scashin133-rsaml 0.1.0

data/scashin133-rsaml.gemspec

@@ -0,0 +1,180 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{scashin133-rsaml}
+  s.version = "0.1.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Anthony Eden"]
+  s.date = %q{2010-02-12}
+  s.description = %q{RSAML is a SAML implementation in Ruby. RSAML currently implements the elements defined in the SAML-Core 2.0 
+    specification by defining an object model that mimics the structure of SAML. Method names and attributes have been made 
+    ruby-friendly and documentation is provided for each class and method. In certain cases the SAML specification is 
+    referenced directly and should be considered the final say whenever a question arises regarding SAML implementation.
+    }
+  s.email = ["anthonyeden@gmail.com", "scashin133@gmail.com"]
+  s.extra_rdoc_files = [
+    "LICENSE",
+     "README"
+  ]
+  s.files = [
+    ".autotest",
+     ".gitignore",
+     "LICENSE",
+     "README",
+     "Rakefile",
+     "lib/rsaml.rb",
+     "lib/rsaml/action.rb",
+     "lib/rsaml/action_namespace.rb",
+     "lib/rsaml/advice.rb",
+     "lib/rsaml/assertion.rb",
+     "lib/rsaml/attribute.rb",
+     "lib/rsaml/audience.rb",
+     "lib/rsaml/authentication_context.rb",
+     "lib/rsaml/authn_context/README",
+     "lib/rsaml/authn_context/authentication_context_declaration.rb",
+     "lib/rsaml/authn_context/identification.rb",
+     "lib/rsaml/authn_context/physical_verification.rb",
+     "lib/rsaml/condition.rb",
+     "lib/rsaml/conditions.rb",
+     "lib/rsaml/encrypted.rb",
+     "lib/rsaml/errors.rb",
+     "lib/rsaml/evidence.rb",
+     "lib/rsaml/ext/string.rb",
+     "lib/rsaml/identifier.rb",
+     "lib/rsaml/identifier/base.rb",
+     "lib/rsaml/identifier/issuer.rb",
+     "lib/rsaml/identifier/name.rb",
+     "lib/rsaml/parser.rb",
+     "lib/rsaml/protocol.rb",
+     "lib/rsaml/protocol/artifact_resolve.rb",
+     "lib/rsaml/protocol/assertion_id_request.rb",
+     "lib/rsaml/protocol/authn_request.rb",
+     "lib/rsaml/protocol/idp_entry.rb",
+     "lib/rsaml/protocol/idp_list.rb",
+     "lib/rsaml/protocol/message.rb",
+     "lib/rsaml/protocol/name_id_policy.rb",
+     "lib/rsaml/protocol/query.rb",
+     "lib/rsaml/protocol/query/attribute_query.rb",
+     "lib/rsaml/protocol/query/authn_query.rb",
+     "lib/rsaml/protocol/query/authz_decision_query.rb",
+     "lib/rsaml/protocol/query/subject_query.rb",
+     "lib/rsaml/protocol/request.rb",
+     "lib/rsaml/protocol/requested_authn_context.rb",
+     "lib/rsaml/protocol/response.rb",
+     "lib/rsaml/protocol/scoping.rb",
+     "lib/rsaml/protocol/status.rb",
+     "lib/rsaml/protocol/status_code.rb",
+     "lib/rsaml/proxy_restriction.rb",
+     "lib/rsaml/statement.rb",
+     "lib/rsaml/statement/attribute_statement.rb",
+     "lib/rsaml/statement/authentication_statement.rb",
+     "lib/rsaml/statement/authorization_decision_statement.rb",
+     "lib/rsaml/statement/base.rb",
+     "lib/rsaml/subject.rb",
+     "lib/rsaml/subject_confirmation.rb",
+     "lib/rsaml/subject_confirmation_data.rb",
+     "lib/rsaml/subject_locality.rb",
+     "lib/rsaml/validatable.rb",
+     "lib/rsaml/version.rb",
