From 6196c8584246012310842e98d06abd70302c16aa Mon Sep 17 00:00:00 2001
From: Ionut Balutoiu <ibalutoiu@cloudbasesolutions.com>
Date: Fri, 8 Jan 2021 18:12:55 +0000
Subject: [PATCH] Add multi-backend testing

Use the Juju charm https://jaas.ai/u/ionutbalutoiu/test-saml-idp to deploy two local
SAML-based IdPs, and link them to two instances of the keystone-saml-mellon.

The corresponding Zaza tests will validate that Keystone is properly
setup with the multi-backend pointing to our local IdPs.

Change-Id: I926941e47966330f079929156cdbefd03b00eb64
Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/480
---
 src/tests/bundles/bionic-queens-ha.yaml   |  40 ++++++-
 src/tests/bundles/focal-ussuri-ha.yaml    |  41 +++++++-
 src/tests/bundles/focal-victoria-ha.yaml  |  41 +++++++-
 src/tests/bundles/groovy-victoria-ha.yaml |  41 +++++++-
 src/tests/bundles/samltest.xml            | 123 ----------------------
 src/tests/tests.yaml                      |  20 +++-
 6 files changed, 159 insertions(+), 147 deletions(-)
 delete mode 100644 src/tests/bundles/samltest.xml

diff --git a/src/tests/bundles/bionic-queens-ha.yaml b/src/tests/bundles/bionic-queens-ha.yaml
index b840193..a5f7777 100644
--- a/src/tests/bundles/bionic-queens-ha.yaml
+++ b/src/tests/bundles/bionic-queens-ha.yaml
@@ -60,7 +60,9 @@ relations:
 - - ntp:juju-info
   - neutron-gateway:juju-info
 - - keystone
-  - keystone-saml-mellon
+  - keystone-saml-mellon1
+- - keystone
+  - keystone-saml-mellon2
 - - vault:shared-db
   - mysql:shared-db
 - - vault:certificates
@@ -70,7 +72,9 @@ relations:
 - - vault:certificates
   - openstack-dashboard:certificates
 - - openstack-dashboard
-  - keystone-saml-mellon
+  - keystone-saml-mellon1
+- - openstack-dashboard
+  - keystone-saml-mellon2
 - - keystone:websso-trusted-dashboard
   - openstack-dashboard:websso-trusted-dashboard
 - - vault:certificates
@@ -142,13 +146,39 @@ services:
   vault:
     num_units: 1
     charm: cs:~openstack-charmers-next/vault
-  keystone-saml-mellon:
+  keystone-saml-mellon1:
     series: bionic
     charm: ../../../keystone-saml-mellon
     num_units: 0
     options:
-      idp-name: 'samltest'
+      idp-name: 'test-saml-idp1'
       protocol-name: 'mapped'
-      user-facing-name: "samltest.id"
+      user-facing-name: "Test SAML IDP #1"
       subject-confirmation-data-address-check: False
       nameid-formats: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+  test-saml-idp1:
+    charm: cs:~ionutbalutoiu/test-saml-idp
+    num_units: 1
+    options:
+      idp-name: 'test-saml-idp1'
+      protocol-name: 'mapped'
+      auth-user-name: 'user1'
+      auth-user-password: 'userpass1'
+  keystone-saml-mellon2:
+    series: bionic
+    charm: ../../../keystone-saml-mellon
+    num_units: 0
+    options:
+      idp-name: 'test-saml-idp2'
+      protocol-name: 'mapped'
+      user-facing-name: "Test SAML IDP #2"
+      subject-confirmation-data-address-check: False
+      nameid-formats: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+  test-saml-idp2:
+    charm: cs:~ionutbalutoiu/test-saml-idp
+    num_units: 1
+    options:
+      idp-name: 'test-saml-idp2'
+      protocol-name: 'mapped'
+      auth-user-name: 'user2'
+      auth-user-password: 'userpass2'
diff --git a/src/tests/bundles/focal-ussuri-ha.yaml b/src/tests/bundles/focal-ussuri-ha.yaml
index 1768c46..1fbb13f 100644
--- a/src/tests/bundles/focal-ussuri-ha.yaml
+++ b/src/tests/bundles/focal-ussuri-ha.yaml
@@ -169,16 +169,43 @@ applications:
     to:
       - '18'
 
