diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml
new file mode 100644
index 00000000..affd63bb
--- /dev/null
+++ b/.github/release-drafter.yml
@@ -0,0 +1,54 @@
+name-template: 'v$RESOLVED_VERSION'
+tag-template: 'v$RESOLVED_VERSION'
+categories:
+-
+  title: 'Features'
+  labels:
+  - 'enhancement'
+  - 'feat'
+  - 'feature'
+-
+  title: 'Bug Fixes'
+  labels:
+  - 'bug'
+  - 'bugfix'
+  - 'fix'
+-
+  title: 'Maintenance'
+  labels:
+  - 'chore'
+  - 'style'
+change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
+change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks.
+version-resolver:
+  major:
+    labels: ['major']
+  minor:
+    labels: ['minor']
+  patch:
+    labels: ['patch']
+  default: patch
+exclude-labels: ['skip']
+autolabeler:
+-
+  label: 'bug'
+  branch:
+  - '/bug\/.+/'
+  - '/bugfix\/.+/'
+  - '/fix\/.+/'
+-
+  label: 'enhancement'
+  branch:
+  - '/dependabot\/.+/'
+  - '/enhancement\/.+/'
+  - '/feat\/.+/'
+  - '/feature\/.+/'
+-
+  label: 'chore'
+  branch:
+  - '/chore\/.+/'
+  - '/style\/.+/'
+template: |
+  ## Release notes
+
+  $CHANGES
diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml
new file mode 100644
index 00000000..6a89202f
--- /dev/null
+++ b/.github/workflows/python-app.yml
@@ -0,0 +1,66 @@
+# This workflow will install Python dependencies, run tests and lint with a single version of Python
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+
+name: Satosa-Saml2Spid
+
+on:
+  push:
+    branches: [ master, dev ]
+  pull_request:
+    branches: [ master, dev ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version:
+          - '3.7'
+          - '3.8'
+          - '3.9'
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v2
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install system dependencies
+      run: |
+        sudo apt update
+        sudo apt install -y libffi-dev libssl-dev python3-pip xmlsec1 procps libpcre3 libpcre3-dev
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        if [ -f requirements-dev.txt ]; then pip install -r requirements-dev.txt; fi
+        if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+        pip install -r example_sp/djangosaml2_sp/requirements.txt
+        pip install spid-sp-test>=0.9.2
+        pip list -v
+    #- name: Lint with flake8
+      #run: |
+        ## stop the build if there are Python syntax errors or undefined names
+        #flake8 oidc_provider --count --select=E9,F63,F7,F82 --show-source --statistics
+        ## exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
+        #flake8 oidc_provider  --max-line-length 120 --count --exit-zero --statistics
+    - name: run djangosaml2 sp
+      run: |
+        cd example_sp/djangosaml2_sp/
+        bash run.sh &
+        sleep 5
+    - name: run satosa-saml2spid
+      run: |
+        cd example
+        mkdir -p metadata/idp
+        mkdir -p metadata/sp
+        export SATOSA_APP=`python3 -c 'import sysconfig; print(sysconfig.get_paths()["purelib"])'`
+        uwsgi --wsgi-file $SATOSA_APP/satosa/wsgi.py  --https 0.0.0.0:10000,./pki/cert.pem,./pki/privkey.pem --callable app -b 32768 &
+        sleep 5
+    - name: spid-sp-test
+      run: |
+        cd example
+        spid_sp_test --idp-metadata > metadata/idp/spid-sp-test.xml
+        spid_sp_test --metadata-url https://localhost:10000/spidSaml2/metadata --authn-url "http://localhost:8000/saml2/login/?idp=https://localhost:10000/Saml2IDP/metadata&next=/saml2/echo_attributes&idphint=https%253A%252F%252Flocalhost%253A8080" -ap spid_sp_test.plugins.authn_request.SatosaSaml2Spid --extra --debug ERROR -tr
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
new file mode 100644
index 00000000..0916e298
--- /dev/null
+++ b/.github/workflows/release-drafter.yml
@@ -0,0 +1,17 @@
+name: Release drafter
+
+on:
+  push:
+    branches: [master, dev]
+  pull_request:
+    types: [opened, reopened, synchronize]
+
+jobs:
+  update_release_draft:
+    name: Update draft release
+    runs-on: ubuntu-latest
+    steps:
+    -
+      uses: release-drafter/release-drafter@v5
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.gitignore b/.gitignore
index 68400713..6fc3a3aa 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,4 +12,4 @@ example/metadata/*.md
 *pyFF_example/.whoosh
 *pyFF_example/garr
 *pyFF_example/entities
-example/pki/*
+example_sp/djangosaml2_sp/sqlite3.db
diff --git a/README.md b/README.md
index e988ec97..74f727bf 100644
--- a/README.md
+++ b/README.md
@@ -107,7 +107,7 @@ source satosa.env/bin/activate
 
 ###### Dependencies
 ````
-sudo apt install -y libffi-dev libssl-dev xmlsec1 python3-pip xmlsec1 procps libpcre3 libpcre3-dev
+sudo apt install -y libffi-dev libssl-dev python3-pip xmlsec1 procps libpcre3 libpcre3-dev
 
 git clone https://github.com/peppelinux/Satosa-Saml2Spid.git repository
 pip install -r repository/requirements.txt
diff --git a/example/metadata/idp/spid-sp-test.xml b/example/metadata/idp/spid-sp-test.xml
new file mode 100644
index 00000000..a498163c
--- /dev/null
+++ b/example/metadata/idp/spid-sp-test.xml
@@ -0,0 +1 @@
+<?xml version="1.0"?><md:EntityDescriptor ID="_3ffef5dca85b4773aaf0c8b4f086d92b1dc5fb4cbb" entityID="https://localhost:8080" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#_3ffef5dca85b4773aaf0c8b4f086d92b1dc5fb4cbb"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>yqmXnkQV7s7mz2bcIb4fLiTM/wwLaRmTTjJHW6lkafc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>BLLJrRnwcYU2dobAKG9DfzyDlHkI7uLH9agT9TOkgwCXqOrhDeN/lFRrqy4gt7oii5uGlnuTmqGUW5hNGUkb6pzETu3WbTVTl8UjvdmsQcNzYNtZPhr00dawgb52j2pPt8KsJKgA4iv8Fl8ALQwVKBlJ2w20d9iWVMJLh/7CHjgzA1TfuGsaKe9vEzqXKDKRDlK614lCAGu/v0kektWtVGECT038dnAuN+KbWqCkojc3nrnAjCm3/pPQ3POzlBdKhRpN55SE29eSd49gm4rDsp9CkRDYYx3IG44ihmBNVONg8zZSp3Jc24TQ/dmS1jDK+LyJvxh6YHhs0I6ejQ6VlA==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIEGDCCAwCgAwIBAgIJAOrYj9oLEJCwMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNVBAYTAklUMQ4wDAYDVQQIEwVJdGFseTENMAsGA1UEBxMEUm9tZTENMAsGA1UEChMEQWdJRDESMBAGA1UECxMJQWdJRCBURVNUMRQwEgYDVQQDEwthZ2lkLmdvdi5pdDAeFw0xOTA0MTExMDAyMDhaFw0yNTAzMDgxMDAyMDhaMGUxCzAJBgNVBAYTAklUMQ4wDAYDVQQIEwVJdGFseTENMAsGA1UEBxMEUm9tZTENMAsGA1UEChMEQWdJRDESMBAGA1UECxMJQWdJRCBURVNUMRQwEgYDVQQDEwthZ2lkLmdvdi5pdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK8kJVo+ugRrbbv9xhXCuVrqi4B7/MQzQc62ocwlFFujJNd4m1mXkUHFbgvwhRkQqo2DAmFeHiwCkJT3K1eeXIFhNFFroEzGPzONyekLpjNvmYIs1CFvirGOj0bkEiGaKEs+/umzGjxIhy5JQlqXE96y1+Izp2QhJimDK0/KNij8I1bzxseP0Ygc4SFveKS+7QO+PrLzWklEWGMs4DM5Zc3VRK7g4LWPWZhKdImC1rnS+/lEmHSvHisdVp/DJtbSrZwSYTRvTTz5IZDSq4kAzrDfpj16h7b3t3nFGc8UoY2Ro4tRZ3ahJ2r3b79yK6C5phY7CAANuW3gDdhVjiBNYs0CAwEAAaOByjCBxzAdBgNVHQ4EFgQU3/7kV2tbdFtphbSA4LH7+w8SkcwwgZcGA1UdIwSBjzCBjIAU3/7kV2tbdFtphbSA4LH7+w8SkcyhaaRnMGUxCzAJBgNVBAYTAklUMQ4wDAYDVQQIEwVJdGFseTENMAsGA1UEBxMEUm9tZTENMAsGA1UEChMEQWdJRDESMBAGA1UECxMJQWdJRCBURVNUMRQwEgYDVQQDEwthZ2lkLmdvdi5pdIIJAOrYj9oLEJCwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJNFqXg/V3aimJKUmUaqmQEEoSc3qvXFITvT5f5bKw9yk/NVhR6wndL+z/24h1OdRqs76blgH8k116qWNkkDtt0AlSjQOx5qvFYh1UviOjNdRI4WkYONSw+vuavcx+fB6O5JDHNmMhMySKTnmRqTkyhjrch7zaFIWUSV7hsBuxpqmrWDoLWdXbV3eFH3mINA5AoIY/m0bZtzZ7YNgiFWzxQgekpxd0vcTseMnCcXnsAlctdir0FoCZztxMuZjlBjwLTtM6Ry3/48LMM8Z+lw7NMciKLLTGQyU8XmKKSSOh0dGh5Lrlt5GxIIJkH81C0YimWebz8464QPL3RbLnTKg+c=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIEGDCCAwCgAwIBAgIJAOrYj9oLEJCwMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNVBAYTAklUMQ4wDAYDVQQIEwVJdGFseTENMAsGA1UEBxMEUm9tZTENMAsGA1UEChMEQWdJRDESMBAGA1UECxMJQWdJRCBURVNUMRQwEgYDVQQDEwthZ2lkLmdvdi5pdDAeFw0xOTA0MTExMDAyMDhaFw0yNTAzMDgxMDAyMDhaMGUxCzAJBgNVBAYTAklUMQ4wDAYDVQQIEwVJdGFseTENMAsGA1UEBxMEUm9tZTENMAsGA1UEChMEQWdJRDESMBAGA1UECxMJQWdJRCBURVNUMRQwEgYDVQQDEwthZ2lkLmdvdi5pdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK8kJVo+ugRrbbv9xhXCuVrqi4B7/MQzQc62ocwlFFujJNd4m1mXkUHFbgvwhRkQqo2DAmFeHiwCkJT3K1eeXIFhNFFroEzGPzONyekLpjNvmYIs1CFvirGOj0bkEiGaKEs+/umzGjxIhy5JQlqXE96y1+Izp2QhJimDK0/KNij8I1bzxseP0Ygc4SFveKS+7QO+PrLzWklEWGMs4DM5Zc3VRK7g4LWPWZhKdImC1rnS+/lEmHSvHisdVp/DJtbSrZwSYTRvTTz5IZDSq4kAzrDfpj16h7b3t3nFGc8UoY2Ro4tRZ3ahJ2r3b79yK6C5phY7CAANuW3gDdhVjiBNYs0CAwEAAaOByjCBxzAdBgNVHQ4EFgQU3/7kV2tbdFtphbSA4LH7+w8SkcwwgZcGA1UdIwSBjzCBjIAU3/7kV2tbdFtphbSA4LH7+w8SkcyhaaRnMGUxCzAJBgNVBAYTAklUMQ4wDAYDVQQIEwVJdGFseTENMAsGA1UEBxMEUm9tZTENMAsGA1UEChMEQWdJRDESMBAGA1UECxMJQWdJRCBURVNUMRQwEgYDVQQDEwthZ2lkLmdvdi5pdIIJAOrYj9oLEJCwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJNFqXg/V3aimJKUmUaqmQEEoSc3qvXFITvT5f5bKw9yk/NVhR6wndL+z/24h1OdRqs76blgH8k116qWNkkDtt0AlSjQOx5qvFYh1UviOjNdRI4WkYONSw+vuavcx+fB6O5JDHNmMhMySKTnmRqTkyhjrch7zaFIWUSV7hsBuxpqmrWDoLWdXbV3eFH3mINA5AoIY/m0bZtzZ7YNgiFWzxQgekpxd0vcTseMnCcXnsAlctdir0FoCZztxMuZjlBjwLTtM6Ry3/48LMM8Z+lw7NMciKLLTGQyU8XmKKSSOh0dGh5Lrlt5GxIIJkH81C0YimWebz8464QPL3RbLnTKg+c=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:8080/samlsso" ResponseLocation="https://localhost:8080/samlsso"/><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:8080/samlsso" ResponseLocation="https://localhost:8080/samlsso"/><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:8080/samlsso"/><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:8080/samlsso"/></md:IDPSSODescriptor></md:EntityDescriptor>
\ No newline at end of file
diff --git a/example/metadata/sp/djangosaml2_sp b/example/metadata/sp/djangosaml2_sp
new file mode 100644
index 00000000..06f0e285
--- /dev/null
+++ b/example/metadata/sp/djangosaml2_sp
@@ -0,0 +1,35 @@
+<md:EntityDescriptor xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://localhost:8000/saml2/metadata/"><md:Extensions><alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#md5" /><alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160" /><alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224" /><alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384" /><alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512" /><alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" /><alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256" /><alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" /><alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224" /><alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" /><alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384" /><alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512" /><alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-md5" /><alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160" /><alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha224" /><alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" /><alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" /></md:Extensions><md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="true" WantAssertionsSigned="true"><md:KeyDescriptor use="signing"><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDETCCAfmgAwIBAgIUPw12Gkt4agBtLBntd7RzTWwLKAYwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNc3AxLnVuaWNhbC5pdDAeFw0xOTAzMjAxNDMxMTVaFw0y
+OTAzMTcxNDMxMTVaMBgxFjAUBgNVBAMMDXNwMS51bmljYWwuaXQwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj0BzOt58ECsSwT049bIhmD0p7q0Y+4L7c
+jrvvJYcMT7HZE+tbO4M6upkXnP+3gvPpRccaEtwJoda3gYzvF35VMzp0fCW7OmXI
+R8cJtySIfzkdmmO385Tbxlp1jRxZyQtc2nPzCKeV4xlQNEinQr94nI7tMFReDejj
+XKwS5RABk8KQMo2M78xa9RQyxqDC1e0ioeVQRR2og99fF3u/WOJ/JB2aETTfvInr
+FIyFA5XB0roBDyM44877nRKYeMBd4kVk+fs4yu6kZm7WOXHUXFLKRuXLeVxEbZYz
+SSMjncsB1U35OAt+Ozkp+12qaqMAVdGKP+xso3zGAr/5AC6CuPnrAgMBAAGjUzBR
+MB0GA1UdDgQWBBR6RRoajGB1UmdiMAKSmgpL3RD0mzAfBgNVHSMEGDAWgBR6RRoa
+jGB1UmdiMAKSmgpL3RD0mzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4IBAQBzRUa++T0EiR+Fq4iTpKIysigV+1CeMbS+u1JaPOnMXfWmboOOVDrHhnit
+bpfxm+SpbafPTz40THtfw9EKvReMjNa4HQ4vFBMwZtmYZ4piGS5PferFDzYdZG1d
+S/2vcCQA4Dya/R675XKEhBdWO8JfUOL1ImMoJBa5Z+ApU8OCk8hpiJUV0akpw7jA
++VO8+VR2T+SH+3h28KOrNdraWozZ99NKqB7GUFcaxouaOkPE7mi8JyAgLZMZvJae
+QeJEUI9sfavSLmvBsfbusAeCjFYCVM9MM7uZNvK6gI0Dzppl+rN7vRWcBF+oYyiS
+1EX9j2GqG1yWcdGvY60GJu5Er5id
+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:KeyDescriptor use="encryption"><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDETCCAfmgAwIBAgIUPw12Gkt4agBtLBntd7RzTWwLKAYwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNc3AxLnVuaWNhbC5pdDAeFw0xOTAzMjAxNDMxMTVaFw0y
+OTAzMTcxNDMxMTVaMBgxFjAUBgNVBAMMDXNwMS51bmljYWwuaXQwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj0BzOt58ECsSwT049bIhmD0p7q0Y+4L7c
+jrvvJYcMT7HZE+tbO4M6upkXnP+3gvPpRccaEtwJoda3gYzvF35VMzp0fCW7OmXI
+R8cJtySIfzkdmmO385Tbxlp1jRxZyQtc2nPzCKeV4xlQNEinQr94nI7tMFReDejj
+XKwS5RABk8KQMo2M78xa9RQyxqDC1e0ioeVQRR2og99fF3u/WOJ/JB2aETTfvInr
+FIyFA5XB0roBDyM44877nRKYeMBd4kVk+fs4yu6kZm7WOXHUXFLKRuXLeVxEbZYz
+SSMjncsB1U35OAt+Ozkp+12qaqMAVdGKP+xso3zGAr/5AC6CuPnrAgMBAAGjUzBR
+MB0GA1UdDgQWBBR6RRoajGB1UmdiMAKSmgpL3RD0mzAfBgNVHSMEGDAWgBR6RRoa
+jGB1UmdiMAKSmgpL3RD0mzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4IBAQBzRUa++T0EiR+Fq4iTpKIysigV+1CeMbS+u1JaPOnMXfWmboOOVDrHhnit
+bpfxm+SpbafPTz40THtfw9EKvReMjNa4HQ4vFBMwZtmYZ4piGS5PferFDzYdZG1d
+S/2vcCQA4Dya/R675XKEhBdWO8JfUOL1ImMoJBa5Z+ApU8OCk8hpiJUV0akpw7jA
++VO8+VR2T+SH+3h28KOrNdraWozZ99NKqB7GUFcaxouaOkPE7mi8JyAgLZMZvJae
+QeJEUI9sfavSLmvBsfbusAeCjFYCVM9MM7uZNvK6gI0Dzppl+rN7vRWcBF+oYyiS
+1EX9j2GqG1yWcdGvY60GJu5Er5id
+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8000/saml2/ls/post/" /><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://localhost:8000/saml2/ls/" /><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8000/saml2/acs/" index="1" /></md:SPSSODescriptor><md:Organization><md:OrganizationName xml:lang="it">Unical</md:OrganizationName><md:OrganizationName xml:lang="en">Unical</md:OrganizationName><md:OrganizationDisplayName xml:lang="it">Unical</md:OrganizationDisplayName><md:OrganizationDisplayName xml:lang="en">Unical</md:OrganizationDisplayName><md:OrganizationURL xml:lang="it">http://www.unical.it</md:OrganizationURL><md:OrganizationURL xml:lang="en">http://www.unical.it</md:OrganizationURL></md:Organization><md:ContactPerson contactType="administrative"><md:Company>Universita della Calabria</md:Company><md:GivenName>Giuseppe</md:GivenName><md:SurName>De Marco</md:SurName><md:EmailAddress>giuseppe.demarco@unical.it</md:EmailAddress></md:ContactPerson><md:ContactPerson contactType="technical"><md:Company>Universita della Calabria</md:Company><md:GivenName>Giuseppe</md:GivenName><md:SurName>De Marco</md:SurName><md:EmailAddress>giuseppe.demarco@unical.it</md:EmailAddress></md:ContactPerson></md:EntityDescriptor>
\ No newline at end of file
diff --git a/example/pki/build_spid_certs.sh b/example/pki/build_spid_certs.sh
new file mode 100644
index 00000000..787e446f
--- /dev/null
+++ b/example/pki/build_spid_certs.sh
@@ -0,0 +1,118 @@
+#!/bin/sh
+
+set -euo pipefail
+
+openssl_conf=$(mktemp)
+
+# check input parameters
+
+COMMON_NAME=${COMMON_NAME:=""}
+if [ "X${COMMON_NAME}" == "X" ]; then
+    echo "[E] COMMON_NAME must be set"
+    exit 1
+fi
+
+LOCALITY_NAME=${LOCALITY_NAME:=""}
+if [ "X${LOCALITY_NAME}" == "X" ]; then
+    echo "[E] LOCALITY_NAME must be set"
+    exit 1
+fi
+
+ORGANIZATION_IDENTIFIER=${ORGANIZATION_IDENTIFIER:=""}
+if [ "X${ORGANIZATION_IDENTIFIER}" == "X" ]; then
+    echo "[E] ORGANIZATION_IDENTIFIER must be set"
+    exit 1
+fi
+
+if [ $(echo ${ORGANIZATION_IDENTIFIER} | grep -c '^PA:IT-') -ne 1 ]; then
+    echo "[E] ORGANIZATION_IDENTIFIER must be in the format of 'PA:IT-<IPA code>'"
+    exit 1
+fi
+
+ORGANIZATION_NAME=${ORGANIZATION_NAME:=""}
+if [ "X${ORGANIZATION_NAME}" == "X" ]; then
+    echo "[E] ORGANIZATION_NAME must be set"
+    exit 1
+fi
+
+SERIAL_NUMBER=${SERIAL_NUMBER:=""}
+if [ "X${SERIAL_NUMBER}" == "X" ]; then
+    echo "[E] SERIAL_NUMBER must be set"
+    exit 1
+fi
+
+URI=${URI:=""}
+if [ "X${URI}" == "X" ]; then
+    echo "[E] URI must be set"
+    exit 1
+fi
+
+SPID_SECTOR=${SPID_SECTOR:=""}
+if [ "X${SPID_SECTOR}" == "X" ]; then
+    echo "[E] SPID_SECTOR must be set"
+    exit 1
+fi
+
+case ${SPID_SECTOR} in
+    public)
+        POLICY_IDENTIFIER="spid-publicsector-SP"
+        ;;
