From b10d86d52123d1c4aab9f584739aed06ac700f73 Mon Sep 17 00:00:00 2001
From: Jj! <jj@unicon.net>
Date: Tue, 14 Sep 2021 16:57:52 -0500
Subject: [PATCH 1/3] move things about a bit for reuse

---
 testbed/authentication/directory/certs/ca.crt | 18 -------
 .../directory/certs/dhparam.pem               |  8 ---
 .../authentication/directory/certs/ldap.crt   | 18 -------
 .../authentication/directory/certs/ldap.key   |  6 ---
 testbed/authentication/docker-compose.yml     | 10 ++--
 .../directory/001_eduperson.ldif              |  0
 .../directory/999_users.ldif                  |  0
 .../{authentication => }/directory/Dockerfile |  0
 testbed/directory/certs/ca.crt                | 29 +++++++++++
 testbed/directory/certs/dhparam.pem           | 13 +++++
 testbed/directory/certs/ldap.crt              | 29 +++++++++++
 testbed/directory/certs/ldap.key              | 52 +++++++++++++++++++
 .../reverse-proxy/certs/star.unicon.local.crt | 30 +++++++++++
 .../reverse-proxy/certs/star.unicon.local.key | 52 +++++++++++++++++++
 .../configuration/certificates.yml            |  9 ++++
 15 files changed, 219 insertions(+), 55 deletions(-)
 delete mode 100644 testbed/authentication/directory/certs/ca.crt
 delete mode 100644 testbed/authentication/directory/certs/dhparam.pem
 delete mode 100644 testbed/authentication/directory/certs/ldap.crt
 delete mode 100644 testbed/authentication/directory/certs/ldap.key
 rename testbed/{authentication => }/directory/001_eduperson.ldif (100%)
 rename testbed/{authentication => }/directory/999_users.ldif (100%)
 rename testbed/{authentication => }/directory/Dockerfile (100%)
 create mode 100644 testbed/directory/certs/ca.crt
 create mode 100644 testbed/directory/certs/dhparam.pem
 create mode 100644 testbed/directory/certs/ldap.crt
 create mode 100644 testbed/directory/certs/ldap.key
 create mode 100644 testbed/reverse-proxy/certs/star.unicon.local.crt
 create mode 100644 testbed/reverse-proxy/certs/star.unicon.local.key
 create mode 100644 testbed/reverse-proxy/configuration/certificates.yml

diff --git a/testbed/authentication/directory/certs/ca.crt b/testbed/authentication/directory/certs/ca.crt
deleted file mode 100644
index 158140b15..000000000
--- a/testbed/authentication/directory/certs/ca.crt
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC0zCCAlmgAwIBAgIUCfQ+m0pgZ/BjYAJvxrn/bdGNZokwCgYIKoZIzj0EAwMw
-gZYxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxBMUEgQ2FyIFdhc2gxJDAiBgNVBAsT
-G0luZm9ybWF0aW9uIFRlY2hub2xvZ3kgRGVwLjEUMBIGA1UEBxMLQWxidXF1ZXJx
-dWUxEzARBgNVBAgTCk5ldyBNZXhpY28xHzAdBgNVBAMTFmRvY2tlci1saWdodC1i
-YXNlaW1hZ2UwHhcNMTUxMjIzMTM1MzAwWhcNMjAxMjIxMTM1MzAwWjCBljELMAkG
-A1UEBhMCVVMxFTATBgNVBAoTDEExQSBDYXIgV2FzaDEkMCIGA1UECxMbSW5mb3Jt
-YXRpb24gVGVjaG5vbG9neSBEZXAuMRQwEgYDVQQHEwtBbGJ1cXVlcnF1ZTETMBEG
-A1UECBMKTmV3IE1leGljbzEfMB0GA1UEAxMWZG9ja2VyLWxpZ2h0LWJhc2VpbWFn
-ZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMZf/12pupAgl8Sm+j8GmjNeNbSFAZWW
-oTmIvf2Mu4LWPHy4bTldkQgHUbBpT3xWz8f0lB/ru7596CHsGoL2A28hxuclq5hb
-Ux1yrIt3bJIY3TuiX25HGTe6kGCJPB1aLaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIG
-A1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFE+l6XolXDAYnGLTl4W6ULKHrm74
-MB8GA1UdIwQYMBaAFE+l6XolXDAYnGLTl4W6ULKHrm74MAoGCCqGSM49BAMDA2gA
-MGUCMQCXLZj8okyxW6UTL7hribUUbu63PbjuwIXnwi420DdNsvA9A7fcQEXScWFL
-XAGC8rkCMGcqwXZPSRfwuI9r+R11gTrP92hnaVxs9sjRikctpkQpOyNlIXFPopFK
-8FdfWPypvA==
------END CERTIFICATE-----
\ No newline at end of file
diff --git a/testbed/authentication/directory/certs/dhparam.pem b/testbed/authentication/directory/certs/dhparam.pem
deleted file mode 100644
index 73b8c1e61..000000000
--- a/testbed/authentication/directory/certs/dhparam.pem
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIIBCAKCAQEA7adhygsX/CvbcQBlSEKBmm0D0+hVfIttcftyFTuDPNok4yDJUBUF
-zzc7X/i3PUMzANhShBrngBaXbOhVk3QcjMC623TPhFmILx0r236+aQEUGnlwN73M
-RUFM6EblYgH4+E4nv+JLwzHdO72+qMAd92rtzVMiaDlCWghH6wdAFoasTsT6Posc
-F5T8WCkzFAZeVhNGRKPP6k3l2BjvRJzkwYMMJrxaIYznMEK6H5CYIqZcpeAB3d2B
-NaZXLxFCemLrSS16UHrH1modEe8yjrOaE5+ZesGAA9onsNRZkAJp0x/pRaO/+rHn
-Q5QVCQCzxY16UsLzH0q/P80xPMU7BMoocwIBAg==
------END DH PARAMETERS-----
diff --git a/testbed/authentication/directory/certs/ldap.crt b/testbed/authentication/directory/certs/ldap.crt
deleted file mode 100644
index 1e6c74550..000000000
--- a/testbed/authentication/directory/certs/ldap.crt
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC+DCCAn2gAwIBAgIUUjr8VSD3Ze+xx2wTk+B7wb2AMhEwCgYIKoZIzj0EAwMw
-gZYxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxBMUEgQ2FyIFdhc2gxJDAiBgNVBAsT
-G0luZm9ybWF0aW9uIFRlY2hub2xvZ3kgRGVwLjEUMBIGA1UEBxMLQWxidXF1ZXJx
-dWUxEzARBgNVBAgTCk5ldyBNZXhpY28xHzAdBgNVBAMTFmRvY2tlci1saWdodC1i
-YXNlaW1hZ2UwHhcNMjAwOTE0MjAzODAwWhcNMjEwOTE0MjAzODAwWjCBiTELMAkG
-A1UEBhMCVVMxEzARBgNVBAgTCk5ldyBNZXhpY28xFDASBgNVBAcTC0FsYnVxdWVy
-cXVlMRUwEwYDVQQKEwxBMUEgQ2FyIFdhc2gxJDAiBgNVBAsTG0luZm9ybWF0aW9u
-IFRlY2hub2xvZ3kgRGVwLjESMBAGA1UEAxMJZGlyZWN0b3J5MHYwEAYHKoZIzj0C
-AQYFK4EEACIDYgAES273bAjfhMOi5t6arQFMA80plxRnNx299spxYjVLxABp0JCZ
-fNxwCOxVCB1uBeHUAeUNgrh7bl5DL9rn5jEFfNUvLufU0VGzvcbsUqmKw+vGJtc/
-7zm1WytGncb2Ldc4o4GWMIGTMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
-BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUhEBnUCZo
-fZHO7R/hUHUgxEJgOOcwHwYDVR0jBBgwFoAUT6XpeiVcMBicYtOXhbpQsoeubvgw
-FAYDVR0RBA0wC4IJZGlyZWN0b3J5MAoGCCqGSM49BAMDA2kAMGYCMQCOY/jUx+qB
-kRQtDA+UF++/gI22HP8CVKrOA+9/xd68sowhlOoOK0MG22gc6gWVcicCMQCyRw8Z
-ydB2NE11uJFrUOu2NYZnFwiYzCrTBuJccUYn/HROMdGFnxqvWfkU5lpQptY=
------END CERTIFICATE-----
diff --git a/testbed/authentication/directory/certs/ldap.key b/testbed/authentication/directory/certs/ldap.key
deleted file mode 100644
index 4c8d1130d..000000000
--- a/testbed/authentication/directory/certs/ldap.key
+++ /dev/null
@@ -1,6 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MIGkAgEBBDBXf/9AHrnYIt5+nudUpJ9wUb4zg15/ixrAUzZ2kj8uBf+qJBakq5hO
-/V5/BV8AKAygBwYFK4EEACKhZANiAARLbvdsCN+Ew6Lm3pqtAUwDzSmXFGc3Hb32
-ynFiNUvEAGnQkJl83HAI7FUIHW4F4dQB5Q2CuHtuXkMv2ufmMQV81S8u59TRUbO9
-xuxSqYrD68Ym1z/vObVbK0adxvYt1zg=
------END EC PRIVATE KEY-----
diff --git a/testbed/authentication/docker-compose.yml b/testbed/authentication/docker-compose.yml
index 89881119f..1ed95975b 100644
--- a/testbed/authentication/docker-compose.yml
+++ b/testbed/authentication/docker-compose.yml
@@ -22,16 +22,16 @@ services:
       - "8443:8443"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
-      - ./reverse-proxy/:/configuration/
-      - ./reverse-proxy/certs/:/certs/
+      - ../reverse-proxy/:/configuration/
+      - ../reverse-proxy/certs/:/certs/
   directory:
-    build: ./directory
+    build: ../directory
     networks:
       - idp
     volumes:
       - directory_data:/var/lib/ldap
       - directory_config:/etc/ldap/slapd.d
-      - ./directory/certs:/container/service/slapd/assets/certs
+      - ../directory/certs:/container/service/slapd/assets/certs
     environment:
       LDAP_BASE_DN: "dc=unicon,dc=local"
       LDAP_DOMAIN: "unicon.local"
@@ -52,7 +52,7 @@ services:
       - reverse-proxy
       - idp
     volumes:
-      - ./directory/certs/ca.crt:/opt/shibboleth-idp/credentials/ldap-server.crt
+      - ../directory/certs/ca.crt:/opt/shibboleth-idp/credentials/ldap-server.crt
       - ./shibboleth-idp/metadata/dynamic:/opt/shibboleth-idp/metadata/dynamic
     healthcheck:
       disable: true
diff --git a/testbed/authentication/directory/001_eduperson.ldif b/testbed/directory/001_eduperson.ldif
similarity index 100%
rename from testbed/authentication/directory/001_eduperson.ldif
rename to testbed/directory/001_eduperson.ldif
diff --git a/testbed/authentication/directory/999_users.ldif b/testbed/directory/999_users.ldif
similarity index 100%
rename from testbed/authentication/directory/999_users.ldif
rename to testbed/directory/999_users.ldif
diff --git a/testbed/authentication/directory/Dockerfile b/testbed/directory/Dockerfile
similarity index 100%
rename from testbed/authentication/directory/Dockerfile
rename to testbed/directory/Dockerfile
diff --git a/testbed/directory/certs/ca.crt b/testbed/directory/certs/ca.crt
new file mode 100644
index 000000000..e05f05fe2
--- /dev/null
+++ b/testbed/directory/certs/ca.crt
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFCzCCAvOgAwIBAgIULEwEJFwT49CiSPKOA5EHGVKGl0gwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJZGlyZWN0b3J5MCAXDTIxMDkxNDIxNDMwOFoYDzIwNTEw
+OTE1MjE0MzA4WjAUMRIwEAYDVQQDDAlkaXJlY3RvcnkwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQC+/SikxGUFYUiKjghLFPRMaYLZUHyOMWOyCIQSkZrt
+Si6llB7JhN+tCaFgibPSNrKzOpF7IRJBlaEMAKN47Fncy7uGPg/3KEtuCLRUxbYv
+1LgjZl2J0w/SROYIX0bsMEuThojaIxuv4D1fdaF3S7/sKnXywIncZtAqMhISiC9q
+Kq9xT4twiST7SDPY/u3pdVdAjBg4R5XlF69XWtKaeCoEup9lgvyLT5dQBxdA3q3N
+Af8UnpgZjHPxa6na7BjXwOyy7uzlUmTd/M0UMHuAreCBXMJrfrVBTnFYKyPtDYAP
+mFacA+lsX0a5QjOMIP0JW5dYAKw8SFU9rzGcqdB/a2mZwxvmrY5CFVI8SZho1JK8
+y4O3HQbzrqQ3b+t5UyZt1VnCDalAZyAP+Fp0TPhlIjQpm0hc7UVyhVuDAJJeV6Sk
+TyAf8othu6wREsaOkfSNwrSGVX7CMxjXxEAIQfqaLfB7xAMc7mwUn/Lac6I6L2+w
+a3Ds9xwpSoxHEAYVAJmpAtT8FFh5i0Fk6wqhUIO8IP5az7ATn1Q8MnYS/Mvne5JN
+/6L2CABqz0ZDzqHosTQLZ1qEBO+mhXyWsE7Pc4Ky+pmTh8xsP356nLkchvBTUlYp
+BzsBG+bDCNy8mQ0z+0oEngdZgTKYK+CqejDe0iOPw/ICkh3eImyQEa3m8qep+X78
+kwIDAQABo1MwUTAdBgNVHQ4EFgQUvNYYG2Stq3PcKD3IT3GlG64ma6gwHwYDVR0j
+BBgwFoAUvNYYG2Stq3PcKD3IT3GlG64ma6gwDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAgEAaai3vJuEsDOIX74/byY50cMmqRo+lBZuPBZANJjaKSn3
+LORSW4PqwYfyzUkdw68dj2FPNmmg9p0xmSS1eMala2PW7UGwImjcmhV+YfdP15VE
+t5FcaLvi32SfSyu9PWpRRyP2ahSzaM75HWMMKfbdzgGDGOkU6UIwKyWsO5UApjQ8
+b+w5IMAK9YvmuQGaaXePDM8sFM3+NQBvsdqnsCefxx0j8FmjF3PjpTmdcm4Rlk8E
+yVigb/txwmKdJutcEeFWOnQVNxWugLmYW8P/s5W5IgpIm/8wdEz1bXXV0qGD/LgL
+Rhr68OtmFoVp+C6Yf0fDS1yCtmkYlO+RyYtAMOv0G29Xe+MzLQW42fAHXvBGYh/0
+F258TLHjZDOs9nHIc4lQfT7k/MusY4g9RfYSXx8Ts7kXyfyGfj6D5E/kutfXQlH3
+DYjQ/B69dhU7bkEX8nc1xwzHU18pa+APbXqjaU3JewdxY6n+PIGN4ZLZrJ3zgNRj
+tGykxlnPg8oAX3HX+ssh1OpU5VMPR+4hOdJkajk6U5Oyv77h4gsbUGCIGXC+0reA
+k/jHoSCloifgQ4F3WdDGjPlWO6Hgvy2/KM+JqBX/9nF/Dc0bGfa3mmYXK56xQCPb
+pNd6h2elVtlmt6iZgs4WA1uCwira5p0VCCutHgeGyWK4cAE60MFdRnzRZ2r1GuU=
+-----END CERTIFICATE-----
diff --git a/testbed/directory/certs/dhparam.pem b/testbed/directory/certs/dhparam.pem
new file mode 100644
index 000000000..0ad3539ed
--- /dev/null
+++ b/testbed/directory/certs/dhparam.pem
@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEAivlNnloXfNvrvjLMALDtw4/H330xGfEZkO88vBG30xfDB8930JF/
+dpOQNB2lXhtyoCA5FYLI0Ml8VRzASR0nmVsjg1jqycRSZtPEUCyU5KLenWJerThQ
+PCPPHgM9JNfSb9GVEnyBubgTJrRjRr0Fq6/T+sHI1DVFgrIcr1iIpwjzv6AtJ4GX
+7ff3QxRI5wJ9EgSqGmyAZBBP91hvg702sENAru3TxL92uBY7yx1isr4Uo4v/CE/6
+DY9q5hEyVWZzb49msZ7WXiMvVwgH2P68O90x/Dzom27mQuutW0a5sHWLFvR6RzHl
+f2LDO1uFl4RifVFUe2PNXbeb9KGTFx+4HFWPojYR2L1UlE+f1fdwh8PAPB0xBTgn
+jMYra0dIJcCc9Mg/PbwJ9LMkIW7APuEvx90PlCmPs2ZI67EPAKlnDDtFsI6H0Sv8
+mAZt4oMBHFZoK2+4dcjLtDaqz8Stx9ICTFqk1YETcRlK9TQDRO0ngtkQJoKJtM7F
+sSP/4LcX67Nd3aE9bSY977JQec6KTGXJCa2/dIIruni3p6oFmHzSlXH+TxbtaLku
+VtYDqzRYR9vG5fsanOJlacoDpBtDEMlRVg+d5v811Z4cEH1RbEy/diGGEM/8DAxq
+F5S9tqzQa7tk/1IuQX9SQcBWDmXEL76L8cxijmEeK1bRH9XwNLMjyEsCAQI=
+-----END DH PARAMETERS-----
diff --git a/testbed/directory/certs/ldap.crt b/testbed/directory/certs/ldap.crt
new file mode 100644
index 000000000..e05f05fe2
--- /dev/null
+++ b/testbed/directory/certs/ldap.crt
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFCzCCAvOgAwIBAgIULEwEJFwT49CiSPKOA5EHGVKGl0gwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJZGlyZWN0b3J5MCAXDTIxMDkxNDIxNDMwOFoYDzIwNTEw
+OTE1MjE0MzA4WjAUMRIwEAYDVQQDDAlkaXJlY3RvcnkwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQC+/SikxGUFYUiKjghLFPRMaYLZUHyOMWOyCIQSkZrt
+Si6llB7JhN+tCaFgibPSNrKzOpF7IRJBlaEMAKN47Fncy7uGPg/3KEtuCLRUxbYv
+1LgjZl2J0w/SROYIX0bsMEuThojaIxuv4D1fdaF3S7/sKnXywIncZtAqMhISiC9q
+Kq9xT4twiST7SDPY/u3pdVdAjBg4R5XlF69XWtKaeCoEup9lgvyLT5dQBxdA3q3N
+Af8UnpgZjHPxa6na7BjXwOyy7uzlUmTd/M0UMHuAreCBXMJrfrVBTnFYKyPtDYAP
+mFacA+lsX0a5QjOMIP0JW5dYAKw8SFU9rzGcqdB/a2mZwxvmrY5CFVI8SZho1JK8
