From ba6ba0af88d8c9472a63356ddf3d19f84847c2d7 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Wed, 28 Jul 2021 11:33:11 +0200
Subject: add new authentication module for EHVD communication

---
 id/server/auth-edu/pom.xml                         |   5 +
 .../modules/moa-id-module-ehvd_integration/pom.xml |  57 ++++++++
 .../auth/modules/ehvd/ConfigurationProperties.java |  48 +++++++
 .../auth/modules/ehvd/EhvdServiceAuthModule.java   | 147 ++++++++++++++++++++
 .../EhvdServiceAuthSpringResourceProvider.java     |  62 +++++++++
 .../ehvd/attributes/PvpRoleAttributeBuilder.java   |  58 ++++++++
 .../ehvd/service/EhvdCommunicationService.java     |  69 ++++++++++
 .../modules/ehvd/service/IEhvdCommunication.java   |  23 ++++
 .../ehvd/task/InjectEhvdInformationTask.java       | 103 ++++++++++++++
 .../DefaultAuth_with_ehvd_interaction.process.xml  |  32 +++++
 ...iz.components.spring.api.SpringResourceProvider |   1 +
 .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder |   1 +
 .../resources/moaid_ehvd_service_auth.beans.xml    |  23 ++++
 .../resources/properties/id_messages.properties    |   2 +
 .../protocol_response_statuscodes.properties       |   2 +
 .../auth/modules/ehvd/test/BeanCreationTest.java   |  39 ++++++
 .../ehvd/test/EhvdServiceAuthModuleTest.java       | 101 ++++++++++++++
 .../EhvdServiceAuthSpringResourceProviderTest.java |  56 ++++++++
 .../InjectEhvdIdentityInformationTaskTest.java     | 131 ++++++++++++++++++
 .../attributes/PvpRoleAttributeBuilderTest.java    | 124 +++++++++++++++++
 .../ehvd/test/dummy/DummyAuthConfigMap.java        | 136 +++++++++++++++++++
 .../id/auth/modules/ehvd/test/dummy/TestUtils.java | 150 +++++++++++++++++++++
 .../utils/AttributeBuilderRegistrationTest.java    |  41 ++++++
 .../test/utils/AuthenticationRoleFactoryTest.java  |  65 +++++++++
 .../ehvd/test/utils/MoaStatusMessagerTest.java     |  55 ++++++++
 .../src/test/resources/config/config1.properties   |   5 +
 .../src/test/resources/config/config2.properties   |   4 +
 .../resources/test_ehvd_service_auth.beans.xml     |  19 +++
 .../test_ehvd_service_auth_lazy.beans.xml          |  24 ++++
 .../test_ehvd_service_messager_auth.beans.xml      |  15 +++
 id/server/modules/pom.xml                          |   1 +
 31 files changed, 1599 insertions(+)
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/pom.xml
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/resources/DefaultAuth_with_ehvd_interaction.process.xml
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/resources/moaid_ehvd_service_auth.beans.xml
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/BeanCreationTest.java
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthModuleTest.java
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthSpringResourceProviderTest.java
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/InjectEhvdIdentityInformationTaskTest.java
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/DummyAuthConfigMap.java
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/TestUtils.java
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AttributeBuilderRegistrationTest.java
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AuthenticationRoleFactoryTest.java
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config2.properties
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth.beans.xml
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth_lazy.beans.xml
 create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_messager_auth.beans.xml

(limited to 'id')

diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml
index 42e035c7a..6a8110a28 100644
--- a/id/server/auth-edu/pom.xml
+++ b/id/server/auth-edu/pom.xml
@@ -228,6 +228,11 @@
 		 	<artifactId>moa-id-module-EID_connector</artifactId>
 		</dependency>
 
+    <dependency>
+			<groupId>MOA.id.server.modules</groupId>
+    	<artifactId>moa-id-module-ehvd_integration</artifactId>
+    </dependency>    
+    
 <!-- 	
 		<dependency>
 			<groupId>org.apache.santuario</groupId>
diff --git a/id/server/modules/moa-id-module-ehvd_integration/pom.xml b/id/server/modules/moa-id-module-ehvd_integration/pom.xml
new file mode 100644
index 000000000..05b2d0daa
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/pom.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>MOA.id.server.modules</groupId>
+		<artifactId>moa-id-modules</artifactId>
+		<version>4.1.6-SNAPSHOT</version>
+	</parent>
+	<artifactId>moa-id-module-ehvd_integration</artifactId>
+	<version>${moa-id-ehvd_integration.version}</version>
+	<description>Module to integrate information from EHVD into MOA-ID response</description>
+
+	<dependencies>
+		<dependency>
+			<groupId>MOA.id.server.modules</groupId>
+			<artifactId>moa-id-modul-citizencard_authentication</artifactId>
+			<exclusions>
+				<exclusion>
+					<groupId>*</groupId>
+				</exclusion>
+			</exclusions>
+		</dependency>
+		
+		<dependency>
+			<groupId>MOA.id.server</groupId>
+			<artifactId>moa-id-lib</artifactId>
+			<scope>provided</scope>
+		</dependency>
+
+
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-test</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>junit</groupId>
+			<artifactId>junit</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>at.gv.egiz.eaaf</groupId>
+			<artifactId>eaaf_core_utils</artifactId>
+			<scope>test</scope>
+			<type>test-jar</type>
+		</dependency>
+		<dependency>
+			<groupId>at.gv.egiz.eaaf</groupId>
+			<artifactId>eaaf-core</artifactId>
+			<scope>test</scope>
+			<type>test-jar</type>
+		</dependency>
+								
+	</dependencies>
+</project>
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java
new file mode 100644
index 000000000..fd7d1b013
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2021 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ehvd;
+
+import java.util.Collection;
+
+import com.google.common.collect.Sets;
+
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+
+public class ConfigurationProperties {
+
+  // configuration properties
+  private static final String MODULE_PREFIX = "modules.ehvd.";
+  
+  public static final String PROP_MODULE_ENABLED = MODULE_PREFIX + "enabled";
+  public static final String PROP_MODULE_SP_PREFIX = MODULE_PREFIX + "sp";
+   
+  public static final String PROP_MODULE_SERVICE_TARGET = MODULE_PREFIX + "service.bpk.target";
+  
+  
+  public static final String DEFAULT_EHVD_SERVICE_TARGET = EAAFConstants.URN_PREFIX_CDID + "GH"; 
+  
+  private ConfigurationProperties() {