+    private)
+        POLICY_IDENTIFIER="spid-privatesector-SP"
+        ;;
+    *)
+    echo "[E] SPID_SECTOR must be one of ['public', 'private']"
+    exit 1
+        ;;
+esac
+
+# generate configuration file
+
+cat > ${openssl_conf} <<EOF
+oid_section=spid_oids
+[ req ]
+default_bits=3072
+default_md=sha384
+distinguished_name=dn
+encrypt_key=no
+prompt=no
+req_extensions=req_ext
+[ spid_oids ]
+#organizationIdentifier=2.5.4.97
+spid-privatesector-SP=1.3.76.16.4.3.1
+spid-publicsector-SP=1.3.76.16.4.2.1
+uri=2.5.4.83
+[ dn ]
+commonName=${COMMON_NAME}
+countryName=IT
+localityName=${LOCALITY_NAME}
+organizationIdentifier=${ORGANIZATION_IDENTIFIER}
+organizationName=${ORGANIZATION_NAME}
+serialNumber=${SERIAL_NUMBER}
+uri=${URI}
+[ req_ext ]
+certificatePolicies=@spid_policies
+[ spid_policies ]
+policyIdentifier=${POLICY_IDENTIFIER}
+EOF
+
+# generate selfsigned certificate
+
+openssl req -new -x509 -config ${openssl_conf} \
+    -days ${DAYS:=730} \
+    -keyout privkey.pem -out cert.pem \
+    -extensions req_ext
+
+# dump (text) the certificate
+
+openssl x509 -noout -text -in cert.pem
+
+# dump (ASN.1) the certificate
+
+openssl asn1parse -inform PEM \
+    -oid oids.conf \
+    -i -in cert.pem
+
+# cleanup
+
+rm -fr ${openssl_conf}
diff --git a/example/pki/cert.pem b/example/pki/cert.pem
new file mode 100644
index 00000000..c126ef57
--- /dev/null
+++ b/example/pki/cert.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE/TCCA2WgAwIBAgIUZYMkZC8ySXs72cH2yj4TGh/T7PgwDQYJKoZIhvcNAQEM
+BQAwgasxGzAZBgNVBAMMElNQSUQgZXhhbXBsZSBwcm94eTELMAkGA1UEBhMCSVQx
+DTALBgNVBAcMBFJvbWExFTATBgNVBGEMDFBBOklULWNfaDUwMTEbMBkGA1UECgwS
+U1BJRCBleGFtcGxlIHByb3h5MRMwEQYDVQQFEwoxMjM0NTY3ODkwMScwJQYDVQRT
+DB5odHRwczovL3NwaWQucHJveHkuZXhhbXBsZS5vcmcwHhcNMjEwNzEzMDkzMDE0
+WhcNNDEwNzA4MDkzMDE0WjCBqzEbMBkGA1UEAwwSU1BJRCBleGFtcGxlIHByb3h5
+MQswCQYDVQQGEwJJVDENMAsGA1UEBwwEUm9tYTEVMBMGA1UEYQwMUEE6SVQtY19o
+NTAxMRswGQYDVQQKDBJTUElEIGV4YW1wbGUgcHJveHkxEzARBgNVBAUTCjEyMzQ1
+Njc4OTAxJzAlBgNVBFMMHmh0dHBzOi8vc3BpZC5wcm94eS5leGFtcGxlLm9yZzCC
+AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMX1VVjDx0e9PIq+v1NeHQ8S
+iT6hHJSkMsWYV+JLmLoGcxSV7iMFvBL3KQaokCFAAsl1k5f77PT3WFMFzmVO+0Eq
+SRIM/+7m8IgXP2amBcxJWt5iglG73vVw1cSEovmlDkUR7jP88Q8OfK+RrR1qm7v8
+Nt/AFWGzQL95Ng3Ux7uJ8CwZSZaNdj+nJoEKDG0+c9pfPLcc/QgP7ZrINacUCpUe
+EWcUvR+cJRZip9B15Kk2s+uUYvA9Gns4IpJGgmUXh6JCYwvm5/7l28uxmHzdT1hN
+e1p1f5g5ofnZwFLJI+SCbVNq7q/f2NU8JpQTMCgeyPdnVV5nXxG6sDRDnQIsvnHt
+g6AMUCHYVV+PZroMQtx5TRCeiiA1RRCPnsqhjfPAOOIQopjHIr6MMVvO5WFP+7zG
+1u8tXc6/tl3fSKVuGnpDuXDn8Qj8exoh7A4olzv9PVFMqIRGLhYJ5bHRU1EuU/fA
+RReNYjWU3XYHiQ95xLzHjRjxZkyxvdxb7KCWbyHaOwIDAQABoxcwFTATBgNVHSAE
+DDAKMAgGBitMEAQCATANBgkqhkiG9w0BAQwFAAOCAYEAjT2bIsLUDMHlLW+aCjqw
+fqm9p//cFPzt6jeeZ6MEyIQ9/UVKbucOhgW7zsdKyxFSbZzx27icTUUHuAZV2eiS
+91AA7yhZB46pGfiYmPfbjZgN3EotllgphenDKJZzAZw9bjxASugvT/7faUGxQRQI
+ThwoCvpZr9U1aBKBP+QdE+Ym88h+rLGPokkUEoOfIT+WptE8gUbqPZHAq4ObODiT
+IZDVDflI2k/llS75e6TWBiZSGGdMMfkmDiBM9kW7sREW3HfUsYWx9SXEgtDZ3K8q
+fmhQn6IYLZX10lbk4j5HJTe6PLH+XmYdwIADboAhPDNEFK0E276iiHF/wR6i5WxK
+Bd1bAHLE451W8g3uAjkIhfIZg3i1r9uQXw4D8M1Gsb8OUDK182McqlVEP7HEsBno
+dprUnm3AfbAUjQ0aFRM/DfdKMy+3lYe4A3gBgWbDdliCFlpUUd9MjsYqs/EphcQR
+UNc2uhjHUl49I92V0VWTK4fB1hAXp4pCoAiVJBibMNML
+-----END CERTIFICATE-----
diff --git a/example/pki/my.env b/example/pki/my.env
new file mode 100644
index 00000000..e02e92d2
--- /dev/null
+++ b/example/pki/my.env
@@ -0,0 +1,8 @@
+export COMMON_NAME="SPID example proxy"
+export LOCALITY_NAME="Roma"
+export ORGANIZATION_IDENTIFIER="PA:IT-c_h501"
+export ORGANIZATION_NAME="SPID example proxy"
+export SERIAL_NUMBER="1234567890"
+export SPID_SECTOR="public"
+export URI="https://spid.proxy.example.org"
+export DAYS="7300"
diff --git a/example/pki/oids.conf b/example/pki/oids.conf
new file mode 100644
index 00000000..3c06ab26
--- /dev/null
+++ b/example/pki/oids.conf
@@ -0,0 +1,4 @@
+1.3.76.16.4.2.1 spid-publicsector-SP spid-publicsector-SP
+1.3.76.16.4.3.1 spid-privatesector-SP spid-privatesector-SP
+2.5.4.83 uri uri
+2.5.4.97 organizationIdentifier organizationIdentifier
diff --git a/example/pki/privkey.pem b/example/pki/privkey.pem
new file mode 100644
index 00000000..52f181b4
--- /dev/null
+++ b/example/pki/privkey.pem
@@ -0,0 +1,40 @@
+-----BEGIN PRIVATE KEY-----
+MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQDF9VVYw8dHvTyK
+vr9TXh0PEok+oRyUpDLFmFfiS5i6BnMUle4jBbwS9ykGqJAhQALJdZOX++z091hT
+Bc5lTvtBKkkSDP/u5vCIFz9mpgXMSVreYoJRu971cNXEhKL5pQ5FEe4z/PEPDnyv
+ka0dapu7/DbfwBVhs0C/eTYN1Me7ifAsGUmWjXY/pyaBCgxtPnPaXzy3HP0ID+2a
+yDWnFAqVHhFnFL0fnCUWYqfQdeSpNrPrlGLwPRp7OCKSRoJlF4eiQmML5uf+5dvL
+sZh83U9YTXtadX+YOaH52cBSySPkgm1Tau6v39jVPCaUEzAoHsj3Z1VeZ18RurA0
+Q50CLL5x7YOgDFAh2FVfj2a6DELceU0QnoogNUUQj57KoY3zwDjiEKKYxyK+jDFb
+zuVhT/u8xtbvLV3Ov7Zd30ilbhp6Q7lw5/EI/HsaIewOKJc7/T1RTKiERi4WCeWx
+0VNRLlP3wEUXjWI1lN12B4kPecS8x40Y8WZMsb3cW+yglm8h2jsCAwEAAQKCAYEA
+jpUamAjLrJxc0wJ5BC8xdv2+5OFemKF8AF6uTkxtAPBMS3OCRq+Gu5JSdn1K8ugM
+GdcaK8pE7lyJvaLc+pNc3Z77aoj6frTQYvV7sQ+79VyQmsURYJWVDevrzNRMHswH
+7y/vBnsVlea1YC/pJNr4uPn8/ER6Ihjedgt0J5ovEqFT4C+GlW3m0gou7ZqzQKxO
+/ebC8JFsnzX5yhaSrnj89lLl7f0+C1qITAtbHAcOX+MKzI/gg3E/dakFHZ6zpOTA
+gxMEnuNi/rumVc/IYvKn4uR6xcwcwg2uqegipsoGWTW7hpiE2ywDhGWmauM3qP3V
+8P6G0pIUE+4UvjpzVJ4ce9smDsgP+8Hz1S4ostrrJN67DOloR1PDVo3317rgpaz3
+DTzx3hFPXGw/SUYMASWXoBT5sANqmT85K9D+ao7tGPgp+QdxBJ/T6diEAv0Jctg4
+l4fm6ZTdk8bIHOJCv7UaZsxqvlXS0imW2b2+YahKQNM2bOJBq5ZCaml0KhCmQhYh
+AoHBAPe9GSIVJF5wBAchyQZiCg7wwv65gOXdJ3V2HoRSn15FuTNMou6TtaDHEN6t
+hnSu4P9pIWP+x/5rOVKPNbKeIZB1VA5Afb/VtCyTx3tN3LV4pqt3BTRnNhNcGkA/
+wodsd1x7gYwzRSgIWdUriZAK/LqrXUfhX2vlD9MLfe691dKhi7+zLTm2PhLLzCbV
+q1uu2GZUE5sjuOVlEpt1zvKBwHqF8OEsxQCpt45ufYvyqApvJ/pjotdjCZCqMAof
+twpWZwKBwQDMj0Tp4moLah9vDs+64o7GOb3rzdssZKy3l2OCgwdFzuk05mri5TB1
+CAS4URsRXCvUvTu3dXYiazTH+yhtdsmwHqXqnioh4AJ/T15rsaH2GJ8LCfHyUAdt
+ZAg64kJMV8PlZp+992K7DFumdGLfQL124L4Rb2H0Koh1jm1OQDQgEQ66zvhI7K+7
+ido/9MVksKUskXYTp3v5+bBABFs1FtxbU/Y5G48KjLv7I9u6KHzE7aW+FLlW2coX
+9P4wsnXIcQ0CgcAR6QfiIOkqMqr34QdpgLj9b4aJZ9vbwmtR4KJAKsD+zcef39B/
+swoUf4/GqYDo+qOlk3Ioiojm6dWRFG1rZmdCzFixVxRARDDscBqh3XUxYXGbP9WO
+fk+4gpYbQwDLTZorg3pQKny7ci8cbDNbyI+Q50atJawCXuMP/Oqz0eGdgrRZvZht
+bbF7JmSyAgyLak6Wx0lLk/+QBgicWJ4Hhj3mHbzWaqgrbhmpIG/PKFHhvzuCrKVf
+MPfGD6e9c6GGC80CgcBnrGjx3KWAOX3K7IfNoMtZnaQq4X8mZbO/rINrfvrtn2tE
+O0+KxTuk5LZ3r+t3Be7U+D9OwMJpuUnb3OflaqHXmADhAt45ou3BFjm1fSanslzQ
+3G56L6NEBsHBDjEpvgVzu2pUfg/U2vOMTkpZ+dbMbCUIcxoDBJd6dP/i+9kvM1Xy
+ybi+RO7froMljOmKGZjtGJ/uYCEOVUTFfS+4nWh7BPeyg8wgPal8I/VVyPVLXWJ2
+DszMPr8VGz7E8X2OY/UCgcBH2Qb/1InBT2ggG0cA+H3S8F5PI8lSE2KyhGqFt62r
+d85k3wAFxDerSrK6W0jZD1CuNtzJGe8LbWDIzlTqB/BDzWBGATNb212WL6/gGTaF
+uOezidvXu2oDc8qEBeWFMKW4xErPyrC4whoBBulIshRPDx3OgJ0Jw7T+0yxnoWw4
+gJAAKa7EnJ3f/cssbaeFL3wpKit/76LJbO1B5W2Qpue1IEsPIJSMNlJGkorPyUcd
+sgYiDge8OFgk/geR4BCFVbk=
+-----END PRIVATE KEY-----
diff --git a/example_sp/djangosaml2_sp/README.md b/example_sp/djangosaml2_sp/README.md
new file mode 100644
index 00000000..34e7c75f
--- /dev/null
+++ b/example_sp/djangosaml2_sp/README.md
@@ -0,0 +1,19 @@
+### djangosaml2-sp (SP server)
+````
+sudo apt install xmlsec1 python3-dev python3-pip libssl-dev
+pip3 install virtualenv
+
+virtualenv -ppython3 env
+source env/bin/activate
+
+cd djangosaml2_sp
+# download idp metadata to sp, not needed if remote options is enabled
+wget https://localhost:10000/Saml2IDP/metadata/ -O saml2_sp/saml2_config/satosa-saml2spid.xml --no-check-certificate
+
+cd ../../example/metadata/sp/
+# put sp metadata to satosa
+wget http://localhost:8000/saml2/metadata -O metadata/sp/djangosaml2_sp
+
+# run the sp test
+./manage.py runserver 0.0.0.0:8000
+````
diff --git a/example_sp/djangosaml2_sp/certificates/private.key b/example_sp/djangosaml2_sp/certificates/private.key
new file mode 100644
index 00000000..06798425
--- /dev/null
+++ b/example_sp/djangosaml2_sp/certificates/private.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCj0BzOt58ECsSw
+T049bIhmD0p7q0Y+4L7cjrvvJYcMT7HZE+tbO4M6upkXnP+3gvPpRccaEtwJoda3
+gYzvF35VMzp0fCW7OmXIR8cJtySIfzkdmmO385Tbxlp1jRxZyQtc2nPzCKeV4xlQ
+NEinQr94nI7tMFReDejjXKwS5RABk8KQMo2M78xa9RQyxqDC1e0ioeVQRR2og99f
+F3u/WOJ/JB2aETTfvInrFIyFA5XB0roBDyM44877nRKYeMBd4kVk+fs4yu6kZm7W
+OXHUXFLKRuXLeVxEbZYzSSMjncsB1U35OAt+Ozkp+12qaqMAVdGKP+xso3zGAr/5
+AC6CuPnrAgMBAAECggEASyECZUhPtMHfjWEB6CfjsrMmnOtjbykSQANya+7RLjNK
+xN1e3tu/hurXlb3aheaYSQ9IjkvCAOTpngXbhjhHJ3o0QAJEJ8dTsPRCc9E7/yIi
+JtKNE2uyhM1G5YzPSNpszKwf64G3ooWiMWeZPqTdPcrHvj6hIvXMLqJtBMlretz2
+yuK5CstZJg7uhBGfK+uqO0YvPc65nmN+v7EVHQCw7YbBAK+j3x4L4j2wU4DYU8+o
+7gDs3wUZ0yccCjNqe2WnZEdnqUFJfBQS4hweoncJ0guaQHEt+cmU+9/RiDD8SM5l
+v8qftREQuRNQicvNfUCCkfDqAQygqNAqdAFMFgufEQKBgQDQdniGevawT+/dtFe3
+qYfjnKZIEx5wSinKfh8TO8JeIhCA3gZikyMcNM1Yf0YdQayv8EmdqeTjXQnOMWR5
+AsuRvkEsI2Xd7CaUVyAMTPgol9sI5pbmG5eyKoVnlbZRj2uLLvnpASqlwKX45WX4
+JB/uFSHGFSQoLLfOiieSU0mBCQKBgQDJKxjmmTJR2dd2XS5dkyThi1y2v3AvY/JZ
+miJ3tTgUWBr1QhAL19jQLSWqlonq9yrYXu0aG068Ze/QG1luo3UvL0Dp2xqVxYOv
+NfQyI9HucsyDUZ6RWuUCueW/JgHxEEXQVKbZTaSoJBjqqIRWSv46/jBM36oJtlZ0
+vY4k1OAEUwKBgDjPUGE1uWyrHC9LKmx+4u2Aj0AtFap8S49Hd6iCLKICnoS//PV4
+K6VQLnXjmXP3pdv8m9M/rYTYogdzJnJj9J4vPwuMSgKEjK74X196ylYlrCdsz8q9
+0kVXmSt1fU4Uy7YOg0SgcMLjEVgXDAbnsVvsnlug/02DgkPjGo2h7PIhAoGAIrK0
+UNILw+J3L4tS/ADtU5neHAdZKlNq8dmMKGmxipDH1ZXXfrN0SjP/UzU0BLstQLTe
+4KnlIsnSW2rcOiEnjUPxRmTsaPjwhcAgpqVXCHH0pJHnb9rltVqrLhU4MIRGBnET
+dlfWFspjIdZ/PQMiZrqBSkEp6xLwRqKLaf7txNECgYAEDbnTCzavjgQghASm3s22
+k4Wukd408kKuCkHJY/fn8MiDBxu9Y/RtiTAa2J6cy8HQ5sgnx1HMPCsS6DyyBkoG
+3MZI2q0RkMNGaSDwLVo61GPinVv0ylECMKHCKLxZsU9mmunzhMhIUra2nSn0zUpm
+I+aV3a2hnizaY23PtO97Hw==
+-----END PRIVATE KEY-----
diff --git a/example_sp/djangosaml2_sp/certificates/private_key.pem b/example_sp/djangosaml2_sp/certificates/private_key.pem
new file mode 100644
index 00000000..95fa69e3
--- /dev/null
+++ b/example_sp/djangosaml2_sp/certificates/private_key.pem
@@ -0,0 +1,117 @@
+RSA Private-Key: (2048 bit, 2 primes)
+modulus:
+    00:c1:25:69:dc:c8:60:5a:02:e2:03:35:2c:be:81:
+    f4:7d:d0:5a:93:33:31:69:7b:5c:61:b7:62:c1:df:
+    e1:d1:b6:d4:f1:f4:06:30:f7:9d:a5:50:58:90:10:
+    e9:bf:6b:74:2a:ea:d2:be:32:d9:01:91:15:18:b0:
+    54:d3:d0:93:7e:cd:0c:00:08:b0:57:b6:4e:1d:2b:
+    8b:2a:aa:58:0f:40:97:a7:ae:1a:51:5b:9b:b9:f8:
+    af:ff:06:76:3d:bd:1d:70:83:ea:38:3a:49:9d:87:
+    72:55:a2:96:f1:26:32:45:e4:aa:9c:77:ab:a0:1d:
+    1d:05:27:df:49:f2:ac:f6:a9:b4:9c:e9:6b:b2:30:
+    66:04:b5:f1:25:86:81:ec:e1:05:f0:55:a3:b5:55:
+    a7:5e:b6:89:79:53:ca:af:23:bd:5a:fc:75:de:50:
+    88:27:ad:97:6d:de:66:ef:64:9a:73:ee:21:e3:10:
+    99:37:48:5e:af:20:80:8a:ae:a4:e8:84:95:a8:ae:
+    52:bc:7a:f8:98:dc:4b:eb:63:8e:f2:3d:c0:f0:56:
+    f7:43:a9:e7:bf:ae:ab:1f:fe:2c:1c:69:5e:1d:82:
+    fa:b4:fa:56:a0:4a:2f:d3:15:bc:17:1c:bb:66:ca:
+    2e:19:38:12:67:19:6e:b2:6b:74:ca:87:d3:b4:8e:
+    fa:d5
+publicExponent: 65537 (0x10001)
+privateExponent:
+    10:2c:81:e0:eb:26:a6:62:f7:6a:2d:59:c1:da:40:
+    0f:09:13:8c:a0:0c:d3:38:71:53:fd:77:57:a4:d7:
+    d4:27:eb:4d:17:92:2d:27:8f:1b:f8:ce:71:c1:f8:
+    d0:fe:be:8b:99:7e:6c:4e:f5:bd:1b:d9:18:68:2b:
+    b2:51:15:08:d9:42:d7:fd:e2:46:76:0d:b4:83:a0:
+    f3:c1:af:fe:16:fa:9c:20:08:34:27:e7:b2:7b:10:
+    c1:da:58:ac:72:d9:b4:42:57:aa:bd:b6:cc:6a:3b:
+    38:d0:94:b3:3c:ef:98:ca:bd:3e:bd:06:b2:31:bd:
+    ec:60:9a:62:26:e0:35:07:7b:9d:f4:af:00:f5:e8:
+    2b:b1:39:78:7b:8b:74:6f:e0:ac:45:da:cc:29:78:
+    99:64:55:25:04:e5:41:27:d5:68:bd:b6:df:c5:e4:
+    f4:9f:c4:23:2a:17:de:ce:a7:36:06:05:5f:56:f2:
+    a0:e6:19:18:ab:9a:35:3c:a1:36:0f:95:3b:9b:93:
+    d7:9f:62:b1:15:50:53:28:02:a8:cd:81:ef:24:73:
+    81:9d:ff:90:3e:f8:3a:54:6a:5f:64:1b:e8:bc:52:
+    ed:80:5d:4c:87:df:c4:70:c6:40:48:f0:b4:02:bd:
+    e1:56:c4:f6:17:df:74:ee:45:ee:c4:5c:c9:e3:05:
+    41
+prime1:
+    00:f4:f1:c1:41:06:fa:49:96:64:01:7e:c9:39:61:
+    39:78:5e:ff:49:9c:e7:5f:38:e4:c6:19:12:d5:c0:
+    1b:3a:aa:64:c3:b2:17:5e:9a:f3:33:e5:1c:49:c1:
+    52:9e:b2:a0:ba:25:70:d3:02:9c:7b:dd:95:60:59:
+    37:8e:f3:e7:70:76:8b:c4:fc:8e:4a:fd:b1:ac:ec:
+    b5:d7:e3:ae:8e:4c:9c:70:f1:0c:06:fb:6f:8d:66:
+    72:6f:90:c1:a9:a1:43:ee:92:fa:34:0f:be:c3:db:
+    d2:ae:95:d5:bd:54:0e:ec:34:b2:e7:6d:47:34:e1:
+    3b:02:ae:63:2c:f1:bf:a8:d7
+prime2:
+    00:c9:dd:26:11:c6:98:f3:4e:88:ec:f5:9e:7f:c6:
+    d5:96:b4:1c:8d:7f:f9:a0:d4:9c:18:06:39:03:94:
+    1d:1a:2c:57:87:00:56:cb:c3:bc:f7:2d:09:fe:e9:
+    19:e9:9f:d8:71:31:7b:1c:6a:bf:92:45:02:68:8c:
+    f2:ae:16:29:ae:00:d6:73:7a:5c:e5:8f:99:04:1a:
+    a6:ba:01:1d:ff:4c:1b:6d:68:ef:ec:0b:38:00:ed:
+    f2:83:a5:1a:1d:de:61:95:01:01:de:ca:84:e0:91:
+    bb:76:b1:14:f0:c7:ef:6a:01:69:42:42:5d:89:14:
+    77:96:d1:c6:12:51:5f:68:33
+exponent1:
+    00:dc:44:02:5b:2d:a1:29:47:7a:4a:f5:ee:92:10:
+    e2:13:62:aa:03:52:7b:a5:df:8d:aa:ae:a5:87:5e:
+    27:9e:4b:d8:2d:3b:1b:54:d1:d6:5e:16:6b:a7:cf:
+    97:32:6a:c3:aa:61:3c:e2:23:f9:00:52:34:9f:dd:
+    da:de:4c:6b:15:71:25:23:51:51:cc:11:f3:12:e4:
+    12:6a:3f:ae:9a:fc:3d:ba:3a:a9:6c:25:f3:1c:9e:
+    c1:cd:9d:c8:e9:77:c1:94:ea:ca:e0:c2:3f:f3:f4:
+    db:b2:6f:bf:33:70:41:b3:1b:78:be:30:40:d6:46:
+    ac:40:2e:fd:b4:4e:f8:e1:25
+exponent2:
+    60:f9:b8:dc:39:48:29:3a:c5:54:f0:fa:5f:f0:29:
+    93:e8:9a:fe:ef:48:01:17:a2:95:78:07:d3:cc:47:
+    de:d7:06:85:78:88:3a:03:a2:b8:2c:0e:ed:43:16:
+    8b:c1:9a:bd:66:43:fa:76:dd:e9:6a:f5:a9:3c:6d:
+    29:6c:c4:41:2f:6d:d6:b4:26:04:b2:63:94:31:29:
+    7f:9a:21:cb:0f:c8:ed:5a:c8:47:e1:6b:da:26:75:
+    a7:00:9d:f7:53:6a:15:a7:12:3a:f1:97:bc:3a:c6:
+    90:52:a9:f8:b2:54:35:dc:cf:b0:61:29:86:3d:2a:
+    e6:6d:88:76:2c:59:65:39
+coefficient:
+    3d:3b:72:b9:7c:53:94:82:e3:91:a8:df:a9:ff:ed:
+    36:bd:18:e9:d3:d4:84:db:5b:8c:af:10:4f:ed:f2:
+    40:03:40:75:0a:f9:16:58:47:ed:d5:b4:c0:8f:7a:
+    57:b2:40:a8:ee:37:15:47:bd:8e:78:9f:40:11:a2:
+    be:ad:d9:54:aa:29:4c:e1:99:e3:92:71:a3:e3:1f:
+    ee:43:77:1d:b7:73:b1:97:e7:04:0a:55:e3:84:5f:
+    96:03:09:6a:86:9e:6d:c1:cb:a1:03:ed:9d:2e:73:
+    4e:b4:a2:45:df:64:c8:fd:c7:b8:3e:32:87:16:cd:
+    5c:8f:b7:b3:66:b0:08:62
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAwSVp3MhgWgLiAzUsvoH0fdBakzMxaXtcYbdiwd/h0bbU8fQG
+MPedpVBYkBDpv2t0KurSvjLZAZEVGLBU09CTfs0MAAiwV7ZOHSuLKqpYD0CXp64a
+UVubufiv/wZ2Pb0dcIPqODpJnYdyVaKW8SYyReSqnHeroB0dBSffSfKs9qm0nOlr
+sjBmBLXxJYaB7OEF8FWjtVWnXraJeVPKryO9Wvx13lCIJ62Xbd5m72Sac+4h4xCZ
+N0heryCAiq6k6ISVqK5SvHr4mNxL62OO8j3A8Fb3Q6nnv66rH/4sHGleHYL6tPpW
+oEov0xW8Fxy7ZsouGTgSZxlusmt0yofTtI761QIDAQABAoIBABAsgeDrJqZi92ot
+WcHaQA8JE4ygDNM4cVP9d1ek19Qn600Xki0njxv4znHB+ND+vouZfmxO9b0b2Rho
+K7JRFQjZQtf94kZ2DbSDoPPBr/4W+pwgCDQn57J7EMHaWKxy2bRCV6q9tsxqOzjQ
+lLM875jKvT69BrIxvexgmmIm4DUHe530rwD16CuxOXh7i3Rv4KxF2swpeJlkVSUE
+5UEn1Wi9tt/F5PSfxCMqF97OpzYGBV9W8qDmGRirmjU8oTYPlTubk9efYrEVUFMo
+AqjNge8kc4Gd/5A++DpUal9kG+i8Uu2AXUyH38RwxkBI8LQCveFWxPYX33TuRe7E
+XMnjBUECgYEA9PHBQQb6SZZkAX7JOWE5eF7/SZznXzjkxhkS1cAbOqpkw7IXXprz
+M+UcScFSnrKguiVw0wKce92VYFk3jvPncHaLxPyOSv2xrOy11+OujkyccPEMBvtv
+jWZyb5DBqaFD7pL6NA++w9vSrpXVvVQO7DSy521HNOE7Aq5jLPG/qNcCgYEAyd0m
+EcaY806I7PWef8bVlrQcjX/5oNScGAY5A5QdGixXhwBWy8O89y0J/ukZ6Z/YcTF7
+HGq/kkUCaIzyrhYprgDWc3pc5Y+ZBBqmugEd/0wbbWjv7As4AO3yg6UaHd5hlQEB
+3sqE4JG7drEU8MfvagFpQkJdiRR3ltHGElFfaDMCgYEA3EQCWy2hKUd6SvXukhDi
+E2KqA1J7pd+Nqq6lh14nnkvYLTsbVNHWXhZrp8+XMmrDqmE84iP5AFI0n93a3kxr
+FXElI1FRzBHzEuQSaj+umvw9ujqpbCXzHJ7BzZ3I6XfBlOrK4MI/8/Tbsm+/M3BB
+sxt4vjBA1kasQC79tE744SUCgYBg+bjcOUgpOsVU8Ppf8CmT6Jr+70gBF6KVeAfT
+zEfe1waFeIg6A6K4LA7tQxaLwZq9ZkP6dt3pavWpPG0pbMRBL23WtCYEsmOUMSl/
+miHLD8jtWshH4WvaJnWnAJ33U2oVpxI68Ze8OsaQUqn4slQ13M+wYSmGPSrmbYh2
+LFllOQKBgD07crl8U5SC45Go36n/7Ta9GOnT1ITbW4yvEE/t8kADQHUK+RZYR+3V
+tMCPeleyQKjuNxVHvY54n0ARor6t2VSqKUzhmeOScaPjH+5Ddx23c7GX5wQKVeOE
+X5YDCWqGnm3By6ED7Z0uc060okXfZMj9x7g+MocWzVyPt7NmsAhi
+-----END RSA PRIVATE KEY-----
diff --git a/example_sp/djangosaml2_sp/certificates/public.cert b/example_sp/djangosaml2_sp/certificates/public.cert
new file mode 100644
index 00000000..b592324f
--- /dev/null
+++ b/example_sp/djangosaml2_sp/certificates/public.cert
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDETCCAfmgAwIBAgIUPw12Gkt4agBtLBntd7RzTWwLKAYwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNc3AxLnVuaWNhbC5pdDAeFw0xOTAzMjAxNDMxMTVaFw0y
