From 821a62c92793bd8029192e0a51d7c18ffcc2ff5b Mon Sep 17 00:00:00 2001
From: Martin Othamar <martin.othamar@digdir.no>
Date: Wed, 10 Sep 2025 14:01:21 +0200
Subject: [PATCH 1/3] Simple signing integration test

---
 .../Signing/Simple.cs                         |  75 +++++
 ...ll_auth=SystemUser_0_Instance.verified.txt | 127 +++++++
 ...auth=SystemUser_1_ProcessNext.verified.txt |  74 ++++
 ...ystemUser_2_Download-Instance.verified.txt | 161 +++++++++
 ...SystemUser_3_Download-Data[0].verified.txt |  66 ++++
 ...SystemUser_4_Download-Data[1].verified.txt |  82 +++++
 ...uth=SystemUser_5_Download-PDF.verified.txt |  61 ++++
 ...s.Full_auth=SystemUser_6_Logs.verified.txt |  43 +++
 .../Operations/AppFixture.Instances.cs        |  38 ++-
 .../config/applicationmetadata.json           |  85 +++++
 .../config/authorization/policy.xml           | 318 ++++++++++++++++++
 .../config/process/process.bpmn               |  55 +++
 12 files changed, 1179 insertions(+), 6 deletions(-)
 create mode 100644 test/Altinn.App.Integration.Tests/Signing/Simple.cs
 create mode 100644 test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_0_Instance.verified.txt
 create mode 100644 test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_1_ProcessNext.verified.txt
 create mode 100644 test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_2_Download-Instance.verified.txt
 create mode 100644 test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_3_Download-Data[0].verified.txt
 create mode 100644 test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_4_Download-Data[1].verified.txt
 create mode 100644 test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_5_Download-PDF.verified.txt
 create mode 100644 test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_6_Logs.verified.txt
 create mode 100644 test/Altinn.App.Integration.Tests/_testapps/basic/_scenarios/signing-simple/config/applicationmetadata.json
 create mode 100644 test/Altinn.App.Integration.Tests/_testapps/basic/_scenarios/signing-simple/config/authorization/policy.xml
 create mode 100644 test/Altinn.App.Integration.Tests/_testapps/basic/_scenarios/signing-simple/config/process/process.bpmn

diff --git a/test/Altinn.App.Integration.Tests/Signing/Simple.cs b/test/Altinn.App.Integration.Tests/Signing/Simple.cs
new file mode 100644
index 0000000000..96a4bf601e
--- /dev/null
+++ b/test/Altinn.App.Integration.Tests/Signing/Simple.cs
@@ -0,0 +1,75 @@
+using Altinn.App.Api.Models;
+using Altinn.Platform.Storage.Interface.Models;
+using Xunit.Abstractions;
+
+namespace Altinn.App.Integration.Tests.Singning;
+
+[Trait("Category", "Integration")]
+public class SimpleTests(ITestOutputHelper _output, AppFixtureClassFixture _classFixture)
+    : IClassFixture<AppFixtureClassFixture>
+{
+    public enum Auth
+    {
+        OldUser,
+        OldServiceOwner,
+        User,
+        ServiceOwner,
+        SystemUser,
+        SelfIdentifiedUser,
+    }
+
+    [Theory]
+    [CombinatorialData]
+    public async Task Full([CombinatorialValues(Auth.SystemUser)] Auth auth)
+    {
+        await using var fixtureScope = await _classFixture.Get(_output, TestApps.Basic, "signing-simple");
+        var fixture = fixtureScope.Fixture;
+        var verifier = fixture.ScopedVerifier;
+        verifier.UseTestCase(new { auth });
+
+        var token = auth switch
+        {
+            Auth.SystemUser => await fixture.Auth.GetSystemUserToken(
+                systemId: "913312465_sbs",
+                systemUserId: "d111dbab-d619-4f15-bf29-58fe570a9ae6",
+                scope: "altinn:instances.read altinn:instances.write"
+            ),
+            _ => throw new NotSupportedException($"Auth {auth} is not supported"),
+        };
+
+        var instanceOwner = auth switch
+        {
+            Auth.SystemUser => new InstanceOwner { OrganisationNumber = "950474084" },
+            _ => throw new NotSupportedException($"Auth {auth} is not supported"),
+        };
+
+        using var instantiationResponse = await fixture.Instances.PostSimplified(
+            token,
+            new InstansiationInstance
+            {
+                InstanceOwner = instanceOwner,
+                Prefill = new() { ["property1"] = "1" },
+            }
+        );
+
+        using var instantiationData = await instantiationResponse.Read<Instance>();
+        var instance = instantiationData.Data.Model;
+        Assert.NotNull(instance);
+        var scrubbers = new Scrubbers(StringScrubber: Scrubbers.InstanceStringScrubber(instance));
+        await verifier.Verify(instantiationData, snapshotName: "Instance", scrubbers: scrubbers);
+
+        using var processNextResponse = await fixture.Instances.ProcessNext(
+            token,
+            instantiationData,
+            new ProcessNext { Action = "sign" }
+        );
+        using var processNextData = await processNextResponse.Read<AppProcessState>();
+
+        await verifier.Verify(processNextData, snapshotName: "ProcessNext", scrubbers: scrubbers);
+
+        using var download = await fixture.Instances.Download(token, instantiationData);
+        await download.Verify(verifier);
+
+        await verifier.Verify(fixture.GetSnapshotAppLogs(), snapshotName: "Logs");
+    }
+}
diff --git a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_0_Instance.verified.txt b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_0_Instance.verified.txt
new file mode 100644
index 0000000000..34f612e0d7
--- /dev/null
+++ b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_0_Instance.verified.txt
@@ -0,0 +1,127 @@
+{
+  HttpResponse: {
+    Version: 1.1,
+    Content: {
+      Headers: {
+        Content-Type: [
+          application/json; charset=utf-8
+        ]
+      }
+    },
+    StatusCode: Created,
+    ReasonPhrase: Created,
+    Headers: {
+      Date: <date>,
+      Server: [
+        Kestrel
+      ],
+      Cache-Control: [
+        no-store, no-cache
+      ],
+      Location: [
+        https://app:5005/ttd/basic/instances/500700/<instanceGuid>
+      ],
+      Transfer-Encoding: [
+        chunked
+      ],
+      Request-Context: [
+        appId=
+      ],
+      X-Frame-Options: [
+        deny
+      ],
+      X-Content-Type-Options: [
+        nosniff
+      ],
+      X-XSS-Protection: [
+        0
+      ],
+      Referrer-Policy: [
+        no-referrer
+      ]
+    },
+    TrailingHeaders: {},
+    RequestMessage: {
+      Version: 1.1,
+      Content: {
+        Headers: {
+          Content-Type: [
+            application/json
+          ],
+          Content-Length: [
+            192
+          ]
+        }
+      },
+      Method: {
+        Method: POST
+      },
+      RequestUri: http://local.altinn.cloud:<localtestPort>/ttd/basic/instances/create,
+      Headers: {
+        Authorization: [
+          Bearer <token>
+        ],
+        User-Agent: [
+          Altinn.App.Integration.Tests
+        ]
+      }
+    },
+    IsSuccessStatusCode: true
+  },
+  Response: {
+    Id: 500700/<instanceGuid>,
+    InstanceOwner: {
+      PartyId: 500700,
+      OrganisationNumber: 950474084
+    },
+    AppId: ttd/basic,
+    Org: ttd,
+    SelfLinks: {
+      Apps: https://app:5005/ttd/basic/instances/500700/<instanceGuid>,
+      Platform: https://platform.local.altinn.cloud/storage/api/v1/instances/500700/<instanceGuid>
+    },
+    VisibleAfter: DateTime_1,
+    Process: {
+      Started: DateTime_2,
+      StartEvent: StartEvent_1,
+      CurrentTask: {
+        Flow: 2,
+        Started: DateTime_3,
+        ElementId: Task_1,
+        Name: Fyll ut og signer,
+        AltinnTaskType: signing,
+        FlowType: CompleteCurrentMoveToNext
+      }
+    },
+    Status: {
+      IsArchived: false,
+      IsSoftDeleted: false,
+      IsHardDeleted: false,
+      ReadStatus: Read
+    },
+    Data: [
+      {
+        Id: <dataElementId[0]>,
+        InstanceGuid: <instanceGuid>,
+        DataType: model,
+        ContentType: application/xml,
+        BlobStoragePath: ttd/basic/<instanceGuid>/data/<dataElementId[0]>,
+        SelfLinks: {
+          Apps: https://app:5005/ttd/basic/instances/500700/<instanceGuid>/data/<dataElementId[0]>,
+          Platform: https://platform./storage/api/v1/instances/500700/<instanceGuid>/data/<dataElementId[0]>
+        },
+        Size: 176,
+        Locked: false,
+        IsRead: true,
+        Created: DateTime_4,
+        CreatedBy: 950474084,
+        LastChanged: DateTime_4,
+        LastChangedBy: 950474084
+      }
+    ],
+    Created: DateTime_1,
+    CreatedBy: 950474084,
+    LastChanged: DateTime_1,
+    LastChangedBy: 950474084
+  }
+}
\ No newline at end of file
diff --git a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_1_ProcessNext.verified.txt b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_1_ProcessNext.verified.txt
new file mode 100644
index 0000000000..31e451360b
--- /dev/null
+++ b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_1_ProcessNext.verified.txt
@@ -0,0 +1,74 @@
+{
+  HttpResponse: {
+    Version: 1.1,
+    Content: {
+      Headers: {
+        Content-Type: [
+          application/json; charset=utf-8
+        ]
+      }
+    },
+    StatusCode: OK,
+    ReasonPhrase: OK,
+    Headers: {
+      Date: <date>,
+      Server: [
+        Kestrel
+      ],
+      Cache-Control: [
+        no-store, no-cache
+      ],
+      Transfer-Encoding: [
+        chunked
+      ],
+      Request-Context: [
+        appId=
+      ],
+      X-Frame-Options: [
+        deny
+      ],
+      X-Content-Type-Options: [
+        nosniff
+      ],
+      X-XSS-Protection: [
+        0
+      ],
+      Referrer-Policy: [
+        no-referrer
+      ]
+    },
+    TrailingHeaders: {},
+    RequestMessage: {
+      Version: 1.1,
+      Content: {
+        Headers: {
+          Content-Type: [
+            application/json
+          ],
+          Content-Length: [
+            41
+          ]
+        }
+      },
+      Method: {
+        Method: PUT
+      },
+      RequestUri: http://local.altinn.cloud:<localtestPort>/ttd/basic/instances/500700/<instanceGuid>/process/next,
+      Headers: {
+        Authorization: [
+          Bearer <token>
+        ],
+        User-Agent: [
+          Altinn.App.Integration.Tests
+        ]
+      }
+    },
+    IsSuccessStatusCode: true
+  },
+  Response: {
+    Started: DateTime_1,
+    StartEvent: StartEvent_1,
+    Ended: DateTime_2,
+    EndEvent: EndEvent_1
+  }
+}
\ No newline at end of file
diff --git a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_2_Download-Instance.verified.txt b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_2_Download-Instance.verified.txt
new file mode 100644
index 0000000000..898b07628e
--- /dev/null
+++ b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_2_Download-Instance.verified.txt
@@ -0,0 +1,161 @@
+{
+  HttpResponse: {
+    Version: 1.1,
+    Content: {
+      Headers: {
+        Content-Type: [
+          application/json; charset=utf-8
+        ]
+      }
+    },
+    StatusCode: OK,
+    ReasonPhrase: OK,
+    Headers: {
+      Date: <date>,
+      Server: [
+        Kestrel
+      ],
+      Cache-Control: [
+        no-store, no-cache
+      ],
+      Transfer-Encoding: [
+        chunked
+      ],
+      Request-Context: [
+        appId=
+      ],
+      X-Frame-Options: [
+        deny
+      ],
+      X-Content-Type-Options: [
+        nosniff
+      ],
+      X-XSS-Protection: [
+        0
+      ],
+      Referrer-Policy: [
+        no-referrer
+      ]
+    },
+    TrailingHeaders: {},
+    RequestMessage: {
+      Version: 1.1,
+      Method: {
+        Method: GET
+      },
+      RequestUri: http://local.altinn.cloud:<localtestPort>/ttd/basic/instances/500700/<instanceGuid>,
+      Headers: {
+        Authorization: [
+          Bearer <token>
+        ],
+        User-Agent: [
+          Altinn.App.Integration.Tests
+        ]
+      }
+    },
+    IsSuccessStatusCode: true
+  },
+  Response: {
+    Id: 500700/<instanceGuid>,
+    InstanceOwner: {
+      PartyId: 500700,
+      OrganisationNumber: 950474084
+    },
+    AppId: ttd/basic,
+    Org: ttd,
+    SelfLinks: {
+      Apps: https://app:5005/ttd/basic/instances/500700/<instanceGuid>,
+      Platform: https://platform.local.altinn.cloud/storage/api/v1/instances/500700/<instanceGuid>
+    },
+    VisibleAfter: DateTime_1,
+    Process: {
+      Started: DateTime_2,
+      StartEvent: StartEvent_1,
+      Ended: DateTime_3,
+      EndEvent: EndEvent_1
+    },
+    Status: {
+      IsArchived: true,
+      Archived: DateTime_3,
+      IsSoftDeleted: false,
+      IsHardDeleted: false,
+      ReadStatus: Read
+    },
+    Data: [
+      {
+        Id: <dataElementId[0]>,
+        InstanceGuid: <instanceGuid>,
+        DataType: model,
+        ContentType: application/xml,
+        BlobStoragePath: ttd/basic/<instanceGuid>/data/<dataElementId[0]>,
+        SelfLinks: {
+          Apps: https://app:5005/ttd/basic/instances/500700/<instanceGuid>/data/<dataElementId[0]>,
+          Platform: https://platform.local.altinn.cloud/storage/api/v1/instances/500700/<instanceGuid>/data/<dataElementId[0]>
+        },
+        Size: {Scrubbed},
+        Locked: true,
+        IsRead: true,
+        Created: DateTime_4,
+        CreatedBy: 950474084,
+        LastChanged: DateTime_4,
+        LastChangedBy: 950474084
+      },
+      {
+        Id: <dataElementId[1]>,
+        InstanceGuid: <instanceGuid>,
+        DataType: signatureInformation,
+        Filename: signatureInformation.json,
+        ContentType: application/json,
+        BlobStoragePath: ttd/basic/<instanceGuid>/data/<dataElementId[1]>,
+        SelfLinks: {
+          Apps: https://app:5005/ttd/basic/instances/500700/<instanceGuid>/data/<dataElementId[1]>,
+          Platform: https://platform.local.altinn.cloud/storage/api/v1/instances/500700/<instanceGuid>/data/<dataElementId[1]>
+        },
+        Size: {Scrubbed},
+        Locked: false,
+        IsRead: true,
+        References: [
+          {
+            Value: Task_1,
+            Relation: GeneratedFrom,
+            ValueType: Task
+          }
+        ],
+        Created: DateTime_5,
+        CreatedBy: 950474084,
+        LastChanged: DateTime_5,
+        LastChangedBy: 950474084
+      },
+      {
+        Id: <dataElementId[2]>,
+        InstanceGuid: <instanceGuid>,
+        DataType: ref-data-as-pdf,
+        Filename: basic.pdf,
+        ContentType: application/pdf,
+        BlobStoragePath: ttd/basic/<instanceGuid>/data/<dataElementId[2]>,
+        SelfLinks: {
+          Apps: https://app:5005/ttd/basic/instances/500700/<instanceGuid>/data/<dataElementId[2]>,
+          Platform: https://platform.local.altinn.cloud/storage/api/v1/instances/500700/<instanceGuid>/data/<dataElementId[2]>
+        },
+        Size: {Scrubbed},
+        Locked: false,
+        IsRead: true,
+        References: [
+          {
+            Value: Task_1,
+            Relation: GeneratedFrom,
+            ValueType: Task
+          }
+        ],
+        Created: DateTime_6,
+        CreatedBy: 950474084,
+        LastChanged: DateTime_6,
+        LastChangedBy: 950474084
+      }
+    ],
+    Created: DateTime_1,
+    CreatedBy: 950474084,
+    LastChanged: DateTime_7,
+    LastChangedBy: 950474084
+  }
+}
\ No newline at end of file
diff --git a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_3_Download-Data[0].verified.txt b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_3_Download-Data[0].verified.txt
new file mode 100644
index 0000000000..13e201a51c
--- /dev/null
+++ b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_3_Download-Data[0].verified.txt
@@ -0,0 +1,66 @@
+{
+  HttpResponse: {
+    Version: 1.1,
+    Content: {
+      Headers: {
+        Content-Type: [
+          application/json; charset=utf-8
+        ]
+      }
+    },
+    StatusCode: OK,
+    ReasonPhrase: OK,
+    Headers: {
+      Date: <date>,
+      Server: [
+        Kestrel
+      ],
+      Cache-Control: [
+        no-store, no-cache
+      ],
+      Transfer-Encoding: [
+        chunked
+      ],
+      Request-Context: [
+        appId=
+      ],
+      X-Frame-Options: [
+        deny
+      ],
+      X-Content-Type-Options: [
+        nosniff
+      ],
+      X-XSS-Protection: [
+        0
+      ],
+      Referrer-Policy: [
+        no-referrer
+      ]
+    },
+    TrailingHeaders: {},
+    RequestMessage: {
+      Version: 1.1,
+      Method: {
+        Method: GET
+      },
+      RequestUri: http://local.altinn.cloud:<localtestPort>/ttd/basic/instances/500700/<instanceGuid>/data/<dataElementId[0]>,
+      Headers: {
+        Authorization: [
+          Bearer <token>
+        ],
+        Accept: [
+          application/json
+        ],
+        User-Agent: [
+          Altinn.App.Integration.Tests
+        ]
+      }
+    },
+    IsSuccessStatusCode: true
+  },
+  Response: {
+    property1: 1,
+    property2: null,
+    property3: null
+  }
+}
\ No newline at end of file
diff --git a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_4_Download-Data[1].verified.txt b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_4_Download-Data[1].verified.txt
new file mode 100644
index 0000000000..45aadaa758
--- /dev/null
+++ b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_4_Download-Data[1].verified.txt
@@ -0,0 +1,82 @@
+{
+  HttpResponse: {
+    Version: 1.1,
+    Content: {
+      Headers: {
+        Content-Length: [
+          500
+        ],
+        Content-Type: [
+          application/json
+        ],
+        Content-Disposition: [
+          attachment; filename=signatureInformation.json; filename*=UTF-8''signatureInformation.json
+        ]
+      }
+    },
+    StatusCode: OK,
+    ReasonPhrase: OK,
+    Headers: {
+      Date: <date>,
+      Server: [
+        Kestrel
+      ],
+      Cache-Control: [
+        no-store, no-cache
+      ],
+      Request-Context: [
+        appId=
+      ],
+      X-Frame-Options: [
+        deny
+      ],
+      X-Content-Type-Options: [
+        nosniff
+      ],
+      X-XSS-Protection: [
+        0
+      ],
+      Referrer-Policy: [
+        no-referrer
+      ]
+    },
+    TrailingHeaders: {},
+    RequestMessage: {
+      Version: 1.1,
+      Method: {
+        Method: GET
+      },
+      RequestUri: http://local.altinn.cloud:<localtestPort>/ttd/basic/instances/500700/<instanceGuid>/data/<dataElementId[1]>,
+      Headers: {
+        Authorization: [
+          Bearer <token>
+        ],
+        Accept: [
+          application/json
+        ],
+        User-Agent: [
+          Altinn.App.Integration.Tests
+        ]
+      }
+    },
+    IsSuccessStatusCode: true
+  },
+  Response: {
+    id: <dataElementId[1]>,
+    instanceGuid: <instanceGuid>,
+    signedTime: DateTimeOffset_1,
+    signeeInfo: {
+      userId: null,
+      systemUserId: null,
+      personNumber: null,
+      organisationNumber: null
+    },
+    dataElementSignatures: [
+      {
+        dataElementId: <dataElementId[0]>,
+        sha256Hash: 9621bdd8df0f3c757f9a91f449e9cf32e2d6c77aca437c3a117c6b78b05343b7,
+        signed: true
+      }
+    ]
+  }
+}
\ No newline at end of file
diff --git a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_5_Download-PDF.verified.txt b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_5_Download-PDF.verified.txt
new file mode 100644
index 0000000000..444df35334
--- /dev/null
+++ b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_5_Download-PDF.verified.txt
@@ -0,0 +1,61 @@
+{
+  HttpResponse: {
+    Version: 1.1,
+    Content: {
+      Headers: {
+        Content-Type: [
+          application/pdf
+        ],
+        Content-Disposition: [
+          attachment; filename=basic.pdf; filename*=UTF-8''basic.pdf
+        ]
+      }
+    },
+    StatusCode: OK,
+    ReasonPhrase: OK,
+    Headers: {
+      Date: <date>,
+      Server: [
+        Kestrel
+      ],
+      Cache-Control: [
+        no-store, no-cache
+      ],
+      Request-Context: [
+        appId=
+      ],
+      X-Frame-Options: [
+        deny
+      ],
+      X-Content-Type-Options: [
+        nosniff
+      ],
+      X-XSS-Protection: [
+        0
+      ],
+      Referrer-Policy: [
+        no-referrer
+      ]
+    },
+    TrailingHeaders: {},
+    RequestMessage: {
+      Version: 1.1,
+      Method: {
+        Method: GET
+      },
+      RequestUri: http://local.altinn.cloud:<localtestPort>/ttd/basic/instances/500700/<instanceGuid>/data/<dataElementId[2]>,
+      Headers: {
+        Authorization: [
+          Bearer <token>
+        ],
+        Accept: [
+          application/octet-stream
+        ],
+        User-Agent: [
+          Altinn.App.Integration.Tests
+        ]
+      }
+    },
+    IsSuccessStatusCode: true
+  }
+}
\ No newline at end of file
diff --git a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_6_Logs.verified.txt b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_6_Logs.verified.txt
new file mode 100644
index 0000000000..d06342449e
--- /dev/null
+++ b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_6_Logs.verified.txt
@@ -0,0 +1,43 @@
+[basic/signing-simple] [INIT INFO] Fixture configuration updated
+[basic/signing-simple] [INIT ERROR] Scenario 'signing-simple' specified but no services directory found at /App/scenario-overrides/services
+[basic/signing-simple] [INFO] ### Request: Instances.PostSimplified - User: SystemUser/950474084/d111dbab-d619-4f15-bf29-58fe570a9ae6, AuthLevel: 3, AuthMethod: maskinporten
+[basic/signing-simple] [INFO] IInstantiationValidator.Validate
+[basic/signing-simple] [INFO] IProcessTaskStart.Start
+[basic/signing-simple] [INFO] IInstantiationProcessor.DataCreation
+[basic/signing-simple] [INFO] ### Response: Instances.PostSimplified - CreatedResult, StatusCode: 201
+[basic/signing-simple] [INFO] ### Request: Process.NextElement - User: SystemUser/950474084/d111dbab-d619-4f15-bf29-58fe570a9ae6, AuthLevel: 3, AuthMethod: maskinporten
+[basic/signing-simple] [INFO] IValidator.Validate
+[basic/signing-simple] [INFO] ITaskValidator.ValidateTask
+[basic/signing-simple] [INFO] IDataElementValidator.ValidateDataElement
+[basic/signing-simple] [INFO] IFormDataValidator.ValidateFormData
+fail: Altinn.App.Core.Features.Signing.Services.SigningService[0]
+      Failed to create signee contexts for 1 unmatched documents for task Task_1.
+      System.ArgumentException: Could not find party for person or organization. A valid SSN or OrgNr must be provided.
+         at Altinn.App.Core.Features.Signing.Models.Signee.From(String ssn, String orgNr, Nullable`1 systemId, Func`2 lookupParty) in /_/src/Altinn.App.Core/Features/Signing/Models/SigneeContext.cs:line 140
+         at Altinn.App.Core.Features.Signing.Services.SignDocumentManager.CreateSigneeContextFromSignDocument(String taskId, SignDocument signDocument) in /_/src/Altinn.App.Core/Features/Signing/Services/SignDocumentManager.cs:line 282
+         at Altinn.App.Core.Features.Signing.Services.SignDocumentManager.CreateSigneeContextsForUnmatchedDocuments(String taskId, List`1 unmatchedSignDocuments) in /_/src/Altinn.App.Core/Features/Signing/Services/SignDocumentManager.cs:line 253
+fail: Altinn.App.Core.Features.Validation.Default.SigningTaskValidator[0]
+      Error while fetching signee contexts
+      System.ArgumentException: Could not find party for person or organization. A valid SSN or OrgNr must be provided.
+         at Altinn.App.Core.Features.Signing.Models.Signee.From(String ssn, String orgNr, Nullable`1 systemId, Func`2 lookupParty) in /_/src/Altinn.App.Core/Features/Signing/Models/SigneeContext.cs:line 140
+         at Altinn.App.Core.Features.Signing.Services.SignDocumentManager.CreateSigneeContextFromSignDocument(String taskId, SignDocument signDocument) in /_/src/Altinn.App.Core/Features/Signing/Services/SignDocumentManager.cs:line 282
+         at Altinn.App.Core.Features.Signing.Services.SignDocumentManager.CreateSigneeContextsForUnmatchedDocuments(String taskId, List`1 unmatchedSignDocuments) in /_/src/Altinn.App.Core/Features/Signing/Services/SignDocumentManager.cs:line 253
+         at Altinn.App.Core.Features.Signing.Services.SignDocumentManager.SynchronizeSigneeContextsWithSignDocuments(String taskId, List`1 signeeContexts, List`1 signDocuments, CancellationToken ct) in /_/src/Altinn.App.Core/Features/Signing/Services/SignDocumentManager.cs:line 126
+         at Altinn.App.Core.Features.Signing.Services.SigningService.GetSigneeContexts(IInstanceDataAccessor instanceDataAccessor, AltinnSignatureConfiguration signatureConfiguration, CancellationToken ct) in /_/src/Altinn.App.Core/Features/Signing/Services/SigningService.cs:line 174
+         at Altinn.App.Core.Features.Validation.Default.SigningTaskValidator.CatchError[T](Func`1 function)
+[basic/signing-simple] [INFO] IProcessTaskEnd.End
+[basic/signing-simple] [INFO] IDataProcessor.ProcessDataRead
+[basic/signing-simple] [INFO] IExternalApiClient.GetExternalApiDataAsync
+[basic/signing-simple] [INFO] IProcessEnd.End
+[basic/signing-simple] [INFO] ### Response: Process.NextElement - OkObjectResult, StatusCode: 200
+[basic/signing-simple] [INFO] ### Request: Instances.Get - User: SystemUser/950474084/d111dbab-d619-4f15-bf29-58fe570a9ae6, AuthLevel: 3, AuthMethod: maskinporten
+[basic/signing-simple] [INFO] ### Response: Instances.Get - OkObjectResult, StatusCode: 200
+[basic/signing-simple] [INFO] ### Request: ApplicationMetadata.GetAction - User: None/none, AuthLevel: 0, AuthMethod: none
+[basic/signing-simple] [INFO] ### Response: ApplicationMetadata.GetAction - OkObjectResult, StatusCode: 200
+[basic/signing-simple] [INFO] ### Request: Data.Get - User: SystemUser/950474084/d111dbab-d619-4f15-bf29-58fe570a9ae6, AuthLevel: 3, AuthMethod: maskinporten
+[basic/signing-simple] [INFO] IDataProcessor.ProcessDataRead
+[basic/signing-simple] [INFO] ### Response: Data.Get - OkObjectResult, StatusCode: 200
+[basic/signing-simple] [INFO] ### Request: Data.Get - User: SystemUser/950474084/d111dbab-d619-4f15-bf29-58fe570a9ae6, AuthLevel: 3, AuthMethod: maskinporten
+[basic/signing-simple] [INFO] ### Response: Data.Get - FileStreamResult, StatusCode: 
+[basic/signing-simple] [INFO] ### Request: Data.Get - User: SystemUser/950474084/d111dbab-d619-4f15-bf29-58fe570a9ae6, AuthLevel: 3, AuthMethod: maskinporten
+[basic/signing-simple] [INFO] ### Response: Data.Get - FileStreamResult, StatusCode: 
\ No newline at end of file
diff --git a/test/Altinn.App.Integration.Tests/_fixture/Operations/AppFixture.Instances.cs b/test/Altinn.App.Integration.Tests/_fixture/Operations/AppFixture.Instances.cs
index c7f38bbd2c..48bee58f80 100644
--- a/test/Altinn.App.Integration.Tests/_fixture/Operations/AppFixture.Instances.cs
+++ b/test/Altinn.App.Integration.Tests/_fixture/Operations/AppFixture.Instances.cs
@@ -89,7 +89,8 @@ public async Task<InstanceDownload> Download(string token, ReadApiResponse<Insta
 
                 using var request = new HttpRequestMessage(HttpMethod.Get, endpoint);
                 request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
-                if (dataType.AppLogic?.ClassRef is not null)
+                var hasJsonContentType = dataType.AllowedContentTypes.Any(ac => ac == "application/json");
+                if (dataType.AppLogic?.ClassRef is not null || hasJsonContentType)
                     request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
                 else
                     request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/octet-stream"));
@@ -108,11 +109,21 @@ public async Task<InstanceDownload> Download(string token, ReadApiResponse<Insta
                     }
                     else
                     {
-                        // This is binary data (attachment)
-                        var dataResponse = new ApiResponse(_fixture, response);
-                        var readResponse = await dataResponse.Read<byte[]>();
-                        var binaryData = new InstanceDataDownload.Binary(i, dataGuid, dataType.Id, readResponse);
-                        data.Add(binaryData);
+                        if (hasJsonContentType)
+                        {
+                            var dataResponse = new ApiResponse(_fixture, response);
+                            var readResponse = await dataResponse.Read<Argon.JToken>(); // Argon is being used by VerifyTests for JSON
+                            var formData = new InstanceDataDownload.Json(i, dataGuid, dataType.Id, readResponse);
+                            data.Add(formData);
+                        }
+                        else
+                        {
+                            // This is binary data (attachment)
+                            var dataResponse = new ApiResponse(_fixture, response);
+                            var readResponse = await dataResponse.Read<byte[]>();
+                            var binaryData = new InstanceDataDownload.Binary(i, dataGuid, dataType.Id, readResponse);
+                            data.Add(binaryData);
+                        }
                     }
                 }
                 catch (Exception)
@@ -345,6 +356,15 @@ await verifier.Verify(
                         sourceFile: sourceFile
                     );
                     break;
+                case InstanceDataDownload.Json json:
+                    await verifier.Verify(
+                        json.Data,
+                        snapshotName: $"Download-Data[{data.Index}]",
+                        scrubbers: scrubbers,
+                        parameters: parameters,
+                        sourceFile: sourceFile
+                    );
+                    break;
                 case InstanceDataDownload.Binary binary:
                     var finalScrubbers = scrubbers;
                     if (data.DataType == "ref-data-as-pdf")
@@ -391,6 +411,12 @@ internal sealed record Form(int Index, Guid Id, string DataType, ReadApiResponse
         public override void Dispose() => Data.Dispose();
     }
 
+    internal sealed record Json(int Index, Guid Id, string DataType, ReadApiResponse<Argon.JToken> Data)
+        : InstanceDataDownload(Index, Id, DataType)
+    {
+        public override void Dispose() => Data.Dispose();
+    }
+
     internal sealed record Binary(int Index, Guid Id, string DataType, ReadApiResponse<byte[]> Data)
         : InstanceDataDownload(Index, Id, DataType)
     {
diff --git a/test/Altinn.App.Integration.Tests/_testapps/basic/_scenarios/signing-simple/config/applicationmetadata.json b/test/Altinn.App.Integration.Tests/_testapps/basic/_scenarios/signing-simple/config/applicationmetadata.json
new file mode 100644
index 0000000000..d0a57719ed
--- /dev/null
+++ b/test/Altinn.App.Integration.Tests/_testapps/basic/_scenarios/signing-simple/config/applicationmetadata.json
@@ -0,0 +1,85 @@
+{
+  "id": "ttd/basic",
+  "org": "ttd",
+  "title": {
+    "nb": "basic"
+  },
+  "dataTypes": [
+    {
+      "id": "ref-data-as-pdf",
+      "allowedContentTypes": [
+        "application/pdf"
+      ],
+      "maxCount": 0,
+      "minCount": 0,
+      "enablePdfCreation": true,
+      "enableFileScan": false,
+      "validationErrorOnPendingFileScan": false,
+      "enabledFileAnalysers": [],
+      "enabledFileValidators": []
+    },
+    {
+      "id": "attachment",
+      "allowedContentTypes": [
+        "application/pdf",
+        "image/jpeg",
+        "image/png",
+        "text/plain"
+      ],
+      "maxCount": 10,
+      "minCount": 0,
+      "taskId": "Task_1",
+      "enablePdfCreation": false,
+      "enableFileScan": false,
+      "validationErrorOnPendingFileScan": false,
+      "enabledFileAnalysers": [],
+      "enabledFileValidators": []
+    },
+    {
+      "id": "model",
+      "allowedContentTypes": [
+        "application/xml"
+      ],
+      "appLogic": {
+        "autoCreate": true,
+        "classRef": "Altinn.App.Models.model.model",
+        "allowAnonymousOnStateless": false,
+        "autoDeleteOnProcessEnd": false
+      },
+      "taskId": "Task_1",
+      "maxCount": 1,
+      "minCount": 1,
+      "enablePdfCreation": true,
+      "enableFileScan": false,
+      "validationErrorOnPendingFileScan": false,
+      "enabledFileAnalysers": [],
+      "enabledFileValidators": []
+    },
+    {
+      "id": "signatureInformation",
+      "allowedContentTypes": [
+        "application/json"
+      ],
+      "maxCount": 1,
+      "minCount": 0,
+      "enablePdfCreation": false,
+      "enableFileScan": false,
+      "validationErrorOnPendingFileScan": false,
+      "enabledFileAnalysers": [],
