diff --git a/example/satosa/integration_test/commons.py b/example/satosa/integration_test/commons.py
index 5c18ef46..6dc70f6d 100644
--- a/example/satosa/integration_test/commons.py
+++ b/example/satosa/integration_test/commons.py
@@ -1,20 +1,18 @@
 import base64
+from bs4 import BeautifulSoup
 import datetime
 import requests
 from typing import Any, Literal
-from bs4 import BeautifulSoup
-from sd_jwt.holder import SDJWTHolder
 
 from pyeudiw.jwk import JWK
 from pyeudiw.jwt import DEFAULT_SIG_KTY_MAP, JWEHelper
 from pyeudiw.jwt.utils import decode_jwt_payload
-from pyeudiw.presentation_exchange.schemas.oid4vc_presentation_definition import PresentationDefinition
 from pyeudiw.sd_jwt import (
-    # _adapt_keys,
     import_ec,
     issue_sd_jwt,
     load_specification_from_yaml_string
 )
+from pyeudiw.storage.base_storage import TrustType
 from pyeudiw.storage.db_engine import DBEngine
 from pyeudiw.tests.federation.base import (
     EXP,
@@ -29,9 +27,11 @@
     leaf_wallet_signed,
     trust_chain_issuer
 )
+from sd_jwt.holder import SDJWTHolder
+from saml2_sp import saml2_request
 
-from saml2_sp import IDP_BASEURL
 from settings import (
+    IDP_BASEURL,
     CONFIG_DB,
     RP_EID,
     its_trust_chain
@@ -53,7 +53,6 @@
     "default_exp": 1024,
     "key_binding": True
 }
-ISSUER_PRIVATE_JWK = JWK(leaf_cred_jwk.serialize(private=True))
 WALLET_PRIVATE_JWK = JWK(leaf_wallet_jwk.serialize(private=True))
 WALLET_PUBLIC_JWK = JWK(leaf_wallet_jwk.serialize())
 
@@ -64,7 +63,7 @@ def setup_test_db_engine() -> DBEngine:
 
 def apply_trust_settings(db_engine_inst: DBEngine) -> DBEngine:
     db_engine_inst.add_trust_anchor(
-        entity_id=ta_ec['iss'],
+        entity_id=ta_ec["iss"],
         entity_configuration=ta_ec_signed,
         exp=EXP
     )
@@ -76,24 +75,32 @@ def apply_trust_settings(db_engine_inst: DBEngine) -> DBEngine:
     )
 
     db_engine_inst.add_or_update_trust_attestation(
-        entity_id=leaf_wallet['iss'],
+        entity_id=leaf_wallet["iss"],
         attestation=leaf_wallet_signed,
         exp=datetime.datetime.now().isoformat()
     )
 
     db_engine_inst.add_or_update_trust_attestation(
-        entity_id=leaf_cred['iss'],
+        entity_id=leaf_cred["iss"],
         attestation=leaf_cred_signed,
         exp=datetime.datetime.now().isoformat()
     )
+
+    settings = ISSUER_CONF
+    db_engine_inst.add_or_update_trust_attestation(
+            entity_id=settings["issuer"],
+            trust_type=TrustType.DIRECT_TRUST_SD_JWT_VC,
+            jwks=leaf_cred_jwk_prot.serialize())
     return db_engine_inst
 
+def create_saml_auth_request() -> str:
+    auth_req_url = f"{saml2_request["headers"][0][1]}&idp_hinting=wallet"
+    return auth_req_url
 
 def create_issuer_test_data() -> dict[Literal["jws"] | Literal["issuance"], str]:
     # create a SD-JWT signed by a trusted credential issuer
     settings = ISSUER_CONF
-    settings['issuer'] = leaf_cred['iss']
-    settings['default_exp'] = 33
+    settings["default_exp"] = 33
     sd_specification = load_specification_from_yaml_string(
         settings["sd_specification"]
     )
@@ -103,13 +110,12 @@ def create_issuer_test_data() -> dict[Literal["jws"] | Literal["issuance"], str]
         settings,
         CREDENTIAL_ISSUER_JWK,
         WALLET_PUBLIC_JWK,
-        trust_chain=trust_chain_issuer,
         additional_headers={"typ": "vc+sd-jwt"}
     )
     return issued_jwt
 