+    // hide constructor or static class
+  }
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java
new file mode 100644
index 000000000..917c226a2
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java
@@ -0,0 +1,147 @@
+/*
+ * Copyright 2021 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ehvd;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.stream.Collectors;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EhvdServiceAuthModule extends DefaultCitizenCardAuthModuleImpl {
+
+  private int priority = 2;
+
+  @Autowired(required = true)
+  protected IConfigurationWithSP authConfig;
+
+  private Collection<String> uniqueIDsEnabled;
+
+  /*
+   * (non-Javadoc)
+   *
+   * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
+   */
+  @Override
+  public int getPriority() {
+    return priority;
+
+  }
+
+  /**
+   * Sets the priority of this module. Default value is {@code 0}.
+   *
+   * @param priority The priority.
+   */
+  public void setPriority(int priority) {
+    this.priority = priority;
+
+  }
+
+  @PostConstruct
+  private void initialDummyAuthWhiteList() {
+    if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) {
+      Logger.info("AuthModule for 'EHVD injection' is enabled");
+
+      // load allowed service-provider Id's
+      uniqueIDsEnabled = authConfig.getBasicConfigurationWithPrefix(
+          ConfigurationProperties.PROP_MODULE_SP_PREFIX).values().stream()
+          .filter(el -> StringUtils.isNotEmpty(el))
+          .collect(Collectors.toSet());
+
+      if (!uniqueIDsEnabled.isEmpty()) {
+        Logger.info("EHVD communication is enabled for ....");
+        uniqueIDsEnabled.forEach(el -> Logger.info("   EntityID: " + el));
+
+      }
+
+    } else {
+      uniqueIDsEnabled = Collections.emptySet();
+      Logger.info("AuthModule for 'EHVD injection' is disabled");
+
+    }
+
+  }
+
+  /*
+   * (non-Javadoc)
+   *
+   * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.
+   * egovernment.moa.id.process.api.ExecutionContext)
+   */
+  @Override
+  public String selectProcess(ExecutionContext context, IRequest pendingReq) {
+
+    if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) {
+      final String spEntityID = pendingReq.getServiceProviderConfiguration().getUniqueIdentifier();
+      Logger.trace("Checking EHVD communication for SP: " + spEntityID + " ....");      
+      boolean ccAuthRequested = StringUtils.isNotEmpty(super.selectProcess(context, pendingReq));
+      if (uniqueIDsEnabled.contains(spEntityID) && ccAuthRequested) {
+        Logger.debug("EHVD communication is allowed for SP: " + spEntityID);                  
+        return "DefaultAuthenticationWithEHVDInteraction";
+
+      } else {
+        if (Logger.isDebugEnabled()) {
+          if (ccAuthRequested) {
+            Logger.debug("Unique SP-Id: " + spEntityID + " is not in whitelist for EHVD communication.");
+          
+          } else {
+            Logger.trace("No CititzenCard authentication requested. EHVD communication skipped too");
+          
+          }
+        }
+      }
+
+    } else {
+      Logger.trace("'EHVD injection' authentication is disabled");
+
+    }
+
+    return null;
+
+  }
+
+  /*
+   * (non-Javadoc)
+   *
+   * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+   */
+  @Override
+  public String[] getProcessDefinitions() {
+    return new String[] { "classpath:/DefaultAuth_with_ehvd_interaction.process.xml" };
+  }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java
new file mode 100644
index 000000000..ea0695a1a
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2021 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ehvd;
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EhvdServiceAuthSpringResourceProvider implements SpringResourceProvider {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad()
+	 */
+	@Override
+	public Resource[] getResourcesToLoad() {
+		ClassPathResource authConfig = new ClassPathResource("/moaid_ehvd_service_auth.beans.xml", EhvdServiceAuthSpringResourceProvider.class);							
+		return new Resource[] {authConfig};
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan()
+	 */
+	@Override
+	public String[] getPackagesToScan() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName()
+	 */
+	@Override
+	public String getName() {
+		return "Module for 'Dummy Authentication'";
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java
new file mode 100644
index 000000000..0f1c96aa8
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java
@@ -0,0 +1,58 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes;
+
+import java.util.stream.Collectors;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.logging.Logger;
+
+@PVPMETADATA
+public class PvpRoleAttributeBuilder implements IPVPAttributeBuilder {
+
+  private static final String ROLE_NAME_DELIMITER = ";";
+  
+  @Override
+  public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+      IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+    if (authData instanceof IMOAAuthData) {
+      IMOAAuthData moaAuthData = (IMOAAuthData)authData;
+      if (moaAuthData.getAuthenticationRoles() != null 
+          && !moaAuthData.getAuthenticationRoles().isEmpty()) {
+        return g.buildStringAttribute(ROLES_FRIENDLY_NAME, ROLES_NAME,
+            moaAuthData.getAuthenticationRoles().stream()
+                .map(el -> el.getRawRoleString())
+                .collect(Collectors.joining(ROLE_NAME_DELIMITER)));
+        
+        
+      } else {
+        Logger.trace("No PVP roles available. Skipping attribute: " + ROLES_FRIENDLY_NAME);
+        
+      }
+            
+    } else {
+      Logger.info("Attribute: " + ROLES_FRIENDLY_NAME + " is only available in MOA-ID context");
+      
+    }
+       
+    return null;
+    
+  }
+
+  @Override
+  public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+    return g.buildEmptyAttribute(ROLES_FRIENDLY_NAME, ROLES_NAME);
+    
+  }
+
+  @Override
+  public String getName() {
+    return ROLES_NAME;
+    
+  }
+  
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java
new file mode 100644
index 000000000..f0e2069a1
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java
@@ -0,0 +1,69 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.service;
+
+import java.util.Collections;
+import java.util.List;
+
+import javax.annotation.Nonnull;
+import javax.annotation.PostConstruct;
+
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Implement interaction with EHVD service to get GDA information.