+y4O3HQbzrqQ3b+t5UyZt1VnCDalAZyAP+Fp0TPhlIjQpm0hc7UVyhVuDAJJeV6Sk
+TyAf8othu6wREsaOkfSNwrSGVX7CMxjXxEAIQfqaLfB7xAMc7mwUn/Lac6I6L2+w
+a3Ds9xwpSoxHEAYVAJmpAtT8FFh5i0Fk6wqhUIO8IP5az7ATn1Q8MnYS/Mvne5JN
+/6L2CABqz0ZDzqHosTQLZ1qEBO+mhXyWsE7Pc4Ky+pmTh8xsP356nLkchvBTUlYp
+BzsBG+bDCNy8mQ0z+0oEngdZgTKYK+CqejDe0iOPw/ICkh3eImyQEa3m8qep+X78
+kwIDAQABo1MwUTAdBgNVHQ4EFgQUvNYYG2Stq3PcKD3IT3GlG64ma6gwHwYDVR0j
+BBgwFoAUvNYYG2Stq3PcKD3IT3GlG64ma6gwDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAgEAaai3vJuEsDOIX74/byY50cMmqRo+lBZuPBZANJjaKSn3
+LORSW4PqwYfyzUkdw68dj2FPNmmg9p0xmSS1eMala2PW7UGwImjcmhV+YfdP15VE
+t5FcaLvi32SfSyu9PWpRRyP2ahSzaM75HWMMKfbdzgGDGOkU6UIwKyWsO5UApjQ8
+b+w5IMAK9YvmuQGaaXePDM8sFM3+NQBvsdqnsCefxx0j8FmjF3PjpTmdcm4Rlk8E
+yVigb/txwmKdJutcEeFWOnQVNxWugLmYW8P/s5W5IgpIm/8wdEz1bXXV0qGD/LgL
+Rhr68OtmFoVp+C6Yf0fDS1yCtmkYlO+RyYtAMOv0G29Xe+MzLQW42fAHXvBGYh/0
+F258TLHjZDOs9nHIc4lQfT7k/MusY4g9RfYSXx8Ts7kXyfyGfj6D5E/kutfXQlH3
+DYjQ/B69dhU7bkEX8nc1xwzHU18pa+APbXqjaU3JewdxY6n+PIGN4ZLZrJ3zgNRj
+tGykxlnPg8oAX3HX+ssh1OpU5VMPR+4hOdJkajk6U5Oyv77h4gsbUGCIGXC+0reA
+k/jHoSCloifgQ4F3WdDGjPlWO6Hgvy2/KM+JqBX/9nF/Dc0bGfa3mmYXK56xQCPb
+pNd6h2elVtlmt6iZgs4WA1uCwira5p0VCCutHgeGyWK4cAE60MFdRnzRZ2r1GuU=
+-----END CERTIFICATE-----
diff --git a/testbed/directory/certs/ldap.key b/testbed/directory/certs/ldap.key
new file mode 100644
index 000000000..3756f05ce
--- /dev/null
+++ b/testbed/directory/certs/ldap.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC+/SikxGUFYUiK
+jghLFPRMaYLZUHyOMWOyCIQSkZrtSi6llB7JhN+tCaFgibPSNrKzOpF7IRJBlaEM
+AKN47Fncy7uGPg/3KEtuCLRUxbYv1LgjZl2J0w/SROYIX0bsMEuThojaIxuv4D1f
+daF3S7/sKnXywIncZtAqMhISiC9qKq9xT4twiST7SDPY/u3pdVdAjBg4R5XlF69X
+WtKaeCoEup9lgvyLT5dQBxdA3q3NAf8UnpgZjHPxa6na7BjXwOyy7uzlUmTd/M0U
+MHuAreCBXMJrfrVBTnFYKyPtDYAPmFacA+lsX0a5QjOMIP0JW5dYAKw8SFU9rzGc
+qdB/a2mZwxvmrY5CFVI8SZho1JK8y4O3HQbzrqQ3b+t5UyZt1VnCDalAZyAP+Fp0
+TPhlIjQpm0hc7UVyhVuDAJJeV6SkTyAf8othu6wREsaOkfSNwrSGVX7CMxjXxEAI
+QfqaLfB7xAMc7mwUn/Lac6I6L2+wa3Ds9xwpSoxHEAYVAJmpAtT8FFh5i0Fk6wqh
+UIO8IP5az7ATn1Q8MnYS/Mvne5JN/6L2CABqz0ZDzqHosTQLZ1qEBO+mhXyWsE7P
+c4Ky+pmTh8xsP356nLkchvBTUlYpBzsBG+bDCNy8mQ0z+0oEngdZgTKYK+CqejDe
+0iOPw/ICkh3eImyQEa3m8qep+X78kwIDAQABAoICADYKjCWTLMKI9G3AIricBURZ
+1pyHGbdiYkNOBZD7gksCYpCXiN6cqm3b+73FOQySTZ5JREEC6peELz2mMJtWxVak
+jzs89GeLD0zjSaNzDkoadsANhwoonqFwvWZBD2Blif0EZFTU+lCZssQAFOAcnwHE
+QfueX2Pt85j88gAsaL4xtdLqHxqIs94mYAVWnRsiCL5K5c+G8fMQ8JxXJqBuv/T2
+mYOvvKXur3IFj57bY3JOzk6XUZJpG6WEQVug0qa6AD/hO0boOYJWtfCwh0Gx8YSp
+KpogEEmaWJgKHPBGkaXYBSnAMZxomSpygQN1kiPDtt8/0Xx9OyFpITCjHEvxqL9L
+7ce0hebPoG7Ry+QD7YmeERzpdTSEulYywdeoRJMHQtH7AknH1xf77xYC7qGbCeRg
+y9TMTQIt8f5gVcFBQlfEoNf+k5Z1LFHG0TpAGrOhy9KFurd+t3PLQAolsjtCA0NS
+C366eztBCvQzdOyA70tQoEmbZer5s1AedqsfcSL1aaYm5DmpbfG33y3TLgV7Rl4r
+O0jrtXneLSox6ew99hjYuqg1HOTQC5DMPT9KmfqZJQUBNxlpgqIyFOzZp0ooDKWY
+6zEdgZLVd3vzX6Q5U7xpMR4/5rypPDtV9KnJxvfptmCK8cygmgFnmoLvuqvnb0k4
+Id/dY0nmBVZQvpdyRwsBAoIBAQDt5AwWhAnwSQRW7NSBltqx5pbDe27/Pl3HgrbC
+3WU2sTyCyP6aeCj2wOWWsxQ4AKqGrWuUXUIQHsLJOo1+SlomMUWw+4Gw0ciYNDu3
+b+ZhUQAaM1QqnwVGOJwuEnM/AgG+V7aeuh8S044SW+G5YiHn8rSzsYk8OynEiOoV
+E/qT66Jaljgl7+KNiQL1stdEHwnK3PwJOyFciZI4DVGumywwZHJT5230AO+MqcHN
+5E7s4JQhTOcy7iwPCGLAe63FMWo7Lai2ApHVdXMSjmgVYKHxZo6NlsvpXNipQmCe
+rdW7VCpTChpt/CGQ8I0JNwd0QmjKxEOfkp7xFi+7iEfH6BAJAoIBAQDNhxmCT2tQ
+AfNxv9Hzw18tyV8nmMyOD45gu6rKNTgqnZIpoT12gCV5OB9cTvje/5j/LU8b6012
+gUZCG+90XF+1vFFRhr/k0q1gr+gmbrwxBghO/bflz+5JL4w/P9QLcgwr5ewVBkGV
+3yu2MAmGrU4EjDb/ZFpDWgjzCw+q2yD6xoM+XU49O+4TDq6q1PidGGTgP7UyuWMD
+U/rtjOmgULckA4bMi3zJ0OnoGR/uq1RmmjYLAZQ+Ea22YZuLp1OhUsS41yusIAS7
+otd3+jikqa/FBZnbxb3qXZdC19xwepYG8qf7w+LfJ28Lw9GIdcJfp9xh0BsS0lTW
+KqbJRwdmZpa7AoIBAQDD+va2aeriKNVJY2yiogvjOcuEmiDUaKXLonU8TjZ++z6V
+pE6UJV/iAQJjx35lsK7Lqv0Qyk+NhjoEm5dLrqdcBYWbi2fJqtouAgIcWjSagaeq
+7hRt1Hn84tBP6GVHSDj1fb92PnExClZl64onNqAmPT3/N8iOdVMwlXb7DG2IBTzI
+ki8JmfmzjmeA0OglN8jSdoGwfSU73h42zUo4pZ+e8nF5jBR6S3cOFCAUpf0bitye
+HoPt4mcrr0Xju0BqTw5sWG5AHBfWmh7F78nxqp1fiZTxMoUk6JeZwZRlxWJqJKmF
+pbImX+urQ3F9YPdkIP3B5jSrtpf4l8WVIm24VAc5AoIBAQDLJcBXBz0hBeylAF77
+vJ71WNePAf8eY83tW1HDMLtlk/4G2/MukBd6K7kDuqNPeAC4KQbKp9gXTEwvyAD1
+WODZd1xBYxmFiaAJs5WZd1bYdgf8W9hLdS0odbEAS4zCC2ZwdYDWfyqQgthn6i9g
+SSiWYilyYrS9Yd76rHI+BP4iIdlT6VIOQJBfkeGfxYY/cP80kIP/sTJm9blO2DuM
+VHvRQxMYVr9vk+m/miXv+LUh/UdxtYvblgnH/c6LSUbmbDM6KKRoK/XBqYGke1VF
+nNu5uIGNs3S2lO+QCGFBZEmqcGsN9V7oB8hBLrqLUSpg9kBlBhfckL1+OwZEaMqt
+srVFAoIBAQDG6mVeZ6IFBXVk0exij4DIeLHBeEQxnDKK9B7JgsmeaNKU1CFxJbUT
+zOM0IsSpxExI2NdkShjHOTlCz43D+EBjpTc7+hLQeUBl8FTamegeU3ACiAuahQoS
+PcNNmFGy1e2eNtP839X+39k5fciSvgY3FF58czNeYv2XQemS07IIll+9nV/j+Bsg
+Fd2M/Oj2DIcXSE+9OnyIyC0smhXwR8dPhJOPH9C/ww4oQOgVYthBAehSBtiUle7v
+qeG1QtF+ODvw94nUxtuesuZ/juHSxqtKXRm+Nho7Do4U9wXhAg5w4rzKZU3yMW/k
+Fq6aGlx2+ZhVYPYkzyQGiiPhkx0V1T2d
+-----END PRIVATE KEY-----
diff --git a/testbed/reverse-proxy/certs/star.unicon.local.crt b/testbed/reverse-proxy/certs/star.unicon.local.crt
new file mode 100644
index 000000000..efd24fe9f
--- /dev/null
+++ b/testbed/reverse-proxy/certs/star.unicon.local.crt
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFFTCCAv2gAwIBAgIUFsOsEwK1AdLuTYYEGCNzC9hIElcwDQYJKoZIhvcNAQEL
+BQAwGTEXMBUGA1UEAwwOKi51bmljb24ubG9jYWwwIBcNMjEwOTE0MjE1NDU3WhgP
+MjA1MTA5MTUyMTU0NTdaMBkxFzAVBgNVBAMMDioudW5pY29uLmxvY2FsMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnzMWyelX4++Z8iS8KuIJtroJvPsl
+ZbVnh/T5TH2g1t7xkyYBaj2xOq5yUuUqJxw0sRpo3m3R5oUUeacTmEFr0N5tVSZe
+vDohH1tjJGgz4YBDMxiN//jVCWs10K0HFdQW/t5xRY8Ahjl1R/1D+NX/jKgUKTQn
+1EhH1ik8D2MiTvsFDjqI1mHjfsXjF0SZKp39bLNHSuR+STyRph8F/o5CEr6phYc2
+i9DBKYvHwyWUxHzC/STuWwHPtBq/8jmpQSoEmtjOCt3Dv4czEPa0S2nHnvQyt3Fm
+Tb0l7xjdGJrCkt2h1ImP5xvdCDIBIfQnDmPA4wb1LFutRNYjQsY2zujAm7rMxJxB
+Bp4EJHz94uKSk8FwhR7jO1BmLuKixKKetvgahOlp2VY0YD+NmZ7sKeKxqGvbiDyf
+elQu4EEUSWDg0EPLFpM4WSrTKeMVxXkkT8BeLrg+VvUiB77aKkshcV67Tah2lPAg
+dm78wvYT37buqJoJps8mfztiy8t0D412gtDDfTeV3wjX1w3enKARKG53yKtaQRcD
+Uax3l/wajrAJX4anzUuJ5T5Jyg/4GSI0OQBfov56pNhaKxuvzBZnwS4qys6eLWei
+qsRzqaoszX/sXkgY2BQDQ6b/gXPvY7W30kRByHd23+baSs/80ANU2tBxNs2ynAMd
+etqA1Xu1e4ODt/cCAwEAAaNTMFEwHQYDVR0OBBYEFFrAjKwSavl2E88gmTdft4bB
+3DtxMB8GA1UdIwQYMBaAFFrAjKwSavl2E88gmTdft4bB3DtxMA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAAd98df4O+gSk7JCT5E1QDcOTQ0w25wp
+gWE8+a4fElc7vyz5P4EEs5tpDTLfAanSLrASxnFSmRqPCrW9HV/mFAPdK9MLRgG5
+XLcjATbHgcXD071MsPJ2hO6sCPS+7LSE72873Dp89RBDNCb0pQb/4iMN0Y5BKznR
+oklrWMAIr+0Ei0iBuPHyHgIMCco9a+5kwMxzhhSVYRY03pHjavo3kRXY86UMeDVx
+1v122/Y5GS6ohegnkRI2QKwn/3KgOTa4f33oFk69yOSDLu7c1pzJoLgYMzKg7mTO
+iPW2rhZDY+JXXYnHZmFPLgA5FqBxAnrE7wnIM8DFEMrmETNf7PRwfzFjjuYuGdSV
+YZisBMjVkLJzX06tVK7OAmVkwzFWp+4P7XgD6NqvH84I+2A1on3kK7gOgqI/oMhE
+VxpanKSuzjlEVtlxjSAyv7Y5nrwwEsuh7Nas+RboxTJRSzws7mi8F62QxYVz6S8D
+K3cHfYcJXKRRpmpMGnau+Jb1Rf9eftm6kRO1qdjg6FV0iIidB2bO8dkt/me2kpD7
+hWASggtuW7CLHj+kztPOitAoImCQtk1QM17bMFxXyqlP3twOpnYXFdSTTM5qvAqy
+rzrMHDtSL9gON7Iy5La9Q2imw6+jjxM6Stei1XWmI2BhIJe175NeVWxak6j2ZOvh
+tEQh89PhqUVL
+-----END CERTIFICATE-----
diff --git a/testbed/reverse-proxy/certs/star.unicon.local.key b/testbed/reverse-proxy/certs/star.unicon.local.key
new file mode 100644
index 000000000..8aec397bd
--- /dev/null
+++ b/testbed/reverse-proxy/certs/star.unicon.local.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCfMxbJ6Vfj75ny
+JLwq4gm2ugm8+yVltWeH9PlMfaDW3vGTJgFqPbE6rnJS5SonHDSxGmjebdHmhRR5
+pxOYQWvQ3m1VJl68OiEfW2MkaDPhgEMzGI3/+NUJazXQrQcV1Bb+3nFFjwCGOXVH
+/UP41f+MqBQpNCfUSEfWKTwPYyJO+wUOOojWYeN+xeMXRJkqnf1ss0dK5H5JPJGm
+HwX+jkISvqmFhzaL0MEpi8fDJZTEfML9JO5bAc+0Gr/yOalBKgSa2M4K3cO/hzMQ
+9rRLacee9DK3cWZNvSXvGN0YmsKS3aHUiY/nG90IMgEh9CcOY8DjBvUsW61E1iNC
+xjbO6MCbuszEnEEGngQkfP3i4pKTwXCFHuM7UGYu4qLEop62+BqE6WnZVjRgP42Z
+nuwp4rGoa9uIPJ96VC7gQRRJYODQQ8sWkzhZKtMp4xXFeSRPwF4uuD5W9SIHvtoq
+SyFxXrtNqHaU8CB2bvzC9hPftu6omgmmzyZ/O2LLy3QPjXaC0MN9N5XfCNfXDd6c
+oBEobnfIq1pBFwNRrHeX/BqOsAlfhqfNS4nlPknKD/gZIjQ5AF+i/nqk2ForG6/M
+FmfBLirKzp4tZ6KqxHOpqizNf+xeSBjYFANDpv+Bc+9jtbfSREHId3bf5tpKz/zQ
+A1Ta0HE2zbKcAx162oDVe7V7g4O39wIDAQABAoICAAJ67Eb3AKyHZhGUqu3MGbSk
+D1THYNzFx7ghg+TCLEhMrtzJAcqi7WjpoNRTx6VWVifQLoQQl+2MczY1+SMtGb3m
+STPDZkRub2eqp8/AY9aGhgV8w3GScdc0uWDn4S1g4X7U/lTEFpEAwif99RoiU1ng
+oHfH3Tr8aUoX2FyxAa7TUE/Zb5pPahjmglQxeGVmkrUn0duD1cfUTryUzSYbF0Jt
+f/yZj6r79JZuHA2ZP0kUXIFPGvuF+rNmm0jtxwpB2lKDQCqBK/SG6a/A+CwYmMiM
+K2IaPSrG4Jlp/L/OYWuiUkwaXIiQMZBYHxZlVFpwCWhACn/Hadqhr2jx55avn5iH
+NPHGJiUuSkF4p183tUyYY2aDptu5cGQk4WpfiQjzt/FIkQDx8KF3eE4ZVMYT4mV2
+wPJE+Yg4dO+704uceoM/J5BwWQEUuUtNIlWIRogOYkjQzuMi9zyGu9uIFi5+JNb9
+LpNORfTWNOTYasEi9/v8+RxwSZ6FR2/MZaroU8kXljTgqhomP35gERlwB/yAjQxG
+C9tO4lJwGfzyVMTU6x2R7mcRaiUSNIZ1AMN86JX+Z+RG+rGGNAEreu/osklscPxE
+dhtPbi0FJzJl+bfW+9JWX7VkwNfA1Np/zqSydEI3dTwwe9ibAQ9QiAgkMbfeqIBX
+G3hZLoqowGvtLeypbaxBAoIBAQDNYaIMjDFknqIAwVYkJXVyRA1qDsITBQJ5111+
+eHfRaEvnq+ksTRP1K6VAKM1RgGTRlTlMC+qthp1MWJrWT55d35+XS3JMUcrAB85k
+P8hIJSe/zaiiI+KhRxF2ABSxdty/QPyfcvPXelGPlf7mbumGlTzPoiFwvzhTVqi3
+nSWWVVX8X5+PP0v1jGEHbTmdGOg9g22fiitEW4iovSUM/wRtT+bpEQlTKC7fwiaP
+DN6XCTG3GRQZrPuiTGXrvyMYmAbHfImqYuEiwm0hXiqdxfB1WfmVZ0qMmrpzL9mc
+HqEZraIxemSDNCxtDj/V4n9F0Pvs4ow5yEnFyxl8+FjtKpHhAoIBAQDGb6ctMByT
+DM87lhgh1pn/8VGU5K1RaMzPtMXuY84htTsixFQ4jW7d3y3hLVHfDVJbvSaXXVp/
+gNk0mbkQ7gkcoJja99Ohe5kzMWcB0iRzX5ceoFWZ22uUU5g4Pg0cwscogPGdVjoW
+sxKLczVhpN2tIVFTf6aHtBroU7wWHTVEorDquy8W5VzRvuzVNjpnrGXL1PtmA7m7
+f1a0eHN+cknJXarBcngJ0nVyGT2gbJSVfuPlmhrs7gg87zYeEqXs2gwgnM67HxRE
+nYp4Or/K6qx1NcaPGTadYC5kANrP5L7nBJEoI9MvFBx7qvJop799fqHHCN05sH+8
+7rtXyXX+UbTXAoIBAB64iu/LjJvbaqooQUVY4Q99hHAn0vnbVvp4r4B6bpnBOxFl
+UpSQ1vpmU+qb79JQHUSISLDKW4knSKIh4s9Jy4uJJqsP2wH1fhlpUYMHU2MPQ7nZ
+/m56ZazwH3mCG5ZMDEsDYoZLQJQrtMWAj0dSsdWyvwzj2JKv17IHlWcZt4ScMSd1
++j0IH8mT/POKcALCtgJ1hVFG7p/j/TYYTNF71+KuAAE+ziFFMnW/6dqd9zGqa2hS
+9QG+MUmemeRAi/Ri0SjHxSPadIipgn9qQX+mGwjCs6WYdLtBbcBLGQbUQg7APTGf
+eCd0B20so3nPzm/YCcbuQEFoZziR37ckwtB+/KECggEAOEs0gf1EHfNkVuMdtXvL
+9G/hVPwKry2r7MC75gUqVSW0wQgxXFnDOe42dcsFjuGYm63tZMN3CPTkqadyePsO
+WrC0rGnh/82wiHVbY4jaDmDv3iBeKGe2/T050brIvYAEP9lUse3kTMxAVo84dZrv
+yE3LZISyGY1elMoscZmXowEEb5LqqPQogNhJF7Nqnj6qIkkpiKdF6YsWbdw954FE
+rXuFFZwDscWiy9udQAWNoVt+C4TMXqqoa6DxGVbw+2BgUGArxanrdgu7XKBOCKLK
+ifXXfoEInVzLzFLxwEiEX8VL6LdBEfoCmpLEciwkhtWFz5EUMWmA03hmbWEZuCw1
+wQKCAQAxLN0Q5TbiXic6sfesSrwLNrK1l6eSj6+fetYWZNrKLPXRWzuplOCWziOx
+7qw0QQ0UM99WEhfsFX9fdfKwdd2w0QBvYjNxvmLmnQlA2KKKW3C26rKAYg+uO/B3
+ZY6H/regllbArysm/fBL+Zv9u1qL9t7dZNMAkBZApTfCkym9NPc5APQV4KMVRcMu
+bMF+N0AabPLbBQtKl9wwoxa1eMxvS9uYIySK/3RZMu+JuuAm+QweJhBixdJ1ao10
+MLd83NCb5wn2nMSECBvizO1I9nxwoBw5RaGFyr6eEA6Vg7ciGdJxznUTdcCZ6dkI
+ev8pvFafpDvSERVPbzkDg0bjNho3
+-----END PRIVATE KEY-----
diff --git a/testbed/reverse-proxy/configuration/certificates.yml b/testbed/reverse-proxy/configuration/certificates.yml
new file mode 100644
index 000000000..88abe448d
--- /dev/null
+++ b/testbed/reverse-proxy/configuration/certificates.yml
@@ -0,0 +1,9 @@
+tls:
+  certificates:
+    - certFile: /certs/star.unicon.local.crt
+      keyFile: /certs/star.unicon.local.key
+  stores:
+    default:
+      defaultCertificate:
+        certFile: /certs/star.unicon.local.crt
+        keyFile: /certs/star.unicon.local.key
\ No newline at end of file

From 6150b4fe37afaec19ac5eb6b5dce19a9b5c41592 Mon Sep 17 00:00:00 2001
From: Jj! <jj@unicon.net>
Date: Fri, 8 Oct 2021 09:49:38 -0500
Subject: [PATCH 2/3] initial integration

---
 testbed/integration/cheat.html                |   73 +
 testbed/integration/docker-compose.yml        |  103 +
 testbed/integration/shibboleth-idp/Dockerfile |   25 +
 .../config/shib-idp/conf/access-control.xml   |   68 +
 .../config/shib-idp/conf/attribute-filter.xml |  160 +
 .../shib-idp/conf/attribute-resolver.xml      |  270 +
 .../config/shib-idp/conf/cas-protocol.xml     |  112 +
 .../config/shib-idp/conf/idp.properties       |  226 +
 .../config/shib-idp/conf/idp.properties.dist  |  226 +
 .../config/shib-idp/conf/ldap.properties      |   61 +
 .../config/shib-idp/conf/ldap.properties.dist |   61 +
 .../shib-idp/conf/metadata-providers.xml      |  103 +
 .../config/shib-idp/conf/relying-party.xml    |   78 +
 .../config/shib-idp/conf/services.xml         |   70 +
 .../config/shib-idp/metadata/idp-metadata.xml |   36 +
 .../config/tomcat/catalina.policy             |    0
 .../config/tomcat/catalina.properties         |  150 +
 .../shibboleth-idp/config/tomcat/context.xml  |   36 +
 .../config/tomcat/logging.properties          |   64 +
 .../shibboleth-idp/config/tomcat/server.xml   |   22 +
 .../config/tomcat/tomcat-users.xml            |   44 +
 .../config/tomcat/tomcat-users.xsd            |   59 +
 .../shibboleth-idp/config/tomcat/web.xml      | 4684 +++++++++++++++++
 .../credentials/shib-idp/idp-encryption.crt   |   19 +
 .../credentials/shib-idp/idp-encryption.key   |   28 +
 .../credentials/shib-idp/idp-signing.crt      |   19 +
 .../credentials/shib-idp/idp-signing.key      |   28 +
 .../credentials/shib-idp/inc-md-cert-mdq.pem  |   28 +
 .../credentials/shib-idp/sealer.jks           |  Bin 0 -> 518 bytes
 .../credentials/shib-idp/sealer.kver          |    2 +
 .../credentials/shib-idp/secrets.properties   |   14 +
 .../credentials/tomcat/keystore.jks           |  Bin 0 -> 3840 bytes
 ...0bfe6fa4495100f5c193fa5b7ca4192c150923.xml |   25 +
 .../shibboleth-idp/wwwroot/robots.txt         |    2 +
 testbed/integration/shibui/application.yml    |   20 +
 35 files changed, 6916 insertions(+)
 create mode 100644 testbed/integration/cheat.html
 create mode 100644 testbed/integration/docker-compose.yml
 create mode 100644 testbed/integration/shibboleth-idp/Dockerfile
 create mode 100644 testbed/integration/shibboleth-idp/config/shib-idp/conf/access-control.xml
 create mode 100644 testbed/integration/shibboleth-idp/config/shib-idp/conf/attribute-filter.xml
 create mode 100644 testbed/integration/shibboleth-idp/config/shib-idp/conf/attribute-resolver.xml
 create mode 100644 testbed/integration/shibboleth-idp/config/shib-idp/conf/cas-protocol.xml
 create mode 100644 testbed/integration/shibboleth-idp/config/shib-idp/conf/idp.properties
 create mode 100644 testbed/integration/shibboleth-idp/config/shib-idp/conf/idp.properties.dist
 create mode 100644 testbed/integration/shibboleth-idp/config/shib-idp/conf/ldap.properties
 create mode 100644 testbed/integration/shibboleth-idp/config/shib-idp/conf/ldap.properties.dist
 create mode 100644 testbed/integration/shibboleth-idp/config/shib-idp/conf/metadata-providers.xml
 create mode 100644 testbed/integration/shibboleth-idp/config/shib-idp/conf/relying-party.xml
 create mode 100644 testbed/integration/shibboleth-idp/config/shib-idp/conf/services.xml
 create mode 100644 testbed/integration/shibboleth-idp/config/shib-idp/metadata/idp-metadata.xml
 create mode 100644 testbed/integration/shibboleth-idp/config/tomcat/catalina.policy
 create mode 100644 testbed/integration/shibboleth-idp/config/tomcat/catalina.properties
 create mode 100644 testbed/integration/shibboleth-idp/config/tomcat/context.xml
 create mode 100644 testbed/integration/shibboleth-idp/config/tomcat/logging.properties
 create mode 100644 testbed/integration/shibboleth-idp/config/tomcat/server.xml
 create mode 100644 testbed/integration/shibboleth-idp/config/tomcat/tomcat-users.xml
 create mode 100644 testbed/integration/shibboleth-idp/config/tomcat/tomcat-users.xsd
 create mode 100644 testbed/integration/shibboleth-idp/config/tomcat/web.xml
 create mode 100644 testbed/integration/shibboleth-idp/credentials/shib-idp/idp-encryption.crt
 create mode 100644 testbed/integration/shibboleth-idp/credentials/shib-idp/idp-encryption.key
 create mode 100644 testbed/integration/shibboleth-idp/credentials/shib-idp/idp-signing.crt
 create mode 100644 testbed/integration/shibboleth-idp/credentials/shib-idp/idp-signing.key
 create mode 100644 testbed/integration/shibboleth-idp/credentials/shib-idp/inc-md-cert-mdq.pem
 create mode 100644 testbed/integration/shibboleth-idp/credentials/shib-idp/sealer.jks
 create mode 100644 testbed/integration/shibboleth-idp/credentials/shib-idp/sealer.kver
 create mode 100644 testbed/integration/shibboleth-idp/credentials/shib-idp/secrets.properties
 create mode 100644 testbed/integration/shibboleth-idp/credentials/tomcat/keystore.jks
 create mode 100644 testbed/integration/shibboleth-idp/metadata/dynamic/700bfe6fa4495100f5c193fa5b7ca4192c150923.xml
 create mode 100644 testbed/integration/shibboleth-idp/wwwroot/robots.txt
 create mode 100644 testbed/integration/shibui/application.yml

diff --git a/testbed/integration/cheat.html b/testbed/integration/cheat.html
new file mode 100644
index 000000000..c29eea878
--- /dev/null
+++ b/testbed/integration/cheat.html
@@ -0,0 +1,73 @@
+<html>
+<body>
+<h2>Reload Service</h2>
+<form action="https://idp.unicon.local/idp/profile/admin/reload-service" target="_blank" method="get">
+    <label for="id">id</label>
+    <select name="id" id="id">
+        <option value="shibboleth.MetadataResolverService">MetadataResolverService</option>
+    </select>
+    <input type="submit" />
+</form>
+<h2>Attribute Resolution</h2>
+<form action="https://idp.unicon.local/idp/profile/admin/resolvertest" target="_blank" method="get">
+    <table>
+        <tr>
+            <td>
+                <label for="requester">Requester</label>
+            </td>
+            <td>
+    <input name="requester" id="requester" type="text" />
+            </td>
+        </tr>
+        <tr>
+            <td>
+    <label for="principal">Principal</label>
+            </td>
+            <td>
+    <input name="principal" id="principal" type="text" />
+            </td>
+        </tr>
+        <tr>
+            <td>
+                <label for="acsIndex">acs index</label>
+            </td>
+            <td>
+                <input name="acsIndex" id="acsIndex" type="number" />
+            </td>
+        </tr>
+        <tr>
+            <td>
+                <label for="saml1">SAML1</label>
+            </td>
+            <td>
+                <input name="saml1" id="saml1" type="checkbox" />
+            </td>
+        </tr>
+        <tr>
+            <td>
+                <label for="saml2">SAML2</label>
+            </td>
+            <td>
+                <input name="saml2" id="saml2" type="checkbox" />
+            </td>
+        </tr>
+    </table>
+    <input type="submit" />
+
+</form>
+<h2>Metadata Query</h2>
+<form action="https://idp.unicon.local/idp/profile/admin/mdquery" target="_blank" method="get">
+    <table>
+        <tr>
+            <td>
+                <label for="entityID">Entity ID</label>
+            </td>
+            <td>
+                <input name="entityID" id="entityID" type="text" />
+            </td>
+        </tr>
+    </table>
+    <input type="submit" />
+</form>
+</body>
+</html>
diff --git a/testbed/integration/docker-compose.yml b/testbed/integration/docker-compose.yml
new file mode 100644
index 000000000..eb448e56d
--- /dev/null
+++ b/testbed/integration/docker-compose.yml
@@ -0,0 +1,103 @@
+version: "3.8"
+
+services:
+  reverse-proxy:
+    image: library/traefik:v2.5.2
+    command:
+      - "--api.insecure=true"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web-secure.address=:443"
+      - "--providers.file.directory=/configuration/"
+      - "--providers.file.watch=true"
+      # - "--log.level=DEBUG"
+    networks:
+      reverse-proxy:
+        aliases:
+          - idp.unicon.local
+    ports:
+      - "80:80"
+      - "8080:8080"
+      - "443:443"
+      - "8443:8443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ../reverse-proxy/:/configuration/
+      - ../reverse-proxy/certs/:/certs/
+  directory:
+    build: ../directory
+    networks:
+      - idp
+    volumes:
+      - directory_data:/var/lib/ldap
+      - directory_config:/etc/ldap/slapd.d
+      - ../directory/certs:/container/service/slapd/assets/certs
+    environment:
+      LDAP_BASE_DN: "dc=unicon,dc=local"
+      LDAP_DOMAIN: "unicon.local"
+      HOSTNAME: "directory"
+      LDAP_TLS_VERIFY_CLIENT: "try"
+  idp:
+    build: ./shibboleth-idp
+    labels:
+      - "traefik.http.routers.idp.rule=Host(`idp.unicon.local`)"
+      - "traefik.http.services.idp.loadbalancer.server.port=8080"
+      - "traefik.http.routers.idp.tls=true"
+      - "traefik.docker.network=integration_reverse-proxy"
+      - "traefik.enable=true"
+    depends_on:
+      - directory
+      - reverse-proxy
+    networks:
+      - reverse-proxy
+      - idp
+    volumes:
+      - ../directory/certs/ca.crt:/opt/shibboleth-idp/credentials/ldap-server.crt
+      - dynamic_metadata:/opt/shibboleth-idp/metadata/dynamic
+      - dynamic_config:/opt/shibboleth-idp/conf/dynamic
+    healthcheck:
+      disable: true
+  shib-idp-ui:
+    image: unicon/shibui:latest
+    labels:
+      - "traefik.http.routers.shibui.rule=Host(`shibui.unicon.local`)"
+      - "traefik.http.services.shibui.loadbalancer.server.port=8080"
+      - "traefik.http.routers.shibui.tls=true"
+      - "traefik.docker.network=integration_reverse-proxy"
+      - "traefik.enable=true"
+    networks:
+      - reverse-proxy
+      - backend
+    volumes:
+      - ./shibui:/conf
+      - ./shibui/application.yml:/application.yml
+      - dynamic_metadata:/var/shibboleth/dynamic_metadata
+      - dynamic_config:/var/shibboleth/dynamic_config
+      - ./shibboleth-idp/credentials/shib-idp/inc-md-cert-mdq.pem:/opt/shibboleth-idp/credentials/inc-md-cert-mdq.pem
+    environment:
+      - "IDP_HOME=/opt/shibboleth-idp"
+  database:
+    image: postgres:14-alpine
+    environment:
+      POSTGRES_PASSWORD: shibui
+      POSTGRES_USER: shibui
+      POSTGRES_DB: shibui
+    networks:
+      - backend
+    volumes:
+      - database_data:/var/lib/postgresql/data
+networks:
+  reverse-proxy:
+  idp:
+  backend:
+volumes:
+  directory_data:
+    driver: local
+  directory_config:
+    driver: local
+  dynamic_metadata:
+    driver: local
+  dynamic_config:
+    driver: local
+  database_data:
+    driver: local
diff --git a/testbed/integration/shibboleth-idp/Dockerfile b/testbed/integration/shibboleth-idp/Dockerfile
new file mode 100644
index 000000000..1a4087074
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/Dockerfile
@@ -0,0 +1,25 @@
+FROM i2incommon/shib-idp:4.1.4_20210802
+
+# The build args below can be used at build-time to tell the build process where to find your config files.  This is for a completely burned-in config.
+ARG TOMCFG=config/tomcat
+ARG TOMCERT=credentials/tomcat
+ARG TOMWWWROOT=wwwroot
+ARG SHBCFG=config/shib-idp/conf
+ARG SHBCREDS=credentials/shib-idp
+ARG SHBVIEWS=config/shib-idp/views
+ARG SHBEDWAPP=config/shib-idp/edit-webapp
+ARG SHBMSGS=config/shib-idp/messages
+ARG SHBMD=config/shib-idp/metadata
+
+# copy in the needed config files
+ADD ${TOMCFG} /usr/local/tomcat/conf
+ADD ${TOMCERT} /opt/certs
+ADD ${TOMWWWROOT} /usr/local/tomcat/webapps/ROOT
+ADD ${SHBCFG} /opt/shibboleth-idp/conf
+ADD ${SHBCREDS} /opt/shibboleth-idp/credentials
+#ADD ${SHBVIEWS} /opt/shibboleth-idp/views
+#ADD ${SHBEDWAPP} /opt/shibboleth-idp/edit-webapp
+#ADD ${SHBMSGS} /opt/shibboleth-idp/messages
+ADD ${SHBMD} /opt/shibboleth-idp/metadata
+
+EXPOSE 8080
diff --git a/testbed/integration/shibboleth-idp/config/shib-idp/conf/access-control.xml b/testbed/integration/shibboleth-idp/config/shib-idp/conf/access-control.xml
new file mode 100644
index 000000000..e8215e441
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/config/shib-idp/conf/access-control.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:context="http://www.springframework.org/schema/context"
+       xmlns:util="http://www.springframework.org/schema/util"
+       xmlns:p="http://www.springframework.org/schema/p"
+       xmlns:c="http://www.springframework.org/schema/c"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
+                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
+
+       default-init-method="initialize"
+       default-destroy-method="destroy">
+
+    <!--
+    Map of access control policies used to limit access to administrative functions.
