diff --git a/conf/init.sql b/conf/init.sql
index c5e088e..40cac7d 100644
--- a/conf/init.sql
+++ b/conf/init.sql
@@ -18,41 +18,44 @@ CREATE SCHEMA IF NOT EXISTS saml_sp ;
 GRANT USAGE ON SCHEMA saml_sp TO leicom ;
 GRANT ALL   ON SCHEMA saml_sp TO leicom ;
 
+-- general settings for the SAML Service Provider (SP)
 CREATE TABLE IF NOT EXISTS saml_sp.config (
-    id                          INT PRIMARY KEY NOT NULL DEFAULT 1    CHECK (id = 1)     , -- due to the architecture of eliona only one configuration (1 sso per instance) is possible
+    id                          INT PRIMARY KEY NOT NULL DEFAULT 1     CHECK (id = 1)    , -- due to the architecture of eliona only one configuration (1 sso per instance) is possible
     enable                      BOOLEAN         NOT NULL DEFAULT true                    ,
-    sp_certificate              TEXT            NOT NULL                                 ,
-    sp_private_key              TEXT            NOT NULL                                 ,
-    idp_metadata_url            TEXT                                                     ,
-    metadata_xml                TEXT                     DEFAULT NULL                    ,
-    own_url                     TEXT            NOT NULL                                 ,
-    user_to_archive             BOOLEAN         NOT NULL DEFAULT false                   ,
-    allow_initialization_by_idp BOOLEAN         NOT NULL DEFAULT false                   ,
-    signed_request              BOOLEAN         NOT NULL DEFAULT true                    ,
+    sp_certificate              TEXT            NOT NULL                                 , -- own cert
+    sp_private_key              TEXT            NOT NULL                                 , -- key to own cert
+    idp_metadata_url            TEXT                                                     , -- url where IdP's metadata can fetched
+    metadata_xml                TEXT                     DEFAULT NULL                    , -- if no url is avalable, insert metadata xml here
+    own_url                     TEXT            NOT NULL                                 , -- the own url e.g. https://my.eliona.xy
+    user_to_archive             BOOLEAN         NOT NULL DEFAULT false                   , -- put user to archive @ first login (do not allow login, if not verified by sys admin)
+    allow_initialization_by_idp BOOLEAN         NOT NULL DEFAULT false                   , -- if the IdP can initialize the login (means, no SAML request was issued by our sp)
+    signed_request              BOOLEAN         NOT NULL DEFAULT true                    , -- sign the SAML request
     force_authn                 BOOLEAN         NOT NULL DEFAULT false                   ,
     entity_id                   TEXT            NOT NULL DEFAULT '{ownUrl}/saml/metadata',
     cookie_secure               BOOLEAN         NOT NULL DEFAULT false                   ,
-    login_failed_url            TEXT            NOT NULL DEFAULT '{ownUrl}/noLogin'
+    login_failed_url            TEXT            NOT NULL DEFAULT '{ownUrl}/noLogin'        -- redirect url when a user login fails
 ) ;
 
+-- general settings for adding a user
 CREATE TABLE IF NOT EXISTS saml_sp.attribute_map ( -- SAML session attribute names.
     id              INT PRIMARY KEY NOT NULL DEFAULT 1 REFERENCES saml_sp.config(id) ON UPDATE CASCADE          ,
-    email           TEXT            NOT NULL DEFAULT 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn',
+    email           TEXT            NOT NULL DEFAULT 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn', -- SAML attribute email and login
     first_name      TEXT                     DEFAULT NULL                                                       ,
     last_name       TEXT                     DEFAULT NULL                                                       ,
     phone           TEXT                     DEFAULT NULL
 ) ;
 
+-- settings for define users permissions
 CREATE TABLE IF NOT EXISTS saml_sp.permissions (
     id                          INT PRIMARY KEY NOT NULL DEFAULT 1 REFERENCES saml_sp.config(id) ON UPDATE CASCADE,
-    default_system_role         TEXT            NOT NULL DEFAULT 'System user'                                          , -- reference to is maybe a bad idea (due to the new ACL)
-    default_proj_role           TEXT            NOT NULL DEFAULT 'Project user'                                         , -- can be the role name or role id
-    default_language            TEXT            NOT NULL DEFAULT 'en'                                                   ,
-    system_role_saml_attribute  TEXT                                                                                    ,
-    system_role_map             JSON                                                                                    , -- e.g. {"firm xy-Admin":"System admin", ...}
-    proj_role_saml_attribute    TEXT                                                                                    ,
-    proj_role_map               JSON                                                                                    ,
-    language_saml_attribute     TEXT                                                                                    ,
-    language_map                JSON                                                                                    , -- e.g. {"Sprache:Deutsch":"de", "Sprache:Englisch":"en"}
+    default_system_role         TEXT            NOT NULL DEFAULT 'System user'                                    , -- reference to is maybe a bad idea (due to the new ACL)
+    default_proj_role           TEXT            NOT NULL DEFAULT 'Project user'                                   , -- can be the role display name or role id
+    default_language            TEXT            NOT NULL DEFAULT 'en'                                             , -- see constraint
+    system_role_saml_attribute  TEXT                                                                              , -- attribute that contains the system roles which should be mapped
+    system_role_map             JSON                                                                              , -- e.g. {"firm xy-Admin":"System admin", ...}
+    proj_role_saml_attribute    TEXT                                                                              , -- attribute that contains the project roles which should be mapped
+    proj_role_map               JSON                                                                              , -- e.g. {"firm xy-Employee":"Project user", ...}
+    language_saml_attribute     TEXT                                                                              , -- attribute that contains the users language which should be mapped
+    language_map                JSON                                                                              , -- e.g. {"Sprache:Deutsch":"de", "Sprache:Englisch":"en"}
     CONSTRAINT chk_language CHECK (default_language IN ('en', 'de', 'it', 'fr'))
 ) ;
diff --git a/utils/testing.go b/utils/testing.go
index 3ae1133..ad4a8c5 100644
--- a/utils/testing.go
+++ b/utils/testing.go
@@ -78,6 +78,9 @@ func CreateRandomApiPermissions() apiserver.Permissions {
 		SystemRoleMap:           nil, // ToDo
 		ProjRoleSamlAttribute:   nil, // ToDo
 		ProjRoleMap:             nil, // ToDo
+		DefaultLanguage:         "en",
+		LanguageSamlAttribute:   nil, // ToDo
+		LanguageMap:             nil, // ToDo
 	}
 
 	if RandomBoolean() {