+OTAzMTcxNDMxMTVaMBgxFjAUBgNVBAMMDXNwMS51bmljYWwuaXQwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj0BzOt58ECsSwT049bIhmD0p7q0Y+4L7c
+jrvvJYcMT7HZE+tbO4M6upkXnP+3gvPpRccaEtwJoda3gYzvF35VMzp0fCW7OmXI
+R8cJtySIfzkdmmO385Tbxlp1jRxZyQtc2nPzCKeV4xlQNEinQr94nI7tMFReDejj
+XKwS5RABk8KQMo2M78xa9RQyxqDC1e0ioeVQRR2og99fF3u/WOJ/JB2aETTfvInr
+FIyFA5XB0roBDyM44877nRKYeMBd4kVk+fs4yu6kZm7WOXHUXFLKRuXLeVxEbZYz
+SSMjncsB1U35OAt+Ozkp+12qaqMAVdGKP+xso3zGAr/5AC6CuPnrAgMBAAGjUzBR
+MB0GA1UdDgQWBBR6RRoajGB1UmdiMAKSmgpL3RD0mzAfBgNVHSMEGDAWgBR6RRoa
+jGB1UmdiMAKSmgpL3RD0mzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4IBAQBzRUa++T0EiR+Fq4iTpKIysigV+1CeMbS+u1JaPOnMXfWmboOOVDrHhnit
+bpfxm+SpbafPTz40THtfw9EKvReMjNa4HQ4vFBMwZtmYZ4piGS5PferFDzYdZG1d
+S/2vcCQA4Dya/R675XKEhBdWO8JfUOL1ImMoJBa5Z+ApU8OCk8hpiJUV0akpw7jA
++VO8+VR2T+SH+3h28KOrNdraWozZ99NKqB7GUFcaxouaOkPE7mi8JyAgLZMZvJae
+QeJEUI9sfavSLmvBsfbusAeCjFYCVM9MM7uZNvK6gI0Dzppl+rN7vRWcBF+oYyiS
+1EX9j2GqG1yWcdGvY60GJu5Er5id
+-----END CERTIFICATE-----
diff --git a/example_sp/djangosaml2_sp/certificates/public_key.pem b/example_sp/djangosaml2_sp/certificates/public_key.pem
new file mode 100644
index 00000000..b9af2108
--- /dev/null
+++ b/example_sp/djangosaml2_sp/certificates/public_key.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIQMRnLuhd2NBn9BfrOZOWO6TANBgkqhkiG9w0BAQsFADAY
+MRYwFAYDVQQDDA10ZXN0dW5pY2FsLml0MB4XDTE5MDMxMjEwMDQyOFoXDTIyMDIy
+NDEwMDQyOFowHDEaMBgGA1UEAwwRc3AxLnRlc3R1bmljYWwuaXQwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBJWncyGBaAuIDNSy+gfR90FqTMzFpe1xh
+t2LB3+HRttTx9AYw952lUFiQEOm/a3Qq6tK+MtkBkRUYsFTT0JN+zQwACLBXtk4d
+K4sqqlgPQJenrhpRW5u5+K//BnY9vR1wg+o4Okmdh3JVopbxJjJF5Kqcd6ugHR0F
+J99J8qz2qbSc6WuyMGYEtfElhoHs4QXwVaO1Vadetol5U8qvI71a/HXeUIgnrZdt
+3mbvZJpz7iHjEJk3SF6vIICKrqTohJWorlK8eviY3EvrY47yPcDwVvdDqee/rqsf
+/iwcaV4dgvq0+lagSi/TFbwXHLtmyi4ZOBJnGW6ya3TKh9O0jvrVAgMBAAGjgcIw
+gb8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU9H7yL25sJZBEUINeNscO/xXS9lgwUwYD
+VR0jBEwwSoAUqcIxI8gIhmtOS0y7Tfy9rPnS5vqhHKQaMBgxFjAUBgNVBAMMDXRl
+c3R1bmljYWwuaXSCFCQ40u+Ci6K5V0nHPvu5Hr+GnSSvMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMAsGA1UdDwQEAwIFoDAcBgNVHREEFTATghFzcDEudGVzdHVuaWNhbC5p
+dDANBgkqhkiG9w0BAQsFAAOCAQEAFrG52wjUDaZuJ7qYS4XXaaJI8Dyj5E9MdxP9
+53XAdS/RYZ1oMbt96Dg9eFHERh4Y+NfOptJDjd04Qk013xbPk33iz3GRAzQEzvfb
+rU+Calx+EadszUitr3aLpOMFWBkJQjvS7o8OXLmcnWOTndd+z1bEsSuzssb9BdVs
+qhWVSruMJmkqBd3P9F62QJYpY70D+3nw/E8IHzT70AhJ3tEs22wASw1c1xdvdqdL
+05diuf0Rkw3eaXnPROlRHqZlASPWsa01XG1uV6lR9+qrEDvOt+xwaBTmErw1q7Po
+HQhTvIXadhvWqRFS1bZ1L2qfQLNqLtWJCOGq6Dyhw8nLTDyHJg==
+-----END CERTIFICATE-----
diff --git a/example_sp/djangosaml2_sp/custom_accounts/__init__.py b/example_sp/djangosaml2_sp/custom_accounts/__init__.py
new file mode 100644
index 00000000..577d775b
--- /dev/null
+++ b/example_sp/djangosaml2_sp/custom_accounts/__init__.py
@@ -0,0 +1 @@
+default_app_config = 'custom_accounts.apps.Custom_AccountsConfig'
diff --git a/example_sp/djangosaml2_sp/custom_accounts/admin.py b/example_sp/djangosaml2_sp/custom_accounts/admin.py
new file mode 100644
index 00000000..5dcc228b
--- /dev/null
+++ b/example_sp/djangosaml2_sp/custom_accounts/admin.py
@@ -0,0 +1,46 @@
+from django.contrib import admin
+from django.utils.translation import ugettext, ugettext_lazy as _
+from django.contrib.auth.admin import UserAdmin
+
+from .models import User
+
+@admin.register(User)
+class CustomUserAdmin(UserAdmin):
+    ordering = ('username',)
+    readonly_fields = ('date_joined', 'last_login',)
+    list_display = ('username', 'matricola', 'email',
+                    'is_active', 'is_staff', 'is_superuser', )
+    list_editable = ('is_active', 'is_staff', 'is_superuser',)
+    fieldsets = (
+        (None, {'fields': (('username', 'is_active',
+                            'is_staff', 'is_superuser'),
+                           ('password'),
+                           )
+               }
+        ),
+        (_('Angrafica'), {'fields': (( 'first_name', 'last_name'),
+                                     ( 'matricola', 'email'),
+                                     ('codice_fiscale',),
+                                     ('gender', 'location', 'birth_date'),
+                                    )
+                         }
+        ),
+        (_('Permissions'), {'fields': ('groups', 'user_permissions'),
+                            'classes':('collapse',)
+                           }
+        ),
+        (_('Date accessi'), {'fields': (('date_joined', 
+                                         'last_login'),
+                                       )
+                            }
+        ),
+    )
+    add_fieldsets = (
+        (None, {
+            'classes': ('wide',),
+            'fields': ('username', 'password1', 'password2'),
+        }),
+    )
+
+admin.site.unregister(User)
+admin.site.register(User, CustomUserAdmin)
diff --git a/example_sp/djangosaml2_sp/custom_accounts/apps.py b/example_sp/djangosaml2_sp/custom_accounts/apps.py
new file mode 100644
index 00000000..ac3e0c26
--- /dev/null
+++ b/example_sp/djangosaml2_sp/custom_accounts/apps.py
@@ -0,0 +1,7 @@
+from django.apps import AppConfig
+from django.utils.translation import ugettext_lazy as _
+
+
+class Custom_AccountsConfig(AppConfig):
+    name = 'custom_accounts'
+    verbose_name = _("Autenticazione e Autorizzazione Utenti")
diff --git a/example_sp/djangosaml2_sp/custom_accounts/migrations/0001_initial.py b/example_sp/djangosaml2_sp/custom_accounts/migrations/0001_initial.py
new file mode 100644
index 00000000..5e21e561
--- /dev/null
+++ b/example_sp/djangosaml2_sp/custom_accounts/migrations/0001_initial.py
@@ -0,0 +1,48 @@
+# Generated by Django 2.1.7 on 2019-03-12 15:32
+
+import django.contrib.auth.models
+from django.db import migrations, models
+import django.utils.timezone
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('auth', '0009_alter_user_last_name_max_length'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='User',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('password', models.CharField(max_length=128, verbose_name='password')),
+                ('last_login', models.DateTimeField(blank=True, null=True, verbose_name='last login')),
+                ('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')),
+                ('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')),
+                ('date_joined', models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined')),
+                ('username', models.CharField(max_length=254, unique=True, verbose_name='Username')),
+                ('is_active', models.BooleanField(default=True, verbose_name='attivo')),
+                ('email', models.EmailField(blank=True, max_length=254, null=True, verbose_name='email address')),
+                ('matricola', models.CharField(blank=True, help_text='come rappresentata su CSA', max_length=254, null=True, verbose_name='Matricola')),
+                ('first_name', models.CharField(blank=True, max_length=30, null=True, verbose_name='Nome')),
+                ('last_name', models.CharField(blank=True, max_length=30, null=True, verbose_name='Cognome')),
+                ('codice_fiscale', models.CharField(blank=True, max_length=16, null=True, verbose_name='Codice Fiscale')),
+                ('gender', models.CharField(blank=True, choices=[('male', 'Maschio'), ('female', 'Femmina'), ('other', 'Altro')], max_length=12, null=True, verbose_name='Genere')),
+                ('location', models.CharField(blank=True, max_length=30, null=True, verbose_name='Luogo di nascita')),
+                ('birth_date', models.DateField(blank=True, null=True, verbose_name='Data di nascita')),
+                ('groups', models.ManyToManyField(blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', related_name='user_set', related_query_name='user', to='auth.Group', verbose_name='groups')),
+                ('user_permissions', models.ManyToManyField(blank=True, help_text='Specific permissions for this user.', related_name='user_set', related_query_name='user', to='auth.Permission', verbose_name='user permissions')),
+            ],
+            options={
+                'verbose_name_plural': 'Accounts',
+                'ordering': ['username'],
+                'permissions': (('can_view', 'Permesso in lettura'), ('can_view_his_own', 'Permesso in lettura esclusivamente dei propri inserimenti'), ('can_change', 'Permesso in modifica'), ('can_change_his_own', 'Permesso in modifica esclusivamente dei propri inserimenti'), ('can_delete', 'Permesso in cancellazione'), ('can_delete_his_own', 'Permesso in cancellazione esclusivamente dei propri inserimenti')),
+            },
+            managers=[
+                ('objects', django.contrib.auth.models.UserManager()),
+            ],
+        ),
+    ]
diff --git a/example_sp/djangosaml2_sp/custom_accounts/migrations/0002_auto_20190402_0836.py b/example_sp/djangosaml2_sp/custom_accounts/migrations/0002_auto_20190402_0836.py
new file mode 100644
index 00000000..8682563f
--- /dev/null
+++ b/example_sp/djangosaml2_sp/custom_accounts/migrations/0002_auto_20190402_0836.py
@@ -0,0 +1,18 @@
+# Generated by Django 2.0.13 on 2019-04-02 08:36
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('custom_accounts', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name='user',
+            old_name='location',
+            new_name='place_of_birth',
+        ),
+    ]
diff --git a/example_sp/djangosaml2_sp/custom_accounts/migrations/0003_alter_user_options.py b/example_sp/djangosaml2_sp/custom_accounts/migrations/0003_alter_user_options.py
new file mode 100644
index 00000000..9264a0d4
--- /dev/null
+++ b/example_sp/djangosaml2_sp/custom_accounts/migrations/0003_alter_user_options.py
@@ -0,0 +1,17 @@
+# Generated by Django 3.2.5 on 2021-07-23 11:34
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('custom_accounts', '0002_auto_20190402_0836'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='user',
+            options={'ordering': ['username'], 'verbose_name_plural': 'Accounts'},
+        ),
+    ]
diff --git a/example_sp/sp-wsgi/metadata.xml b/example_sp/djangosaml2_sp/custom_accounts/migrations/__init__.py
similarity index 100%
rename from example_sp/sp-wsgi/metadata.xml
rename to example_sp/djangosaml2_sp/custom_accounts/migrations/__init__.py
diff --git a/example_sp/djangosaml2_sp/custom_accounts/models.py b/example_sp/djangosaml2_sp/custom_accounts/models.py
new file mode 100644
index 00000000..4fba15d8
--- /dev/null
+++ b/example_sp/djangosaml2_sp/custom_accounts/models.py
@@ -0,0 +1,41 @@
+from django.conf import settings
+from django.contrib.auth.models import AbstractUser
+from django.contrib.contenttypes.models import ContentType
+from django.db import models
+from django.utils.translation import ugettext_lazy as _
+
+
+class User(AbstractUser):
+    GENDER= (
+                ( 'male', _('Maschio')),
+                ( 'female', _('Femmina')),
+                ( 'other', _('Altro')),
+            )
+
+    # for NameID extreme lenghtness
+    USERNAME_FIELD = 'username'
+    username = models.CharField(_('Username'), max_length=254,
+                                  blank=False, null=False, unique=True)
+    is_active = models.BooleanField(_('attivo'), default=True)
+    email = models.EmailField(_('email address'), blank=True, null=True)
+    matricola = models.CharField(_('Matricola'), max_length=254,
+                                 blank=True, null=True,
+                                 help_text="come rappresentata su CSA")
+    first_name = models.CharField(_('Nome'), max_length=30, blank=True, null=True)
+    last_name = models.CharField(_('Cognome'), max_length=30,
+                                 blank=True, null=True)
+    codice_fiscale = models.CharField(_('Codice Fiscale'), max_length=16,
+                                      blank=True, null=True)
+    gender    = models.CharField(_('Genere'), choices=GENDER,
+                                 max_length=12, blank=True, null=True)
+    place_of_birth = models.CharField(_('Luogo di nascita'), max_length=30,
+                                blank=True, null=True)
+    birth_date = models.DateField(_('Data di nascita'), null=True, blank=True)
+
+    class Meta:
+        ordering = ['username']
+        verbose_name_plural = _("Accounts")
+
+    def __str__(self):
+        return '{} - {} {}'.format(self.matricola,
+                                   self.first_name, self.last_name)
diff --git a/example_sp/sp-wsgi/sp.xml b/example_sp/djangosaml2_sp/custom_accounts/templatetags/__init__.py
similarity index 100%
rename from example_sp/sp-wsgi/sp.xml
rename to example_sp/djangosaml2_sp/custom_accounts/templatetags/__init__.py
diff --git a/example_sp/djangosaml2_sp/custom_accounts/templatetags/has_group.py b/example_sp/djangosaml2_sp/custom_accounts/templatetags/has_group.py
new file mode 100644
index 00000000..aa402dab
--- /dev/null
+++ b/example_sp/djangosaml2_sp/custom_accounts/templatetags/has_group.py
@@ -0,0 +1,9 @@
+from django import template
+from django.contrib.auth.models import Group 
+
+register = template.Library() 
+
+@register.filter(name='has_group') 
+def has_group(user, group_name):
+    group =  Group.objects.get(name=group_name) 
+    return group in user.groups.all() 
diff --git a/example_sp/djangosaml2_sp/custom_accounts/tests.py b/example_sp/djangosaml2_sp/custom_accounts/tests.py
new file mode 100644
index 00000000..7ce503c2
--- /dev/null
+++ b/example_sp/djangosaml2_sp/custom_accounts/tests.py
@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.
diff --git a/example_sp/djangosaml2_sp/custom_accounts/urls.py b/example_sp/djangosaml2_sp/custom_accounts/urls.py
new file mode 100644
index 00000000..bf7b4d3a
--- /dev/null
+++ b/example_sp/djangosaml2_sp/custom_accounts/urls.py
@@ -0,0 +1,23 @@
+"""URL Configuration
+
+The `urlpatterns` list routes URLs to views. For more information please see:
+    https://docs.djangoproject.com/en/1.10/topics/http/urls/
+Examples:
+Function views
+    1. Add an import:  from my_app import views
+    2. Add a URL to urlpatterns:  url(r'^$', views.home, name='home')
+Class-based views
+    1. Add an import:  from other_app.views import Home
+    2. Add a URL to urlpatterns:  url(r'^$', Home.as_view(), name='home')
+Including another URLconf
+    1. Import the include() function: from django.conf.urls import url, include
+    2. Add a URL to urlpatterns:  url(r'^blog/', include('blog.urls'))
+"""
+from django.urls import path
+from .views import *
+
+app_name="custom_accounts"
+urlpatterns = [
+    # path(r'^login/$', Login, name='login'),
+    # path('logout', Logout, name='logout'),    
+]
diff --git a/example_sp/djangosaml2_sp/custom_accounts/views.py b/example_sp/djangosaml2_sp/custom_accounts/views.py
new file mode 100644
index 00000000..aec8cb80
--- /dev/null
+++ b/example_sp/djangosaml2_sp/custom_accounts/views.py
@@ -0,0 +1,16 @@
+from django.http import HttpResponse, Http404, HttpResponseRedirect, HttpResponseNotFound
+
+from django.shortcuts import render
+from django.contrib.auth.decorators import login_required
+from django.shortcuts import get_object_or_404
+from .models import *
+from .forms import *
+
+from django.utils.translation import ugettext_lazy as _
+from django.core.exceptions import ValidationError
+
+from django.template import RequestContext
+from django.core.urlresolvers import reverse
+from .functions import Form_save, Form_update
+
+from django.contrib.auth import authenticate, login, logout
diff --git a/example_sp/djangosaml2_sp/djangosaml2_sp/__init__.py b/example_sp/djangosaml2_sp/djangosaml2_sp/__init__.py
new file mode 100644
index 00000000..e69de29b
diff --git a/example_sp/djangosaml2_sp/djangosaml2_sp/settings.py b/example_sp/djangosaml2_sp/djangosaml2_sp/settings.py
new file mode 100644
index 00000000..c7f016f7
--- /dev/null
+++ b/example_sp/djangosaml2_sp/djangosaml2_sp/settings.py
@@ -0,0 +1,126 @@
+"""
+Django settings for djangosaml2_sp project.
