From c17f5c53ac92dbd21737c96f837b3c2932dbe07a Mon Sep 17 00:00:00 2001
From: madmatt <signups@madman.net.nz>
Date: Wed, 27 Apr 2016 17:08:29 +1200
Subject: [PATCH] BC: Update URLs for ITE and Production environments to
 support the production RealMe change on Sunday 01 May

---
 docs/en/ssl-certs.md                                   | 10 ++++++++--
 templates/simplesaml-configuration/authsources.php     |  6 +++---
 .../simplesaml-configuration/saml20-idp-remote.php     |  8 ++++----
 3 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/docs/en/ssl-certs.md b/docs/en/ssl-certs.md
index 9951a8a..c40d58e 100644
--- a/docs/en/ssl-certs.md
+++ b/docs/en/ssl-certs.md
@@ -9,14 +9,14 @@ Four certificates must be purchased by the agency - two each for ITE and product
 **Note: This is not required if using CWP infrastructure. In CWP, you should
 [raise a service desk ticket](https://www.cwp.govt.nz/service-desk/new-request/) to begin this process -
 CWP Operations staff will purchase certificates, install them, and invoice you for this service. These
-instructions are only necessary when using this module on infrastructure other than CWP. 
+instructions are only necessary when using this module on infrastructure other than CWP.
 
 ### Requirements when purchasing & installing certificates
 
 RealMe places some restrictions on which certificate authorities can be used, and also the type of
 certificates purchased. Of note, these are:
 
-* SSL Certificates must be purchased from either [RapidSSL](https://www.rapidssl.com/) or 
+* SSL Certificates must be purchased from either [RapidSSL](https://www.rapidssl.com/) or
   [VeriSign](https://www.verisign.com/).
 * When purchasing certificates, RealMe requires that three-year expiries are purchased and used.
 * The certificate bit length must be 2048 (this is generally the default).
@@ -70,3 +70,9 @@ When prompted by `openssl`, use the following parameters:
 | A challenge password     | Leave blank                            |
 | An optional company name | Leave blank                            |
 
+### Manually installing certificates
+
+If not running on CWP, then you must manually create the directory that the `REALME_CERT_DIR` environment variable
+points to. As well as loading the certificates that have been purchased into this folder, the appropriate public keys
+from the RealMe Shared Workspace must be added as well. More information on this process is available within the RealMe
+shared workspace.
diff --git a/templates/simplesaml-configuration/authsources.php b/templates/simplesaml-configuration/authsources.php
index 98811c5..b8f3d4b 100644
--- a/templates/simplesaml-configuration/authsources.php
+++ b/templates/simplesaml-configuration/authsources.php
@@ -86,7 +86,7 @@
 // ITE - RealMe Integrated Test Environment
 $config['realme-ite'] = array(
     'saml:SP',
-    'entityID' => '{{ite-entityID}}', // https://realme-demo.cwp.govt.nz/realme-demo/service1
+    'entityID' => '{{ite-entityID}}',
     'idp' => 'https://www.ite.logon.realme.govt.nz/saml2',
     'discoURL' => null,
 
@@ -107,7 +107,7 @@
         'capture_peer_cert' => true,
         'allow_self_signed' => false,
         'verify_depth' => 5,
-        'peer_name' => 'as.ite.logon.realme.govt.nz',
+        'peer_name' => 'ws.ite.realme.govt.nz',
         'cafile' => $_SERVER['DOCUMENT_ROOT']. "/mysite/certificate-bundle.pem"
     )
 );
@@ -156,7 +156,7 @@
         'capture_peer_cert' => true,
         'allow_self_signed' => false,
         'verify_depth' => 5,
-        'peer_name' => 'as.logon.realme.govt.nz',
+        'peer_name' => 'ws.realme.govt.nz',
         'cafile' => $_SERVER['DOCUMENT_ROOT']. "/mysite/certificate-bundle.pem"
     )
 );
diff --git a/templates/simplesaml-configuration/saml20-idp-remote.php b/templates/simplesaml-configuration/saml20-idp-remote.php
index 5d9837e..9bc3fc8 100644
--- a/templates/simplesaml-configuration/saml20-idp-remote.php
+++ b/templates/simplesaml-configuration/saml20-idp-remote.php
@@ -47,12 +47,12 @@
     'SingleSignOnService.artifact' => 'https://www.ite.logon.realme.govt.nz/sso/logon/metaAlias/logon/logonidp',
 
     'certificate' => 'ite.signing.logon.realme.govt.nz.cer',
-    'saml.SOAPClient.certificate' => 'as.ite.logon.realme.govt.nz.cer',
+    'saml.SOAPClient.certificate' => 'ws.ite.realme.govt.nz.cer',
 
     'ArtifactResolutionService' => array(
         array(
             'index' => 0,
-            'Location' => 'https://as.ite.logon.realme.govt.nz/sso/ArtifactResolver/metaAlias/logon/logonidp',
+            'Location' => 'https://ws.ite.realme.govt.nz/login/sso/ArtifactResolver/metaAlias/logon/logonidp',
             'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP'
         )
     )
@@ -67,12 +67,12 @@
     'SingleSignOnService.artifact' => 'https://www.logon.realme.govt.nz/sso/logon/metaAlias/logon/logonidp',
 
     'certificate' => 'signing.logon.realme.govt.nz.cer',
-    'saml.SOAPClient.certificate' => 'as.logon.realme.govt.nz.cer',
+    'saml.SOAPClient.certificate' => 'ws.realme.govt.nz.cer',
 
     'ArtifactResolutionService' => array(
         array(
             'index' => 0,
-            'Location' => 'https://as.logon.realme.govt.nz/sso/ArtifactResolver/metaAlias/logon/logonidp',
+            'Location' => 'https://ws.realme.govt.nz/login/sso/ArtifactResolver/metaAlias/logon/logonidp',
             'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP'
         )
     )