidasRequest(eidasReq);
     
+    oaParam.setRequestedAttributes(Sets.newSet(
+        "aabbccdd",
+        RandomStringUtils.randomAlphanumeric(10),
+        PvpAttributeDefinitions.BIRTHDATE_NAME));
+    
     //execute test
     task.execute(pendingReq, executionContext);
 
     //validate state
     final EaafRequestedAttributes reqAttr = validate();
-    Assert.assertEquals("#Req Attribute", 6, reqAttr.getAttributes().size());
+    Assert.assertEquals("#Req Attribute", 7, reqAttr.getAttributes().size());
     
-    Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderFriendlyName",
+    
+    Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.RequiredAttributes",
         reqAttr.getAttributes().get(3).getName());
-    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(1).getAttributeValues());
+    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(3).getAttributeValues());
     Assert.assertEquals("#Req. Attr value", 1,
         reqAttr.getAttributes().get(3).getAttributeValues().size());
     org.springframework.util.Assert.isInstanceOf(XSString.class,
         reqAttr.getAttributes().get(3).getAttributeValues().get(0), "Wrong requested Attributes Value type");
-    Assert.assertEquals("Req. Attr. Value", eidasReq.getProviderName(),
+    
+    List<String> reqProfiles = KeyValueUtils.getListOfCsvValues(
         ((XSString)reqAttr.getAttributes().get(3).getAttributeValues().get(0)).getValue());
+    reqProfiles.stream().forEach(
+        el -> assertTrue("missing IDA attribute: " + el, oaParam.getRequestedAttributes().contains(el)));
     
-    Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderUniqueId",
+    
+    Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderFriendlyName",
         reqAttr.getAttributes().get(4).getName());
-    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(1).getAttributeValues());
+    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(4).getAttributeValues());
     Assert.assertEquals("#Req. Attr value", 1,
         reqAttr.getAttributes().get(4).getAttributeValues().size());
     org.springframework.util.Assert.isInstanceOf(XSString.class,
         reqAttr.getAttributes().get(4).getAttributeValues().get(0), "Wrong requested Attributes Value type");
-    Assert.assertEquals("Req. Attr. Value", eidasReq.getRequesterId(),
+    Assert.assertEquals("Req. Attr. Value", eidasReq.getProviderName(),
         ((XSString)reqAttr.getAttributes().get(4).getAttributeValues().get(0)).getValue());
     
+    Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderUniqueId",
+        reqAttr.getAttributes().get(5).getName());
+    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(5).getAttributeValues());
+    Assert.assertEquals("#Req. Attr value", 1,
+        reqAttr.getAttributes().get(5).getAttributeValues().size());
+    org.springframework.util.Assert.isInstanceOf(XSString.class,
+        reqAttr.getAttributes().get(5).getAttributeValues().get(0), "Wrong requested Attributes Value type");
+    Assert.assertEquals("Req. Attr. Value", eidasReq.getRequesterId(),
+        ((XSString)reqAttr.getAttributes().get(5).getAttributeValues().get(0)).getValue());
+    
+    
+    
   }
   
   @Test
@@ -330,31 +354,31 @@ public class RequestIdAustriaSystemTaskTest {
 
     //validate state
     final EaafRequestedAttributes reqAttr = validate();
-    Assert.assertEquals("#Req Attribute", 7, reqAttr.getAttributes().size());
+    Assert.assertEquals("#Req Attribute", 8, reqAttr.getAttributes().size());
     
     Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderMandateProfiles",
-        reqAttr.getAttributes().get(5).getName());
-    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(1).getAttributeValues());
+        reqAttr.getAttributes().get(6).getName());
+    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(6).getAttributeValues());
     Assert.assertEquals("#Req. Attr value", 1,
-        reqAttr.getAttributes().get(5).getAttributeValues().size());
+        reqAttr.getAttributes().get(6).getAttributeValues().size());
     org.springframework.util.Assert.isInstanceOf(XSString.class,
-        reqAttr.getAttributes().get(5).getAttributeValues().get(0), "Wrong requested Attributes Value type");
+        reqAttr.getAttributes().get(6).getAttributeValues().get(0), "Wrong requested Attributes Value type");
     
     List<String> reqProfiles = KeyValueUtils.getListOfCsvValues(
-        ((XSString)reqAttr.getAttributes().get(5).getAttributeValues().get(0)).getValue());
+        ((XSString)reqAttr.getAttributes().get(6).getAttributeValues().get(0)).getValue());
     reqProfiles.stream().forEach(el -> assertTrue("missing profile: " + el, mandateProfiles.contains(el)));
     
     
     Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderMandateType",
-        reqAttr.getAttributes().get(6).getName());
-    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(6).getAttributeValues());
+        reqAttr.getAttributes().get(7).getName());
+    Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(7).getAttributeValues());
     Assert.assertEquals("#Req. Attr value", 1,
-        reqAttr.getAttributes().get(6).getAttributeValues().size());
+        reqAttr.getAttributes().get(7).getAttributeValues().size());
     org.springframework.util.Assert.isInstanceOf(XSString.class,
-        reqAttr.getAttributes().get(6).getAttributeValues().get(0), "Wrong requested Attributes Value type");
+        reqAttr.getAttributes().get(7).getAttributeValues().get(0), "Wrong requested Attributes Value type");
     Assert.assertEquals("Req. Attr. Value", 
         SpMandateModes.LEGAL_FORCE.getMode(),
-        ((XSString)reqAttr.getAttributes().get(6).getAttributeValues().get(0)).getValue());
+        ((XSString)reqAttr.getAttributes().get(7).getAttributeValues().get(0)).getValue());
     
   }
   
diff --git a/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsEidasNodeConstants.java b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsEidasNodeConstants.java
index be5d7c7d..8da7ddd0 100644
--- a/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsEidasNodeConstants.java
+++ b/modules/core_common_lib/src/main/java/at/asitplus/eidas/specific/core/MsEidasNodeConstants.java
@@ -31,7 +31,6 @@ import java.util.List;
 import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
 import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
 import at.gv.egiz.eaaf.core.impl.data.Triple;
-import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
 
 public class MsEidasNodeConstants {
   // ************ configuration properties ************
@@ -189,17 +188,7 @@ public class MsEidasNodeConstants {
 
   
   public static final String EID_BINDING_PUBLIC_KEY_NAME = "urn:eidgvat:attributes.binding.pubkey";
-  
-  
-  // ----   Attribute configuration  ------  
-  public static final String ATTR_EIDAS_PERSONAL_IDENTIFIER = 
-      AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + PvpAttributeDefinitions.BPK_NAME;
-  public static final String ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER = 
-      AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME;
-  public static final String ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER = 
-      AbstractAuthenticationDataBuilder.GENERIC_AUTHDATA_IDENTIFIER 
-      + PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME;
-  
+    
   public static final String AUTH_DATA_SZR_AUTHBLOCK = "authData_AUTHBLOCK";
   public static final String AUTH_DATA_EIDAS_BIND = "authData_EIDAS_BIND";
   
diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
index e719735c..673b8ef5 100644
--- a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
@@ -24,73 +24,92 @@
 package at.asitplus.eidas.specific.core.builder;
 
 import java.time.Instant;
-
-import org.springframework.stereotype.Service;
+import java.util.Optional;
+import java.util.Set;
 
 import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
+import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Triple;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
 import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
 import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
 import lombok.extern.slf4j.Slf4j;
 
-@Service("AuthenticationDataBuilder")
 @Slf4j
 public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder {
 
+  private static final String ERROR_B11 = "builder.11";
+
   @Override
-  protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException {        
+  protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException {
     final EidAuthProcessDataWrapper authProcessData =
-        pendingReq.getSessionData(EidAuthProcessDataWrapper.class);    
-    EidAuthenticationData authData = new EidAuthenticationData();
-    
-    //set basis infos
+        pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
+    final EidAuthenticationData authData = new EidAuthenticationData();
+
+    // set basis infos
     super.generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData);
-    
+
     // set specific informations
     authData.setSsoSessionValidTo(
         Instant.now().plusSeconds(MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60));
-    authData.setEidStatus(authProcessData.isTestIdentity() 
-        ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY);
-    
+    authData.setEidStatus(authProcessData.isTestIdentity()
+        ? EidIdentityStatusLevelValues.TESTIDENTITY
+        : EidIdentityStatusLevelValues.IDENTITY);
+
     return authData;
 
   }
 
   @Override
-  protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) 
+  protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq)
       throws EaafException {
     if (authData instanceof EidAuthenticationData) {
-      ((EidAuthenticationData)authData).setGenericData(
-          ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, 
+      ((EidAuthenticationData) authData).setGenericData(
+          ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME,
           pendingReq.getUniquePiiTransactionIdentifier());
       log.trace("Inject piiTransactionId: {} into AuthData", pendingReq.getUniquePiiTransactionIdentifier());
-    
+
       // set specific informations
-      ((EidAuthenticationData)authData).setSsoSessionValidTo(
+      ((EidAuthenticationData) authData).setSsoSessionValidTo(
           Instant.now().plusSeconds(MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60));
 
-      //set E-ID status-level
+      // set E-ID status-level
       final EidAuthProcessDataWrapper authProcessData =
-          pendingReq.getSessionData(EidAuthProcessDataWrapper.class);        
-      ((EidAuthenticationData)authData).setEidStatus(authProcessData.isTestIdentity() 
-          ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY);
-      
+          pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
+      ((EidAuthenticationData) authData).setEidStatus(authProcessData.isTestIdentity()
+          ? EidIdentityStatusLevelValues.TESTIDENTITY
+          : EidIdentityStatusLevelValues.IDENTITY);
+
+      // forward all requested IDA attributes into authData
+      forwardAllRequestedIdaAttributes(authProcessData, (EidAuthenticationData) authData,
+          pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class)
+              .getRequestedAttributes());
+
+      // build specific bPK attribute
+      buildNatPersonInfos((EidAuthenticationData) authData, authProcessData);
+
+      // handle mandate informations
+      buildMandateInformation((EidAuthenticationData) authData, pendingReq, authProcessData);
+
     } else {
-      throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: " 
+      throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: "
           + authData.getClass().getName());
-      
+
     }
-        
+
   }
 
   @Override
@@ -119,4 +138,120 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 
   }
 
+  protected String customizeLegalPersonSourcePin(String sourcePin, String sourcePinType) {
+    log.trace("Use legal-person sourcePin as it is");
+    return sourcePin;
+
+  }
+
+  protected String customizeBpkAttribute(String pvpBpkAttrValue) {
+    log.trace("Use natural-person bPK as it is");
+    return pvpBpkAttrValue;
+
+  }
+
+  private void forwardAllRequestedIdaAttributes(EidAuthProcessDataWrapper authProcessData,
+      EidAuthenticationData authData, Set<String> requestedIdaAttributes) {
+    if (requestedIdaAttributes != null && !requestedIdaAttributes.isEmpty()) {
+      log.trace("Forwarding IDA requested attributes ... ");
+      authProcessData.getGenericSessionDataStream()
+          .filter(el -> requestedIdaAttributes.contains(el.getKey()))
+          .forEach(el -> {
+            try {
+              authData.setGenericData(el.getKey(), el.getValue());
+
+            } catch (final EaafStorageException e) {
+              log.error("Can not store attribute: {} into session.", el.getKey(), e);
+              throw new RuntimeException(e);
+
+            }
+          });
+    } else {
+      log.trace("No IDA requested attributes to forwarding. Nothing todo");
+
+    }
+  }
+
+  private void buildMandateInformation(EidAuthenticationData authData, IRequest pendingReq,
+      EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException,
+      EaafStorageException {
+    authData.setUseMandate(authProcessData.isMandateUsed());
+    if (authProcessData.isMandateUsed()) {
+      log.debug("Build mandate-releated authentication data ... ");
+      if (authProcessData.isForeigner()) {
+        buildMandateInformationForEidasIncoming();
+
+      } else {
+        buildMandateInformationForEidasOutgoing(authData, pendingReq, authProcessData);
+
+      }
+    }
+  }
+
+  private void buildMandateInformationForEidasIncoming() {
+    log.debug("Find eIDAS incoming process. Generated mandate-information for ID-Austria system ... ");
+
+    // TODO: implement IDA specific processing of foreign mandate
+
+  }
+
+  private void buildNatPersonInfos(EidAuthenticationData authData,
+      EidAuthProcessDataWrapper authProcessData) throws EaafStorageException {
+    // clean-up BPK attribute and forward it as new property
+    authData.setGenericData(PvpAttributeDefinitions.BPK_NAME,
+        customizeBpkAttribute(authProcessData.getGenericDataFromSession(
+            PvpAttributeDefinitions.BPK_NAME, String.class)));
+
+  }
+
+  private void buildMandateInformationForEidasOutgoing(EidAuthenticationData authData, IRequest pendingReq,
+      EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException,
+      EaafStorageException {
+    log.debug("Find eIDAS outgoing process. Generated mandate-information for other country ... ");
+    if (authProcessData.getGenericDataFromSession(
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME) != null) {
+      final Optional<Triple<String, String, Boolean>> missingAttribute =
+          MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES.stream()
+              .filter(el -> authProcessData.getGenericDataFromSession(el.getFirst()) == null)
+              .findFirst();
+      if (missingAttribute.isPresent()) {
+        log.error("ID-Austria response contains not all attributes for nat. person mandator. Missing: {}",
+            missingAttribute.get().getFirst());
+        throw new EaafAuthenticationException(ERROR_B11, new Object[] { "Nat. person mandate" });
+
+      } else {
+        log.trace("Find nat. person mandate. Mandate can be used as it is ");
+        authData.setGenericData(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME,
+            customizeBpkAttribute(authProcessData.getGenericDataFromSession(
+                PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, String.class)));
+
+      }
+
+    } else {
+      final Optional<Triple<String, String, Boolean>> missingAttribute =
+          MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES.stream()
+              .filter(el -> authProcessData.getGenericDataFromSession(el.getFirst()) == null)
+              .findFirst();
+      if (missingAttribute.isPresent()) {
+        log.error("ID-Austria response contains not all attributes for legal. person mandator. Missing: {}",
+            missingAttribute.get().getFirst());
+        throw new EaafAuthenticationException(ERROR_B11, new Object[] { "Legal. person mandate" });
+
+      } else {
+        log.trace(
+            "Find jur. person mandate. Generate eIDAS identifier from legal-person sourcePin and type ... ");
+        final String sourcePin = authProcessData.getGenericDataFromSession(
+            PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class);
+        final String sourcePinType = authProcessData.getGenericDataFromSession(
+            PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class);
+
+        // customize attribute-value for source-pin
+        final String sourcePinToUse = customizeLegalPersonSourcePin(sourcePin, sourcePinType);
+        log.debug("Use legal-person eIDAS identifer: {} from baseId: {} and baseIdType: {}",
+            sourcePinToUse, sourcePin, sourcePinType);
+        authData.setGenericData(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinToUse);
+
+      }
+    }
+  }
 }
diff --git a/modules/core_common_webapp/src/main/resources/specific_eIDAS_core.beans.xml b/modules/core_common_webapp/src/main/resources/specific_eIDAS_core.beans.xml
index ee67d712..af3594a5 100644
--- a/modules/core_common_webapp/src/main/resources/specific_eIDAS_core.beans.xml
+++ b/modules/core_common_webapp/src/main/resources/specific_eIDAS_core.beans.xml
@@ -23,9 +23,6 @@
   <bean id="AuthenticationManager"
         class="at.asitplus.eidas.specific.core.auth.AuthenticationManager" />
         
-  <bean id="AuthenticationDataBuilder"
-        class="at.asitplus.eidas.specific.core.builder.AuthenticationDataBuilder" />
-
   <bean id="eaafProtocolAuthenticationService"
         class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService">
     <property name="guiBuilder" ref="mvcGUIBuilderImpl" />
diff --git a/modules/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/utils/AuthenticationDataBuilderTest.java b/modules/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/utils/AuthenticationDataBuilderTest.java
index 12936a59..8b2eebd4 100644
--- a/modules/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/utils/AuthenticationDataBuilderTest.java
+++ b/modules/core_common_webapp/src/test/java/at/asitplus/eidas/specific/core/test/utils/AuthenticationDataBuilderTest.java
@@ -1,6 +1,9 @@
 package at.asitplus.eidas.specific.core.test.utils;
 
 import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThrows;
+import static org.junit.Assert.assertTrue;
 
 import java.io.IOException;
 import java.security.PublicKey;
@@ -30,8 +33,11 @@ import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 import org.w3c.dom.Element;
 
+import com.google.common.collect.Sets;
+
 import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.core.builder.AuthenticationDataBuilder;
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
 import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
@@ -49,9 +55,9 @@ import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
-import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
 import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import lombok.SneakyThrows;
 import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
 
 @RunWith(SpringJUnit4ClassRunner.class)
@@ -71,7 +77,8 @@ public class AuthenticationDataBuilderTest {
   private MockHttpServletResponse httpResp;
   private TestRequestImpl pendingReq;
 
-  private DummySpConfiguration oaParam;
+  private Map<String, String> spConfig;
+  private ServiceProviderConfiguration oaParam;
 
   private String eidasBind;
   private String authBlock;
@@ -86,18 +93,20 @@ public class AuthenticationDataBuilderTest {
   }
 
   @Before
+  @SneakyThrows
   public void initialize() throws EaafStorageException {
     httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
     httpResp = new MockHttpServletResponse();
     RequestContextHolder.resetRequestAttributes();
     RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
 
-    final Map<String, String> spConfig = new HashMap<>();
+    spConfig = new HashMap<>();
     spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
     spConfig.put("target", "urn:publicid:gv.at:cdid+XX");
     spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true");
-    oaParam = new DummySpConfiguration(spConfig, basicConfig);
-
+    oaParam = new ServiceProviderConfiguration(spConfig, basicConfig);
+    oaParam.setBpkTargetIdentifier("urn:publicid:gv.at:cdid+XX");
+    
     pendingReq = new TestRequestImpl();
     pendingReq.setAuthUrl("https://localhost/ms_connector");
     pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
@@ -119,6 +128,260 @@ public class AuthenticationDataBuilderTest {
 
   }
 
+  @Test
+  public void eidasProxyModeWithJurMandate() throws EaafAuthenticationException, EaafStorageException {
+    // initialize state    
+    injectRepresentativeInfosIntoSession();
+    
+    String commonMandate = RandomStringUtils.randomAlphabetic(10);
+    
+    // set constant country-code and sourcePin to check hashed eIDAS identifier
+    String sourcePinMandate = "asfdsadfsadfsafsdafsadfasr";       
+    spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+EE");
+    
+    // set nat. person mandate information
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, 
+            EaafConstants.URN_PREFIX_BASEID + "+XFN");            
+    
+    oaParam.setRequestedAttributes(Sets.newHashSet(
+        PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, 
+        PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME));
+    
+    // execute test
+    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+    
+    // validate state
+    Assert.assertNotNull("AuthData null", authData);    
+    assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate());
+    
+    //check mandate informations
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinMandate);
+        
+  }
+  
+  @Test
+  public void eidasProxyModeWithJurMandateMissingAttribute() throws EaafAuthenticationException, EaafStorageException {
+    // initialize state    
+    injectRepresentativeInfosIntoSession();
+    
+    // set constant country-code and sourcePin to check hashed eIDAS identifier
+    String sourcePinMandate = "asfdsadfsadfsafsdafsadfasr";       
+    spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+EE");
+    
+    // set nat. person mandate information
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, 
+            EaafConstants.URN_PREFIX_BASEID + "+XFN");            
+    
+    // execute test
+    // execute test
+    EaafAuthenticationException error = assertThrows(EaafAuthenticationException.class, 
+        () -> authenticationDataBuilder.buildAuthenticationData(pendingReq));
+    Assert.assertEquals("wrong errorId", "builder.11", error.getErrorId());
+        
+  }
+  
+  @Test
+  public void eidasProxyModeWithNatMandate() throws EaafAuthenticationException, EaafStorageException {
+    // initialize state    
+    injectRepresentativeInfosIntoSession();
+    
+    String givenNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String familyNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String dateOfBirthMandate = "1957-09-15";
+    String bpkMandate = RandomStringUtils.randomAlphanumeric(10);
+        
+    // set nat. person mandate information
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, "AT+XX:" + bpkMandate);
+            
+    oaParam.setRequestedAttributes(Sets.newHashSet(
+        PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME,
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME));
+    
+    // execute test
+    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+    
+    // validate state
+    Assert.assertNotNull("AuthData null", authData);    
+    assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate());
+    
+    //check mandate informations
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1957-09-15");
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, "AT+XX:" + bpkMandate);
+        
+  }
+  
+  @Test
+  public void eidasProxyModeWithNatMandateWrongBpkFormat() throws EaafAuthenticationException, EaafStorageException {
+    // initialize state
+    injectRepresentativeInfosIntoSession();
+    
+    String givenNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String familyNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String dateOfBirthMandate = "1957-09-15";
+    String bpkMandate = RandomStringUtils.randomAlphanumeric(10);
+        
+    // set nat. person mandate information
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate);
+
+    oaParam.setRequestedAttributes(Sets.newHashSet(
+        PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME,
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME));
+    
+    // execute test
+    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+    
+    // validate state
+    Assert.assertNotNull("AuthData null", authData);    
+    assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate());
+    
+    //check mandate informations
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1957-09-15");
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate);
+        
+  }
+  
+  @Test
+  public void eidasProxyModeWithNatMandateMissingAttribute() throws EaafAuthenticationException, EaafStorageException {
+    // initialize state
+    injectRepresentativeInfosIntoSession();
+    
+    String familyNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String dateOfBirthMandate = "1957-09-15";
+    String bpkMandate = RandomStringUtils.randomAlphanumeric(10);
+        
+    // set nat. person mandate information
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate);
+    
+    // execute test
+    EaafAuthenticationException error = assertThrows(EaafAuthenticationException.class, 
+        () -> authenticationDataBuilder.buildAuthenticationData(pendingReq));
+    Assert.assertEquals("wrong errorId", "builder.11", error.getErrorId());
+        
+  }
+
+  
+  
+  @Test
+  @SneakyThrows
+  public void eidasProxyMode() throws EaafAuthenticationException {
+    // initialize state
+    pendingReq = new TestRequestImpl();
+    pendingReq.setAuthUrl("https://localhost/ms_connector");
+    pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setSpConfig(oaParam);
+    boolean isTestIdentity = RandomUtils.nextBoolean();
+    
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setForeigner(false);
+
+    String bpk = RandomStringUtils.randomAlphanumeric(10);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.BPK_NAME, "eidas+AT+XX:" + bpk);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max");
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann");
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01");
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME,
+        "http://eidas.europa.eu/LoA/high");
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+         PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
+         RandomStringUtils.randomAlphabetic(2));
+        
+    String randAttr = RandomStringUtils.randomAlphabetic(10);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        randAttr, RandomStringUtils.randomAlphabetic(10));
+
+    oaParam.setRequestedAttributes(Sets.newHashSet(randAttr,
+        PvpAttributeDefinitions.BPK_NAME,
+        PvpAttributeDefinitions.GIVEN_NAME_NAME, 
+        PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, 
+        PvpAttributeDefinitions.BIRTHDATE_NAME,
+        PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME,
+        PvpAttributeDefinitions.EID_ISSUING_NATION_NAME));
+    
+    
+    // execute
+    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+    // validate state
+    Assert.assertNotNull("AuthData null", authData);
+    Assert.assertNull("authBlock null", authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class));
+    Assert.assertNull("eidasBind null", authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class));
+    Assert.assertNotNull("LoA null", authData.getEidasQaaLevel());
+        
+    Assert.assertEquals("FamilyName", "Mustermann", authData.getFamilyName());
+    Assert.assertEquals("GivenName", "Max", authData.getGivenName());
+    Assert.assertEquals("DateOfBirth", "1940-01-01", authData.getDateOfBirth());
+    
+    Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/high", authData.getEidasQaaLevel());
+    Assert.assertEquals("EID-ISSUING-NATION",
+        pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(
+            PvpAttributeDefinitions.EID_ISSUING_NATION_NAME),
+        authData.getCiticenCountryCode());
+    
+    checkGenericAttribute(authData, PvpAttributeDefinitions.BPK_NAME, "eidas+AT+XX:" + bpk);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max");
+    checkGenericAttribute(authData, PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann");
+    checkGenericAttribute(authData, PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01");
+    
+    Assert.assertEquals("random optional attr.",
+        pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(
+            randAttr),
+        authData.getGenericData(randAttr, String.class));
+    
+  }
+  
+  
+  
   @Test
   public void eidMode() throws EaafAuthenticationException {
     // initialize state
@@ -207,10 +470,48 @@ public class AuthenticationDataBuilderTest {
         authData.getBpk());
     Assert.assertEquals("bPKType", EaafConstants.URN_PREFIX_CDID + "XX", authData.getBpkType());
     Assert.assertNotNull("IDL", authData.getIdentityLink());
+       
+  }
+
+  private void injectRepresentativeInfosIntoSession() throws EaafStorageException {
+    boolean isTestIdentity = RandomUtils.nextBoolean();
+    pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
     
+    String givenName = RandomStringUtils.randomAlphabetic(10);
+    String familyName = RandomStringUtils.randomAlphabetic(10);
+    String dateOfBirth = "1956-12-08";
+    String bpk = RandomStringUtils.randomAlphanumeric(10);
+    String cc = pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class);
+    String spC = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + cc + "+" + spC);
+    
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setForeigner(false);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.GIVEN_NAME_NAME, givenName);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, familyName);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.BIRTHDATE_NAME, dateOfBirth);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, bpk);
+    
+    //set LoA level attribute instead of explicit session-data
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+    .setGenericDataToSession(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, 
+        pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel());
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setQaaLevel(null);
     
   }
+  
+  private void checkGenericAttribute(IAuthData authData, String attrName, String expected) {
+    assertEquals("Wrong: " + attrName, expected, authData.getGenericData(attrName, String.class));
+    
+   }
 
+  
   private IIdentityLink buildDummyIdl() {
     return new IIdentityLink() {
       
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java
index 86ca49fa..f66bb799 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/dto/attributes/Type.java
@@ -15,6 +15,7 @@ import lombok.Data;
 @JsonInclude(JsonInclude.Include.NON_NULL)
 @JsonPropertyOrder({
     "mds",
+    "autoIncludeWithMandates",
     "mandator"
 })
 @Data
@@ -27,6 +28,12 @@ public class Type {
   @JsonProperty("mds")
   private Boolean mds;
 
+  /**
+   * <code>true</code> if that attribute has to be included into eIDAS response in case of mandates.  
+   */
+  @JsonProperty("autoIncludeWithMandates")
+  private Boolean autoIncludeWithMandates;
+  
   /**
    * Classifie that attribute to specific mandate modes.
    */
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
index 92165412..bf1c5e5f 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
@@ -1,6 +1,7 @@
 package at.asitplus.eidas.specific.modules.msproxyservice.protocol;
 
 import java.io.IOException;
+import java.util.Optional;
 import java.util.UUID;
 
 import javax.annotation.PostConstruct;
@@ -15,12 +16,11 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.core.io.ResourceLoader;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration;
 import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
-import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
 import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException;
+import at.asitplus.eidas.specific.modules.msproxyservice.service.ProxyEidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
@@ -69,35 +69,35 @@ public class ProxyServiceAuthenticationAction implements IAction {
   @Autowired
   ISpringMvcGuiFormBuilder guiBuilder;
   @Autowired
-  EidasAttributeRegistry attrRegistry;
+  ProxyEidasAttributeRegistry attrRegistry;
 
   @Override
   public SloInformationInterface processRequest(IRequest pendingReq, HttpServletRequest httpReq,
       HttpServletResponse httpResp, IAuthData authData) throws EaafException {
     if (pendingReq instanceof ProxyServicePendingRequest) {
-      try {        
-        ILightRequest eidasReq = ((ProxyServicePendingRequest) pendingReq).getEidasRequest();
-        
-        //build eIDAS response
-        Builder lightRespBuilder = LightResponse.builder();
+      try {
+        final ILightRequest eidasReq = ((ProxyServicePendingRequest) pendingReq).getEidasRequest();
+
+        // build eIDAS response
+        final Builder lightRespBuilder = LightResponse.builder();
         lightRespBuilder.id(UUID.randomUUID().toString());
         lightRespBuilder.inResponseToId(eidasReq.getId());
         lightRespBuilder.relayState(eidasReq.getRelayState());
-        
+
         lightRespBuilder.status(ResponseStatus.builder()
             .statusCode(EidasConstants.SUCCESS_URI)
             .build());
-        
-        //TODO: check if we can use transient subjectNameIds
+
+        // TODO: check if we can use transient subjectNameIds
         lightRespBuilder.subject(UUID.randomUUID().toString());
         lightRespBuilder.subjectNameIdFormat(NameIDType.TRANSIENT);
-        
-        //TODO:
+
+        // TODO:
         lightRespBuilder.issuer(basicConfig.getBasicConfiguration(
             MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID));
-        lightRespBuilder.levelOfAssurance(authData.getEidasQaaLevel());       
+        lightRespBuilder.levelOfAssurance(authData.getEidasQaaLevel());
         lightRespBuilder.attributes(buildAttributesFromAuthData(authData, eidasReq));
-        
+
         // set SLO response object of EAAF framework
         final SloInformationImpl sloInformation = new SloInformationImpl();
         sloInformation.setProtocolType(pendingReq.requestedModule());
@@ -121,7 +121,7 @@ public class ProxyServiceAuthenticationAction implements IAction {
 
     }
   }
-  
+
   @Override
   public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
     return true;
@@ -133,28 +133,29 @@ public class ProxyServiceAuthenticationAction implements IAction {
     return PROXYSERVICE_AUTH_ACTION_NAME;
 