+
+Generated by 'django-admin startproject' using Django 2.0.5.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/2.0/topics/settings/
+
+For the full list of settings and their values, see
+https://docs.djangoproject.com/en/2.0/ref/settings/
+"""
+
+import os
+
+from . settingslocal import *
+
+# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+
+MIDDLEWARE = [
+    'django.middleware.security.SecurityMiddleware',
+    'django.contrib.sessions.middleware.SessionMiddleware',
+    'django.middleware.common.CommonMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django.contrib.messages.middleware.MessageMiddleware',
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+
+    # SAML session with SameSite = None
+    'djangosaml2.middleware.SamlSessionMiddleware'
+]
+
+SAML_SESSION_COOKIE_NAME = 'saml_session'
+
+ROOT_URLCONF = 'djangosaml2_sp.urls'
+
+TEMPLATES = [
+    {
+        'BACKEND': 'django.template.backends.django.DjangoTemplates',
+        'DIRS': [],
+        'APP_DIRS': True,
+        'OPTIONS': {
+            'context_processors': [
+                'django.template.context_processors.debug',
+                'django.template.context_processors.request',
+                'django.contrib.auth.context_processors.auth',
+                'django.contrib.messages.context_processors.messages',
+            ],
+        },
+    },
+]
+
+WSGI_APPLICATION = 'djangosaml2_sp.wsgi.application'
+
+# Database
+# https://docs.djangoproject.com/en/2.0/ref/settings/#databases
+
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.sqlite3',
+        'NAME': 'sqlite3.db',
+    }
+}
+
+DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
+
+# Password validation
+# https://docs.djangoproject.com/en/2.0/ref/settings/#auth-password-validators
+
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+    },
+]
+
+
+# Internationalization
+# https://docs.djangoproject.com/en/2.0/topics/i18n/
+
+LANGUAGE_CODE = 'en-us'
+
+TIME_ZONE = 'UTC'
+
+USE_I18N = True
+
+USE_L10N = True
+
+USE_TZ = True
+
+
+# Static files (CSS, JavaScript, Images)
+# https://docs.djangoproject.com/en/2.0/howto/static-files/
+
+STATIC_URL = '/static/'
+
+#
+SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+SESSION_COOKIE_AGE = 60 * 60  # an hour
+
+LOGIN_REDIRECT_URL = '/'
+LOGOUT_REDIRECT_URL = '/'
+
+
+if 'saml2_sp' in INSTALLED_APPS or \
+   'djangosaml2_spid' in INSTALLED_APPS:
+
+    AUTHENTICATION_BACKENDS = (
+        'django.contrib.auth.backends.ModelBackend',
+        'djangosaml2.backends.Saml2Backend',
+    )
+
+
+# SPID SP
+if 'djangosaml2_spid' in INSTALLED_APPS:
+    from . spid_settingslocal import *
+elif 'saml2_sp' in INSTALLED_APPS:
+    from . sp_pysaml2_satosa import *
diff --git a/example_sp/djangosaml2_sp/djangosaml2_sp/settingslocal.py b/example_sp/djangosaml2_sp/djangosaml2_sp/settingslocal.py
new file mode 100644
index 00000000..36ea9049
--- /dev/null
+++ b/example_sp/djangosaml2_sp/djangosaml2_sp/settingslocal.py
@@ -0,0 +1,63 @@
+# Quick-start development settings - unsuitable for production
+# See https://docs.djangoproject.com/en/2.0/howto/deployment/checklist/
+
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = 'btl-x0ja09$zqer3h^n^_ic!9h+1q0g!-wqzj&&zio@(@5p*no'
+
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = True
+
+ALLOWED_HOSTS = ['*']
+
+# Application definition
+
+INSTALLED_APPS = [
+    # custom user model
+    'custom_accounts',
+
+    'django.contrib.admin',
+    'django.contrib.auth',
+    'django.contrib.contenttypes',
+    'django.contrib.sessions',
+    'django.contrib.messages',
+    'django.contrib.staticfiles',
+
+    # SAML2 SP
+    'djangosaml2',
+    'saml2_sp',
+    'djangosaml2_sp'
+]
+
+AUTH_USER_MODEL = 'custom_accounts.User'
+
+LOGGING = {
+    'version': 1,
+    'disable_existing_loggers': False,
+    'filters': {
+        'require_debug_false': {
+            '()': 'django.utils.log.RequireDebugFalse'
+        }
+    },
+    'handlers': {
+        'mail_admins': {
+            'level': 'ERROR',
+            'filters': ['require_debug_false'],
+            'class': 'django.utils.log.AdminEmailHandler'
+        },
+        'console': {
+            'level': 'DEBUG',
+            'class': 'logging.StreamHandler',
+        },
+    },
+    'loggers': {
+        'django.request': {
+            'handlers': ['mail_admins'],
+            'level': 'ERROR',
+            'propagate': True,
+        },
+        'djangosaml2': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+        },
+    }
+}
diff --git a/example_sp/djangosaml2_sp/djangosaml2_sp/sp_pysaml2_satosa.py b/example_sp/djangosaml2_sp/djangosaml2_sp/sp_pysaml2_satosa.py
new file mode 100644
index 00000000..7010dc6e
--- /dev/null
+++ b/example_sp/djangosaml2_sp/djangosaml2_sp/sp_pysaml2_satosa.py
@@ -0,0 +1,219 @@
+import os
+import saml2
+from saml2.entity_category import refeds, edugain
+from saml2.saml import (NAMEID_FORMAT_PERSISTENT,
+                        NAMEID_FORMAT_TRANSIENT,
+                        NAMEID_FORMAT_UNSPECIFIED,
+                        NAMEID_FORMAT_EMAILADDRESS)
+from saml2.sigver import get_xmlsec_binary
+
+# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+
+BASE = 'http://localhost:8000'
+BASE_URL = '{}/saml2'.format(BASE)
+
+LOGIN_URL = '/saml2/login/'
+LOGOUT_URL = '/saml2/logout/'
+LOGIN_REDIRECT_URL = '/saml2/echo_attributes'
+
+SAML2_DEFAULT_BINDING = saml2.BINDING_HTTP_POST
+SAML_CONFIG = {
+    'debug' : True,
+    'xmlsec_binary': get_xmlsec_binary(['/opt/local/bin',
+                                        '/usr/bin/xmlsec1']),
+    'entityid': '%s/metadata/' % BASE_URL,
+
+    # 'entity_category': [edugain.COCO, # "http://www.geant.net/uri/dataprotection-code-of-conduct/v1"
+                        # refeds.RESEARCH_AND_SCHOLARSHIP],
+
+    'attribute_map_dir': 'saml2_sp/saml2_config/attribute-maps/',
+    'service': {
+
+
+        'sp': {
+            'name': '%s/metadata/' % BASE_URL,
+
+            # that's for metadata
+            'name_id_format': [
+                               #  NAMEID_FORMAT_EMAILADDRESS,
+                               NAMEID_FORMAT_PERSISTENT,
+                               NAMEID_FORMAT_TRANSIENT
+                               ],
+            # that's for authn request
+            'name_id_policy_format': NAMEID_FORMAT_TRANSIENT,
+
+            'endpoints': {
+                'assertion_consumer_service': [
+                    (f'{BASE_URL}/acs/', saml2.BINDING_HTTP_POST, 1),
+                    ],
+                "single_logout_service": [
+                    (f"{BASE_URL}/ls/post/", saml2.BINDING_HTTP_POST),
+                    (f"{BASE_URL}/ls/", saml2.BINDING_HTTP_REDIRECT),
+                ],
+                }, # end endpoints
+
+            # these only works using pySAML2 patched with this
+            # https://github.com/IdentityPython/pysaml2/pull/597
+            'signing_algorithm':  saml2.xmldsig.SIG_RSA_SHA256,
+            'digest_algorithm':  saml2.xmldsig.DIGEST_SHA256,
+
+            # Mandates that the identity provider MUST authenticate the
+            # presenter directly rather than rely on a previous security context.
+            "force_authn": False,
+            #'name_id_format_allow_create': False,
+
+            # attributes that this project need to identify a user
+            # 'required_attributes': ['email', 'givenName',
+                                    # 'eduPersonaPrincipalName', 'sn',
+                                    # 'displayName'],
+            #'required_attributes': ['email'],
+
+            # attributes that may be useful to have but not required
+            # 'optional_attributes': ['eduPersonAffiliation'],
+
+            'want_response_signed': True,
+            'authn_requests_signed': True,
+            'logout_requests_signed': True,
+            # Indicates that Authentication Responses to this SP must
+            # be signed. If set to True, the SP will not consume
+            # any SAML Responses that are not signed.
+            'want_assertions_signed': True,
+
+            'only_use_keys_in_metadata': True,
+
+            # When set to true, the SP will consume unsolicited SAML
+            # Responses, i.e. SAML Responses for which it has not sent
+            # a respective SAML Authentication Request.
+            'allow_unsolicited': False,
+
+            # Permits to have attributes not configured in attribute-mappings
+            # otherwise...without OID will be rejected
+            'allow_unknown_attributes': True,
+
+            }, # end sp
+
+    },
+
+    # many metadata, many idp...
+    'metadata': {
+         'local': [
+
+                   os.path.join(os.path.join(os.path.join(BASE_DIR, 'saml2_sp'),
+                   'saml2_config')),
+
+                  # os.path.join(os.path.join(os.path.join(BASE_DIR, 'saml2_sp'),
+                  # 'saml2_config'), 'satosa_metadata.xml'),
+                   ],
+        #  #
+
+        "remote": [
+            # {
+            # "url": "https://proxy.auth.unical.it/Saml2IDP/metadata",
+            #"cert": "/opt/satosa-saml2/pki/frontend.cert",
+            #"disable_ssl_certificate_validation": True,
+            # },
+            # {
+             # "url": "https://auth.unical.it/idp/metadata/",
+             #"disable_ssl_certificate_validation": True,
+             # },
+            #  {
+             #  "url": "https://idp.testunical.it/idp/shibboleth",
+             #  "disable_ssl_certificate_validation": True,
+             #  },
+             #  {
+              #  "url": "http://idp1.testunical.it:9000/idp/metadata/",
+              #  },
+             #  {
+              #  "url": "http://idp1.testunical.it:9000/idp/aa/metadata/",
+              #  },
+            # {
+             # 'url': 'https://localhost:10000/Saml2IDP/metadata',
+             # only for test purpose !
+             # "disable_ssl_certificate_validation": True,
+             # }
+            ],
+
+        # "mdq": [{
+            # "url": "https://ds.testunical.it",
+            # "cert": "certificates/others/ds.testunical.it.cert",
+            # "disable_ssl_certificate_validation": True,
+            # }]
+
+    },
+    # avoids exception: HTTPSConnectionPool(host='satosa.testunical.it', port=443):
+    # Max retries exceeded with url: /idp/shibboleth (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
+    #'ca_certs' : "/opt/satosa-saml2/pki/http_certificates/ca.crt",
+
+    # Signing
+    'key_file': BASE_DIR + '/certificates/private.key',
+    'cert_file': BASE_DIR + '/certificates/public.cert',
+
+    # Encryption
+    'encryption_keypairs': [{
+        'key_file': BASE_DIR + '/certificates/private.key',
+        'cert_file': BASE_DIR + '/certificates/public.cert',
+    }],
+
+    # own metadata settings
+    'contact_person': [
+      {'given_name': 'Giuseppe',
+       'sur_name': 'De Marco',
+       'company': 'Universita della Calabria',
+       'email_address': 'giuseppe.demarco@unical.it',
+       'contact_type': 'administrative'},
+      {'given_name': 'Giuseppe',
+       'sur_name': 'De Marco',
+       'company': 'Universita della Calabria',
+       'email_address': 'giuseppe.demarco@unical.it',
+       'contact_type': 'technical'},
+      ],
+    # you can set multilanguage information here
+    'organization': {
+      'name': [('Unical', 'it'), ('Unical', 'en')],
+      'display_name': [('Unical', 'it'), ('Unical', 'en')],
+      'url': [('http://www.unical.it', 'it'), ('http://www.unical.it', 'en')],
+      },
+
+    #'valid_for': 24 * 10,
+}
+
+CONFIG = SAML_CONFIG
+
+# OR NAME_ID or MAIN_ATTRIBUTE (not together!)
+SAML_USE_NAME_ID_AS_USERNAME = True
+# SAML_DJANGO_USER_MAIN_ATTRIBUTE = 'email'
+# SAML_DJANGO_USER_MAIN_ATTRIBUTE_LOOKUP = '__iexact'
+
+SAML_CREATE_UNKNOWN_USER = True
+
+# logout
+SAML_LOGOUT_REQUEST_PREFERRED_BINDING = saml2.BINDING_HTTP_POST
+
+SAML_ATTRIBUTE_MAPPING = {
+
+    # django related
+    # 'uid': ('username', ),
+
+    # pure oid standard
+    'email': ('email', ),
+    'mail': ('email',),
+
+    # oid pure
+    'cn': ('first_name', ),
+    'sn': ('last_name', ),
+    'schacPersonalUniqueID': ('schacPersonalUniqueID',),
+    'eduPersonPrincipalName': ('eduPersonPrincipalName',),
+    'eduPersonEntitlement': ('eduPersonEntitlement',),
+    'schacPersonalUniqueCode': ('schacPersonalUniqueCode',),
+
+    # spid related
+    'name': ('first_name', ),
+    'familyName': ('last_name', ),
+    'fiscalNumber': ('codice_fiscale',),
+    'placeOfBirth': ('place_of_birth',),
+    'dateOfBirth': ('birth_date',),
+
+    # unical legacy fallback
+    'codice_fiscale': ('codice_fiscale',),
+}
diff --git a/example_sp/djangosaml2_sp/djangosaml2_sp/sqlite3.db b/example_sp/djangosaml2_sp/djangosaml2_sp/sqlite3.db
new file mode 100644
index 00000000..cf143609
Binary files /dev/null and b/example_sp/djangosaml2_sp/djangosaml2_sp/sqlite3.db differ
diff --git a/example_sp/djangosaml2_sp/djangosaml2_sp/urls.py b/example_sp/djangosaml2_sp/djangosaml2_sp/urls.py
new file mode 100644
index 00000000..21a985e9
--- /dev/null
+++ b/example_sp/djangosaml2_sp/djangosaml2_sp/urls.py
@@ -0,0 +1,32 @@
+from djangosaml2 import views
+from django.conf import settings
+from django.contrib import admin
+from django.contrib.auth.views import LogoutView
+from django.urls import include, path
+
+urlpatterns = [
+    path('admin/', admin.site.urls),
+]
+
+if 'saml2_sp' in settings.INSTALLED_APPS:
+    import saml2_sp.urls
+    SAML2_URL_PREFIX = 'saml2'
+
+    urlpatterns.extend([
+        path('', include((saml2_sp.urls, 'sp',))),
+        path(f'{SAML2_URL_PREFIX}/login/', views.LoginView.as_view(), name='saml2_login'),
+        path(f'{SAML2_URL_PREFIX}/acs/', views.AssertionConsumerServiceView.as_view(), name='saml2_acs'),
+        path(f'{SAML2_URL_PREFIX}/logout/', views.LogoutInitView.as_view(), name='saml2_logout'),
+        path(f'{SAML2_URL_PREFIX}/ls/', views.LogoutView.as_view(), name='saml2_ls'),
+        path(f'{SAML2_URL_PREFIX}/ls/post/', views.LogoutView.as_view(), name='saml2_ls_post'),
+        path(f'{SAML2_URL_PREFIX}/metadata/', views.MetadataView.as_view(), name='saml2_metadata'),
+        path(f'{SAML2_URL_PREFIX}/echo_attributes', views.EchoAttributesView.as_view(), name='saml2_echo_attributes'),
+        path('logout/', LogoutView.as_view(), {'next_page': settings.LOGOUT_REDIRECT_URL}, name='logout')
+    ])
+
+if 'djangosaml2_spid' in settings.INSTALLED_APPS:
+    import djangosaml2_spid.urls
+
+    urlpatterns.extend([
+        path('', include((djangosaml2_spid.urls, 'djangosaml2_spid',)))
+    ])
diff --git a/example_sp/djangosaml2_sp/djangosaml2_sp/wsgi.py b/example_sp/djangosaml2_sp/djangosaml2_sp/wsgi.py
new file mode 100644
index 00000000..85af338b
--- /dev/null
+++ b/example_sp/djangosaml2_sp/djangosaml2_sp/wsgi.py
@@ -0,0 +1,16 @@
+"""
+WSGI config for djangosaml2_sp project.
+
+It exposes the WSGI callable as a module-level variable named ``application``.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/2.0/howto/deployment/wsgi/
+"""
+
+import os
+
+from django.core.wsgi import get_wsgi_application
+
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "djangosaml2_sp.settings")
+
+application = get_wsgi_application()
diff --git a/example_sp/djangosaml2_sp/manage.py b/example_sp/djangosaml2_sp/manage.py
new file mode 100755
index 00000000..c8be98c3
--- /dev/null
+++ b/example_sp/djangosaml2_sp/manage.py
@@ -0,0 +1,15 @@
+#!/usr/bin/env python
+import os
+import sys
+
+if __name__ == "__main__":
+    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "djangosaml2_sp.settings")
+    try:
+        from django.core.management import execute_from_command_line
+    except ImportError as exc:
+        raise ImportError(
+            "Couldn't import Django. Are you sure it's installed and "
+            "available on your PYTHONPATH environment variable? Did you "
+            "forget to activate a virtual environment?"
+        ) from exc
+    execute_from_command_line(sys.argv)
diff --git a/example_sp/djangosaml2_sp/requirements.txt b/example_sp/djangosaml2_sp/requirements.txt
new file mode 100644
index 00000000..72317049
--- /dev/null
+++ b/example_sp/djangosaml2_sp/requirements.txt
@@ -0,0 +1,7 @@
+django>3.0<4.0
+
+git+https://github.com/peppelinux/pysaml2.git@pplnx-7.0.1
+cffi
+
+# django saml2 SP
+djangosaml2>=1.0.0
diff --git a/example_sp/djangosaml2_sp/run.sh b/example_sp/djangosaml2_sp/run.sh
new file mode 100755
index 00000000..f84aac39
--- /dev/null
+++ b/example_sp/djangosaml2_sp/run.sh
@@ -0,0 +1,2 @@
+python -B ./manage.py migrate
+python -B ./manage.py runserver 0.0.0.0:8000
diff --git a/example_sp/djangosaml2_sp/saml2_sp/__init__.py b/example_sp/djangosaml2_sp/saml2_sp/__init__.py
new file mode 100644
index 00000000..e69de29b
diff --git a/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/__init__.py b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/__init__.py
new file mode 100644
index 00000000..e69de29b
diff --git a/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/adfs_v1x.py b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/adfs_v1x.py
new file mode 100644
index 00000000..b0b8d327
--- /dev/null
+++ b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/adfs_v1x.py
@@ -0,0 +1,20 @@
+# See http://technet.microsoft.com/en-us/library/cc733065(v=ws.10).aspx
+# and http://technet.microsoft.com/en-us/library/ee913589(v=ws.10).aspx
+# for information regarding the default claim types supported by
+# Microsoft ADFS v1.x.
+
+MAP = {
+    "identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified",
+    "fro": {
+        'http://schemas.xmlsoap.org/claims/commonname': 'commonName',
+        'http://schemas.xmlsoap.org/claims/emailaddress': 'emailAddress',
+        'http://schemas.xmlsoap.org/claims/group': 'group',
+        'http://schemas.xmlsoap.org/claims/upn': 'upn',
+        },
+    "to": {
+        'commonName': 'http://schemas.xmlsoap.org/claims/commonname',
+        'emailAddress': 'http://schemas.xmlsoap.org/claims/emailaddress',
+        'group': 'http://schemas.xmlsoap.org/claims/group',
+        'upn': 'http://schemas.xmlsoap.org/claims/upn',
+    }
+}
diff --git a/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/adfs_v20.py b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/adfs_v20.py
new file mode 100644
index 00000000..f1d35efa
--- /dev/null
+++ b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/adfs_v20.py
@@ -0,0 +1,47 @@
+# See http://technet.microsoft.com/en-us/library/ee913589(v=ws.10).aspx
+# for information regarding the default claim types supported by
+# Microsoft ADFS v2.0.
+
+MAP = {
+    "identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified",
+    "fro": {
+        'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress': 'emailAddress',
+        'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname': 'givenName',
+        'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name': 'name',
+        'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn': 'upn',
+        'http://schemas.xmlsoap.org/claims/commonname': 'commonName',
+        'http://schemas.xmlsoap.org/claims/group': 'group',
+        'http://schemas.microsoft.com/ws/2008/06/identity/claims/role': 'role',
+        'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname': 'surname',
+        'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier': 'privatePersonalId',
+        'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier': 'nameId',
+        'http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod': 'authenticationMethod',
+        'http://schemas.xmlsoap.com/ws/2005/05/identity/claims/denyonlysid': 'denyOnlySid',
+        'http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid': 'denyOnlyPrimarySid',
+        'http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid': 'denyOnlyPrimaryGroupSid',
+        'http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid': 'groupSid',
+        'http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid': 'primaryGroupSid',
+        'http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid': 'primarySid',
+        'http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname': 'windowsAccountName',
+        },
+    "to": {
+        'emailAddress': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
+        'givenName': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname',
+        'name': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name',
+        'upn': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn',
+        'commonName': 'http://schemas.xmlsoap.org/claims/commonname',
+        'group': 'http://schemas.xmlsoap.org/claims/group',
+        'role': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role',
+        'surname': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname',
+        'privatePersonalId': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier',
+        'nameId': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier',
+        'authenticationMethod': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod',
+        'denyOnlySid': 'http://schemas.xmlsoap.com/ws/2005/05/identity/claims/denyonlysid',
+        'denyOnlyPrimarySid': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid',
+        'denyOnlyPrimaryGroupSid': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid',
+        'groupSid': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid',
+        'primaryGroupSid': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid',
+        'primarySid':  'http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid',
+        'windowsAccountName': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname',
+    }
+}
diff --git a/example_sp/sp-repoze/attributemaps/basic.py b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/basic.py
similarity index 100%
rename from example_sp/sp-repoze/attributemaps/basic.py
rename to example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/basic.py
diff --git a/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/django_saml_uri.py b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/django_saml_uri.py
new file mode 100644
index 00000000..784228a7
--- /dev/null
+++ b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/django_saml_uri.py
@@ -0,0 +1,19 @@
+X500ATTR_OID = 'urn:oid:2.5.4.'
+PKCS_9 = 'urn:oid:1.2.840.113549.1.9.1.'
+UCL_DIR_PILOT = 'urn:oid:0.9.2342.19200300.100.1.'
+
+MAP = {
+    'identifier': 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
+    'fro': {
+        X500ATTR_OID+'3': 'first_name', # cn
+        X500ATTR_OID+'4': 'last_name', # sn
+        PKCS_9+'1': 'email',
+        UCL_DIR_PILOT+'1': 'uid',
+    },
+    'to': {
+        'first_name': X500ATTR_OID+'3',
+        'last_name': X500ATTR_OID+'4',
+        'email' : PKCS_9+'1',
+        'uid': UCL_DIR_PILOT+'1',
+    }
+}
diff --git a/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/saml_uri.py b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/saml_uri.py
new file mode 100644
index 00000000..40f7b778
--- /dev/null
+++ b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/saml_uri.py
@@ -0,0 +1,354 @@
+EDUCOURSE_OID = 'urn:oid:1.3.6.1.4.1.5923.1.6.1.'
+EDUPERSON_OID = 'urn:oid:1.3.6.1.4.1.5923.1.1.1.'
+EDUMEMBER1_OID = 'urn:oid:1.3.6.1.4.1.5923.1.5.1.'
+
+# ldap.gv.at definitions as specified in:
+# http://www.ref.gv.at/AG-IZ-PVP2-Version-2-1-0-2.2754.0.html
+LDAPGVAT_OID = 'urn:oid:1.2.40.0.10.2.1.1.'
+
+UCL_DIR_PILOT = 'urn:oid:0.9.2342.19200300.100.1.'
+X500ATTR_OID = 'urn:oid:2.5.4.'
+LDAPGVAT_UCL_DIR_PILOT = UCL_DIR_PILOT
+LDAPGVAT_X500ATTR_OID = X500ATTR_OID
+NETSCAPE_LDAP = 'urn:oid:2.16.840.1.113730.3.1.'
+NOREDUPERSON_OID = 'urn:oid:1.3.6.1.4.1.2428.90.1.'
+PKCS_9 = 'urn:oid:1.2.840.113549.1.9.1.'
+SCHAC = 'urn:oid:1.3.6.1.4.1.25178.1.2.'
+SIS = 'urn:oid:1.2.752.194.10.2.'
+UMICH = 'urn:oid:1.3.6.1.4.1.250.1.57.'
+
+# openosi-0.82.schema http://www.openosi.org/osi/display/ldap/Home
+OPENOSI_OID = 'urn:oid:1.3.6.1.4.1.27630.2.1.1.'
+
+EIDAS_NATURALPERSON = 'http://eidas.europa.eu/attributes/naturalperson/'
+EIDAS_LEGALPERSON = 'http://eidas.europa.eu/attributes/legalperson/'
+
+MAP = {
+    'identifier': 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
+    'fro': {
+        EIDAS_LEGALPERSON+'LegalPersonIdentifier': 'LegalPersonIdentifier',
+        EIDAS_LEGALPERSON+'LegalAddress': 'LegalAddress',
+        EIDAS_LEGALPERSON+'LegalName': 'LegalName',
+        EIDAS_LEGALPERSON+'VATRegistration': 'VATRegistration',
+        EIDAS_LEGALPERSON+'TaxReference': 'TaxReference',
+        EIDAS_LEGALPERSON+'BusinessCodes': 'BusinessCodes',
+        EIDAS_LEGALPERSON+'LEI': 'LEI',
+        EIDAS_LEGALPERSON+'EORI': 'EORI',
+        EIDAS_LEGALPERSON+'SEED': 'SEED',
+        EIDAS_LEGALPERSON+'SIC': 'SIC',
+        EIDAS_LEGALPERSON+'D-2012-17-EUIdentifier': 'D-2012-17-EUIdentifier',
+        EIDAS_NATURALPERSON+'PersonIdentifier': 'PersonIdentifier',
+        EIDAS_NATURALPERSON+'CurrentFamilyName': 'FamilyName',
+        EIDAS_NATURALPERSON+'CurrentGivenName': 'FirstName',
+        EIDAS_NATURALPERSON+'DateOfBirth': 'DateOfBirth',
+        EIDAS_NATURALPERSON+'BirthName': 'BirthName',
+        EIDAS_NATURALPERSON+'PlaceOfBirth': 'PlaceOfBirth',
+        EIDAS_NATURALPERSON+'CurrentAddress': 'CurrentAddress',
+        EIDAS_NATURALPERSON+'Gender': 'Gender',
+        EDUCOURSE_OID+'1': 'eduCourseOffering',
+        EDUCOURSE_OID+'2': 'eduCourseMember',
+        EDUMEMBER1_OID+'1': 'isMemberOf',
+        EDUPERSON_OID+'1': 'eduPersonAffiliation',
+        EDUPERSON_OID+'2': 'eduPersonNickname',
+        EDUPERSON_OID+'3': 'eduPersonOrgDN',
+        EDUPERSON_OID+'4': 'eduPersonOrgUnitDN',
+        EDUPERSON_OID+'5': 'eduPersonPrimaryAffiliation',
+        EDUPERSON_OID+'6': 'eduPersonPrincipalName',
+        EDUPERSON_OID+'7': 'eduPersonEntitlement',
+        EDUPERSON_OID+'8': 'eduPersonPrimaryOrgUnitDN',
+        EDUPERSON_OID+'9': 'eduPersonScopedAffiliation',
+        EDUPERSON_OID+'10': 'eduPersonTargetedID',
+        EDUPERSON_OID+'11': 'eduPersonAssurance',
+        EDUPERSON_OID+'12': 'eduPersonPrincipalNamePrior',
+        EDUPERSON_OID+'13': 'eduPersonUniqueId',
+        EDUPERSON_OID+'16': 'eduPersonOrcid',
+        LDAPGVAT_OID+'1': 'PVP-GID',
+        LDAPGVAT_OID+'149': 'PVP-BPK',
+        LDAPGVAT_OID+'153': 'PVP-OU-OKZ',
+        LDAPGVAT_OID+'261.10': 'PVP-VERSION',
+        LDAPGVAT_OID+'261.20': 'PVP-PRINCIPAL-NAME',
+        LDAPGVAT_OID+'261.24': 'PVP-PARTICIPANT-OKZ',
+        LDAPGVAT_OID+'261.30': 'PVP-ROLES',
+        LDAPGVAT_OID+'261.40': 'PVP-INVOICE-RECPT-ID',
+        LDAPGVAT_OID+'261.50': 'PVP-COST-CENTER-ID',
+        LDAPGVAT_OID+'261.60': 'PVP-CHARGE-CODE',
+        LDAPGVAT_OID+'3': 'PVP-OU-GV-OU-ID',
+        LDAPGVAT_OID+'33': 'PVP-FUNCTION',
+        LDAPGVAT_OID+'55': 'PVP-BIRTHDATE',
+        LDAPGVAT_OID+'71': 'PVP-PARTICIPANT-ID',
+        LDAPGVAT_UCL_DIR_PILOT+'1': 'PVP-USERID',
+        LDAPGVAT_UCL_DIR_PILOT+'3': 'PVP-MAIL',
+        LDAPGVAT_X500ATTR_OID+'11': 'PVP-OU',
+        LDAPGVAT_X500ATTR_OID+'20': 'PVP-TEL',
+        LDAPGVAT_X500ATTR_OID+'42': 'PVP-GIVENNAME',
+        NETSCAPE_LDAP+'1': 'carLicense',
+        NETSCAPE_LDAP+'2': 'departmentNumber',
+        NETSCAPE_LDAP+'3': 'employeeNumber',
+        NETSCAPE_LDAP+'4': 'employeeType',
+        NETSCAPE_LDAP+'39': 'preferredLanguage',
+        NETSCAPE_LDAP+'40': 'userSMIMECertificate',
+        NETSCAPE_LDAP+'216': 'userPKCS12',
+        NETSCAPE_LDAP+'241': 'displayName',
+        NOREDUPERSON_OID+'1': 'norEduOrgUniqueNumber',
+        NOREDUPERSON_OID+'2': 'norEduOrgUnitUniqueNumber',
+        NOREDUPERSON_OID+'3': 'norEduPersonBirthDate',
+        NOREDUPERSON_OID+'4': 'norEduPersonLIN',
+        NOREDUPERSON_OID+'5': 'norEduPersonNIN',
+        NOREDUPERSON_OID+'6': 'norEduOrgAcronym',
+        NOREDUPERSON_OID+'7': 'norEduOrgUniqueIdentifier',
+        NOREDUPERSON_OID+'8': 'norEduOrgUnitUniqueIdentifier',
+        NOREDUPERSON_OID+'9': 'federationFeideSchemaVersion',
+        NOREDUPERSON_OID+'10': 'norEduPersonLegalName',
+        NOREDUPERSON_OID+'11': 'norEduOrgSchemaVersion',
+        NOREDUPERSON_OID+'12': 'norEduOrgNIN',
+        OPENOSI_OID+'17': 'osiHomeUrl',
+        OPENOSI_OID+'19': 'osiPreferredTZ',
+        OPENOSI_OID+'72': 'osiICardTimeLastUpdated',
+        OPENOSI_OID+'104': 'osiMiddleName',
+        OPENOSI_OID+'107': 'osiOtherEmail',
+        OPENOSI_OID+'109': 'osiOtherHomePhone',
+        OPENOSI_OID+'120': 'osiWorkURL',
+        PKCS_9+'1': 'email',
+        SCHAC+'1': 'schacMotherTongue',
+        SCHAC+'2': 'schacGender',
+        SCHAC+'3': 'schacDateOfBirth',
+        SCHAC+'4': 'schacPlaceOfBirth',
+        SCHAC+'5': 'schacCountryOfCitizenship',
+        SCHAC+'6': 'schacSn1',
+        SCHAC+'7': 'schacSn2',
+        SCHAC+'8': 'schacPersonalTitle',
+        SCHAC+'9': 'schacHomeOrganization',
+        SCHAC+'10': 'schacHomeOrganizationType',
+        SCHAC+'11': 'schacCountryOfResidence',
+        SCHAC+'12': 'schacUserPresenceID',
+        SCHAC+'13': 'schacPersonalPosition',
+        SCHAC+'14': 'schacPersonalUniqueCode',
+        SCHAC+'15': 'schacPersonalUniqueID',
+        SCHAC+'17': 'schacExpiryDate',
+        SCHAC+'18': 'schacUserPrivateAttribute',
+        SCHAC+'19': 'schacUserStatus',
+        SCHAC+'20': 'schacProjectMembership',
+        SCHAC+'21': 'schacProjectSpecificRole',
+        SIS+'1': 'sisLegalGuardianFor',
+        SIS+'2': 'sisSchoolGrade',
+        UCL_DIR_PILOT+'1': 'uid',
+        UCL_DIR_PILOT+'3': 'mail',
+        UCL_DIR_PILOT+'25': 'dc',
+        UCL_DIR_PILOT+'37': 'associatedDomain',
+        UCL_DIR_PILOT+'43': 'co',
+        UCL_DIR_PILOT+'60': 'jpegPhoto',
+        UMICH+'57': 'labeledURI',
+        X500ATTR_OID+'2': 'knowledgeInformation',
+        X500ATTR_OID+'3': 'cn',
+        X500ATTR_OID+'4': 'sn',
+        X500ATTR_OID+'5': 'serialNumber',
+        X500ATTR_OID+'6': 'c',
+        X500ATTR_OID+'7': 'l',
+        X500ATTR_OID+'8': 'st',
+        X500ATTR_OID+'9': 'street',
+        X500ATTR_OID+'10': 'o',
+        X500ATTR_OID+'11': 'ou',
+        X500ATTR_OID+'12': 'title',
+        X500ATTR_OID+'14': 'searchGuide',
+        X500ATTR_OID+'15': 'businessCategory',
+        X500ATTR_OID+'16': 'postalAddress',
+        X500ATTR_OID+'17': 'postalCode',
+        X500ATTR_OID+'18': 'postOfficeBox',
+        X500ATTR_OID+'19': 'physicalDeliveryOfficeName',
+        X500ATTR_OID+'20': 'telephoneNumber',
+        X500ATTR_OID+'21': 'telexNumber',
+        X500ATTR_OID+'22': 'teletexTerminalIdentifier',
+        X500ATTR_OID+'23': 'facsimileTelephoneNumber',
+        X500ATTR_OID+'24': 'x121Address',
+        X500ATTR_OID+'25': 'internationaliSDNNumber',
+        X500ATTR_OID+'26': 'registeredAddress',
+        X500ATTR_OID+'27': 'destinationIndicator',
+        X500ATTR_OID+'28': 'preferredDeliveryMethod',
+        X500ATTR_OID+'29': 'presentationAddress',
+        X500ATTR_OID+'30': 'supportedApplicationContext',
+        X500ATTR_OID+'31': 'member',
+        X500ATTR_OID+'32': 'owner',
+        X500ATTR_OID+'33': 'roleOccupant',
+        X500ATTR_OID+'36': 'userCertificate',
+        X500ATTR_OID+'37': 'cACertificate',
+        X500ATTR_OID+'38': 'authorityRevocationList',
+        X500ATTR_OID+'39': 'certificateRevocationList',
+        X500ATTR_OID+'40': 'crossCertificatePair',
+        X500ATTR_OID+'42': 'givenName',
+        X500ATTR_OID+'43': 'initials',
+        X500ATTR_OID+'44': 'generationQualifier',
+        X500ATTR_OID+'45': 'x500UniqueIdentifier',
+        X500ATTR_OID+'46': 'dnQualifier',
+        X500ATTR_OID+'47': 'enhancedSearchGuide',
+        X500ATTR_OID+'48': 'protocolInformation',
+        X500ATTR_OID+'50': 'uniqueMember',
+        X500ATTR_OID+'51': 'houseIdentifier',
+        X500ATTR_OID+'52': 'supportedAlgorithms',
+        X500ATTR_OID+'53': 'deltaRevocationList',
+        X500ATTR_OID+'54': 'dmdName',
+        X500ATTR_OID+'65': 'pseudonym',
+    },
+    'to': {
+        'LegalPersonIdentifier': EIDAS_LEGALPERSON+'LegalPersonIdentifier',
+        'LegalAddress': EIDAS_LEGALPERSON+'LegalAddress',
+        'LegalName': EIDAS_LEGALPERSON+'LegalName',
+        'VATRegistration': EIDAS_LEGALPERSON+'VATRegistration',
+        'TaxReference': EIDAS_LEGALPERSON+'TaxReference',
+        'BusinessCodes': EIDAS_LEGALPERSON+'BusinessCodes',
+        'LEI': EIDAS_LEGALPERSON+'LEI',
+        'EORI': EIDAS_LEGALPERSON+'EORI',
+        'SEED': EIDAS_LEGALPERSON+'SEED',
+        'SIC': EIDAS_LEGALPERSON+'SIC',
+        'D-2012-17-EUIdentifier': EIDAS_LEGALPERSON+'D-2012-17-EUIdentifier',
+        'PersonIdentifier': EIDAS_NATURALPERSON+'PersonIdentifier',
+        'FamilyName': EIDAS_NATURALPERSON+'CurrentFamilyName',
+        'FirstName': EIDAS_NATURALPERSON+'CurrentGivenName',
+        'DateOfBirth': EIDAS_NATURALPERSON+'DateOfBirth',
+        'BirthName': EIDAS_NATURALPERSON+'BirthName',
+        'PlaceOfBirth': EIDAS_NATURALPERSON+'PlaceOfBirth',
+        'CurrentAddress': EIDAS_NATURALPERSON+'CurrentAddress',
+        'Gender': EIDAS_NATURALPERSON+'Gender',
+        'associatedDomain': UCL_DIR_PILOT+'37',
+        'authorityRevocationList': X500ATTR_OID+'38',
+        'businessCategory': X500ATTR_OID+'15',
+        'c': X500ATTR_OID+'6',
+        'cACertificate': X500ATTR_OID+'37',
+        'carLicense': NETSCAPE_LDAP+'1',
+        'certificateRevocationList': X500ATTR_OID+'39',
+        'cn': X500ATTR_OID+'3',
+        'co': UCL_DIR_PILOT+'43',
+        'crossCertificatePair': X500ATTR_OID+'40',
+        'dc': UCL_DIR_PILOT+'25',
+        'deltaRevocationList': X500ATTR_OID+'53',
+        'departmentNumber': NETSCAPE_LDAP+'2',
+        'destinationIndicator': X500ATTR_OID+'27',
+        'displayName': NETSCAPE_LDAP+'241',
+        'dmdName': X500ATTR_OID+'54',
+        'dnQualifier': X500ATTR_OID+'46',
+        'eduCourseMember': EDUCOURSE_OID+'2',
+        'eduCourseOffering': EDUCOURSE_OID+'1',
+        'eduPersonAffiliation': EDUPERSON_OID+'1',
+        'eduPersonEntitlement': EDUPERSON_OID+'7',
+        'eduPersonNickname': EDUPERSON_OID+'2',
+        'eduPersonOrgDN': EDUPERSON_OID+'3',
+        'eduPersonOrgUnitDN': EDUPERSON_OID+'4',
+        'eduPersonPrimaryAffiliation': EDUPERSON_OID+'5',
+        'eduPersonPrimaryOrgUnitDN': EDUPERSON_OID+'8',
+        'eduPersonPrincipalName': EDUPERSON_OID+'6',
+        'eduPersonPrincipalNamePrior': EDUPERSON_OID+'12',
+        'eduPersonScopedAffiliation': EDUPERSON_OID+'9',
+        'eduPersonTargetedID': EDUPERSON_OID+'10',
+        'eduPersonAssurance': EDUPERSON_OID+'11',
+        'eduPersonUniqueId': EDUPERSON_OID+'13',
+        'eduPersonOrcid': EDUPERSON_OID+'16',
+        'email': PKCS_9+'1',
+        'employeeNumber': NETSCAPE_LDAP+'3',
+        'employeeType': NETSCAPE_LDAP+'4',
+        'enhancedSearchGuide': X500ATTR_OID+'47',
+        'facsimileTelephoneNumber': X500ATTR_OID+'23',
+        'federationFeideSchemaVersion': NOREDUPERSON_OID+'9',
+        'generationQualifier': X500ATTR_OID+'44',
+        'givenName': X500ATTR_OID+'42',
+        'houseIdentifier': X500ATTR_OID+'51',
+        'initials': X500ATTR_OID+'43',
+        'internationaliSDNNumber': X500ATTR_OID+'25',
+        'isMemberOf': EDUMEMBER1_OID+'1',
+        'jpegPhoto': UCL_DIR_PILOT+'60',
+        'knowledgeInformation': X500ATTR_OID+'2',
+        'l': X500ATTR_OID+'7',
+        'labeledURI': UMICH+'57',
+        'mail': UCL_DIR_PILOT+'3',
+        'member': X500ATTR_OID+'31',
+        'norEduOrgAcronym': NOREDUPERSON_OID+'6',
+        'norEduOrgNIN': NOREDUPERSON_OID+'12',
+        'norEduOrgSchemaVersion': NOREDUPERSON_OID+'11',
+        'norEduOrgUniqueIdentifier': NOREDUPERSON_OID+'7',
+        'norEduOrgUniqueNumber': NOREDUPERSON_OID+'1',
+        'norEduOrgUnitUniqueIdentifier': NOREDUPERSON_OID+'8',
+        'norEduOrgUnitUniqueNumber': NOREDUPERSON_OID+'2',
+        'norEduPersonBirthDate': NOREDUPERSON_OID+'3',
+        'norEduPersonLIN': NOREDUPERSON_OID+'4',
+        'norEduPersonLegalName': NOREDUPERSON_OID+'10',
+        'norEduPersonNIN': NOREDUPERSON_OID+'5',
+        'o': X500ATTR_OID+'10',
+        'osiHomeUrl': OPENOSI_OID+'17',
+        'osiPreferredTZ': OPENOSI_OID+'19',
+        'osiICardTimeLastUpdated': OPENOSI_OID+'72',
+        'osiMiddleName': OPENOSI_OID+'104',
+        'osiOtherEmail': OPENOSI_OID+'107',
+        'osiOtherHomePhone': OPENOSI_OID+'109',
+        'osiWorkURL': OPENOSI_OID+'120',
+        'ou': X500ATTR_OID+'11',
+        'owner': X500ATTR_OID+'32',
+        'physicalDeliveryOfficeName': X500ATTR_OID+'19',
+        'postOfficeBox': X500ATTR_OID+'18',
+        'postalAddress': X500ATTR_OID+'16',
+        'postalCode': X500ATTR_OID+'17',
+        'preferredDeliveryMethod': X500ATTR_OID+'28',
+        'preferredLanguage': NETSCAPE_LDAP+'39',
+        'presentationAddress': X500ATTR_OID+'29',
+        'protocolInformation': X500ATTR_OID+'48',
+        'pseudonym': X500ATTR_OID+'65',
+        'PVP-USERID': LDAPGVAT_UCL_DIR_PILOT+'1',
+        'PVP-MAIL': LDAPGVAT_UCL_DIR_PILOT+'3',
+        'PVP-GID': LDAPGVAT_OID+'1',
+        'PVP-BPK': LDAPGVAT_OID+'149',
+        'PVP-OU-OKZ': LDAPGVAT_OID+'153',
+        'PVP-VERSION': LDAPGVAT_OID+'261.10',
+        'PVP-PRINCIPAL-NAME': LDAPGVAT_OID+'261.20',
+        'PVP-PARTICIPANT-OKZ': LDAPGVAT_OID+'261.24',
+        'PVP-ROLES': LDAPGVAT_OID+'261.30',
+        'PVP-INVOICE-RECPT-ID': LDAPGVAT_OID+'261.40',
+        'PVP-COST-CENTER-ID': LDAPGVAT_OID+'261.50',
+        'PVP-CHARGE-CODE': LDAPGVAT_OID+'261.60',
+        'PVP-OU-GV-OU-ID': LDAPGVAT_OID+'3',
+        'PVP-FUNCTION': LDAPGVAT_OID+'33',
+        'PVP-BIRTHDATE': LDAPGVAT_OID+'55',
+        'PVP-PARTICIPANT-ID': LDAPGVAT_OID+'71',
+        'PVP-OU': LDAPGVAT_X500ATTR_OID+'11',
+        'PVP-TEL': LDAPGVAT_X500ATTR_OID+'20',
+        'PVP-GIVENNAME': LDAPGVAT_X500ATTR_OID+'42',
+        'registeredAddress': X500ATTR_OID+'26',
+        'roleOccupant': X500ATTR_OID+'33',
+        'schacCountryOfCitizenship': SCHAC+'5',
+        'schacCountryOfResidence': SCHAC+'11',
+        'schacDateOfBirth': SCHAC+'3',
+        'schacExpiryDate': SCHAC+'17',
+        'schacGender': SCHAC+'2',
+        'schacHomeOrganization': SCHAC+'9',
+        'schacHomeOrganizationType': SCHAC+'10',
+        'schacMotherTongue': SCHAC+'1',
+        'schacPersonalPosition': SCHAC+'13',
+        'schacPersonalTitle': SCHAC+'8',
+        'schacPersonalUniqueCode': SCHAC+'14',
+        'schacPersonalUniqueID': SCHAC+'15',
+        'schacPlaceOfBirth': SCHAC+'4',
+        'schacProjectMembership': SCHAC+'20',
+        'schacProjectSpecificRole': SCHAC+'21',
+        'schacSn1': SCHAC+'6',
+        'schacSn2': SCHAC+'7',
+        'schacUserPresenceID': SCHAC+'12',
+        'schacUserPrivateAttribute': SCHAC+'18',
+        'schacUserStatus': SCHAC+'19',
+        'searchGuide': X500ATTR_OID+'14',
+        'serialNumber': X500ATTR_OID+'5',
+        'sisLegalGuardianFor': SIS+'1',
+        'sisSchoolGrade': SIS+'2',
+        'sn': X500ATTR_OID+'4',
+        'st': X500ATTR_OID+'8',
+        'street': X500ATTR_OID+'9',
+        'supportedAlgorithms': X500ATTR_OID+'52',
+        'supportedApplicationContext': X500ATTR_OID+'30',
+        'telephoneNumber': X500ATTR_OID+'20',
+        'teletexTerminalIdentifier': X500ATTR_OID+'22',
+        'telexNumber': X500ATTR_OID+'21',
+        'title': X500ATTR_OID+'12',
+        'uid': UCL_DIR_PILOT+'1',
+        'uniqueMember': X500ATTR_OID+'50',
+        'userCertificate': X500ATTR_OID+'36',
+        'userPKCS12': NETSCAPE_LDAP+'216',
+        'userSMIMECertificate': NETSCAPE_LDAP+'40',
+        'x121Address': X500ATTR_OID+'24',
+        'x500UniqueIdentifier': X500ATTR_OID+'45',
+    }
+}
diff --git a/example_sp/sp-repoze/attributemaps/shibboleth_uri.py b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/shibboleth_uri.py
similarity index 100%
rename from example_sp/sp-repoze/attributemaps/shibboleth_uri.py
rename to example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/shibboleth_uri.py
diff --git a/example_sp/djangosaml2_sp/saml2_sp/saml2_config/satosa-saml2spid.xml b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/satosa-saml2spid.xml
new file mode 100644
index 00000000..93cf71cc
--- /dev/null
+++ b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/satosa-saml2spid.xml
@@ -0,0 +1,55 @@
+<md:EntityDescriptor xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://localhost:10000/Saml2IDP/metadata"><md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" WantAuthnRequestsSigned="false"><md:Extensions><mdui:UIInfo><mdui:DisplayName xml:lang="en">Authentication Proxy</mdui:DisplayName><mdui:Description xml:lang="en">Authentication Proxy</mdui:Description><mdui:Keywords xml:lang="it">Authentication Proxy IdP IT</mdui:Keywords><mdui:Keywords xml:lang="en">Authentication Proxy IdP EN</mdui:Keywords><mdui:Logo height="100" width="100">https://www.spid.gov.it/assets/img/spid-ico-circle-bb.svg</mdui:Logo><mdui:PrivacyStatementURL xml:lang="en">https://www.example.org/privacy/</mdui:PrivacyStatementURL></mdui:UIInfo></md:Extensions><md:KeyDescriptor use="signing"><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIE/TCCA2WgAwIBAgIUZYMkZC8ySXs72cH2yj4TGh/T7PgwDQYJKoZIhvcNAQEM
+BQAwgasxGzAZBgNVBAMMElNQSUQgZXhhbXBsZSBwcm94eTELMAkGA1UEBhMCSVQx
+DTALBgNVBAcMBFJvbWExFTATBgNVBGEMDFBBOklULWNfaDUwMTEbMBkGA1UECgwS
+U1BJRCBleGFtcGxlIHByb3h5MRMwEQYDVQQFEwoxMjM0NTY3ODkwMScwJQYDVQRT
+DB5odHRwczovL3NwaWQucHJveHkuZXhhbXBsZS5vcmcwHhcNMjEwNzEzMDkzMDE0
+WhcNNDEwNzA4MDkzMDE0WjCBqzEbMBkGA1UEAwwSU1BJRCBleGFtcGxlIHByb3h5
+MQswCQYDVQQGEwJJVDENMAsGA1UEBwwEUm9tYTEVMBMGA1UEYQwMUEE6SVQtY19o
+NTAxMRswGQYDVQQKDBJTUElEIGV4YW1wbGUgcHJveHkxEzARBgNVBAUTCjEyMzQ1
+Njc4OTAxJzAlBgNVBFMMHmh0dHBzOi8vc3BpZC5wcm94eS5leGFtcGxlLm9yZzCC
+AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMX1VVjDx0e9PIq+v1NeHQ8S
+iT6hHJSkMsWYV+JLmLoGcxSV7iMFvBL3KQaokCFAAsl1k5f77PT3WFMFzmVO+0Eq
+SRIM/+7m8IgXP2amBcxJWt5iglG73vVw1cSEovmlDkUR7jP88Q8OfK+RrR1qm7v8
+Nt/AFWGzQL95Ng3Ux7uJ8CwZSZaNdj+nJoEKDG0+c9pfPLcc/QgP7ZrINacUCpUe
+EWcUvR+cJRZip9B15Kk2s+uUYvA9Gns4IpJGgmUXh6JCYwvm5/7l28uxmHzdT1hN
+e1p1f5g5ofnZwFLJI+SCbVNq7q/f2NU8JpQTMCgeyPdnVV5nXxG6sDRDnQIsvnHt
+g6AMUCHYVV+PZroMQtx5TRCeiiA1RRCPnsqhjfPAOOIQopjHIr6MMVvO5WFP+7zG
+1u8tXc6/tl3fSKVuGnpDuXDn8Qj8exoh7A4olzv9PVFMqIRGLhYJ5bHRU1EuU/fA
+RReNYjWU3XYHiQ95xLzHjRjxZkyxvdxb7KCWbyHaOwIDAQABoxcwFTATBgNVHSAE
+DDAKMAgGBitMEAQCATANBgkqhkiG9w0BAQwFAAOCAYEAjT2bIsLUDMHlLW+aCjqw
+fqm9p//cFPzt6jeeZ6MEyIQ9/UVKbucOhgW7zsdKyxFSbZzx27icTUUHuAZV2eiS
+91AA7yhZB46pGfiYmPfbjZgN3EotllgphenDKJZzAZw9bjxASugvT/7faUGxQRQI
+ThwoCvpZr9U1aBKBP+QdE+Ym88h+rLGPokkUEoOfIT+WptE8gUbqPZHAq4ObODiT
+IZDVDflI2k/llS75e6TWBiZSGGdMMfkmDiBM9kW7sREW3HfUsYWx9SXEgtDZ3K8q
+fmhQn6IYLZX10lbk4j5HJTe6PLH+XmYdwIADboAhPDNEFK0E276iiHF/wR6i5WxK
+Bd1bAHLE451W8g3uAjkIhfIZg3i1r9uQXw4D8M1Gsb8OUDK182McqlVEP7HEsBno
+dprUnm3AfbAUjQ0aFRM/DfdKMy+3lYe4A3gBgWbDdliCFlpUUd9MjsYqs/EphcQR
+UNc2uhjHUl49I92V0VWTK4fB1hAXp4pCoAiVJBibMNML
+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:KeyDescriptor use="encryption"><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIE/TCCA2WgAwIBAgIUZYMkZC8ySXs72cH2yj4TGh/T7PgwDQYJKoZIhvcNAQEM
+BQAwgasxGzAZBgNVBAMMElNQSUQgZXhhbXBsZSBwcm94eTELMAkGA1UEBhMCSVQx
+DTALBgNVBAcMBFJvbWExFTATBgNVBGEMDFBBOklULWNfaDUwMTEbMBkGA1UECgwS
+U1BJRCBleGFtcGxlIHByb3h5MRMwEQYDVQQFEwoxMjM0NTY3ODkwMScwJQYDVQRT
+DB5odHRwczovL3NwaWQucHJveHkuZXhhbXBsZS5vcmcwHhcNMjEwNzEzMDkzMDE0
+WhcNNDEwNzA4MDkzMDE0WjCBqzEbMBkGA1UEAwwSU1BJRCBleGFtcGxlIHByb3h5
+MQswCQYDVQQGEwJJVDENMAsGA1UEBwwEUm9tYTEVMBMGA1UEYQwMUEE6SVQtY19o
+NTAxMRswGQYDVQQKDBJTUElEIGV4YW1wbGUgcHJveHkxEzARBgNVBAUTCjEyMzQ1
+Njc4OTAxJzAlBgNVBFMMHmh0dHBzOi8vc3BpZC5wcm94eS5leGFtcGxlLm9yZzCC
+AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMX1VVjDx0e9PIq+v1NeHQ8S
+iT6hHJSkMsWYV+JLmLoGcxSV7iMFvBL3KQaokCFAAsl1k5f77PT3WFMFzmVO+0Eq
+SRIM/+7m8IgXP2amBcxJWt5iglG73vVw1cSEovmlDkUR7jP88Q8OfK+RrR1qm7v8
+Nt/AFWGzQL95Ng3Ux7uJ8CwZSZaNdj+nJoEKDG0+c9pfPLcc/QgP7ZrINacUCpUe
+EWcUvR+cJRZip9B15Kk2s+uUYvA9Gns4IpJGgmUXh6JCYwvm5/7l28uxmHzdT1hN
+e1p1f5g5ofnZwFLJI+SCbVNq7q/f2NU8JpQTMCgeyPdnVV5nXxG6sDRDnQIsvnHt
+g6AMUCHYVV+PZroMQtx5TRCeiiA1RRCPnsqhjfPAOOIQopjHIr6MMVvO5WFP+7zG
+1u8tXc6/tl3fSKVuGnpDuXDn8Qj8exoh7A4olzv9PVFMqIRGLhYJ5bHRU1EuU/fA
+RReNYjWU3XYHiQ95xLzHjRjxZkyxvdxb7KCWbyHaOwIDAQABoxcwFTATBgNVHSAE
+DDAKMAgGBitMEAQCATANBgkqhkiG9w0BAQwFAAOCAYEAjT2bIsLUDMHlLW+aCjqw
+fqm9p//cFPzt6jeeZ6MEyIQ9/UVKbucOhgW7zsdKyxFSbZzx27icTUUHuAZV2eiS
+91AA7yhZB46pGfiYmPfbjZgN3EotllgphenDKJZzAZw9bjxASugvT/7faUGxQRQI
+ThwoCvpZr9U1aBKBP+QdE+Ym88h+rLGPokkUEoOfIT+WptE8gUbqPZHAq4ObODiT
+IZDVDflI2k/llS75e6TWBiZSGGdMMfkmDiBM9kW7sREW3HfUsYWx9SXEgtDZ3K8q
+fmhQn6IYLZX10lbk4j5HJTe6PLH+XmYdwIADboAhPDNEFK0E276iiHF/wR6i5WxK
+Bd1bAHLE451W8g3uAjkIhfIZg3i1r9uQXw4D8M1Gsb8OUDK182McqlVEP7HEsBno
+dprUnm3AfbAUjQ0aFRM/DfdKMy+3lYe4A3gBgWbDdliCFlpUUd9MjsYqs/EphcQR
+UNc2uhjHUl49I92V0VWTK4fB1hAXp4pCoAiVJBibMNML
+</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:10000/Saml2/sso/post" /><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:10000/spidSaml2/sso/post" /><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:10000/Saml2/sso/redirect" /><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:10000/spidSaml2/sso/redirect" /></md:IDPSSODescriptor><md:Organization><md:OrganizationName xml:lang="en">proxy.auth</md:OrganizationName><md:OrganizationDisplayName xml:lang="en">Saml2 Authentication Proxy</md:OrganizationDisplayName><md:OrganizationURL xml:lang="en">https://spid.proxy.example.org</md:OrganizationURL></md:Organization><md:ContactPerson contactType="technical"><md:GivenName>Technical</md:GivenName><md:EmailAddress>mailto:supporto.tecnico@example.org</md:EmailAddress></md:ContactPerson><md:ContactPerson contactType="support"><md:GivenName>Support</md:GivenName><md:EmailAddress>mailto:richieste.ict@example.org</md:EmailAddress></md:ContactPerson></md:EntityDescriptor>
\ No newline at end of file
diff --git a/example_sp/djangosaml2_sp/saml2_sp/urls.py b/example_sp/djangosaml2_sp/saml2_sp/urls.py
new file mode 100644
index 00000000..d480b46d
--- /dev/null
+++ b/example_sp/djangosaml2_sp/saml2_sp/urls.py
@@ -0,0 +1,9 @@
+from django.conf import settings
+from django.contrib import admin
+from django.urls import include, path
+
+from . import views
+
+urlpatterns = [
+    path('', views.index),
+]
diff --git a/example_sp/djangosaml2_sp/saml2_sp/utils.py b/example_sp/djangosaml2_sp/saml2_sp/utils.py
new file mode 100644
index 00000000..8137f648
--- /dev/null
+++ b/example_sp/djangosaml2_sp/saml2_sp/utils.py
@@ -0,0 +1,24 @@
+import base64
+import xml.dom.minidom
+import zlib
+
+from xml.parsers.expat import ExpatError
+
+
+def repr_saml(saml_str, b64=False):
+    """ Decode SAML from b64 and b64 deflated and
+        return a pretty printed representation
+    """
+    try:
+        msg = base64.b64decode(saml_str).decode() if b64 else saml_str
+        dom = xml.dom.minidom.parseString(msg)
+    except (UnicodeDecodeError, ExpatError):
+        # in HTTP-REDIRECT the base64 must be inflated
+        msg = base64.b64decode(saml_str)
+        inflated = zlib.decompress(msg, -15)
+        dom = xml.dom.minidom.parseString(inflated.decode())
+    return dom.toprettyxml()
+
+
+def encode_http_redirect_saml(saml_envelope):
+    return base64.b64encode(zlib.compress(saml_envelope.encode()))
diff --git a/example_sp/djangosaml2_sp/saml2_sp/views.py b/example_sp/djangosaml2_sp/saml2_sp/views.py
new file mode 100644
index 00000000..a1826cf1
--- /dev/null
+++ b/example_sp/djangosaml2_sp/saml2_sp/views.py
@@ -0,0 +1,54 @@
+import base64
+import logging
+import saml2
+
+from django.conf import settings
+from django.contrib.auth.models import User
+from django.dispatch import receiver
+from django.http import HttpResponse
+from django.shortcuts import render
+from django.template import TemplateDoesNotExist
+from djangosaml2.conf import get_config
+from djangosaml2.cache import IdentityCache, OutstandingQueriesCache
+from djangosaml2.cache import StateCache
+from djangosaml2.conf import get_config
+from djangosaml2.overrides import Saml2Client
+from djangosaml2.signals import post_authenticated, pre_user_save
+from djangosaml2.utils import (
+    available_idps, get_custom_setting,
+    get_idp_sso_supported_bindings, get_location
+)
+from saml2 import BINDING_HTTP_REDIRECT, BINDING_HTTP_POST
+from saml2.authn_context import requested_authn_context
+from saml2.metadata import entity_descriptor
+
+from .utils import repr_saml
+
+
+logger = logging.getLogger('djangosaml2')
+
+
+def index(request):
+    """ Barebone 'diagnostics' view, print user attributes if logged in + login/logout links.
+    """
+    if request.user.is_authenticated:
+        out = "LOGGED IN: <a href={0}>LOGOUT</a><br>".format(settings.LOGOUT_URL)
+        out += "".join(['%s: %s</br>' % (field.name, getattr(request.user, field.name))
+                    for field in request.user._meta.get_fields()
+                    if field.concrete])
+        return HttpResponse(out)
+    else:
+        return HttpResponse("LOGGED OUT: <a href={0}>LOGIN</a>".format(settings.LOGIN_URL))
+
+
+# TODO fix this in IdP side?
+@receiver(pre_user_save, sender=User)
+def custom_update_user(sender, instance, attributes, user_modified, **kargs):
+    """ Default behaviour does not play nice with booleans encoded in SAML as u'true'/u'false'.
+        This will convert those attributes to real booleans when saving.
+    """
+    for k, v in attributes.items():
+        u = set.intersection(set(v), set([u'true', u'false']))
+        if u:
+            setattr(instance, k, u.pop() == u'true')
+    return True  # I modified the user object
diff --git a/example_sp/djangosaml2_sp/tests/request_saml_auth.py b/example_sp/djangosaml2_sp/tests/request_saml_auth.py
new file mode 100644
index 00000000..2f09b59a
--- /dev/null
+++ b/example_sp/djangosaml2_sp/tests/request_saml_auth.py
@@ -0,0 +1,175 @@
+import copy
+import os
+import sys
+
+sys.path.append(os.getcwd())
+
+from djangosaml2_sp.sp_pysaml2_shibidp import (SAML_CONFIG,
+                                               BASE_URL,
+                                               BASE_DIR,
+                                               IDP_URL)
+
+from pprint import pprint
+
+from saml2.config import SPConfig
+from saml2.response import AuthnResponse
+from saml2 import BINDING_HTTP_REDIRECT, BINDING_HTTP_POST
+from saml2.client import Saml2Client
+
+
+# OutStanding Queries
+# outstanding = {'id-R3qGBIK1FKbybkEOo': '/', 'id-vV5JVaBZCuC2LHP9Y': '/', 'id-TH9lfrLJL4KtNuEZJ': '/', 'id-KeYf8iMkonCWaqGrd': '/', 'id-S8lzm7lkEYIwokDVZ': '/', 'id-1naCBqIuGqm31mFnC': '/', 'id-D5bhbXLDxt6nS2QtZ': '/', 'id-UCjbQ7AS1nGG5wSN5': '/', 'id-EdrCM5hBIDix23Bf5': '/', 'id-p3yvaSmx6TJPZ0qK7': '/', 'id-DgwqMaGwOJYRxnzQe': '/'} 
+
+outstanding = None
+outstanding_certs = None
+conv_info = None
+
+conf = SPConfig()
+
+conf.load(copy.deepcopy(SAML_CONFIG))
+client = Saml2Client(conf)
+
+# client arguments
+selected_idp = None
+came_from = '/'
+# conf['sp']['authn_requests_signed'] determines if saml2.BINDING_HTTP_POST or saml2.BINDING_HTTP_REDIRECT
+binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' # saml2.BINDING_HTTP_REDIRECT
+sign=False
+sigalg=None
+nsprefix = {'ds': 'http://www.w3.org/2000/09/xmldsig#', 'md': 'urn:oasis:names:tc:SAML:2.0:metadata', 'samlp': 'urn:oasis:names:tc:SAML:2.0:protocol', 'xenc': 'http://www.w3.org/2001/04/xmlenc#', 'saml': 'urn:oasis:names:tc:SAML:2.0:assertion'}
+
+# craft SAML Request
+session_id, result = client.prepare_for_authenticate(
+                                                     entityid=selected_idp,
+                                                     relay_state=came_from,
+                                                     binding=binding,
+                                                     sign=sign,
+                                                     sigalg=sigalg,
+                                                     nsprefix=nsprefix
+                                                     )
+
+target = result.get('headers')[0][1]
+
+# browser init
+import requests
+
+r = requests.Session()
+# SAMLRequest is in target URL
+sp_saml_request = r.get(target, verify=False)
+if not sp_saml_request.ok: raise ('SP SAML Request Failed')
+
+
+# fetch post ACTION url from form then POST
+import re
+action_post_regexp ='(?P<name>action)="(?P<value>[a-zA-Z0-9\.\:\/\_\?\=]*)"'
+s = re.search(action_post_regexp, sp_saml_request.text)
+if not s: raise ('IDP Login POST doesn\'t returns correctly')
+
+post_target = target.split('?')[0]+'?'+s.groupdict()['value'].split('?')[1]
+
+payload = {
+'j_username': 'mario',
+'j_password': 'cimpa12',
+'donotcache': 1,
+'_shib_idp_revokeConsent': True,
+'_eventId_proceed': ''
+}
+
+# post target is in one of the but we already fetched it in the previous FORM.