+    The purpose of the map is to label policies with a key/name so they can be reused.
+    -->
+
+    <!--
+    Use the "shibboleth.IPRangeAccessControl" parent bean for IP-based access control.
+    The ranges provided MUST be CIDR network expressions. To specify a single address,
+    add "/32" or "/128" for IPv4 or IPv6 respectively.
+
+    The additional examples below demonstrate how to control access by username
+    and by attribute(s), in the case of authenticated access to admin functions.
+    -->
+
+    <util:map id="shibboleth.AccessControlPolicies">
+
+        <entry key="AccessByIPAddress">
+            <bean id="AccessByIPAddress" parent="shibboleth.IPRangeAccessControl"
+                  p:allowedRanges="#{ {'127.0.0.1/32', '::1/128', '172.16.0.0/12'} }" />
+        </entry>
+
+        <!--
+        <entry key="AccessByAdminUser">
+            <bean parent="shibboleth.PredicateAccessControl">
+                <constructor-arg>
+                    <bean parent="shibboleth.Conditions.SubjectName" c:collection="#{'jdoe'}" />
+                </constructor-arg>
+            </bean>
+        </entry>
+        -->
+
+        <!--
+        <entry key="AccessByAttribute">
+            <bean parent="shibboleth.PredicateAccessControl">
+                <constructor-arg>
+                    <bean class="net.shibboleth.idp.profile.logic.SimpleAttributePredicate">
+                        <property name="attributeValueMap">
+                            <map>
+                                <entry key="eduPersonEntitlement">
+                                    <list>
+                                        <value>https://example.org/entitlement/idpadmin</value>
+                                    </list>
+                                </entry>
+                            </map>
+                        </property>
+                    </bean>
+                </constructor-arg>
+            </bean>
+        </entry>
+        -->
+
+    </util:map>
+
+</beans>
diff --git a/testbed/integration/shibboleth-idp/config/shib-idp/conf/attribute-filter.xml b/testbed/integration/shibboleth-idp/config/shib-idp/conf/attribute-filter.xml
new file mode 100644
index 000000000..d4d57250a
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/config/shib-idp/conf/attribute-filter.xml
@@ -0,0 +1,160 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- 
+    This file is an EXAMPLE policy file.  While the policy presented in this 
+    example file is illustrative of some simple cases, it relies on the names of
+    non-existent example services and the example attributes demonstrated in the
+    default attribute-resolver.xml file.
+
+    This example does contain some usable "general purpose" policies that may be
+    useful in conjunction with specific deployment choices, but those policies may
+    not be applicable to your specific needs or constraints.    
+-->
+<AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
+        xmlns="urn:mace:shibboleth:2.0:afp"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd">
+
+    <!--
+    Example rule relying on a locally applied tag in metadata to trigger attribute
+    release of some specific attributes. Add additional attributes as desired.
+    -->
+<!--
+	<AttributeFilterPolicy id="Per-Attribute-singleValued">
+	    <PolicyRequirementRule xsi:type="ANY" />
+	 
+	    <AttributeRule attributeID="eduPersonPrincipalName">
+	        <PermitValueRule xsi:type="EntityAttributeExactMatch"
+	            attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
+	            attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+	            attributeValue="eduPersonPrincipalName" />
+	    </AttributeRule>
+	 
+	    <AttributeRule attributeID="mail">
+	        <PermitValueRule xsi:type="EntityAttributeExactMatch"
+	            attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
+	            attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+	            attributeValue="mail" />
+	    </AttributeRule>
+	</AttributeFilterPolicy>
+-->
+
+    <!--
+    Same as above but more efficient form for an attribute with multiple values.
+    -->
+<!--
+    <AttributeFilterPolicy id="Per-Attribute-Affiliation">
+        <PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
+            attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
+            attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+            attributeValue="eduPersonScopedAffiliation" />
+     
+        <AttributeRule attributeID="eduPersonScopedAffiliation" permitAny="true" />
+    </AttributeFilterPolicy>
+-->
+
+    <!--
+    Example rule for honoring Subject ID requirement tag in metadata.
+    The example supplies pairwise-id if subject-id isn't explicitly required.
+    -->
+<!--
+    <AttributeFilterPolicy id="subject-identifiers">
+        <PolicyRequirementRule xsi:type="ANY" />
+
+        <AttributeRule attributeID="samlPairwiseID">
+            <PermitValueRule xsi:type="OR">
+                <Rule xsi:type="EntityAttributeExactMatch"
+                    attributeName="urn:oasis:names:tc:SAML:profiles:subject-id:req"
+                    attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+                    attributeValue="pairwise-id" />
+                <Rule xsi:type="EntityAttributeExactMatch"
+                    attributeName="urn:oasis:names:tc:SAML:profiles:subject-id:req"
+                    attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+                    attributeValue="any" />
+            </PermitValueRule>
+        </AttributeRule>
+
+        <AttributeRule attributeID="samlSubjectID">
+            <PermitValueRule xsi:type="EntityAttributeExactMatch"
+                attributeName="urn:oasis:names:tc:SAML:profiles:subject-id:req"
+                attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+                attributeValue="subject-id" />
+        </AttributeRule>
+    </AttributeFilterPolicy>
+-->
+
+    <!-- Release an additional attribute to an SP. -->
+<!--
+    <AttributeFilterPolicy id="example1">
+        <PolicyRequirementRule xsi:type="Requester" value="https://sp.example.org" />
+
+        <AttributeRule attributeID="uid" permitAny="true" />
+    </AttributeFilterPolicy>
+-->
+
+    <!-- Release eduPersonScopedAffiliation to two specific SPs. -->
+<!--
+    <AttributeFilterPolicy id="example2">
+        <PolicyRequirementRule xsi:type="OR">
+            <Rule xsi:type="Requester" value="https://sp.example.org" />
+            <Rule xsi:type="Requester" value="https://another.example.org/shibboleth" />
+        </PolicyRequirementRule>
+        <AttributeRule attributeID="eduPersonScopedAffiliation" permitAny="true" />
+    </AttributeFilterPolicy>
+-->
+    <AttributeFilterPolicy>
+        <PolicyRequirementRule xsi:type="Requester" value="https://unicon.net/test/shibui"/>
+        <AttributeRule attributeID="uid">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+    </AttributeFilterPolicy>
+
+    <!-- release some attributes to everyone. this is the R&S bundle -->
+    <AttributeFilterPolicy id="releaseRandSAttributeBundle">
+        <PolicyRequirementRule xsi:type="ANY" />
+        <AttributeRule attributeID="eduPersonPrincipalName">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+        <AttributeRule attributeID="eduPersonScopedAffiliation">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+        <AttributeRule attributeID="givenName">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+        <AttributeRule attributeID="surname">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+        <AttributeRule attributeID="displayName">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+        <AttributeRule attributeID="mail">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+    </AttributeFilterPolicy>
+
+    <!-- Attribute release for all InCommon SPs -->
+    <AttributeFilterPolicy id="releaseToInCommon">
+        <PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
+                        attributeName="http://macedir.org/entity-category"
+                        attributeValue="http://id.incommon.org/category/registered-by-incommon"/>
+        <AttributeRule attributeID="eduPersonPrincipalName">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+        <AttributeRule attributeID="eduPersonScopedAffiliation">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+        <AttributeRule attributeID="givenName">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+        <AttributeRule attributeID="surname">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+        <AttributeRule attributeID="displayName">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+        <AttributeRule attributeID="mail">
+            <PermitValueRule xsi:type="ANY" />
+        </AttributeRule>
+    </AttributeFilterPolicy>
+
+
+</AttributeFilterPolicyGroup>
diff --git a/testbed/integration/shibboleth-idp/config/shib-idp/conf/attribute-resolver.xml b/testbed/integration/shibboleth-idp/config/shib-idp/conf/attribute-resolver.xml
new file mode 100644
index 000000000..135b4bc53
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/config/shib-idp/conf/attribute-resolver.xml
@@ -0,0 +1,270 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    This file is an EXAMPLE configuration file containing lots of commented
+    example attributes, encoders, and a couple of example data connectors.
+     
+    Not all attribute definitions or data connectors are demonstrated, but
+    a variety of LDAP attributes, some common to Shibboleth deployments and
+    many not, are included.
+    
+    Deployers should refer to the Identity Provider 3 documentation
+    
+    https://wiki.shibboleth.net/confluence/display/IDP30/AttributeResolverConfiguration
+     
+    for a complete list of components and their options.
+-->
+<AttributeResolver
+        xmlns="urn:mace:shibboleth:2.0:resolver"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd">
+
+    <!-- ========================================== -->
+    <!--      Attribute Definitions                 -->
+    <!-- ========================================== -->
+
+    <!-- Schema: Core schema attributes-->
+    <AttributeDefinition xsi:type="Simple" id="uid">
+        <InputDataConnector ref="myLDAP" attributeNames="uid"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="mail">
+        <InputDataConnector ref="myLDAP" attributeNames="mail"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="homePhone">
+        <InputDataConnector ref="myLDAP" attributeNames="homePhone"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="homePostalAddress">
+        <InputDataConnector ref="myLDAP" attributeNames="homePostalAddress"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="mobileNumber">
+        <InputDataConnector ref="myLDAP" attributeNames="mobile"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="pagerNumber">
+        <InputDataConnector ref="myLDAP" attributeNames="pager"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="surname">
+        <InputDataConnector ref="myLDAP" attributeNames="sn"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="locality">
+        <InputDataConnector ref="myLDAP" attributeNames="l"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="stateProvince">
+        <InputDataConnector ref="myLDAP" attributeNames="st"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="street">
+        <InputDataConnector ref="myLDAP" attributeNames="street"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="organizationName">
+        <InputDataConnector ref="myLDAP" attributeNames="o"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="organizationalUnit">
+        <InputDataConnector ref="myLDAP" attributeNames="ou"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="title">
+        <InputDataConnector ref="myLDAP" attributeNames="title"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="postalAddress">
+        <InputDataConnector ref="myLDAP" attributeNames="postalAddress"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="postalCode">
+        <InputDataConnector ref="myLDAP" attributeNames="postalCode"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="postOfficeBox">
+        <InputDataConnector ref="myLDAP" attributeNames="postOfficeBox"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="telephoneNumber">
+        <InputDataConnector ref="myLDAP" attributeNames="telephoneNumber"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="givenName">
+        <InputDataConnector ref="myLDAP" attributeNames="givenName"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="initials">
+        <InputDataConnector ref="myLDAP" attributeNames="initials"/>
+    </AttributeDefinition>
+
+    <!-- Schema: inetOrgPerson attributes-->
+    <AttributeDefinition xsi:type="Simple" id="departmentNumber">
+        <InputDataConnector ref="myLDAP" attributeNames="departmentNumber"/>
+    </AttributeDefinition>
+    
+    <AttributeDefinition xsi:type="Simple" id="displayName">
+        <InputDataConnector ref="myLDAP" attributeNames="displayName"/>
+    </AttributeDefinition> 
+
+    <AttributeDefinition xsi:type="Simple" id="employeeNumber">
+        <InputDataConnector ref="myLDAP" attributeNames="employeeNumber"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="employeeType">
+        <InputDataConnector ref="myLDAP" attributeNames="employeeType"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="jpegPhoto">
+        <InputDataConnector ref="myLDAP" attributeNames="jpegPhoto"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="preferredLanguage">
+        <InputDataConnector ref="myLDAP" attributeNames="preferredLanguage"/>
+    </AttributeDefinition>
+
+    <!-- Schema: eduPerson attributes -->
+    <AttributeDefinition xsi:type="Simple" id="eduPersonAffiliation">
+        <InputDataConnector ref="myLDAP" attributeNames="eduPersonAffiliation" />
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="eduPersonEntitlement">
+        <InputDataConnector ref="myLDAP" attributeNames="eduPersonEntitlement"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="eduPersonNickname">
+        <InputDataConnector ref="myLDAP" attributeNames="eduPersonNickname"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Simple" id="eduPersonPrimaryAffiliation">
+        <InputDataConnector ref="myLDAP" attributeNames="eduPersonPrimaryAffiliation"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Prescoped" id="eduPersonPrincipalName">
+        <InputDataConnector ref="myLDAP" attributeNames="eduPersonPrincipalName"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Prescoped" id="eduPersonPrincipalNamePrior">
+        <InputDataConnector ref="myLDAP" attributeNames="eduPersonPrincipalNamePrior"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Scoped" id="eduPersonScopedAffiliation" scope="%{idp.scope}">
+        <InputDataConnector ref="myLDAP" attributeNames="eduPersonAffiliation"/>
+    </AttributeDefinition>
+    
+    <AttributeDefinition xsi:type="Simple" id="eduPersonAssurance">
+        <InputDataConnector ref="myLDAP" attributeNames="eduPersonAssurance"/>
+    </AttributeDefinition>
+
+    <!-- Semi-deprecated eduPersonUniqueId, should be phased out in favor of SAML subject-id replacement below. -->
+<!-- 
+    <AttributeDefinition xsi:type="Scoped" id="eduPersonUniqueId" scope="%{idp.scope}">
+        <InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}"/>
+    </AttributeDefinition>
+-->
+
+    <!-- Schema: SAML Subject ID Attributes -->
+<!--
+    <AttributeDefinition xsi:type="Scoped" id="samlSubjectID" scope="%{idp.scope}">
+        <InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}"/>
+    </AttributeDefinition>
+
+    <AttributeDefinition xsi:type="Scoped" id="samlPairwiseID" scope="%{idp.scope}">
+        <InputDataConnector ref="computed" attributeNames="computedId"/>
+    </AttributeDefinition>
+-->
+
+    <!-- ========================================== -->
+    <!--      Data Connectors                       -->
+    <!-- ========================================== -->
+
+    <!-- Example Static Connector -->
+
+    <!-- Example Relational Database Connector.  
+         In practice a <SimpleManagedConnection> is enough to get you going but you should consider a
+         <BeanManagedConnection> fully configured for your particular environment -->
+    
+<!--
+    <DataConnector id="mySIS" xsi:type="RelationalDatabase">
+        <SimpleManagedConnection jdbcDriver="oracle.jdbc.driver.OracleDriver"
+                                 jdbcURL="jdbc:oracle:thin:@db.example.org:1521:SomeDB" 
+                                 jdbcUserName="myid" 
+                                 jdbcPassword="mypassword" />
+        <QueryTemplate>
+            <![CDATA[
+                SELECT * FROM student WHERE gzbtpid = '$resolutionContext.principal'
+            ]]>
+        </QueryTemplate>
+
+        <Column columnName="gzbtpid" attributeID="uid" />
+        <Column columnName="fqlft" attributeID="gpa" />
+    </DataConnector>
+-->
+
+    <!-- Example LDAP Connector -->
+<!--
+    <DataConnector id="myLDAP" xsi:type="LDAPDirectory"
+        ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
+        baseDN="%{idp.attribute.resolver.LDAP.baseDN}" 
+        principal="%{idp.attribute.resolver.LDAP.bindDN}"
+        principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
+        useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
+        connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
+	trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}"
+        responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}">
+        <FilterTemplate>
+            <![CDATA[
+                %{idp.attribute.resolver.LDAP.searchFilter}
+            ]]>
+        </FilterTemplate>
+	    <ConnectionPool
+            minPoolSize="%{idp.pool.LDAP.minSize:3}"
+            maxPoolSize="%{idp.pool.LDAP.maxSize:10}"
+            blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
+            validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
+            validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
+            expirationTime="%{idp.pool.LDAP.idleTime:PT10M}" />
+    </DataConnector>
+-->
+
+    <!-- Default LDAP Connector (no TLS) -->
+    <DataConnector id="myLDAP" xsi:type="LDAPDirectory"
+        ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
+        baseDN="%{idp.attribute.resolver.LDAP.baseDN}" 
+        principal="%{idp.attribute.resolver.LDAP.bindDN}"
+        principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
+        useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
+        connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
+        trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}"
+        responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}">
+        <FilterTemplate>
+            <![CDATA[
+                %{idp.attribute.resolver.LDAP.searchFilter}
+            ]]>
+        </FilterTemplate>
+	    <ConnectionPool
+            minPoolSize="%{idp.pool.LDAP.minSize:3}"
+            maxPoolSize="%{idp.pool.LDAP.maxSize:10}"
+            blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
+            validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
+            validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
+            expirationTime="%{idp.pool.LDAP.idleTime:PT10M}" />
+    </DataConnector>
+
+
+    <!-- DataConector for pairwise-id (example depends on saml-nameid.properties). -->
+
+<!-- 
+    <DataConnector id="computed" xsi:type="ComputedId"
+	    generatedAttributeID="computedId"
+	    salt="%{idp.persistentId.salt}"
+	    algorithm="%{idp.persistentId.algorithm:SHA}"
+        encoding="%{idp.persistentId.encoding:BASE32}">
+	    
+        <InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}" />
+        
+	</DataConnector>
+-->
+
+</AttributeResolver>
diff --git a/testbed/integration/shibboleth-idp/config/shib-idp/conf/cas-protocol.xml b/testbed/integration/shibboleth-idp/config/shib-idp/conf/cas-protocol.xml
new file mode 100644
index 000000000..374aa0523
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/config/shib-idp/conf/cas-protocol.xml
@@ -0,0 +1,112 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:c="http://www.springframework.org/schema/c"
+       xmlns:p="http://www.springframework.org/schema/p"
+       xmlns:util="http://www.springframework.org/schema/util"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
+                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
+       default-init-method="initialize"
+       default-destroy-method="destroy">
+
+    <!--
+       | The CAS service registry defines verified relying parties by endpoint URI.
+       | The default implementation treats the ID of each entry as a regular expression defining a logical group of
+       | services whose URIs match the expression.
+       |
+       | This bean is reloaded periodically according to %{idp.home}/conf/services.properties.