+ * 
+ * @author tlenz
+ *
+ */
+public class EhvdCommunicationService implements IEhvdCommunication {
+
+  @Autowired IConfiguration config;
+  
+  private String ehvdBpkTarget;
+  
+  /**
+   * Get user's GDA roles from EHVD Service.
+   * 
+   * @param identityLink IdentityLink of the user
+   * @return {@link List} of Roles that are received from EHVD
+   * @throws AuthenticationException In case of an EHVD communication error
+   * @throws EAAFBuilderException  In case of a bPK generation error
+   */
+  @Override
+  @Nonnull
+  public List<String> getRoles(IIdentityLink identityLink) throws AuthenticationException, EAAFBuilderException {
+  
+    // get bPK for EHVD request
+    Pair<String, String> ehvdBpk = BPKBuilder.generateAreaSpecificPersonIdentifier(
+        identityLink.getIdentificationValue(), 
+        identityLink.getIdentificationType(), 
+        ehvdBpkTarget);
+    
+    
+    //TODO: request EHVD and handle errors
+    
+    //TODO: parse roles from response
+    
+    
+    return Collections.emptyList();
+    
+  }
+
+  @PostConstruct
+  private void initialize() {
+    ehvdBpkTarget = config.getBasicConfiguration(
+        ConfigurationProperties.PROP_MODULE_SERVICE_TARGET, 
+        ConfigurationProperties.DEFAULT_EHVD_SERVICE_TARGET);    
+    Logger.info("Initialize EHVD Client with bPK target: " + ehvdBpkTarget);
+    
+  }
+     
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java
new file mode 100644
index 000000000..8a9c7db5c
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java
@@ -0,0 +1,23 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.service;
+
+import java.util.List;
+
+import javax.annotation.Nonnull;
+
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+
+public interface IEhvdCommunication {
+
+  /**
+   * Get user's GDA roles from EHVD Service.
+   * 
+   * @param identityLink IdentityLink of the user
+   * @return {@link List} of Roles that are received from EHVD
+   * @throws AuthenticationException In case of an EHVD communication error
+   * @throws EAAFBuilderException  In case of a bPK generation error
+   */
+  List<String> getRoles(IIdentityLink identityLink) throws AuthenticationException, EAAFBuilderException;
+
+}
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java
new file mode 100644
index 000000000..b44863b80
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2021 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ehvd.task;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.service.IEhvdCommunication;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("InjectEhvdInformationTask")
+public class InjectEhvdInformationTask extends AbstractAuthServletTask {
+
+  @Autowired IEhvdCommunication ehvdService;
+  
+  /*
+   * (non-Javadoc)
+   *
+   * @see
+   * at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.
+   * egovernment.moa.id.process.api.ExecutionContext,
+   * javax.servlet.http.HttpServletRequest,
+   * javax.servlet.http.HttpServletResponse)
+   */
+  @Override
+  public void execute(ExecutionContext executionContext, HttpServletRequest request,
+      HttpServletResponse response)
+      throws TaskExecutionException {
+    try {
+      final AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
+      
+      // validate internal state
+      validateInternalState(session);
+            
+      // requesting roles from EHVD
+      List<String> ehvdRoles = ehvdService.getRoles(session.getIdentityLink());
+            
+      // inject EHVD roles      
+      session.setGenericDataToSession(PVPConstants.ROLES_NAME, StringUtils.join(ehvdRoles, ";"));
+      
+      // store MOASession into database
+      requestStoreage.storePendingRequest(pendingReq);
+
+    } catch (final MOAIDException e) {
+      throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+    } catch (final Exception e) {
+      throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+    }
+  }
+
+  private void validateInternalState(AuthenticationSessionWrapper session) throws AuthenticationException {
+    //check if identityLink is available
+    if (session.getIdentityLink() == null ) {
+      Logger.error("No IdentityLink in session. There is an internal error in process definition");
+      throw new AuthenticationException("process.04", null);
+      
+    }
+    
+    
+  }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/DefaultAuth_with_ehvd_interaction.process.xml b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/DefaultAuth_with_ehvd_interaction.process.xml
new file mode 100644
index 000000000..2ff0d552f
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/DefaultAuth_with_ehvd_interaction.process.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="DefaultAuthenticationWithEHVDInteraction" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+    <!-- Tasks involved in this authentication flow -->
+	<pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" />
+	<pd:Task id="createIdentityLinkForm"    class="CreateIdentityLinkFormTask" />
+	<pd:Task id="verifyIdentityLink"        class="VerifyIdentityLinkTask"        async="true" />		
+	<pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" />
+	<pd:Task id="verifyAuthBlock"           class="VerifyAuthenticationBlockTask" async="true" />
+		
+	<pd:Task id="injectEhvdInformation"		class="InjectEhvdInformationTask" />	
+	<pd:Task id="userRestrictionTask" 		class="UserRestrictionTask" />
+	
+	<pd:Task id="finalizeAuthentication" 	class="FinalizeAuthenticationTask" />	
+		
+		
+	<!-- definition of the authentication flow -->
+	<pd:StartEvent id="start" />
+	
+	<pd:Transition from="start"                		  to="initializeBKUAuthentication" />	
+	<pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" />	
+	<pd:Transition from="createIdentityLinkForm"      to="verifyIdentityLink" />	
+	<pd:Transition from="verifyIdentityLink"          to="prepareAuthBlockSignature" />			
+	<pd:Transition from="prepareAuthBlockSignature"   to="verifyAuthBlock" />	
+	<pd:Transition from="verifyAuthBlock"             to="userRestrictionTask" />				
+	<pd:Transition from="userRestrictionTask"         to="injectEhvdInformation" />	
+	<pd:Transition from="injectEhvdInformation"       to="finalizeAuthentication" />	
+	<pd:Transition from="finalizeAuthentication"      to="end" />		
+	
+	<pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
new file mode 100644
index 000000000..6985f2b7d
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
@@ -0,0 +1 @@
+at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthSpringResourceProvider
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
new file mode 100644
index 000000000..4dd043048
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -0,0 +1 @@
+at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.PvpRoleAttributeBuilder
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/moaid_ehvd_service_auth.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/moaid_ehvd_service_auth.beans.xml
new file mode 100644
index 000000000..4ef523ec8
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/moaid_ehvd_service_auth.beans.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:aop="http://www.springframework.org/schema/aop"
+	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+	<bean id="ehvdServiceAuthModule" class="at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthModule">
+		<property name="priority" value="4" />
+	</bean>
+ 					 		
+	<bean id="ehvdCommunicationService"
+		  class="at.gv.egovernment.moa.id.auth.modules.ehvd.service.EhvdCommunicationService"/> 					 			
+ 					 						
+	<bean id="InjectEhvdInformationTask" 
+		  class="at.gv.egovernment.moa.id.auth.modules.ehvd.task.InjectEhvdInformationTask"
+		  scope="prototype"/>
+																						
+</beans>
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties
new file mode 100644
index 000000000..89fd19362
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties
@@ -0,0 +1,2 @@
+ehvd.00=GDA Status inaktiv
+ehvd.99=Allgemeiner Fehler bei der Abfrage des EHVD Service
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties
new file mode 100644
index 000000000..fca8fa8cd
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties
@@ -0,0 +1,2 @@
+test.01=aabbccdd
+test.02=zzzyyyxxx
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/BeanCreationTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/BeanCreationTest.java
new file mode 100644
index 000000000..91bf67b2d
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/BeanCreationTest.java
@@ -0,0 +1,39 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test;
+
+import static org.junit.Assert.assertNotNull;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthModule;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+    "/test_ehvd_service_auth_lazy.beans.xml" })
+public class BeanCreationTest {
+
+  @Autowired
+  DummyAuthConfigMap config;
+  @Autowired
+  ApplicationContext context;
+
+  @Before
+  public void initialize() {
+    // re-set config
+    config.putConfigValue("modules.ehvd.enabled", String.valueOf(false));
+
+  }
+
+  @Test
+  public void authModuleDeactivated() {
+    assertNotNull("AuthModule", context.getBean(EhvdServiceAuthModule.class));
+
+  }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthModuleTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthModuleTest.java
new file mode 100644
index 000000000..4a7c98803
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthModuleTest.java
@@ -0,0 +1,101 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthModule;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+    "/test_ehvd_service_auth.beans.xml" })
+public class EhvdServiceAuthModuleTest {
+
+  @Autowired DummyAuthConfigMap config;
+  @Autowired EhvdServiceAuthModule module;
+  
+  private ExecutionContext context;
+  private TestRequestImpl pendingReq;
+  private Map<String, String> spConfigMap;
+  
+  @Before
+  public void initialize() {
+    context = new ExecutionContextImpl();
+
+    spConfigMap = new HashMap<>();
+    spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10));
+    
+    ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config);    
+    pendingReq = new TestRequestImpl();
+    pendingReq.setSpConfig(spConfig);
+        
+    // re-set config
+    config.putConfigValue("modules.ehvd.enabled", String.valueOf(true));
+        
+    context.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, String.valueOf(false));
+    context.put(MOAIDAuthConstants.PARAM_BKU, RandomStringUtils.randomAlphabetic(5));
+    
+  }
+  
+  @Test
+  public void checkProcessDefinition() {    
+    String[] def = module.getProcessDefinitions();
+    
+    assertNotNull("no process definition", def);    
+    Arrays.asList(def).stream().forEach(
+        el -> EhvdServiceAuthModuleTest.class.getResourceAsStream(el));
+    
+  }
+  
+  @Test
+  public void bkuSelectionActiv() {
+    context.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, String.valueOf(true));
+    
+    assertNull("wrong authModule selected", module.selectProcess(context, pendingReq));
+    
+  }
+  
+  @Test
+  public void deactivated() {
+    config.putConfigValue("modules.ehvd.enabled", String.valueOf(false));
+    
+    assertNull("wrong authModule selected", module.selectProcess(context, pendingReq));
+    
+  }
+  
+  @Test
+  public void unknownServiceProvider() {    
+    assertNull("wrong authModule selected",  module.selectProcess(context, pendingReq));
+    
+  }
+        
+  @Test
+  public void allowedServiceProviderAndRequested() {    
+    spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, "yyasdfasfsa2323");    
+    
+    assertEquals("wrong authmethod identifier", "DefaultAuthenticationWithEHVDInteraction", 
+        module.selectProcess(context, pendingReq));
+    
+  }
+  
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthSpringResourceProviderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthSpringResourceProviderTest.java
new file mode 100644
index 000000000..b584e8753
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthSpringResourceProviderTest.java
@@ -0,0 +1,56 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.apache.commons.io.IOUtils;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+import org.springframework.core.io.Resource;
+
+import at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthSpringResourceProvider;
+
+
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class EhvdServiceAuthSpringResourceProviderTest {
+
+  @Test
+  public void testSpringConfig() {
+    final EhvdServiceAuthSpringResourceProvider test =
+        new EhvdServiceAuthSpringResourceProvider();
+    for (final Resource el : test.getResourcesToLoad()) {
+      try {
+        IOUtils.toByteArray(el.getInputStream());
+
+      } catch (final IOException e) {
+        Assert.fail("Ressouce: " + el.getFilename() + " not found");
+      }
+
+    }
+
+    Assert.assertNotNull("no Name", test.getName());
+    Assert.assertNull("Find package definitions", test.getPackagesToScan());
+
+  }
+
+  @Test
+  public void testSpILoaderConfig() {
+    final InputStream el = this.getClass().getResourceAsStream(
+        "/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider");
+    try {
+      final String spiFile = IOUtils.toString(el, "UTF-8");
+
+      Assert.assertEquals("Wrong classpath in SPI file",
+          EhvdServiceAuthSpringResourceProvider.class.getName(), spiFile);
+
+
+    } catch (final IOException e) {
+      Assert.fail("Ressouce: '/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider' not found");
+
+    }
+  }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/InjectEhvdIdentityInformationTaskTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/InjectEhvdIdentityInformationTaskTest.java
new file mode 100644
index 000000000..45f7a8fc4
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/InjectEhvdIdentityInformationTaskTest.java
@@ -0,0 +1,131 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.fail;
+
+import java.io.IOException;
+import java.security.PublicKey;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.transform.TransformerException;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.util.Assert;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import org.w3c.dom.Element;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequestStorage;
+import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFParserException;
+import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.task.InjectEhvdInformationTask;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.TestUtils;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+    "/test_ehvd_service_auth.beans.xml" })
+public class InjectEhvdIdentityInformationTaskTest {
+
+  @Autowired InjectEhvdInformationTask task;
+  @Autowired DummyAuthConfigMap config;
+  @Autowired IRequestStorage storage;
+  
+  protected MockHttpServletRequest httpReq;
+  protected MockHttpServletResponse httpResp;
+  private ExecutionContext context;
+  private TestRequestImpl pendingReq;
+  private Map<String, String> spConfigMap;
+  
+  @Before
+  public void initialize() throws EAAFParserException {
+    httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
+    httpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+    
+    context = new ExecutionContextImpl();
+
+    spConfigMap = new HashMap<>();