+# IDP supports all those defined in its Metadata
+# <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.testunical.it/idp/profile/Shibboleth/SSO"/>
+# <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.testunical.it/idp/profile/SAML2/POST/SSO"/>
+# <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://idp.testunical.it/idp/profile/SAML2/POST-SimpleSign/SSO"/>
+# <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.testunical.it/idp/profile/SAML2/Redirect/SSO"/>
+
+idp_login_response = r.post(post_target, data=payload, verify=False)
+if not idp_login_response.ok: raise ('IDP Login response Failed')
+
+# Response
+# extract SAML2 authn response from IDP response
+saml2_response_regexp ='name="(?P<name>SAMLResponse)" value="(?P<value>[a-zA-Z0-9\.\:\/\_\?\=\+\-]*)"'
+sr = re.search(saml2_response_regexp, idp_login_response.text)
+if not sr:
+    print(idp_login_response.text)
+    raise ('IDP Response doesn\'t contain a valid SAML value')
+
+
+# Decode SAML2 base64 String
+import base64
+
+saml_auth_response_b64 = sr.groupdict().get('value')
+saml_auth_response = base64.b64decode(saml_auth_response_b64)
+xmlstr = saml_auth_response.decode('ascii')
+
+# Fancy SAML print
+# from lxml import etree
+# root = etree.XML(xmlstr.encode('ascii'))
+# print(etree.tostring(root, pretty_print=True).decode('utf-8'))
+
+# pySAML2 parse authn response (sign and decrypt features included)
+
+kwargs = {
+            "outstanding_queries": outstanding,
+            "outstanding_certs": outstanding_certs,
+            "allow_unsolicited": conf._sp_allow_unsolicited,
+            "want_assertions_signed": conf._sp_want_assertions_signed,
+            "want_response_signed": conf._sp_want_response_signed,
+            "return_addrs": conf.endpoint("assertion_consumer_service", binding, "sp"),
+            "entity_id": conf.entityid,
+            "attribute_converters": conf.attribute_converters,
+            "allow_unknown_attributes": conf.allow_unknown_attributes,
+            'conv_info': conv_info
+            }
+
+# xml unravel fails bacause of b64 inflate method
+# pr = client.parse_authn_request_response(saml_auth_response_b64,
+                                     # binding,
+                                     # outstanding=outstanding,
+                                     # outstanding_certs=None,
+                                     # conv_info=None)
+
+authn_response = AuthnResponse(client.sec, **kwargs)
+
+# response.loads(xmlstr, False, origxml=origxml)
+# authn_response.loads(xmlstr, False, origxml=xmlstr)
+
+# response.py -> AuthnResponse
+# in response.loads -> ._loads ->
+# authn_response.signature_check(xmldata, origdoc=origxml, must=self.require_signature,
+# require_response_signature=self.require_response_signature,
+# **args)
+
+# HERE err=18;msg=self signed certificate !
+#samlp_response = authn_response.signature_check(xmlstr, must=0, require_response_signature=0)
+
+# ea = samlp_response.encrypted_assertion[0]
+# ea.encrypted_data.cipher_data.cipher_value.text
+
+# consulta python-xmlsec
+# https://github.com/mehcode/python-xmlsec/issues/22
+
+from lxml import etree
+import xmlsec
+
+xmlsec.enable_debug_trace(True)
+km = xmlsec.KeysManager()
+
+km.add_key(xmlsec.Key.from_file(conf.key_file,
+                                xmlsec.KeyFormat.PEM))
+enc_ctx = xmlsec.EncryptionContext(km)
+
+# root = etree.parse("response.xml").getroot()
+root = etree.XML(xmlstr.encode('ascii'))
+node = root.xpath(
+    "//enc:EncryptedData",
+    namespaces={'enc': 'http://www.w3.org/2001/04/xmlenc#'},
+)
+enc_data = node[0]
+
+print()
+print(etree.tostring(enc_data))
+print()
+decrypted = enc_ctx.decrypt(enc_data)
+
+print()
+print(etree.tostring(decrypted))
diff --git a/example_sp/README.md b/example_sp/pysaml2/README.md
similarity index 100%
rename from example_sp/README.md
rename to example_sp/pysaml2/README.md
diff --git a/example_sp/requirements.txt b/example_sp/pysaml2/requirements.txt
similarity index 100%
rename from example_sp/requirements.txt
rename to example_sp/pysaml2/requirements.txt
diff --git a/example_sp/pysaml2/sp-repoze/attributemaps/basic.py b/example_sp/pysaml2/sp-repoze/attributemaps/basic.py
new file mode 100644
index 00000000..9311d547
--- /dev/null
+++ b/example_sp/pysaml2/sp-repoze/attributemaps/basic.py
@@ -0,0 +1,326 @@
+
+MAP = {
+    "identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
+    "fro": {
+        'urn:mace:dir:attribute-def:aRecord': 'aRecord',
+        'urn:mace:dir:attribute-def:aliasedEntryName': 'aliasedEntryName',
+        'urn:mace:dir:attribute-def:aliasedObjectName': 'aliasedObjectName',
+        'urn:mace:dir:attribute-def:associatedDomain': 'associatedDomain',
+        'urn:mace:dir:attribute-def:associatedName': 'associatedName',
+        'urn:mace:dir:attribute-def:audio': 'audio',
+        'urn:mace:dir:attribute-def:authorityRevocationList': 'authorityRevocationList',
+        'urn:mace:dir:attribute-def:buildingName': 'buildingName',
+        'urn:mace:dir:attribute-def:businessCategory': 'businessCategory',
+        'urn:mace:dir:attribute-def:c': 'c',
+        'urn:mace:dir:attribute-def:cACertificate': 'cACertificate',
+        'urn:mace:dir:attribute-def:cNAMERecord': 'cNAMERecord',
+        'urn:mace:dir:attribute-def:carLicense': 'carLicense',
+        'urn:mace:dir:attribute-def:certificateRevocationList': 'certificateRevocationList',
+        'urn:mace:dir:attribute-def:cn': 'cn',
+        'urn:mace:dir:attribute-def:co': 'co',
+        'urn:mace:dir:attribute-def:commonName': 'commonName',
+        'urn:mace:dir:attribute-def:countryName': 'countryName',
+        'urn:mace:dir:attribute-def:crossCertificatePair': 'crossCertificatePair',
+        'urn:mace:dir:attribute-def:dITRedirect': 'dITRedirect',
+        'urn:mace:dir:attribute-def:dSAQuality': 'dSAQuality',
+        'urn:mace:dir:attribute-def:dc': 'dc',
+        'urn:mace:dir:attribute-def:deltaRevocationList': 'deltaRevocationList',
+        'urn:mace:dir:attribute-def:departmentNumber': 'departmentNumber',
+        'urn:mace:dir:attribute-def:description': 'description',
+        'urn:mace:dir:attribute-def:destinationIndicator': 'destinationIndicator',
+        'urn:mace:dir:attribute-def:displayName': 'displayName',
+        'urn:mace:dir:attribute-def:distinguishedName': 'distinguishedName',
+        'urn:mace:dir:attribute-def:dmdName': 'dmdName',
+        'urn:mace:dir:attribute-def:dnQualifier': 'dnQualifier',
+        'urn:mace:dir:attribute-def:documentAuthor': 'documentAuthor',
+        'urn:mace:dir:attribute-def:documentIdentifier': 'documentIdentifier',
+        'urn:mace:dir:attribute-def:documentLocation': 'documentLocation',
+        'urn:mace:dir:attribute-def:documentPublisher': 'documentPublisher',
+        'urn:mace:dir:attribute-def:documentTitle': 'documentTitle',
+        'urn:mace:dir:attribute-def:documentVersion': 'documentVersion',
+        'urn:mace:dir:attribute-def:domainComponent': 'domainComponent',
+        'urn:mace:dir:attribute-def:drink': 'drink',
+        'urn:mace:dir:attribute-def:eduOrgHomePageURI': 'eduOrgHomePageURI',
+        'urn:mace:dir:attribute-def:eduOrgIdentityAuthNPolicyURI': 'eduOrgIdentityAuthNPolicyURI',
+        'urn:mace:dir:attribute-def:eduOrgLegalName': 'eduOrgLegalName',
+        'urn:mace:dir:attribute-def:eduOrgSuperiorURI': 'eduOrgSuperiorURI',
+        'urn:mace:dir:attribute-def:eduOrgWhitePagesURI': 'eduOrgWhitePagesURI',
+        'urn:mace:dir:attribute-def:eduPersonAffiliation': 'eduPersonAffiliation',
+        'urn:mace:dir:attribute-def:eduPersonEntitlement': 'eduPersonEntitlement',
+        'urn:mace:dir:attribute-def:eduPersonNickname': 'eduPersonNickname',
+        'urn:mace:dir:attribute-def:eduPersonOrgDN': 'eduPersonOrgDN',
+        'urn:mace:dir:attribute-def:eduPersonOrgUnitDN': 'eduPersonOrgUnitDN',
+        'urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation': 'eduPersonPrimaryAffiliation',
+        'urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN': 'eduPersonPrimaryOrgUnitDN',
+        'urn:mace:dir:attribute-def:eduPersonPrincipalName': 'eduPersonPrincipalName',
+        'urn:mace:dir:attribute-def:eduPersonScopedAffiliation': 'eduPersonScopedAffiliation',
+        'urn:mace:dir:attribute-def:eduPersonTargetedID': 'eduPersonTargetedID',
+        'urn:mace:dir:attribute-def:email': 'email',
+        'urn:mace:dir:attribute-def:emailAddress': 'emailAddress',
+        'urn:mace:dir:attribute-def:employeeNumber': 'employeeNumber',
+        'urn:mace:dir:attribute-def:employeeType': 'employeeType',
+        'urn:mace:dir:attribute-def:enhancedSearchGuide': 'enhancedSearchGuide',
+        'urn:mace:dir:attribute-def:facsimileTelephoneNumber': 'facsimileTelephoneNumber',
+        'urn:mace:dir:attribute-def:favouriteDrink': 'favouriteDrink',
+        'urn:mace:dir:attribute-def:fax': 'fax',
+        'urn:mace:dir:attribute-def:federationFeideSchemaVersion': 'federationFeideSchemaVersion',
+        'urn:mace:dir:attribute-def:friendlyCountryName': 'friendlyCountryName',
+        'urn:mace:dir:attribute-def:generationQualifier': 'generationQualifier',
+        'urn:mace:dir:attribute-def:givenName': 'givenName',
+        'urn:mace:dir:attribute-def:gn': 'gn',
+        'urn:mace:dir:attribute-def:homePhone': 'homePhone',
+        'urn:mace:dir:attribute-def:homePostalAddress': 'homePostalAddress',
+        'urn:mace:dir:attribute-def:homeTelephoneNumber': 'homeTelephoneNumber',
+        'urn:mace:dir:attribute-def:host': 'host',
+        'urn:mace:dir:attribute-def:houseIdentifier': 'houseIdentifier',
+        'urn:mace:dir:attribute-def:info': 'info',
+        'urn:mace:dir:attribute-def:initials': 'initials',
+        'urn:mace:dir:attribute-def:internationaliSDNNumber': 'internationaliSDNNumber',
+        'urn:mace:dir:attribute-def:janetMailbox': 'janetMailbox',
+        'urn:mace:dir:attribute-def:jpegPhoto': 'jpegPhoto',
+        'urn:mace:dir:attribute-def:knowledgeInformation': 'knowledgeInformation',
+        'urn:mace:dir:attribute-def:l': 'l',
+        'urn:mace:dir:attribute-def:labeledURI': 'labeledURI',
+        'urn:mace:dir:attribute-def:localityName': 'localityName',
+        'urn:mace:dir:attribute-def:mDRecord': 'mDRecord',
+        'urn:mace:dir:attribute-def:mXRecord': 'mXRecord',
+        'urn:mace:dir:attribute-def:mail': 'mail',
+        'urn:mace:dir:attribute-def:mailPreferenceOption': 'mailPreferenceOption',
+        'urn:mace:dir:attribute-def:manager': 'manager',
+        'urn:mace:dir:attribute-def:member': 'member',
+        'urn:mace:dir:attribute-def:mobile': 'mobile',
+        'urn:mace:dir:attribute-def:mobileTelephoneNumber': 'mobileTelephoneNumber',
+        'urn:mace:dir:attribute-def:nSRecord': 'nSRecord',
+        'urn:mace:dir:attribute-def:name': 'name',
+        'urn:mace:dir:attribute-def:norEduOrgAcronym': 'norEduOrgAcronym',
+        'urn:mace:dir:attribute-def:norEduOrgNIN': 'norEduOrgNIN',
+        'urn:mace:dir:attribute-def:norEduOrgSchemaVersion': 'norEduOrgSchemaVersion',
+        'urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier': 'norEduOrgUniqueIdentifier',
+        'urn:mace:dir:attribute-def:norEduOrgUniqueNumber': 'norEduOrgUniqueNumber',
+        'urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier': 'norEduOrgUnitUniqueIdentifier',
+        'urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber': 'norEduOrgUnitUniqueNumber',
+        'urn:mace:dir:attribute-def:norEduPersonBirthDate': 'norEduPersonBirthDate',
+        'urn:mace:dir:attribute-def:norEduPersonLIN': 'norEduPersonLIN',
+        'urn:mace:dir:attribute-def:norEduPersonNIN': 'norEduPersonNIN',
+        'urn:mace:dir:attribute-def:o': 'o',
+        'urn:mace:dir:attribute-def:objectClass': 'objectClass',
+        'urn:mace:dir:attribute-def:organizationName': 'organizationName',
+        'urn:mace:dir:attribute-def:organizationalStatus': 'organizationalStatus',
+        'urn:mace:dir:attribute-def:organizationalUnitName': 'organizationalUnitName',
+        'urn:mace:dir:attribute-def:otherMailbox': 'otherMailbox',
+        'urn:mace:dir:attribute-def:ou': 'ou',
+        'urn:mace:dir:attribute-def:owner': 'owner',
+        'urn:mace:dir:attribute-def:pager': 'pager',
+        'urn:mace:dir:attribute-def:pagerTelephoneNumber': 'pagerTelephoneNumber',
+        'urn:mace:dir:attribute-def:personalSignature': 'personalSignature',
+        'urn:mace:dir:attribute-def:personalTitle': 'personalTitle',
+        'urn:mace:dir:attribute-def:photo': 'photo',
+        'urn:mace:dir:attribute-def:physicalDeliveryOfficeName': 'physicalDeliveryOfficeName',
+        'urn:mace:dir:attribute-def:pkcs9email': 'pkcs9email',
+        'urn:mace:dir:attribute-def:postOfficeBox': 'postOfficeBox',
+        'urn:mace:dir:attribute-def:postalAddress': 'postalAddress',
+        'urn:mace:dir:attribute-def:postalCode': 'postalCode',
+        'urn:mace:dir:attribute-def:preferredDeliveryMethod': 'preferredDeliveryMethod',
+        'urn:mace:dir:attribute-def:preferredLanguage': 'preferredLanguage',
+        'urn:mace:dir:attribute-def:presentationAddress': 'presentationAddress',
+        'urn:mace:dir:attribute-def:protocolInformation': 'protocolInformation',
+        'urn:mace:dir:attribute-def:pseudonym': 'pseudonym',
+        'urn:mace:dir:attribute-def:registeredAddress': 'registeredAddress',
+        'urn:mace:dir:attribute-def:rfc822Mailbox': 'rfc822Mailbox',
+        'urn:mace:dir:attribute-def:roleOccupant': 'roleOccupant',
+        'urn:mace:dir:attribute-def:roomNumber': 'roomNumber',
+        'urn:mace:dir:attribute-def:sOARecord': 'sOARecord',
+        'urn:mace:dir:attribute-def:searchGuide': 'searchGuide',
+        'urn:mace:dir:attribute-def:secretary': 'secretary',
+        'urn:mace:dir:attribute-def:seeAlso': 'seeAlso',
+        'urn:mace:dir:attribute-def:serialNumber': 'serialNumber',
+        'urn:mace:dir:attribute-def:singleLevelQuality': 'singleLevelQuality',
+        'urn:mace:dir:attribute-def:sn': 'sn',
+        'urn:mace:dir:attribute-def:st': 'st',
+        'urn:mace:dir:attribute-def:stateOrProvinceName': 'stateOrProvinceName',
+        'urn:mace:dir:attribute-def:street': 'street',
+        'urn:mace:dir:attribute-def:streetAddress': 'streetAddress',
+        'urn:mace:dir:attribute-def:subtreeMaximumQuality': 'subtreeMaximumQuality',
+        'urn:mace:dir:attribute-def:subtreeMinimumQuality': 'subtreeMinimumQuality',
+        'urn:mace:dir:attribute-def:supportedAlgorithms': 'supportedAlgorithms',
+        'urn:mace:dir:attribute-def:supportedApplicationContext': 'supportedApplicationContext',
+        'urn:mace:dir:attribute-def:surname': 'surname',
+        'urn:mace:dir:attribute-def:telephoneNumber': 'telephoneNumber',
+        'urn:mace:dir:attribute-def:teletexTerminalIdentifier': 'teletexTerminalIdentifier',
+        'urn:mace:dir:attribute-def:telexNumber': 'telexNumber',
+        'urn:mace:dir:attribute-def:textEncodedORAddress': 'textEncodedORAddress',
+        'urn:mace:dir:attribute-def:title': 'title',
+        'urn:mace:dir:attribute-def:uid': 'uid',
+        'urn:mace:dir:attribute-def:uniqueIdentifier': 'uniqueIdentifier',
+        'urn:mace:dir:attribute-def:uniqueMember': 'uniqueMember',
+        'urn:mace:dir:attribute-def:userCertificate': 'userCertificate',
+        'urn:mace:dir:attribute-def:userClass': 'userClass',
+        'urn:mace:dir:attribute-def:userPKCS12': 'userPKCS12',
+        'urn:mace:dir:attribute-def:userPassword': 'userPassword',
+        'urn:mace:dir:attribute-def:userSMIMECertificate': 'userSMIMECertificate',
+        'urn:mace:dir:attribute-def:userid': 'userid',
+        'urn:mace:dir:attribute-def:x121Address': 'x121Address',
+        'urn:mace:dir:attribute-def:x500UniqueIdentifier': 'x500UniqueIdentifier',
+        },
+    "to": {
+        'aRecord': 'urn:mace:dir:attribute-def:aRecord',
+        'aliasedEntryName': 'urn:mace:dir:attribute-def:aliasedEntryName',
+        'aliasedObjectName': 'urn:mace:dir:attribute-def:aliasedObjectName',
+        'associatedDomain': 'urn:mace:dir:attribute-def:associatedDomain',
+        'associatedName': 'urn:mace:dir:attribute-def:associatedName',
+        'audio': 'urn:mace:dir:attribute-def:audio',
+        'authorityRevocationList': 'urn:mace:dir:attribute-def:authorityRevocationList',
+        'buildingName': 'urn:mace:dir:attribute-def:buildingName',
+        'businessCategory': 'urn:mace:dir:attribute-def:businessCategory',
+        'c': 'urn:mace:dir:attribute-def:c',
+        'cACertificate': 'urn:mace:dir:attribute-def:cACertificate',
+        'cNAMERecord': 'urn:mace:dir:attribute-def:cNAMERecord',
+        'carLicense': 'urn:mace:dir:attribute-def:carLicense',
+        'certificateRevocationList': 'urn:mace:dir:attribute-def:certificateRevocationList',
+        'cn': 'urn:mace:dir:attribute-def:cn',
+        'co': 'urn:mace:dir:attribute-def:co',
+        'commonName': 'urn:mace:dir:attribute-def:commonName',
+        'countryName': 'urn:mace:dir:attribute-def:countryName',
+        'crossCertificatePair': 'urn:mace:dir:attribute-def:crossCertificatePair',
+        'dITRedirect': 'urn:mace:dir:attribute-def:dITRedirect',
+        'dSAQuality': 'urn:mace:dir:attribute-def:dSAQuality',
+        'dc': 'urn:mace:dir:attribute-def:dc',
+        'deltaRevocationList': 'urn:mace:dir:attribute-def:deltaRevocationList',
+        'departmentNumber': 'urn:mace:dir:attribute-def:departmentNumber',
+        'description': 'urn:mace:dir:attribute-def:description',
+        'destinationIndicator': 'urn:mace:dir:attribute-def:destinationIndicator',
+        'displayName': 'urn:mace:dir:attribute-def:displayName',
+        'distinguishedName': 'urn:mace:dir:attribute-def:distinguishedName',
+        'dmdName': 'urn:mace:dir:attribute-def:dmdName',
+        'dnQualifier': 'urn:mace:dir:attribute-def:dnQualifier',
+        'documentAuthor': 'urn:mace:dir:attribute-def:documentAuthor',
+        'documentIdentifier': 'urn:mace:dir:attribute-def:documentIdentifier',
+        'documentLocation': 'urn:mace:dir:attribute-def:documentLocation',
+        'documentPublisher': 'urn:mace:dir:attribute-def:documentPublisher',
+        'documentTitle': 'urn:mace:dir:attribute-def:documentTitle',
+        'documentVersion': 'urn:mace:dir:attribute-def:documentVersion',
+        'domainComponent': 'urn:mace:dir:attribute-def:domainComponent',
+        'drink': 'urn:mace:dir:attribute-def:drink',
+        'eduOrgHomePageURI': 'urn:mace:dir:attribute-def:eduOrgHomePageURI',
+        'eduOrgIdentityAuthNPolicyURI': 'urn:mace:dir:attribute-def:eduOrgIdentityAuthNPolicyURI',
+        'eduOrgLegalName': 'urn:mace:dir:attribute-def:eduOrgLegalName',
+        'eduOrgSuperiorURI': 'urn:mace:dir:attribute-def:eduOrgSuperiorURI',
+        'eduOrgWhitePagesURI': 'urn:mace:dir:attribute-def:eduOrgWhitePagesURI',
+        'eduPersonAffiliation': 'urn:mace:dir:attribute-def:eduPersonAffiliation',
+        'eduPersonEntitlement': 'urn:mace:dir:attribute-def:eduPersonEntitlement',
+        'eduPersonNickname': 'urn:mace:dir:attribute-def:eduPersonNickname',
+        'eduPersonOrgDN': 'urn:mace:dir:attribute-def:eduPersonOrgDN',
+        'eduPersonOrgUnitDN': 'urn:mace:dir:attribute-def:eduPersonOrgUnitDN',
+        'eduPersonPrimaryAffiliation': 'urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation',
+        'eduPersonPrimaryOrgUnitDN': 'urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN',
+        'eduPersonPrincipalName': 'urn:mace:dir:attribute-def:eduPersonPrincipalName',
+        'eduPersonScopedAffiliation': 'urn:mace:dir:attribute-def:eduPersonScopedAffiliation',
+        'eduPersonTargetedID': 'urn:mace:dir:attribute-def:eduPersonTargetedID',
+        'email': 'urn:mace:dir:attribute-def:email',
+        'emailAddress': 'urn:mace:dir:attribute-def:emailAddress',
+        'employeeNumber': 'urn:mace:dir:attribute-def:employeeNumber',
+        'employeeType': 'urn:mace:dir:attribute-def:employeeType',
+        'enhancedSearchGuide': 'urn:mace:dir:attribute-def:enhancedSearchGuide',
+        'facsimileTelephoneNumber': 'urn:mace:dir:attribute-def:facsimileTelephoneNumber',
+        'favouriteDrink': 'urn:mace:dir:attribute-def:favouriteDrink',
+        'fax': 'urn:mace:dir:attribute-def:fax',
+        'federationFeideSchemaVersion': 'urn:mace:dir:attribute-def:federationFeideSchemaVersion',
+        'friendlyCountryName': 'urn:mace:dir:attribute-def:friendlyCountryName',
+        'generationQualifier': 'urn:mace:dir:attribute-def:generationQualifier',
+        'givenName': 'urn:mace:dir:attribute-def:givenName',
+        'gn': 'urn:mace:dir:attribute-def:gn',
+        'homePhone': 'urn:mace:dir:attribute-def:homePhone',
+        'homePostalAddress': 'urn:mace:dir:attribute-def:homePostalAddress',
+        'homeTelephoneNumber': 'urn:mace:dir:attribute-def:homeTelephoneNumber',
+        'host': 'urn:mace:dir:attribute-def:host',
+        'houseIdentifier': 'urn:mace:dir:attribute-def:houseIdentifier',
+        'info': 'urn:mace:dir:attribute-def:info',
+        'initials': 'urn:mace:dir:attribute-def:initials',
+        'internationaliSDNNumber': 'urn:mace:dir:attribute-def:internationaliSDNNumber',
+        'janetMailbox': 'urn:mace:dir:attribute-def:janetMailbox',
+        'jpegPhoto': 'urn:mace:dir:attribute-def:jpegPhoto',
+        'knowledgeInformation': 'urn:mace:dir:attribute-def:knowledgeInformation',
+        'l': 'urn:mace:dir:attribute-def:l',
+        'labeledURI': 'urn:mace:dir:attribute-def:labeledURI',
+        'localityName': 'urn:mace:dir:attribute-def:localityName',
+        'mDRecord': 'urn:mace:dir:attribute-def:mDRecord',
+        'mXRecord': 'urn:mace:dir:attribute-def:mXRecord',
+        'mail': 'urn:mace:dir:attribute-def:mail',
+        'mailPreferenceOption': 'urn:mace:dir:attribute-def:mailPreferenceOption',
+        'manager': 'urn:mace:dir:attribute-def:manager',
+        'member': 'urn:mace:dir:attribute-def:member',
+        'mobile': 'urn:mace:dir:attribute-def:mobile',
+        'mobileTelephoneNumber': 'urn:mace:dir:attribute-def:mobileTelephoneNumber',
+        'nSRecord': 'urn:mace:dir:attribute-def:nSRecord',
+        'name': 'urn:mace:dir:attribute-def:name',
+        'norEduOrgAcronym': 'urn:mace:dir:attribute-def:norEduOrgAcronym',
+        'norEduOrgNIN': 'urn:mace:dir:attribute-def:norEduOrgNIN',
+        'norEduOrgSchemaVersion': 'urn:mace:dir:attribute-def:norEduOrgSchemaVersion',
+        'norEduOrgUniqueIdentifier': 'urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier',
+        'norEduOrgUniqueNumber': 'urn:mace:dir:attribute-def:norEduOrgUniqueNumber',
+        'norEduOrgUnitUniqueIdentifier': 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier',
+        'norEduOrgUnitUniqueNumber': 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber',
+        'norEduPersonBirthDate': 'urn:mace:dir:attribute-def:norEduPersonBirthDate',
+        'norEduPersonLIN': 'urn:mace:dir:attribute-def:norEduPersonLIN',
+        'norEduPersonNIN': 'urn:mace:dir:attribute-def:norEduPersonNIN',
+        'o': 'urn:mace:dir:attribute-def:o',
+        'objectClass': 'urn:mace:dir:attribute-def:objectClass',
+        'organizationName': 'urn:mace:dir:attribute-def:organizationName',
+        'organizationalStatus': 'urn:mace:dir:attribute-def:organizationalStatus',
+        'organizationalUnitName': 'urn:mace:dir:attribute-def:organizationalUnitName',
+        'otherMailbox': 'urn:mace:dir:attribute-def:otherMailbox',
+        'ou': 'urn:mace:dir:attribute-def:ou',
+        'owner': 'urn:mace:dir:attribute-def:owner',
+        'pager': 'urn:mace:dir:attribute-def:pager',
+        'pagerTelephoneNumber': 'urn:mace:dir:attribute-def:pagerTelephoneNumber',
+        'personalSignature': 'urn:mace:dir:attribute-def:personalSignature',
+        'personalTitle': 'urn:mace:dir:attribute-def:personalTitle',
+        'photo': 'urn:mace:dir:attribute-def:photo',
+        'physicalDeliveryOfficeName': 'urn:mace:dir:attribute-def:physicalDeliveryOfficeName',
+        'pkcs9email': 'urn:mace:dir:attribute-def:pkcs9email',
+        'postOfficeBox': 'urn:mace:dir:attribute-def:postOfficeBox',
+        'postalAddress': 'urn:mace:dir:attribute-def:postalAddress',
+        'postalCode': 'urn:mace:dir:attribute-def:postalCode',
+        'preferredDeliveryMethod': 'urn:mace:dir:attribute-def:preferredDeliveryMethod',
+        'preferredLanguage': 'urn:mace:dir:attribute-def:preferredLanguage',
+        'presentationAddress': 'urn:mace:dir:attribute-def:presentationAddress',
+        'protocolInformation': 'urn:mace:dir:attribute-def:protocolInformation',
+        'pseudonym': 'urn:mace:dir:attribute-def:pseudonym',
+        'registeredAddress': 'urn:mace:dir:attribute-def:registeredAddress',
+        'rfc822Mailbox': 'urn:mace:dir:attribute-def:rfc822Mailbox',
+        'roleOccupant': 'urn:mace:dir:attribute-def:roleOccupant',
+        'roomNumber': 'urn:mace:dir:attribute-def:roomNumber',
+        'sOARecord': 'urn:mace:dir:attribute-def:sOARecord',
+        'searchGuide': 'urn:mace:dir:attribute-def:searchGuide',
+        'secretary': 'urn:mace:dir:attribute-def:secretary',
+        'seeAlso': 'urn:mace:dir:attribute-def:seeAlso',
+        'serialNumber': 'urn:mace:dir:attribute-def:serialNumber',
+        'singleLevelQuality': 'urn:mace:dir:attribute-def:singleLevelQuality',
+        'sn': 'urn:mace:dir:attribute-def:sn',
+        'st': 'urn:mace:dir:attribute-def:st',
+        'stateOrProvinceName': 'urn:mace:dir:attribute-def:stateOrProvinceName',
+        'street': 'urn:mace:dir:attribute-def:street',
+        'streetAddress': 'urn:mace:dir:attribute-def:streetAddress',
+        'subtreeMaximumQuality': 'urn:mace:dir:attribute-def:subtreeMaximumQuality',
+        'subtreeMinimumQuality': 'urn:mace:dir:attribute-def:subtreeMinimumQuality',
+        'supportedAlgorithms': 'urn:mace:dir:attribute-def:supportedAlgorithms',
+        'supportedApplicationContext': 'urn:mace:dir:attribute-def:supportedApplicationContext',
+        'surname': 'urn:mace:dir:attribute-def:surname',
+        'telephoneNumber': 'urn:mace:dir:attribute-def:telephoneNumber',
+        'teletexTerminalIdentifier': 'urn:mace:dir:attribute-def:teletexTerminalIdentifier',
+        'telexNumber': 'urn:mace:dir:attribute-def:telexNumber',
+        'textEncodedORAddress': 'urn:mace:dir:attribute-def:textEncodedORAddress',
+        'title': 'urn:mace:dir:attribute-def:title',
+        'uid': 'urn:mace:dir:attribute-def:uid',
+        'uniqueIdentifier': 'urn:mace:dir:attribute-def:uniqueIdentifier',
+        'uniqueMember': 'urn:mace:dir:attribute-def:uniqueMember',
+        'userCertificate': 'urn:mace:dir:attribute-def:userCertificate',
+        'userClass': 'urn:mace:dir:attribute-def:userClass',
+        'userPKCS12': 'urn:mace:dir:attribute-def:userPKCS12',
+        'userPassword': 'urn:mace:dir:attribute-def:userPassword',
+        'userSMIMECertificate': 'urn:mace:dir:attribute-def:userSMIMECertificate',
+        'userid': 'urn:mace:dir:attribute-def:userid',
+        'x121Address': 'urn:mace:dir:attribute-def:x121Address',
+        'x500UniqueIdentifier': 'urn:mace:dir:attribute-def:x500UniqueIdentifier',
+    }
+}
\ No newline at end of file
diff --git a/example_sp/sp-repoze/attributemaps/saml_uri.py b/example_sp/pysaml2/sp-repoze/attributemaps/saml_uri.py
similarity index 100%
rename from example_sp/sp-repoze/attributemaps/saml_uri.py
rename to example_sp/pysaml2/sp-repoze/attributemaps/saml_uri.py
diff --git a/example_sp/pysaml2/sp-repoze/attributemaps/shibboleth_uri.py b/example_sp/pysaml2/sp-repoze/attributemaps/shibboleth_uri.py
new file mode 100644
index 00000000..d26bf006
--- /dev/null
+++ b/example_sp/pysaml2/sp-repoze/attributemaps/shibboleth_uri.py
@@ -0,0 +1,190 @@
+EDUPERSON_OID = "urn:oid:1.3.6.1.4.1.5923.1.1.1."
+X500ATTR = "urn:oid:2.5.4."
+NOREDUPERSON_OID = "urn:oid:1.3.6.1.4.1.2428.90.1."
+NETSCAPE_LDAP = "urn:oid:2.16.840.1.113730.3.1."
+UCL_DIR_PILOT = "urn:oid:0.9.2342.19200300.100.1."
+PKCS_9 = "urn:oid:1.2.840.113549.1.9."
+UMICH = "urn:oid:1.3.6.1.4.1.250.1.57."
+
+MAP = {
+    "identifier": "urn:mace:shibboleth:1.0:attributeNamespace:uri",
+    "fro": {
+        EDUPERSON_OID+'2': 'eduPersonNickname',
+        EDUPERSON_OID+'9': 'eduPersonScopedAffiliation',
+        EDUPERSON_OID+'11': 'eduPersonAssurance',
+        EDUPERSON_OID+'10': 'eduPersonTargetedID',
+        EDUPERSON_OID+'4': 'eduPersonOrgUnitDN',
+        NOREDUPERSON_OID+'6': 'norEduOrgAcronym',
+        NOREDUPERSON_OID+'7': 'norEduOrgUniqueIdentifier',
+        NOREDUPERSON_OID+'4': 'norEduPersonLIN',
+        EDUPERSON_OID+'1': 'eduPersonAffiliation',
+        NOREDUPERSON_OID+'2': 'norEduOrgUnitUniqueNumber',
+        NETSCAPE_LDAP+'40': 'userSMIMECertificate',
+        NOREDUPERSON_OID+'1': 'norEduOrgUniqueNumber',
+        NETSCAPE_LDAP+'241': 'displayName',
+        UCL_DIR_PILOT+'37': 'associatedDomain',
+        EDUPERSON_OID+'6': 'eduPersonPrincipalName',
+        NOREDUPERSON_OID+'8': 'norEduOrgUnitUniqueIdentifier',
+        NOREDUPERSON_OID+'9': 'federationFeideSchemaVersion',
+        X500ATTR+'53': 'deltaRevocationList',
+        X500ATTR+'52': 'supportedAlgorithms',
+        X500ATTR+'51': 'houseIdentifier',
+        X500ATTR+'50': 'uniqueMember',
+        X500ATTR+'19': 'physicalDeliveryOfficeName',
+        X500ATTR+'18': 'postOfficeBox',
+        X500ATTR+'17': 'postalCode',
+        X500ATTR+'16': 'postalAddress',
+        X500ATTR+'15': 'businessCategory',
+        X500ATTR+'14': 'searchGuide',
+        EDUPERSON_OID+'5': 'eduPersonPrimaryAffiliation',
+        X500ATTR+'12': 'title',
+        X500ATTR+'11': 'ou',
+        X500ATTR+'10': 'o',
+        X500ATTR+'37': 'cACertificate',
+        X500ATTR+'36': 'userCertificate',
+        X500ATTR+'31': 'member',
+        X500ATTR+'30': 'supportedApplicationContext',
+        X500ATTR+'33': 'roleOccupant',
+        X500ATTR+'32': 'owner',
+        NETSCAPE_LDAP+'1': 'carLicense',
+        PKCS_9+'1': 'email',
+        NETSCAPE_LDAP+'3': 'employeeNumber',
+        NETSCAPE_LDAP+'2': 'departmentNumber',
+        X500ATTR+'39': 'certificateRevocationList',
+        X500ATTR+'38': 'authorityRevocationList',
+        NETSCAPE_LDAP+'216': 'userPKCS12',
+        EDUPERSON_OID+'8': 'eduPersonPrimaryOrgUnitDN',
+        X500ATTR+'9': 'street',
+        X500ATTR+'8': 'st',
+        NETSCAPE_LDAP+'39': 'preferredLanguage',
+        EDUPERSON_OID+'7': 'eduPersonEntitlement',
+        X500ATTR+'2': 'knowledgeInformation',
+        X500ATTR+'7': 'l',
+        X500ATTR+'6': 'c',
+        X500ATTR+'5': 'serialNumber',
+        X500ATTR+'4': 'sn',
+        UCL_DIR_PILOT+'60': 'jpegPhoto',
+        X500ATTR+'65': 'pseudonym',
+        NOREDUPERSON_OID+'5': 'norEduPersonNIN',
+        UCL_DIR_PILOT+'3': 'mail',
+        UCL_DIR_PILOT+'25': 'dc',
+        X500ATTR+'40': 'crossCertificatePair',
+        X500ATTR+'42': 'givenName',
+        X500ATTR+'43': 'initials',
+        X500ATTR+'44': 'generationQualifier',
+        X500ATTR+'45': 'x500UniqueIdentifier',
+        X500ATTR+'46': 'dnQualifier',
+        X500ATTR+'47': 'enhancedSearchGuide',
+        X500ATTR+'48': 'protocolInformation',
+        X500ATTR+'54': 'dmdName',
+        NETSCAPE_LDAP+'4': 'employeeType',
+        X500ATTR+'22': 'teletexTerminalIdentifier',
+        X500ATTR+'23': 'facsimileTelephoneNumber',
+        X500ATTR+'20': 'telephoneNumber',
+        X500ATTR+'21': 'telexNumber',
+        X500ATTR+'26': 'registeredAddress',
+        X500ATTR+'27': 'destinationIndicator',
+        X500ATTR+'24': 'x121Address',
+        X500ATTR+'25': 'internationaliSDNNumber',
+        X500ATTR+'28': 'preferredDeliveryMethod',
+        X500ATTR+'29': 'presentationAddress',
+        EDUPERSON_OID+'3': 'eduPersonOrgDN',
+        NOREDUPERSON_OID+'3': 'norEduPersonBirthDate',
+    },
+    "to":{
+        'roleOccupant': X500ATTR+'33',
+        'gn': X500ATTR+'42',
+        'norEduPersonNIN': NOREDUPERSON_OID+'5',
+        'title': X500ATTR+'12',
+        'facsimileTelephoneNumber': X500ATTR+'23',
+        'mail': UCL_DIR_PILOT+'3',
+        'postOfficeBox': X500ATTR+'18',
+        'fax': X500ATTR+'23',
+        'telephoneNumber': X500ATTR+'20',
+        'norEduPersonBirthDate': NOREDUPERSON_OID+'3',
+        'rfc822Mailbox': UCL_DIR_PILOT+'3',
+        'dc': UCL_DIR_PILOT+'25',
+        'countryName': X500ATTR+'6',
+        'emailAddress': PKCS_9+'1',
+        'employeeNumber': NETSCAPE_LDAP+'3',
+        'organizationName': X500ATTR+'10',
+        'eduPersonAssurance': EDUPERSON_OID+'11',
+        'norEduOrgAcronym': NOREDUPERSON_OID+'6',
+        'registeredAddress': X500ATTR+'26',
+        'physicalDeliveryOfficeName': X500ATTR+'19',
+        'associatedDomain': UCL_DIR_PILOT+'37',
+        'l': X500ATTR+'7',
+        'stateOrProvinceName': X500ATTR+'8',
+        'federationFeideSchemaVersion': NOREDUPERSON_OID+'9',
+        'pkcs9email': PKCS_9+'1',
+        'givenName': X500ATTR+'42',
+        'x500UniqueIdentifier': X500ATTR+'45',
+        'eduPersonNickname': EDUPERSON_OID+'2',
+        'houseIdentifier': X500ATTR+'51',
+        'street': X500ATTR+'9',
+        'supportedAlgorithms': X500ATTR+'52',
+        'preferredLanguage': NETSCAPE_LDAP+'39',
+        'postalAddress': X500ATTR+'16',
+        'email': PKCS_9+'1',
+        'norEduOrgUnitUniqueIdentifier': NOREDUPERSON_OID+'8',
+        'eduPersonPrimaryOrgUnitDN': EDUPERSON_OID+'8',
+        'c': X500ATTR+'6',
+        'teletexTerminalIdentifier': X500ATTR+'22',
+        'o': X500ATTR+'10',
+        'cACertificate': X500ATTR+'37',
+        'telexNumber': X500ATTR+'21',
+        'ou': X500ATTR+'11',
+        'initials': X500ATTR+'43',
+        'eduPersonOrgUnitDN': EDUPERSON_OID+'4',
+        'deltaRevocationList': X500ATTR+'53',
+        'norEduPersonLIN': NOREDUPERSON_OID+'4',
+        'supportedApplicationContext': X500ATTR+'30',
+        'eduPersonEntitlement': EDUPERSON_OID+'7',
+        'generationQualifier': X500ATTR+'44',
+        'eduPersonAffiliation': EDUPERSON_OID+'1',
+        'eduPersonPrincipalName': EDUPERSON_OID+'6',
+        'localityName': X500ATTR+'7',
+        'owner': X500ATTR+'32',
+        'norEduOrgUnitUniqueNumber': NOREDUPERSON_OID+'2',
+        'searchGuide': X500ATTR+'14',
+        'certificateRevocationList': X500ATTR+'39',
+        'organizationalUnitName': X500ATTR+'11',
+        'userCertificate': X500ATTR+'36',
+        'preferredDeliveryMethod': X500ATTR+'28',
+        'internationaliSDNNumber': X500ATTR+'25',
+        'uniqueMember': X500ATTR+'50',
+        'departmentNumber': NETSCAPE_LDAP+'2',
+        'enhancedSearchGuide': X500ATTR+'47',
+        'userPKCS12': NETSCAPE_LDAP+'216',
+        'eduPersonTargetedID': EDUPERSON_OID+'10',
+        'norEduOrgUniqueNumber': NOREDUPERSON_OID+'1',
+        'x121Address': X500ATTR+'24',
+        'destinationIndicator': X500ATTR+'27',
+        'eduPersonPrimaryAffiliation': EDUPERSON_OID+'5',
+        'surname': X500ATTR+'4',
+        'jpegPhoto': UCL_DIR_PILOT+'60',
+        'eduPersonScopedAffiliation': EDUPERSON_OID+'9',
+        'protocolInformation': X500ATTR+'48',
+        'knowledgeInformation': X500ATTR+'2',
+        'employeeType': NETSCAPE_LDAP+'4',
+        'userSMIMECertificate': NETSCAPE_LDAP+'40',
+        'member': X500ATTR+'31',
+        'streetAddress': X500ATTR+'9',
+        'dmdName': X500ATTR+'54',
+        'postalCode': X500ATTR+'17',
+        'pseudonym': X500ATTR+'65',
+        'dnQualifier': X500ATTR+'46',
+        'crossCertificatePair': X500ATTR+'40',
+        'eduPersonOrgDN': EDUPERSON_OID+'3',
+        'authorityRevocationList': X500ATTR+'38',
+        'displayName': NETSCAPE_LDAP+'241',
+        'businessCategory': X500ATTR+'15',
+        'serialNumber': X500ATTR+'5',
+        'norEduOrgUniqueIdentifier': NOREDUPERSON_OID+'7',
+        'st': X500ATTR+'8',
+        'carLicense': NETSCAPE_LDAP+'1',
+        'presentationAddress': X500ATTR+'29',
+        'sn': X500ATTR+'4',
+        'domainComponent': UCL_DIR_PILOT+'25',
+    }
+}
\ No newline at end of file
diff --git a/example_sp/sp-repoze/sp.py b/example_sp/pysaml2/sp-repoze/sp.py
similarity index 100%
rename from example_sp/sp-repoze/sp.py
rename to example_sp/pysaml2/sp-repoze/sp.py
diff --git a/example_sp/sp-repoze/sp_conf.py b/example_sp/pysaml2/sp-repoze/sp_conf.py
similarity index 100%
rename from example_sp/sp-repoze/sp_conf.py
rename to example_sp/pysaml2/sp-repoze/sp_conf.py
diff --git a/example_sp/sp-repoze/sp_conf.py.example b/example_sp/pysaml2/sp-repoze/sp_conf.py.example
similarity index 100%
rename from example_sp/sp-repoze/sp_conf.py.example
rename to example_sp/pysaml2/sp-repoze/sp_conf.py.example
diff --git a/example_sp/sp-repoze/who.ini b/example_sp/pysaml2/sp-repoze/who.ini
similarity index 100%
rename from example_sp/sp-repoze/who.ini
rename to example_sp/pysaml2/sp-repoze/who.ini
diff --git a/example_sp/pysaml2/sp-wsgi/metadata.xml b/example_sp/pysaml2/sp-wsgi/metadata.xml
new file mode 100644
index 00000000..e69de29b
diff --git a/example_sp/sp-wsgi/service_conf.py b/example_sp/pysaml2/sp-wsgi/service_conf.py
similarity index 100%
rename from example_sp/sp-wsgi/service_conf.py
rename to example_sp/pysaml2/sp-wsgi/service_conf.py
diff --git a/example_sp/sp-wsgi/service_conf.py.example b/example_sp/pysaml2/sp-wsgi/service_conf.py.example
similarity index 100%
rename from example_sp/sp-wsgi/service_conf.py.example
rename to example_sp/pysaml2/sp-wsgi/service_conf.py.example
diff --git a/example_sp/sp-wsgi/sp.py b/example_sp/pysaml2/sp-wsgi/sp.py
similarity index 100%
rename from example_sp/sp-wsgi/sp.py
rename to example_sp/pysaml2/sp-wsgi/sp.py
diff --git a/example_sp/pysaml2/sp-wsgi/sp.xml b/example_sp/pysaml2/sp-wsgi/sp.xml
new file mode 100644
index 00000000..e69de29b
diff --git a/example_sp/sp-wsgi/sp_conf.py b/example_sp/pysaml2/sp-wsgi/sp_conf.py
similarity index 100%
rename from example_sp/sp-wsgi/sp_conf.py
rename to example_sp/pysaml2/sp-wsgi/sp_conf.py
diff --git a/example_sp/sp-wsgi/sp_conf.py.example b/example_sp/pysaml2/sp-wsgi/sp_conf.py.example
similarity index 100%
rename from example_sp/sp-wsgi/sp_conf.py.example
rename to example_sp/pysaml2/sp-wsgi/sp_conf.py.example
diff --git a/example_sp/start.sh b/example_sp/pysaml2/start.sh
similarity index 100%
rename from example_sp/start.sh
rename to example_sp/pysaml2/start.sh
diff --git a/requirements.txt b/requirements.txt
index 6456a12e..f3d487e1 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -28,7 +28,7 @@ pycparser==2.19
 pycryptodomex==3.9.7
 pyjwkest==1.4.2
 pymongo==3.10.1
-pyop==3.0.1
+pyop>=3.2.0
 pyOpenSSL==19.1.0
 pyparsing==2.4.6
 pystache==0.5.4