+       -->
+    <bean id="reloadableServiceRegistry"
+          class="%{idp.cas.serviceRegistryClass:net.shibboleth.idp.cas.service.PatternServiceRegistry}">
+        <property name="definitions">
+            <list>
+                <bean class="net.shibboleth.idp.cas.service.ServiceDefinition"
+                      c:regex="https?://([A-Za-z0-9_-]+\.)*unicon\.local(:\d+)?/.*"
+                      p:authorizedToProxy="false" />
+                <bean class="net.shibboleth.idp.cas.service.ServiceDefinition"
+                      c:regex="https?://localhost(:\d+)?/.*"
+                      p:authorizedToProxy="false" />
+                <!--
+                <bean class="net.shibboleth.idp.cas.service.ServiceDefinition"
+                      c:regex="https://([A-Za-z0-9_-]+\.)*example\.org(:\d+)?/.*"
+                      p:group="proxying-services"
+                      p:authorizedToProxy="true"
+                      p:singleLogoutParticipant="true" />
+                <bean class="net.shibboleth.idp.cas.service.ServiceDefinition"
+                      c:regex="http://([A-Za-z0-9_-]+\.)*example\.org(:\d+)?/.*"
+                      p:group="non-proxying-services"
+                      p:authorizedToProxy="false" /
+                -->
+            </list>
+        </property>
+    </bean>
+
+    <!--
+       | Uncomment this bean if you want to override the default list of CAS service registries.
+       | The default configuration tries to find the relying party in a SAML metadata source and falls back to
+       | reloadableServiceRegistry if a match is not found.
+       -->
+    <!--<util:list id="shibboleth.CASServiceRegistries">
+        <ref bean="shibboleth.CASMetadataServiceRegistry" />
+        <ref bean="shibboleth.CASServiceRegistry" />
+    </util:list>-->
+
+    <!--
+       | The default ticket service as of 3.3.0 serializes ticket data into the opaque section of the ticket ID
+       | for service tickets and proxy tickets. Proxy-granting tickets still require server-side storage, and
+       | a StorageService defined by the idp.cas.StorageService is used. Thus for deployers that do not require
+       | CAS proxy capabilities, no stateful storage mechanism is required; that means no memcached or database
+       | is required for HA deployments that want CAS (without proxy) support. A notable limitation of the new
+       | component is that the one-time use feature of service and proxy tickets is not available due to the lack
+       | of a ticket-tracking mechanism. Instead, tickets expire when their expiration period is exceeded.
+       | If this limitation is of concern, one may consider decreasing ticketValidityPeriod on the profile
+       | configuration from the default 15000ms.
+       -->
+    <alias name="encodingTicketService" alias="shibboleth.CASTicketService" />
+
+    <!--
+       | Uncomment the following element and comment out the above to enable the previous default ticket service
+       | that uses a StorageService for ticket persistence. Use this if the one-time use limitation of
+       | EncodingTicketService is problematic and can't be mitigated by decreasing ticketValidityPeriod.
+       -->
+    <!--<alias name="simpleTicketService" alias="shibboleth.CASTicketService" /> -->
+
+    <!--
+       | The predicate used to determine whether IdP session validation is performed during the process of granting
+       | a proxy ticket. When the predicate evaluates to true, an IdP session is resolved and validated prior to
+       | granting a proxy ticket. This feature prevents issuing proxy tickets when an IdP session is expired, but comes
+       | at the cost of requiring server-side storage of IdP session data. If this is configured to a predicate that
+       | evaluates to true under any condition, a server-side storage service must be enabled for IdP session
+       | storage. The most common non-default value is "alwaysTrue."
+       -->
+    <bean id="shibboleth.CASProxyValidateIdPSessionPredicate" parent="shibboleth.Conditions.FALSE" />
+
+    <!--
+       | Uncomment the following bean if you want to ignore jsessionid artifacts in service URLs.
+       | Those sorts of URLs are commonly emitted by Java servlet-based web applications.
+       -->
+    <!--<bean id="shibboleth.CASServiceComparator"
+          class="net.shibboleth.idp.cas.service.DefaultServiceComparator"
+          c:parameterNames="[a-z]+sessionid" />-->
+
+    <!--
+       | Define the list of static certificates that you trust to secure CAS proxy callback endpoints.
+       | Typically these are CA certificates and apply to _all_ CAS proxy callback endpoints.
+       | This facility complements the capability to supply relying-party-specific certificates in SAML metadata,
+       | which is the preferred mechanism to specify CAS proxy trust material. In the case of metadata, self-signed
+       | certificates are recommended.
+       -->
+    <util:list id="shibboleth.CASProxyTrustedCertificates" value-type="java.lang.String">
+        <!--<value>%{idp.home}/credentials/your_ca.pem</value>-->
+    </util:list>
+
+
+    <!-- ============== Advanced CAS Configuration ============== -->
+
+    <!-- Configure a third-party ticket service. -->
+    <!--
+    <bean id="shibboleth.CASTicketService"
+          class="org.example.idp.cas.CustomTicketService" />
+    -->
+</beans>
diff --git a/testbed/integration/shibboleth-idp/config/shib-idp/conf/idp.properties b/testbed/integration/shibboleth-idp/config/shib-idp/conf/idp.properties
new file mode 100644
index 000000000..50af60005
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/config/shib-idp/conf/idp.properties
@@ -0,0 +1,226 @@
+# Load any additional property resources from a comma-delimited list
+idp.additionalProperties=/conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties, /conf/authn/duo.properties, /credentials/secrets.properties
+
+# In most cases (and unless noted in the surrounding comments) the
+# commented settings in the distributed files document default behavior.
+# Uncomment them and change the value to change functionality.
+#
+# Uncommented properties are either required or ship non-defaulted.
+
+# Set the entityID of the IdP
+idp.entityID=https://idp.unicon.local/idp/shibboleth
+
+# Set the file path which backs the IdP's own metadata publishing endpoint at /shibboleth.
+# Set to empty value to disable and return a 404.
+#idp.entityID.metadataFile=%{idp.home}/metadata/idp-metadata.xml
+
+# Set the scope used in the attribute resolver for scoped attributes
+idp.scope=unicon.local
+
+# General cookie properties (maxAge only applies to persistent cookies)
+#idp.cookie.secure = true
+#idp.cookie.httpOnly = true
+#idp.cookie.domain =
+#idp.cookie.path =
+#idp.cookie.maxAge = 31536000
+# These control operation of the SameSite filter, which is off by default.
+#idp.cookie.sameSite = None
+#idp.cookie.sameSiteCondition = shibboleth.Conditions.FALSE
+
+# Enable cross-site request forgery mitigation for views.
+idp.csrf.enabled=true
+# Name of the HTTP parameter that stores the CSRF token.
+#idp.csrf.token.parameter = csrf_token
+
+# HSTS/CSP response headers
+#idp.hsts = max-age=0
+# X-Frame-Options value, set to DENY or SAMEORIGIN to block framing
+#idp.frameoptions = DENY
+# Content-Security-Policy value, set to match X-Frame-Options default
+#idp.csp = frame-ancestors 'none';
+
+# Set the location of user-supplied web flow definitions
+#idp.webflows = %{idp.home}/flows
+
+# Set the location of Velocity view templates
+#idp.views = %{idp.home}/views
+
+# Settings for internal AES encryption key
+#idp.sealer.keyStrategy = shibboleth.DataSealerKeyStrategy
+#idp.sealer.storeType = JCEKS
+#idp.sealer.updateInterval = PT15M
+#idp.sealer.aliasBase = secret
+idp.sealer.storeResource=%{idp.home}/credentials/sealer.jks
+idp.sealer.versionResource=%{idp.home}/credentials/sealer.kver
+
+# Settings for public/private signing and encryption key(s)
+# During decryption key rollover, point the ".2" properties at a second
+# keypair, uncomment in credentials.xml, then publish it in your metadata.
+idp.signing.key=%{idp.home}/credentials/idp-signing.key
+idp.signing.cert=%{idp.home}/credentials/idp-signing.crt
+idp.encryption.key=%{idp.home}/credentials/idp-encryption.key
+idp.encryption.cert=%{idp.home}/credentials/idp-encryption.crt
+#idp.encryption.key.2 = %{idp.home}/credentials/idp-encryption-old.key
+#idp.encryption.cert.2 = %{idp.home}/credentials/idp-encryption-old.crt
+
+# Sets the bean ID to use as a default security configuration set
+#idp.security.config = shibboleth.DefaultSecurityConfiguration
+
+# To downgrade to SHA-1, set to shibboleth.SigningConfiguration.SHA1
+#idp.signing.config = shibboleth.SigningConfiguration.SHA256
+
+# The new install default for encryption is now AES-GCM.
+idp.encryption.config=shibboleth.EncryptionConfiguration.GCM
+
+# Configures trust evaluation of keys used by services at runtime
+# Internal default is Chaining, overriden for new installs
+idp.trust.signatures=shibboleth.ExplicitKeySignatureTrustEngine
+# Other options:
+#   shibboleth.ChainingSignatureTrustEngine, shibboleth.PKIXSignatureTrustEngine
+idp.trust.certificates=shibboleth.ExplicitKeyX509TrustEngine
+# Other options:
+#   shibboleth.ChainingX509TrustEngine, shibboleth.PKIXX509TrustEngine
+
+# If true, encryption will happen whenever a key to use can be located, but
+# failure to encrypt won't result in request failure.
+idp.encryption.optional = true
+
+# Configuration of client- and server-side storage plugins
+#idp.storage.cleanupInterval = PT10M
+idp.storage.htmlLocalStorage=true
+
+# Set to true to expose more detailed errors in responses to SPs
+#idp.errors.detailed = false
+# Set to false to skip signing of SAML response messages that signal errors
+#idp.errors.signed = true
+# Name of bean containing a list of Java exception classes to ignore
+#idp.errors.excludedExceptions = ExceptionClassListBean
+# Name of bean containing a property set mapping exception names to views
+#idp.errors.exceptionMappings = ExceptionToViewPropertyBean
+# Set if a different default view name for events and exceptions is needed
+#idp.errors.defaultView = error
+
+# Set to false to disable the IdP session layer
+#idp.session.enabled = true
+
+# Set to "shibboleth.StorageService" for server-side storage of user sessions
+#idp.session.StorageService = shibboleth.ClientSessionStorageService
+
+# Size of session IDs
+#idp.session.idSize = 32
+# Bind sessions to IP addresses
+#idp.session.consistentAddress = true
+# Inactivity timeout
+#idp.session.timeout = PT60M
+# Extra time to store sessions for logout
+#idp.session.slop = PT0S
+# Tolerate storage-related errors
+#idp.session.maskStorageFailure = false
+# Track information about SPs logged into
+idp.session.trackSPSessions=true
+# Support lookup by SP for SAML logout
+idp.session.secondaryServiceIndex=true
+# Length of time to track SP sessions
+#idp.session.defaultSPlifetime = PT2H
+
+# Regular expression matching login flows to enable, e.g. IPAddress|Password
+idp.authn.flows=Password
+
+# Default lifetime and timeout of various authentication methods
+#idp.authn.defaultLifetime = PT60M
+#idp.authn.defaultTimeout = PT30M
+
+# Whether to populate relying party user interface information for display
+# during authentication, consent, terms-of-use.
+#idp.authn.rpui = true
+
+# Whether to prioritize "active" results when an SP requests more than
+# one possible matching login method (V2 behavior was to favor them)
+#idp.authn.favorSSO = false
+
+# Whether to fail requests when a user identity after authentication
+# doesn't match the identity in a pre-existing session.
+#idp.authn.identitySwitchIsError = false
+
+# Set to "shibboleth.StorageService" or custom bean for alternate storage of consent
+#idp.consent.StorageService = shibboleth.ClientPersistentStorageService
+
+# Set to "shibboleth.consent.AttributeConsentStorageKey" to use an attribute
+# to key user consent storage records (and set the attribute name)
+#idp.consent.attribute-release.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey
+#idp.consent.attribute-release.userStorageKeyAttribute = uid
+#idp.consent.terms-of-use.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey
+#idp.consent.terms-of-use.userStorageKeyAttribute = uid
+
+# Suffix of message property used as value of consent storage records when idp.consent.compareValues is true.
+# Defaults to text displayed to the user.
+#idp.consent.terms-of-use.consentValueMessageCodeSuffix = .text
+
+# Flags controlling how built-in attribute consent feature operates
+#idp.consent.allowDoNotRemember = true
+#idp.consent.allowGlobal = true
+#idp.consent.allowPerAttribute = false
+
+# Whether attribute values and terms of use text are compared
+#idp.consent.compareValues = false
+# Maximum number of consent records for space-limited storage (e.g. cookies)
+#idp.consent.maxStoredRecords = 10
+# Maximum number of consent records for larger/server-side storage (0 = no limit)
+#idp.consent.expandedMaxStoredRecords = 0
+
+# Time in milliseconds to expire consent storage records.
+#idp.consent.storageRecordLifetime = P1Y
+
+# Whether to lookup metadata, etc. for every SP involved in a logout
+# for use by user interface logic; adds overhead so off by default.
+#idp.logout.elaboration = false
+
+# Whether to require logout requests/responses be signed/authenticated.
+#idp.logout.authenticated = true
+
+# Bean to determine whether user should be allowed to cancel logout
+#idp.logout.promptUser=shibboleth.Conditions.FALSE
+
+# Message freshness and replay cache tuning
+#idp.policy.messageLifetime = PT3M
+#idp.policy.clockSkew = PT3M
+
+# Set to custom bean for alternate storage of replay cache
+#idp.replayCache.StorageService = shibboleth.StorageService
+#idp.replayCache.strict = true
+
+# Toggles whether to allow outbound messages via SAML artifact
+#idp.artifact.enabled = true
+# Suppresses typical signing/encryption when artifact binding used
+#idp.artifact.secureChannel = true
+# May differ to direct SAML 2 artifact lookups to specific server nodes
+#idp.artifact.endpointIndex = 2
+# Set to custom bean for alternate storage of artifact map state
+#idp.artifact.StorageService = shibboleth.StorageService
+
+# Comma-delimited languages to use if not match can be found with the
+# browser-supported languages, defaults to an empty list.
+idp.ui.fallbackLanguages=en,fr,de
+
+# Storage service used by CAS protocol
+# Defaults to shibboleth.StorageService (in-memory)
+# MUST be server-side storage (e.g. in-memory, memcached, database)
+# NOTE that idp.session.StorageService requires server-side storage
+# when CAS protocol is enabled
+#idp.cas.StorageService=shibboleth.StorageService
+
+# CAS service registry implementation class
+#idp.cas.serviceRegistryClass=net.shibboleth.idp.cas.service.PatternServiceRegistry
+
+# If true, CAS services provisioned with SAML metadata are identified via entityID
+#idp.cas.relyingPartyIdFromMetadata=false
+
+# F-TICKS auditing - set a salt to include hashed username
+#idp.fticks.federation=MyFederation
+#idp.fticks.algorithm=SHA-256
+#idp.fticks.salt=somethingsecret
+#idp.fticks.loghost=localhost
+#idp.fticks.logport=514
+
+# Set false if you want SAML bindings "spelled out" in audit log
+idp.audit.shortenBindings=true
diff --git a/testbed/integration/shibboleth-idp/config/shib-idp/conf/idp.properties.dist b/testbed/integration/shibboleth-idp/config/shib-idp/conf/idp.properties.dist
new file mode 100644
index 000000000..7ea276654
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/config/shib-idp/conf/idp.properties.dist
@@ -0,0 +1,226 @@
+# Load any additional property resources from a comma-delimited list
+idp.additionalProperties=/conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties, /conf/authn/duo.properties, /credentials/secrets.properties
+
+# In most cases (and unless noted in the surrounding comments) the
+# commented settings in the distributed files document default behavior.
+# Uncomment them and change the value to change functionality.
+#
+# Uncommented properties are either required or ship non-defaulted.
+
+# Set the entityID of the IdP
+idp.entityID=https://idp.example.org/idp/shibboleth
+
+# Set the file path which backs the IdP's own metadata publishing endpoint at /shibboleth.
+# Set to empty value to disable and return a 404.
+#idp.entityID.metadataFile=%{idp.home}/metadata/idp-metadata.xml
+
+# Set the scope used in the attribute resolver for scoped attributes
+idp.scope=example.org
+
+# General cookie properties (maxAge only applies to persistent cookies)
+#idp.cookie.secure = true
+#idp.cookie.httpOnly = true
+#idp.cookie.domain =
+#idp.cookie.path =
+#idp.cookie.maxAge = 31536000
+# These control operation of the SameSite filter, which is off by default.
+#idp.cookie.sameSite = None
+#idp.cookie.sameSiteCondition = shibboleth.Conditions.FALSE
+
+# Enable cross-site request forgery mitigation for views.
+idp.csrf.enabled=true
+# Name of the HTTP parameter that stores the CSRF token.
+#idp.csrf.token.parameter = csrf_token
+
+# HSTS/CSP response headers
+#idp.hsts = max-age=0
+# X-Frame-Options value, set to DENY or SAMEORIGIN to block framing
+#idp.frameoptions = DENY
+# Content-Security-Policy value, set to match X-Frame-Options default
+#idp.csp = frame-ancestors 'none';
+
+# Set the location of user-supplied web flow definitions
+#idp.webflows = %{idp.home}/flows
+
+# Set the location of Velocity view templates
+#idp.views = %{idp.home}/views
+
+# Settings for internal AES encryption key
+#idp.sealer.keyStrategy = shibboleth.DataSealerKeyStrategy
+#idp.sealer.storeType = JCEKS
+#idp.sealer.updateInterval = PT15M
+#idp.sealer.aliasBase = secret
+idp.sealer.storeResource=%{idp.home}/credentials/sealer.jks
+idp.sealer.versionResource=%{idp.home}/credentials/sealer.kver
+
+# Settings for public/private signing and encryption key(s)
+# During decryption key rollover, point the ".2" properties at a second
+# keypair, uncomment in credentials.xml, then publish it in your metadata.
+idp.signing.key=%{idp.home}/credentials/idp-signing.key
+idp.signing.cert=%{idp.home}/credentials/idp-signing.crt
+idp.encryption.key=%{idp.home}/credentials/idp-encryption.key
+idp.encryption.cert=%{idp.home}/credentials/idp-encryption.crt
+#idp.encryption.key.2 = %{idp.home}/credentials/idp-encryption-old.key
+#idp.encryption.cert.2 = %{idp.home}/credentials/idp-encryption-old.crt
+
+# Sets the bean ID to use as a default security configuration set
+#idp.security.config = shibboleth.DefaultSecurityConfiguration
+
+# To downgrade to SHA-1, set to shibboleth.SigningConfiguration.SHA1
+#idp.signing.config = shibboleth.SigningConfiguration.SHA256
+
+# The new install default for encryption is now AES-GCM.
+idp.encryption.config=shibboleth.EncryptionConfiguration.GCM
+
+# Configures trust evaluation of keys used by services at runtime
+# Internal default is Chaining, overriden for new installs
+idp.trust.signatures=shibboleth.ExplicitKeySignatureTrustEngine
+# Other options:
+#   shibboleth.ChainingSignatureTrustEngine, shibboleth.PKIXSignatureTrustEngine
+idp.trust.certificates=shibboleth.ExplicitKeyX509TrustEngine
+# Other options:
+#   shibboleth.ChainingX509TrustEngine, shibboleth.PKIXX509TrustEngine
+
+# If true, encryption will happen whenever a key to use can be located, but
+# failure to encrypt won't result in request failure.
+#idp.encryption.optional = false
+
+# Configuration of client- and server-side storage plugins
+#idp.storage.cleanupInterval = PT10M
+idp.storage.htmlLocalStorage=true
+
+# Set to true to expose more detailed errors in responses to SPs
+#idp.errors.detailed = false
+# Set to false to skip signing of SAML response messages that signal errors
+#idp.errors.signed = true
+# Name of bean containing a list of Java exception classes to ignore
+#idp.errors.excludedExceptions = ExceptionClassListBean
+# Name of bean containing a property set mapping exception names to views
+#idp.errors.exceptionMappings = ExceptionToViewPropertyBean
+# Set if a different default view name for events and exceptions is needed
+#idp.errors.defaultView = error
+
+# Set to false to disable the IdP session layer
+#idp.session.enabled = true
+
+# Set to "shibboleth.StorageService" for server-side storage of user sessions
+#idp.session.StorageService = shibboleth.ClientSessionStorageService
+
+# Size of session IDs
+#idp.session.idSize = 32
+# Bind sessions to IP addresses
+#idp.session.consistentAddress = true
+# Inactivity timeout
+#idp.session.timeout = PT60M
+# Extra time to store sessions for logout
+#idp.session.slop = PT0S
+# Tolerate storage-related errors
+#idp.session.maskStorageFailure = false
+# Track information about SPs logged into
+idp.session.trackSPSessions=true
+# Support lookup by SP for SAML logout
+idp.session.secondaryServiceIndex=true
+# Length of time to track SP sessions
+#idp.session.defaultSPlifetime = PT2H
+
+# Regular expression matching login flows to enable, e.g. IPAddress|Password
+idp.authn.flows=Password
+
+# Default lifetime and timeout of various authentication methods
+#idp.authn.defaultLifetime = PT60M
+#idp.authn.defaultTimeout = PT30M
+
+# Whether to populate relying party user interface information for display
+# during authentication, consent, terms-of-use.
+#idp.authn.rpui = true
+
+# Whether to prioritize "active" results when an SP requests more than
+# one possible matching login method (V2 behavior was to favor them)
+#idp.authn.favorSSO = false
+
+# Whether to fail requests when a user identity after authentication
+# doesn't match the identity in a pre-existing session.
+#idp.authn.identitySwitchIsError = false
+
+# Set to "shibboleth.StorageService" or custom bean for alternate storage of consent
+#idp.consent.StorageService = shibboleth.ClientPersistentStorageService
+
+# Set to "shibboleth.consent.AttributeConsentStorageKey" to use an attribute
+# to key user consent storage records (and set the attribute name)
+#idp.consent.attribute-release.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey
+#idp.consent.attribute-release.userStorageKeyAttribute = uid
+#idp.consent.terms-of-use.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey
+#idp.consent.terms-of-use.userStorageKeyAttribute = uid
+
+# Suffix of message property used as value of consent storage records when idp.consent.compareValues is true.
+# Defaults to text displayed to the user.
+#idp.consent.terms-of-use.consentValueMessageCodeSuffix = .text
+
+# Flags controlling how built-in attribute consent feature operates
+#idp.consent.allowDoNotRemember = true
+#idp.consent.allowGlobal = true
+#idp.consent.allowPerAttribute = false
+
+# Whether attribute values and terms of use text are compared
+#idp.consent.compareValues = false
+# Maximum number of consent records for space-limited storage (e.g. cookies)
+#idp.consent.maxStoredRecords = 10
+# Maximum number of consent records for larger/server-side storage (0 = no limit)
+#idp.consent.expandedMaxStoredRecords = 0
+
+# Time in milliseconds to expire consent storage records.
+#idp.consent.storageRecordLifetime = P1Y
+
+# Whether to lookup metadata, etc. for every SP involved in a logout
+# for use by user interface logic; adds overhead so off by default.
+#idp.logout.elaboration = false
+
+# Whether to require logout requests/responses be signed/authenticated.
+#idp.logout.authenticated = true
+
+# Bean to determine whether user should be allowed to cancel logout
+#idp.logout.promptUser=shibboleth.Conditions.FALSE
+
+# Message freshness and replay cache tuning
+#idp.policy.messageLifetime = PT3M
+#idp.policy.clockSkew = PT3M
+
+# Set to custom bean for alternate storage of replay cache
+#idp.replayCache.StorageService = shibboleth.StorageService
+#idp.replayCache.strict = true
+
+# Toggles whether to allow outbound messages via SAML artifact
+#idp.artifact.enabled = true
+# Suppresses typical signing/encryption when artifact binding used
+#idp.artifact.secureChannel = true
+# May differ to direct SAML 2 artifact lookups to specific server nodes
+#idp.artifact.endpointIndex = 2
+# Set to custom bean for alternate storage of artifact map state
+#idp.artifact.StorageService = shibboleth.StorageService
+
+# Comma-delimited languages to use if not match can be found with the
+# browser-supported languages, defaults to an empty list.
+idp.ui.fallbackLanguages=en,fr,de
+
+# Storage service used by CAS protocol
+# Defaults to shibboleth.StorageService (in-memory)
+# MUST be server-side storage (e.g. in-memory, memcached, database)
+# NOTE that idp.session.StorageService requires server-side storage
+# when CAS protocol is enabled
+#idp.cas.StorageService=shibboleth.StorageService
+
+# CAS service registry implementation class
+#idp.cas.serviceRegistryClass=net.shibboleth.idp.cas.service.PatternServiceRegistry
+
+# If true, CAS services provisioned with SAML metadata are identified via entityID
+#idp.cas.relyingPartyIdFromMetadata=false
+
+# F-TICKS auditing - set a salt to include hashed username
+#idp.fticks.federation=MyFederation
+#idp.fticks.algorithm=SHA-256
+#idp.fticks.salt=somethingsecret
+#idp.fticks.loghost=localhost
+#idp.fticks.logport=514
+
+# Set false if you want SAML bindings "spelled out" in audit log
+idp.audit.shortenBindings=true
diff --git a/testbed/integration/shibboleth-idp/config/shib-idp/conf/ldap.properties b/testbed/integration/shibboleth-idp/config/shib-idp/conf/ldap.properties
new file mode 100644
index 000000000..2b1774cda
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/config/shib-idp/conf/ldap.properties
@@ -0,0 +1,61 @@
+# LDAP authentication configuration, see authn/ldap-authn-config.xml
+# Note, this doesn't apply to the use of JAAS
+
+## Authenticator strategy, either anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator
+idp.authn.LDAP.authenticator                   = bindSearchAuthenticator
+
+## Connection properties ##
+idp.authn.LDAP.ldapURL=ldaps://directory
+#set below to true if your LDAP server is configured for it
+idp.authn.LDAP.useStartTLS                     = false
+#idp.authn.LDAP.useSSL                          = false
+# Time in milliseconds that connects will block
+#idp.authn.LDAP.connectTimeout                  = PT3S
+# Time in milliseconds to wait for responses
+#idp.authn.LDAP.responseTimeout                 = PT3S
+
+## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust
+idp.authn.LDAP.sslConfig                       = certificateTrust
+## If using certificateTrust above, set to the trusted certificate's path
+idp.authn.LDAP.trustCertificates=%{idp.home}/credentials/ldap-server.crt
+## If using keyStoreTrust above, set to the truststore path
+idp.authn.LDAP.trustStore=%{idp.home}/credentials/ldap-server.truststore
+
+## Return attributes during authentication
+idp.authn.LDAP.returnAttributes=passwordExpirationTime,loginGraceRemaining
+
+## DN resolution properties ##
+
+# Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator
+# for AD: CN=Users,DC=example,DC=org
+idp.authn.LDAP.baseDN=dc=unicon,dc=local
+idp.authn.LDAP.subtreeSearch                   = true
+idp.authn.LDAP.userFilter=(uid={user})
+# bind search configuration
+# for AD: idp.authn.LDAP.bindDN=adminuser@domain.com
+idp.authn.LDAP.bindDN=cn=admin,dc=unicon,dc=local
+
+# Format DN resolution, used by directAuthenticator, adAuthenticator
+# for AD use idp.authn.LDAP.dnFormat=%s@domain.com
+idp.authn.LDAP.dnFormat=uid=%s,dc=unicon,dc=local
+
+# LDAP attribute configuration, see attribute-resolver.xml
+# Note, this likely won't apply to the use of legacy V2 resolver configurations
+idp.attribute.resolver.LDAP.ldapURL=%{idp.authn.LDAP.ldapURL}
+idp.attribute.resolver.LDAP.connectTimeout=%{idp.authn.LDAP.connectTimeout:PT3S}
+idp.attribute.resolver.LDAP.responseTimeout=%{idp.authn.LDAP.responseTimeout:PT3S}
+idp.attribute.resolver.LDAP.baseDN=%{idp.authn.LDAP.baseDN:undefined}
+idp.attribute.resolver.LDAP.bindDN=%{idp.authn.LDAP.bindDN:undefined}
+idp.attribute.resolver.LDAP.useStartTLS=%{idp.authn.LDAP.useStartTLS:true}
+idp.attribute.resolver.LDAP.trustCertificates=%{idp.authn.LDAP.trustCertificates:undefined}
+idp.attribute.resolver.LDAP.searchFilter=(uid=$resolutionContext.principal)
+
+# LDAP pool configuration, used for both authn and DN resolution
+#idp.pool.LDAP.minSize                          = 3
+#idp.pool.LDAP.maxSize                          = 10
+#idp.pool.LDAP.validateOnCheckout               = false
+#idp.pool.LDAP.validatePeriodically             = true
+#idp.pool.LDAP.validatePeriod                   = PT5M
+#idp.pool.LDAP.prunePeriod                      = PT5M
+#idp.pool.LDAP.idleTime                         = PT10M
+#idp.pool.LDAP.blockWaitTime                    = PT3S
diff --git a/testbed/integration/shibboleth-idp/config/shib-idp/conf/ldap.properties.dist b/testbed/integration/shibboleth-idp/config/shib-idp/conf/ldap.properties.dist
new file mode 100644
index 000000000..74d4b77f6
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/config/shib-idp/conf/ldap.properties.dist
@@ -0,0 +1,61 @@
+# LDAP authentication configuration, see authn/ldap-authn-config.xml
+# Note, this doesn't apply to the use of JAAS
+
+## Authenticator strategy, either anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator
+#idp.authn.LDAP.authenticator                   = anonSearchAuthenticator
+
+## Connection properties ##
+idp.authn.LDAP.ldapURL=ldap://localhost:10389
+#set below to true if your LDAP server is configured for it
+idp.authn.LDAP.useStartTLS                     = false
+#idp.authn.LDAP.useSSL                          = false
+# Time in milliseconds that connects will block
+#idp.authn.LDAP.connectTimeout                  = PT3S
+# Time in milliseconds to wait for responses
+#idp.authn.LDAP.responseTimeout                 = PT3S
+
+## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust
+#idp.authn.LDAP.sslConfig                       = certificateTrust
+## If using certificateTrust above, set to the trusted certificate's path
+idp.authn.LDAP.trustCertificates=%{idp.home}/credentials/ldap-server.crt
+## If using keyStoreTrust above, set to the truststore path
+idp.authn.LDAP.trustStore=%{idp.home}/credentials/ldap-server.truststore
+
+## Return attributes during authentication
+idp.authn.LDAP.returnAttributes=passwordExpirationTime,loginGraceRemaining
+
+## DN resolution properties ##
+
+# Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator
+# for AD: CN=Users,DC=example,DC=org
+idp.authn.LDAP.baseDN=ou=people,dc=example,dc=org
+#idp.authn.LDAP.subtreeSearch                   = false
+idp.authn.LDAP.userFilter=(uid={user})
+# bind search configuration
+# for AD: idp.authn.LDAP.bindDN=adminuser@domain.com
+idp.authn.LDAP.bindDN=uid=myservice,ou=system
+
+# Format DN resolution, used by directAuthenticator, adAuthenticator
+# for AD use idp.authn.LDAP.dnFormat=%s@domain.com
+idp.authn.LDAP.dnFormat=uid=%s,ou=people,dc=example,dc=org
+
+# LDAP attribute configuration, see attribute-resolver.xml
+# Note, this likely won't apply to the use of legacy V2 resolver configurations
+idp.attribute.resolver.LDAP.ldapURL=%{idp.authn.LDAP.ldapURL}
+idp.attribute.resolver.LDAP.connectTimeout=%{idp.authn.LDAP.connectTimeout:PT3S}
+idp.attribute.resolver.LDAP.responseTimeout=%{idp.authn.LDAP.responseTimeout:PT3S}
+idp.attribute.resolver.LDAP.baseDN=%{idp.authn.LDAP.baseDN:undefined}
+idp.attribute.resolver.LDAP.bindDN=%{idp.authn.LDAP.bindDN:undefined}
+idp.attribute.resolver.LDAP.useStartTLS=%{idp.authn.LDAP.useStartTLS:true}
+idp.attribute.resolver.LDAP.trustCertificates=%{idp.authn.LDAP.trustCertificates:undefined}
+idp.attribute.resolver.LDAP.searchFilter=(uid=$resolutionContext.principal)
+
+# LDAP pool configuration, used for both authn and DN resolution
+#idp.pool.LDAP.minSize                          = 3
+#idp.pool.LDAP.maxSize                          = 10
+#idp.pool.LDAP.validateOnCheckout               = false
+#idp.pool.LDAP.validatePeriodically             = true
+#idp.pool.LDAP.validatePeriod                   = PT5M
+#idp.pool.LDAP.prunePeriod                      = PT5M
+#idp.pool.LDAP.idleTime                         = PT10M
+#idp.pool.LDAP.blockWaitTime                    = PT3S
diff --git a/testbed/integration/shibboleth-idp/config/shib-idp/conf/metadata-providers.xml b/testbed/integration/shibboleth-idp/config/shib-idp/conf/metadata-providers.xml
new file mode 100644
index 000000000..bbe9759c8
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/config/shib-idp/conf/metadata-providers.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider"
+    xmlns="urn:mace:shibboleth:2.0:metadata"
+    xmlns:security="urn:mace:shibboleth:2.0:security"
+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+    xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"
+    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+    xmlns:ds11="http://www.w3.org/2009/xmldsig11#"
+    xmlns:enc="http://www.w3.org/2001/04/xmlenc#"
+    xmlns:enc11="http://www.w3.org/2009/xmlenc11#"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
+                        urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd
+                        urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd
+                        urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd
+                        urn:oasis:names:tc:SAML:metadata:algsupport http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-algsupport-v1.0.xsd
+                        http://www.w3.org/2000/09/xmldsig# http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd
+                        http://www.w3.org/2009/xmldsig11# http://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/xmldsig11-schema.xsd
+                        http://www.w3.org/2001/04/xmlenc# http://www.w3.org/TR/xmlenc-core/xenc-schema.xsd
+                        http://www.w3.org/2009/xmlenc11# http://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/xenc-schema-11.xsd">
+
+    <!--
+    Below you place the mechanisms which define how to load the metadata for SP(s) you will
+    provide service to.
+    
+    Some simple examples are provided. The documentation provides more details; in most cases,
+    the modern replacement for these older plugins are the "DynamicHTTPMetadataProvider" and
+    "LocalDynamic" variants, which provide dramatic memory savings and more reliable operation.
+     
+    NOTE: You do NOT need to load metadata for this IdP itself within this configuration.
+    -->
+    
+    
+    
+    <!--
+    Example HTTP metadata provider.  Use this if you want to download the metadata
+    from a remote source.
+
+    You *MUST* provide the SignatureValidationFilter in order to function securely.
+    Get the public key certificate from the party publishing the metadata, and validate
+    it with them via some out of band mechanism (e.g., a fingerprint on a secure page).
+
+    The EntityRoleWhiteList saves memory by only loading metadata from SAML roles
+    that the IdP needs to interoperate with.
+    -->
+    
+    <!--
+    <MetadataProvider id="HTTPMetadata"
+                      xsi:type="FileBackedHTTPMetadataProvider"
+                      backingFile="%{idp.home}/metadata/localCopyFromXYZHTTP.xml"
+                      metadataURL="http://WHATEVER"> 
+        
+        <MetadataFilter xsi:type="SignatureValidation" certificateFile="%{idp.home}/credentials/metaroot.pem" />
+        <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P30D"/>
+        <MetadataFilter xsi:type="EntityRoleWhiteList">
+            <RetainedRole>md:SPSSODescriptor</RetainedRole>
+        </MetadataFilter>
+    </MetadataProvider>
+    -->   
+
+    <!--
+    Example file metadata provider.  Use this if you want to load metadata
+    from a local file. You use this if you have some local SPs which are not
+    "federated" but you wish to offer a service to.
+    
+    If you do not provide a SignatureValidation filter, then you have the
+    responsibility to ensure that the contents on disk are trustworthy.
+    -->
+    
+    <!--
+    <MetadataProvider id="LocalMetadata"  xsi:type="FilesystemMetadataProvider" metadataFile="PATH_TO_YOUR_METADATA"/>
+    -->
+
+
+    <!--
+    Example CAS metadata source for managing CAS services using SAML metadata.