   }
-  
 
   /**
    * Forward eIDAS Light response to eIDAS node.
-   *     
-   * @param pendingReq Current pending request.
-   * @param httpReq Current HTTP request
-   * @param httpResp  Current HTTP response
+   *
+   * @param pendingReq    Current pending request.
+   * @param httpReq       Current HTTP request
+   * @param httpResp      Current HTTP response
    * @param lightResponse eIDAS LightResponse
    * @throws EaafConfigurationException In case of a configuration error
-   * @throws IOException In case of a general error
-   * @throws GuiBuildException In case of a GUI rendering error, if http POST binding is used
-   * @throws ServletException In case of a general error
+   * @throws IOException                In case of a general error
+   * @throws GuiBuildException          In case of a GUI rendering error, if http
+   *                                    POST binding is used
+   * @throws ServletException           In case of a general error
    */
   public void forwardToEidasProxy(IRequest pendingReq, HttpServletRequest httpReq,
-      HttpServletResponse httpResp, LightResponse lightResponse) throws EaafConfigurationException, IOException,
+      HttpServletResponse httpResp, LightResponse lightResponse) throws EaafConfigurationException,
+      IOException,
       GuiBuildException, ServletException {
 
     // put request into shared cache
     final BinaryLightToken token = putResponseInCommunicationCache(lightResponse);
     final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token);
-        
+
     // select forward URL regarding the selected environment
     final String forwardUrl = basicConfig.getBasicConfiguration(
         MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_FORWARD_URL);
@@ -196,148 +197,80 @@ public class ProxyServiceAuthenticationAction implements IAction {
 
     }
   }
-  
-  @PostConstruct 
+
+  @PostConstruct
   private void checkConfiguration() {
-    //TODO: validate configuration on start-up
-    
+    // TODO: validate configuration on start-up
+
   }
-  
-  
-  private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData, 
+
+  private ImmutableAttributeMap buildAttributesFromAuthData(IAuthData authData,
       ILightRequest eidasReq) {
-    IEidAuthData eidAuthData = (IEidAuthData) authData;
+    final IEidAuthData eidAuthData = (IEidAuthData) authData;
+    final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder();
+
+    // inject all requested attributres
+    injectRequestedAttributes(attributeMap, eidasReq, eidAuthData);
+
     if (eidAuthData.isUseMandate()) {
       log.debug("Building eIDAS Proxy-Service response with mandate ... ");
-      final ImmutableAttributeMap.Builder attributeMap = ImmutableAttributeMap.builder();
-      injectRepesentativeInformation(attributeMap, eidAuthData);
-      injectMandatorInformation(attributeMap, eidAuthData);
-      
-      // work-around that injects nat. person subject to bypass validation on eIDAS Node
+      injectMdsRepesentativeInformation(attributeMap, eidAuthData, eidasReq.getRequestedAttributes());
+
+      // work-around that injects nat. person subject to bypass validation on eIDAS
+      // Node
       injectJurPersonWorkaroundIfRequired(attributeMap, eidasReq, authData);
-      
-      return attributeMap.build();
-            
-    } else {
-      log.debug("Building eIDAS Proxy-Service response without mandates ... ");
-      return buildAttributesWithoutMandate(eidAuthData);
-      
-    }   
-  }
-    
-  private void injectMandatorInformation(
-      ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) {    
-    String natMandatorId = eidAuthData.getGenericData(
-        MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER, String.class);
-    
-    if (StringUtils.isNotEmpty(natMandatorId)) {
-      log.debug("Injecting natural mandator informations ... ");
-      final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-          EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
-      final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-          EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
-      final AttributeDefinition<?> attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-          EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first();
-      final AttributeDefinition<?> attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-          EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first();
-      
-      attributeMap.put(attrDefPersonalId, natMandatorId);
-      attributeMap.put(attrDefFamilyName, eidAuthData.getGenericData(
-          PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class));
-      attributeMap.put(attrDefGivenName, eidAuthData.getGenericData(
-          PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class));
-      attributeMap.put(attrDefDateOfBirth, eidAuthData.getGenericData(
-          PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, String.class));
-      
-    } else {
-      log.debug("Injecting legal mandator informations ... ");
-      final AttributeDefinition<?> commonName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-          EidasConstants.eIDAS_ATTR_LEGALNAME).first();
-      final AttributeDefinition<?> legalPersonId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-          EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first();
-      
-      attributeMap.put(commonName, eidAuthData.getGenericData(
-          PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, String.class));
-      attributeMap.put(legalPersonId, eidAuthData.getGenericData(
-          MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class));
-            
-    }            
-  }
 
-  private void injectRepesentativeInformation(
-      ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData) {
-    final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER).first();
-    final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME).first();
-    final AttributeDefinition<?> attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME).first();
-    final AttributeDefinition<?> attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH).first();
-   
-    attributeMap.put(attrDefPersonalId, 
-            eidAuthData.getGenericData(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class));
-    attributeMap.put(attrDefFamilyName, eidAuthData.getFamilyName());
-    attributeMap.put(attrDefGivenName, eidAuthData.getGivenName());
-    
-    //TODO: throw an error in case of SZR Date with month or day = "00"
-    attributeMap.put(attrDefDateOfBirth, eidAuthData.getDateOfBirth());
-    
+    }
+
+    return attributeMap.build();
+
   }
 
-  /**
-   * Work-around to inject representative information as nat. person subject to bypass eIDAS Node validation. 
-   * 
-   * <p><b>Injection will only be done if this work-around is enabled by configuration, 
-   * the mandator is a legal person, and both legal and natural person subject's is requested.</b></p>
-   * 
-   * @param attributeMap Attribute set for eIDAS response
-   * @param eidasReq Incoming eIDAS request
-   * @param authData Authentication data
-   */
-  private void injectJurPersonWorkaroundIfRequired(
-      ImmutableAttributeMap.Builder attributeMap, ILightRequest eidasReq, IAuthData authData) {
-    if (isLegalPersonWorkaroundActive() && isLegalPersonMandateAvailable(authData) 
-        && EidasProxyServiceUtils.isNaturalPersonRequested(eidasReq)
-        && EidasProxyServiceUtils.isLegalPersonRequested(eidasReq)) {
-      log.debug("Injecting representative information as nat. person subject to bypass eIDAS Node validation");
-      attributeMap.putAll(buildAttributesWithoutMandate(authData));
-      
-    }        
+  private void injectRequestedAttributes(ImmutableAttributeMap.Builder attributeMap, ILightRequest eidasReq,
+      IEidAuthData eidAuthData) {
+    eidasReq.getRequestedAttributes().getAttributeMap().keySet().stream()
+        .forEach(el -> injectEidasAttribute(attributeMap, eidAuthData,
+            el.getNameUri().toString(), eidAuthData.isUseMandate()));
+
   }
-  
-  private ImmutableAttributeMap buildAttributesWithoutMandate(IAuthData eidAuthData) {        
-    //TODO: throw an error in case of SZR Date with month or day = "00"
-    return buildAttributesWithoutMandate(
-        eidAuthData.getGenericData(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class), 
-        eidAuthData.getFamilyName(), 
-        eidAuthData.getGivenName(), 
-        eidAuthData.getDateOfBirth());
-    
+
+  private void injectMdsRepesentativeInformation(
+      ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData,
+      ImmutableAttributeMap requestedAttributes) {
+    attrRegistry.getRepresentativeAttributesToAddByDefault()
+        .filter(el -> requestedAttributes.getAttributeValuesByNameUri(el) == null)
+        .forEach(el -> injectEidasAttribute(attributeMap, eidAuthData, el, true));
+
   }
 
-  private ImmutableAttributeMap buildAttributesWithoutMandate(String personalIdentifier, String familyName,
-      String givenName, String dateOfBirth) {
-    final AttributeDefinition<?> attrDefPersonalId = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
-    final AttributeDefinition<?> attrDefFamilyName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
-    final AttributeDefinition<?> attrDefGivenName = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first();
-    final AttributeDefinition<?> attrDefDateOfBirth = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-        EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first();
-   
-    final ImmutableAttributeMap.Builder attributeMap = 
-        ImmutableAttributeMap.builder()
-        .put(attrDefPersonalId, personalIdentifier)
-        .put(attrDefFamilyName, familyName)
-        .put(attrDefGivenName, givenName)        
-        .put(attrDefDateOfBirth, dateOfBirth);
-    
-    return attributeMap.build();
-    
+  private void injectEidasAttribute(ImmutableAttributeMap.Builder attributeMap, IEidAuthData eidAuthData,
+      String eidasAttrName, boolean mandatesUsed) {
+    final Optional<String> releatedIdaAttribute =
+        attrRegistry.mapEidasAttributeToSpecificIdaAttribute(eidasAttrName, mandatesUsed);
+    if (releatedIdaAttribute.isPresent()) {
+      log.trace("Mapping IDA attribute: {} to eIDAS attribute: {}", releatedIdaAttribute.get(),
+          eidasAttrName);
+      final String idaAttrValue = eidAuthData.getGenericData(releatedIdaAttribute.get(), String.class);
+      if (StringUtils.isNotEmpty(idaAttrValue)) {
+        log.debug("Build eIDAS attribute: {} from IDA attribute: {}", eidasAttrName, releatedIdaAttribute
+            .get());
+        attributeMap.put(
+            attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByName(eidasAttrName),
+            idaAttrValue);
+
+      } else {
+        log.info("No IDA attribute: {}, eIDAS attribute: {} will be ignored", releatedIdaAttribute.get(),
+            eidasAttrName);
+
+      }
+
+    } else {
+      log.warn("Can not build eIDAS attribute: {}, because there is not corresponding IDA attribute defined",
+          eidasAttrName);
+
+    }
   }
-  
+
   private BinaryLightToken putResponseInCommunicationCache(ILightResponse lightResponse)
       throws ServletException {
     final BinaryLightToken binaryLightToken;
@@ -358,17 +291,61 @@ public class ProxyServiceAuthenticationAction implements IAction {
     return binaryLightToken;
   }
 
+  /**
+   * Work-around to inject representative information as nat. person subject to
+   * bypass eIDAS Node validation.
+   *
+   * <p>
+   * <b>Injection will only be done if this work-around is enabled by
+   * configuration, the mandator is a legal person, and both legal and natural
+   * person subject's is requested.</b>
+   * </p>
+   *
+   * @param attributeMap Attribute set for eIDAS response
+   * @param eidasReq     Incoming eIDAS request
+   * @param authData     Authentication data
+   */
+  private void injectJurPersonWorkaroundIfRequired(
+      ImmutableAttributeMap.Builder attributeMap, ILightRequest eidasReq, IAuthData authData) {
+    if (isLegalPersonWorkaroundActive() && isLegalPersonMandateAvailable(authData)
+        && EidasProxyServiceUtils.isNaturalPersonRequested(eidasReq)
+        && EidasProxyServiceUtils.isLegalPersonRequested(eidasReq)) {
+      log.debug(
+          "Injecting representative information as nat. person subject to bypass eIDAS Node validation");
+
+      final AttributeDefinition<?> attrDefPersonalId =
+          attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName(
+              EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
+      final AttributeDefinition<?> attrDefFamilyName =
+          attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName(
+              EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first();
+      final AttributeDefinition<?> attrDefGivenName =
+          attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName(
+              EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first();
+      final AttributeDefinition<?> attrDefDateOfBirth =
+          attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName(
+              EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first();
+
+      attributeMap.put(attrDefPersonalId, authData.getGenericData(PvpAttributeDefinitions.BPK_NAME,
+          String.class));
+      attributeMap.put(attrDefFamilyName, authData.getFamilyName());
+      attributeMap.put(attrDefGivenName, authData.getGivenName());
+      attributeMap.put(attrDefDateOfBirth, authData.getDateOfBirth());
+
+    }
+  }
+
   private boolean isLegalPersonWorkaroundActive() {
     return basicConfig.getBasicConfigurationBoolean(
-        MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_WORKAROUND_MANDATES_LEGAL_PERSON, 
+        MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_WORKAROUND_MANDATES_LEGAL_PERSON,
         false);
-    
+
   }
-  
+
   private boolean isLegalPersonMandateAvailable(IAuthData authData) {
     return StringUtils.isNoneEmpty(authData.getGenericData(
-        MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, String.class));
-    
+        PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class));
+
   }
 
 }
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java
index b9e0c488..a6a50100 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java
@@ -7,6 +7,7 @@ import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
 import java.util.Objects;
+import java.util.Optional;
 import java.util.Set;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
@@ -76,6 +77,19 @@ public class ProxyEidasAttributeRegistry {
             
   }
 
+  /**
+   * Get all eIDAS attributes that are added by default in case of mandates.
+   * 
+   * @return {@link Stream} of eIDAS attributes
+   */
+  @NonNull
+  public Stream<String> getRepresentativeAttributesToAddByDefault() {
+    return attributeConfiguration.stream()
+        .filter(el -> el.getType() != null && el.getType().getAutoIncludeWithMandates())
+        .map(el -> el.getEidasAttributeName());
+    
+  }
+  
   /**
    * Get IDA attributes for a specific eIDAS attribute.
    *   
@@ -95,8 +109,24 @@ public class ProxyEidasAttributeRegistry {
         .collect(Collectors.toSet());
                 
   }
-  
-  
+
+  /**
+   * Get eIDAS related IDA attribute.
+   *  
+   * @param eidasAttributeName Name of the eIDAS attribute.
+   * @param withMandates <code>true</code> if mandates are supported, otherwise <code>false</code>
+   * @return Name of the related IDA attribute if available 
+   */
+  public Optional<String> mapEidasAttributeToSpecificIdaAttribute(
+      String eidasAttributeName, boolean withMandates) {
+    return attributeConfiguration.stream()
+        .filter(el -> el.getEidasAttributeName().equals(eidasAttributeName))
+        .findFirst()
+        .map(el -> withMandates ? el.getIdaAttribute().getWithMandates() : el.getIdaAttribute().getBasic())
+        .filter(el -> StringUtils.isNotEmpty(el));
+            
+  }
+    
   @PostConstruct
   private void initialize() throws EaafConfigurationException {
     final String attrConfPath = basicConfig.getBasicConfiguration(
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java
index c41d6c99..d44ffc2d 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java
@@ -12,7 +12,6 @@ import java.net.URISyntaxException;
 import java.net.URLDecoder;
 import java.time.Instant;
 import java.util.Arrays;
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.UUID;
@@ -35,7 +34,6 @@ import org.springframework.web.context.request.ServletRequestAttributes;
 
 import com.google.common.collect.ImmutableSortedSet;
 
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
 import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummySpConfiguration;
 import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
@@ -132,7 +130,7 @@ public class ProxyServiceAuthenticationActionTest {
   @Test
   public void missingForwardUrl() {        
     Map<String, Object> attr = new HashMap<>();
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
         "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
     IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
         RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false);
@@ -147,8 +145,7 @@ public class ProxyServiceAuthenticationActionTest {
   @Test 
   public void responseWithoutMandate() throws EaafException, SpecificCommunicationException {
     Map<String, Object> attr = new HashMap<>();
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
-        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    attr.put(PvpAttributeDefinitions.BPK_NAME, RandomStringUtils.randomAlphanumeric(10));    
     IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
         RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false);
     
@@ -161,7 +158,7 @@ public class ProxyServiceAuthenticationActionTest {
     ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
     assertEquals("wrong attr. size", 4, respAttr.size());    
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, 
-        (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
+        (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName());
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName());
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH, 
@@ -170,12 +167,89 @@ public class ProxyServiceAuthenticationActionTest {
   }
   
