add support for eduID test

5027f436 · Sandro Mathys · 9884ec5d · 5027f436 · 5027f436 · 5027f436
Commit 5027f436 authored May 20, 2021 by Sandro Mathys
--- a/chart/templates/_validation.tpl
+++ b/chart/templates/_validation.tpl
@@ -6,6 +6,7 @@ Compile all warnings into a single message, and call fail.
 {{- $messages := append $messages (include "shibboleth-sp.validateValues.podAntiAffinityPreset" .) -}}
 {{- $messages := append $messages (include "shibboleth-sp.validateValues.route" .) -}}
 {{- $messages := append $messages (include "shibboleth-sp.validateValues.backend.eduIDOnly_xor_interfederation" .) -}}
+{{- $messages := append $messages (include "shibboleth-sp.validateValues.backend.eduIDVersion" .) -}}
 {{- $messages := append $messages (include "shibboleth-sp.validateValues.backend.shibboleth.configMap" .) -}}
 {{- $messages := append $messages (include "shibboleth-sp.validateValues.backend.shibboleth.missingValues" .) -}}
 {{- $messages := append $messages (include "shibboleth-sp.validateValues.backend.shibboleth.sessionCache_xor_memcached" .) -}}
@@ -65,6 +66,13 @@ Compile all warnings into a single message, and call fail.
 {{- end -}}
 {{- end -}}

+{{- define "shibboleth-sp.validateValues.backend.eduIDVersion" -}}
+{{- if not (or (eq .Values.backend.shibboleth.eduIDVersion "production") (eq .Values.backend.shibboleth.eduIDVersion "test")) }}
+  backend.shibboleth.eduIDVersion
+    Illegal value: `eduIDVersion` must be set to "", "production" or "test", not "{{ .Values.backend.shibboleth.eduIDVersion }}".
+{{- end -}}
+{{- end -}}
+
 {{/* this is needed independent of whether a configMap is specified or not */}}
 {{- if not .Values.backend.shibboleth.applicationDefaults.credentialResolver.activeSecretName }}
  backend.shibboleth.applicationDefaults.credentialResolver.activeSecretName

--- a/chart/templates/configmap-shibboleth.yaml
+++ b/chart/templates/configmap-shibboleth.yaml
@@ -75,7 +75,11 @@ data:

 {{ if .Values.backend.shibboleth.eduIDOnly }}
                <!-- Send user directly to edu-ID Identity Provider -->
+{{- if eq .Values.backend.shibboleth.eduIDVersion "test" }}
+                <SSO entityID="https://test.eduid.ch/idp/shibboleth">
+{{- else }}
                <SSO entityID="https://eduid.ch/idp/shibboleth">
+{{- end }}
                  SAML2
                </SSO>
 {{- else }}
@@ -135,7 +139,11 @@ data:
            <MetadataProvider type="XML"
                              validate="true"
 {{- if .Values.backend.shibboleth.eduIDOnly }}
+{{- if eq .Values.backend.shibboleth.eduIDVersion "test" }}
+                              url="http://metadata.aai.switch.ch/entities/eduid-test"
+{{- else }}
                              url="http://metadata.aai.switch.ch/entities/eduid"
+{{- end }}
                              backingFilePath="metadata.eduid.ch.xml"
 {{- else }}
                              url="http://metadata.aai.switch.ch/metadata.switchaai+idp.xml"

--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -158,6 +158,10 @@ backend:
    eduIDOnly: false
    interfederation: false

+    # "production" or "test"
+    # See also: https://www.switch.ch/de/edu-id/docs/unis/tech/testing/
+    eduIDVersion: "production"
+
    # Configures client-side session storage.
    # https://wiki.shibboleth.net/confluence/display/SP3/SessionCache
    sessionCache: