diff --git a/debian-bullseye/tests/control b/debian-bullseye/tests/control
new file mode 100644
index 00000000..9055d6c9
--- /dev/null
+++ b/debian-bullseye/tests/control
@@ -0,0 +1,3 @@
+Test-Command: for py in $(py3versions -s); do echo "[*] testing on $py:"; $py debian/tests/sso.py ; done
+
+Test-Command: /usr/bin/perl bindings/perl/test.pl
diff --git a/debian-bullseye/tests/sso.py b/debian-bullseye/tests/sso.py
new file mode 100644
index 00000000..7f93a915
--- /dev/null
+++ b/debian-bullseye/tests/sso.py
@@ -0,0 +1,36 @@
+import os
+import lasso
+
+DATA_DIR = 'tests/data'
+
+
+def server(local_name, remote_role, remote_name):
+    pwd = os.path.join(DATA_DIR, local_name, 'password')
+    password = None
+    if os.path.exists(pwd):
+        password = open(pwd).read()
+    s = lasso.Server(
+        os.path.join(DATA_DIR, local_name, 'metadata.xml'),
+        os.path.join(DATA_DIR, local_name, 'private-key.pem'),
+        password,
+    )
+    s.addProvider(remote_role, os.path.join(DATA_DIR, remote_name, 'metadata.xml'))
+    return s
+
+
+sp_server = server('sp7-saml2', lasso.PROVIDER_ROLE_IDP, 'idp7-saml2')
+idp_server = server('idp7-saml2', lasso.PROVIDER_ROLE_SP, 'sp7-saml2')
+
+sp_login = lasso.Login(sp_server)
+sp_login.initAuthnRequest()
+sp_login.request.protocolBinding = lasso.SAML2_METADATA_BINDING_POST
+sp_login.buildAuthnRequestMsg()
+idp_login = lasso.Login(idp_server)
+idp_login.setSignatureVerifyHint(lasso.PROFILE_SIGNATURE_VERIFY_HINT_FORCE)
+idp_login.processAuthnRequestMsg(sp_login.msgUrl.split('?')[1])
+idp_login.validateRequestMsg(True, True)
+idp_login.buildAssertion("None", "None", "None", "None", "None")
+idp_login.buildAuthnResponseMsg()
+sp_login.setSignatureVerifyHint(lasso.PROFILE_SIGNATURE_VERIFY_HINT_FORCE)
+sp_login.processAuthnResponseMsg(idp_login.msgBody)
+sp_login.acceptSso()