Configuration files for tests

2010-10-13 13:35:17 +02:00
parent 1d53368bf7
commit b5d5cdb009
10 changed files with 313 additions and 18 deletions
--- a/tests/idp_aa.xml
+++ b/tests/idp_aa.xml
@@ -0,0 +1,32 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<ns0:EntitiesDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata"><ns0:EntityDescriptor entityID="urn:mace:example.com:saml:roland:idp"><ns0:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns1:KeyInfo xmlns:ns1="http://www.w3.org/2000/09/xmldsig#"><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy
+3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaN
+efiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0G
+A1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJs
+iojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt
+U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSw
+mDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6
+h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5
+U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6
+mrPzGzk3ECbupFnqyREH3+ZPSdk=
+</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8088/slo" /><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://localhost:8088/sso" /></ns0:IDPSSODescriptor><ns0:Organization><ns0:OrganizationName xml:lang="en">Exempel AB</ns0:OrganizationName><ns0:OrganizationDisplayName xml:lang="se">Exempel AB</ns0:OrganizationDisplayName><ns0:OrganizationDisplayName xml:lang="en">Example Co.</ns0:OrganizationDisplayName><ns0:OrganizationURL xml:lang="en">http://www.example.com/roland</ns0:OrganizationURL></ns0:Organization><ns0:ContactPerson contactType="technical"><ns0:GivenName>John</ns0:GivenName><ns0:SurName>Smith</ns0:SurName><ns0:EmailAddress>john.smith@example.com</ns0:EmailAddress></ns0:ContactPerson></ns0:EntityDescriptor><ns0:EntityDescriptor entityID="urn:mace:example.com:saml:roland:aa"><ns0:AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns2:KeyInfo xmlns:ns2="http://www.w3.org/2000/09/xmldsig#"><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy
+3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaN
+efiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0G
+A1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJs
+iojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt
+U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSw
+mDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6
+h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5
+U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6
+mrPzGzk3ECbupFnqyREH3+ZPSdk=
+</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns0:KeyDescriptor><ns0:AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://localhost:8089/as" /></ns0:AttributeAuthorityDescriptor><ns0:Organization><ns0:OrganizationName xml:lang="en">Exempel AB</ns0:OrganizationName><ns0:OrganizationDisplayName xml:lang="se">Exempel AB</ns0:OrganizationDisplayName><ns0:OrganizationDisplayName xml:lang="en">Example Co.</ns0:OrganizationDisplayName><ns0:OrganizationURL xml:lang="en">http://www.example.com/roland</ns0:OrganizationURL></ns0:Organization><ns0:ContactPerson contactType="technical"><ns0:GivenName>John</ns0:GivenName><ns0:SurName>Smith</ns0:SurName><ns0:EmailAddress>john.smith@example.com</ns0:EmailAddress></ns0:ContactPerson></ns0:EntityDescriptor></ns0:EntitiesDescriptor>
--- a/tests/idp_soap.xml
+++ b/tests/idp_soap.xml
@@ -0,0 +1,17 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<ns0:EntitiesDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata"><ns0:EntityDescriptor entityID="urn:mace:example.com:saml:roland:idp"><ns0:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns1:KeyInfo xmlns:ns1="http://www.w3.org/2000/09/xmldsig#"><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy
+3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaN
+efiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0G
+A1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJs
+iojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt
+U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSw
+mDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6
+h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5
+U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6
+mrPzGzk3ECbupFnqyREH3+ZPSdk=