+     "lib/xml_enc.rb",
+     "lib/xml_sig.rb",
+     "lib/xml_sig/canonicalization_method.rb",
+     "lib/xml_sig/key_info.rb",
+     "lib/xml_sig/reference.rb",
+     "lib/xml_sig/signature.rb",
+     "lib/xml_sig/signature_method.rb",
+     "lib/xml_sig/signed_info.rb",
+     "lib/xml_sig/transform.rb",
+     "scashin133-rsaml.gemspec",
+     "test/action_namespace_test.rb",
+     "test/action_test.rb",
+     "test/advice_test.rb",
+     "test/assertion_test.rb",
+     "test/attribute_test.rb",
+     "test/authentication_context_test.rb",
+     "test/conditions_test.rb",
+     "test/evidence_test.rb",
+     "test/identifier_test.rb",
+     "test/issuer_test.rb",
+     "test/name_test.rb",
+     "test/parser_test.rb",
+     "test/protocol/assertion_id_request_test.rb",
+     "test/protocol/attribute_query_test.rb",
+     "test/protocol/authn_query_test.rb",
+     "test/protocol/authn_request_test.rb",
+     "test/protocol/authz_decision_query_test.rb",
+     "test/protocol/idp_list_test.rb",
+     "test/protocol/request_test.rb",
+     "test/protocol/response_test.rb",
+     "test/protocol/scoping_test.rb",
+     "test/protocol/status_code_test.rb",
+     "test/protocol/status_test.rb",
+     "test/proxy_restriction_test.rb",
+     "test/rsaml_test.rb",
+     "test/sample_data/attribute_query.xml",
+     "test/statement_test.rb",
+     "test/subject_locality_test.rb",
+     "test/subject_test.rb",
+     "test/test_helper.rb",
+     "test/xml_sig/canonicalization_test.rb",
+     "test/xml_sig/iso-8859-1.txt"
+  ]
+  s.homepage = %q{http://github.com/scashin133/rsaml}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{Ruby implementation of the SAML 2.0 Specification}
+  s.test_files = [
+    "test/action_namespace_test.rb",
+     "test/action_test.rb",
+     "test/advice_test.rb",
+     "test/assertion_test.rb",
+     "test/attribute_test.rb",
+     "test/authentication_context_test.rb",
+     "test/conditions_test.rb",
+     "test/evidence_test.rb",
+     "test/identifier_test.rb",
+     "test/issuer_test.rb",
+     "test/name_test.rb",
+     "test/parser_test.rb",
+     "test/protocol/assertion_id_request_test.rb",
+     "test/protocol/attribute_query_test.rb",
+     "test/protocol/authn_query_test.rb",
+     "test/protocol/authn_request_test.rb",
+     "test/protocol/authz_decision_query_test.rb",
+     "test/protocol/idp_list_test.rb",
+     "test/protocol/request_test.rb",
+     "test/protocol/response_test.rb",
+     "test/protocol/scoping_test.rb",
+     "test/protocol/status_code_test.rb",
+     "test/protocol/status_test.rb",
+     "test/proxy_restriction_test.rb",
+     "test/rsaml_test.rb",
+     "test/statement_test.rb",
+     "test/subject_locality_test.rb",
+     "test/subject_test.rb",
+     "test/test_helper.rb",
+     "test/xml_sig/canonicalization_test.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<activesupport>, [">= 2.3.4"])
+      s.add_runtime_dependency(%q<uuid>, [">= 2.1.1"])
+    else
+      s.add_dependency(%q<activesupport>, [">= 2.3.4"])
+      s.add_dependency(%q<uuid>, [">= 2.1.1"])
+    end
+  else
+    s.add_dependency(%q<activesupport>, [">= 2.3.4"])
+    s.add_dependency(%q<uuid>, [">= 2.1.1"])
+  end
+end
+