   @Test 
-  public void responseWithNatMandate() throws EaafException, SpecificCommunicationException {
+  public void responseWithoutMandateAndOptionalAttributesExist() throws EaafException, SpecificCommunicationException {
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByName("http://eidas.europa.eu/attributes/naturalperson/BirthName"))
+        .build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    
     Map<String, Object> attr = new HashMap<>();
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
-        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
+    attr.put("ida_birthname", RandomStringUtils.randomAlphanumeric(10));
+    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false);
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 5, respAttr.size());    
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, 
+        (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH, 
+        authData.getDateOfBirth());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_BIRTHNAME, 
+        (String) attr.get("ida_birthname"));
+    
+  }
+  
+  @Test 
+  public void responseWithoutMandateAndOptionalAttributesNotExist() throws EaafException, SpecificCommunicationException {
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByName("http://eidas.europa.eu/attributes/naturalperson/BirthName"))
+        .build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));
+    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", false);
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
     
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER,
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 4, respAttr.size());    
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, 
+        (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH, 
+        authData.getDateOfBirth());
+    
+  }
+  
+  
+  @Test 
+  public void responseWithNatMandate() throws EaafException, SpecificCommunicationException {
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));        
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME,
         RandomStringUtils.randomAlphabetic(10));
     attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME,
         RandomStringUtils.randomAlphabetic(10));
@@ -197,13 +271,13 @@ public class ProxyServiceAuthenticationActionTest {
     ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
     assertEquals("wrong attr. size", 8, respAttr.size());    
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, 
-        (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
+        (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName());
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName());
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth());
 
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, 
-        (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER));
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME));
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, 
         (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME));
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, 
@@ -213,19 +287,86 @@ public class ProxyServiceAuthenticationActionTest {
            
   }
   
+  @Test 
+  public void responseWithNatMandateOptionalAttribute() throws EaafException, SpecificCommunicationException {    
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByName("http://eidas.europa.eu/attributes/naturalperson/BirthName"))
+        .build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    attr.put("ida_birthName_mandator", RandomStringUtils.randomAlphanumeric(10));
+    attr.put("ida_birthName", RandomStringUtils.randomAlphanumeric(10));
+    
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME,
+        "1985-11-15");
+    
+    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 9, respAttr.size());    
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, 
+        (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth());
+
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, 
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME));
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, 
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME));
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, 
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME));
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH, 
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME));
+
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_BIRTHNAME, 
+        (String) attr.get("ida_birthName_mandator"));
+    
+  }
+  
   @Test 
   public void responseWithJurMandate() throws EaafException, SpecificCommunicationException {
     Map<String, Object> attr = new HashMap<>();
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
         "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
     IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
         RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
     
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER,
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
         RandomStringUtils.randomAlphabetic(10));
     attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
         RandomStringUtils.randomAlphabetic(10));
     
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
+        .build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    
     //perform test
     SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
     
@@ -235,13 +376,13 @@ public class ProxyServiceAuthenticationActionTest {
     ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
     assertEquals("wrong attr. size", 6, respAttr.size());  
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, 
-        (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
+        (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName());
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName());
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth());
    
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER, 
-        (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER));
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME));
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_LEGALNAME, 
         (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME));
     
@@ -260,19 +401,12 @@ public class ProxyServiceAuthenticationActionTest {
   public void responseWithNatMandateWithWorkAround() throws EaafException, SpecificCommunicationException {
     basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson", 
         "true");
-    
-    //request natural person subject only
-    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
-    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder().put(
-        attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build());
-    pendingReq.setEidasRequest(eidasRequestBuilder.build());
-    
-    
+        
     Map<String, Object> attr = new HashMap<>();
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
         "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
     
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER,
+    attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME,
         RandomStringUtils.randomAlphabetic(10));
     attr.put(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME,
         RandomStringUtils.randomAlphabetic(10));
@@ -306,16 +440,17 @@ public class ProxyServiceAuthenticationActionTest {
     eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
         .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
         .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
         .build());
     pendingReq.setEidasRequest(eidasRequestBuilder.build());
         
     Map<String, Object> attr = new HashMap<>();
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
         "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
     IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
         RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
     
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER,
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
         RandomStringUtils.randomAlphabetic(10));
     attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
         RandomStringUtils.randomAlphabetic(10));
@@ -329,7 +464,7 @@ public class ProxyServiceAuthenticationActionTest {
     ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
     assertEquals("wrong attr. size", 10, respAttr.size());  
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER, 
-        (String) attr.get(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER));
+        (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME, authData.getFamilyName());
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME, authData.getGivenName());
     checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH, authData.getDateOfBirth());
@@ -344,18 +479,18 @@ public class ProxyServiceAuthenticationActionTest {
     //request natural person subject only
     LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
     eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
-        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
-            EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
         .build());
     pendingReq.setEidasRequest(eidasRequestBuilder.build());
         
     Map<String, Object> attr = new HashMap<>();
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, 
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
         "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
     IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
         RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
     
-    attr.put(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER,
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
         RandomStringUtils.randomAlphabetic(10));
     attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
         RandomStringUtils.randomAlphabetic(10));
@@ -390,7 +525,7 @@ public class ProxyServiceAuthenticationActionTest {
   }
   
   private IAuthData generateDummyAuthData() {
-    return generateDummyAuthData(Collections.emptyMap(), EaafConstants.EIDAS_LOA_LOW, 
+    return generateDummyAuthData(new HashMap<>(), EaafConstants.EIDAS_LOA_LOW, 
         RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1940-01-01", false);
     
   }
@@ -445,12 +580,22 @@ public class ProxyServiceAuthenticationActionTest {
         .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
         .spType("public")
         .requesterId(RandomStringUtils.randomAlphanumeric(10))
-        .providerName(RandomStringUtils.randomAlphanumeric(10));
-    
+        .providerName(RandomStringUtils.randomAlphanumeric(10))
+        .requestedAttributes(ImmutableAttributeMap.builder()    
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_DATEOFBIRTH).first())
+            .build()
+         );
   }
   
   private IAuthData generateDummyAuthData(Map<String, Object> attrs, String loa, String familyName, String givenName, String dateOfBirth, 
       boolean useMandates) {
+    attrs.put(PvpAttributeDefinitions.BIRTHDATE_NAME, dateOfBirth);
+    attrs.put(PvpAttributeDefinitions.GIVEN_NAME_NAME, givenName);
+    attrs.put(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, familyName);
+    
     return new IEidAuthData() {
       
       @Override
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java
index d3e787bb..8d417c1a 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java
@@ -1,11 +1,13 @@
 package at.asitplus.eidas.specific.modules.msproxyservice.test.services;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
+import java.util.Optional;
 import java.util.Set;
 
 import org.apache.commons.lang3.RandomStringUtils;
@@ -92,6 +94,39 @@ public class ProxyEidasAttributeRegistryTest {
           
   }
   
+  @Test
+  public void attributeResponseMapping() {    
+    assertFalse("find wrong IDA mapping", attrRegistry.mapEidasAttributeToSpecificIdaAttribute(
+        "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth", false).isPresent());
+    assertFalse("find wrong IDA mapping", attrRegistry.mapEidasAttributeToSpecificIdaAttribute(
+        "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth", true).isPresent());
+    
+    
+    Optional<String> attr1 = attrRegistry.mapEidasAttributeToSpecificIdaAttribute(
+        "http://eidas.europa.eu/attributes/naturalperson/BirthName", false);
+    assertTrue("find wrong IDA mapping", attr1.isPresent());
+    assertEquals("find wrong IDA mapping value", "ida_birthname", attr1.get());
+    
+    Optional<String> attr2 = attrRegistry.mapEidasAttributeToSpecificIdaAttribute(
+        "http://eidas.europa.eu/attributes/naturalperson/BirthName", true);
+    assertTrue("find wrong IDA mapping", attr2.isPresent());
+    assertEquals("find wrong IDA mapping value", "ida_birthName_mandator", attr2.get());
+    
+    
+    assertTrue("find wrong IDA mapping", attrRegistry.mapEidasAttributeToSpecificIdaAttribute(
+        "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", false).isPresent());
+    assertTrue("find wrong IDA mapping", attrRegistry.mapEidasAttributeToSpecificIdaAttribute(
+        "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", true).isPresent());
+        
+  }
+  
+  @Test
+  public void defaultRepresentativeAttributes() {    
+    assertEquals("wrong number of rep. attributes", 4, 
+        attrRegistry.getRepresentativeAttributesToAddByDefault().count());
+    
+  }
+  
   private void checkAttributeMapping(String eidasAttr, boolean withMandates, List<String> idaAttributes) {    
     @NonNull
     Set<String> idaAttrResult = attrRegistry.getIdaAttributesForEidasAttribute(eidasAttr, withMandates);
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
index 2d375acb..7e41d8f6 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
@@ -6,7 +6,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.98"
     },
     "type": {
-      "mds": true
+      "mds": true,
+      "autoIncludeWithMandates": false
     }
   },
   {
@@ -16,7 +17,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.78"
     },
     "type": {
-      "mds": true
+      "mds": true,
+      "autoIncludeWithMandates": false
     }
   },
   {
@@ -26,7 +28,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.80"
     },
     "type": {
-      "mds": true
+      "mds": true,
+      "autoIncludeWithMandates": false
     }
   },
   {
@@ -36,21 +39,27 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.82"
     },
     "type": {
-      "mds": true
+      "mds": true,
+      "autoIncludeWithMandates": false
     }
   },
   {
     "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth",
     "idaAttribute": {},
     "type": {
-      "mds": false
+      "mds": false,
+      "autoIncludeWithMandates": false
     }
   },
   {
     "eidasAttribute": "http://eidas.europa.eu/attributes/naturalperson/BirthName",
-    "idaAttribute": {},
+    "idaAttribute": {
+      "basic": "ida_birthname",
+      "withMandates": "ida_birthName_mandator"
+    },
     "type": {
-      "mds": false
+      "mds": false,
+      "autoIncludeWithMandates": false
     }
   },
   {
@@ -65,7 +74,8 @@
       "urn:oid:1.2.40.0.10.2.1.1.55"
     ],
     "type": {
-      "mds": true
+      "mds": true,
+      "autoIncludeWithMandates": false
     }
   },
   {
@@ -74,7 +84,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.84"
     },
     "type": {
-      "mds": true
+      "mds": true,
+      "autoIncludeWithMandates": false
     }
   },
   {
@@ -83,7 +94,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.149"
     },
     "type": {
-      "mds": true
+      "mds": true,
+      "autoIncludeWithMandates": true
     }
   },
   {
@@ -92,7 +104,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.20"
     },
     "type": {
-      "mds": true
+      "mds": true,
+      "autoIncludeWithMandates": true
     }
   },
   {
@@ -101,7 +114,8 @@
       "withMandates": "urn:oid:2.5.4.42"
     },
     "type": {
-      "mds": true
+      "mds": true,
+      "autoIncludeWithMandates": true
     }
   },
   {
@@ -110,7 +124,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.55"
     },
     "type": {
-      "mds": true
+      "mds": true,
+      "autoIncludeWithMandates": true
     }
   },
   {
@@ -120,7 +135,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.32"
     },
     "type": {
-      "mds": false
+      "mds": false,
+      "autoIncludeWithMandates": false      
     }
   },
   {
@@ -130,7 +146,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.108"
     },
     "type": {
-      "mds": false
+      "mds": false,
+      "autoIncludeWithMandates": false  
     }
   },
   {
@@ -139,7 +156,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.68"
     },
     "type": {
-      "mds": false
+      "mds": false,
+      "autoIncludeWithMandates": false  
     }
   },
   {
@@ -148,7 +166,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.106"
     },
     "type": {
-      "mds": false
+      "mds": false,
+      "autoIncludeWithMandates": false  
     }
   },
   {
@@ -157,7 +176,8 @@
       "withMandates": "urn:oid:1.2.40.0.10.2.1.1.261.106"
     },
     "type": {
-      "mds": false
+      "mds": false,
+      "autoIncludeWithMandates": false  
     }
   }
 ]
\ No newline at end of file
diff --git a/ms_specific_connector/src/main/resources/specific_eIDAS_connector.beans.xml b/ms_specific_connector/src/main/resources/specific_eIDAS_connector.beans.xml
index 9861a7c6..0757327a 100644
--- a/ms_specific_connector/src/main/resources/specific_eIDAS_connector.beans.xml
+++ b/ms_specific_connector/src/main/resources/specific_eIDAS_connector.beans.xml
@@ -14,6 +14,9 @@
 
   <import resource="specific_eIDAS_core.beans.xml"/>
 
+  <bean id="AuthenticationDataBuilder"
+        class="at.asitplus.eidas.specific.core.builder.AuthenticationDataBuilder" />
+
   <bean id="msConnectorMessageSource"
         class="at.asitplus.eidas.specific.connector.config.MsConnectorMessageSource" />
 
diff --git a/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/builder/ProxyAuthenticationDataBuilder.java b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/builder/ProxyAuthenticationDataBuilder.java
new file mode 100644
index 00000000..bc7f88d4
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/builder/ProxyAuthenticationDataBuilder.java
@@ -0,0 +1,38 @@
+package at.asitplus.eidas.specific.proxy.builder;
+
+import at.asitplus.eidas.specific.core.builder.AuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * eIDAS Proxy-Service specific authentication-data builder.
+ * 
+ * @author tlenz
+ *
+ */
+@Slf4j
+public class ProxyAuthenticationDataBuilder extends AuthenticationDataBuilder {
+
+  private static final String PLUS = "+";
+  
+  @Override
+  protected String customizeLegalPersonSourcePin(String sourcePin, String sourcePinType) {   
+    String sectorType = sourcePinType.substring((EaafConstants.URN_PREFIX_BASEID + PLUS).length());       
+    return sectorType + PLUS + sourcePin;
+    
+  }
+
+  @Override
+  protected String customizeBpkAttribute(String pvpBpkAttrValue) {
+    final String[] split = pvpBpkAttrValue.split(":", 2);
+    if (split.length == 2) {
+      log.debug("Remove prefix from bPK attribute to transform it into eIDAS-Node format");
+      return split[1];
+
+    } else {
+      log.warn("PVP bPK attribute: {} has wrong format. Use it as it is.", pvpBpkAttrValue);
+      return pvpBpkAttrValue;
+
+    }
+  }
+}
diff --git a/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml b/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml
index 5633cb0e..cc4c904e 100644
--- a/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml
+++ b/ms_specific_proxyservice/src/main/resources/specific_eIDAS_proxy.beans.xml
@@ -13,6 +13,9 @@
 