+</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://localhost:8088/slo" /><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://localhost:8088/sso" /></ns0:IDPSSODescriptor><ns0:Organization><ns0:OrganizationName xml:lang="en">Exempel AB</ns0:OrganizationName><ns0:OrganizationDisplayName xml:lang="se">Exempel AB</ns0:OrganizationDisplayName><ns0:OrganizationDisplayName xml:lang="en">Example Co.</ns0:OrganizationDisplayName><ns0:OrganizationURL xml:lang="en">http://www.example.com/roland</ns0:OrganizationURL></ns0:Organization><ns0:ContactPerson contactType="technical"><ns0:GivenName>John</ns0:GivenName><ns0:SurName>Smith</ns0:SurName><ns0:EmailAddress>john.smith@example.com</ns0:EmailAddress></ns0:ContactPerson></ns0:EntityDescriptor></ns0:EntitiesDescriptor>
--- a/tests/server2.config
+++ b/tests/server2.config
@@ -0,0 +1,46 @@
+{
+    "entityid" : "urn:mace:example.com:saml:roland:sp",
+    "service": {
+        "sp":{ 
+            "name" : "urn:mace:example.com:saml:roland:sp",
+            "description": "My own SP",
+            "endpoints":{
+                "assertion_consumer_service": ["http://lingon.catalogix.se:8087/"],
+            },
+            "required_attributes": ["surName", "givenName", "mail"],
+            "optional_attributes": ["title"],
+            "idp":{
+                "urn:mace:example.com:saml:roland:idp":None,
+            },
+        }
+    },
+    "debug" : 1,
+    "key_file" : "test.key",
+    "cert_file" : "test.pem",
+    "xmlsec_binary" : "/usr/local/bin/xmlsec1",
+    "metadata": {
+        "local": ["idp_soap.xml", "vo_metadata.xml"],
+    },
+    "virtual_organization" : {
+        "urn:mace:example.com:it:tek":{
+            "nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID",
+            "common_identifier": "umuselin",
+        }
+    },
+    "subject_data": "subject_data.db",
+    "accept_time_diff": 60, 
+    "attribute_map_dir" : "attributemaps",
+    "organization": {
+        "name": ("AB Exempel", "se"),
+        "display_name": ("AB Exempel", "se"),
+        "url": "http://www.example.org",
+    },
+    "contact_person": [{
+            "given_name": "Roland",
+            "sur_name": "Hedberg",
+            "telephone_number": "+46 70 100 0000",
+            "email_address": ["tech@example.com", "tech@example.org"],
+            "contact_type": "technical"
+        },
+    ]
+}
--- a/tests/server3.config
+++ b/tests/server3.config
@@ -0,0 +1,46 @@
+{
+    "entityid" : "urn:mace:example.com:saml:roland:sp",
+    "service": {
+        "sp":{ 
+            "name" : "urn:mace:example.com:saml:roland:sp",
+            "description": "My own SP",
+            "endpoints":{
+                "assertion_consumer_service": ["http://lingon.catalogix.se:8087/"],
+            },
+            "required_attributes": ["surName", "givenName", "mail"],
+            "optional_attributes": ["title"],
+            "idp":{
+                "urn:mace:example.com:saml:roland:idp":None,
+            },
+        }
+    },
+    "debug" : 1,
+    "key_file" : "test.key",
+    "cert_file" : "test.pem",
+    "xmlsec_binary" : "/usr/local/bin/xmlsec1",
+    "metadata": {
+        "local": ["idp_aa.xml", "vo_metadata.xml"],
+    },
+    "virtual_organization" : {
+        "urn:mace:example.com:it:tek":{
+            "nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID",
+            "common_identifier": "umuselin",
+        }
+    },
+    "subject_data": "subject_data.db",
+    "accept_time_diff": 60, 
+    "attribute_map_dir" : "attributemaps",
+    "organization": {
+        "name": ("AB Exempel", "se"),
+        "display_name": ("AB Exempel", "se"),
+        "url": "http://www.example.org",
+    },
+    "contact_person": [{
+            "given_name": "Roland",
+            "sur_name": "Hedberg",
+            "telephone_number": "+46 70 100 0000",
+            "email_address": ["tech@example.com", "tech@example.org"],
+            "contact_type": "technical"
+        },
+    ]
+}
--- a/tests/test_12_s_utils.py
+++ b/tests/test_12_s_utils.py
@@ -442,3 +442,12 @@ def test_authn_statement():
    assert _eq(ast.keyswv(),["authn_instant","session_index",
                            "session_not_on_or_after",
                            "authn_context"])
+                            
+def test_signature():
+    arr = ["foobar", "1234567890"]
+    csum = utils.signature("abcdef", arr)
+    arr.append(csum)
+    
+    assert utils.verify_signature("abcdef", arr)
+
+    
--- a/tests/test_32_cache.py
+++ b/tests/test_32_cache.py
@@ -59,8 +59,8 @@ class TestClass:
        
    def test_remove_info(self):
        self.cache.reset("1234", "bcde")
-        assert self.cache.active("1234","bcde") == False
-        assert self.cache.active("1234","abcd")
+        assert self.cache.active("1234", "bcde") == False
+        assert self.cache.active("1234", "abcd")
        
        (ava, inactive) = self.cache.get_identity("1234")
        assert inactive == ['bcde']
--- a/tests/test_44_authnresp.py
+++ b/tests/test_44_authnresp.py
@@ -4,7 +4,7 @@
 from saml2 import samlp, BINDING_HTTP_POST
 from saml2 import saml, config, class_name, make_instance
 from saml2.server import Server
-from saml2.response import authn_response
+from saml2.response import authn_response, StatusResponse

 XML_RESPONSE_FILE = "saml_signed.xml"
 XML_RESPONSE_FILE2 = "saml2_response.xml"
@@ -45,11 +45,14 @@ class TestAuthnResponse:
                    authn=(saml.AUTHN_PASSWORD, "http://www.example.com/login")
                )

+        self._logout_resp = server.logout_response("id12")
+        
        conf = config.Config()
        try:
            conf.load_file("tests/server.config")
        except IOError:
            conf.load_file("server.config")
+        self.conf = conf
        self.ar = authn_response(conf, "urn:mace:example.com:saml:roland:sp", 
                                    "http://lingon.catalogix.se:8087/")
    
@@ -116,3 +119,4 @@ class TestAuthnResponse:
        assert authn_info[0][1] == ["http://www.example.com/login"]
        session_info = self.ar.session_info()
        assert session_info["authn_info"] == authn_info
+
--- a/tests/test_50_server.py
+++ b/tests/test_50_server.py
@@ -9,6 +9,7 @@ from saml2 import time_util
 from saml2.s_utils import OtherError
 from saml2.s_utils import do_attribute_statement, factory
 from saml2.soap import make_soap_enveloped_saml_thingy
+from saml2 import BINDING_HTTP_POST

 from py.test import raises
 import shelve
@@ -294,7 +295,7 @@ class TestServer1():
        # value. Just that there should be one
        assert assertion.signature.signature_value.text != ""

-    def test_slo(self):
+    def test_slo_http_post(self):
        soon = time_util.in_a_while(days=1)
        sinfo = {
            "name_id": "foba0001",
@@ -307,13 +308,44 @@ class TestServer1():
        }
        self.client.users.add_information_about_person(sinfo)
        
-        (dest, logout_request) = self.client.make_logout_requests(
-                            subject_id = "foba0001",
-                            reason = "I'm tired of this",
-                        )[0]
+        logout_request = self.client.logout_requests(subject_id = "foba0001",
+                            destination = "http://localhost:8088/slo",
+                            entity_id = "urn:mace:example.com:saml:roland:idp",
+                            reason = "I'm tired of this")
+
+        intermed = s_utils.deflate_and_base64_encode("%s" % (logout_request,))
+                        
+        #saml_soap = make_soap_enveloped_saml_thingy(logout_request)
+        request = self.server.parse_logout_request(intermed, BINDING_HTTP_POST)
+        assert request
+        
+    def test_slo_soap(self):
+        soon = time_util.in_a_while(days=1)
+        sinfo = {
+            "name_id": "foba0001",
+            "issuer": "urn:mace:example.com:saml:roland:idp",
+            "not_on_or_after" : soon,
+            "user": {
+                "givenName": "Leo",
+                "surName": "Laport",
+            }
+        }
+        conf = config.Config()
+        conf.load_file("server2.config")
+        sp = client.Saml2Client(conf)
+
+        sp.users.add_information_about_person(sinfo)
+        
+        logout_request = sp.logout_requests(subject_id = "foba0001",
+                            destination = "http://localhost:8088/slo",
+                            entity_id = "urn:mace:example.com:saml:roland:idp",
+                            reason = "I'm tired of this")
+
+        intermed = s_utils.deflate_and_base64_encode("%s" % (logout_request,))
                        
