13 files changed, 911 insertions, 0 deletions
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/AuthnRequestSemperProcessorTest.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/AuthnRequestSemperProcessorTest.java
new file mode 100644
index 000000000..9b0ebf88c
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/AuthnRequestSemperProcessorTest.java
@@ -0,0 +1,348 @@
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.semper;
+
+import static org.hamcrest.collection.IsIterableContainingInOrder.contains;
+import static org.junit.Assert.assertThat;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+import at.gv.egiz.eaaf.core.impl.idp.conf.SPConfigurationImpl;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+    "/SpringTest-context_basic_test.xml" })
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
+public class AuthnRequestSemperProcessorTest {
+
+  @Autowired DummyAuthConfigMap configMap;
+  @Autowired AuthnRequestSemperProcessor processor;
+  
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+  private TestRequestImpl pendingReq;
+  
+  /**
+   * jUnit class initializer.
+   * @throws ConfigurationException In case of an OpenSAML error
+   * 
+   */
+  @BeforeClass
+  public static void classInitializer() throws ConfigurationException {
+    EAAFDefaultSAML2Bootstrap.bootstrap();
+    
+  }
+
+  /**
+   * jUnit test set-up.
+   * 
+   */
+  @Before 
+  public void initialize() {
+    configMap.putConfigValue(EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, "true");
+    configMap.putConfigValue(EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_MS_PROXY_LIST, 
+        RandomStringUtils.randomAlphabetic(15) + ",https://demo.egiz.gv.at/ms_connector/sp/metadata");
+    
+    httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+    httpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+    
+    Map<String, String> spConfig = new HashMap<>();
+    spConfig.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, 
+        "https://demo.egiz.gv.at/ms_connector/sp/metadata");
+    
+    pendingReq = new TestRequestImpl();
+    pendingReq.setAuthURL("https://localhost/ms_connector");
+    pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setSpConfig(new OAAuthParameterDecorator(new SPConfigurationImpl(spConfig, configMap)));
+    
+  }
+  
+  @Test
+  public void semperModeNotSet() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException {
+    configMap.removeConfigValue(EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE);    
+    
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_1.xml");
+    
+    processor.process(httpReq, pendingReq, authReq , null);
+    
+    ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+    Assert.assertNotNull("SP config is null", spConfig);
+    org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, 
+        spConfig, "SP config is NOT of type MOA-ID SP Config");
+    
+    Assert.assertNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier());    
+    Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox());   
+    Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles());    
+    
+  }
+  
+  @Test
+  public void semperModeInactive() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException {
+    configMap.putConfigValue(EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, "false");    
+    
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_1.xml");
+    
+    processor.process(httpReq, pendingReq, authReq , null);
+    
+    ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+    Assert.assertNotNull("SP config is null", spConfig);
+    org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, 
+        spConfig, "SP config is NOT of type MOA-ID SP Config");
+    
+    Assert.assertNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier());    
+    Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox());   
+    Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles());    
+    
+  }
+  
+  @Test
+  public void allowedSPsNotSet() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException {
+    configMap.removeConfigValue(EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_MS_PROXY_LIST);    
+    
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_1.xml");
+    
+    processor.process(httpReq, pendingReq, authReq , null);
+    
+    ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+    Assert.assertNotNull("SP config is null", spConfig);
+    org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, 
+        spConfig, "SP config is NOT of type MOA-ID SP Config");
+    