   <import resource="specific_eIDAS_core.beans.xml"/>
  
+   <bean id="ProxyAuthenticationDataBuilder"
+        class="at.asitplus.eidas.specific.proxy.builder.ProxyAuthenticationDataBuilder" />
+ 
   <bean id="pvpEndpointConfig"
         class="at.asitplus.eidas.specific.proxy.pvp.PvpEndPointConfiguration" />
  
diff --git a/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/builder/ProxyAuthenticationDataBuilderTest.java b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/builder/ProxyAuthenticationDataBuilderTest.java
new file mode 100644
index 00000000..ee2c8d8c
--- /dev/null
+++ b/ms_specific_proxyservice/src/test/java/at/asitplus/eidas/specific/proxy/test/builder/ProxyAuthenticationDataBuilderTest.java
@@ -0,0 +1,395 @@
+package at.asitplus.eidas.specific.proxy.test.builder;
+
+import static at.asitplus.eidas.specific.core.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.lang.reflect.Field;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.RandomUtils;
+import org.apache.ignite.Ignition;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.config.InitializationException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.context.i18n.LocaleContextHolder;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import com.google.common.collect.Sets;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.asitplus.eidas.specific.core.builder.AuthenticationDataBuilder;
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer;
+import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication;
+import lombok.SneakyThrows;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@SpringBootTest
+@ContextConfiguration(initializers = {
+    org.springframework.boot.context.config.DelegatingApplicationContextInitializer.class,
+    SpringBootApplicationContextInitializer.class
+    })
+@TestPropertySource(locations = { "file:src/test/resources/config/junit_config_1_springboot.properties" })
+@DirtiesContext(classMode = ClassMode.AFTER_CLASS)
+@ActiveProfiles(profiles = {"JUNIT", "jUnitTestMode"})
+public class ProxyAuthenticationDataBuilderTest {
+
+  
+  @Autowired
+  private AuthenticationDataBuilder authenticationDataBuilder;
+
+  @Autowired(required = true)
+  private IConfiguration basicConfig;
+
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+  private TestRequestImpl pendingReq;
+
+  private Map<String, String> spConfig;
+  private ServiceProviderConfiguration oaParam;
+
+  private String eidasBind;
+  private String authBlock;
+
+  @BeforeClass
+  public static void classInitializer() throws InitializationException, ComponentInitializationException {
+    final String current = new java.io.File(".").toURI().toString();
+    System.setProperty("eidas.ms.configuration", current
+        + "src/test/resources/config/junit_config_3.properties");
+
+    //eIDAS Ref. Impl. properties
+    System.setProperty("EIDAS_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    System.setProperty("SPECIFIC_CONNECTOR_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    System.setProperty("SPECIFIC_PROXY_SERVICE_CONFIG_REPOSITORY", current.substring("file:".length())
+        + "../basicConfig/eIDAS/");
+    
+    EaafOpenSaml3xInitializer.eaafInitialize();
+  }
+
+  /**
+   * Test shut-down.
+   *
+   * @throws Exception In case of an error
+   */
+  @AfterClass
+  @SneakyThrows
+  public static void closeIgniteNode() {
+    System.out.println("Closiong Ignite Node ... ");
+    Ignition.stopAll(true);
+
+    //set Ignite-node holder to 'null' because static holders are shared between different tests
+    final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance");
+    field.setAccessible(true);
+    field.set(null, null);
+    
+  }
+  
+  @Before
+  @SneakyThrows
+  public void initialize() throws EaafStorageException {
+    httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+    httpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+    spConfig = new HashMap<>();
+    spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
+    spConfig.put("target", "urn:publicid:gv.at:cdid+XX");
+    spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true");
+    oaParam = new ServiceProviderConfiguration(spConfig, basicConfig);
+    oaParam.setBpkTargetIdentifier("urn:publicid:gv.at:cdid+XX");
+    
+    pendingReq = new TestRequestImpl();
+    pendingReq.setAuthUrl("https://localhost/ms_connector");
+    pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setSpConfig(oaParam);
+    authBlock = RandomStringUtils.randomAlphanumeric(20);
+    eidasBind = RandomStringUtils.randomAlphanumeric(20);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, authBlock);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, eidasBind);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setQaaLevel(EaafConstants.EIDAS_LOA_PREFIX + RandomStringUtils.randomAlphabetic(5));
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
+        RandomStringUtils.randomAlphabetic(2));
+
+    LocaleContextHolder.resetLocaleContext();
+
+  }
+  
+  @Test
+  @SneakyThrows
+  public void eidasProxyModeSimple() throws EaafAuthenticationException {
+    // initialize state
+    pendingReq = new TestRequestImpl();
+    pendingReq.setAuthUrl("https://localhost/ms_connector");
+    pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setSpConfig(oaParam);
+    boolean isTestIdentity = RandomUtils.nextBoolean();
+    
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setForeigner(false);
+
+    String bpk = RandomStringUtils.randomAlphanumeric(10);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.BPK_NAME, "eidas+AT+XX:" + bpk);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max");
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann");
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01");
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME,
+        "http://eidas.europa.eu/LoA/high");
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+         PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
+         RandomStringUtils.randomAlphabetic(2));
+        
+    String randAttr = RandomStringUtils.randomAlphabetic(10);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+        randAttr, RandomStringUtils.randomAlphabetic(10));
+
+    oaParam.setRequestedAttributes(Sets.newHashSet(randAttr, 
+        PvpAttributeDefinitions.BPK_NAME,
+        PvpAttributeDefinitions.GIVEN_NAME_NAME, 
+        PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, 
+        PvpAttributeDefinitions.BIRTHDATE_NAME,
+        PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME,
+        PvpAttributeDefinitions.EID_ISSUING_NATION_NAME));
+    
+    
+    // execute
+    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+    // validate state
+    Assert.assertNotNull("AuthData null", authData);
+    Assert.assertNull("authBlock null", authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_SZR_AUTHBLOCK, String.class));
+    Assert.assertNull("eidasBind null", authData.getGenericData(MsEidasNodeConstants.AUTH_DATA_EIDAS_BIND, String.class));
+    Assert.assertNotNull("LoA null", authData.getEidasQaaLevel());
+        
+    Assert.assertEquals("FamilyName", "Mustermann", authData.getFamilyName());
+    Assert.assertEquals("GivenName", "Max", authData.getGivenName());
+    Assert.assertEquals("DateOfBirth", "1940-01-01", authData.getDateOfBirth());
+    
+    Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/high", authData.getEidasQaaLevel());
+    Assert.assertEquals("EID-ISSUING-NATION",
+        pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(
+            PvpAttributeDefinitions.EID_ISSUING_NATION_NAME),
+        authData.getCiticenCountryCode());
+    
+    checkGenericAttribute(authData, PvpAttributeDefinitions.BPK_NAME, bpk);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max");
+    checkGenericAttribute(authData, PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann");
+    checkGenericAttribute(authData, PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01");
+    
+    Assert.assertEquals("random optional attr.",
+        pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(
+            randAttr),
+        authData.getGenericData(randAttr, String.class));
+    
+  }
+  
+  
+  @Test
+  public void eidasProxyModeWithNatMandate() throws EaafAuthenticationException, EaafStorageException {
+    // initialize state    
+    injectRepresentativeInfosIntoSession();
+    
+    String givenNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String familyNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String dateOfBirthMandate = "1957-09-15";
+    String bpkMandate = RandomStringUtils.randomAlphanumeric(10);
+        
+    // set nat. person mandate information
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, "AT+XX:" + bpkMandate);
+            
+    oaParam.setRequestedAttributes(Sets.newHashSet(
+        PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME,
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME));
+    
+    // execute test
+    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+    
+    // validate state
+    Assert.assertNotNull("AuthData null", authData);    
+    assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate());
+    
+    //check mandate informations
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1957-09-15");
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate);
+        
+  }
+  
+  @Test
+  public void eidasProxyModeWithNatMandateWrongBpkFormat() throws EaafAuthenticationException, EaafStorageException {
+    // initialize state
+    injectRepresentativeInfosIntoSession();
+    
+    String givenNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String familyNameMandate = RandomStringUtils.randomAlphabetic(10);
+    String dateOfBirthMandate = "1957-09-15";
+    String bpkMandate = RandomStringUtils.randomAlphanumeric(10);
+        
+    // set nat. person mandate information
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, dateOfBirthMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate);
+
+    oaParam.setRequestedAttributes(Sets.newHashSet(
+        PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME,
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME));
+    
+    // execute test
+    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+    
+    // validate state
+    Assert.assertNotNull("AuthData null", authData);    
+    assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate());
+    
+    //check mandate informations
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, givenNameMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, familyNameMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "1957-09-15");
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, bpkMandate);
+        
+  }
+  
+  @Test
+  public void eidasProxyModeWithJurMandate() throws EaafAuthenticationException, EaafStorageException {
+    // initialize state    
+    injectRepresentativeInfosIntoSession();
+    
+    String commonMandate = RandomStringUtils.randomAlphabetic(10);
+    
+    // set constant country-code and sourcePin to check hashed eIDAS identifier
+    String sourcePinMandate = "asfdsadfsadfsafsdafsadfasr";       
+    spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+EE");
+    
+    // set nat. person mandate information
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setUseMandates(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, sourcePinMandate);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, 
+            EaafConstants.URN_PREFIX_BASEID + "+XFN");            
+    
+    oaParam.setRequestedAttributes(Sets.newHashSet(
+        PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, 
+        PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, 
+        PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME));
+    
+    // execute test
+    IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+    
+    // validate state
+    Assert.assertNotNull("AuthData null", authData);    
+    assertTrue("mandate flag", ((EidAuthenticationData)authData).isUseMandate());
+    
+    //check mandate informations
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, commonMandate);
+    checkGenericAttribute(authData, PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, "XFN+" + sourcePinMandate);
+        
+  }
+  
+  private void injectRepresentativeInfosIntoSession() throws EaafStorageException {
+    boolean isTestIdentity = RandomUtils.nextBoolean();
+    pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
+    
+    String givenName = RandomStringUtils.randomAlphabetic(10);
+    String familyName = RandomStringUtils.randomAlphabetic(10);
+    String dateOfBirth = "1956-12-08";
+    String bpk = RandomStringUtils.randomAlphanumeric(10);
+    String cc = pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class);
+    String spC = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + cc + "+" + spC);
+    
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setForeigner(false);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.GIVEN_NAME_NAME, givenName);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, familyName);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.BIRTHDATE_NAME, dateOfBirth);
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, bpk);
+    
+    //set LoA level attribute instead of explicit session-data
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+    .setGenericDataToSession(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, 
+        pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel());
+    pendingReq.getSessionData(AuthProcessDataWrapper.class).setQaaLevel(null);
+    
+  }
+  
+  private void checkGenericAttribute(IAuthData authData, String attrName, String expected) {
+    assertEquals("Wrong: " + attrName, expected, authData.getGenericData(attrName, String.class));
+    
+   }
+  
+}
diff --git a/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties b/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties
index 8cd77046..47d50191 100644
--- a/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties
+++ b/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties
@@ -69,7 +69,7 @@ eidas.ms.configuration.pvp.enable.entitycategories=false
 
 #############################################################################
 ## MS-speccific eIDAS-Proxy-Service configuration
-
+eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=./../../../../../basicConfig/ms-proxyservice/misc/idaAttributeMapping.json
 
 #### eIDAS ms-specific Proxy-Service configuration
 eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy
diff --git a/pom.xml b/pom.xml
index 309fab68..e469f680 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
     <!-- ===================================================================== -->
     <egiz-spring-api>0.3</egiz-spring-api>
     <egiz-eventlog-slf4jBackend>0.4</egiz-eventlog-slf4jBackend>
-    <eaaf-core.version>1.3.2</eaaf-core.version>
+    <eaaf-core.version>1.3.3-SNAPSHOT</eaaf-core.version>
 
     <spring-boot-starter-web.version>2.5.13</spring-boot-starter-web.version>
     <spring-boot-admin-starter-client.version>2.5.6</spring-boot-admin-starter-client.version>
-- 
cgit v1.2.3


From 49a38fef1afad32d7e8c63e3884d854065fcf740 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Thu, 9 Jun 2022 09:08:53 +0200
Subject: chore(config): add attribute-mapping configuration-property into
 default config

---
 ms_specific_proxyservice/src/main/resources/application.properties | 1 +
 1 file changed, 1 insertion(+)

(limited to 'ms_specific_proxyservice/src/main')

diff --git a/ms_specific_proxyservice/src/main/resources/application.properties b/ms_specific_proxyservice/src/main/resources/application.properties
index 7d8c199f..8d66a7c0 100644
--- a/ms_specific_proxyservice/src/main/resources/application.properties
+++ b/ms_specific_proxyservice/src/main/resources/application.properties
@@ -69,6 +69,7 @@ eidas.ms.configuration.pvp.enable.entitycategories=false
 
 #############################################################################
 ## MS-speccific eIDAS-Proxy-Service configuration
+eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=misc/idaAttributeMapping.json
 
 #### eIDAS ms-specific Proxy-Service configuration
 eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy
-- 
cgit v1.2.3


From 901c99b39f7ecd80578b0146052efcbc2c3f8b3b Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Thu, 9 Jun 2022 09:13:48 +0200
Subject: fix(core): update message properties because error messages are
 invalid encoded

---
 .../src/main/resources/properties/status_messages_en.properties     | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'ms_specific_proxyservice/src/main')

diff --git a/ms_specific_proxyservice/src/main/resources/properties/status_messages_en.properties b/ms_specific_proxyservice/src/main/resources/properties/status_messages_en.properties
index 80228a47..56decf12 100644
--- a/ms_specific_proxyservice/src/main/resources/properties/status_messages_en.properties
+++ b/ms_specific_proxyservice/src/main/resources/properties/status_messages_en.properties
@@ -24,15 +24,15 @@ auth.26=No transaction identifier
 auth.28=Found no active transaction with Id: {0}. Maybe, the transaction was removed after timeout  
 auth.37=Requested bPK-Target: {0} does not match allowed targets for service provider: {1}
 auth.38=Passive authentication was requested but user as no active session
-auth.39=Error: '{0}' in post-processing of authentication data. Can not finish authentication process
+auth.39=Error: {0} in post-processing of authentication data. Can not finish authentication process
 
 process.01=Can not execute authentication process
 process.02=Find no applicable authentication process for transaction with Id: {0}
 process.03=Can not resume the authentication process. Reason: {0}
 process.04=Can not execute authentication process. Problem with an internal state
 
-builder.00=Can not generate data structure "{0}": {1}
-builder.11=Error: '{0}' in post-processing of authentication data. Can not finish authentication process
+builder.00=Can not generate data structure {0}: {1}
+builder.11=Error: {0} in post-processing of authentication data. Can not finish authentication process
 
 parser.01=Error during eID-data processing. Reason: {0}
 
-- 
cgit v1.2.3


From 68c46a22406af910838b3ee6bbea5a4e9807ddaa Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Tue, 16 Aug 2022 13:20:02 +0200
Subject: feat(eidas): add advanced SP config post-processing based on
 requested attributes

---
 .../handler/EJusticePersonRoleHandler.java         |  53 +++++++++++
 .../handler/IEidasAttributeHandler.java            |   9 ++
 .../protocol/EidasProxyServiceController.java      |  38 +++++++-
 .../protocol/EidasProxyServiceControllerTest.java  | 106 +++++++++++++++++++++
 .../services/ProxyEidasAttributeRegistryTest.java  |   2 +-
 .../resources/config/additional-attributes.xml     |  10 ++
 .../test/resources/config/idaAttributeMapping.json |  10 +-
 .../resources/config/junit_config_1.properties     |  10 +-
 .../src/main/resources/application.properties      |   7 ++
 pom.xml                                            |   2 +-
 10 files changed, 242 insertions(+), 5 deletions(-)

(limited to 'ms_specific_proxyservice/src/main')

diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
index f42a7172..52a69944 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
@@ -1,5 +1,17 @@
 package at.asitplus.eidas.specific.modules.msproxyservice.handler;
 