 
-def create_holder_test_data(issued_jwt: dict[Literal["jws"] | Literal["issuance"], str], request_nonce: str, verifier_id: str) -> str:
+def create_holder_test_data(issued_jwt: dict[Literal["jws"] | Literal["issuance"], str], request_nonce: str, request_aud: str) -> str:
     settings = ISSUER_CONF
 
     sdjwt_at_holder = SDJWTHolder(
@@ -118,12 +124,12 @@ def create_holder_test_data(issued_jwt: dict[Literal["jws"] | Literal["issuance"
     )
     sdjwt_at_holder.create_presentation(
         claims_to_disclose={
-            'tax_id_code': "TINIT-XXXXXXXXXXXXXXXX",
-            'given_name': 'Mario',
-            'family_name': 'Rossi'
+            "tax_id_code": True,
+            "given_name": True,
+            "family_name": True
         },
         nonce=request_nonce,
-        aud=verifier_id,
+        aud=request_aud,
         sign_alg=DEFAULT_SIG_KTY_MAP[WALLET_PRIVATE_JWK.key.kty],
         holder_key=(
             import_ec(
@@ -138,19 +144,17 @@ def create_holder_test_data(issued_jwt: dict[Literal["jws"] | Literal["issuance"
     vp_token = sdjwt_at_holder.sd_jwt_presentation
     return vp_token
 
-
-def create_authorize_response(vp_token: str, state: str, nonce: str, response_uri: str) -> str:
-    # take relevant information from RP's entity configuration
+def create_authorize_response(vp_token: str, state: str, response_uri: str) -> str:
+    # Extract public key from RP's entity configuration
     client = requests.Session()
     rp_ec_jwt = client.get(
-        f'{IDP_BASEURL}/OpenID4VP/.well-known/openid-federation',
+        f"{IDP_BASEURL}/OpenID4VP/.well-known/openid-federation",
         verify=False
     ).content.decode()
     rp_ec = decode_jwt_payload(rp_ec_jwt)
 
-    presentation_definition = rp_ec["metadata"]["wallet_relying_party"]["presentation_definition"]
-    PresentationDefinition(**presentation_definition)
-    assert response_uri == rp_ec["metadata"]['wallet_relying_party']["response_uris_supported"][0]
+    assert response_uri == rp_ec["metadata"]["wallet_relying_party"]["response_uris_supported"][0]
+    encryption_key = rp_ec["metadata"]["wallet_relying_party"]["jwks"]["keys"][1]
 
     response = {
         "state": state,
@@ -169,8 +173,8 @@ def create_authorize_response(vp_token: str, state: str, nonce: str, response_ur
         }
     }
     encrypted_response = JWEHelper(
-        # RSA (EC is not fully supported todate)
-        JWK(rp_ec["metadata"]['wallet_relying_party']['jwks']['keys'][1])
+        # RSA (EC is not fully supported to date)
+        JWK(encryption_key)
     ).encrypt(response)
     return encrypted_response
 
diff --git a/example/satosa/integration_test/cross_device_integration_test.py b/example/satosa/integration_test/cross_device_integration_test.py
index c1257682..4b2034d5 100644
--- a/example/satosa/integration_test/cross_device_integration_test.py
+++ b/example/satosa/integration_test/cross_device_integration_test.py
@@ -1,31 +1,27 @@
-import urllib.parse
-import requests
-import urllib
 from bs4 import BeautifulSoup
 import re
+import requests
+import urllib.parse
 
 from pyeudiw.jwt.utils import decode_jwt_payload
 
 from commons import (
     ISSUER_CONF,
+    setup_test_db_engine,
     apply_trust_settings,
+    create_saml_auth_request,
     create_authorize_response,
     create_holder_test_data,
     create_issuer_test_data,
-    extract_saml_attributes,
-    setup_test_db_engine,
+    extract_saml_attributes
 )
-from saml2_sp import saml2_request
 from settings import TIMEOUT_S
 
+# put a trust attestation related itself into the storage
+# this is then used as trust_chain header parameter in the signed request object
 db_engine_inst = setup_test_db_engine()
 db_engine_inst = apply_trust_settings(db_engine_inst)
 