-  keystone-saml-mellon:
+  keystone-saml-mellon1:
     series: focal
     charm: ../../../keystone-saml-mellon
     num_units: 0
     options:
-      idp-name: 'samltest'
+      idp-name: 'test-saml-idp1'
       protocol-name: 'mapped'
-      user-facing-name: "samltest.id"
+      user-facing-name: "Test SAML IDP #1"
       subject-confirmation-data-address-check: False
       nameid-formats: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+  test-saml-idp1:
+    charm: cs:~ionutbalutoiu/test-saml-idp
+    num_units: 1
+    options:
+      idp-name: 'test-saml-idp1'
+      protocol-name: 'mapped'
+      auth-user-name: 'user1'
+      auth-user-password: 'userpass1'
+
+  keystone-saml-mellon2:
+    series: focal
+    charm: ../../../keystone-saml-mellon
+    num_units: 0
+    options:
+      idp-name: 'test-saml-idp2'
+      protocol-name: 'mapped'
+      user-facing-name: "Test SAML IDP #2"
+      subject-confirmation-data-address-check: False
+      nameid-formats: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+  test-saml-idp2:
+    charm: cs:~ionutbalutoiu/test-saml-idp
+    num_units: 1
+    options:
+      idp-name: 'test-saml-idp2'
+      protocol-name: 'mapped'
+      auth-user-name: 'user2'
+      auth-user-password: 'userpass2'
 
   keystone-hacluster:
     charm: cs:~openstack-charmers-next/hacluster
@@ -298,7 +325,9 @@ relations:
     - 'neutron-gateway:juju-info'
 
   - - 'keystone'
-    - 'keystone-saml-mellon'
+    - 'keystone-saml-mellon1'
+  - - 'keystone'
+    - 'keystone-saml-mellon2'
 
   - - 'vault:shared-db'
     - 'vault-mysql-router:shared-db'
@@ -315,7 +344,9 @@ relations:
     - 'openstack-dashboard:certificates'
 
   - - 'openstack-dashboard'
-    - 'keystone-saml-mellon'
+    - 'keystone-saml-mellon1'
+  - - 'openstack-dashboard'
+    - 'keystone-saml-mellon2'
 
   - - 'keystone:websso-trusted-dashboard'
     - 'openstack-dashboard:websso-trusted-dashboard'
diff --git a/src/tests/bundles/focal-victoria-ha.yaml b/src/tests/bundles/focal-victoria-ha.yaml
index f9f35fd..c4812ca 100644
--- a/src/tests/bundles/focal-victoria-ha.yaml
+++ b/src/tests/bundles/focal-victoria-ha.yaml
@@ -169,16 +169,43 @@ applications:
     to:
       - '18'
 
-  keystone-saml-mellon:
+  keystone-saml-mellon1:
     series: focal
     charm: ../../../keystone-saml-mellon
     num_units: 0
     options:
-      idp-name: 'samltest'
+      idp-name: 'test-saml-idp1'
       protocol-name: 'mapped'
-      user-facing-name: "samltest.id"
+      user-facing-name: "Test SAML IDP #1"
       subject-confirmation-data-address-check: False
       nameid-formats: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+  test-saml-idp1:
+    charm: cs:~ionutbalutoiu/test-saml-idp
+    num_units: 1
+    options:
+      idp-name: 'test-saml-idp1'
+      protocol-name: 'mapped'
+      auth-user-name: 'user1'
+      auth-user-password: 'userpass1'
+
+  keystone-saml-mellon2:
+    series: focal
+    charm: ../../../keystone-saml-mellon
+    num_units: 0
+    options:
+      idp-name: 'test-saml-idp2'
+      protocol-name: 'mapped'
+      user-facing-name: "Test SAML IDP #2"
+      subject-confirmation-data-address-check: False
+      nameid-formats: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+  test-saml-idp2:
+    charm: cs:~ionutbalutoiu/test-saml-idp
+    num_units: 1
+    options:
+      idp-name: 'test-saml-idp2'
+      protocol-name: 'mapped'
+      auth-user-name: 'user2'
+      auth-user-password: 'userpass2'
 
   keystone-hacluster:
     charm: cs:~openstack-charmers-next/hacluster
@@ -298,7 +325,9 @@ relations:
     - 'neutron-gateway:juju-info'
 