+    Assert.assertNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier());    
+    Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox());   
+    Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles());    
+    
+  }
+  
+  @Test
+  public void nonValidSpEntityId() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException {
+        
+    
+    pendingReq.getServiceProviderConfiguration().getFullConfiguration().put(
+        EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, 
+        "https://apps.egiz.gv.at/ms_connector/sp/metadata");
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_2.xml");
+    
+    processor.process(httpReq, pendingReq, authReq , null);
+    
+    ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+    Assert.assertNotNull("SP config is null", spConfig);
+    org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, 
+        spConfig, "SP config is NOT of type MOA-ID SP Config");
+    
+    Assert.assertNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier());    
+    Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox());   
+    Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles());    
+    
+  }
+  
+  @Test
+  public void bPKTargetIsMissing_1() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException {
+        
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_3.xml");
+    
+    try {
+      processor.process(httpReq, pendingReq, authReq , null);
+      Assert.fail("No bPK target not detected");
+      
+    } catch (AuthnRequestValidatorException e) {
+      Assert.assertEquals("ErrorMessage", "pvp2.22", e.getErrorId());
+      
+    }        
+  }
+  
+  @Test
+  public void bPKTargetIsMissing_2() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException {
+        
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_4.xml");
+    
+    try {
+      processor.process(httpReq, pendingReq, authReq , null);
+      Assert.fail("No bPK target not detected");
+      
+    } catch (AuthnRequestValidatorException e) {
+      Assert.assertEquals("ErrorMessage", "pvp2.22", e.getErrorId());
+      
+    }        
+  }
+  
+  @Test
+  public void bPKTargetIsMissing_3() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException {
+        
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_5.xml");
+    
+    try {
+      processor.process(httpReq, pendingReq, authReq , null);
+      Assert.fail("No bPK target not detected");
+      
+    } catch (AuthnRequestValidatorException e) {
+      Assert.assertEquals("ErrorMessage", "pvp2.22", e.getErrorId());
+      
+    }        
+  }
+  
+  @Test
+  public void noRequestedAttributes() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException {
+        
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_9.xml");
+    
+    try {
+      processor.process(httpReq, pendingReq, authReq , null);
+      Assert.fail("No bPK target not detected");
+      
+    } catch (AuthnRequestValidatorException e) {
+      Assert.assertEquals("ErrorMessage", "pvp2.22", e.getErrorId());
+      
+    }        
+  }
+  
+  @Test
+  public void noSAML2ExtentsionElement() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException {
+        
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_10.xml");
+    
+    try {
+      processor.process(httpReq, pendingReq, authReq , null);
+      Assert.fail("No bPK target not detected");
+      
+    } catch (AuthnRequestValidatorException e) {
+      Assert.assertEquals("ErrorMessage", "pvp2.22", e.getErrorId());
+      
+    }        
+  }
+  
+  @Test
+  public void validSpEntityIdNoMandateProfiles() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException {
+        
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_6.xml");
+    
+    processor.process(httpReq, pendingReq, authReq , null);
+    
+    ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+    Assert.assertNotNull("SP config is null", spConfig);
+    org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, 
+        spConfig, "SP config is NOT of type MOA-ID SP Config");
+    
+    Assert.assertNotNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier());
+    Assert.assertEquals("SP target not match",  "urn:publicid:gv.at:eidasid+AT+EE", spConfig.getAreaSpecificTargetIdentifier());
+    
+
+    Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox());    
+    Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles());    
+    
+  }
+  
+  @Test
+  public void validSpEntityIdNotValidMandateProfiles_1() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException {
+        
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_7.xml");
+    
+    processor.process(httpReq, pendingReq, authReq , null);
+    
+    ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+    Assert.assertNotNull("SP config is null", spConfig);
+    org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, 
+        spConfig, "SP config is NOT of type MOA-ID SP Config");
+    
+    Assert.assertNotNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier());
+    Assert.assertEquals("SP target not match",  "urn:publicid:gv.at:eidasid+AT+EE", spConfig.getAreaSpecificTargetIdentifier());
+    
+
+    Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox());    
+    Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles());    
+    
+  }
+  
+  @Test
+  public void validSpEntityIdNotValidMandateProfiles_2() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException {
+        
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_8.xml");
+    
+    processor.process(httpReq, pendingReq, authReq , null);
+    
+    ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+    Assert.assertNotNull("SP config is null", spConfig);
+    org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, 
+        spConfig, "SP config is NOT of type MOA-ID SP Config");
+    
+    Assert.assertNotNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier());
+    Assert.assertEquals("SP target not match",  "urn:publicid:gv.at:eidasid+AT+EE", spConfig.getAreaSpecificTargetIdentifier());
+    
+
+    Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox());    
+    Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles());    
+    
+  }
+  
+  @Test
+  public void validSpEntityIdWithMandateProfiles() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException {
+        
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_1.xml");
+    
+    processor.process(httpReq, pendingReq, authReq , null);
+    
+    ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+    Assert.assertNotNull("SP config is null", spConfig);
+    org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, 
+        spConfig, "SP config is NOT of type MOA-ID SP Config");
+    
+    Assert.assertNotNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier());
+    Assert.assertEquals("SP target not match",  "urn:publicid:gv.at:eidasid+AT+EE", spConfig.getAreaSpecificTargetIdentifier());
+    
+
+    Assert.assertTrue("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox());
+    
+    Assert.assertNotNull("Mandate profiles are null", ((OAAuthParameterDecorator)spConfig).getMandateProfiles());    
+    Assert.assertEquals("Number of mandate profiles not match",  3, ((OAAuthParameterDecorator)spConfig).getMandateProfiles().size());
+    assertThat("Mandate profiles not match", ((OAAuthParameterDecorator)spConfig).getMandateProfiles(), 
+        contains("Einzelvertretungsbefugnis", "1.2.40.0.10.1.7.3.1.1", "ERsB"));
+    
+  }
+  
+  private AuthnRequest getAuthRequest(String resource) throws 
+      ParserConfigurationException, SAXException, IOException, UnmarshallingException {
+   final Element authBlockDom =
+       DOMUtils.parseXmlValidating(AuthnRequestSemperProcessor.class.getResourceAsStream(resource));
+
+   final UnmarshallerFactory unmarshallerFactory =
+       org.opensaml.xml.Configuration.getUnmarshallerFactory();
+   final Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDom);
+   return (AuthnRequest) unmarshaller.unmarshall(authBlockDom);
+
+}
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/DummyAuthConfigMap.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/DummyAuthConfigMap.java
new file mode 100644
index 000000000..1cc51f2e0
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/DummyAuthConfigMap.java
@@ -0,0 +1,136 @@
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.semper;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
+/**
+ * Dummy Application-configuration implementation for jUnit tests.
+ *
+ * @author tlenz
+ *
+ */
+public class DummyAuthConfigMap implements IConfigurationWithSP {
+
+  private Map<String, String> config = new HashMap<>();
+  
+  public DummyAuthConfigMap() {
+    
+  }
+  
+  /**
+   * Dummy Application-configuration.
+   *
+   * @param configIs Property based configuration
+   * @throws IOException In case of an configuration read error
+   */
+  public DummyAuthConfigMap(final InputStream configIs) throws IOException {
+
+    final Properties props = new Properties();
+    props.load(configIs);
+
+    config = KeyValueUtils.convertPropertiesToMap(props);
+
+  }
+
+  /**
+   * Dummy Application-configuration.
+   *
+   * @param path Path to property based configuration
+   * @throws IOException In case of an configuration read error
+   */
+  public DummyAuthConfigMap(final String path) throws IOException {
+
+    final Properties props = new Properties();
+    props.load(this.getClass().getResourceAsStream(path));
+
+    config = KeyValueUtils.convertPropertiesToMap(props);
+
+  }
+
+
+  @Override
+  public String getBasicConfiguration(final String key) {
+    return config.get(key);
+
+  }
+
+  @Override
+  public String getBasicConfiguration(final String key, final String defaultValue) {
+    final String value = getBasicConfiguration(key);
+    if (StringUtils.isEmpty(value)) {
+      return defaultValue;
+    } else {
+      return value;
+    }
+
+  }
+
+  @Override
+  public Boolean getBasicConfigurationBoolean(final String key) {
+    final String value = getBasicConfiguration(key);
+    if (StringUtils.isEmpty(value)) {
+      return false;
+    } else {
+      return Boolean.valueOf(value);
+    }
+  }
+
+  @Override
+  public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue) {
+    return Boolean.parseBoolean(getBasicConfiguration(key, String.valueOf(defaultValue)));
+
+  }
+
+  @Override
+  public Map<String, String> getBasicConfigurationWithPrefix(final String prefix) {
+    return KeyValueUtils.getSubSetWithPrefix(config, prefix);
+
+  }
+
+  @Override
+  public ISPConfiguration getServiceProviderConfiguration(final String uniqueID)
+      throws EAAFConfigurationException {
+    return null;
+  }
+
+  @Override
+  public <T> T getServiceProviderConfiguration(final String spIdentifier, final Class<T> decorator)
+      throws EAAFConfigurationException {
+    return null;
+  }
+
+  @Override
+  public URI getConfigurationRootDirectory() {
+    return new java.io.File(".").toURI();
+
+  }
+
+  @Override
+  public String validateIDPURL(final URL authReqUrl) throws EAAFException {
+    return null;
+  }
+
+  public void putConfigValue(final String key, final String value) {
+    config.put(key, value);
+  }
+
+  public void removeConfigValue(final String key) {
+    config.remove(key);
+
+  }
+
+
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/SpringTest-context_basic_test.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/SpringTest-context_basic_test.xml
new file mode 100644
index 000000000..18900c27d
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/SpringTest-context_basic_test.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:context="http://www.springframework.org/schema/context"
+  xmlns:tx="http://www.springframework.org/schema/tx"
+  xmlns:aop="http://www.springframework.org/schema/aop"
+  xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+  <context:annotation-config />
+
+  <bean   id="semperAuthnRequestPostProcessor"
+          class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.semper.AuthnRequestSemperProcessor" />
+
+  <bean   id="dummyConfig"
+          class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.semper.DummyAuthConfigMap" />
+
+</beans>
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_1.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_1.xml
new file mode 100644
index 000000000..f6c6b26ee
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_1.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="0" Destination="https://vidp.gv.at/ms_connector/pvp/post" ID="_5f6e9aff8ff6fa4b84e888bf99400f95" IsPassive="false" IssueInstant="2019-12-13T06:42:21.185Z" ProviderName="OpenID Connect Demo" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/ms_connector/sp/metadata</saml2:Issuer>
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#_5f6e9aff8ff6fa4b84e888bf99400f95">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue>mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A==</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <saml2p:Extensions>
+    <eid:RequestedAttributes xmlns:eid="http://eid.gv.at/eID/attributes/saml-extensions">
+      <eid:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:eidasid+AT+EE</eid:AttributeValue>
+      </eid:RequestedAttribute>
+      <eid:RequestedAttribute FriendlyName="ServiceProvider-MandateProfiles" Name="urn:eidgvat:attributes.ServiceProviderMandateProfiles" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB</eid:AttributeValue>
+      </eid:RequestedAttribute>
+    </eid:RequestedAttributes>
+  </saml2p:Extensions>
+  <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
+  <saml2p:RequestedAuthnContext Comparison="minimum">
+    <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://eidas.europa.eu/LoA/low</saml2:AuthnContextClassRef>
+  </saml2p:RequestedAuthnContext>
+  <saml2p:Scoping>
+    <saml2p:RequesterID>https://demo.egiz.gv.at/demoportal-openID_demo</saml2p:RequesterID>
+  </saml2p:Scoping>
+</saml2p:AuthnRequest>
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_10.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_10.xml
new file mode 100644
index 000000000..1d52986fc
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_10.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="0" Destination="https://vidp.gv.at/ms_connector/pvp/post" ID="_5f6e9aff8ff6fa4b84e888bf99400f95" IsPassive="false" IssueInstant="2019-12-13T06:42:21.185Z" ProviderName="OpenID Connect Demo" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/ms_connector/sp/metadata</saml2:Issuer>
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#_5f6e9aff8ff6fa4b84e888bf99400f95">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue>mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A==</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
+  <saml2p:RequestedAuthnContext Comparison="minimum">
+    <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://eidas.europa.eu/LoA/low</saml2:AuthnContextClassRef>
+  </saml2p:RequestedAuthnContext>
+  <saml2p:Scoping>
+    <saml2p:RequesterID>https://demo.egiz.gv.at/demoportal-openID_demo</saml2p:RequesterID>
+  </saml2p:Scoping>
+</saml2p:AuthnRequest>
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_2.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_2.xml
new file mode 100644
index 000000000..c5b634539
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_2.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="0" Destination="https://vidp.gv.at/ms_connector/pvp/post" ID="_5f6e9aff8ff6fa4b84e888bf99400f95" IsPassive="false" IssueInstant="2019-12-13T06:42:21.185Z" ProviderName="OpenID Connect Demo" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://apps.egiz.gv.at/ms_connector/sp/metadata</saml2:Issuer>
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#_5f6e9aff8ff6fa4b84e888bf99400f95">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue>mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A==</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <saml2p:Extensions>
+    <eid:RequestedAttributes xmlns:eid="http://eid.gv.at/eID/attributes/saml-extensions">
+      <eid:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:eidasid+AT+EE</eid:AttributeValue>
+      </eid:RequestedAttribute>
+      <eid:RequestedAttribute FriendlyName="ServiceProvider-MandateProfiles" Name="urn:eidgvat:attributes.ServiceProviderMandateProfiles" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB</eid:AttributeValue>
+      </eid:RequestedAttribute>
+    </eid:RequestedAttributes>
+  </saml2p:Extensions>
+  <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
+  <saml2p:RequestedAuthnContext Comparison="minimum">
+    <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://eidas.europa.eu/LoA/low</saml2:AuthnContextClassRef>
+  </saml2p:RequestedAuthnContext>
+  <saml2p:Scoping>
+    <saml2p:RequesterID>https://demo.egiz.gv.at/demoportal-openID_demo</saml2p:RequesterID>
+  </saml2p:Scoping>
+</saml2p:AuthnRequest>
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_3.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_3.xml
new file mode 100644
index 000000000..d79caa0fe
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_3.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="0" Destination="https://vidp.gv.at/ms_connector/pvp/post" ID="_5f6e9aff8ff6fa4b84e888bf99400f95" IsPassive="false" IssueInstant="2019-12-13T06:42:21.185Z" ProviderName="OpenID Connect Demo" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/ms_connector/sp/metadata</saml2:Issuer>
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#_5f6e9aff8ff6fa4b84e888bf99400f95">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue>mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A==</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <saml2p:Extensions>
+    <eid:RequestedAttributes xmlns:eid="http://eid.gv.at/eID/attributes/saml-extensions">
+      <eid:RequestedAttribute FriendlyName="ServiceProvider-MandateProfiles" Name="urn:eidgvat:attributes.ServiceProviderMandateProfiles" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB</eid:AttributeValue>
+      </eid:RequestedAttribute>
+    </eid:RequestedAttributes>
+  </saml2p:Extensions>
+  <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
+  <saml2p:RequestedAuthnContext Comparison="minimum">
+    <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://eidas.europa.eu/LoA/low</saml2:AuthnContextClassRef>
+  </saml2p:RequestedAuthnContext>
+  <saml2p:Scoping>
+    <saml2p:RequesterID>https://demo.egiz.gv.at/demoportal-openID_demo</saml2p:RequesterID>
+  </saml2p:Scoping>
+</saml2p:AuthnRequest>
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_4.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_4.xml
new file mode 100644
index 000000000..c04a97a7f
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_4.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="0" Destination="https://vidp.gv.at/ms_connector/pvp/post" ID="_5f6e9aff8ff6fa4b84e888bf99400f95" IsPassive="false" IssueInstant="2019-12-13T06:42:21.185Z" ProviderName="OpenID Connect Demo" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/ms_connector/sp/metadata</saml2:Issuer>
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#_5f6e9aff8ff6fa4b84e888bf99400f95">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue>mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A==</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <saml2p:Extensions>
+    <eid:RequestedAttributes xmlns:eid="http://eid.gv.at/eID/attributes/saml-extensions">
+      <eid:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string"></eid:AttributeValue>
+      </eid:RequestedAttribute>
+      <eid:RequestedAttribute FriendlyName="ServiceProvider-MandateProfiles" Name="urn:eidgvat:attributes.ServiceProviderMandateProfiles" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB</eid:AttributeValue>
+      </eid:RequestedAttribute>
+    </eid:RequestedAttributes>
+  </saml2p:Extensions>
+  <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
+  <saml2p:RequestedAuthnContext Comparison="minimum">
+    <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://eidas.europa.eu/LoA/low</saml2:AuthnContextClassRef>
+  </saml2p:RequestedAuthnContext>
+  <saml2p:Scoping>
+    <saml2p:RequesterID>https://demo.egiz.gv.at/demoportal-openID_demo</saml2p:RequesterID>
+  </saml2p:Scoping>
+</saml2p:AuthnRequest>
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_5.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_5.xml
new file mode 100644
index 000000000..339514323
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_5.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="0" Destination="https://vidp.gv.at/ms_connector/pvp/post" ID="_5f6e9aff8ff6fa4b84e888bf99400f95" IsPassive="false" IssueInstant="2019-12-13T06:42:21.185Z" ProviderName="OpenID Connect Demo" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/ms_connector/sp/metadata</saml2:Issuer>
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#_5f6e9aff8ff6fa4b84e888bf99400f95">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue>mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A==</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <saml2p:Extensions>
+    <eid:RequestedAttributes xmlns:eid="http://eid.gv.at/eID/attributes/saml-extensions">
+      <eid:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:eidasid+AT+EE</eid:AttributeValue>
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:eidasid+AT+XX</eid:AttributeValue>
+      </eid:RequestedAttribute>
+      <eid:RequestedAttribute FriendlyName="ServiceProvider-MandateProfiles" Name="urn:eidgvat:attributes.ServiceProviderMandateProfiles" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB</eid:AttributeValue>
+      </eid:RequestedAttribute>
+    </eid:RequestedAttributes>
+  </saml2p:Extensions>
+  <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
+  <saml2p:RequestedAuthnContext Comparison="minimum">
+    <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://eidas.europa.eu/LoA/low</saml2:AuthnContextClassRef>
+  </saml2p:RequestedAuthnContext>
+  <saml2p:Scoping>
+    <saml2p:RequesterID>https://demo.egiz.gv.at/demoportal-openID_demo</saml2p:RequesterID>
+  </saml2p:Scoping>
+</saml2p:AuthnRequest>
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_6.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_6.xml
new file mode 100644
index 000000000..8a046363c
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_6.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="0" Destination="https://vidp.gv.at/ms_connector/pvp/post" ID="_5f6e9aff8ff6fa4b84e888bf99400f95" IsPassive="false" IssueInstant="2019-12-13T06:42:21.185Z" ProviderName="OpenID Connect Demo" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/ms_connector/sp/metadata</saml2:Issuer>
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#_5f6e9aff8ff6fa4b84e888bf99400f95">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue>mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A==</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <saml2p:Extensions>
+    <eid:RequestedAttributes xmlns:eid="http://eid.gv.at/eID/attributes/saml-extensions">
+      <eid:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:eidasid+AT+EE</eid:AttributeValue>
+      </eid:RequestedAttribute>
+    </eid:RequestedAttributes>
+  </saml2p:Extensions>
+  <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
+  <saml2p:RequestedAuthnContext Comparison="minimum">
+    <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://eidas.europa.eu/LoA/low</saml2:AuthnContextClassRef>
+  </saml2p:RequestedAuthnContext>
+  <saml2p:Scoping>
+    <saml2p:RequesterID>https://demo.egiz.gv.at/demoportal-openID_demo</saml2p:RequesterID>
+  </saml2p:Scoping>
+</saml2p:AuthnRequest>
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_7.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_7.xml
new file mode 100644
index 000000000..502619e94
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_7.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="0" Destination="https://vidp.gv.at/ms_connector/pvp/post" ID="_5f6e9aff8ff6fa4b84e888bf99400f95" IsPassive="false" IssueInstant="2019-12-13T06:42:21.185Z" ProviderName="OpenID Connect Demo" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/ms_connector/sp/metadata</saml2:Issuer>
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#_5f6e9aff8ff6fa4b84e888bf99400f95">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue>mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A==</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <saml2p:Extensions>
+    <eid:RequestedAttributes xmlns:eid="http://eid.gv.at/eID/attributes/saml-extensions">
+      <eid:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:eidasid+AT+EE</eid:AttributeValue>
+      </eid:RequestedAttribute>
+      <eid:RequestedAttribute FriendlyName="ServiceProvider-MandateProfiles" Name="urn:eidgvat:attributes.ServiceProviderMandateProfiles" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB</eid:AttributeValue>
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB</eid:AttributeValue>
+      </eid:RequestedAttribute>
+    </eid:RequestedAttributes>
+  </saml2p:Extensions>
+  <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
+  <saml2p:RequestedAuthnContext Comparison="minimum">
+    <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://eidas.europa.eu/LoA/low</saml2:AuthnContextClassRef>
+  </saml2p:RequestedAuthnContext>
+  <saml2p:Scoping>
+    <saml2p:RequesterID>https://demo.egiz.gv.at/demoportal-openID_demo</saml2p:RequesterID>
+  </saml2p:Scoping>
+</saml2p:AuthnRequest>
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_8.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_8.xml
new file mode 100644
index 000000000..ff667168a
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_8.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="0" Destination="https://vidp.gv.at/ms_connector/pvp/post" ID="_5f6e9aff8ff6fa4b84e888bf99400f95" IsPassive="false" IssueInstant="2019-12-13T06:42:21.185Z" ProviderName="OpenID Connect Demo" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/ms_connector/sp/metadata</saml2:Issuer>
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#_5f6e9aff8ff6fa4b84e888bf99400f95">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue>mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A==</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <saml2p:Extensions>
+    <eid:RequestedAttributes xmlns:eid="http://eid.gv.at/eID/attributes/saml-extensions">
+      <eid:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:eidasid+AT+EE</eid:AttributeValue>
+      </eid:RequestedAttribute>
+      <eid:RequestedAttribute FriendlyName="ServiceProvider-MandateProfiles" Name="urn:eidgvat:attributes.ServiceProviderMandateProfiles" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+      </eid:RequestedAttribute>
+    </eid:RequestedAttributes>
+  </saml2p:Extensions>
+  <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
+  <saml2p:RequestedAuthnContext Comparison="minimum">
+    <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://eidas.europa.eu/LoA/low</saml2:AuthnContextClassRef>
+  </saml2p:RequestedAuthnContext>
+  <saml2p:Scoping>
+    <saml2p:RequesterID>https://demo.egiz.gv.at/demoportal-openID_demo</saml2p:RequesterID>
+  </saml2p:Scoping>
+</saml2p:AuthnRequest>
+\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_9.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_9.xml
new file mode 100644
index 000000000..5506b2f31
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_9.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="0" Destination="https://vidp.gv.at/ms_connector/pvp/post" ID="_5f6e9aff8ff6fa4b84e888bf99400f95" IsPassive="false" IssueInstant="2019-12-13T06:42:21.185Z" ProviderName="OpenID Connect Demo" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://demo.egiz.gv.at/ms_connector/sp/metadata</saml2:Issuer>
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <ds:Reference URI="#_5f6e9aff8ff6fa4b84e888bf99400f95">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <ds:DigestValue>mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A==</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <saml2p:Extensions>
+  </saml2p:Extensions>
+  <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
+  <saml2p:RequestedAuthnContext Comparison="minimum">
+    <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://eidas.europa.eu/LoA/low</saml2:AuthnContextClassRef>
+  </saml2p:RequestedAuthnContext>
+  <saml2p:Scoping>
+    <saml2p:RequesterID>https://demo.egiz.gv.at/demoportal-openID_demo</saml2p:RequesterID>
+  </saml2p:Scoping>
+</saml2p:AuthnRequest>
+\ No newline at end of file