        saml_soap = make_soap_enveloped_saml_thingy(logout_request)
-        request = self.server.parse_logout_request(saml_soap)
+        idp = Server("idp_soap.conf")
+        request = idp.parse_logout_request(saml_soap)
        assert request
        
 #------------------------------------------------------------------------
--- a/tests/test_51_client.py
+++ b/tests/test_51_client.py
@@ -4,12 +4,16 @@
 import base64
 from urlparse import urlparse, parse_qs

-from saml2.client import Saml2Client
-from saml2 import samlp, client, BINDING_HTTP_POST
+from saml2.client import Saml2Client, LogoutError
+from saml2 import samlp, client, BINDING_HTTP_POST, BINDING_HTTP_REDIRECT
+from saml2 import BINDING_SOAP
 from saml2 import saml, s_utils, config, class_name
 #from saml2.sigver import correctly_signed_authn_request, verify_signature
 from saml2.server import Server
 from saml2.s_utils import decode_base64_and_inflate
+from saml2.time_util import in_a_while
+
+from py.test import raises

 import os
        
@@ -352,7 +356,7 @@ class TestClient:
        assert authnreq.destination == "http://localhost:8088/sso"
        assert authnreq.assertion_consumer_service_url == "http://lingon.catalogix.se:8087/"
        assert authnreq.provider_name == "urn:mace:example.com:saml:roland:sp"
-        assert authnreq.protocol_binding == "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+        assert authnreq.protocol_binding == BINDING_HTTP_POST
        name_id_policy = authnreq.name_id_policy
        assert name_id_policy.allow_create == "true" 
        assert name_id_policy.format == "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" 
@@ -360,5 +364,112 @@ class TestClient:
        assert issuer.text == "urn:mace:example.com:saml:roland:sp"
        