+      "enabledFileValidators": [],
+      "allowedContributers": ["app:owned"]
+    }
+  ],
+  "partyTypesAllowed": {
+    "bankruptcyEstate": false,
+    "organisation": false,
+    "person": false,
+    "subUnit": false
+  },
+  "autoDeleteOnProcessEnd": false,
+  "disallowUserInstantiation": false,
+  "created": "2024-05-15T12:17:03.656228Z",
+  "createdBy": "altinn",
+  "lastChanged": "2024-05-15T12:17:03.65623Z",
+  "lastChangedBy": "altinn"
+}
diff --git a/test/Altinn.App.Integration.Tests/_testapps/basic/_scenarios/signing-simple/config/authorization/policy.xml b/test/Altinn.App.Integration.Tests/_testapps/basic/_scenarios/signing-simple/config/authorization/policy.xml
new file mode 100644
index 0000000000..71a86273ea
--- /dev/null
+++ b/test/Altinn.App.Integration.Tests/_testapps/basic/_scenarios/signing-simple/config/authorization/policy.xml
@@ -0,0 +1,318 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xacml:Policy PolicyId="urn:altinn:policyid:1" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" xmlns:xacml="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
+  <xacml:Target />
+  <xacml:Rule RuleId="urn:altinn:example:ruleid:1" Effect="Permit">
+    <xacml:Description>A rule giving user with role REGNA or DAGL and the app owner [ORG] the right to instantiate a instance of a given app of [ORG]/[APP]</xacml:Description>
+    <xacml:Target>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">REGNA</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DAGL</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[ORG]</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:org" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">991825827</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:organization:identifier-no" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">f58fe166-bc22-4899-beb7-c3e8e3332f43</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:systemuser:uuid" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[ORG]</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:org" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[APP]</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:app" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">instantiate</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+    </xacml:Target>
+  </xacml:Rule>
+  <xacml:Rule RuleId="urn:altinn:example:ruleid:2" Effect="Permit">
+    <xacml:Description>Rule that defines that user with role REGNA or DAGL can read and write for [ORG]/[APP] when it is in Task_1</xacml:Description>
+    <xacml:Target>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">REGNA</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DAGL</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">991825827</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:organization:identifier-no" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">f58fe166-bc22-4899-beb7-c3e8e3332f43</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:systemuser:uuid" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[ORG]</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:org" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[APP]</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:app" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Task_1</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:task" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[ORG]</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:org" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[APP]</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:app" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">EndEvent_1</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:end-event" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">sign</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+    </xacml:Target>
+  </xacml:Rule>
+  <xacml:Rule RuleId="urn:altinn:example:ruleid:3" Effect="Permit">
+    <xacml:Description>Rule that defines that user with role REGNA or DAGL can delete instances of [ORG]/[APP]</xacml:Description>
+    <xacml:Target>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">REGNA</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DAGL</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[ORG]</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:org" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[APP]</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:app" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">delete</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+    </xacml:Target>
+  </xacml:Rule>
+  <xacml:Rule RuleId="urn:altinn:example:ruleid:4" Effect="Permit">
+    <xacml:Description>Rule that defines that org can write to instances of [ORG]/[APP] for any states</xacml:Description>
+    <xacml:Target>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[ORG]</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:org" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[ORG]</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:org" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[APP]</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:app" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+    </xacml:Target>
+  </xacml:Rule>
+  <xacml:Rule RuleId="urn:altinn:example:ruleid:5" Effect="Permit">
+    <xacml:Description>Rule that defines that org can complete an instance of [ORG]/[APP] which state is at the end event.</xacml:Description>
+    <xacml:Target>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[ORG]</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:org" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[ORG]</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:org" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[APP]</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:app" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">EndEvent_1</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:end-event" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">complete</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+    </xacml:Target>
+  </xacml:Rule>
+  <xacml:Rule RuleId="urn:altinn:example:ruleid:6" Effect="Permit">
+    <xacml:Description>A rule giving user with role REGNA or DAGL and the app owner [ORG] the right to read the appresource events of a given app of [ORG]/[APP]</xacml:Description>
+    <xacml:Target>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">REGNA</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DAGL</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[ORG]</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:org" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[ORG]</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:org" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[APP]</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:app" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">events</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:appresource" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+    </xacml:Target>
+  </xacml:Rule>
+  <xacml:ObligationExpressions>
+    <xacml:ObligationExpression ObligationId="urn:altinn:obligation:authenticationLevel1" FulfillOn="Permit">
+      <xacml:AttributeAssignmentExpression AttributeId="urn:altinn:obligation1-assignment1" Category="urn:altinn:minimum-authenticationlevel">
+        <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">2</xacml:AttributeValue>
+      </xacml:AttributeAssignmentExpression>
+    </xacml:ObligationExpression>
+    <xacml:ObligationExpression ObligationId="urn:altinn:obligation:authenticationLevel2" FulfillOn="Permit">
+      <xacml:AttributeAssignmentExpression AttributeId="urn:altinn:obligation2-assignment2" Category="urn:altinn:minimum-authenticationlevel-org">
+        <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">3</xacml:AttributeValue>
+      </xacml:AttributeAssignmentExpression>
+    </xacml:ObligationExpression>
+  </xacml:ObligationExpressions>
+</xacml:Policy>
diff --git a/test/Altinn.App.Integration.Tests/_testapps/basic/_scenarios/signing-simple/config/process/process.bpmn b/test/Altinn.App.Integration.Tests/_testapps/basic/_scenarios/signing-simple/config/process/process.bpmn
new file mode 100644
index 0000000000..f10343f162
--- /dev/null
+++ b/test/Altinn.App.Integration.Tests/_testapps/basic/_scenarios/signing-simple/config/process/process.bpmn
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<bpmn:definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:altinn="http://altinn.no/process" xmlns:bpmn="http://www.omg.org/spec/BPMN/20100524/MODEL" xmlns:bpmndi="http://www.omg.org/spec/BPMN/20100524/DI" xmlns:dc="http://www.omg.org/spec/DD/20100524/DC" xmlns:di="http://www.omg.org/spec/DD/20100524/DI" id="Altinn_SingleDataTask_Process_Definition" targetNamespace="http://bpmn.io/schema/bpmn">
+  <bpmn:process id="SingleDataTask" isExecutable="false">
+    <bpmn:startEvent id="StartEvent_1">
+      <bpmn:outgoing>Flow_0esyro2</bpmn:outgoing>
+    </bpmn:startEvent>
+    <bpmn:task id="Task_1" name="Fyll ut og signer">
+      <bpmn:extensionElements>
+        <altinn:taskExtension>
+          <altinn:taskType>signing</altinn:taskType>
+          <altinn:actions>
+            <altinn:action>sign</altinn:action>
+            <altinn:action>reject</altinn:action>
+          </altinn:actions>
+          <altinn:signatureConfig>
+            <altinn:dataTypesToSign>
+              <altinn:dataType>model</altinn:dataType>
+            </altinn:dataTypesToSign>
+            <altinn:signatureDataType>signatureInformation</altinn:signatureDataType>
+            <altinn:runDefaultValidator>true</altinn:runDefaultValidator>
+          </altinn:signatureConfig>
+        </altinn:taskExtension>
+      </bpmn:extensionElements>
+      <bpmn:incoming>Flow_0esyro2</bpmn:incoming>
+      <bpmn:outgoing>Flow_1438z6c</bpmn:outgoing>
+    </bpmn:task>
+    <bpmn:endEvent id="EndEvent_1">
+      <bpmn:incoming>Flow_1438z6c</bpmn:incoming>
+    </bpmn:endEvent>
+    <bpmn:sequenceFlow id="Flow_0esyro2" sourceRef="StartEvent_1" targetRef="Task_1" />
+    <bpmn:sequenceFlow id="Flow_1438z6c" sourceRef="Task_1" targetRef="EndEvent_1" />
+  </bpmn:process>