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import lombok.extern.slf4j.Slf4j;
+
 /**
  * Attribute handling to integrate BORIS attributes without full IDA support for sector-specific attributes.
  * 
@@ -8,6 +20,47 @@ package at.asitplus.eidas.specific.modules.msproxyservice.handler;
  * @author tlenz
  *
  */
+@Slf4j
 public class EJusticePersonRoleHandler implements IEidasAttributeHandler {
 
+  public static final String CONFIG_PROP_IDA_MANDATE_PROFILE = "advanced.atributes.ejusticerole.mandate.profiles";
+  public static final String CONFIG_PROP_IDA_MANDATE_MODE = "advanced.atributes.ejusticerole.mandate.mode";
+    
+  @Autowired IConfiguration config;
+  
+  private SpMandateModes mandateMode;
+  private String mandateProfiles;
+  
+  @Override
+  public void performSpConfigPostprocessing(ServiceProviderConfiguration spConfig) {    
+    spConfig.setMandateMode(mandateMode);
+    spConfig.setMandateProfiles(KeyValueUtils.getListOfCsvValues(mandateProfiles));    
+    log.info("Enforcing mandate-mode: {} with profile: {}", mandateMode, mandateProfiles);
+    
+  }
+  
+  
+  
+  @PostConstruct
+  private void initialize() throws EaafConfigurationException {    
+    mandateMode = SpMandateModes.fromString(loadConfigValue(CONFIG_PROP_IDA_MANDATE_MODE));
+    mandateProfiles = loadConfigValue(CONFIG_PROP_IDA_MANDATE_PROFILE);
+    
+    log.info("Initialize: {} with mandate-profile: {} mandate-mode: {}", 
+        EJusticePersonRoleHandler.class.getSimpleName(), mandateProfiles, mandateMode);
+    
+  }
+
+  private String loadConfigValue(String configProp) throws EaafConfigurationException {
+    String value = config.getBasicConfiguration(configProp);
+    if (StringUtils.isEmpty(value)) {
+      throw new EaafConfigurationException("internal.configuration.00", 
+          new Object[]{configProp});  
+      
+    }
+    
+    return value;
+
+  }
+
 }
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
index 153cf262..02e091ef 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
@@ -1,5 +1,7 @@
 package at.asitplus.eidas.specific.modules.msproxyservice.handler;
 
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+
 /**
  * Handlers for attribute-processing that requires more features than a simple mapping.
  * 
@@ -8,6 +10,13 @@ package at.asitplus.eidas.specific.modules.msproxyservice.handler;
  */
 public interface IEidasAttributeHandler {
 
+  /**
+   * Perform attribute-releated post-processing of internal Service-Provider configuration.
+   * 
+   * @param spConfig SP configuration that was build from incoming eIDAS Authn. request.
+   */
+  void performSpConfigPostprocessing(ServiceProviderConfiguration spConfig);
+
   
   
 }
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
index 32be0e22..d0e3d1ba 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/EidasProxyServiceController.java
@@ -8,6 +8,7 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Set;
 import java.util.UUID;
 import java.util.stream.Collectors;
 
@@ -33,6 +34,7 @@ import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
 import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
 import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
 import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException;
+import at.asitplus.eidas.specific.modules.msproxyservice.handler.IEidasAttributeHandler;
 import at.asitplus.eidas.specific.modules.msproxyservice.service.ProxyEidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils;
 import at.gv.egiz.components.eventlog.api.EventConstants;
@@ -333,7 +335,10 @@ public class EidasProxyServiceController extends AbstractController implements I
 
       // map eIDAS attributes to national attributes
       buildNationalRequestedAttributes(spConfig, eidasRequest);
-
+      
+      // execute custom attribute-handler
+      advancedAttributeHandler(spConfig, eidasRequest);
+      
       return spConfig;
 
     } catch (final EidasProxyServiceException e) {
@@ -344,6 +349,37 @@ public class EidasProxyServiceController extends AbstractController implements I
 
     }
   }
+    
+  private void advancedAttributeHandler(ServiceProviderConfiguration spConfig, ILightRequest eidasRequest) {
+    Set<String> requiredHandlers = eidasRequest.getRequestedAttributes().getAttributeMap().keySet().stream()
+        .map(el -> attrRegistry.mapEidasAttributeToAttributeHandler(el.getNameUri().toString()).orElse(null))
+        .filter(Objects::nonNull)
+        .distinct()
+        .collect(Collectors.toSet());
+
+    if (!requiredHandlers.isEmpty()) {    
+      log.info("eIDAS requested attributes requires #{} specific attribute-hander. "
+          + "Starting advanced attribute-handling ... ", requiredHandlers.size());     
+      requiredHandlers.forEach(el -> executeAttributeHandler(el, spConfig));      
+      
+    } else {
+      log.debug("No advanced eIDAS attribute-handling required.");
+      
+    }        
+  }
+
+  private void executeAttributeHandler(String handlerClass, ServiceProviderConfiguration spConfig) {
+    try {
+      IEidasAttributeHandler handler = applicationContext.getBean(handlerClass, IEidasAttributeHandler.class);
+    
+      log.trace("Perfom SP config post-processing by using: {}", handler.getClass().getName());
+      handler.performSpConfigPostprocessing(spConfig);
+      
+    } catch (Exception e) {
+      log.error("No custom attribute-handler implementation for: {}. Operation can NOT be performed", handlerClass, e);
+      
+    }     
+  }
 
   private void buildNationalRequestedAttributes(
       ServiceProviderConfiguration spConfig, ILightRequest eidasRequest) {
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
index 830360e0..4f62b2eb 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
@@ -731,6 +731,112 @@ public class EidasProxyServiceControllerTest {
     
   }
   
+  
+  @Test
+  public void validAuthnRequestWithBorisAttributeLegal() throws IOException, EaafException {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    String issuer = RandomStringUtils.randomAlphabetic(10);
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(issuer)
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(spCountryCode)
+        .spType("public")
+        .requestedAttributes(ImmutableAttributeMap.builder()
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_LEGALNAME).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                "eJusticeLegalPersonRole").first())
+            .build());
+       
+    proxyService.setiLightRequest(authnReqBuilder.build());
+   
+
+    // set default mandate configuration    
+    List<String> mandateProfilesNat = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    List<String> mandateProfilesJur = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true");
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, 
+        StringUtils.join(mandateProfilesNat, ","));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, 
+        StringUtils.join(mandateProfilesJur, ","));
+   
+    
+    //execute
+    controller.receiveEidasAuthnRequest(httpReq, httpResp);
+    
+    //validate state
+    ServiceProviderConfiguration spConfig = 
+        authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+    assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+    assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+    assertEquals("mandateprofile size", 1, spConfig.getMandateProfiles().size());
+    assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0));      
+    assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode());    
+    
+    assertEquals("requested IDA attributes", 10, spConfig.getRequestedAttributes().size());
+    
+  }
+  
+  @Test
+  public void validAuthnRequestWithBorisAttributeNat() throws IOException, EaafException {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    String issuer = RandomStringUtils.randomAlphabetic(10);
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(issuer)
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(spCountryCode)
+        .spType("public")
+        .requestedAttributes(ImmutableAttributeMap.builder()
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                "eJusticeNaturalPersonRole").first())
+            .build());
+       
+    proxyService.setiLightRequest(authnReqBuilder.build());
+   
+
+    // set default mandate configuration    
+    List<String> mandateProfilesNat = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    List<String> mandateProfilesJur = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true");
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, 
+        StringUtils.join(mandateProfilesNat, ","));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, 
+        StringUtils.join(mandateProfilesJur, ","));
+   
+    
+    //execute
+    controller.receiveEidasAuthnRequest(httpReq, httpResp);
+    
+    //validate state
+    ServiceProviderConfiguration spConfig = 
+        authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+    assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+    assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+    assertEquals("mandateprofile size", 1, spConfig.getMandateProfiles().size());
+    assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0));      
+    assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode());    
+    
+    assertEquals("requested IDA attributes", 6, spConfig.getRequestedAttributes().size());
+    
+  }
+  
+  
   private void addConnectorConfig(int i, String key, String value) {
     config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_PREFIX + String.valueOf(i)  + "." + key, 
         value); 
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java
index d3d1d7b0..b6b8a8df 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/services/ProxyEidasAttributeRegistryTest.java
@@ -139,7 +139,7 @@ public class ProxyEidasAttributeRegistryTest {
     
     assertFalse("find wrong attribute", 
         attrRegistry.mapEidasAttributeToAttributeHandler(
-            "http://e-justice.europa.eu/attributes/legalperson/eJusticeLegalPersonRole").isPresent());            
+            "http://e-justice.europa.eu/attributes/legalperson/eJusticePersonRoleNotExist").isPresent());            
     
     Optional<String> attr2 = attrRegistry.mapEidasAttributeToAttributeHandler(
         "http://e-justice.europa.eu/attributes/naturalperson/eJusticeNaturalPersonRole");
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml b/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml
index e40ebdc4..c7b40d90 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/additional-attributes.xml
@@ -54,5 +54,15 @@
     <entry key="4.XmlType.NamespacePrefix">xs</entry>
     <entry key="4.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
 
+    <entry key="5.NameUri">http://e-justice.europa.eu/attributes/legalperson/eJusticePersonRoleNotExist</entry>
+    <entry key="5.FriendlyName">eJusticeLegalPersonRole</entry>
+    <entry key="5.PersonType">LegalPerson</entry>
+    <entry key="5.Required">false</entry>
+    <entry key="5.XmlType.NamespaceUri">http://www.w3.org/2001/XMLSchema</entry>
+    <entry key="5.XmlType.LocalPart">string</entry>
+    <entry key="5.XmlType.NamespacePrefix">xs</entry>
+    <entry key="5.AttributeValueMarshaller">eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller</entry>
+
+
 
 </properties>
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
index a3ff1ead..96034d12 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/idaAttributeMapping.json
@@ -138,12 +138,20 @@
   },  
   {
     "eidasAttribute": "http://e-justice.europa.eu/attributes/legalperson/eJusticeLegalPersonRole",
-    "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.notExist",
+    "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.EJusticePersonRoleHandler",
     "type": {
       "mds": false,
       "autoIncludeWithMandates": false
     }
   },  
+  {
+    "eidasAttribute": "http://e-justice.europa.eu/attributes/legalperson/eJusticePersonRoleNotExist",
+    "specificAttributeHandlerClass": "at.asitplus.eidas.specific.modules.msproxyservice.handler.notExist",
+    "type": {
+      "mds": false,
+      "autoIncludeWithMandates": false
+    }
+  },    
   {
     "eidasAttribute": "*",
     "idaAttribute": {
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
index bd4575c3..46e0bb69 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
@@ -5,4 +5,12 @@ eidas.ms.context.url.request.validation=false
 eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy
 eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://eidas.proxy/endpoint
 
-eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=idaAttributeMapping.json
\ No newline at end of file
+eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=idaAttributeMapping.json
+
+
+#############################################################################
+## advanced eIDAS attribute processing
+
+# BORIS attribute for eJustice
+eidas.ms.advanced.atributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED
+eidas.ms.advanced.atributes.ejusticerole.mandate.mode=legal
diff --git a/ms_specific_proxyservice/src/main/resources/application.properties b/ms_specific_proxyservice/src/main/resources/application.properties
index 8d66a7c0..40587815 100644
--- a/ms_specific_proxyservice/src/main/resources/application.properties
+++ b/ms_specific_proxyservice/src/main/resources/application.properties
@@ -115,4 +115,11 @@ eidas.ms.modules.idaustriaauth.keystore.type=jks
 #eidas.ms.modules.idaustriaauth.truststore.password=
 
 
+#############################################################################
+## advanced eIDAS attribute processing
+
+# BORIS attribute for eJustice
+eidas.ms.advanced.atributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED
+eidas.ms.advanced.atributes.ejusticerole.mandate.mode=legal
+
 
diff --git a/pom.xml b/pom.xml
index 946dd3ec..e20e076e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
     <!-- ===================================================================== -->
     <egiz-spring-api>0.3</egiz-spring-api>
     <egiz-eventlog-slf4jBackend>0.4</egiz-eventlog-slf4jBackend>
-    <eaaf-core.version>1.3.3-SNAPSHOT</eaaf-core.version>
+    <eaaf-core.version>1.3.4-SNAPSHOT</eaaf-core.version>
 
     <spring-boot-starter-web.version>2.5.13</spring-boot-starter-web.version>
     <spring-boot-admin-starter-client.version>2.5.6</spring-boot-admin-starter-client.version>
-- 
cgit v1.2.3


From d5cb2ae3d5bf3f04646cc23d7d59cd10822349c6 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Tue, 16 Aug 2022 15:09:07 +0200
Subject: feat(eidas): generate advanced attributes in response-processing too

---
 .../handler/EJusticePersonRoleHandler.java         |  78 +++++++-
 .../handler/IEidasAttributeHandler.java            |  16 +-
 .../protocol/ProxyServiceAuthenticationAction.java |  28 ++-
 .../service/ProxyEidasAttributeRegistry.java       |   1 +
 .../ProxyServiceAuthenticationActionTest.java      | 202 +++++++++++++++++++++
 .../resources/config/junit_config_1.properties     |   2 +
 .../src/main/resources/application.properties      |   5 +-
 7 files changed, 316 insertions(+), 16 deletions(-)

(limited to 'ms_specific_proxyservice/src/main')

diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
index 52a69944..ec161b1a 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
@@ -1,5 +1,10 @@
 package at.asitplus.eidas.specific.modules.msproxyservice.handler;
 
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.stream.Collectors;
+
 import javax.annotation.PostConstruct;
 
 import org.apache.commons.lang3.StringUtils;
@@ -7,9 +12,12 @@ import org.springframework.beans.factory.annotation.Autowired;
 
 import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
 import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IExtendedConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import lombok.NonNull;
 import lombok.extern.slf4j.Slf4j;
 
 /**
@@ -25,32 +33,84 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler {
 
   public static final String CONFIG_PROP_IDA_MANDATE_PROFILE = "advanced.atributes.ejusticerole.mandate.profiles";
   public static final String CONFIG_PROP_IDA_MANDATE_MODE = "advanced.atributes.ejusticerole.mandate.mode";
-    
-  @Autowired IConfiguration config;
+  public static final String CONFIG_PROP_RESULT_PREFIX = "advanced.atributes.ejusticerole.value.";
+  public static final String CONFIG_PROP_RESULT_VALUE_DELIMITER = "=";
+  
+  
+  @Autowired IExtendedConfiguration config;
   
   private SpMandateModes mandateMode;
-  private String mandateProfiles;
+  private List<String> mandateProfiles;
+  private Map<String, String> resultMapper;
   
   @Override
   public void performSpConfigPostprocessing(ServiceProviderConfiguration spConfig) {    
     spConfig.setMandateMode(mandateMode);
-    spConfig.setMandateProfiles(KeyValueUtils.getListOfCsvValues(mandateProfiles));    
+    spConfig.setMandateProfiles(mandateProfiles);      
     log.info("Enforcing mandate-mode: {} with profile: {}", mandateMode, mandateProfiles);
     