-headers_browser = {
-    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.79 Safari/537.36"
-}
-
-
 def _verify_status(status_uri: str, expected_code: int):
     status_check = http_user_agent.get(
         status_uri,
@@ -38,16 +34,16 @@ def _verify_status(status_uri: str, expected_code: int):
 def _extract_request_uri(bs: BeautifulSoup) -> str:
     # Request URI is extracted by parsing the QR code in the response page
     qrcode_element = list(bs.find(id="content-qrcode-payload").children)[1]
-    qrcode_text = qrcode_element.get('contents')
-    request_uri = urllib.parse.parse_qs(qrcode_text)['request_uri'][0]
+    qrcode_text = qrcode_element.get("contents")
+    request_uri = urllib.parse.parse_qs(qrcode_text)["request_uri"][0]
     return request_uri
 
 
 def _extract_status_uri(bs: BeautifulSoup) -> str:
     # Status uri is extracted by parsing a matching regexp in the <script> portion of the HTML.
     # This funciton is somewhat unstable as it supposes that "qr_code.html" has certain properties
-    #  which might not be true.
-    qrcode_script_element: str = bs.find_all('script')[-1].string
+    # which might not be true.
+    qrcode_script_element: str = bs.find_all("script")[-1].string
     qrcode_script_element_formatted = [item.strip() for item in qrcode_script_element.splitlines()]
     qrcode_script_element_formatted = str.join("", qrcode_script_element_formatted)
 
@@ -61,16 +57,18 @@ def _extract_status_uri(bs: BeautifulSoup) -> str:
 http_user_agent = requests.Session()
 wallet_user_agent = requests.Session()
 
-initiating_saml_request_uri = f"{saml2_request['headers'][0][1]}&idp_hinting=wallet"
+auth_req_url = create_saml_auth_request()
+headers_browser = {
+    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.79 Safari/537.36"
+}
 request_uri = ""
 authn_response = http_user_agent.get(
-    url=initiating_saml_request_uri,
+    url=auth_req_url,
     verify=False,
     headers=headers_browser,
     timeout=TIMEOUT_S
 )
 
-
 # Extract request URI and status endpoint by parsing the response page
 qrcode_page = BeautifulSoup(authn_response.content.decode(), features="html.parser")
 request_uri = _extract_request_uri(qrcode_page)
@@ -85,7 +83,7 @@ def _extract_status_uri(bs: BeautifulSoup) -> str:
     timeout=TIMEOUT_S)
 
 request_object_claims = decode_jwt_payload(sign_request_obj.text)
-response_uri = request_object_claims['response_uri']
+response_uri = request_object_claims["response_uri"]
 
 # Wallet obtained the Request Object; verify that status is 202
 _verify_status(status_uri, expected_code=202)
@@ -94,25 +92,24 @@ def _extract_status_uri(bs: BeautifulSoup) -> str:
 verifiable_credential = create_issuer_test_data()
 verifiable_presentations = create_holder_test_data(
     verifiable_credential,
-    request_object_claims['nonce'],
-    request_object_claims['client_id']
+    request_object_claims["nonce"],
+    request_object_claims["client_id"]
 )
 wallet_response_data = create_authorize_response(
     verifiable_presentations,
     request_object_claims["state"],
-    request_object_claims["nonce"],
     response_uri
 )
 
-authz_response_feedback = wallet_user_agent.post(
+authz_response = wallet_user_agent.post(
     response_uri,
     verify=False,
-    data={'response': wallet_response_data},
+    data={"response": wallet_response_data},
     timeout=TIMEOUT_S
 )
 
-assert authz_response_feedback.status_code == 200
-assert authz_response_feedback.json().get("redirect_uri", None) is None
+assert authz_response.status_code == 200
+assert authz_response.json().get("redirect_uri", None) is None
 
 status_check = http_user_agent.get(
     status_uri,
@@ -122,15 +119,15 @@ def _extract_status_uri(bs: BeautifulSoup) -> str:
 assert status_check.status_code == 200
 assert status_check.json().get("redirect_uri", None) is not None
 