+  <bpmndi:BPMNDiagram id="BPMNDiagram_1">
+    <bpmndi:BPMNPlane id="BPMNPlane_1" bpmnElement="SingleDataTask">
+      <bpmndi:BPMNShape id="_BPMNShape_StartEvent_2" bpmnElement="StartEvent_1">
+        <dc:Bounds x="156" y="81" width="36" height="36" />
+      </bpmndi:BPMNShape>
+      <bpmndi:BPMNShape id="EndEvent_1_di" bpmnElement="EndEvent_1">
+        <dc:Bounds x="482" y="81" width="36" height="36" />
+      </bpmndi:BPMNShape>
+      <bpmndi:BPMNShape id="Task_1_di" bpmnElement="Task_1">
+        <dc:Bounds x="290" y="59" width="100" height="80" />
+        <bpmndi:BPMNLabel />
+      </bpmndi:BPMNShape>
+      <bpmndi:BPMNEdge id="Flow_0esyro2_di" bpmnElement="Flow_0esyro2">
+        <di:waypoint x="192" y="99" />
+        <di:waypoint x="290" y="99" />
+      </bpmndi:BPMNEdge>
+      <bpmndi:BPMNEdge id="Flow_1438z6c_di" bpmnElement="Flow_1438z6c">
+        <di:waypoint x="390" y="99" />
+        <di:waypoint x="482" y="99" />
+      </bpmndi:BPMNEdge>
+    </bpmndi:BPMNPlane>
+  </bpmndi:BPMNDiagram>
+</bpmn:definitions>

From 0174776e97c41793f2717193b52901b15fee2ae2 Mon Sep 17 00:00:00 2001
From: Martin Othamar <martin@othamar.net>
Date: Thu, 18 Sep 2025 20:14:42 +0200
Subject: [PATCH 2/3] user auth test

---
 .../Signing/Simple.cs                         |   4 +-
 ...auth=SystemUser_1_ProcessNext.verified.txt |  15 +-
 ...ystemUser_2_Download-Instance.verified.txt |  43 ++---
 ...SystemUser_4_Download-Data[1].verified.txt |   4 +-
 ....Full_auth=SystemUser_5_Logs.verified.txt} |  43 +++--
 ...sts.Full_auth=User_0_Instance.verified.txt | 127 ++++++++++++++
 ....Full_auth=User_1_ProcessNext.verified.txt |  74 ++++++++
 ...auth=User_2_Download-Instance.verified.txt | 161 ++++++++++++++++++
 ..._auth=User_3_Download-Data[0].verified.txt |  66 +++++++
 ..._auth=User_4_Download-Data[1].verified.txt |  82 +++++++++
 ...ull_auth=User_5_Download-PDF.verified.txt} |   2 +-
 ...leTests.Full_auth=User_6_Logs.verified.txt |  27 +++
 12 files changed, 585 insertions(+), 63 deletions(-)
 rename test/Altinn.App.Integration.Tests/Signing/_snapshots/{SimpleTests.Full_auth=SystemUser_6_Logs.verified.txt => SimpleTests.Full_auth=SystemUser_5_Logs.verified.txt} (52%)
 create mode 100644 test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_0_Instance.verified.txt
 create mode 100644 test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_1_ProcessNext.verified.txt
 create mode 100644 test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_2_Download-Instance.verified.txt
 create mode 100644 test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_3_Download-Data[0].verified.txt
 create mode 100644 test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_4_Download-Data[1].verified.txt
 rename test/Altinn.App.Integration.Tests/Signing/_snapshots/{SimpleTests.Full_auth=SystemUser_5_Download-PDF.verified.txt => SimpleTests.Full_auth=User_5_Download-PDF.verified.txt} (94%)
 create mode 100644 test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_6_Logs.verified.txt

diff --git a/test/Altinn.App.Integration.Tests/Signing/Simple.cs b/test/Altinn.App.Integration.Tests/Signing/Simple.cs
index 96a4bf601e..e3b588347c 100644
--- a/test/Altinn.App.Integration.Tests/Signing/Simple.cs
+++ b/test/Altinn.App.Integration.Tests/Signing/Simple.cs
@@ -20,7 +20,7 @@ public enum Auth
 
     [Theory]
     [CombinatorialData]
-    public async Task Full([CombinatorialValues(Auth.SystemUser)] Auth auth)
+    public async Task Full([CombinatorialValues(Auth.User, Auth.SystemUser)] Auth auth)
     {
         await using var fixtureScope = await _classFixture.Get(_output, TestApps.Basic, "signing-simple");
         var fixture = fixtureScope.Fixture;
@@ -29,6 +29,7 @@ public async Task Full([CombinatorialValues(Auth.SystemUser)] Auth auth)
 
         var token = auth switch
         {
+            Auth.User => await fixture.Auth.GetUserToken(1337, authenticationLevel: 3, scope: "altinn:portal/enduser"),
             Auth.SystemUser => await fixture.Auth.GetSystemUserToken(
                 systemId: "913312465_sbs",
                 systemUserId: "d111dbab-d619-4f15-bf29-58fe570a9ae6",
@@ -39,6 +40,7 @@ public async Task Full([CombinatorialValues(Auth.SystemUser)] Auth auth)
 
         var instanceOwner = auth switch
         {
+            Auth.User => new InstanceOwner { PartyId = "501337" },
             Auth.SystemUser => new InstanceOwner { OrganisationNumber = "950474084" },
             _ => throw new NotSupportedException($"Auth {auth} is not supported"),
         };
diff --git a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_1_ProcessNext.verified.txt b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_1_ProcessNext.verified.txt
index 31e451360b..5401b7d1e5 100644
--- a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_1_ProcessNext.verified.txt
+++ b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_1_ProcessNext.verified.txt
@@ -4,12 +4,12 @@
     Content: {
       Headers: {
         Content-Type: [
-          application/json; charset=utf-8
+          application/problem+json; charset=utf-8
         ]
       }
     },
-    StatusCode: OK,
-    ReasonPhrase: OK,
+    StatusCode: InternalServerError,
+    ReasonPhrase: Internal Server Error,
     Headers: {
       Date: <date>,
       Server: [
@@ -63,12 +63,7 @@
         ]
       }
     },
-    IsSuccessStatusCode: true
+    IsSuccessStatusCode: false
   },
-  Response: {
-    Started: DateTime_1,
-    StartEvent: StartEvent_1,
-    Ended: DateTime_2,
-    EndEvent: EndEvent_1
-  }
+  Response: {}
 }
\ No newline at end of file
diff --git a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_2_Download-Instance.verified.txt b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_2_Download-Instance.verified.txt
index 898b07628e..b5cad4f243 100644
--- a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_2_Download-Instance.verified.txt
+++ b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_2_Download-Instance.verified.txt
@@ -71,12 +71,17 @@
     Process: {
       Started: DateTime_2,
       StartEvent: StartEvent_1,
-      Ended: DateTime_3,
-      EndEvent: EndEvent_1
+      CurrentTask: {
+        Flow: 2,
+        Started: DateTime_3,
+        ElementId: Task_1,
+        Name: Fyll ut og signer,
+        AltinnTaskType: signing,
+        FlowType: CompleteCurrentMoveToNext
+      }
     },
     Status: {
-      IsArchived: true,
-      Archived: DateTime_3,
+      IsArchived: false,
       IsSoftDeleted: false,
       IsHardDeleted: false,
       ReadStatus: Read
@@ -93,7 +98,7 @@
           Platform: https://platform.local.altinn.cloud/storage/api/v1/instances/500700/<instanceGuid>/data/<dataElementId[0]>
         },
         Size: {Scrubbed},
-        Locked: true,
+        Locked: false,
         IsRead: true,
         Created: DateTime_4,
         CreatedBy: 950474084,
@@ -125,37 +130,11 @@
         CreatedBy: 950474084,
         LastChanged: DateTime_5,
         LastChangedBy: 950474084
-      },
-      {
-        Id: <dataElementId[2]>,
-        InstanceGuid: <instanceGuid>,
-        DataType: ref-data-as-pdf,
-        Filename: basic.pdf,
-        ContentType: application/pdf,
-        BlobStoragePath: ttd/basic/<instanceGuid>/data/<dataElementId[2]>,
-        SelfLinks: {
-          Apps: https://app:5005/ttd/basic/instances/500700/<instanceGuid>/data/<dataElementId[2]>,
-          Platform: https://platform.local.altinn.cloud/storage/api/v1/instances/500700/<instanceGuid>/data/<dataElementId[2]>
-        },
-        Size: {Scrubbed},
-        Locked: false,
-        IsRead: true,
-        References: [
-          {
-            Value: Task_1,
-            Relation: GeneratedFrom,
-            ValueType: Task
-          }
-        ],
-        Created: DateTime_6,
-        CreatedBy: 950474084,
-        LastChanged: DateTime_6,
-        LastChangedBy: 950474084
       }
     ],
     Created: DateTime_1,
     CreatedBy: 950474084,
-    LastChanged: DateTime_7,
+    LastChanged: DateTime_5,
     LastChangedBy: 950474084
   }
 }
\ No newline at end of file
diff --git a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_4_Download-Data[1].verified.txt b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_4_Download-Data[1].verified.txt
index 45aadaa758..cdef0a6eb0 100644
--- a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_4_Download-Data[1].verified.txt
+++ b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_4_Download-Data[1].verified.txt
@@ -4,7 +4,7 @@
     Content: {
       Headers: {
         Content-Length: [
-          500
+          534
         ],
         Content-Type: [
           application/json
@@ -67,7 +67,7 @@
     signedTime: DateTimeOffset_1,
     signeeInfo: {
       userId: null,
-      systemUserId: null,
+      systemUserId: Guid_1,
       personNumber: null,
       organisationNumber: null
     },
diff --git a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_6_Logs.verified.txt b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_5_Logs.verified.txt
similarity index 52%
rename from test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_6_Logs.verified.txt
rename to test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_5_Logs.verified.txt
index d06342449e..214594d911 100644
--- a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_6_Logs.verified.txt
+++ b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_5_Logs.verified.txt
@@ -1,5 +1,5 @@
 [basic/signing-simple] [INIT INFO] Fixture configuration updated
-[basic/signing-simple] [INIT ERROR] Scenario 'signing-simple' specified but no services directory found at /App/scenario-overrides/services
+[basic/signing-simple] [INIT INFO] Scenario 'signing-simple' specified but no services directory found at /App/scenario-overrides/services
 [basic/signing-simple] [INFO] ### Request: Instances.PostSimplified - User: SystemUser/950474084/d111dbab-d619-4f15-bf29-58fe570a9ae6, AuthLevel: 3, AuthMethod: maskinporten
 [basic/signing-simple] [INFO] IInstantiationValidator.Validate
 [basic/signing-simple] [INFO] IProcessTaskStart.Start
@@ -14,22 +14,33 @@ fail: Altinn.App.Core.Features.Signing.Services.SigningService[0]
       Failed to create signee contexts for 1 unmatched documents for task Task_1.
