15 files changed, 339 insertions, 38 deletions

diff --git a/python/tests/LibertyEnabledProxy.py b/python/tests/LibertyEnabledProxy.py
index 0c81ad2d..8c5eb2de 100644
--- a/python/tests/LibertyEnabledProxy.py
+++ b/python/tests/LibertyEnabledProxy.py
@@ -35,15 +35,18 @@ class LibertyEnabledProxyMixin(IdentityProviderMixin, ServiceProviderMixin):
 
     def login(self, handler):
         # Before, this proxy was considered as an identity provider. Now it is a service provider.
+        # FIXME: Handle Liberty ProxyCount.
         return ServiceProviderMixin.login(self, handler)
 
     def login_failed(self, handler):
         # Before, this proxy was considered as a service provider. Now it acts again as an identity
         # provider.
+        # FIXME: Handle Liberty ProxyCount.
         return self.login_done(handler, False, None)
 
     def assertionConsumer_done(self, handler):
         # Before, this proxy was considered as a service provider. Now it acts again as an identity
         # provider.
         # FIXME: We should retrieve authentication method from session.lassoSessionDump.
+        # FIXME: Handle Liberty ProxyCount.
         return self.login_done(handler, True, lasso.samlAuthenticationMethodPassword)
diff --git a/python/tests/login_tests.py b/python/tests/login_tests.py
index 5f69f903..17727750 100644
--- a/python/tests/login_tests.py
+++ b/python/tests/login_tests.py
@@ -41,19 +41,19 @@ from websimulator import *
 
 class LoginTestCase(unittest.TestCase):
     def generateIdpSite(self, internet):
-        site = IdentityProvider(internet, 'https://identity-provider/')
-        site.providerId = 'https://identity-provider/metadata'
+        site = IdentityProvider(internet, 'https://idp1')
+        site.providerId = 'https://idp1/metadata'
 
         lassoServer = lasso.Server.new(
-            '../../examples/data/idp-metadata.xml',
-            None, # '../../examples/data/idp-public-key.pem' is no more used
-            '../../examples/data/idp-private-key.pem',
-            '../../examples/data/idp-crt.pem',
+            '../../tests/data/idp1-la/metadata.xml',
+            None, # '../../tests/data/idp1-la/public-key.pem' is no more used
+            '../../tests/data/idp1-la/private-key-raw.pem',
+            '../../tests/data/idp1-la/certificate.pem',
             lasso.signatureMethodRsaSha1)
         lassoServer.add_provider(
-            '../../examples/data/sp-metadata.xml',
-            '../../examples/data/sp-public-key.pem',
-            '../../examples/data/ca-crt.pem')
+            '../../tests/data/sp1-la/metadata.xml',
+            '../../tests/data/sp1-la/public-key.pem',
+            '../../tests/data/ca1-la/certificate.pem')
         site.lassoServerDump = lassoServer.dump()
         failUnless(site.lassoServerDump)
         lassoServer.destroy()
@@ -69,28 +69,28 @@ class LoginTestCase(unittest.TestCase):
         clientProxy = LibertyEnabledClientProxy(internet)
         lassoServer = lasso.Server.new()
         lassoServer.add_provider(
-            '../../examples/data/idp-metadata.xml',
-            '../../examples/data/idp-public-key.pem',
-            '../../examples/data/ca-crt.pem')
+            '../../tests/data/idp1-la/metadata.xml',
+            '../../tests/data/idp1-la/public-key.pem',
+            '../../tests/data/ca1-la/certificate.pem')
         clientProxy.lassoServerDump = lassoServer.dump()
         failUnless(clientProxy.lassoServerDump)
         lassoServer.destroy()
         return clientProxy
         
     def generateSpSite(self, internet):
-        site = ServiceProvider(internet, 'https://service-provider/')
+        site = ServiceProvider(internet, 'https://sp1')
         site.providerId = 'https://service-provider/metadata'
 
         lassoServer = lasso.Server.new(
-            '../../examples/data/sp-metadata.xml',
-            None, # '../../examples/data/sp-public-key.pem' is no more used.
-            '../../examples/data/sp-private-key.pem',
-            '../../examples/data/sp-crt.pem',
+            '../../tests/data/sp1-la/metadata.xml',
+            None, # '../../tests/data/sp1-la/public-key.pem' is no more used
+            '../../tests/data/sp1-la/private-key-raw.pem',
+            '../../tests/data/sp1-la/certificate.pem',
             lasso.signatureMethodRsaSha1)
         lassoServer.add_provider(
-            '../../examples/data/idp-metadata.xml',
-            '../../examples/data/idp-public-key.pem',
-            '../../examples/data/ca-crt.pem')
+            '../../tests/data/idp1-la/metadata.xml',
+            '../../tests/data/idp1-la/public-key.pem',
+            '../../tests/data/ca1-la/certificate.pem')
         site.lassoServerDump = lassoServer.dump()
         failUnless(site.lassoServerDump)
         lassoServer.destroy()
@@ -275,8 +275,7 @@ class LoginTestCase(unittest.TestCase):
         lecp = self.generateLibertyEnabledClientProxy(internet)
         lecp.idpSite = idpSite
 
-        # Try LECP, but the principal is not authenticated on identity-provider. So, LECP must
-        # fail.
+        # Try LECP, but the principal is not authenticated on idp1. So, LECP must fail.
         httpResponse = lecp.login(principal, spSite, '/login')
         failUnlessEqual(httpResponse.statusCode, 401)
 
diff --git a/tests/data/idp1-la/metadata.xml b/tests/data/idp1-la/metadata.xml
new file mode 100644
index 00000000..3330c73d
--- /dev/null
+++ b/tests/data/idp1-la/metadata.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0"?>
+<EntityDescriptor
+    providerID="https://idp1/metadata"
+    xmlns="urn:liberty:metadata:2003-08">
+ <IDPDescriptor>
+
+  <SingleSignOnServiceURL>https://idp1:1998/singleSignOn</SingleSignOnServiceURL>
+  <SingleSignOnProtocolProfile>http://projectliberty.org/profiles/sso-get</SingleSignOnProtocolProfile>
+
+  <SingleLogoutServiceURL>https://idp1:1998/singleLogout</SingleLogoutServiceURL>
+  <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
+
+  <RegisterNameIdentifierServiceURL>https://idp1:1998/registerNameIdentifier</RegisterNameIdentifierServiceURL>
+  <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile>
+
+  <SoapEndpoint>https://idp1:1998/soapEndpoint</SoapEndpoint>
+
+</IDPDescriptor>
+</EntityDescriptor>
diff --git a/tests/data/idp2-la/metadata.xml b/tests/data/idp2-la/metadata.xml
new file mode 100644
index 00000000..24a744ca
--- /dev/null
+++ b/tests/data/idp2-la/metadata.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0"?>
+<EntityDescriptor
+    providerID="https://idp2/metadata"
+    xmlns="urn:liberty:metadata:2003-08">
+ <IDPDescriptor>
+
+  <SingleSignOnServiceURL>https://idp2:2000/singleSignOn</SingleSignOnServiceURL>
+  <SingleSignOnProtocolProfile>http://projectliberty.org/profiles/sso-get</SingleSignOnProtocolProfile>
+
+  <SingleLogoutServiceURL>https://idp2:2000/singleLogout</SingleLogoutServiceURL>
+  <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
+
+  <RegisterNameIdentifierServiceURL>https://idp2:2000/registerNameIdentifier</RegisterNameIdentifierServiceURL>
+  <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile>
+
+  <SoapEndpoint>https://idp2:2000/soapEndpoint</SoapEndpoint>
+
+</IDPDescriptor>
+</EntityDescriptor>
diff --git a/tests/data/idp3-la/metadata.xml b/tests/data/idp3-la/metadata.xml
new file mode 100644
index 00000000..4f84497c
--- /dev/null
+++ b/tests/data/idp3-la/metadata.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0"?>
+<EntityDescriptor
+    providerID="https://idp3/metadata"
+    xmlns="urn:liberty:metadata:2003-08">
+ <IDPDescriptor>
+
+  <SingleSignOnServiceURL>https://idp3:2002/singleSignOn</SingleSignOnServiceURL>
+  <SingleSignOnProtocolProfile>http://projectliberty.org/profiles/sso-get</SingleSignOnProtocolProfile>
+
+  <SingleLogoutServiceURL>https://idp3:2002/singleLogout</SingleLogoutServiceURL>
+  <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
+
+  <RegisterNameIdentifierServiceURL>https://idp3:2002/registerNameIdentifier</RegisterNameIdentifierServiceURL>
+  <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile>
+
+  <SoapEndpoint>https://idp3:2002/soapEndpoint</SoapEndpoint>
+
+</IDPDescriptor>
+</EntityDescriptor>
diff --git a/tests/data/idp4-la/metadata.xml b/tests/data/idp4-la/metadata.xml
new file mode 100644
index 00000000..cacc456b
--- /dev/null
+++ b/tests/data/idp4-la/metadata.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0"?>
+<EntityDescriptor
+    providerID="https://idp4/metadata"
+    xmlns="urn:liberty:metadata:2003-08">
+ <IDPDescriptor>
+
+  <SingleSignOnServiceURL>https://idp4:2004/singleSignOn</SingleSignOnServiceURL>
+  <SingleSignOnProtocolProfile>http://projectliberty.org/profiles/sso-get</SingleSignOnProtocolProfile>
+
+  <SingleLogoutServiceURL>https://idp4:2004/singleLogout</SingleLogoutServiceURL>
+  <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
+
+  <RegisterNameIdentifierServiceURL>https://idp4:2004/registerNameIdentifier</RegisterNameIdentifierServiceURL>
+  <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile>
+
+  <SoapEndpoint>https://idp4:2004/soapEndpoint</SoapEndpoint>
+
+</IDPDescriptor>
+</EntityDescriptor>
diff --git a/tests/data/lecp1-la/metadata.xml b/tests/data/lecp1-la/metadata.xml
new file mode 100644
index 00000000..8f88fa44
--- /dev/null
+++ b/tests/data/lecp1-la/metadata.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0"?>
+<EntityDescriptor
+    providerID="https://lecp1/metadata"
+    xmlns="urn:liberty:metadata:2003-08">
+
+ <IDPDescriptor>
+
+  <SingleSignOnServiceURL>https://lecp1:2014/singleSignOn</SingleSignOnServiceURL>
+  <SingleSignOnProtocolProfile>http://projectliberty.org/profiles/sso-get</SingleSignOnProtocolProfile>
+  <SingleLogoutServiceURL>https://lecp1:2014/singleLogout</SingleLogoutServiceURL>
+  <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
+
+  <RegisterNameIdentifierServiceURL>https://lecp1:2014/registerNameIdentifier</RegisterNameIdentifierServiceURL>
+  <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile>
+
+  <SoapEndpoint>https://lecp1:2014/soapEndpoint</SoapEndpoint>
+
+ </IDPDescriptor>
+
+ <SPDescriptor>
+
+  <AssertionConsumerServiceURL id="AssertionConsumerServiceURL1" isDefault="true">https://lecp1:2014/assertionConsumer</AssertionConsumerServiceURL>
+
+  <SingleLogoutServiceURL>https://lecp1:2014/singleLogout</SingleLogoutServiceURL>
+  <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
+
+  <RegisterNameIdentifierServiceURL>https://lecp1:2014/registerNameIdentifier</RegisterNameIdentifierServiceURL>
+  <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</RegisterNameIdentifierProtocolProfile>
+
+  <SoapEndpoint>https://lecp1:2014/soapEndpoint</SoapEndpoint>
+
+  <AuthnRequestsSigned>true</AuthnRequestsSigned>
+
+ </SPDescriptor>
+
+</EntityDescriptor>
diff --git a/tests/data/lecp2-la/metadata.xml b/tests/data/lecp2-la/metadata.xml
new file mode 100644
index 00000000..c8e15612
--- /dev/null
+++ b/tests/data/lecp2-la/metadata.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0"?>
+<EntityDescriptor
+    providerID="https://lecp2/metadata"
+    xmlns="urn:liberty:metadata:2003-08">
+
+ <IDPDescriptor>
+
+  <SingleSignOnServiceURL>https://lecp2:2016/singleSignOn</SingleSignOnServiceURL>
+  <SingleSignOnProtocolProfile>http://projectliberty.org/profiles/sso-get</SingleSignOnProtocolProfile>
+  <SingleLogoutServiceURL>https://lecp2:2016/singleLogout</SingleLogoutServiceURL>
+  <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
+
+  <RegisterNameIdentifierServiceURL>https://lecp2:2016/registerNameIdentifier</RegisterNameIdentifierServiceURL>
+  <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile>
+
+  <SoapEndpoint>https://lecp2:2016/soapEndpoint</SoapEndpoint>
+
+ </IDPDescriptor>
+
+ <SPDescriptor>
+
+  <AssertionConsumerServiceURL id="AssertionConsumerServiceURL1" isDefault="true">https://lecp2:2016/assertionConsumer</AssertionConsumerServiceURL>
+
+  <SingleLogoutServiceURL>https://lecp2:2016/singleLogout</SingleLogoutServiceURL>
+  <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
+
+  <RegisterNameIdentifierServiceURL>https://lecp2:2016/registerNameIdentifier</RegisterNameIdentifierServiceURL>
+  <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</RegisterNameIdentifierProtocolProfile>
+
+  <SoapEndpoint>https://lecp2:2016/soapEndpoint</SoapEndpoint>
+
+  <AuthnRequestsSigned>true</AuthnRequestsSigned>
+
+ </SPDescriptor>
+
+</EntityDescriptor>
diff --git a/tests/data/lecp3-la/metadata.xml b/tests/data/lecp3-la/metadata.xml
new file mode 100644
index 00000000..d5cc40f4
--- /dev/null
+++ b/tests/data/lecp3-la/metadata.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0"?>
+<EntityDescriptor
+    providerID="https://lecp3/metadata"
+    xmlns="urn:liberty:metadata:2003-08">
+
+ <IDPDescriptor>
+
+  <SingleSignOnServiceURL>https://lecp3:2018/singleSignOn</SingleSignOnServiceURL>
+  <SingleSignOnProtocolProfile>http://projectliberty.org/profiles/sso-get</SingleSignOnProtocolProfile>
+  <SingleLogoutServiceURL>https://lecp3:2018/singleLogout</SingleLogoutServiceURL>
+  <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
+
+  <RegisterNameIdentifierServiceURL>https://lecp3:2018/registerNameIdentifier</RegisterNameIdentifierServiceURL>
+  <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile>
+
+  <SoapEndpoint>https://lecp3:2018/soapEndpoint</SoapEndpoint>
+
+ </IDPDescriptor>
+
+ <SPDescriptor>
+
+  <AssertionConsumerServiceURL id="AssertionConsumerServiceURL1" isDefault="true">https://lecp3:2018/assertionConsumer</AssertionConsumerServiceURL>
+
+  <SingleLogoutServiceURL>https://lecp3:2018/singleLogout</SingleLogoutServiceURL>
+  <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
+
+  <RegisterNameIdentifierServiceURL>https://lecp3:2018/registerNameIdentifier</RegisterNameIdentifierServiceURL>
+  <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</RegisterNameIdentifierProtocolProfile>
+
+  <SoapEndpoint>https://lecp3:2018/soapEndpoint</SoapEndpoint>
+
+  <AuthnRequestsSigned>true</AuthnRequestsSigned>
+
+ </SPDescriptor>
+
+</EntityDescriptor>
diff --git a/tests/data/lecp4-la/metadata.xml b/tests/data/lecp4-la/metadata.xml
new file mode 100644
index 00000000..c1a767b6
--- /dev/null
+++ b/tests/data/lecp4-la/metadata.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0"?>
+<EntityDescriptor
+    providerID="https://lecp4/metadata"
+    xmlns="urn:liberty:metadata:2003-08">
+
+ <IDPDescriptor>
+
+  <SingleSignOnServiceURL>https://lecp4:2020/singleSignOn</SingleSignOnServiceURL>
+  <SingleSignOnProtocolProfile>http://projectliberty.org/profiles/sso-get</SingleSignOnProtocolProfile>
+  <SingleLogoutServiceURL>https://lecp4:2020/singleLogout</SingleLogoutServiceURL>
+  <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
+
+  <RegisterNameIdentifierServiceURL>https://lecp4:2020/registerNameIdentifier</RegisterNameIdentifierServiceURL>
+  <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile>
+
+  <SoapEndpoint>https://lecp4:2020/soapEndpoint</SoapEndpoint>
+
+ </IDPDescriptor>
+
+ <SPDescriptor>
+