   - - 'keystone'
-    - 'keystone-saml-mellon'
+    - 'keystone-saml-mellon1'
+  - - 'keystone'
+    - 'keystone-saml-mellon2'
 
   - - 'vault:shared-db'
     - 'vault-mysql-router:shared-db'
@@ -315,7 +344,9 @@ relations:
     - 'openstack-dashboard:certificates'
 
   - - 'openstack-dashboard'
-    - 'keystone-saml-mellon'
+    - 'keystone-saml-mellon1'
+  - - 'openstack-dashboard'
+    - 'keystone-saml-mellon2'
 
   - - 'keystone:websso-trusted-dashboard'
     - 'openstack-dashboard:websso-trusted-dashboard'
diff --git a/src/tests/bundles/groovy-victoria-ha.yaml b/src/tests/bundles/groovy-victoria-ha.yaml
index 9952b08..f6f603f 100644
--- a/src/tests/bundles/groovy-victoria-ha.yaml
+++ b/src/tests/bundles/groovy-victoria-ha.yaml
@@ -169,16 +169,43 @@ applications:
     to:
       - '18'
 
-  keystone-saml-mellon:
+  keystone-saml-mellon1:
     series: groovy
     charm: ../../../keystone-saml-mellon
     num_units: 0
     options:
-      idp-name: 'samltest'
+      idp-name: 'test-saml-idp1'
       protocol-name: 'mapped'
-      user-facing-name: "samltest.id"
+      user-facing-name: "Test SAML IDP #1"
       subject-confirmation-data-address-check: False
       nameid-formats: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+  test-saml-idp1:
+    charm: cs:~ionutbalutoiu/test-saml-idp
+    num_units: 1
+    options:
+      idp-name: 'test-saml-idp1'
+      protocol-name: 'mapped'
+      auth-user-name: 'user1'
+      auth-user-password: 'userpass1'
+
+  keystone-saml-mellon2:
+    series: groovy
+    charm: ../../../keystone-saml-mellon
+    num_units: 0
+    options:
+      idp-name: 'test-saml-idp2'
+      protocol-name: 'mapped'
+      user-facing-name: "Test SAML IDP #2"
+      subject-confirmation-data-address-check: False
+      nameid-formats: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+  test-saml-idp2:
+    charm: cs:~ionutbalutoiu/test-saml-idp
+    num_units: 1
+    options:
+      idp-name: 'test-saml-idp2'
+      protocol-name: 'mapped'
+      auth-user-name: 'user2'
+      auth-user-password: 'userpass2'
 
   keystone-hacluster:
     charm: cs:~openstack-charmers-next/hacluster
@@ -298,7 +325,9 @@ relations:
     - 'neutron-gateway:juju-info'
 
   - - 'keystone'
-    - 'keystone-saml-mellon'
+    - 'keystone-saml-mellon1'
+  - - 'keystone'
+    - 'keystone-saml-mellon2'
 
   - - 'vault:shared-db'
     - 'vault-mysql-router:shared-db'
@@ -315,7 +344,9 @@ relations:
     - 'openstack-dashboard:certificates'
 
   - - 'openstack-dashboard'
-    - 'keystone-saml-mellon'
+    - 'keystone-saml-mellon1'
+  - - 'openstack-dashboard'
+    - 'keystone-saml-mellon2'
 