       System.ArgumentException: Could not find party for person or organization. A valid SSN or OrgNr must be provided.
          at Altinn.App.Core.Features.Signing.Models.Signee.From(String ssn, String orgNr, Nullable`1 systemId, Func`2 lookupParty) in /_/src/Altinn.App.Core/Features/Signing/Models/SigneeContext.cs:line 140
-         at Altinn.App.Core.Features.Signing.Services.SignDocumentManager.CreateSigneeContextFromSignDocument(String taskId, SignDocument signDocument) in /_/src/Altinn.App.Core/Features/Signing/Services/SignDocumentManager.cs:line 282
-         at Altinn.App.Core.Features.Signing.Services.SignDocumentManager.CreateSigneeContextsForUnmatchedDocuments(String taskId, List`1 unmatchedSignDocuments) in /_/src/Altinn.App.Core/Features/Signing/Services/SignDocumentManager.cs:line 253
-fail: Altinn.App.Core.Features.Validation.Default.SigningTaskValidator[0]
-      Error while fetching signee contexts
+         at Altinn.App.Core.Features.Signing.Services.SignDocumentManager.CreateSigneeContextFromSignDocument(String taskId, SignDocument signDocument) in /_/src/Altinn.App.Core/Features/Signing/Services/SignDocumentManager.cs:line 292
+         at Altinn.App.Core.Features.Signing.Services.SignDocumentManager.CreateSigneeContextsForUnmatchedDocuments(String taskId, List`1 unmatchedSignDocuments) in /_/src/Altinn.App.Core/Features/Signing/Services/SignDocumentManager.cs:line 263
+fail: Altinn.App.Core.Internal.Validation.ValidationService[0]
+      Error while running validator Altinn.App.Core.Features.Validation.Default.SigningTaskValidator-* for task Task_1 on instance 500700/629e01b6-7965-40df-bd51-d8162c004cce
       System.ArgumentException: Could not find party for person or organization. A valid SSN or OrgNr must be provided.
          at Altinn.App.Core.Features.Signing.Models.Signee.From(String ssn, String orgNr, Nullable`1 systemId, Func`2 lookupParty) in /_/src/Altinn.App.Core/Features/Signing/Models/SigneeContext.cs:line 140
-         at Altinn.App.Core.Features.Signing.Services.SignDocumentManager.CreateSigneeContextFromSignDocument(String taskId, SignDocument signDocument) in /_/src/Altinn.App.Core/Features/Signing/Services/SignDocumentManager.cs:line 282
-         at Altinn.App.Core.Features.Signing.Services.SignDocumentManager.CreateSigneeContextsForUnmatchedDocuments(String taskId, List`1 unmatchedSignDocuments) in /_/src/Altinn.App.Core/Features/Signing/Services/SignDocumentManager.cs:line 253
-         at Altinn.App.Core.Features.Signing.Services.SignDocumentManager.SynchronizeSigneeContextsWithSignDocuments(String taskId, List`1 signeeContexts, List`1 signDocuments, CancellationToken ct) in /_/src/Altinn.App.Core/Features/Signing/Services/SignDocumentManager.cs:line 126
-         at Altinn.App.Core.Features.Signing.Services.SigningService.GetSigneeContexts(IInstanceDataAccessor instanceDataAccessor, AltinnSignatureConfiguration signatureConfiguration, CancellationToken ct) in /_/src/Altinn.App.Core/Features/Signing/Services/SigningService.cs:line 174
-         at Altinn.App.Core.Features.Validation.Default.SigningTaskValidator.CatchError[T](Func`1 function)
-[basic/signing-simple] [INFO] IProcessTaskEnd.End
-[basic/signing-simple] [INFO] IDataProcessor.ProcessDataRead
-[basic/signing-simple] [INFO] IExternalApiClient.GetExternalApiDataAsync
-[basic/signing-simple] [INFO] IProcessEnd.End
-[basic/signing-simple] [INFO] ### Response: Process.NextElement - OkObjectResult, StatusCode: 200
+         at Altinn.App.Core.Features.Signing.Services.SignDocumentManager.CreateSigneeContextFromSignDocument(String taskId, SignDocument signDocument) in /_/src/Altinn.App.Core/Features/Signing/Services/SignDocumentManager.cs:line 292
+         at Altinn.App.Core.Features.Signing.Services.SignDocumentManager.CreateSigneeContextsForUnmatchedDocuments(String taskId, List`1 unmatchedSignDocuments) in /_/src/Altinn.App.Core/Features/Signing/Services/SignDocumentManager.cs:line 263
+         at Altinn.App.Core.Features.Signing.Services.SignDocumentManager.SynchronizeSigneeContextsWithSignDocuments(String taskId, List`1 signeeContexts, List`1 signDocuments, CancellationToken ct) in /_/src/Altinn.App.Core/Features/Signing/Services/SignDocumentManager.cs:line 136
+         at Altinn.App.Core.Features.Signing.Services.SigningService.GetSigneeContexts(IInstanceDataAccessor instanceDataAccessor, AltinnSignatureConfiguration signatureConfiguration, CancellationToken ct) in /_/src/Altinn.App.Core/Features/Signing/Services/SigningService.cs:line 182
+         at Altinn.App.Core.Features.Validation.Default.SigningTaskValidator.Validate(IInstanceDataAccessor dataAccessor, String taskId, String language) in /_/src/Altinn.App.Core/Features/Validation/Default/SigningTaskValidator.cs:line 92
+         at Altinn.App.Core.Internal.Validation.ValidationService.<>c__DisplayClass5_0.<<ValidateInstanceAtTask>b__3>d.MoveNext() in /_/src/Altinn.App.Core/Internal/Validation/ValidationService.cs:line 67
+fail: Altinn.App.Api.Controllers.ProcessController[0]
+      Process next failed.
+      System.ArgumentException: Could not find party for person or organization. A valid SSN or OrgNr must be provided.
+         at Altinn.App.Core.Features.Signing.Models.Signee.From(String ssn, String orgNr, Nullable`1 systemId, Func`2 lookupParty) in /_/src/Altinn.App.Core/Features/Signing/Models/SigneeContext.cs:line 140
+         at Altinn.App.Core.Features.Signing.Services.SignDocumentManager.CreateSigneeContextFromSignDocument(String taskId, SignDocument signDocument) in /_/src/Altinn.App.Core/Features/Signing/Services/SignDocumentManager.cs:line 292
+         at Altinn.App.Core.Features.Signing.Services.SignDocumentManager.CreateSigneeContextsForUnmatchedDocuments(String taskId, List`1 unmatchedSignDocuments) in /_/src/Altinn.App.Core/Features/Signing/Services/SignDocumentManager.cs:line 263
+         at Altinn.App.Core.Features.Signing.Services.SignDocumentManager.SynchronizeSigneeContextsWithSignDocuments(String taskId, List`1 signeeContexts, List`1 signDocuments, CancellationToken ct) in /_/src/Altinn.App.Core/Features/Signing/Services/SignDocumentManager.cs:line 136
+         at Altinn.App.Core.Features.Signing.Services.SigningService.GetSigneeContexts(IInstanceDataAccessor instanceDataAccessor, AltinnSignatureConfiguration signatureConfiguration, CancellationToken ct) in /_/src/Altinn.App.Core/Features/Signing/Services/SigningService.cs:line 182
+         at Altinn.App.Core.Features.Validation.Default.SigningTaskValidator.Validate(IInstanceDataAccessor dataAccessor, String taskId, String language) in /_/src/Altinn.App.Core/Features/Validation/Default/SigningTaskValidator.cs:line 92
+         at Altinn.App.Core.Internal.Validation.ValidationService.<>c__DisplayClass5_0.<<ValidateInstanceAtTask>b__3>d.MoveNext() in /_/src/Altinn.App.Core/Internal/Validation/ValidationService.cs:line 67
+      --- End of stack trace from previous location ---
+         at Altinn.App.Core.Internal.Validation.ValidationService.ValidateInstanceAtTask(IInstanceDataAccessor dataAccessor, String taskId, List`1 ignoredValidators, Nullable`1 onlyIncrementalValidators, String language) in /_/src/Altinn.App.Core/Internal/Validation/ValidationService.cs:line 92
+         at Altinn.App.Api.Controllers.ProcessController.GetValidationProblemDetails(Instance instance, String currentTaskId, String language) in /_/src/Altinn.App.Api/Controllers/ProcessController.cs:line 249
+         at Altinn.App.Api.Controllers.ProcessController.NextElement(String org, String app, Int32 instanceOwnerPartyId, Guid instanceGuid, CancellationToken ct, String elementId, String language, ProcessNext processNext) in /_/src/Altinn.App.Api/Controllers/ProcessController.cs:line 396
+[basic/signing-simple] [INFO] ### Response: Process.NextElement - ObjectResult, StatusCode: 500
 [basic/signing-simple] [INFO] ### Request: Instances.Get - User: SystemUser/950474084/d111dbab-d619-4f15-bf29-58fe570a9ae6, AuthLevel: 3, AuthMethod: maskinporten
 [basic/signing-simple] [INFO] ### Response: Instances.Get - OkObjectResult, StatusCode: 200
 [basic/signing-simple] [INFO] ### Request: ApplicationMetadata.GetAction - User: None/none, AuthLevel: 0, AuthMethod: none
@@ -38,6 +49,4 @@ fail: Altinn.App.Core.Features.Validation.Default.SigningTaskValidator[0]
 [basic/signing-simple] [INFO] IDataProcessor.ProcessDataRead
 [basic/signing-simple] [INFO] ### Response: Data.Get - OkObjectResult, StatusCode: 200
 [basic/signing-simple] [INFO] ### Request: Data.Get - User: SystemUser/950474084/d111dbab-d619-4f15-bf29-58fe570a9ae6, AuthLevel: 3, AuthMethod: maskinporten
-[basic/signing-simple] [INFO] ### Response: Data.Get - FileStreamResult, StatusCode: 
-[basic/signing-simple] [INFO] ### Request: Data.Get - User: SystemUser/950474084/d111dbab-d619-4f15-bf29-58fe570a9ae6, AuthLevel: 3, AuthMethod: maskinporten
 [basic/signing-simple] [INFO] ### Response: Data.Get - FileStreamResult, StatusCode: 
\ No newline at end of file
diff --git a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_0_Instance.verified.txt b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_0_Instance.verified.txt
new file mode 100644
index 0000000000..de697779b9
--- /dev/null
+++ b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_0_Instance.verified.txt
@@ -0,0 +1,127 @@
+{
+  HttpResponse: {
+    Version: 1.1,
+    Content: {
+      Headers: {
+        Content-Type: [
+          application/json; charset=utf-8
+        ]
+      }
+    },
+    StatusCode: Created,
+    ReasonPhrase: Created,
+    Headers: {
+      Date: <date>,
+      Server: [
+        Kestrel
+      ],
+      Cache-Control: [
+        no-store, no-cache
+      ],
+      Location: [
+        https://app:5005/ttd/basic/instances/501337/<instanceGuid>
