diff --git a/token-checker-server/src/main/java/de/ozgcloud/token/saml/SamlAttributeService.java b/token-checker-server/src/main/java/de/ozgcloud/token/saml/SamlAttributeService.java
index a62ce6cb39d523e132699a09c44b6ae022eb181f..a97cd380b7f47102ac2f7bdf3cd7146e64109ff3 100644
--- a/token-checker-server/src/main/java/de/ozgcloud/token/saml/SamlAttributeService.java
+++ b/token-checker-server/src/main/java/de/ozgcloud/token/saml/SamlAttributeService.java
@@ -26,7 +26,6 @@ package de.ozgcloud.token.saml;
 
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
@@ -63,8 +62,6 @@ import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
 @Builder
 public class SamlAttributeService {
 
-	private static final String ID_AS_POSTFACH_ID_KEY = "OZG_CLOUD_POSTFACH_ID";
-
 	private final SignatureTrustEngine signatureTrustEngine;
 	private final Decrypter decrypter;
 	private final SAMLSignatureProfileValidator profileValidator;
@@ -152,26 +149,29 @@ public class SamlAttributeService {
 	}
 
 	TokenAttributes buildTokenAttributes(Map<String, String> tokenAttributes, Response token) {
-		var result = TokenAttributes.builder().postfachId(getPostfachId(tokenAttributes, token)).trustLevel(getTrustLevel(tokenAttributes));
-		tokenAttributes.entrySet().stream().filter(this::isNotMappedField).map(this::buildTokenAttribute).forEach(result::otherAttribute);
-		return result.build();
+		var tokenAttributesBuilder = TokenAttributes.builder().postfachId(getPostfachId(tokenAttributes, token))
+				.trustLevel(getTrustLevel(tokenAttributes));
+		tokenAttributes.entrySet().stream().filter(this::isNotMappedField).map(this::buildTokenAttribute)
+				.forEach(tokenAttributesBuilder::otherAttribute);
+		return tokenAttributesBuilder.build();
 	}
 
 	String getPostfachId(Map<String, String> tokenAttributes, Response token) {
-		return tokenValidationProperty.isUseIdAsPostfachId() ? token.getID() : getMappedValue(tokenAttributes, TokenAttributes.POSTFACH_ID_KEY);
+		return tokenValidationProperty.isUseIdAsPostfachId() ? token.getID() : getValue(tokenAttributes, TokenAttributes.POSTFACH_ID_KEY);
 	}
 
 	String getTrustLevel(Map<String, String> tokenAttributes) {
-		return getMappedValue(tokenAttributes, TokenAttributes.TRUST_LEVEL_KEY);
+		return getValue(tokenAttributes, TokenAttributes.TRUST_LEVEL_KEY);
 	}
 
-	String getMappedValue(Map<String, String> tokenAttributes, String key) {
+	String getValue(Map<String, String> tokenAttributes, String key) {
 		var mappedKey = tokenValidationProperty.getMappings().getOrDefault(key, key);
 		return tokenAttributes.get(mappedKey);
 	}
 
 	boolean isNotMappedField(Map.Entry<String, String> attributeEntry) {
-		return !tokenValidationProperty.getMappings().containsValue(attributeEntry.getKey());
+		var mappedKey = tokenValidationProperty.getMappings().get(attributeEntry.getKey());
+		return !StringUtils.equalsAny(mappedKey, TokenAttributes.POSTFACH_ID_KEY, TokenAttributes.TRUST_LEVEL_KEY);
 	}
 
 	TokenAttribute buildTokenAttribute(Map.Entry<String, String> attribute) {
diff --git a/token-checker-server/src/test/java/de/ozgcloud/token/saml/SamlAttributeServiceTest.java b/token-checker-server/src/test/java/de/ozgcloud/token/saml/SamlAttributeServiceTest.java
index f5e1b1abb503f357700a849471afd5706340c372..829eca0d367e454d669a44ccb6d0846e1154dda9 100644
--- a/token-checker-server/src/test/java/de/ozgcloud/token/saml/SamlAttributeServiceTest.java
+++ b/token-checker-server/src/test/java/de/ozgcloud/token/saml/SamlAttributeServiceTest.java
@@ -747,17 +747,19 @@ class SamlAttributeServiceTest {
 			assertThat(result).isTrue();
 		}
 
-		@Test
-		void shouldReturnFalseWhenMapped() {
-			when(tokenValidationProperty.getMappings()).thenReturn(Map.of(KEY, TokenAttributeTestFactory.NAME));
+		@DisplayName("should return false when")
+		@ParameterizedTest(name = "key is {0}")
+		@ValueSource(strings = { TokenAttributes.POSTFACH_ID_KEY, TokenAttributes.TRUST_LEVEL_KEY })
+		void shouldReturnFalseWhenMapped(String mappedKey) {
+			when(tokenValidationProperty.getMappings()).thenReturn(Map.of(KEY, mappedKey));
 
-			var result = service.isNotMappedField(Map.entry(TokenAttributeTestFactory.NAME, TokenAttributeTestFactory.VALUE));
+			var result = isNotMappedField();
 
 			assertThat(result).isFalse();
 		}
 
 		private boolean isNotMappedField() {
-			return service.isNotMappedField(Map.entry(TokenAttributeTestFactory.NAME, TokenAttributeTestFactory.VALUE));
+			return service.isNotMappedField(Map.entry(KEY, TokenAttributeTestFactory.VALUE));
 		}
 	}