-callback_uri = status_check.json().get("redirect_uri", None)
 # TODO: this test does not check that the login page is properly updated with a login button linkint to the redirect uri
+callback_uri = status_check.json().get("redirect_uri", None)
 satosa_authn_response = http_user_agent.get(
     callback_uri,
     verify=False,
     timeout=TIMEOUT_S
 )
 
-assert 'SAMLResponse' in satosa_authn_response.content.decode()
+assert "SAMLResponse" in satosa_authn_response.content.decode()
 print(satosa_authn_response.content.decode())
 
 attributes = extract_saml_attributes(satosa_authn_response.content.decode())
@@ -139,9 +136,9 @@ def _extract_status_uri(bs: BeautifulSoup) -> str:
 
 expected = {
     # https://oidref.com/2.5.4.42
-    "urn:oid:2.5.4.42": ISSUER_CONF['sd_specification'].split('!sd given_name:')[1].split('"')[1].lower(),
+    "urn:oid:2.5.4.42": ISSUER_CONF["sd_specification"].split("!sd given_name:")[1].split('"')[1].lower(),
     # https://oidref.com/2.5.4.4
-    "urn:oid:2.5.4.4": ISSUER_CONF['sd_specification'].split('!sd family_name:')[1].split('"')[1].lower()
+    "urn:oid:2.5.4.4": ISSUER_CONF["sd_specification"].split("!sd family_name:")[1].split('"')[1].lower()
 }
 
 for exp_att_name, exp_att_value in expected.items():
@@ -155,4 +152,4 @@ def _extract_status_uri(bs: BeautifulSoup) -> str:
     assert exp_att_value == obt_att_value, f"wrong attrirbute parsing expected {exp_att_value}, obtained {obt_att_value}"
 
 
-print('TEST PASSED')
+print("TEST PASSED")
diff --git a/example/satosa/integration_test/main.py b/example/satosa/integration_test/main.py
deleted file mode 100644
index 358e1d87..00000000
--- a/example/satosa/integration_test/main.py
+++ /dev/null
@@ -1,310 +0,0 @@
-import json
-import requests
-import urllib
-import datetime
-import base64
-from bs4 import BeautifulSoup
-import unittest.mock
-
-from pyeudiw.jwt import DEFAULT_SIG_KTY_MAP
-from pyeudiw.presentation_exchange.schemas.oid4vc_presentation_definition import PresentationDefinition
-from pyeudiw.tests.federation.base import (
-    EXP,
-    leaf_cred,
-    leaf_cred_jwk,
-    leaf_wallet_jwk,
-    leaf_wallet,
-    leaf_wallet_signed,
-    trust_chain_issuer,
-    ta_ec,
-    ta_ec_signed,
-    leaf_cred_signed, leaf_cred_jwk_prot
-)
-
-from pyeudiw.jwk import JWK
-from pyeudiw.jwt import JWSHelper, JWEHelper
-from pyeudiw.sd_jwt import (
-    load_specification_from_yaml_string,
-    issue_sd_jwt,
-    _adapt_keys,
-    import_ec
-)
-from pyeudiw.storage.db_engine import DBEngine
-from pyeudiw.jwt.utils import decode_jwt_payload
-
-from saml2_sp import saml2_request, IDP_BASEURL
-from sd_jwt.holder import SDJWTHolder
-
-from settings import (
-    CONFIG_DB,
-    RP_EID,
-    its_trust_chain
-)
-
-TIMEOUT_S = 4
-
-# put a trust attestation related itself into the storage
-# this then is used as trust_chain header paramenter in the signed
-# request object
-db_engine_inst = DBEngine(CONFIG_DB)
-
-# STORAGE ####
-db_engine_inst.add_trust_anchor(
-    entity_id=ta_ec['iss'],
-    entity_configuration=ta_ec_signed,
-    exp=EXP
-)
-
-db_engine_inst.add_or_update_trust_attestation(
-    entity_id=RP_EID,
-    attestation=its_trust_chain,
-    exp=datetime.datetime.now().isoformat()
-)
-
-db_engine_inst.add_or_update_trust_attestation(
-    entity_id=leaf_wallet['iss'],
-    attestation=leaf_wallet_signed,
-    exp=datetime.datetime.now().isoformat()
-)
-
-db_engine_inst.add_or_update_trust_attestation(
-    entity_id=leaf_cred['iss'],
-    attestation=leaf_cred_signed,
-    exp=datetime.datetime.now().isoformat()
-)
-
-req_url = f"{saml2_request['headers'][0][1]}&idp_hinting=wallet"
-headers_mobile = {
-    'User-Agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B137 Safari/601.1'
-}
-request_uri = ''
-
-# initialize the user-agent
-http_user_agent = requests.Session()
-
-try:
-    authn_response = http_user_agent.get(
-        url=req_url,
-        verify=False,
-        headers=headers_mobile,
-        timeout=TIMEOUT_S
-    )
-except requests.exceptions.InvalidSchema as e:
-    request_uri = urllib.parse.unquote_plus(
-        e.args[0].split("request_uri="
-                        )[1][:-1]
-    )
-
-WALLET_PRIVATE_JWK = JWK(leaf_wallet_jwk.serialize(private=True))
-WALLET_PUBLIC_JWK = JWK(leaf_wallet_jwk.serialize())
-jwshelper = JWSHelper(WALLET_PRIVATE_JWK)
-
-sign_request_obj = http_user_agent.get(
-    request_uri,
-    verify=False,
-    timeout=TIMEOUT_S)
-print(sign_request_obj.text)
-
-response_uri = decode_jwt_payload(sign_request_obj.text)[
-    'response_uri']
-
-# create a SD-JWT signed by a trusted credential issuer
-issuer_jwk = leaf_cred_jwk
-
-ISSUER_CONF = {
-    "sd_specification": """
-        !sd unique_id: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
-        !sd given_name: "Mario"
-        !sd family_name: "Rossi"
-        !sd birthdate: "1980-01-10"
-        !sd place_of_birth:
-            country: "IT"
-            locality: "Rome"
-        !sd tax_id_code: "TINIT-XXXXXXXXXXXXXXXX"
-    """,
-    "issuer": leaf_cred['sub'],
-    "default_exp": 1024,
-    "key_binding": True
-}
-settings = ISSUER_CONF
-settings['issuer'] = leaf_cred['iss']
-settings['default_exp'] = 33
-