   - - 'keystone:websso-trusted-dashboard'
     - 'openstack-dashboard:websso-trusted-dashboard'
diff --git a/src/tests/bundles/samltest.xml b/src/tests/bundles/samltest.xml
deleted file mode 100644
index c658915..0000000
--- a/src/tests/bundles/samltest.xml
+++ /dev/null
@@ -1,123 +0,0 @@
-<!-- The entity describing the SAMLtest IdP, named by the entityID below --> 
-
-<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="SAMLtestIdP" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://samltest.id/saml/idp">
-
-    <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-
-        <Extensions>
-<!-- An enumeration of the domains this IdP is able to assert scoped attributes, which are
-typically those with a @ delimiter, like mail.  Most IdP's serve only a single domain.  It's crucial
-for the SP to check received attribute values match permitted domains to prevent a recognized IdP from 
-sending attribute values for which a different recognized IdP is authoritative. -->
-            <shibmd:Scope regexp="false">samltest.id</shibmd:Scope>
-
-<!-- Display information about this IdP that can be used by SP's and discovery
-services to identify the IdP meaningfully for end users --> 
-            <mdui:UIInfo>
-                <mdui:DisplayName xml:lang="en">SAMLtest IdP</mdui:DisplayName>
-                <mdui:Description xml:lang="en">A free and basic IdP for testing SAML deployments</mdui:Description>
-                <mdui:Logo height="90" width="225">https://samltest.id/saml/logo.png</mdui:Logo>
-            </mdui:UIInfo>
-        </Extensions>
-
-        <KeyDescriptor use="signing">
-            <ds:KeyInfo>
-                    <ds:X509Data>
-                        <ds:X509Certificate>
-MIIDETCCAfmgAwIBAgIUZRpDhkNKl5eWtJqk0Bu1BgTTargwDQYJKoZIhvcNAQEL
-BQAwFjEUMBIGA1UEAwwLc2FtbHRlc3QuaWQwHhcNMTgwODI0MjExNDEwWhcNMzgw
-ODI0MjExNDEwWjAWMRQwEgYDVQQDDAtzYW1sdGVzdC5pZDCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAJrh9/PcDsiv3UeL8Iv9rf4WfLPxuOm9W6aCntEA
-8l6c1LQ1Zyrz+Xa/40ZgP29ENf3oKKbPCzDcc6zooHMji2fBmgXp6Li3fQUzu7yd
-+nIC2teejijVtrNLjn1WUTwmqjLtuzrKC/ePoZyIRjpoUxyEMJopAd4dJmAcCq/K
-k2eYX9GYRlqvIjLFoGNgy2R4dWwAKwljyh6pdnPUgyO/WjRDrqUBRFrLQJorR2kD
-c4seZUbmpZZfp4MjmWMDgyGM1ZnR0XvNLtYeWAyt0KkSvFoOMjZUeVK/4xR74F8e
-8ToPqLmZEg9ZUx+4z2KjVK00LpdRkH9Uxhh03RQ0FabHW6UCAwEAAaNXMFUwHQYD
-VR0OBBYEFJDbe6uSmYQScxpVJhmt7PsCG4IeMDQGA1UdEQQtMCuCC3NhbWx0ZXN0
-LmlkhhxodHRwczovL3NhbWx0ZXN0LmlkL3NhbWwvaWRwMA0GCSqGSIb3DQEBCwUA
-A4IBAQBNcF3zkw/g51q26uxgyuy4gQwnSr01Mhvix3Dj/Gak4tc4XwvxUdLQq+jC
-cxr2Pie96klWhY/v/JiHDU2FJo9/VWxmc/YOk83whvNd7mWaNMUsX3xGv6AlZtCO
-L3JhCpHjiN+kBcMgS5jrtGgV1Lz3/1zpGxykdvS0B4sPnFOcaCwHe2B9SOCWbDAN
-JXpTjz1DmJO4ImyWPJpN1xsYKtm67Pefxmn0ax0uE2uuzq25h0xbTkqIQgJzyoE/
-DPkBFK1vDkMfAW11dQ0BXatEnW7Gtkc0lh2/PIbHWj4AzxYMyBf5Gy6HSVOftwjC
-voQR2qr2xJBixsg+MIORKtmKHLfU
-                        </ds:X509Certificate>
-                    </ds:X509Data>
-            </ds:KeyInfo>
-
-        </KeyDescriptor>
-        <KeyDescriptor use="signing">
-            <ds:KeyInfo>
-                    <ds:X509Data>
-                        <ds:X509Certificate>
-MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEB
-CwUAMBYxFDASBgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4
-MDgyNDIxMTQwOVowFjEUMBIGA1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFKs71ufbQwoQoW7qkNAJRIANGA4iM0
-ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyjxj0uJ4lArgkr4AOE
-jj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVNc1kl
-bN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF
-/cL5fOpdVa54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8n
-spXiH/MZW8o2cqWRkrw3MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0G