+      ],
+      Transfer-Encoding: [
+        chunked
+      ],
+      Request-Context: [
+        appId=
+      ],
+      X-Frame-Options: [
+        deny
+      ],
+      X-Content-Type-Options: [
+        nosniff
+      ],
+      X-XSS-Protection: [
+        0
+      ],
+      Referrer-Policy: [
+        no-referrer
+      ]
+    },
+    TrailingHeaders: {},
+    RequestMessage: {
+      Version: 1.1,
+      Content: {
+        Headers: {
+          Content-Type: [
+            application/json
+          ],
+          Content-Length: [
+            189
+          ]
+        }
+      },
+      Method: {
+        Method: POST
+      },
+      RequestUri: http://local.altinn.cloud:<localtestPort>/ttd/basic/instances/create,
+      Headers: {
+        Authorization: [
+          Bearer <token>
+        ],
+        User-Agent: [
+          Altinn.App.Integration.Tests
+        ]
+      }
+    },
+    IsSuccessStatusCode: true
+  },
+  Response: {
+    Id: 501337/<instanceGuid>,
+    InstanceOwner: {
+      PartyId: 501337,
+      PersonNumber: 01039012345
+    },
+    AppId: ttd/basic,
+    Org: ttd,
+    SelfLinks: {
+      Apps: https://app:5005/ttd/basic/instances/501337/<instanceGuid>,
+      Platform: https://platform.local.altinn.cloud/storage/api/v1/instances/501337/<instanceGuid>
+    },
+    VisibleAfter: DateTime_1,
+    Process: {
+      Started: DateTime_2,
+      StartEvent: StartEvent_1,
+      CurrentTask: {
+        Flow: 2,
+        Started: DateTime_3,
+        ElementId: Task_1,
+        Name: Fyll ut og signer,
+        AltinnTaskType: signing,
+        FlowType: CompleteCurrentMoveToNext
+      }
+    },
+    Status: {
+      IsArchived: false,
+      IsSoftDeleted: false,
+      IsHardDeleted: false,
+      ReadStatus: Read
+    },
+    Data: [
+      {
+        Id: <dataElementId[0]>,
+        InstanceGuid: <instanceGuid>,
+        DataType: model,
+        ContentType: application/xml,
+        BlobStoragePath: ttd/basic/<instanceGuid>/data/<dataElementId[0]>,
+        SelfLinks: {
+          Apps: https://app:5005/ttd/basic/instances/501337/<instanceGuid>/data/<dataElementId[0]>,
+          Platform: https://platform./storage/api/v1/instances/501337/<instanceGuid>/data/<dataElementId[0]>
+        },
+        Size: 176,
+        Locked: false,
+        IsRead: true,
+        Created: DateTime_4,
+        CreatedBy: 1337,
+        LastChanged: DateTime_4,
+        LastChangedBy: 1337
+      }
+    ],
+    Created: DateTime_1,
+    CreatedBy: 1337,
+    LastChanged: DateTime_1,
+    LastChangedBy: 1337
+  }
+}
\ No newline at end of file
diff --git a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_1_ProcessNext.verified.txt b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_1_ProcessNext.verified.txt
new file mode 100644
index 0000000000..f4363ec74e
--- /dev/null
+++ b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_1_ProcessNext.verified.txt
@@ -0,0 +1,74 @@
+{
+  HttpResponse: {
+    Version: 1.1,
+    Content: {
+      Headers: {
+        Content-Type: [
+          application/json; charset=utf-8
+        ]
+      }
+    },
+    StatusCode: OK,
+    ReasonPhrase: OK,
+    Headers: {
+      Date: <date>,
+      Server: [
+        Kestrel
+      ],
+      Cache-Control: [
+        no-store, no-cache
+      ],
+      Transfer-Encoding: [
+        chunked
+      ],
+      Request-Context: [
+        appId=
+      ],
+      X-Frame-Options: [
+        deny
+      ],
+      X-Content-Type-Options: [
+        nosniff
+      ],
+      X-XSS-Protection: [
+        0
+      ],
+      Referrer-Policy: [
+        no-referrer
+      ]
+    },
+    TrailingHeaders: {},
+    RequestMessage: {
+      Version: 1.1,
+      Content: {
+        Headers: {
+          Content-Type: [
+            application/json
+          ],
+          Content-Length: [
+            41
+          ]
+        }
+      },
+      Method: {
+        Method: PUT
+      },
+      RequestUri: http://local.altinn.cloud:<localtestPort>/ttd/basic/instances/501337/<instanceGuid>/process/next,
+      Headers: {
+        Authorization: [
+          Bearer <token>
+        ],
+        User-Agent: [
+          Altinn.App.Integration.Tests
+        ]
+      }
+    },
+    IsSuccessStatusCode: true
+  },
+  Response: {
+    Started: DateTime_1,
+    StartEvent: StartEvent_1,
+    Ended: DateTime_2,
+    EndEvent: EndEvent_1
+  }
+}
\ No newline at end of file
diff --git a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_2_Download-Instance.verified.txt b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_2_Download-Instance.verified.txt
new file mode 100644
index 0000000000..962220380f
--- /dev/null
+++ b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_2_Download-Instance.verified.txt
@@ -0,0 +1,161 @@
+{
+  HttpResponse: {
+    Version: 1.1,
+    Content: {
+      Headers: {
+        Content-Type: [
+          application/json; charset=utf-8
+        ]
+      }
+    },
+    StatusCode: OK,
+    ReasonPhrase: OK,
+    Headers: {
+      Date: <date>,
+      Server: [
+        Kestrel
+      ],
+      Cache-Control: [
+        no-store, no-cache
+      ],
+      Transfer-Encoding: [
+        chunked
+      ],
+      Request-Context: [
+        appId=
+      ],
+      X-Frame-Options: [
+        deny
+      ],
+      X-Content-Type-Options: [
+        nosniff
+      ],
+      X-XSS-Protection: [
+        0
+      ],
+      Referrer-Policy: [
+        no-referrer
+      ]
+    },
+    TrailingHeaders: {},
+    RequestMessage: {
+      Version: 1.1,
+      Method: {
+        Method: GET
+      },
+      RequestUri: http://local.altinn.cloud:<localtestPort>/ttd/basic/instances/501337/<instanceGuid>,
+      Headers: {
+        Authorization: [
+          Bearer <token>
+        ],
+        User-Agent: [
+          Altinn.App.Integration.Tests
+        ]
+      }
+    },
+    IsSuccessStatusCode: true
+  },
+  Response: {
+    Id: 501337/<instanceGuid>,
+    InstanceOwner: {
+      PartyId: 501337,
+      PersonNumber: 01039012345
+    },
+    AppId: ttd/basic,
+    Org: ttd,
+    SelfLinks: {
+      Apps: https://app:5005/ttd/basic/instances/501337/<instanceGuid>,
+      Platform: https://platform.local.altinn.cloud/storage/api/v1/instances/501337/<instanceGuid>
+    },
+    VisibleAfter: DateTime_1,
+    Process: {
+      Started: DateTime_2,
+      StartEvent: StartEvent_1,
+      Ended: DateTime_3,
+      EndEvent: EndEvent_1
+    },
+    Status: {
+      IsArchived: true,
+      Archived: DateTime_3,
+      IsSoftDeleted: false,
+      IsHardDeleted: false,
+      ReadStatus: Read
+    },
+    Data: [
+      {
+        Id: <dataElementId[0]>,
+        InstanceGuid: <instanceGuid>,
+        DataType: model,
+        ContentType: application/xml,
+        BlobStoragePath: ttd/basic/<instanceGuid>/data/<dataElementId[0]>,
+        SelfLinks: {
+          Apps: https://app:5005/ttd/basic/instances/501337/<instanceGuid>/data/<dataElementId[0]>,
+          Platform: https://platform.local.altinn.cloud/storage/api/v1/instances/501337/<instanceGuid>/data/<dataElementId[0]>
+        },
+        Size: {Scrubbed},
+        Locked: true,
+        IsRead: true,
+        Created: DateTime_4,
+        CreatedBy: 1337,
+        LastChanged: DateTime_4,
+        LastChangedBy: 1337
+      },
+      {
+        Id: <dataElementId[1]>,
+        InstanceGuid: <instanceGuid>,
+        DataType: signatureInformation,
+        Filename: signatureInformation.json,
+        ContentType: application/json,
+        BlobStoragePath: ttd/basic/<instanceGuid>/data/<dataElementId[1]>,
+        SelfLinks: {
+          Apps: https://app:5005/ttd/basic/instances/501337/<instanceGuid>/data/<dataElementId[1]>,
+          Platform: https://platform.local.altinn.cloud/storage/api/v1/instances/501337/<instanceGuid>/data/<dataElementId[1]>
+        },
+        Size: {Scrubbed},
+        Locked: false,
+        IsRead: true,
+        References: [
+          {
+            Value: Task_1,
+            Relation: GeneratedFrom,
+            ValueType: Task
+          }
+        ],
+        Created: DateTime_5,
+        CreatedBy: 1337,
+        LastChanged: DateTime_5,
+        LastChangedBy: 1337
+      },
+      {
+        Id: <dataElementId[2]>,
+        InstanceGuid: <instanceGuid>,
+        DataType: ref-data-as-pdf,
+        Filename: basic.pdf,
+        ContentType: application/pdf,
+        BlobStoragePath: ttd/basic/<instanceGuid>/data/<dataElementId[2]>,
+        SelfLinks: {
+          Apps: https://app:5005/ttd/basic/instances/501337/<instanceGuid>/data/<dataElementId[2]>,
+          Platform: https://platform.local.altinn.cloud/storage/api/v1/instances/501337/<instanceGuid>/data/<dataElementId[2]>
+        },
+        Size: {Scrubbed},
+        Locked: false,
+        IsRead: true,
+        References: [
+          {
+            Value: Task_1,
+            Relation: GeneratedFrom,
+            ValueType: Task
+          }
+        ],
+        Created: DateTime_6,
+        CreatedBy: 1337,
+        LastChanged: DateTime_6,
+        LastChangedBy: 1337
+      }
+    ],
+    Created: DateTime_1,
+    CreatedBy: 1337,
+    LastChanged: DateTime_7,
+    LastChangedBy: 1337
+  }
+}
\ No newline at end of file
diff --git a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_3_Download-Data[0].verified.txt b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_3_Download-Data[0].verified.txt
new file mode 100644
index 0000000000..daec95db7d
--- /dev/null
+++ b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_3_Download-Data[0].verified.txt
@@ -0,0 +1,66 @@
+{
+  HttpResponse: {
+    Version: 1.1,
+    Content: {
+      Headers: {
+        Content-Type: [
+          application/json; charset=utf-8
+        ]
+      }
+    },
+    StatusCode: OK,