+  <AssertionConsumerServiceURL id="AssertionConsumerServiceURL1" isDefault="true">https://lecp4:2020/assertionConsumer</AssertionConsumerServiceURL>
+
+  <SingleLogoutServiceURL>https://lecp4:2020/singleLogout</SingleLogoutServiceURL>
+  <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
+
+  <RegisterNameIdentifierServiceURL>https://lecp4:2020/registerNameIdentifier</RegisterNameIdentifierServiceURL>
+  <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</RegisterNameIdentifierProtocolProfile>
+
+  <SoapEndpoint>https://lecp4:2020/soapEndpoint</SoapEndpoint>
+
+  <AuthnRequestsSigned>true</AuthnRequestsSigned>
+
+ </SPDescriptor>
+
+</EntityDescriptor>
diff --git a/tests/data/sp1-la/metadata.xml b/tests/data/sp1-la/metadata.xml
new file mode 100644
index 00000000..ec28fa48
--- /dev/null
+++ b/tests/data/sp1-la/metadata.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0"?>
+<EntityDescriptor
+    providerID="https://sp1/metadata"
+    xmlns="urn:liberty:metadata:2003-08">
+ <SPDescriptor>
+
+  <AssertionConsumerServiceURL id="AssertionConsumerServiceURL1" isDefault="true">https://sp1:2006/assertionConsumer</AssertionConsumerServiceURL>
+
+  <SingleLogoutServiceURL>https://sp1:2006/singleLogout</SingleLogoutServiceURL>
+  <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
+
+  <RegisterNameIdentifierServiceURL>https://sp1:2006/registerNameIdentifier</RegisterNameIdentifierServiceURL>
+  <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</RegisterNameIdentifierProtocolProfile>
+
+  <SoapEndpoint>https://sp1:2006/soapEndpoint</SoapEndpoint>
+
+  <AuthnRequestsSigned>true</AuthnRequestsSigned>
+
+ </SPDescriptor>
+</EntityDescriptor>
diff --git a/tests/data/sp2-la/metadata.xml b/tests/data/sp2-la/metadata.xml
new file mode 100644
index 00000000..414799cb
--- /dev/null
+++ b/tests/data/sp2-la/metadata.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0"?>
+<EntityDescriptor
+    providerID="https://sp2/metadata"
+    xmlns="urn:liberty:metadata:2003-08">
+ <SPDescriptor>
+
+  <AssertionConsumerServiceURL id="AssertionConsumerServiceURL1" isDefault="true">https://sp2:2008/assertionConsumer</AssertionConsumerServiceURL>
+
+  <SingleLogoutServiceURL>https://sp2:2008/singleLogout</SingleLogoutServiceURL>
+  <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
+
+  <RegisterNameIdentifierServiceURL>https://sp2:2008/registerNameIdentifier</RegisterNameIdentifierServiceURL>
+  <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</RegisterNameIdentifierProtocolProfile>
+
+  <SoapEndpoint>https://sp2:2008/soapEndpoint</SoapEndpoint>
+
+  <AuthnRequestsSigned>true</AuthnRequestsSigned>
+
+ </SPDescriptor>
+</EntityDescriptor>
diff --git a/tests/data/sp3-la/metadata.xml b/tests/data/sp3-la/metadata.xml
new file mode 100644
index 00000000..1dcedf46
--- /dev/null
+++ b/tests/data/sp3-la/metadata.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0"?>
+<EntityDescriptor
+    providerID="https://sp3/metadata"
+    xmlns="urn:liberty:metadata:2003-08">
+ <SPDescriptor>
+
+  <AssertionConsumerServiceURL id="AssertionConsumerServiceURL1" isDefault="true">https://sp3:2010/assertionConsumer</AssertionConsumerServiceURL>
+
+  <SingleLogoutServiceURL>https://sp3:2010/singleLogout</SingleLogoutServiceURL>
+  <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
+
+  <RegisterNameIdentifierServiceURL>https://sp3:2010/registerNameIdentifier</RegisterNameIdentifierServiceURL>
+  <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</RegisterNameIdentifierProtocolProfile>
+
+  <SoapEndpoint>https://sp3:2010/soapEndpoint</SoapEndpoint>
+
+  <AuthnRequestsSigned>true</AuthnRequestsSigned>
+
+ </SPDescriptor>
+</EntityDescriptor>
diff --git a/tests/data/sp4-la/metadata.xml b/tests/data/sp4-la/metadata.xml
new file mode 100644
index 00000000..221cb870
--- /dev/null
+++ b/tests/data/sp4-la/metadata.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0"?>
+<EntityDescriptor
+    providerID="https://sp4/metadata"
+    xmlns="urn:liberty:metadata:2003-08">
+ <SPDescriptor>
+
+  <AssertionConsumerServiceURL id="AssertionConsumerServiceURL1" isDefault="true">https://sp4:2012/assertionConsumer</AssertionConsumerServiceURL>
+
+  <SingleLogoutServiceURL>https://sp4:2012/singleLogout</SingleLogoutServiceURL>
+  <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
+
+  <RegisterNameIdentifierServiceURL>https://sp4:2012/registerNameIdentifier</RegisterNameIdentifierServiceURL>
+  <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</RegisterNameIdentifierProtocolProfile>
+
+  <SoapEndpoint>https://sp4:2012/soapEndpoint</SoapEndpoint>
+
+  <AuthnRequestsSigned>true</AuthnRequestsSigned>
+
+ </SPDescriptor>
+</EntityDescriptor>
diff --git a/tests/login_tests.c b/tests/login_tests.c
index 5750eaec..2a460529 100644
--- a/tests/login_tests.c
+++ b/tests/login_tests.c
@@ -35,16 +35,16 @@ generateIdentityProviderContextDump()
 	LassoServer *serverContext;
 	
 	serverContext = lasso_server_new(
-			"../examples/data/idp-metadata.xml",
-			"../examples/data/idp-public-key.pem",
-			"../examples/data/idp-private-key.pem",
-			"../examples/data/idp-crt.pem",
+			"../tests/data/idp1-la/metadata.xml",
+			NULL, /* "../tests/data/idp1-la/public-key.pem" is no more used */
+			"../tests/data/idp1-la/private-key-raw.pem",
+			"../tests/data/idp1-la/certificate.pem",
 			lassoSignatureMethodRsaSha1);
 	lasso_server_add_provider(
 			serverContext,
-			"../examples/data/sp-metadata.xml",
-			"../examples/data/sp-public-key.pem",
-			"../examples/data/ca-crt.pem");
+			"../tests/data/sp1-la/metadata.xml",
+			"../tests/data/sp1-la/public-key.pem",
+			"../tests/data/ca1-la/certificate.pem");
 	return lasso_server_dump(serverContext);
 }
 
@@ -54,16 +54,16 @@ generateServiceProviderContextDump()
 	LassoServer *serverContext;
 	
 	serverContext = lasso_server_new(
-			"../examples/data/sp-metadata.xml",
-			"../examples/data/sp-public-key.pem",
-			"../examples/data/sp-private-key.pem",
-			"../examples/data/sp-crt.pem",
+			"../tests/data/sp1-la/metadata.xml",
+			NULL, /* "../tests/data/sp1-la/public-key.pem" is no more used */
+			"../tests/data/sp1-la/private-key-raw.pem",
+			"../tests/data/sp1-la/certificate.pem",
 			lassoSignatureMethodRsaSha1);
 	lasso_server_add_provider(
 			serverContext,
-			"../examples/data/idp-metadata.xml",
-			"../examples/data/idp-public-key.pem",
-			"../examples/data/ca-crt.pem");
+			"../tests/data/idp1-la/metadata.xml",
+			"../tests/data/idp1-la/public-key.pem",
+			"../tests/data/ca1-la/certificate.pem");
 	return lasso_server_dump(serverContext);
 }
 
@@ -114,8 +114,7 @@ START_TEST(test02_serviceProviderLogin)
 	lasso_lib_authn_request_set_consent(request, lassoLibConsentObtained);
 	relayState = "fake";
 	lasso_lib_authn_request_set_relayState(request, "fake");
-	rc = lasso_login_build_authn_request_msg(spLoginContext,
-			"https://identity-provider:1998/liberty-alliance/metadata");
+	rc = lasso_login_build_authn_request_msg(spLoginContext, "https://idp1/metadata");
 	fail_unless(rc == 0, "lasso_login_build_authn_request_msg failed");
 	authnRequestUrl = LASSO_PROFILE(spLoginContext)->msg_url;
 	fail_unless(authnRequestUrl != NULL,