data/test/action_namespace_test.rb

@@ -0,0 +1,93 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class ActionNamespaceTest < Test::Unit::TestCase
+  context "the ActionNamespace class" do
+    should "define all of the namespaces in the SAML 2.0 specification" do
+      namespace_uris = ActionNamespace.namespaces.values.collect { |ns| ns.uri }
+      assert namespace_uris.include?('urn:oasis:names:tc:SAML:1.0:action:rwedc')
+      assert namespace_uris.include?('urn:oasis:names:tc:SAML:1.0:action:rwedc-negation')
+      assert namespace_uris.include?('urn:oasis:names:tc:SAML:1.0:action:ghpp')
+      assert namespace_uris.include?('urn:oasis:names:tc:SAML:1.0:action:unix')
+    end
+    should "return a namespace instance given a URI" do
+      assert_equal(ActionNamespace.namespaces[:rwedc], 
+        ActionNamespace.namespace_for_uri('urn:oasis:names:tc:SAML:1.0:action:rwedc')
+      )
+      assert_equal(ActionNamespace.namespaces[:rwedc_negation], 
+        ActionNamespace.namespace_for_uri('urn:oasis:names:tc:SAML:1.0:action:rwedc-negation')
+      )
+    end
+  end
+  context "the rwdec namespace" do
+    setup do
+      @action_namespace = ActionNamespace.namespaces[:rwedc]
+      @expected_actions = ['Read','Write','Execute','Delete','Control']
+    end
+    should "have the correct uri" do
+      assert_equal 'urn:oasis:names:tc:SAML:1.0:action:rwedc', @action_namespace.uri
+    end
+    should "return the uri when to_s is invoked" do
+      assert_equal @action_namespace.uri, @action_namespace.to_s
+    end
+    should "have the correct actions" do
+      assert_equal @expected_actions, @action_namespace.action_names
+    end
+    should "return true for a valid action" do
+      @expected_actions.each do |action|
+        assert @action_namespace.valid_action?(action)
+      end
+    end
+    should "return false for an invalid action" do
+      assert_equal false, @action_namespace.valid_action?('invalid-action')
+    end
+  end
+  context "the rwdec-negation namespace" do
+    setup do
+      @action_namespace = ActionNamespace.namespaces[:rwedc_negation]
+      @expected_actions = [
+        'Read','Write','Execute','Delete','Control',
+        '~Read','~Write','~Execute','~Delete','~Control'
+      ]
+    end
+    should "have the correct uri" do
+      assert_equal 'urn:oasis:names:tc:SAML:1.0:action:rwedc-negation', @action_namespace.uri
+    end
+    should "have the correct actions" do
+      assert_equal @expected_actions, @action_namespace.action_names
+    end
+    should "return true for a valid action" do
+      @expected_actions.each do |action|
+        assert @action_namespace.valid_action?(action)
+      end
+    end
+    should "return false for an invalid action" do
+      assert_equal false, @action_namespace.valid_action?('invalid-action')
+    end
+  end
+  context "the ghpp namespace" do
+    setup do
+      @action_namespace = ActionNamespace.namespaces[:ghpp]
+      @expected_actions = ['GET','HEAD','PUT','POST']
+    end
+    should "have the correct uri" do
+      assert_equal 'urn:oasis:names:tc:SAML:1.0:action:ghpp', @action_namespace.uri
+    end
+    should "have the correct actions" do
+      assert_equal @expected_actions, @action_namespace.action_names
+    end
+    should "return false for an invalid action" do
+      assert_equal false, @action_namespace.valid_action?('invalid-action')
+    end
+  end
+  context "the unix file permissions namespace" do
+    setup do
+      @action_namespace = ActionNamespace.namespaces[:unix]
+    end
+    should "have the correct uri" do
+      assert_equal 'urn:oasis:names:tc:SAML:1.0:action:unix', @action_namespace.uri
+    end
+    should_eventually "have the correct actions" do
+      
+    end
+  end
+end

data/test/action_test.rb

@@ -0,0 +1,51 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class ActionTest < Test::Unit::TestCase
+  context "an action" do
+    setup do
+      @action = Action.new('Read')
+    end
+    should "have the rwedc_negation namespace by default" do
+      assert_equal Action.namespaces[:rwedc_negation], @action.namespace
+    end
+    should "be valid by default" do
+      assert @action.valid?
+    end
+    context "when producing xml" do
+      should "optionally have a namespace" do
+        assert_match(/<saml:Action Namespace="#{@action.namespace}"/, @action.to_xml)
+      end
+    end
+    context "when consuming xml" do
+      should "return a valid Action instance" do
+        action = Action.from_xml('<saml:Action>Read</saml:Action>')
+        assert_not_nil(action)
+        assert_equal 'Read', action.value
+        assert_equal Action.namespaces[:rwedc_negation], action.namespace
+        assert action.valid?
+      end
+      context "with an action namespace attribute" do
+        should "return a valid Action instance with an action namespace" do
+          action = Action.from_xml(%Q(<saml:Action Namespace="#{Action.namespaces[:rwedc]}">Write</saml:Action>))
+          assert_not_nil(action)
+          assert_equal 'Write', action.value
+          assert_equal Action.namespaces[:rwedc], action.namespace
+        end
+      end
+    end
+    context "when validating" do
+      should "raise an error if no value is provided" do
+        assert_raise ValidationError do
+          @action.value = nil
+          @action.validate
+        end
+      end
+      should "raise an error if the value is not in the specified namespace" do
+        assert_raise ValidationError do
+          @action.value = 'PUT'
+          @action.validate
+        end
+      end
+    end
+  end
+end

data/test/advice_test.rb

@@ -0,0 +1,25 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class AdviceTest < Test::Unit::TestCase
+  context "an advice" do
+    setup { @advice = Advice.new }
+    should "have 0 assertions by default" do
+      assert @advice.assertions.empty?
+    end
+    should "be valid if all assertions are valid" do
+      assert @advice.valid?
+    end
+    context "when producing xml" do
+      should "produce an empty advice tag when there are no assertions" do
+        assert_match(/<saml:Advice><\/saml:Advice>/, @advice.to_xml)
+      end
+    end
+    context "when consuming xml" do
+      should "return a valid Advice instance" do
+        advice = Advice.from_xml('<saml:Advice></saml:Advice>')
+        assert_not_nil(advice)
+        assert advice.valid?
+      end
+    end
+  end
+end

data/test/assertion_test.rb

@@ -0,0 +1,192 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class AssertionTest < Test::Unit::TestCase
+  context "an assertion" do
+    setup do
+      @issuer = Identifier::Issuer.new('example')
+      @assertion = Assertion.new(@issuer)
+    end
+    should "require version of 2.0" do
+      assert_equal "2.0", @assertion.version
+    end
+    should "require ID" do
+      assert_not_nil @assertion.id
+    end
+    should "require issue instant" do
+      assert_not_nil @assertion.issue_instant
+    end
+    should "require an issuer" do
+      assert_not_nil @assertion.issuer
+    end
+    
+    context "with only a subject" do
+      setup do
+        @assertion.subject = 'test'
+      end
+      should "be valid" do
+        assert_nothing_raised do
+          @assertion.validate
+        end
+      end
+    end
+    context "with an authentication statement" do
+      setup do
+        @assertion.statements << AuthenticationStatement.new(AuthenticationContext.new)
+      end
+      should "require a subject" do
+        assert_raise ValidationError do
+          @assertion.validate
+        end
+        assert !@assertion.valid?
+      end
+    end
+    context "with an attribute statement" do
+      setup do
+        @assertion.statements << AttributeStatement.new
+      end
+      should "require a subject" do
+        assert_raise ValidationError do
+          @assertion.validate
+        end
+      end
+    end
+    context "with a authorization decision statement" do
+      setup do
+        @assertion.statements << AuthorizationDecisionStatement.new
+      end
+      should "require a subject" do
+        assert_raise ValidationError do
+          @assertion.validate
+        end
+      end
+    end
+  
+    context "when producing xml" do
+      # TODO: implement tests for XML results
+      should "always include version, id and issue instant attributes and an issuer child element" do
+        xml = @assertion.to_xml
+        assert_match(/^<saml:Assertion/, xml)
+        assert_match(/Version="2.0"/, xml)
+        assert_match(/ID="#{uuid_match}"/, xml)
+        assert_match(/IssueInstant="#{date_match}"/, xml)
+        assert_match(/<saml:Issuer/, xml)
+      end
+      should "optionally include a signature" do
+        @assertion.signature = XmlSig::Signature.new
+        xml = @assertion.to_xml
+        assert_match(/<ds:Signature/, xml)
+      end
+      should "optionally include a subject" do
+        @assertion.subject = Subject.new(Identifier::Name.new('The Subject'))
+        xml = @assertion.to_xml
+        assert_match(%Q(<saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">The Subject</saml:NameID></saml:Subject>), xml)
+      end
+      should "optionally include conditions" do
+        @assertion.conditions << Condition.new
+        xml = @assertion.to_xml
+        assert_match(/<saml:Conditions>/, xml)
+      end
+      should "optionally include advice" do
+        uri = 'http://example.com/some_advice'
+        advice = Advice.new
+        advice.assertions << AssertionIDRef.new(UUID.new)
+        advice.assertions << AssertionURIRef.new(uri) # a URI
+        @assertion.advice << advice
+        xml = @assertion.to_xml
+        assert_match(/<saml:Advice><saml:AssertionIDRef>#{uuid_match}<\/saml:AssertionIDRef>/, xml)
+        assert_match(/<saml:AssertionURIRef>#{uri}<\/saml:AssertionURIRef><\/saml:Advice>/, xml)
+      end
+      should "optionally include statements" do
+        @assertion.statements << AuthenticationStatement.new(AuthenticationContext.new)
+        xml = @assertion.to_xml
+        assert_match(/<saml:AuthnStatement AuthnInstant="#{date_match}"/, xml)
+      end
+    end
+
+    context "when consuming xml" do
+      should "return a valid Assertion instance" do
+        xml_fragment = %Q(
+          <saml:Assertion>
+            <saml:Issuer>Example</saml:Issuer>
+            <saml:Subject>Anthony</saml:Subject>
+          </saml:Assertion>
+        )
+        assertion = Assertion.from_xml(xml_fragment)
+        assert_not_nil assertion
+        assert_not_nil assertion.issuer
+        assert_equal 'Example', assertion.issuer.value
+        assert_nothing_raised do
+          assertion.validate
+        end
+      end
+      context "where there is no saml:Subject element" do
+        should "raise a validation error" do
+          xml_fragment = %Q(
+            <saml:Assertion>
+              <saml:Issuer>Example</saml:Issuer>
+            </saml:Assertion>
+          )
+          assertion = Assertion.from_xml(xml_fragment)
+          assert_raise ValidationError do
+            assertion.validate
+          end
+        end
+      end
+    end
+  end
+  context "an assertion URI ref" do
+    setup do
+      @assertion_uri_ref = AssertionURIRef.new('some_uri')
+    end
+    should "provide a uri accessor" do
+      assert_equal 'some_uri', @assertion_uri_ref.uri
+    end
+    context "when validating" do
+      should "raise an error if no uri is provided" do
+        assert_raise ValidationError do
+          @assertion_uri_ref.uri = nil
+          @assertion_uri_ref.validate
+        end
+      end
+    end
+    context "when producing xml" do
+      should "have the uri as the value" do
+        assert_match(/<saml:AssertionURIRef>some_uri<\/saml:AssertionURIRef>/, @assertion_uri_ref.to_xml)
+      end
+    end
+    context "when consuming xml" do
+      should "return a valid AssertionURIRef instance" do
+        assertion_ref = AssertionURIRef.from_xml('<saml:AssertionURIRef>some_uri</saml:AssertionURIRef>')
+        assert_not_nil assertion_ref
+        assert_equal 'some_uri', assertion_ref.uri
+        assert assertion_ref.valid?
+      end
+    end
+  end
+  context "an assertion ID ref" do
+    setup do
+      @assertion_id_ref = AssertionIDRef.new('some_id')
+    end
+    context "when validating" do
+      should "raise an error if no id is provided" do
+        assert_raise ValidationError do
+          @assertion_id_ref.id = nil
+          @assertion_id_ref.validate
+        end
+      end
+    end
+    context "when producing xml" do
+      should "have an id as the value" do
+        assert_match(/<saml:AssertionIDRef>some_id<\/saml:AssertionIDRef>/, @assertion_id_ref.to_xml)
+      end
+    end
+    context "when consuming xml" do
+      should "return a valid AssertionIDRef instance" do
+        assertion_ref = AssertionIDRef.from_xml('<saml:AssertionIDRef>some_id</saml:AssertionIDRef>')
+        assert_not_nil assertion_ref
+        assert_equal 'some_id', assertion_ref.id
+        assert assertion_ref.valid?
+      end
+    end
+  end
+end

