diff --git a/tests/test_33_identifier.py b/tests/test_33_identifier.py
new file mode 100644
index 0000000..9f2b292
--- /dev/null
+++ b/tests/test_33_identifier.py
@@ -0,0 +1,143 @@
+#!/usr/bin/env python
+
+from saml2 import samlp
+from saml2.saml import NAMEID_FORMAT_PERSISTENT, NAMEID_FORMAT_TRANSIENT
+from saml2.config import Config
+from saml2.server import Identifier
+from saml2.assertion import Policy
+
+
+def _eq(l1,l2):
+ return set(l1) == set(l2)
+
+CONFIG = Config().load({
+ "entityid" : "urn:mace:example.com:idp:2",
+ "service": {
+ "idp": {
+ "url" : "http://idp.example.org/",
+ "name" : "test",
+ "assertions": {
+ "default": {
+ "lifetime": {"minutes":15},
+ "attribute_restrictions": None, # means all I have
+ "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
+ "nameid_format": NAMEID_FORMAT_PERSISTENT
+ },
+ }
+ }
+ },
+ "xmlsec_binary" : "/usr/local/bin/xmlsec1",
+ "virtual_organization" : {
+ "http://vo.example.org/biomed":{
+ "nameid_format" : "urn:oid:2.16.756.1.2.5.1.1.1-NameID",
+ "common_identifier": "uid",
+ },
+ "http://vo.example.org/design":{
+ }
+ }
+})
+
+NAME_ID_POLICY_1 = """
+
+"""
+
+NAME_ID_POLICY_2 = """
+
+"""
+
+
+class TestIdentifier():
+ def setup_class(self):
+ self.id = Identifier("subject.db", CONFIG["entityid"],
+ CONFIG.vo_conf)
+
+ def test_persistent_1(self):
+ policy = Policy({
+ "default": {
+ "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
+ "nameid_format": NAMEID_FORMAT_PERSISTENT,
+ "attribute_restrictions": {
+ "surName": [".*berg"],
+ }
+ }
+ })
+
+ nameid = self.id.construct_nameid(policy, "foobar",
+ "urn:mace:example.com:sp:1")
+
+ assert _eq(nameid.keys(), ['text', 'sp_name_qualifier', 'format'])
+ assert nameid["sp_name_qualifier"] == CONFIG["entityid"]
+ assert nameid["format"] == NAMEID_FORMAT_PERSISTENT
+
+ nameid_2 = self.id.construct_nameid(policy, "foobar",
+ "urn:mace:example.com:sp:1")
+
+ assert nameid == nameid_2
+ assert nameid["text"] == nameid_2["text"]
+
+ def test_transient_1(self):
+ policy = Policy({
+ "default": {
+ "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
+ "nameid_format": NAMEID_FORMAT_TRANSIENT,
+ "attribute_restrictions": {
+ "surName": [".*berg"],
+ }
+ }
+ })
+ nameid = self.id.construct_nameid(policy, "foobar",
+ "urn:mace:example.com:sp:1")
+
+ assert _eq(nameid.keys(), ['text', 'format'])
+ assert nameid["format"] == NAMEID_FORMAT_TRANSIENT
+
+ def test_vo_1(self):
+ policy = Policy({
+ "default": {
+ "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
+ "nameid_format": NAMEID_FORMAT_PERSISTENT,
+ "attribute_restrictions": {
+ "surName": [".*berg"],
+ }
+ }
+ })
+
+ name_id_policy = samlp.name_id_policy_from_string(NAME_ID_POLICY_1)
+ nameid = self.id.construct_nameid(policy, "foobar",
+ "urn:mace:example.com:sp:1",
+ {"uid": "foobar01"},
+ name_id_policy)
+
+ assert _eq(nameid.keys(), ['text', 'sp_name_qualifier', 'format'])
+ assert nameid["sp_name_qualifier"] == 'http://vo.example.org/biomed'
+ assert nameid["format"] == \
+ CONFIG.vo_conf('http://vo.example.org/biomed')["nameid_format"]
+ assert nameid["text"] == "foobar01"
+
+ def test_vo_2(self):
+ policy = Policy({
+ "default": {
+ "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
+ "nameid_format": NAMEID_FORMAT_PERSISTENT,
+ "attribute_restrictions": {
+ "surName": [".*berg"],
+ }
+ }
+ })
+
+ name_id_policy = samlp.name_id_policy_from_string(NAME_ID_POLICY_2)
+
+ nameid = self.id.construct_nameid(policy, "foobar",
+ "urn:mace:example.com:sp:1",
+ {"uid": "foobar01"},
+ name_id_policy)
+
+ assert _eq(nameid.keys(), ['text', 'sp_name_qualifier', 'format'])
+ assert nameid["sp_name_qualifier"] == 'http://vo.example.org/design'
+ assert nameid["format"] == NAMEID_FORMAT_PERSISTENT
+ assert nameid["text"] != "foobar01"
+