+    spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10));
+    
+    ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config);    
+    pendingReq = new TestRequestImpl();
+    pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setSpConfig(spConfig);
+        
+    // re-set config
+    config.putConfigValue("modules.dummyauth.enabled", String.valueOf(true));
+    
+    //inject identityLink
+    final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(
+        AuthenticationSessionWrapper.class);    
+    moaSession.setIdentityLink(TestUtils.generateDummyIdl(
+        RandomStringUtils.randomAlphanumeric(10), 
+        EAAFConstants.URN_PREFIX_BASEID));
+    
+  }
+
+  @Test
+  public void noIdentityLinkInSession() {
+    final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(
+        AuthenticationSessionWrapper.class);
+    moaSession.setIdentityLink(null);
+    
+    try {
+      task.execute(pendingReq, context);
+      fail("wrong state not detected");
+      
+    } catch (TaskExecutionException e) {
+      Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion");     
+      assertEquals("wrong errorCode", "process.04", ((EAAFException) e.getOriginalException()).getErrorId());
+      
+    }        
+  }
+  
+    
+  @Test
+  public void validateState() throws TaskExecutionException, PendingReqIdValidationException {
+    
+    task.execute(pendingReq, context);
+    
+    // validate state
+    IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
+    assertNotNull("pendingReq not stored", storedReq);
+    
+    final AuthenticationSessionWrapper moaSession = storedReq.getSessionData(
+        AuthenticationSessionWrapper.class);
+    
+    assertFalse("foreign", moaSession.isForeigner());
+    assertFalse("mandate", moaSession.isMandateUsed());    
+    assertEquals("missing attributes", 1, moaSession.getGenericSessionDataStorage().size());
+            
+  }
+  
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java
new file mode 100644
index 000000000..df02c6f4e
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java
@@ -0,0 +1,124 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.PvpRoleAttributeBuilder;
+import at.gv.egovernment.moa.id.data.AuthenticationRole;
+import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+    "/test_ehvd_service_auth.beans.xml" })
+public class PvpRoleAttributeBuilderTest {
+
+  @Autowired
+  private IConfiguration basicConfig;
+  
+  private PvpRoleAttributeBuilder toTest = new PvpRoleAttributeBuilder();
+  private IAttributeGenerator<String> g = new SimpleStringAttributeGenerator();
+  private ISPConfiguration oaParam;
+
+   
+  @Before
+  public void initialize() {
+    oaParam = new DummySPConfiguration(Collections.emptyMap(), basicConfig);
+    
+  }
+  
+  @Test
+  public void checkName() {    
+    assertEquals("wrong attr. name", "urn:oid:1.2.40.0.10.2.1.1.261.30", toTest.getName());
+    
+  }
+  
+  @Test
+  public void checkEmptyAttribute() {    
+    assertNull("wrong empty attr.", toTest.buildEmpty(g));
+    
+  }
+  
+  @Test
+  public void wrongAuthData() throws AttributeBuilderException {            
+    IAuthData authData = new AuthenticationData();       
+    assertNull("wrong attr. value", toTest.build(oaParam, authData, g));
+    
+  }
+  
+  public void noRoles() throws AttributeBuilderException {            
+    IAuthData authData = generateAuthData(null);       
+    assertNull("wrong attr. value", toTest.build(oaParam, authData, g));
+    
+  }
+  
+  @Test
+  public void emptyRoles() throws AttributeBuilderException {            
+    IAuthData authData = generateAuthData(Collections.emptyList());       
+    assertNull("wrong attr. value", toTest.build(oaParam, authData, g));
+    
+  }
+
+  @Test
+  public void randomRoles() throws AttributeBuilderException {            
+    String role1 = RandomStringUtils.randomAlphabetic(5);
+    String role2 = RandomStringUtils.randomAlphabetic(5);
+    String role3 = RandomStringUtils.randomAlphabetic(5);
+    String role4 = RandomStringUtils.randomAlphabetic(5);
+    
+    IAuthData authData = generateAuthData(Arrays.asList(
+        new AuthenticationRole(role1, role1), 
+        new AuthenticationRole(role2, role2),
+        new AuthenticationRole(role3, role3 + "()"),
+        new AuthenticationRole(role4, role4 + "(\"aaa\"=\"bbb\")")
+        ));       
+    
+    // perform test
+    String attrValue = toTest.build(oaParam, authData, g);
+    
+    // validate state
+    assertNotNull("wrong attr. value", attrValue);
+    
+    String[] el = attrValue.split(";");
+    assertEquals("wrong role count", 4, el.length);
+    assertEquals("wrong 1. role", role1, el[0]);
+    assertEquals("wrong 2. role", role2, el[1]);
+    assertEquals("wrong 3. role", role3 + "()", el[2]);
+    assertEquals("wrong 4. role", role4 + "(\"aaa\"=\"bbb\")", el[3]);
+    
+    
+  }
+  
+  private IAuthData generateAuthData(List<AuthenticationRole> roles) {
+    MOAAuthenticationData authData = new MOAAuthenticationData(null);
+    if (roles != null) {
+      roles.forEach(el -> authData.addAuthenticationRole(el));
+      
+    }
+    
+    return authData;
+    
+  }
+  
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/DummyAuthConfigMap.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/DummyAuthConfigMap.java
new file mode 100644
index 000000000..865cf7157
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/DummyAuthConfigMap.java
@@ -0,0 +1,136 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
+/**
+ * Dummy Application-configuration implementation for jUnit tests.
+ *
+ * @author tlenz
+ *
+ */
+public class DummyAuthConfigMap implements IConfigurationWithSP {
+
+  private Map<String, String> config = new HashMap<>();
+  
+  public DummyAuthConfigMap() {
+    
+  }
+  
+  /**
+   * Dummy Application-configuration.
+   *
+   * @param configIs Property based configuration
+   * @throws IOException In case of an configuration read error
+   */
+  public DummyAuthConfigMap(final InputStream configIs) throws IOException {
+
+    final Properties props = new Properties();
+    props.load(configIs);
+
+    config = KeyValueUtils.convertPropertiesToMap(props);
+
+  }
+
+  /**
+   * Dummy Application-configuration.
+   *
+   * @param path Path to property based configuration
+   * @throws IOException In case of an configuration read error
+   */
+  public DummyAuthConfigMap(final String path) throws IOException {
+
+    final Properties props = new Properties();
+    props.load(this.getClass().getResourceAsStream(path));
+
+    config = KeyValueUtils.convertPropertiesToMap(props);
+
+  }
+
+
+  @Override
+  public String getBasicConfiguration(final String key) {
+    return config.get(key);
+
+  }
+
+  @Override
+  public String getBasicConfiguration(final String key, final String defaultValue) {
+    final String value = getBasicConfiguration(key);
+    if (StringUtils.isEmpty(value)) {
+      return defaultValue;
+    } else {
+      return value;
+    }
+
+  }
+
+  @Override
+  public Boolean getBasicConfigurationBoolean(final String key) {
+    final String value = getBasicConfiguration(key);
+    if (StringUtils.isEmpty(value)) {
+      return false;
+    } else {
+      return Boolean.valueOf(value);
+    }
+  }
+
+  @Override
+  public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue) {
+    return Boolean.parseBoolean(getBasicConfiguration(key, String.valueOf(defaultValue)));
+
+  }
+
+  @Override
+  public Map<String, String> getBasicConfigurationWithPrefix(final String prefix) {
+    return KeyValueUtils.getSubSetWithPrefix(config, prefix);
+
+  }
+
+  @Override
+  public ISPConfiguration getServiceProviderConfiguration(final String uniqueID)
+      throws EAAFConfigurationException {
+    return null;
+  }
+
+  @Override
+  public <T> T getServiceProviderConfiguration(final String spIdentifier, final Class<T> decorator)
+      throws EAAFConfigurationException {
+    return null;
+  }
+
+  @Override
+  public URI getConfigurationRootDirectory() {
+    return new java.io.File(".").toURI();
+
+  }
+
+  @Override
+  public String validateIDPURL(final URL authReqUrl) throws EAAFException {
+    return null;
+  }
+
+  public void putConfigValue(final String key, final String value) {
+    config.put(key, value);
+  }
+
+  public void removeConfigValue(final String key) {
+    config.remove(key);
+
+  }
+
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/TestUtils.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/TestUtils.java
new file mode 100644
index 000000000..9ab52a27e
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/TestUtils.java
@@ -0,0 +1,150 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy;
+
+import java.io.IOException;
+import java.security.PublicKey;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+
+public class TestUtils {
+
+  public static IIdentityLink generateDummyIdl(String baseId, String baseIdType) {
+    return new IIdentityLink() {
+      
+      @Override
+      public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException {
+        // TODO Auto-generated method stub
+        
+      }
+      
+      @Override
+      public void setPublicKey(PublicKey[] publicKey) {
+        // TODO Auto-generated method stub
+        
+      }
+      
+      @Override
+      public void setPrPerson(Element prPerson) {
+        // TODO Auto-generated method stub
+        
+      }
+      
+      @Override
+      public void setIssueInstant(String issueInstant) {
+        // TODO Auto-generated method stub
+        
+      }
+      
+      @Override
+      public void setIdentificationValue(String identificationValue) {
+        // TODO Auto-generated method stub
+        
+      }
+      
+      @Override
+      public void setIdentificationType(String identificationType) {
+        // TODO Auto-generated method stub
+        
+      }
+      
+      @Override
+      public void setGivenName(String givenName) {
+        // TODO Auto-generated method stub
+        
+      }
+      
+      @Override
+      public void setFamilyName(String familyName) {
+        // TODO Auto-generated method stub
+        
+      }
+      
+      @Override
+      public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) {
+        // TODO Auto-generated method stub
+        
+      }
+      
+      @Override
+      public void setDateOfBirth(String dateOfBirth) {
+        // TODO Auto-generated method stub
+        
+      }
+      
+      @Override
+      public String getSerializedSamlAssertion() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public Element getSamlAssertion() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public PublicKey[] getPublicKey() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public Element getPrPerson() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public String getName() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public String getIssueInstant() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public String getIdentificationValue() {
+        return baseId;
+        
+      }
+      
+      @Override
+      public String getIdentificationType() {
+        return baseIdType;
+        
+      }
+      
+      @Override
+      public String getGivenName() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public String getFamilyName() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public Element[] getDsigReferenceTransforms() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+      
+      @Override
+      public String getDateOfBirth() {
+        // TODO Auto-generated method stub
+        return null;
+      }
+    };
+  }
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AttributeBuilderRegistrationTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AttributeBuilderRegistrationTest.java
new file mode 100644
index 000000000..5ff8ffba7
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AttributeBuilderRegistrationTest.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test.utils;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.xml.ConfigurationException;
+
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap;
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class AttributeBuilderRegistrationTest {
+
+  @BeforeClass
+  public static void classInitializer() throws ConfigurationException {
+    EAAFDefaultSAML2Bootstrap.bootstrap();
+    
+  }
+  
+  @Test
+  public void checkRegistratedAttributeBuilder() {
+    
+    List<Attribute> supportedAttributes = PVPAttributeBuilder.buildSupportedEmptyAttributes();
+    
+    assertFalse("Registered Attribute-Builder is empty", supportedAttributes.isEmpty());
+    assertTrue("No role attribute registrated", supportedAttributes.stream()
+        .filter(el -> PVPAttributeDefinitions.ROLES_NAME.equals(el.getName()))
+        .findFirst()
+        .isPresent());
+        
+  }
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AuthenticationRoleFactoryTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AuthenticationRoleFactoryTest.java
new file mode 100644
index 000000000..6d39b926e
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AuthenticationRoleFactoryTest.java
@@ -0,0 +1,65 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test.utils;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+