        
-    # def test_logout_request(self):
-        
+    def test_logout_1(self):
+        """ one IdP/AA with BINDING_HTTP_REDIRECT on single_logout_service"""
+
+        # information about the user from an IdP
+        session_info = {
+            "name_id": "123456",
+            "issuer": "urn:mace:example.com:saml:roland:idp",
+            "not_on_or_after": in_a_while(minutes=15),
+            "ava": {
+                "givenName": "Anders",
+                "surName": "Andersson",
+                "mail": "anders.andersson@example.com"
+            }
+        }
+        self.client.users.add_information_about_person(session_info)
+        entity_ids = self.client.users.issuers_of_info("123456")
+        assert entity_ids == ["urn:mace:example.com:saml:roland:idp"]
+        resp = self.client.global_logout("123456", "Tired", in_a_while(minutes=5))
+        print resp
+        assert resp
+        assert resp[0] # a session_id
+        assert resp[1] == [('Content-type', 'text/html')]
+        assert resp[2][0] == '<head>'
+        assert resp[2][1] == '<title>SAML 2.0 POST</title>'
+        session_info = self.client.state[resp[0]]
+        print session_info
+        assert session_info["entity_id"] == entity_ids[0]
+        assert session_info["subject_id"] == "123456"
+        assert session_info["reason"] == "Tired"
+        assert session_info["operation"] == "SLO"
+        assert session_info["entity_ids"] == entity_ids
+        assert session_info["sign"] == False
+
+    def test_logout_2(self):
+        """ one IdP/AA with BINDING_SOAP, can't actually send something"""
+
+        conf = config.Config()
+        conf.load_file("server2.config")
+        client = Saml2Client(conf)
+
+        # information about the user from an IdP
+        session_info = {
+            "name_id": "123456",
+            "issuer": "urn:mace:example.com:saml:roland:idp",
+            "not_on_or_after": in_a_while(minutes=15),
+            "ava": {
+                "givenName": "Anders",
+                "surName": "Andersson",
+                "mail": "anders.andersson@example.com"
+            }
+        }
+        client.users.add_information_about_person(session_info)
+        entity_ids = self.client.users.issuers_of_info("123456")
+        assert entity_ids == ["urn:mace:example.com:saml:roland:idp"]
+        destination = client.config.logout_service(entity_ids[0], BINDING_SOAP)
+        print destination
+        assert destination == 'http://localhost:8088/slo'
+
+        # Will raise an error since there is noone at the other end.
+        raises(LogoutError, 'client.global_logout("123456", "Tired", in_a_while(minutes=5))')
+
+    def test_logout_3(self):
+        """ two or more IdP/AA with BINDING_HTTP_REDIRECT"""
+
+        conf = config.Config()
+        conf.load_file("server3.config")
+        client = Saml2Client(conf)
+
+        # information about the user from an IdP
+        session_info_authn = {
+            "name_id": "123456",
+            "issuer": "urn:mace:example.com:saml:roland:idp",
+            "not_on_or_after": in_a_while(minutes=15),
+            "ava": {
+                "givenName": "Anders",
+                "surName": "Andersson",
+                "mail": "anders.andersson@example.com"
+            }
+        }
+        client.users.add_information_about_person(session_info_authn)
+        session_info_aa = {
+            "name_id": "123456",
+            "issuer": "urn:mace:example.com:saml:roland:aa",
+            "not_on_or_after": in_a_while(minutes=15),
+            "ava": {
+                "eduPersonEntitlement": "Foobar",
+            }
+        }
+        client.users.add_information_about_person(session_info_aa)
+        entity_ids = client.users.issuers_of_info("123456")
+        assert _leq(entity_ids, ["urn:mace:example.com:saml:roland:idp",
+                                "urn:mace:example.com:saml:roland:aa"])
+        resp = client.global_logout("123456", "Tired", in_a_while(minutes=5))
+        print resp
+        assert resp
+        assert resp[0] # a session_id
+        # HTTP POST
+        assert resp[1] == [('Content-type', 'text/html')]
+        assert resp[2][0] == '<head>'
+        assert resp[2][1] == '<title>SAML 2.0 POST</title>'
+        
+        state_info = client.state[resp[0]]
+        print state_info
+        assert state_info["entity_id"] == entity_ids[0]
+        assert state_info["subject_id"] == "123456"
+        assert state_info["reason"] == "Tired"
+        assert state_info["operation"] == "SLO"
+        assert state_info["entity_ids"] == entity_ids
+        assert state_info["sign"] == False
--- a/tests/test_60_sp.py
+++ b/tests/test_60_sp.py
@@ -48,10 +48,8 @@ class TestSP():
        resp_str = "\n".join(self.server.authn_response(ava, 
                    "id1", "http://lingon.catalogix.se:8087/", 
                    "urn:mace:example.com:saml:roland:sp",
-                    make_instance(samlp.NameIDPolicy,
-                                utils.args2dict(
-                                        format=saml.NAMEID_FORMAT_TRANSIENT,
-                                        allow_create="true")),
+                    samlp.NameIDPolicy(format=saml.NAMEID_FORMAT_TRANSIENT,
+                                        allow_create="true"),
                    "foba0001@example.com"))

        resp_str = base64.encodestring(resp_str)