+    ReasonPhrase: OK,
+    Headers: {
+      Date: <date>,
+      Server: [
+        Kestrel
+      ],
+      Cache-Control: [
+        no-store, no-cache
+      ],
+      Transfer-Encoding: [
+        chunked
+      ],
+      Request-Context: [
+        appId=
+      ],
+      X-Frame-Options: [
+        deny
+      ],
+      X-Content-Type-Options: [
+        nosniff
+      ],
+      X-XSS-Protection: [
+        0
+      ],
+      Referrer-Policy: [
+        no-referrer
+      ]
+    },
+    TrailingHeaders: {},
+    RequestMessage: {
+      Version: 1.1,
+      Method: {
+        Method: GET
+      },
+      RequestUri: http://local.altinn.cloud:<localtestPort>/ttd/basic/instances/501337/<instanceGuid>/data/<dataElementId[0]>,
+      Headers: {
+        Authorization: [
+          Bearer <token>
+        ],
+        Accept: [
+          application/json
+        ],
+        User-Agent: [
+          Altinn.App.Integration.Tests
+        ]
+      }
+    },
+    IsSuccessStatusCode: true
+  },
+  Response: {
+    property1: 1,
+    property2: null,
+    property3: null
+  }
+}
\ No newline at end of file
diff --git a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_4_Download-Data[1].verified.txt b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_4_Download-Data[1].verified.txt
new file mode 100644
index 0000000000..8e094b6332
--- /dev/null
+++ b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_4_Download-Data[1].verified.txt
@@ -0,0 +1,82 @@
+{
+  HttpResponse: {
+    Version: 1.1,
+    Content: {
+      Headers: {
+        Content-Length: [
+          510
+        ],
+        Content-Type: [
+          application/json
+        ],
+        Content-Disposition: [
+          attachment; filename=signatureInformation.json; filename*=UTF-8''signatureInformation.json
+        ]
+      }
+    },
+    StatusCode: OK,
+    ReasonPhrase: OK,
+    Headers: {
+      Date: <date>,
+      Server: [
+        Kestrel
+      ],
+      Cache-Control: [
+        no-store, no-cache
+      ],
+      Request-Context: [
+        appId=
+      ],
+      X-Frame-Options: [
+        deny
+      ],
+      X-Content-Type-Options: [
+        nosniff
+      ],
+      X-XSS-Protection: [
+        0
+      ],
+      Referrer-Policy: [
+        no-referrer
+      ]
+    },
+    TrailingHeaders: {},
+    RequestMessage: {
+      Version: 1.1,
+      Method: {
+        Method: GET
+      },
+      RequestUri: http://local.altinn.cloud:<localtestPort>/ttd/basic/instances/501337/<instanceGuid>/data/<dataElementId[1]>,
+      Headers: {
+        Authorization: [
+          Bearer <token>
+        ],
+        Accept: [
+          application/json
+        ],
+        User-Agent: [
+          Altinn.App.Integration.Tests
+        ]
+      }
+    },
+    IsSuccessStatusCode: true
+  },
+  Response: {
+    id: <dataElementId[1]>,
+    instanceGuid: <instanceGuid>,
+    signedTime: DateTimeOffset_1,
+    signeeInfo: {
+      userId: 1337,
+      systemUserId: null,
+      personNumber: 01039012345,
+      organisationNumber: null
+    },
+    dataElementSignatures: [
+      {
+        dataElementId: <dataElementId[0]>,
+        sha256Hash: 9621bdd8df0f3c757f9a91f449e9cf32e2d6c77aca437c3a117c6b78b05343b7,
+        signed: true
+      }
+    ]
+  }
+}
\ No newline at end of file
diff --git a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_5_Download-PDF.verified.txt b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_5_Download-PDF.verified.txt
similarity index 94%
rename from test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_5_Download-PDF.verified.txt
rename to test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_5_Download-PDF.verified.txt
index 444df35334..971604494a 100644
--- a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=SystemUser_5_Download-PDF.verified.txt
+++ b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_5_Download-PDF.verified.txt
@@ -43,7 +43,7 @@
       Method: {
         Method: GET
       },
-      RequestUri: http://local.altinn.cloud:<localtestPort>/ttd/basic/instances/500700/<instanceGuid>/data/<dataElementId[2]>,
+      RequestUri: http://local.altinn.cloud:<localtestPort>/ttd/basic/instances/501337/<instanceGuid>/data/<dataElementId[2]>,
       Headers: {
         Authorization: [
           Bearer <token>
diff --git a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_6_Logs.verified.txt b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_6_Logs.verified.txt
new file mode 100644
index 0000000000..eb75bc91fc
--- /dev/null
+++ b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_6_Logs.verified.txt
@@ -0,0 +1,27 @@
+[basic/signing-simple] [INIT INFO] Fixture configuration updated
+[basic/signing-simple] [INFO] ### Request: Instances.PostSimplified - User: User/1337/501337, AuthLevel: 3, AuthMethod: BankID
+[basic/signing-simple] [INFO] IInstantiationValidator.Validate
+[basic/signing-simple] [INFO] IProcessTaskStart.Start
+[basic/signing-simple] [INFO] IInstantiationProcessor.DataCreation
+[basic/signing-simple] [INFO] ### Response: Instances.PostSimplified - CreatedResult, StatusCode: 201
+[basic/signing-simple] [INFO] ### Request: Process.NextElement - User: User/1337/501337, AuthLevel: 3, AuthMethod: BankID
+[basic/signing-simple] [INFO] IValidator.Validate
+[basic/signing-simple] [INFO] ITaskValidator.ValidateTask
+[basic/signing-simple] [INFO] IDataElementValidator.ValidateDataElement
+[basic/signing-simple] [INFO] IFormDataValidator.ValidateFormData
+[basic/signing-simple] [INFO] IProcessTaskEnd.End
+[basic/signing-simple] [INFO] IDataProcessor.ProcessDataRead
+[basic/signing-simple] [INFO] IExternalApiClient.GetExternalApiDataAsync
+[basic/signing-simple] [INFO] IProcessEnd.End
+[basic/signing-simple] [INFO] ### Response: Process.NextElement - OkObjectResult, StatusCode: 200
+[basic/signing-simple] [INFO] ### Request: Instances.Get - User: User/1337/501337, AuthLevel: 3, AuthMethod: BankID
+[basic/signing-simple] [INFO] ### Response: Instances.Get - OkObjectResult, StatusCode: 200
+[basic/signing-simple] [INFO] ### Request: ApplicationMetadata.GetAction - User: None/none, AuthLevel: 0, AuthMethod: none
+[basic/signing-simple] [INFO] ### Response: ApplicationMetadata.GetAction - OkObjectResult, StatusCode: 200
+[basic/signing-simple] [INFO] ### Request: Data.Get - User: User/1337/501337, AuthLevel: 3, AuthMethod: BankID
+[basic/signing-simple] [INFO] IDataProcessor.ProcessDataRead
+[basic/signing-simple] [INFO] ### Response: Data.Get - OkObjectResult, StatusCode: 200
+[basic/signing-simple] [INFO] ### Request: Data.Get - User: User/1337/501337, AuthLevel: 3, AuthMethod: BankID
+[basic/signing-simple] [INFO] ### Response: Data.Get - FileStreamResult, StatusCode: 
+[basic/signing-simple] [INFO] ### Request: Data.Get - User: User/1337/501337, AuthLevel: 3, AuthMethod: BankID
+[basic/signing-simple] [INFO] ### Response: Data.Get - FileStreamResult, StatusCode: 
\ No newline at end of file

From bbc13dd8fc3bd0012f990f6fb7b29f227a1746ee Mon Sep 17 00:00:00 2001
From: Martin Othamar <martin.othamar@digdir.no>
Date: Sun, 30 Nov 2025 11:43:41 +0100
Subject: [PATCH 3/3] sync from main + simplification PR

---
 test/Altinn.App.Integration.Tests/Signing/Simple.cs          | 5 ++++-
 ...impleTests.Full_auth=User_4_Download-Data[1].verified.txt | 2 +-
 .../SimpleTests.Full_auth=User_6_Logs.verified.txt           | 1 +
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/test/Altinn.App.Integration.Tests/Signing/Simple.cs b/test/Altinn.App.Integration.Tests/Signing/Simple.cs
index e3b588347c..e7693768cc 100644
--- a/test/Altinn.App.Integration.Tests/Signing/Simple.cs
+++ b/test/Altinn.App.Integration.Tests/Signing/Simple.cs
@@ -20,7 +20,10 @@ public enum Auth
 
     [Theory]
     [CombinatorialData]
-    public async Task Full([CombinatorialValues(Auth.User, Auth.SystemUser)] Auth auth)
+    // TODO: add back systemuser to auth parameter when it is supported in signing
+    // There are snapshots for it in _snapshots folder where you can see the issue, and there is a comment with some explanation
+    // on the PR that introduced this code
+    public async Task Full([CombinatorialValues(Auth.User)] Auth auth)
     {
         await using var fixtureScope = await _classFixture.Get(_output, TestApps.Basic, "signing-simple");
         var fixture = fixtureScope.Fixture;
diff --git a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_4_Download-Data[1].verified.txt b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_4_Download-Data[1].verified.txt
index 8e094b6332..0cc2f27404 100644
--- a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_4_Download-Data[1].verified.txt
+++ b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_4_Download-Data[1].verified.txt
@@ -4,7 +4,7 @@
     Content: {
       Headers: {
         Content-Length: [
-          510
+          511
         ],
         Content-Type: [
           application/json
diff --git a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_6_Logs.verified.txt b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_6_Logs.verified.txt
index eb75bc91fc..ddc5e073d0 100644
--- a/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_6_Logs.verified.txt
+++ b/test/Altinn.App.Integration.Tests/Signing/_snapshots/SimpleTests.Full_auth=User_6_Logs.verified.txt
@@ -1,4 +1,5 @@
 [basic/signing-simple] [INIT INFO] Fixture configuration updated
+[basic/signing-simple] [INIT INFO] Scenario 'signing-simple' specified but no services directory found at /App/scenario-overrides/services
 [basic/signing-simple] [INFO] ### Request: Instances.PostSimplified - User: User/1337/501337, AuthLevel: 3, AuthMethod: BankID
 [basic/signing-simple] [INFO] IInstantiationValidator.Validate
 [basic/signing-simple] [INFO] IProcessTaskStart.Start