-A1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE4k2ZNTA0BgNVHREELTArggtzYW1sdGVz
-dC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lkcDANBgkqhkiG9w0BAQsF
-AAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3YaMb2RSn
-7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHT
-TNiLArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nbl
-D1JJKSQ3AdhxK/weP3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcU
-ZOpx4swtgGdeoSpeRyrtMvRwdcciNBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu
-3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==
-                        </ds:X509Certificate>
-                    </ds:X509Data>
-            </ds:KeyInfo>
-
-        </KeyDescriptor>
-        <KeyDescriptor use="encryption">
-            <ds:KeyInfo>
-                    <ds:X509Data>
-                        <ds:X509Certificate>
-MIIDEjCCAfqgAwIBAgIVAPVbodo8Su7/BaHXUHykx0Pi5CFaMA0GCSqGSIb3DQEB
-CwUAMBYxFDASBgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4
-MDgyNDIxMTQwOVowFjEUMBIGA1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQCQb+1a7uDdTTBBFfwOUun3IQ9nEuKM98SmJDWa
-MwM877elswKUTIBVh5gB2RIXAPZt7J/KGqypmgw9UNXFnoslpeZbA9fcAqqu28Z4
-sSb2YSajV1ZgEYPUKvXwQEmLWN6aDhkn8HnEZNrmeXihTFdyr7wjsLj0JpQ+VUlc
-4/J+hNuU7rGYZ1rKY8AA34qDVd4DiJ+DXW2PESfOu8lJSOteEaNtbmnvH8KlwkDs
-1NvPTsI0W/m4SK0UdXo6LLaV8saIpJfnkVC/FwpBolBrRC/Em64UlBsRZm2T89ca
-uzDee2yPUvbBd5kLErw+sC7i4xXa2rGmsQLYcBPhsRwnmBmlAgMBAAGjVzBVMB0G
-A1UdDgQWBBRZ3exEu6rCwRe5C7f5QrPcAKRPUjA0BgNVHREELTArggtzYW1sdGVz
-dC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lkcDANBgkqhkiG9w0BAQsF
-AAOCAQEABZDFRNtcbvIRmblnZItoWCFhVUlq81ceSQddLYs8DqK340//hWNAbYdj
-WcP85HhIZnrw6NGCO4bUipxZXhiqTA/A9d1BUll0vYB8qckYDEdPDduYCOYemKkD
-dmnHMQWs9Y6zWiYuNKEJ9mf3+1N8knN/PK0TYVjVjXAf2CnOETDbLtlj6Nqb8La3
-sQkYmU+aUdopbjd5JFFwbZRaj6KiHXHtnIRgu8sUXNPrgipUgZUOVhP0C0N5OfE4
-JW8ZBrKgQC/6vJ2rSa9TlzI6JAa5Ww7gMXMP9M+cJUNQklcq+SBnTK8G+uBHgPKR
-zBDsMIEzRtQZm4GIoHJae4zmnCekkQ==
-                        </ds:X509Certificate>
-                    </ds:X509Data>
-            </ds:KeyInfo>
-
-        </KeyDescriptor>
-
-
-<!-- A set of endpoints where the IdP can receive logout messages. These must match the public
-facing addresses if this IdP is hosted behind a reverse proxy.  --> 
-        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://samltest.id/idp/profile/SAML2/Redirect/SLO"/>
-        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://samltest.id/idp/profile/SAML2/POST/SLO"/>
-        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://samltest.id/idp/profile/SAML2/POST-SimpleSign/SLO"/>
-
-<!-- An endpoint for artifact resolution.  Please see Wikipedia for more details about SAML
-     artifacts and when you may find them useful. -->
-
-        <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://samltest.id/idp/profile/SAML2/SOAP/ArtifactResolution" index="1" />
-
-<!-- A set of endpoints the SP can send AuthnRequests to in order to trigger user authentication. -->
-        <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://samltest.id/idp/profile/Shibboleth/SSO"/>
-        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://samltest.id/idp/profile/SAML2/POST/SSO"/>
-        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://samltest.id/idp/profile/SAML2/POST-SimpleSign/SSO"/>
-        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://samltest.id/idp/profile/SAML2/Redirect/SSO"/>
-        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://samltest.id/idp/profile/SAML2/SOAP/ECP"/>
-
-    </IDPSSODescriptor>
-
-</EntityDescriptor>
diff --git a/src/tests/tests.yaml b/src/tests/tests.yaml
index 201d646..e788132 100644
--- a/src/tests/tests.yaml
+++ b/src/tests/tests.yaml
@@ -11,16 +11,19 @@ gate_bundles:
 
 configure:
 - zaza.openstack.charm_tests.vault.setup.auto_initialize
-- zaza.openstack.charm_tests.saml_mellon.setup.attach_saml_resources
+- zaza.openstack.charm_tests.saml_mellon.setup.attach_saml_resources_idp1
+- zaza.openstack.charm_tests.saml_mellon.setup.attach_saml_resources_idp2
 - zaza.openstack.charm_tests.keystone.setup.add_demo_user
 - zaza.openstack.charm_tests.glance.setup.add_lts_image
 - zaza.openstack.charm_tests.nova.setup.create_flavors
 - zaza.openstack.charm_tests.nova.setup.manage_ssh_key
 - zaza.openstack.charm_tests.neutron.setup.basic_overcloud_network
-- zaza.openstack.charm_tests.saml_mellon.setup.keystone_federation_setup
+- zaza.openstack.charm_tests.saml_mellon.setup.keystone_federation_setup_idp1
+- zaza.openstack.charm_tests.saml_mellon.setup.keystone_federation_setup_idp2
 
 tests:
-- zaza.openstack.charm_tests.saml_mellon.tests.CharmKeystoneSAMLMellonTest
+- zaza.openstack.charm_tests.saml_mellon.tests.CharmKeystoneSAMLMellonIDP1Test
+- zaza.openstack.charm_tests.saml_mellon.tests.CharmKeystoneSAMLMellonIDP2Test
 - zaza.openstack.charm_tests.keystone.tests.AuthenticationAuthorizationTest
 
 target_deploy_status:
@@ -30,9 +33,18 @@ target_deploy_status:
   vault:
     workload-status: blocked
     workload-status-message: Vault needs to be initialized
-  keystone-saml-mellon:
+  keystone-saml-mellon1:
     workload-status: blocked
     workload-status-message: "Configuration is incomplete. idp-metadata: idp-metadata resource has not been provided,sp-signing-keyinfo: sp-signing-keyinfo resource has not been provided,sp-private-key: sp-private-key resource has not been provided"
+  test-saml-idp1:
+    workload-status: blocked
+    workload-status-message: "sp-metadata resource is not a well-formed xml file"
+  keystone-saml-mellon2:
+    workload-status: blocked
+    workload-status-message: "Configuration is incomplete. idp-metadata: idp-metadata resource has not been provided,sp-signing-keyinfo: sp-signing-keyinfo resource has not been provided,sp-private-key: sp-private-key resource has not been provided"
+  test-saml-idp2:
+    workload-status: blocked
+    workload-status-message: "sp-metadata resource is not a well-formed xml file"
 
 tests_options:
   force_deploy: