diff --git a/pac4j-module/build.gradle b/pac4j-module/build.gradle
index 8bcee9cd9..8bdb9c5d6 100644
--- a/pac4j-module/build.gradle
+++ b/pac4j-module/build.gradle
@@ -1,5 +1,5 @@
 plugins {
-    id 'java'
+    id 'groovy'
     id 'com.palantir.docker' version '0.20.1'
     id 'jacoco'
     id 'org.springframework.boot' version '2.0.0.RELEASE' apply false
@@ -33,6 +33,11 @@ dependencies {
         exclude group: 'org.opensaml'
     }
 
+    testCompile project(':backend')
+    testCompile "org.springframework.boot:spring-boot-starter-test"
+    testCompile "org.spockframework:spock-core:1.1-groovy-2.4"
+    testCompile "org.spockframework:spock-spring:1.1-groovy-2.4"
+
     annotationProcessor "org.springframework.boot:spring-boot-configuration-processor"
 
     docker project(':backend')
diff --git a/pac4j-module/src/test/groovy/net/unicon/shibui/pac4j/AddNewUserFilterTests.groovy b/pac4j-module/src/test/groovy/net/unicon/shibui/pac4j/AddNewUserFilterTests.groovy
new file mode 100644
index 000000000..98c5e99f3
--- /dev/null
+++ b/pac4j-module/src/test/groovy/net/unicon/shibui/pac4j/AddNewUserFilterTests.groovy
@@ -0,0 +1,75 @@
+package net.unicon.shibui.pac4j
+
+import edu.internet2.tier.shibboleth.admin.ui.security.model.Role
+import edu.internet2.tier.shibboleth.admin.ui.security.model.User
+import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository
+import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository
+import edu.internet2.tier.shibboleth.admin.ui.service.EmailService
+import org.springframework.security.core.Authentication
+import org.springframework.security.core.context.SecurityContext
+import org.springframework.security.core.context.SecurityContextHolder
+import spock.lang.Specification
+import spock.lang.Subject
+
+import javax.servlet.FilterChain
+import javax.servlet.ServletRequest
+import javax.servlet.http.HttpServletResponse
+
+/**
+ * @author Bill Smith (wsmith@unicon.net)
+ */
+class AddNewUserFilterTests extends Specification {
+
+    UserRepository userRepository = Mock()
+    RoleRepository roleRepository = Mock()
+    EmailService emailService = Mock()
+
+    ServletRequest request = Mock()
+    HttpServletResponse response = Mock()
+    FilterChain chain = Mock()
+
+    SecurityContext securityContext = Mock()
+    Authentication authentication = Mock()
+
+    @Subject
+    AddNewUserFilter addNewUserFilter = new AddNewUserFilter(userRepository, roleRepository, emailService)
+
+    def setup() {
+        SecurityContextHolder.setContext(securityContext)
+        securityContext.getAuthentication() >> authentication
+    }
+
+    def "new users are redirected"() {
+        given:
+        authentication.getName() >> 'newUser'
+        userRepository.findByUsername('newUser') >> Optional.empty()
+        roleRepository.findByName('ROLE_NONE') >> Optional.of(new Role('ROLE_NONE'))
+
+        when:
+        addNewUserFilter.doFilter(request, response, chain)
+
+        then:
+        1 * roleRepository.save(_)
+        1 * userRepository.save(_)
+        1 * emailService.sendNewUserMail('newUser')
+        1 * response.sendRedirect("/static.html")
+    }
+
+    def "existing users are not redirected"() {
+        given:
+        authentication.getName() >> 'existingUser'
+        userRepository.findByUsername('existingUser') >> Optional.of(new User().with {
+            it.username = 'existingUser'
+            it.roles = [new Role('ROLE_USER')]
+            it
+        })
+
+        when:
+        addNewUserFilter.doFilter(request, response, chain)
+
+        then:
+        0 * roleRepository.save(_)
+        0 * userRepository.save(_)
+        1 * chain.doFilter(_, _)
+    }
+}