+    -->
+
+    <!--
+    <MetadataProvider id="CASMetadata"
+                      xsi:type="FilesystemMetadataProvider"
+                      metadataFile="PATH_TO_YOUR_METADATA"
+                      indexesRef="shibboleth.CASMetadataIndices" />
+    -->
+
+    <MetadataProvider id="local-dynamic" xsi:type="LocalDynamicMetadataProvider" sourceDirectory="%{idp.home}/metadata/dynamic" />
+
+     <!-- InCommon Per-Entity Metadata Distribution Service -->
+     <MetadataProvider id="incommon" xsi:type="DynamicHTTPMetadataProvider"
+                   maxCacheDuration="PT24H" minCacheDuration="PT10M">
+       <!-- Verify the signature on the root element (i.e., the EntityDescriptor element) -->
+       <MetadataFilter xsi:type="SignatureValidation" requireSignedRoot="true"
+                   certificateFile="%{idp.home}/credentials/inc-md-cert-mdq.pem" />
+  
+       <!-- Require a validUntil XML attribute no more than 14 days into the future -->
+       <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P14D" />
+  
+       <!-- The MetadataQueryProtocol element specifies the base URL for the query protocol -->
+       <MetadataQueryProtocol>https://mdq.incommon.org/</MetadataQueryProtocol>
+     </MetadataProvider>
+
+</MetadataProvider>
diff --git a/testbed/integration/shibboleth-idp/config/shib-idp/conf/relying-party.xml b/testbed/integration/shibboleth-idp/config/shib-idp/conf/relying-party.xml
new file mode 100644
index 000000000..5127515ed
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/config/shib-idp/conf/relying-party.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:context="http://www.springframework.org/schema/context"
+       xmlns:util="http://www.springframework.org/schema/util"
+       xmlns:p="http://www.springframework.org/schema/p"
+       xmlns:c="http://www.springframework.org/schema/c"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
+                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
+
+       default-init-method="initialize"
+       default-destroy-method="destroy">
+
+    <!--
+    Unverified RP configuration, defaults to no support for any profiles. Add <ref> elements to the list
+    to enable specific default profile settings (as below), or create new beans inline to override defaults.
+
+    "Unverified" typically means the IdP has no metadata, or equivalent way of assuring the identity and
+    legitimacy of a requesting system. To run an "open" IdP, you can enable profiles here.
+    -->
+    <bean id="shibboleth.UnverifiedRelyingParty" parent="RelyingParty">
+        <property name="profileConfigurations">
+            <list>
+                <!-- <bean parent="SAML2.SSO" p:encryptAssertions="false" /> -->
+            </list>
+        </property>
+    </bean>
+
+    <!--
+    Default configuration, with default settings applied for all profiles, and enables
+    the attribute-release consent flow.
+    -->
+    <bean id="shibboleth.DefaultRelyingParty" parent="RelyingParty">
+        <property name="profileConfigurations">
+            <list>
+                <!-- SAML 1.1 and SAML 2.0 AttributeQuery are disabled by default. -->
+                <!--
+                <bean parent="Shibboleth.SSO" p:postAuthenticationFlows="attribute-release" />
+                <ref bean="SAML1.AttributeQuery" />
+                <ref bean="SAML1.ArtifactResolution" />
+                -->
+                <bean parent="SAML2.SSO" p:postAuthenticationFlows="attribute-release" />
+                <ref bean="SAML2.ECP" />
+                <ref bean="SAML2.Logout" />
+                <!--
+                <ref bean="SAML2.AttributeQuery" />
+                -->
+                <ref bean="SAML2.ArtifactResolution" />
+                <ref bean="Liberty.SSOS" />
+                <ref bean="CAS.LoginConfiguration" />
+                <ref bean="CAS.ProxyConfiguration" />
+                <ref bean="CAS.ValidateConfiguration" />
+            </list>
+        </property>
+    </bean>
+
+    <!-- Container for any overrides you want to add. -->
+
+    <util:list id="shibboleth.RelyingPartyOverrides">
+
+        <!--
+        Override example that identifies a single RP by name and configures it
+        for SAML 2 SSO without encryption. This is a common "vendor" scenario.
+        -->
+        <!--
+        <bean parent="RelyingPartyByName" c:relyingPartyIds="https://sp.example.org">
+            <property name="profileConfigurations">
+                <list>
+                    <bean parent="SAML2.SSO" p:encryptAssertions="false" />
+                </list>
+            </property>
+        </bean>
+        -->
+
+    </util:list>
+
+</beans>
diff --git a/testbed/integration/shibboleth-idp/config/shib-idp/conf/services.xml b/testbed/integration/shibboleth-idp/config/shib-idp/conf/services.xml
new file mode 100644
index 000000000..c38ff2aa3
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/config/shib-idp/conf/services.xml
@@ -0,0 +1,70 @@
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:context="http://www.springframework.org/schema/context"
+       xmlns:util="http://www.springframework.org/schema/util" xmlns:p="http://www.springframework.org/schema/p"
+       xmlns:c="http://www.springframework.org/schema/c" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
+                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
+
+       default-init-method="initialize"
+       default-destroy-method="destroy">
+
+    <!-- By default we look at resources whose names are derived from %{idp.home}. -->
+
+    <!-- This set of resources supports a native Spring relying-party.xml file. -->
+    <util:list id="shibboleth.RelyingPartyResolverResources">
+        <value>%{idp.home}/conf/relying-party.xml</value>
+        <value>%{idp.home}/conf/credentials.xml</value>
+        <value>%{idp.home}/system/conf/relying-party-system.xml</value>
+    </util:list>
+
+    <util:list id="shibboleth.MetadataResolverResources">
+        <value>%{idp.home}/conf/metadata-providers.xml</value>
+        <value>${idp.home}/conf/dynamic/metadata-providers.xml</value>
+        <value>%{idp.home}/system/conf/metadata-providers-system.xml</value>
+    </util:list>
+
+    <util:list id ="shibboleth.AttributeResolverResources">
+        <value>%{idp.home}/conf/attribute-resolver.xml</value>
+    </util:list>
+
+    <!--
+    This is suitable for new installs but will usually produce duplicate Attribute
+    output if a legacy resolver file is used that contains AttributeEncoders.
+    -->
+    <util:list id ="shibboleth.AttributeRegistryResources">
+        <value>%{idp.home}/conf/attribute-registry.xml</value>
+        <value>%{idp.home}/system/conf/attribute-registry-system.xml</value>
+        <value>%{idp.home}/conf/attributes/default-rules.xml</value>
+        <value>%{idp.home}/conf/attribute-resolver.xml</value>
+    </util:list>
+
+    <util:list id ="shibboleth.AttributeFilterResources">
+        <value>%{idp.home}/conf/attribute-filter.xml</value>
+    </util:list>
+
+    <util:list id ="shibboleth.NameIdentifierGenerationResources">
+        <value>%{idp.home}/conf/saml-nameid.xml</value>
+        <value>%{idp.home}/system/conf/saml-nameid-system.xml</value>
+    </util:list>
+
+    <util:list id="shibboleth.AccessControlResources">
+        <value>%{idp.home}/conf/access-control.xml</value>
+        <value>%{idp.home}/system/conf/access-control-system.xml</value>
+    </util:list>
+
+    <util:list id="shibboleth.CASServiceRegistryResources">
+        <value>%{idp.home}/conf/cas-protocol.xml</value>
+    </util:list>
+
+    <!--
+    This collection of resources differs slightly in that it should not include the file extension.
+    Message sources are internationalized, and Spring will search for a compatible language extension
+    and fall back to one with only a .properties extension.
+    -->
+    <util:list id="shibboleth.MessageSourceResources">
+        <value>%{idp.home}/messages/messages</value>
+        <value>%{idp.home}/system/messages/messages</value>
+    </util:list>
+
+</beans>
diff --git a/testbed/integration/shibboleth-idp/config/shib-idp/metadata/idp-metadata.xml b/testbed/integration/shibboleth-idp/config/shib-idp/metadata/idp-metadata.xml
new file mode 100644
index 000000000..d9f0a4019
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/config/shib-idp/metadata/idp-metadata.xml
@@ -0,0 +1,36 @@
+<EntityDescriptor entityID="https://idp.unicon.local/idp/shibboleth" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <Extensions>
+      <shibmd:Scope regexp="false">unicon.local</shibmd:Scope>
+    </Extensions>
+    <KeyDescriptor use="signing">
+      <ds:KeyInfo>
+        <ds:X509Data>
+          <ds:X509Certificate>
+MIIDIDCCAgigAwIBAgIJAN45D3DbemrtMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV
+BAMMEGlkcC51bmljb24ubG9jYWwwHhcNMjAwNTI3MTgxMDE0WhcNMjUwNTI2MTgx
+MDE0WjAbMRkwFwYDVQQDDBBpZHAudW5pY29uLmxvY2FsMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAoDNLPFL/47cSWKbfb89lVz3EsIlb4z8lZbZUNyzF
+m3my5mioe9b6xrS8QF16l1ALb8SEwQzECPKuyRp1LQ5Rj79Ba38TDl+4BezjC7Ui
+f9OwzXIYfcetEFZ85tjufIl3ryVbY2kQ1TRypqk72pF1uDLEnqXrnystRxi4x22f
+wTu+KkTy0tL/5oV2tjJY0vtO3YAsjNpqqI6WqcbjewtJVIrG4OuOF3r9CPCU7hOY
+fc4BtvSQhOgryJM+dF9PmpvALJO8LrMBsNdAO3gz37+mA1F/tD7WYP2XLvrHh+Wd
+c0QJ/f8AzCJm5QV4lA/UH/0tKMQS178ti7+4Jyw38iHkYQIDAQABo2cwZTBEBgNV
+HREEPTA7ghBpZHAudW5pY29uLmxvY2FshidodHRwczovL2lkcC51bmljb24ubG9j
+YWwvaWRwL3NoaWJib2xldGgwHQYDVR0OBBYEFGFkPVcsjWlZDfUk1+SifxhP1l7I
+MA0GCSqGSIb3DQEBCwUAA4IBAQBZUq9P9A9DsypasD6WcHNP/EyP5spKRRu2CTWm
+Y645kOjg7qMIasHVwA5jSPU7ozgPRV6MpdjCJVWYjUpeSCwXx6YAEKFLZ9WXV26i
+e1GFTP1lJqlpnJZqs1RBgvF7q/JxFvxSl8UpjoxNufBANC14T6T3EMQ9EvWLTdCM
+cEuXxkwzpeEkh5MtCoicgQ1yvay2QGQBbfCauPAASd957+S7brRON4R2gPonCf18
+5rzh7Do7kFBc6pqAHCYGTUz7uY11EPktIC6AIlZmXV1J0wBCP6SoiZDFjwZsj6m6
+S1N5qGtWDOT5vZiT1nF+mNd990c8qjVcyQST42VyXCBnJ7DR
+          </ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </KeyDescriptor>
+    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.unicon.local/idp/profile/SAML2/Redirect/SSO"/>
+    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.unicon.local/idp/profile/SAML2/POST/SSO"/>
+    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://idp.unicon.local/idp/profile/SAML2/POST-SimpleSign/SSO"/>
+    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.unicon.local/idp/profile/SAML2/SOAP/ECP"/>
+  </IDPSSODescriptor>
+</EntityDescriptor>
diff --git a/testbed/integration/shibboleth-idp/config/tomcat/catalina.policy b/testbed/integration/shibboleth-idp/config/tomcat/catalina.policy
new file mode 100644
index 000000000..e69de29bb
diff --git a/testbed/integration/shibboleth-idp/config/tomcat/catalina.properties b/testbed/integration/shibboleth-idp/config/tomcat/catalina.properties
new file mode 100644
index 000000000..a22f1dd3a
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/config/tomcat/catalina.properties
@@ -0,0 +1,150 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# List of comma-separated packages that start with or equal this string
+# will cause a security exception to be thrown when
+# passed to checkPackageAccess unless the
+# corresponding RuntimePermission ("accessClassInPackage."+package) has
+# been granted.
+package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,org.apache.tomcat.
+#
+# List of comma-separated packages that start with or equal this string
+# will cause a security exception to be thrown when
+# passed to checkPackageDefinition unless the
+# corresponding RuntimePermission ("defineClassInPackage."+package) has
+# been granted.
+#
+# by default, no packages are restricted for definition, and none of
+# the class loaders supplied with the JDK call checkPackageDefinition.
+#
+package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,\
+org.apache.jasper.,org.apache.naming.,org.apache.tomcat.
+
+#
+#
+# List of comma-separated paths defining the contents of the "common"
+# classloader. Prefixes should be used to define what is the repository type.
+# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute.
+# If left as blank,the JVM system loader will be used as Catalina's "common"
+# loader.
+# Examples:
+#     "foo": Add this folder as a class repository
+#     "foo/*.jar": Add all the JARs of the specified folder as class
+#                  repositories
+#     "foo/bar.jar": Add bar.jar as a class repository
+#
+# Note: Values are enclosed in double quotes ("...") in case either the
+#       ${catalina.base} path or the ${catalina.home} path contains a comma.
+#       Because double quotes are used for quoting, the double quote character
+#       may not appear in a path.
+common.loader="${catalina.base}/lib","${catalina.base}/lib/*.jar","${catalina.home}/lib","${catalina.home}/lib/*.jar"
+
+#
+# List of comma-separated paths defining the contents of the "server"
+# classloader. Prefixes should be used to define what is the repository type.
+# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute.
+# If left as blank, the "common" loader will be used as Catalina's "server"
+# loader.
+# Examples:
+#     "foo": Add this folder as a class repository
+#     "foo/*.jar": Add all the JARs of the specified folder as class
+#                  repositories
+#     "foo/bar.jar": Add bar.jar as a class repository
+#
+# Note: Values may be enclosed in double quotes ("...") in case either the
+#       ${catalina.base} path or the ${catalina.home} path contains a comma.
+#       Because double quotes are used for quoting, the double quote character
+#       may not appear in a path.
+server.loader=
+
+#
+# List of comma-separated paths defining the contents of the "shared"
+# classloader. Prefixes should be used to define what is the repository type.
+# Path may be relative to the CATALINA_BASE path or absolute. If left as blank,
+# the "common" loader will be used as Catalina's "shared" loader.
+# Examples:
+#     "foo": Add this folder as a class repository
+#     "foo/*.jar": Add all the JARs of the specified folder as class
+#                  repositories
+#     "foo/bar.jar": Add bar.jar as a class repository
+# Please note that for single jars, e.g. bar.jar, you need the URL form
+# starting with file:.
+#
+# Note: Values may be enclosed in double quotes ("...") in case either the
+#       ${catalina.base} path or the ${catalina.home} path contains a comma.
+#       Because double quotes are used for quoting, the double quote character
+#       may not appear in a path.
+shared.loader=
+
+# Default list of JAR files that should not be scanned using the JarScanner
+# functionality. This is typically used to scan JARs for configuration
+# information. JARs that do not contain such information may be excluded from
+# the scan to speed up the scanning process. This is the default list. JARs on
+# this list are excluded from all scans. The list must be a comma separated list
+# of JAR file names.
+# The list of JARs to skip may be over-ridden at a Context level for individual
+# scan types by configuring a JarScanner with a nested JarScanFilter.
+# The JARs listed below include:
+# - Tomcat Bootstrap JARs
+# - Tomcat API JARs
+# - Catalina JARs
+# - Jasper JARs
+# - Tomcat JARs
+# - Common non-Tomcat JARs
+# - Test JARs (JUnit, Cobertura and dependencies)
+tomcat.util.scan.StandardJarScanFilter.jarsToSkip=\
+bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\
+annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,websocket-api.jar,\
+catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-storeconfig.jar,\
+catalina-tribes.jar,\
+jasper.jar,jasper-el.jar,ecj-*.jar,\
+tomcat-api.jar,tomcat-util.jar,tomcat-util-scan.jar,tomcat-coyote.jar,\
+tomcat-dbcp.jar,tomcat-jni.jar,tomcat-websocket.jar,\
+tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,\
+tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,\
+tomcat-jdbc.jar,\
+tools.jar,\
+commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,\
+commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,\
+commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,\
+commons-math*.jar,commons-pool*.jar,\
+jstl.jar,taglibs-standard-spec-*.jar,\
+geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\
+ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\
+jmx-tools.jar,jta*.jar,log4j*.jar,mail*.jar,slf4j*.jar,\
+xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\
+junit.jar,junit-*.jar,ant-launcher.jar,\
+cobertura-*.jar,asm-*.jar,dom4j-*.jar,icu4j-*.jar,jaxen-*.jar,jdom-*.jar,\
+jetty-*.jar,oro-*.jar,servlet-api-*.jar,tagsoup-*.jar,xmlParserAPIs-*.jar,\
+xom-*.jar
+
+# Default list of JAR files that should be scanned that overrides the default
+# jarsToSkip list above. This is typically used to include a specific JAR that
+# has been excluded by a broad file name pattern in the jarsToSkip list.
+# The list of JARs to scan may be over-ridden at a Context level for individual
+# scan types by configuring a JarScanner with a nested JarScanFilter.
+tomcat.util.scan.StandardJarScanFilter.jarsToScan=\
+log4j-web*.jar,log4j-taglib*.jar,log4javascript*.jar,slf4j-taglib*.jar
+
+# String cache configuration.
+tomcat.util.buf.StringCache.byte.enabled=true
+#tomcat.util.buf.StringCache.char.enabled=true
+#tomcat.util.buf.StringCache.trainThreshold=500000
+#tomcat.util.buf.StringCache.cacheSize=5000
+
+# Allow for changes to HTTP request validation
+# WARNING: Using this option will expose the server to CVE-2016-6816
+#tomcat.util.http.parser.HttpParser.requestTargetAllow=|
diff --git a/testbed/integration/shibboleth-idp/config/tomcat/context.xml b/testbed/integration/shibboleth-idp/config/tomcat/context.xml
new file mode 100644
index 000000000..98727cb7b
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/config/tomcat/context.xml
@@ -0,0 +1,36 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- The contents of this file will be loaded for each web application -->
+<Context>
+
+    <!-- Default set of monitored resources. If one of these changes, the    -->
+    <!-- web application will be reloaded.                                   -->
+    <WatchedResource>WEB-INF/web.xml</WatchedResource>
+    <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
+
+    <!-- Uncomment this to disable session persistence across Tomcat restarts -->
+    <!--
+    <Manager pathname="" />
+    -->
+
+    <!-- Uncomment this to enable Comet connection tacking (provides events
+         on session expiration as well as webapp lifecycle) -->
+    <!--
+    <Valve className="org.apache.catalina.valves.CometConnectionManagerValve" />
+    -->
+</Context>
diff --git a/testbed/integration/shibboleth-idp/config/tomcat/logging.properties b/testbed/integration/shibboleth-idp/config/tomcat/logging.properties
new file mode 100644
index 000000000..cb5ed6611
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/config/tomcat/logging.properties
@@ -0,0 +1,64 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.juli.AsyncFileHandler, 3manager.org.apache.juli.AsyncFileHandler, 4host-manager.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler
+
+.handlers = 1catalina.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler
+
+############################################################
+# Handler specific properties.