   }
   
+  @Override
+  public String buildAttributeValue(@NonNull IEidAuthData eidAuthData) {
+    final String mandateType = eidAuthData.getGenericData(
+        PvpAttributeDefinitions.MANDATE_TYPE_NAME, String.class);    
+    if (StringUtils.isNotEmpty(mandateType)) {      
+      String attrValue = resultMapper.get(mandateType);
+      if (StringUtils.isNotEmpty(attrValue)) {
+        log.debug("Mapping mandate-type: {} to EJusticePersonRole: {}", mandateType, attrValue);
+        return attrValue;
+        
+      } else {
+        log.info("Ignore mandate-type: {}, because it is not mapped to a EJusticePersonRole", mandateType);
+        
+      }
+            
+    } else {
+      log.warn("Can not build: EJusticePersonRole, because IDA response contains no attribute: ",
+          PvpAttributeDefinitions.MANDATE_TYPE_NAME);
+      
+    }
+    
+    
+    return null;
+    
+  }
   
   
   @PostConstruct
   private void initialize() throws EaafConfigurationException {    
     mandateMode = SpMandateModes.fromString(loadConfigValue(CONFIG_PROP_IDA_MANDATE_MODE));
-    mandateProfiles = loadConfigValue(CONFIG_PROP_IDA_MANDATE_PROFILE);
-    
-    log.info("Initialize: {} with mandate-profile: {} mandate-mode: {}", 
+    mandateProfiles = KeyValueUtils.getListOfCsvValues(loadConfigValue(CONFIG_PROP_IDA_MANDATE_PROFILE));    
+    resultMapper = config.getBasicConfigurationWithPrefix(CONFIG_PROP_RESULT_PREFIX).values().stream()
+        .filter(el -> el.contains(CONFIG_PROP_RESULT_VALUE_DELIMITER))        
+        .collect(Collectors.toMap(x -> split(x, 0), x -> split(x, 1)));                            
+      
+    // validate requested profiles to result map
+    Optional<String> missingConfig = mandateProfiles.stream()
+        .filter(el -> !resultMapper.containsKey(el))
+        .findFirst();       
+    if (missingConfig.isPresent()) {
+      log.error("Missing mandate-profile: {} in result mapping", missingConfig.get());
+      throw new EaafConfigurationException("internal.configuration.00", 
+          new Object[]{CONFIG_PROP_RESULT_PREFIX}); 
+      
+    }
+                                    
+    log.info("Initialize: {} with mandate-profile: {} mandate-mode: {} and result-map:", 
         EJusticePersonRoleHandler.class.getSimpleName(), mandateProfiles, mandateMode);
+    resultMapper.entrySet().stream().forEach(el -> 
+        log.info("Profile: {} --> Attribute-Value: {}", el.getKey(), el.getValue()));
+
     
   }
 
+  private String split(String value, int i) {
+    return value.split(CONFIG_PROP_RESULT_VALUE_DELIMITER, 2)[i];
+    
+  }
+
+
   private String loadConfigValue(String configProp) throws EaafConfigurationException {
     String value = config.getBasicConfiguration(configProp);
     if (StringUtils.isEmpty(value)) {
@@ -62,5 +122,5 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler {
     return value;
 
   }
-
+  
 }
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
index 02e091ef..5a9c8d8c 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/IEidasAttributeHandler.java
@@ -1,6 +1,10 @@
 package at.asitplus.eidas.specific.modules.msproxyservice.handler;
 
+import javax.annotation.Nullable;
+
 import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.IEidAuthData;
+import lombok.NonNull;
 
 /**
  * Handlers for attribute-processing that requires more features than a simple mapping.
@@ -15,7 +19,17 @@ public interface IEidasAttributeHandler {
    * 
    * @param spConfig SP configuration that was build from incoming eIDAS Authn. request.
    */
-  void performSpConfigPostprocessing(ServiceProviderConfiguration spConfig);
+  void performSpConfigPostprocessing(@NonNull ServiceProviderConfiguration spConfig);
+
+  
+  /**
+   * Build eIDAS attribute-value from authentication data.
+   * 
+   * @param eidAuthData Authentication data for current process
+   * @return attribute-value if attribute is available, otherwise <code>null</code>
+   */
+  @Nullable
+  String buildAttributeValue(@NonNull IEidAuthData eidAuthData);
 
   
   
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
index 8348558c..f1cb8f0b 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
@@ -20,6 +20,7 @@ import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration;
 import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
 import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
 import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException;
+import at.asitplus.eidas.specific.modules.msproxyservice.handler.IEidasAttributeHandler;
 import at.asitplus.eidas.specific.modules.msproxyservice.service.ProxyEidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.msproxyservice.utils.EidasProxyServiceUtils;
 import at.gv.egiz.eaaf.core.api.IRequest;
@@ -264,10 +265,29 @@ public class ProxyServiceAuthenticationAction implements IAction {
 
       }
 
-    } else {
-      log.warn("Can not build eIDAS attribute: {}, because there is not corresponding IDA attribute defined",
-          eidasAttrName);
-
+    } else {      
+      Optional<String> advancedAttributeHandler = attrRegistry.mapEidasAttributeToAttributeHandler(eidasAttrName);
+      if (advancedAttributeHandler.isPresent()) {                
+        final String idaAttrValue = context.getBean(advancedAttributeHandler.get(), IEidasAttributeHandler.class)
+            .buildAttributeValue(eidAuthData);                   
+        if (StringUtils.isNotEmpty(idaAttrValue)) {
+          log.debug("Build eIDAS attribute: {} by advanced attribute-handler: {}", 
+              eidasAttrName, advancedAttributeHandler.get());
+          attributeMap.put(
+              attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByName(eidasAttrName),
+              idaAttrValue);
+
+        } else {
+          log.info("Empty attribte-value returned by advanced attribute-handler, eIDAS attribute: {} will be ignored", 
+              eidasAttrName);
+
+        }
+        
+      } else {
+        log.warn("Can not build eIDAS attribute: {}, because there is not corresponding IDA attribute defined",
+            eidasAttrName);  
+        
+      }
     }
   }
 
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java
index 747c808c..edb21722 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/service/ProxyEidasAttributeRegistry.java
@@ -124,6 +124,7 @@ public class ProxyEidasAttributeRegistry {
       String eidasAttributeName, boolean withMandates) {
     return attributeConfiguration.stream()
         .filter(el -> el.getEidasAttributeName().equals(eidasAttributeName))
+        .filter(el -> el.getIdaAttribute() != null)
         .findFirst()
         .map(el -> withMandates ? el.getIdaAttribute().getWithMandates() : el.getIdaAttribute().getBasic())
         .filter(el -> StringUtils.isNotEmpty(el));
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java
index d44ffc2d..d9bc017c 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/ProxyServiceAuthenticationActionTest.java
@@ -397,6 +397,208 @@ public class ProxyServiceAuthenticationActionTest {
     
   }
   
+  @Test 
+  public void borisModeResponseWithJurMandate() throws EaafException, SpecificCommunicationException {
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+    
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME,
+        "MUST_BE_UPDATED");
+    
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first())
+        .build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 8, respAttr.size());  
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_PERSONALIDENTIFIER, 
+        (String) attr.get(PvpAttributeDefinitions.BPK_NAME));
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTFAMILYNAME, authData.getFamilyName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_CURRENTGIVENNAME, authData.getGivenName());
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_REPRESENTATIVE_DATEOFBIRTH, authData.getDateOfBirth());
+   
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER, 
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME));
+    checkAttrValue(respAttr, EidasConstants.eIDAS_ATTR_LEGALNAME, 
+        (String) attr.get(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME));
+    
+    checkAttrValue(respAttr, "eJusticeLegalPersonRole", "VIP1");
+    checkAttrValue(respAttr, "eJusticeNaturalPersonRole", "VIP1");
+    
+    assertNull("find nat. person subject: personalId", 
+        getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER));
+    assertNull("find nat. person subject: familyName", 
+        getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME));
+    assertNull("find nat. person subject: givenName", 
+        getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME));
+    assertNull("find nat. person subject: dateOfBirth", 
+        getAttrValue(respAttr, EidasConstants.eIDAS_ATTR_DATEOFBIRTH));
+    
+  }
+  
+  @Test 
+  public void borisModeResponseWithJurMandate2() throws EaafException, SpecificCommunicationException {
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+    
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME,
+        "SECOND");
+    
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first())
+        .build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 8, respAttr.size());  
+    
+    checkAttrValue(respAttr, "eJusticeLegalPersonRole", "VIP2");
+    checkAttrValue(respAttr, "eJusticeNaturalPersonRole", "VIP2");
+
+    
+  }
+  
+  @Test 
+  public void borisModeNoMandateType() throws EaafException, SpecificCommunicationException {
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+    
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first())
+        .build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 6, respAttr.size());  
+    
+  }
+  
+  @Test 
+  public void borisModeEmptyMandateType() throws EaafException, SpecificCommunicationException {
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+    
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME, "");
+    
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first())
+        .build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 6, respAttr.size());  
+    
+  }
+  
+  @Test 
+  public void borisModeUnknownMandateType() throws EaafException, SpecificCommunicationException {
+    Map<String, Object> attr = new HashMap<>();
+    attr.put(PvpAttributeDefinitions.BPK_NAME, 
+        "AT+XX:" + RandomStringUtils.randomAlphanumeric(10));    
+    IAuthData authData = generateDummyAuthData(attr , EaafConstants.EIDAS_LOA_HIGH,
+        RandomStringUtils.randomAlphanumeric(10), RandomStringUtils.randomAlphanumeric(10), "1945-04-18", true);
+    
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME,
+        RandomStringUtils.randomAlphabetic(10));
+    attr.put(PvpAttributeDefinitions.MANDATE_TYPE_NAME, RandomStringUtils.randomAlphanumeric(10));
+    
+    LightRequest.Builder eidasRequestBuilder = generateBasicLightRequest();
+    eidasRequestBuilder.requestedAttributes(ImmutableAttributeMap.builder()
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(EidasConstants.eIDAS_ATTR_LEGALNAME).first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeLegalPersonRole").first())
+        .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName("eJusticeNaturalPersonRole").first())
+        .build());
+    pendingReq.setEidasRequest(eidasRequestBuilder.build());
+    
+    
+    //perform test
+    SloInformationInterface result = action.processRequest(pendingReq, httpReq, httpResp, authData);
+    
+    //validate state
+    Assert.assertNotNull("Result should be not null", result);
+    
+    ImmutableAttributeMap respAttr = validateBasicEidasResponse(authData);
+    assertEquals("wrong attr. size", 6, respAttr.size());  
+    
+  }
+  
   @Test
   public void responseWithNatMandateWithWorkAround() throws EaafException, SpecificCommunicationException {
     basicConfig.putConfigValue("auth.eIDAS.proxy.workaround.mandates.legalperson", 
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
index 46e0bb69..b59cae5f 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
@@ -14,3 +14,5 @@ eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=idaAttributeMapping.json
 # BORIS attribute for eJustice
 eidas.ms.advanced.atributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED
 eidas.ms.advanced.atributes.ejusticerole.mandate.mode=legal
+eidas.ms.advanced.atributes.ejusticerole.value.1=MUST_BE_UPDATED=VIP1
+eidas.ms.advanced.atributes.ejusticerole.value.2=SECOND=VIP2
diff --git a/ms_specific_proxyservice/src/main/resources/application.properties b/ms_specific_proxyservice/src/main/resources/application.properties
index 40587815..f7aca8a3 100644
--- a/ms_specific_proxyservice/src/main/resources/application.properties
+++ b/ms_specific_proxyservice/src/main/resources/application.properties
@@ -119,7 +119,8 @@ eidas.ms.modules.idaustriaauth.keystore.type=jks
 ## advanced eIDAS attribute processing
 
 # BORIS attribute for eJustice
-eidas.ms.advanced.atributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED
+eidas.ms.advanced.atributes.ejusticerole.mandate.profiles.1=MUST_BE_UPDATED,SECOND
 eidas.ms.advanced.atributes.ejusticerole.mandate.mode=legal
-
+eidas.ms.advanced.atributes.ejusticerole.value.1=MUST_BE_UPDATED,VIP1
+eidas.ms.advanced.atributes.ejusticerole.value.2=SECOND,VIP2
 
-- 
cgit v1.2.3


From ee60dcbde9210e6ecf417af9fd7e4f13e8d95bbd Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Tue, 16 Aug 2022 15:46:31 +0200
Subject: style(eidas): fix typo in configuration properties

---
 .../modules/msproxyservice/handler/EJusticePersonRoleHandler.java | 6 +++---
 .../src/test/resources/config/junit_config_1.properties           | 8 ++++----
 .../src/main/resources/application.properties                     | 7 +++----
 .../test/resources/config/junit_config_1_springboot.properties    | 7 +++++++
 4 files changed, 17 insertions(+), 11 deletions(-)

(limited to 'ms_specific_proxyservice/src/main')

diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
index ec161b1a..87a033eb 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
@@ -31,9 +31,9 @@ import lombok.extern.slf4j.Slf4j;
 @Slf4j
 public class EJusticePersonRoleHandler implements IEidasAttributeHandler {
 
-  public static final String CONFIG_PROP_IDA_MANDATE_PROFILE = "advanced.atributes.ejusticerole.mandate.profiles";
-  public static final String CONFIG_PROP_IDA_MANDATE_MODE = "advanced.atributes.ejusticerole.mandate.mode";
-  public static final String CONFIG_PROP_RESULT_PREFIX = "advanced.atributes.ejusticerole.value.";
+  public static final String CONFIG_PROP_IDA_MANDATE_PROFILE = "advanced.attributes.ejusticerole.mandate.profiles";
+  public static final String CONFIG_PROP_IDA_MANDATE_MODE = "advanced.attributes.ejusticerole.mandate.mode";
+  public static final String CONFIG_PROP_RESULT_PREFIX = "advanced.attributes.ejusticerole.value";
   public static final String CONFIG_PROP_RESULT_VALUE_DELIMITER = "=";
   
   
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
index b59cae5f..8963129e 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
@@ -12,7 +12,7 @@ eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=idaAttributeMapping.json
 ## advanced eIDAS attribute processing
 
 # BORIS attribute for eJustice
-eidas.ms.advanced.atributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED
-eidas.ms.advanced.atributes.ejusticerole.mandate.mode=legal
-eidas.ms.advanced.atributes.ejusticerole.value.1=MUST_BE_UPDATED=VIP1
-eidas.ms.advanced.atributes.ejusticerole.value.2=SECOND=VIP2
+eidas.ms.advanced.attributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED
+eidas.ms.advanced.attributes.ejusticerole.mandate.mode=legal
+eidas.ms.advanced.attributes.ejusticerole.value.1=MUST_BE_UPDATED=VIP1
+eidas.ms.advanced.attributes.ejusticerole.value.2=SECOND=VIP2
diff --git a/ms_specific_proxyservice/src/main/resources/application.properties b/ms_specific_proxyservice/src/main/resources/application.properties
index f7aca8a3..b8da2a10 100644
--- a/ms_specific_proxyservice/src/main/resources/application.properties
+++ b/ms_specific_proxyservice/src/main/resources/application.properties
@@ -119,8 +119,7 @@ eidas.ms.modules.idaustriaauth.keystore.type=jks
 ## advanced eIDAS attribute processing
 
 # BORIS attribute for eJustice
-eidas.ms.advanced.atributes.ejusticerole.mandate.profiles.1=MUST_BE_UPDATED,SECOND
-eidas.ms.advanced.atributes.ejusticerole.mandate.mode=legal
-eidas.ms.advanced.atributes.ejusticerole.value.1=MUST_BE_UPDATED,VIP1
-eidas.ms.advanced.atributes.ejusticerole.value.2=SECOND,VIP2
+eidas.ms.advanced.attributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED,SECOND
+eidas.ms.advanced.attributes.ejusticerole.mandate.mode=legal
+eidas.ms.advanced.attributes.ejusticerole.value.1=MUST_BE_UPDATED=VIP1
 
diff --git a/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties b/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties
index 47d50191..9f36c9d7 100644
--- a/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties
+++ b/ms_specific_proxyservice/src/test/resources/config/junit_config_1_springboot.properties
@@ -113,4 +113,11 @@ eidas.ms.modules.idaustriaauth.truststore.password=password
 eidas.ms.modules.idaustriaauth.truststore.type=jks
 
 
+#############################################################################
+## advanced eIDAS attribute processing
+
+# BORIS attribute for eJustice
+eidas.ms.advanced.attributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED
+eidas.ms.advanced.attributes.ejusticerole.mandate.mode=legal
+eidas.ms.advanced.attributes.ejusticerole.value.1=MUST_BE_UPDATED=VIP1
 
-- 
cgit v1.2.3


From 920d33465e5ab1a71d81cc280e41de10cd8b5247 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Wed, 17 Aug 2022 09:53:46 +0200
Subject: feat(eidas): extend EJusticePersonRoleHandler to include additional
 requested attributes

---
 .../handler/EJusticePersonRoleHandler.java         |  22 ++-
 .../EidasProxyServiceControllerBorisTest.java      | 197 +++++++++++++++++++++
 .../protocol/EidasProxyServiceControllerTest.java  |   8 +-
 .../resources/config/junit_config_1.properties     |   1 +
 .../resources/config/junit_config_2.properties     |  18 ++
 .../spring/SpringTest-context_basic_mapConfig2.xml |  20 +++
 .../src/main/resources/application.properties      |   3 +-
 7 files changed, 261 insertions(+), 8 deletions(-)
 create mode 100644 modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerBorisTest.java
 create mode 100644 modules/eidas_proxy-sevice/src/test/resources/config/junit_config_2.properties
 create mode 100644 modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig2.xml

(limited to 'ms_specific_proxyservice/src/main')

diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
index 87a033eb..6a5e4967 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/handler/EJusticePersonRoleHandler.java
@@ -33,6 +33,9 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler {
 
   public static final String CONFIG_PROP_IDA_MANDATE_PROFILE = "advanced.attributes.ejusticerole.mandate.profiles";
   public static final String CONFIG_PROP_IDA_MANDATE_MODE = "advanced.attributes.ejusticerole.mandate.mode";
+  public static final String CONFIG_PROP_IDA_ADDITIONAL_ATTRIBUTES = 
+      "advanced.attributes.ejusticerole.additional.ida.attributes";    
+  
   public static final String CONFIG_PROP_RESULT_PREFIX = "advanced.attributes.ejusticerole.value";
   public static final String CONFIG_PROP_RESULT_VALUE_DELIMITER = "=";
   
@@ -41,14 +44,21 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler {
   
   private SpMandateModes mandateMode;
   private List<String> mandateProfiles;
+  private List<String> additionalReqAttributes;
   private Map<String, String> resultMapper;
   
   @Override
   public void performSpConfigPostprocessing(ServiceProviderConfiguration spConfig) {    
     spConfig.setMandateMode(mandateMode);
-    spConfig.setMandateProfiles(mandateProfiles);      
+    spConfig.setMandateProfiles(mandateProfiles);
     log.info("Enforcing mandate-mode: {} with profile: {}", mandateMode, mandateProfiles);
     
+    if (!additionalReqAttributes.isEmpty()) {
+      spConfig.getRequestedAttributes().addAll(additionalReqAttributes);
+      log.info("Add additional requested attributes: {}", additionalReqAttributes);
+      
+    }
+    
   }
   
   @Override
@@ -80,8 +90,10 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler {
   
   @PostConstruct
   private void initialize() throws EaafConfigurationException {    
-    mandateMode = SpMandateModes.fromString(loadConfigValue(CONFIG_PROP_IDA_MANDATE_MODE));
-    mandateProfiles = KeyValueUtils.getListOfCsvValues(loadConfigValue(CONFIG_PROP_IDA_MANDATE_PROFILE));    
+    mandateMode = SpMandateModes.fromString(loadConfigValue(CONFIG_PROP_IDA_MANDATE_MODE, true));
+    mandateProfiles = KeyValueUtils.getListOfCsvValues(loadConfigValue(CONFIG_PROP_IDA_MANDATE_PROFILE, true));  
+    additionalReqAttributes = KeyValueUtils.getListOfCsvValues(
+        loadConfigValue(CONFIG_PROP_IDA_ADDITIONAL_ATTRIBUTES, false));
     resultMapper = config.getBasicConfigurationWithPrefix(CONFIG_PROP_RESULT_PREFIX).values().stream()
         .filter(el -> el.contains(CONFIG_PROP_RESULT_VALUE_DELIMITER))        
         .collect(Collectors.toMap(x -> split(x, 0), x -> split(x, 1)));                            
@@ -111,9 +123,9 @@ public class EJusticePersonRoleHandler implements IEidasAttributeHandler {
   }
 
 
-  private String loadConfigValue(String configProp) throws EaafConfigurationException {
+  private String loadConfigValue(String configProp, boolean isRequired) throws EaafConfigurationException {
     String value = config.getBasicConfiguration(configProp);
-    if (StringUtils.isEmpty(value)) {
+    if (StringUtils.isEmpty(value) && isRequired) {
       throw new EaafConfigurationException("internal.configuration.00", 
           new Object[]{configProp});  
       
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerBorisTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerBorisTest.java
new file mode 100644
index 00000000..dfa4e264
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerBorisTest.java
@@ -0,0 +1,197 @@
+package at.asitplus.eidas.specific.modules.msproxyservice.test.protocol;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.util.Arrays;
+import java.util.List;
+import java.util.UUID;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+
+import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration;
+import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap;
+import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
+import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry;
+import at.asitplus.eidas.specific.modules.core.eidas.test.dummy.DummySpecificCommunicationService;
+import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants;
+import at.asitplus.eidas.specific.modules.msproxyservice.protocol.EidasProxyServiceController;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyProtocolAuthService;
+import eu.eidas.auth.commons.EidasParameterKeys;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.light.impl.LightRequest;
+import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames;
+import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = {
+    "/spring/SpringTest-context_basic_test.xml",
+    "/spring/SpringTest-context_basic_mapConfig2.xml",
+  })
+@EnableWebMvc
+public class EidasProxyServiceControllerBorisTest {
+
+  @Autowired private EidasProxyServiceController controller;
+  
+  @Autowired private DummySpecificCommunicationService proxyService;
+  @Autowired private DummyProtocolAuthService authService;
+  @Autowired private EidasAttributeRegistry attrRegistry;
+  @Autowired private ApplicationContext context;
+  
+  @Autowired MsConnectorDummyConfigMap config;
+  
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+  
+  private SpecificCommunicationService springManagedSpecificConnectorCommunicationService;
+  
+  /**
+   * jUnit test set-up.
+   */
+  @Before
+  public void setUp() throws EaafStorageException, URISyntaxException {
+    httpReq = new MockHttpServletRequest("POST", "http://localhost/ms_connector/eidas/light/idp/redirect");
+    httpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+       
+    proxyService.setiLightRequest(null);
+    proxyService.setError(null);
+            
+    config.putConfigValue("eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint", 
+        "http://eidas.proxy/endpoint");
+    
+    springManagedSpecificConnectorCommunicationService =
+        (SpecificCommunicationService) context.getBean(
+            SpecificCommunicationDefinitionBeanNames.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE
+                .toString());
+    
+  }  
+  
+  @Test
+  public void validAuthnRequestWithBorisAttributeLegal() throws IOException, EaafException {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    String issuer = RandomStringUtils.randomAlphabetic(10);
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(issuer)
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(spCountryCode)
+        .spType("public")
+        .requestedAttributes(ImmutableAttributeMap.builder()
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_LEGALNAME).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                "eJusticeLegalPersonRole").first())
+            .build());
+       
+    proxyService.setiLightRequest(authnReqBuilder.build());
+   
+
+    // set default mandate configuration    
+    List<String> mandateProfilesNat = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    List<String> mandateProfilesJur = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true");
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, 
+        StringUtils.join(mandateProfilesNat, ","));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, 
+        StringUtils.join(mandateProfilesJur, ","));
+   
+    
+    //execute
+    controller.receiveEidasAuthnRequest(httpReq, httpResp);
+    
+    //validate state
+    ServiceProviderConfiguration spConfig = 
+        authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+    assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+    assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+    assertEquals("mandateprofile size", 1, spConfig.getMandateProfiles().size());
+    assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0));      
+    assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode());    
+    
+    assertEquals("requested IDA attributes", 10, spConfig.getRequestedAttributes().size());
+    
+  }
+  
+  @Test
+  public void validAuthnRequestWithBorisAttributeNat() throws IOException, EaafException {       
+    //initialize state
+    httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10));    
+    String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase();
+    String issuer = RandomStringUtils.randomAlphabetic(10);
+    LightRequest.Builder authnReqBuilder = LightRequest.builder()
+        .id(UUID.randomUUID().toString())
+        .issuer(issuer)
+        .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase())
+        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .spCountryCode(spCountryCode)
+        .spType("public")
+        .requestedAttributes(ImmutableAttributeMap.builder()
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first())
+            .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
+                "eJusticeNaturalPersonRole").first())
+            .build());
+       
+    proxyService.setiLightRequest(authnReqBuilder.build());
+   
+
+    // set default mandate configuration    
+    List<String> mandateProfilesNat = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    List<String> mandateProfilesJur = 
+        Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true");
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, 
+        StringUtils.join(mandateProfilesNat, ","));
+    config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, 
+        StringUtils.join(mandateProfilesJur, ","));
+   
+    
+    //execute
+    controller.receiveEidasAuthnRequest(httpReq, httpResp);
+    
+    //validate state
+    ServiceProviderConfiguration spConfig = 
+        authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class);
+    assertNotNull("mandateprofiles", spConfig.getMandateProfiles());
+    assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty());
+    assertEquals("mandateprofile size", 1, spConfig.getMandateProfiles().size());
+    assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0));      
+    assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode());    
+    
+    assertEquals("requested IDA attributes", 6, spConfig.getRequestedAttributes().size());    
+
+  }
+  
+}
+
+
diff --git a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
index 4f62b2eb..5894ea45 100644
--- a/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
+++ b/modules/eidas_proxy-sevice/src/test/java/at/asitplus/eidas/specific/modules/msproxyservice/test/protocol/EidasProxyServiceControllerTest.java
@@ -781,7 +781,7 @@ public class EidasProxyServiceControllerTest {
     assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0));      
     assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode());    
     
-    assertEquals("requested IDA attributes", 10, spConfig.getRequestedAttributes().size());
+    assertEquals("requested IDA attributes", 11, spConfig.getRequestedAttributes().size());
     
   }
   
@@ -832,7 +832,11 @@ public class EidasProxyServiceControllerTest {
     assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0));      
     assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode());    
     
-    assertEquals("requested IDA attributes", 6, spConfig.getRequestedAttributes().size());
+    assertEquals("requested IDA attributes", 7, spConfig.getRequestedAttributes().size());    
+    assertTrue("missing additional attribute", spConfig.getRequestedAttributes().stream()
+        .filter(el -> el.equals("testAttribute"))
+        .findFirst()
+        .isPresent());
     
   }
   
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
index 8963129e..90b44868 100644
--- a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_1.properties
@@ -14,5 +14,6 @@ eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=idaAttributeMapping.json
 # BORIS attribute for eJustice
 eidas.ms.advanced.attributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED
 eidas.ms.advanced.attributes.ejusticerole.mandate.mode=legal
+eidas.ms.advanced.attributes.ejusticerole.additional.ida.attributes=testAttribute
 eidas.ms.advanced.attributes.ejusticerole.value.1=MUST_BE_UPDATED=VIP1
 eidas.ms.advanced.attributes.ejusticerole.value.2=SECOND=VIP2
diff --git a/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_2.properties b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_2.properties
new file mode 100644
index 00000000..8963129e
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/test/resources/config/junit_config_2.properties
@@ -0,0 +1,18 @@
+## Basic service configuration
+eidas.ms.context.url.prefix=http://localhost
+eidas.ms.context.url.request.validation=false
+
+eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy
+eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://eidas.proxy/endpoint
+
+eidas.ms.auth.eIDAS.proxy.attribute.mapping.config=idaAttributeMapping.json
+
+
+#############################################################################
+## advanced eIDAS attribute processing
+
+# BORIS attribute for eJustice
+eidas.ms.advanced.attributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED
+eidas.ms.advanced.attributes.ejusticerole.mandate.mode=legal
+eidas.ms.advanced.attributes.ejusticerole.value.1=MUST_BE_UPDATED=VIP1
+eidas.ms.advanced.attributes.ejusticerole.value.2=SECOND=VIP2
diff --git a/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig2.xml b/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig2.xml
new file mode 100644
index 00000000..dfe98ea5
--- /dev/null
+++ b/modules/eidas_proxy-sevice/src/test/resources/spring/SpringTest-context_basic_mapConfig2.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:context="http://www.springframework.org/schema/context"
+  xmlns:tx="http://www.springframework.org/schema/tx"
+  xmlns:aop="http://www.springframework.org/schema/aop"
+  xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+  <context:annotation-config />
+
+  <bean id="dummyMapBasedConfiguration"
+        class="at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap">
+    <constructor-arg value="/config/junit_config_2.properties" />
+    <property name="configRootDirSufix" value="src/test/resources/config" />
+  </bean>
+
+</beans>
\ No newline at end of file
diff --git a/ms_specific_proxyservice/src/main/resources/application.properties b/ms_specific_proxyservice/src/main/resources/application.properties
index b8da2a10..c9d5e58f 100644
--- a/ms_specific_proxyservice/src/main/resources/application.properties
+++ b/ms_specific_proxyservice/src/main/resources/application.properties
@@ -120,6 +120,7 @@ eidas.ms.modules.idaustriaauth.keystore.type=jks
 
 # BORIS attribute for eJustice
 eidas.ms.advanced.attributes.ejusticerole.mandate.profiles=MUST_BE_UPDATED,SECOND
-eidas.ms.advanced.attributes.ejusticerole.mandate.mode=legal
+eidas.ms.advanced.attributes.ejusticerole.mandate.mode=forceLegal
+eidas.ms.advanced.attributes.ejusticerole.additional.ida.attributes=
 eidas.ms.advanced.attributes.ejusticerole.value.1=MUST_BE_UPDATED=VIP1
 
-- 
cgit v1.2.3