+import at.gv.egovernment.moa.id.data.AuthenticationRole;
+import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class AuthenticationRoleFactoryTest {
+
+  @Test
+  public void simpleRole() {    
+    String role = RandomStringUtils.randomAlphabetic(5);
+    
+    AuthenticationRole toCheck = AuthenticationRoleFactory.buildFormPVPole(role);
+    
+    assertEquals("wrong role name", role, toCheck.getRoleName());
+    assertEquals("wrong raw role", role, toCheck.getRawRoleString());
+    assertNull("wrong role attr", toCheck.getParams());
+       
+  }
+  
+  @Test
+  public void complexeRoleEmptyParams() {    
+    String role = RandomStringUtils.randomAlphabetic(5);
+    String fullRole = role + "()";
+    
+    AuthenticationRole toCheck = AuthenticationRoleFactory.buildFormPVPole(fullRole);
+    
+    assertEquals("wrong role name", role, toCheck.getRoleName());
+    assertEquals("wrong raw role", fullRole, toCheck.getRawRoleString());
+    assertNull("wrong role attr", toCheck.getParams());
+       
+  }
+  
+  @Test
+  public void complexeRoleWithParams() {
+    String p1 = RandomStringUtils.randomAlphabetic(5);
+    String v1 = RandomStringUtils.randomAlphabetic(5);
+    String p2 = RandomStringUtils.randomAlphabetic(5);
+    String v2 = RandomStringUtils.randomAlphabetic(5);
+    
+    String role = RandomStringUtils.randomAlphabetic(5);
+    String fullRole = role + "(\"" 
+        + p1 + "\"=\"" + v1 + "\"," 
+        + p2 + "\"=\"" + v2 + "\""
+        +")";
+    
+    AuthenticationRole toCheck = AuthenticationRoleFactory.buildFormPVPole(fullRole);
+    
+    assertEquals("wrong role name", role, toCheck.getRoleName());
+    assertEquals("wrong raw role", fullRole, toCheck.getRawRoleString());
+    assertNotNull("wrong role attr", toCheck.getParams());
+    assertEquals("wrong param size", 2, toCheck.getParams().size());
+           
+  }
+  
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java
new file mode 100644
index 000000000..399980dbf
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java
@@ -0,0 +1,55 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test.utils;
+
+import static org.junit.Assert.assertEquals;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.IStatusMessenger;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({"/test_ehvd_service_messager_auth.beans.xml"})
+public class MoaStatusMessagerTest {
+
+  @Autowired IStatusMessenger messager;
+  
+  
+  @Test
+  public void checkErrorCodeMapper() {        
+    assertEquals("default errorcode", "9199", 
+        messager.getResponseErrorCode(new NullPointerException()));
+
+    
+    assertEquals("new errorCode file", "aabbccdd", 
+        messager.mapInternalErrorToExternalError("test.01"));    
+    assertEquals("new errorCode file", "zzzyyyxxx", 
+        messager.mapInternalErrorToExternalError("test.02"));
+        
+    assertEquals("existing errorCode file", "4401", 
+        messager.mapInternalErrorToExternalError("auth.34"));
+    assertEquals("existing errorCode file", "1101", 
+        messager.mapInternalErrorToExternalError("parser.07"));
+          
+  }
+  
+  @Test
+  public void checkErrorMessages() {
+    assertEquals("new error msg", 
+        "GDA Status inaktiv", messager.getMessage("ehvd.00", null));
+    assertEquals("new error msg", 
+        "Allgemeiner Fehler bei der Abfrage des EHVD Service", messager.getMessage("ehvd.99", null));
+    
+    
+    assertEquals("existing error msg", 
+        "Zertifikat konnte nicht ausgelesen werden.", messager.getMessage("auth.14", null));
+    assertEquals("existing error msg", 
+        "\"Issuer\" im AUTH-Block nicht vorhanden.", messager.getMessage("validator.32", null));
+    
+  }
+  
+  
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties
new file mode 100644
index 000000000..bc71dc6ab
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties
@@ -0,0 +1,5 @@
+modules.ehvd.enabled=true
+modules.ehvd.sp.1=aaabbccddeeffgg
+modules.ehvd.sp.2=yyasdfasfsa2323
+modules.ehvd.sp.3=
+modules.ehvd.sp.4=435344534egewgegf
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config2.properties b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config2.properties
new file mode 100644
index 000000000..4e666c204
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config2.properties
@@ -0,0 +1,4 @@
+modules.ehvd.enabled=false
+modules.ehvd.sp.1=aaabbccddeeffgg
+modules.ehvd.sp.2=yyasdfasfsa2323
+modules.ehvd.sp.3=435344534egewgegf
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth.beans.xml
new file mode 100644
index 000000000..b499ad395
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth.beans.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:aop="http://www.springframework.org/schema/aop"
+	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+	<import resource="classpath:/SpringTest-context_authManager.xml" />	
+	<import resource="classpath:/moaid_ehvd_service_auth.beans.xml" />
+
+	<bean id="dummyConfig" class="at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap">
+		<constructor-arg name="path" value="/config/config1.properties" />
+	</bean>
+ 																												
+</beans>
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth_lazy.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth_lazy.beans.xml
new file mode 100644
index 000000000..7116034b7
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth_lazy.beans.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:aop="http://www.springframework.org/schema/aop"
+	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+	<import resource="classpath:/SpringTest-context_authManager.xml" />	
+
+	<bean id="dummyConfig" class="at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap">
+		<constructor-arg name="path" value="/config/config2.properties" />
+	</bean>
+ 		
+	<beans default-lazy-init="true">
+		<bean id="ehvdServiceAuthModule" class="at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthModule">
+			<property name="priority" value="4" />
+		</bean>
+ 					 		
+    </beans>																								
+</beans>
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_messager_auth.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_messager_auth.beans.xml
new file mode 100644
index 000000000..5d8e03fb5
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_messager_auth.beans.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:aop="http://www.springframework.org/schema/aop"
+	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+	<bean id="testMsgProvider" 
+		  class="at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider"/>
+ 																												
+</beans>
\ No newline at end of file
diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml
index c762cf51c..a5cf8bfa0 100644
--- a/id/server/modules/pom.xml
+++ b/id/server/modules/pom.xml
@@ -38,6 +38,7 @@
     <module>moa-id-module-AT_eIDAS_connector</module>
     <module>moa-id-module-E-ID_connector</module>    
     <module>moa-id-module-dummyAuth</module>
+    <module>moa-id-module-ehvd_integration</module>
     
   </modules>
 	
-- 
cgit v1.2.3