-sd_specification = load_specification_from_yaml_string(
-    settings["sd_specification"]
-)
-
-ISSUER_PRIVATE_JWK = JWK(leaf_cred_jwk.serialize(private=True))
-
-CREDENTIAL_ISSUER_JWK = JWK(leaf_cred_jwk_prot.serialize(private=True))
-
-issued_jwt = issue_sd_jwt(
-    sd_specification,
-    settings,
-    CREDENTIAL_ISSUER_JWK,
-    WALLET_PUBLIC_JWK,
-    trust_chain=trust_chain_issuer,
-    additional_headers={"typ": "vc+sd-jwt"}
-)
-
-adapted_keys = _adapt_keys(
-    issuer_key=ISSUER_PRIVATE_JWK,
-    holder_key=WALLET_PUBLIC_JWK,
-)
-
-sdjwt_at_holder = SDJWTHolder(
-    issued_jwt["issuance"],
-    serialization_format="compact",
-)
-
-red_data = decode_jwt_payload(sign_request_obj.text)
-req_nonce = red_data["nonce"]
-verifier_id = red_data["client_id"]
-
-sdjwt_at_holder.create_presentation(
-    claims_to_disclose={
-        'tax_id_code': "TINIT-XXXXXXXXXXXXXXXX",
-        'given_name': 'Mario',
-        'family_name': 'Rossi'
-    },
-    nonce=req_nonce,
-    aud=verifier_id,
-    sign_alg=DEFAULT_SIG_KTY_MAP[WALLET_PRIVATE_JWK.key.kty],
-    holder_key=(
-        import_ec(
-            WALLET_PRIVATE_JWK.key.priv_key,
-            kid=WALLET_PRIVATE_JWK.kid
-        )
-        if settings.get("key_binding", False)
-        else None
-    )
-)
-
-vp_token = sdjwt_at_holder.sd_jwt_presentation
-
-# As it was with the VP envelope
-# red_data = decode_jwt_payload(sign_request_obj.text)
-# req_nonce = red_data['nonce']
-
-# data = {
-#     "iss": "https://wallet-provider.example.org/instance/vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c",
-#     "jti": str(uuid.uuid4()),
-#     "aud": "https://relying-party.example.org/callback",
-#     "iat": iat_now(),
-#     "exp": exp_from_now(minutes=5),
-#     "nonce": req_nonce,
-#     "vp": sdjwt_at_holder.sd_jwt_presentation,
-# }
-
-# vp_token = JWSHelper(WALLET_PRIVATE_JWK).sign(
-#     data,
-#     protected={"typ": "JWT"}
-# )
-# End deprecated footprint VP envelop
-
-# intercept call to issuer jwk
-issuer_vct_md = {
-    "issuer": settings['issuer'],
-    "jwks": {"keys": [ISSUER_PRIVATE_JWK.as_dict()]}
-}
-jwt_vc_issuer_endpoint_response = requests.Response()
-jwt_vc_issuer_endpoint_response.status_code = 200
-jwt_vc_issuer_endpoint_response.headers.update({"Content-Type": "application/json"})
-jwt_vc_issuer_endpoint_response._content = json.dumps(issuer_vct_md).encode('utf-8')
-patcher = unittest.mock.patch("pyeudiw.vci.jwks_provider.get_http_url", return_value=[issuer_vct_md])
-patcher.start()  # TODO: this does not works!!
-
-# take relevant information from RP's EC
-# rp_ec_jwt = http_user_agent.get(
-#     f'{IDP_BASEURL}/OpenID4VP/.well-known/openid-federation',
-#     verify=False
-# ).content.decode()
-# rp_ec = decode_jwt_payload(rp_ec_jwt)
-
-# presentation_definition = rp_ec["metadata"]["wallet_relying_party"]["presentation_definition"]
-# encryption_key = rp_ec["metadata"]['wallet_relying_party']['jwks']['keys'][1]
-# PresentationDefinition(**presentation_definition)
-# assert response_uri == rp_ec["metadata"]['wallet_relying_party']["response_uris_supported"][0]
-
-response = {
-    "state": red_data['state'],
-    "vp_token": vp_token,
-    "presentation_submission": {
-        "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
-        "id": "04a98be3-7fb0-4cf5-af9a-31579c8b0e7d",
-        "descriptor_map": [
-            {
-                "id": "pid-sd-jwt:unique_id+given_name+family_name",
-                "path": "$.vp_token.verified_claims.claims._sd[0]",
-                "format": "vc+sd-jwt"
-            }
-        ],
-        "aud": response_uri
-    }
-}
-
-# This should be a public key provided somehow by the verifier/relying party, but as of now it is a private key granted by an angel
-encryption_key = {
-    "kty": "RSA",
-    "d": "QUZsh1NqvpueootsdSjFQz-BUvxwd3Qnzm5qNb-WeOsvt3rWMEv0Q8CZrla2tndHTJhwioo1U4NuQey7znijhZ177bUwPPxSW1r68dEnL2U74nKwwoYeeMdEXnUfZSPxzs7nY6b7vtyCoA-AjiVYFOlgKNAItspv1HxeyGCLhLYhKvS_YoTdAeLuegETU5D6K1xGQIuw0nS13Icjz79Y8jC10TX4FdZwdX-NmuIEDP5-s95V9DMENtVqJAVE3L-wO-NdDilyjyOmAbntgsCzYVGH9U3W_djh4t3qVFCv3r0S-DA2FD3THvlrFi655L0QHR3gu_Fbj3b9Ybtajpue_Q",
-    "e": "AQAB",
-    "use": "enc",
-    "kid": "9Cquk0X-fNPSdePQIgQcQZtD6J0IjIRrFigW2PPK_-w",
-    "n": "utqtxbs-jnK0cPsV7aRkkZKA9t4S-WSZa3nCZtYIKDpgLnR_qcpeF0diJZvKOqXmj2cXaKFUE-8uHKAHo7BL7T-Rj2x3vGESh7SG1pE0thDGlXj4yNsg0qNvCXtk703L2H3i1UXwx6nq1uFxD2EcOE4a6qDYBI16Zl71TUZktJwmOejoHl16CPWqDLGo9GUSk_MmHOV20m4wXWkB4qbvpWVY8H6b2a0rB1B1YPOs5ZLYarSYZgjDEg6DMtZ4NgiwZ-4N1aaLwyO-GLwt9Vf-NBKwoxeRyD3zWE2FXRFBbhKGksMrCGnFDsNl5JTlPjaM3kYyImE941ggcuc495m-Fw",
-    "p": "2zmGXIMCEHPphw778YjVTar1eycih6fFSJ4I4bl1iq167GqO0PjlOx6CZ1-OdBTVU7HfrYRiUK_BnGRdPDn-DQghwwkB79ZdHWL14wXnpB5y-boHz_LxvjsEqXtuQYcIkidOGaMG68XNT1nM4F9a8UKFr5hHYT5_UIQSwsxlRQ0",
-    "q": "2jMFt2iFrdaYabdXuB4QMboVjPvbLA-IVb6_0hSG_-EueGBvgcBxdFGIZaG6kqHqlB7qMsSzdptU0vn6IgmCZnX-Hlt6c5X7JB_q91PZMLTO01pbZ2Bk58GloalCHnw_mjPh0YPviH5jGoWM5RHyl_HDDMI-UeLkzP7ImxGizrM"
-}
-encrypted_response = JWEHelper(
-    # RSA (EC is not fully supported todate)
-    JWK(encryption_key)
-).encrypt(response)
-
-
-authz_response_ok = http_user_agent.post(
-    response_uri,
-    verify=False,
-    data={'response': encrypted_response},
-    timeout=TIMEOUT_S
-)
-assert 'redirect_uri' in authz_response_ok.content.decode()
-callback_uri = json.loads(authz_response_ok.content.decode())['redirect_uri']
-satosa_authn_response = http_user_agent.get(
-    callback_uri,
-    verify=False,
-    timeout=TIMEOUT_S
-)
-
-assert 'SAMLResponse' in satosa_authn_response.content.decode()
-print(satosa_authn_response.content.decode())
-
-soup = BeautifulSoup(satosa_authn_response.content.decode(), features="lxml")
-form = soup.find("form")
-assert "/saml2" in form["action"]
-input_tag = soup.find("input")
-assert input_tag["name"] == "SAMLResponse"
-
-lowered = base64.b64decode(input_tag["value"]).lower()
-value = BeautifulSoup(lowered, features="xml")
-attributes = value.find_all("saml:attribute")
-# expect to have a non-empty list of attributes
-assert attributes
-
-expected = {
-    # https://oidref.com/2.5.4.42
-    "urn:oid:2.5.4.42": ISSUER_CONF['sd_specification'].split('!sd given_name:')[1].split('"')[1].lower(),
-    # https://oidref.com/2.5.4.4
-    "urn:oid:2.5.4.4": ISSUER_CONF['sd_specification'].split('!sd family_name:')[1].split('"')[1].lower()
-}
-
-for exp_att_name, exp_att_value in expected.items():
-    result_index = -1
-    for i, attribute in enumerate(attributes):
-        if attribute["name"] == exp_att_name:
-            result_index = i
-            break
-    assert result_index != -1, f"missing attribute with name=[{exp_att_name}] in result set"
-    obt_att_value = attributes[result_index].contents[0].contents[0]
-    assert exp_att_value == obt_att_value, f"wrong attrirbute parsing expected {exp_att_value}, obtained {obt_att_value}"
-
-patcher.stop()
-print('test passed')
diff --git a/example/satosa/integration_test/same_device_integration_test.py b/example/satosa/integration_test/same_device_integration_test.py
new file mode 100644
index 00000000..d52cd447
--- /dev/null
+++ b/example/satosa/integration_test/same_device_integration_test.py
@@ -0,0 +1,111 @@
+import re
+import requests
+import urllib.parse
+
+from pyeudiw.jwt.utils import decode_jwt_payload
+
+from commons import (
+    ISSUER_CONF,
+    setup_test_db_engine,
+    apply_trust_settings,
+    create_saml_auth_request,
+    create_authorize_response,
+    create_holder_test_data,
+    create_issuer_test_data,
+    extract_saml_attributes
+)
+from settings import TIMEOUT_S
+
+# put a trust attestation related itself into the storage
+# this is then used as trust_chain header parameter in the signed request object
+db_engine_inst = setup_test_db_engine()
+db_engine_inst = apply_trust_settings(db_engine_inst)
+
+def _extract_request_uri(e: requests.exceptions.InvalidSchema) -> str:
+    request_uri = re.search(r'request_uri=(.*?)(?:\'|$)', urllib.parse.unquote_plus(e.args[0])).group(1)
+    return request_uri
+
+
+# initialize the user-agent
+http_user_agent = requests.Session()
+
+auth_req_url = create_saml_auth_request()
+headers_mobile = {
+    "User-Agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B137 Safari/601.1"
+}
+request_uri = ""
+
+try:
+    authn_response = http_user_agent.get(
+        url=auth_req_url,
+        verify=False,
+        headers=headers_mobile,
+        timeout=TIMEOUT_S
+    )
+except requests.exceptions.InvalidSchema as e:
+    request_uri = _extract_request_uri(e)
+
+sign_request_obj = http_user_agent.get(
+    request_uri,
+    verify=False,
+    timeout=TIMEOUT_S)
+
+request_object_claims = decode_jwt_payload(sign_request_obj.text)
+response_uri = request_object_claims["response_uri"]
+
+# Provide an authentication response
+verifiable_credential = create_issuer_test_data()
+verifiable_presentations = create_holder_test_data(
+    verifiable_credential,
+    request_object_claims["nonce"],
+    request_object_claims["client_id"]
+)
+wallet_response_data = create_authorize_response(
+    verifiable_presentations,
+    request_object_claims["state"],
+    response_uri
+)
+
+authz_response = http_user_agent.post(
+    response_uri,
+    verify=False,
+    data={"response": wallet_response_data},
+    timeout=TIMEOUT_S
+)
+
+assert authz_response.status_code == 200
+assert authz_response.json().get("redirect_uri", None) is not None
+
+callback_uri = authz_response.json().get("redirect_uri", None)
+satosa_authn_response = http_user_agent.get(
+    callback_uri,
+    verify=False,
+    timeout=TIMEOUT_S
+)
+
+assert "SAMLResponse" in satosa_authn_response.content.decode()
+print(satosa_authn_response.content.decode())
+
+attributes = extract_saml_attributes(satosa_authn_response.content.decode())
+# expect to have a non-empty list of attributes
+assert attributes
+
+expected = {
+    # https://oidref.com/2.5.4.42
+    "urn:oid:2.5.4.42": ISSUER_CONF["sd_specification"].split("!sd given_name:")[1].split('"')[1].lower(),
+    # https://oidref.com/2.5.4.4
+    "urn:oid:2.5.4.4": ISSUER_CONF["sd_specification"].split("!sd family_name:")[1].split('"')[1].lower()
+}
+
+for exp_att_name, exp_att_value in expected.items():
+    result_index = -1
+    for i, attribute in enumerate(attributes):
+        if attribute["name"] == exp_att_name:
+            result_index = i
+            break
+    assert result_index != -1, f"missing attribute with name=[{exp_att_name}] in result set"
+    obt_att_value = attributes[result_index].contents[0].contents[0]
+    assert exp_att_value == obt_att_value, f"wrong attrirbute parsing expected {exp_att_value}, obtained {obt_att_value}"
+
+
+print("TEST PASSED")
diff --git a/example/satosa/integration_test/settings.py b/example/satosa/integration_test/settings.py
index 38ceb565..58082359 100644
--- a/example/satosa/integration_test/settings.py
+++ b/example/satosa/integration_test/settings.py
@@ -1,4 +1,3 @@
-
 from cryptojwt.jws.jws import JWS
 from cryptojwt.jwk.jwk import key_from_jwk_dict
 from pyeudiw.tests.federation.base import (
@@ -11,8 +10,8 @@
 
 from pyeudiw.tools.utils import iat_now, exp_from_now
 
-TIMEOUT_S = 4
-
+TIMEOUT_S = 10
+IDP_BASEURL = "https://localhost"
 RP_EID = "https://localhost/OpenID4VP"
 
 CONFIG_DB = {