data/test/attribute_test.rb

@@ -0,0 +1,60 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class AttributeTest < Test::Unit::TestCase
+  context "an attribute" do
+    setup do
+      @attribute = Attribute.new('email')
+    end
+    should "should be valid" do
+      assert_nothing_raised do
+        @attribute.validate
+      end
+    end
+    should "should not be valid if name is nil" do
+      assert_raise ValidationError do
+        @attribute.name = nil
+        @attribute.validate
+      end
+    end
+    context "when producing xml" do
+      should "always include a name attribute" do
+        assert_match(/<saml:Attribute Name="email"><\/saml:Attribute>/, @attribute.to_xml)
+      end
+      should "optionally include a NameFormat attribute" do
+        @attribute.name_format = 'http://host/name_format/email'
+        assert_match(/NameFormat="#{@attribute.name_format}"/, @attribute.to_xml)
+      end
+      should "optionally include a FriendlyName attribute" do
+        @attribute.friendly_name = 'email'
+        assert_match(/FriendlyName="#{@attribute.friendly_name}"/, @attribute.to_xml)
+      end
+      should "optionally include a single attribute value child element" do
+        @attribute.values << 'someone@somewhere.com'
+        assert_match(/<saml:AttributeValue>someone@somewhere.com<\/saml:AttributeValue>/, @attribute.to_xml)
+      end
+      should "optionally include multiple attribute value child elements" do
+        @attribute.values << 'someone@somewhere.com'
+        @attribute.values << 'someone@somewhereelse.com'
+        assert_match('<saml:AttributeValue>someone@somewhere.com</saml:AttributeValue>', @attribute.to_xml)
+        assert_match('<saml:AttributeValue>someone@somewhereelse.com</saml:AttributeValue>', @attribute.to_xml)
+      end
+      should "optionally include extra XML attributes" do
+        @attribute.extra_xml_attributes['foo'] = 'bar'
+        assert_match(/foo="bar"/, @attribute.to_xml)
+      end
+    end
+  end
+  
+  context "an encrypted attribute" do
+    setup do
+      @encrypted_attribute = EncryptedAttribute.new
+    end
+    should_eventually "be valid" do
+      assert_nothing_raised do
+        @encrypted_attribute.validate
+      end
+    end
+    should_eventually "always include encrypted data"
+    should_eventually "optionally include encrypted keys"
+  end
+end

data/test/authentication_context_test.rb

@@ -0,0 +1,26 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class AuthenticationContextTest < Test::Unit::TestCase
+  context "an authentication context" do
+    setup do
+      @authn_context = AuthenticationContext.new
+    end
+    context "when producing xml" do
+      should "optionally have a class reference" do
+        @authn_context.class_reference = 'http://example.com/class_ref'
+        assert_equal '<saml:AuthnContext><saml:AuthnContextClassRef>http://example.com/class_ref</saml:AuthnContextClassRef></saml:AuthnContext>', @authn_context.to_xml
+      end
+      should "optionally have a context declaration" do
+        @authn_context.context_declaration = 'example'
+        assert_equal '<saml:AuthnContext><saml:AuthnContextDecl>example</saml:AuthnContextDecl></saml:AuthnContext>', @authn_context.to_xml
+      end
+      should "optionally have a context declaration ref" do
+        @authn_context.context_declaration_ref = 'http://example.com/declaration_ref'
+        assert_equal '<saml:AuthnContext><saml:AuthnContextDeclRef>http://example.com/declaration_ref</saml:AuthnContextDeclRef></saml:AuthnContext>', @authn_context.to_xml
+      end
+      should_eventually "optionally have zero or more authenticating authority instances" do
+        
+      end
+    end
+  end
+end