+# Describes specific configuration info for Handlers.
+############################################################
+
+1catalina.org.apache.juli.AsyncFileHandler.level = FINE
+1catalina.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
+1catalina.org.apache.juli.AsyncFileHandler.prefix = catalina.
+
+2localhost.org.apache.juli.AsyncFileHandler.level = FINE
+2localhost.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
+2localhost.org.apache.juli.AsyncFileHandler.prefix = localhost.
+
+3manager.org.apache.juli.AsyncFileHandler.level = FINE
+3manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
+3manager.org.apache.juli.AsyncFileHandler.prefix = manager.
+
+4host-manager.org.apache.juli.AsyncFileHandler.level = FINE
+4host-manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
+4host-manager.org.apache.juli.AsyncFileHandler.prefix = host-manager.
+
+java.util.logging.ConsoleHandler.level = FINE
+java.util.logging.ConsoleHandler.formatter = org.apache.juli.OneLineFormatter
+
+
+############################################################
+# Facility specific properties.
+# Provides extra control for each logger.
+############################################################
+
+org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO
+org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.AsyncFileHandler
+
+org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = INFO
+org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = 3manager.org.apache.juli.AsyncFileHandler
+
+org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO
+org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = 4host-manager.org.apache.juli.AsyncFileHandler
+
+# For example, set the org.apache.catalina.util.LifecycleBase logger to log
+# each component that extends LifecycleBase changing state:
+#org.apache.catalina.util.LifecycleBase.level = FINE
+
+# To see debug messages in TldLocationsCache, uncomment the following line:
+#org.apache.jasper.compiler.TldLocationsCache.level = FINE
diff --git a/testbed/integration/shibboleth-idp/config/tomcat/server.xml b/testbed/integration/shibboleth-idp/config/tomcat/server.xml
new file mode 100644
index 000000000..f4b875bca
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/config/tomcat/server.xml
@@ -0,0 +1,22 @@
+<?xml version='1.0' encoding='utf-8'?>
+<Server port="8005" shutdown="SHUTDOWN">
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+
+  <Service name="Catalina">
+      <Connector port="8080" protocol="HTTP/1.1"
+                 connectionTimeout="20000"
+                 redirectPort="8443" scheme="https" secure="true" />
+    <Engine name="Catalina" defaultHost="localhost">
+
+      <Host name="localhost"  appBase="webapps"
+            unpackWARs="true" autoDeploy="true">
+
+        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+               prefix="localhost_access_log." suffix=".txt"
+               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
+
+      </Host>
+    </Engine>
+  </Service>
+</Server>
diff --git a/testbed/integration/shibboleth-idp/config/tomcat/tomcat-users.xml b/testbed/integration/shibboleth-idp/config/tomcat/tomcat-users.xml
new file mode 100644
index 000000000..fcac27d05
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/config/tomcat/tomcat-users.xml
@@ -0,0 +1,44 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<tomcat-users xmlns="http://tomcat.apache.org/xml"
+              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
+              version="1.0">
+<!--
+  NOTE:  By default, no user is included in the "manager-gui" role required
+  to operate the "/manager/html" web application.  If you wish to use this app,
+  you must define such a user - the username and password are arbitrary. It is
+  strongly recommended that you do NOT use one of the users in the commented out
+  section below since they are intended for use with the examples web
+  application.
+-->
+<!--
+  NOTE:  The sample user and role entries below are intended for use with the
+  examples web application. They are wrapped in a comment and thus are ignored
+  when reading this file. If you wish to configure these users for use with the
+  examples web application, do not forget to remove the <!.. ..> that surrounds
+  them. You will also need to set the passwords to something appropriate.
+-->
+<!--
+  <role rolename="tomcat"/>
+  <role rolename="role1"/>
+  <user username="tomcat" password="<must-be-changed>" roles="tomcat"/>
+  <user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
+  <user username="role1" password="<must-be-changed>" roles="role1"/>
+-->
+</tomcat-users>
diff --git a/testbed/integration/shibboleth-idp/config/tomcat/tomcat-users.xsd b/testbed/integration/shibboleth-idp/config/tomcat/tomcat-users.xsd
new file mode 100644
index 000000000..44e17d0b5
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/config/tomcat/tomcat-users.xsd
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<xs:schema xmlns="http://www.w3.org/2001/XMLSchema"
+           targetNamespace="http://tomcat.apache.org/xml"
+           xmlns:users="http://tomcat.apache.org/xml"
+           xmlns:xs="http://www.w3.org/2001/XMLSchema"
+           elementFormDefault="qualified"
+           attributeFormDefault="unqualified"
+           version="1.0">
+  <xs:element name="tomcat-users">
+    <xs:complexType>
+      <xs:sequence>
+        <xs:element name="role" minOccurs="0" maxOccurs="unbounded">
+          <xs:complexType>
+            <xs:attribute name="rolename" use="required" type="users:entityname" />
+            <xs:attribute name="description" type="xs:string" />
+          </xs:complexType>
+        </xs:element>
+        <xs:element name="group" minOccurs="0" maxOccurs="unbounded">
+          <xs:complexType>
+            <xs:attribute name="groupname" use="required" type="users:entityname" />
+            <xs:attribute name="description" type="xs:string" />
+            <xs:attribute name="roles" type="xs:string" />
+          </xs:complexType>
+        </xs:element>
+        <xs:element name="user" minOccurs="0" maxOccurs="unbounded">
+          <xs:complexType>
+            <xs:attribute name="username" use="required" type="users:entityname" />
+            <xs:attribute name="fullname" type="xs:string" />
+            <xs:attribute name="password" type="xs:string" />
+            <xs:attribute name="roles" type="xs:string" />
+            <xs:attribute name="groups" type="xs:string" />
+          </xs:complexType>
+        </xs:element>
+      </xs:sequence>
+      <xs:attribute name="version" type="xs:string" />
+    </xs:complexType>
+  </xs:element>
+  <xs:simpleType name="entityname">
+    <xs:restriction base="xs:string">
+      <xs:minLength value="1"/>
+    </xs:restriction>
+  </xs:simpleType>
+</xs:schema>
diff --git a/testbed/integration/shibboleth-idp/config/tomcat/web.xml b/testbed/integration/shibboleth-idp/config/tomcat/web.xml
new file mode 100644
index 000000000..cf08cfe40
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/config/tomcat/web.xml
@@ -0,0 +1,4684 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
+                      http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
+  version="3.1">
+
+  <!-- ======================== Introduction ============================== -->
+  <!-- This document defines default values for *all* web applications      -->
+  <!-- loaded into this instance of Tomcat.  As each application is         -->
+  <!-- deployed, this file is processed, followed by the                    -->
+  <!-- "/WEB-INF/web.xml" deployment descriptor from your own               -->
+  <!-- applications.                                                        -->
+  <!--                                                                      -->
+  <!-- WARNING:  Do not configure application-specific resources here!      -->
+  <!-- They should go in the "/WEB-INF/web.xml" file in your application.   -->
+
+
+  <!-- ================== Built In Servlet Definitions ==================== -->
+
+
+  <!-- The default servlet for all web applications, that serves static     -->
+  <!-- resources.  It processes all requests that are not mapped to other   -->
+  <!-- servlets with servlet mappings (defined either here or in your own   -->
+  <!-- web.xml file).  This servlet supports the following initialization   -->
+  <!-- parameters (default values are in square brackets):                  -->
+  <!--                                                                      -->
+  <!--   debug               Debugging detail level for messages logged     -->
+  <!--                       by this servlet. Useful values are 0, 1, and   -->
+  <!--                       11 where higher values mean more detail. [0]   -->
+  <!--                                                                      -->
+  <!--   fileEncoding        Encoding to be used to read static resources   -->
+  <!--                       [platform default]                             -->
+  <!--                                                                      -->
+  <!--   input               Input buffer size (in bytes) when reading      -->
+  <!--                       resources to be served.  [2048]                -->
+  <!--                                                                      -->
+  <!--   listings            Should directory listings be produced if there -->
+  <!--                       is no welcome file in this directory?  [false] -->
+  <!--                       WARNING: Listings for directories with many    -->
+  <!--                       entries can be slow and may consume            -->
+  <!--                       significant proportions of server resources.   -->
+  <!--                                                                      -->
+  <!--   output              Output buffer size (in bytes) when writing     -->
+  <!--                       resources to be served.  [2048]                -->
+  <!--                                                                      -->
+  <!--   readonly            Is this context "read only", so HTTP           -->
+  <!--                       commands like PUT and DELETE are               -->
+  <!--                       rejected?  [true]                              -->
+  <!--                                                                      -->
+  <!--   readmeFile          File to display together with the directory    -->
+  <!--                       contents. [null]                               -->
+  <!--                                                                      -->
+  <!--   sendfileSize        If the connector used supports sendfile, this  -->
+  <!--                       represents the minimal file size in KB for     -->
+  <!--                       which sendfile will be used. Use a negative    -->
+  <!--                       value to always disable sendfile.  [48]        -->
+  <!--                                                                      -->
+  <!--   useAcceptRanges     Should the Accept-Ranges header be included    -->
+  <!--                       in responses where appropriate? [true]         -->
+  <!--                                                                      -->
+  <!--  For directory listing customization. Checks localXsltFile, then     -->
+  <!--  globalXsltFile, then defaults to original behavior.                 -->
+  <!--                                                                      -->
+  <!--   localXsltFile       Make directory listings an XML doc and         -->
+  <!--                       pass the result to this style sheet residing   -->
+  <!--                       in that directory. This overrides              -->
+  <!--                       contextXsltFile and globalXsltFile[null]       -->
+  <!--                                                                      -->
+  <!--   contextXsltFile     Make directory listings an XML doc and         -->
+  <!--                       pass the result to this style sheet which is   -->
+  <!--                       relative to the context root. This overrides   -->
+  <!--                       globalXsltFile[null]                           -->
+  <!--                                                                      -->
+  <!--   globalXsltFile      Site wide configuration version of             -->
+  <!--                       localXsltFile. This argument must either be an -->
+  <!--                       absolute or relative (to either                -->
+  <!--                       $CATALINA_BASE/conf or $CATALINA_HOME/conf)    -->
+  <!--                       path that points to a location below either    -->
+  <!--                       $CATALINA_BASE/conf (checked first) or         -->
+  <!--                       $CATALINA_HOME/conf (checked second).[null]    -->
+  <!--                                                                      -->
+  <!--   showServerInfo      Should server information be presented in the  -->
+  <!--                       response sent to clients when directory        -->
+  <!--                       listings is enabled? [true]                    -->
+
+    <servlet>
+        <servlet-name>default</servlet-name>
+        <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
+        <init-param>
+            <param-name>debug</param-name>
+            <param-value>0</param-value>
+        </init-param>
+        <init-param>
+            <param-name>listings</param-name>
+            <param-value>false</param-value>
+        </init-param>
+        <load-on-startup>1</load-on-startup>
+    </servlet>
+
+
+  <!-- The JSP page compiler and execution servlet, which is the mechanism  -->
+  <!-- used by Tomcat to support JSP pages.  Traditionally, this servlet    -->
+  <!-- is mapped to the URL pattern "*.jsp".  This servlet supports the     -->
+  <!-- following initialization parameters (default values are in square    -->
+  <!-- brackets):                                                           -->
+  <!--                                                                      -->
+  <!--   checkInterval       If development is false and checkInterval is   -->
+  <!--                       greater than zero, background compilations are -->
+  <!--                       enabled. checkInterval is the time in seconds  -->
+  <!--                       between checks to see if a JSP page (and its   -->
+  <!--                       dependent files) needs to  be recompiled. [0]  -->
+  <!--                                                                      -->
+  <!--   classdebuginfo      Should the class file be compiled with         -->
+  <!--                       debugging information?  [true]                 -->
+  <!--                                                                      -->
+  <!--   classpath           What class path should I use while compiling   -->
+  <!--                       generated servlets?  [Created dynamically      -->
+  <!--                       based on the current web application]          -->
+  <!--                                                                      -->
+  <!--   compiler            Which compiler Ant should use to compile JSP   -->
+  <!--                       pages.  See the jasper documentation for more  -->
+  <!--                       information.                                   -->
+  <!--                                                                      -->
+  <!--   compilerSourceVM    Compiler source VM. [1.7]                      -->
+  <!--                                                                      -->
+  <!--   compilerTargetVM    Compiler target VM. [1.7]                      -->
+  <!--                                                                      -->
+  <!--   development         Is Jasper used in development mode? If true,   -->
+  <!--                       the frequency at which JSPs are checked for    -->
+  <!--                       modification may be specified via the          -->
+  <!--                       modificationTestInterval parameter. [true]     -->
+  <!--                                                                      -->
+  <!--   displaySourceFragment                                              -->
+  <!--                       Should a source fragment be included in        -->
+  <!--                       exception messages? [true]                     -->
+  <!--                                                                      -->
+  <!--   dumpSmap            Should the SMAP info for JSR45 debugging be    -->
+  <!--                       dumped to a file? [false]                      -->
+  <!--                       False if suppressSmap is true                  -->
+  <!--                                                                      -->
+  <!--   enablePooling       Determines whether tag handler pooling is      -->
+  <!--                       enabled. This is a compilation option. It will -->
+  <!--                       not alter the behaviour of JSPs that have      -->
+  <!--                       already been compiled. [true]                  -->
+  <!--                                                                      -->
+  <!--   engineOptionsClass  Allows specifying the Options class used to    -->
+  <!--                       configure Jasper. If not present, the default  -->
+  <!--                       EmbeddedServletOptions will be used.           -->
+  <!--                       This option is ignored when running under a    -->
+  <!--                       SecurityManager.                               -->
+  <!--                                                                      -->
+  <!--   errorOnUseBeanInvalidClassAttribute                                -->
+  <!--                       Should Jasper issue an error when the value of -->
+  <!--                       the class attribute in an useBean action is    -->
+  <!--                       not a valid bean class?  [true]                -->
+  <!--                                                                      -->
+  <!--   fork                Tell Ant to fork compiles of JSP pages so that -->
+  <!--                       a separate JVM is used for JSP page compiles   -->
+  <!--                       from the one Tomcat is running in. [true]      -->
+  <!--                                                                      -->
+  <!--   genStringAsCharArray                                               -->
+  <!--                       Should text strings be generated as char       -->
+  <!--                       arrays, to improve performance in some cases?  -->
+  <!--                       [false]                                        -->
+  <!--                                                                      -->
+  <!--   ieClassId           The class-id value to be sent to Internet      -->
+  <!--                       Explorer when using <jsp:plugin> tags.         -->
+  <!--                       [clsid:8AD9C840-044E-11D1-B3E9-00805F499D93]   -->
+  <!--                                                                      -->
+  <!--   javaEncoding        Java file encoding to use for generating java  -->
+  <!--                       source files. [UTF8]                           -->
+  <!--                                                                      -->
+  <!--   keepgenerated       Should we keep the generated Java source code  -->
+  <!--                       for each page instead of deleting it? [true]   -->
+  <!--                                                                      -->
+  <!--   mappedfile          Should we generate static content with one     -->
+  <!--                       print statement per input line, to ease        -->
+  <!--                       debugging?  [true]                             -->
+  <!--                                                                      -->
+  <!--   maxLoadedJsps       The maximum number of JSPs that will be loaded -->
+  <!--                       for a web application. If more than this       -->
+  <!--                       number of JSPs are loaded, the least recently  -->
+  <!--                       used JSPs will be unloaded so that the number  -->
+  <!--                       of JSPs loaded at any one time does not exceed -->
+  <!--                       this limit. A value of zero or less indicates  -->
+  <!--                       no limit. [-1]                                 -->
+  <!--                                                                      -->
+  <!--   jspIdleTimeout      The amount of time in seconds a JSP can be     -->
+  <!--                       idle before it is unloaded. A value of zero    -->
+  <!--                       or less indicates never unload. [-1]           -->
+  <!--                                                                      -->
+  <!--   modificationTestInterval                                           -->
+  <!--                       Causes a JSP (and its dependent files) to not  -->
+  <!--                       be checked for modification during the         -->
+  <!--                       specified time interval (in seconds) from the  -->
+  <!--                       last time the JSP was checked for              -->
+  <!--                       modification. A value of 0 will cause the JSP  -->
+  <!--                       to be checked on every access.                 -->
+  <!--                       Used in development mode only. [4]             -->
+  <!--                                                                      -->
+  <!--   recompileOnFail     If a JSP compilation fails should the          -->
+  <!--                       modificationTestInterval be ignored and the    -->
+  <!--                       next access trigger a re-compilation attempt?  -->
+  <!--                       Used in development mode only and is disabled  -->
+  <!--                       by default as compilation may be expensive and -->
+  <!--                       could lead to excessive resource usage.        -->
+  <!--                       [false]                                        -->
+  <!--                                                                      -->
+  <!--   scratchdir          What scratch directory should we use when      -->
+  <!--                       compiling JSP pages?  [default work directory  -->
+  <!--                       for the current web application]               -->
+  <!--                       This option is ignored when running under a    -->
+  <!--                       SecurityManager.                               -->
+  <!--                                                                      -->
+  <!--   suppressSmap        Should the generation of SMAP info for JSR45   -->
+  <!--                       debugging be suppressed?  [false]              -->
+  <!--                                                                      -->
+  <!--   trimSpaces          Should white spaces in template text between   -->
+  <!--                       actions or directives be trimmed?  [false]     -->
+  <!--                                                                      -->
+  <!--   xpoweredBy          Determines whether X-Powered-By response       -->
+  <!--                       header is added by generated servlet.  [false] -->
+  <!--                                                                      -->
+  <!--   strictQuoteEscaping When scriptlet expressions are used for        -->
+  <!--                       attribute values, should the rules in JSP.1.6  -->
+  <!--                       for the escaping of quote characters be        -->
+  <!--                       strictly applied? [true]                       -->
+  <!--                       The default can be changed with the            -->
+  <!--                       org.apache.jasper.compiler.Parser.             -->
+  <!--                       STRICT_QUOTE_ESCAPING system property.         -->
+  <!--                                                                      -->
+  <!--   quoteAttributeEL    When EL is used in an attribute value on a     -->
+  <!--                       JSP page should the rules for quoting of       -->
+  <!--                       attributes described in JSP.1.6 be applied to  -->
+  <!--                       the expression? [true]                         -->
+
+    <servlet>
+        <servlet-name>jsp</servlet-name>
+        <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
+        <init-param>
+            <param-name>fork</param-name>
+            <param-value>false</param-value>
+        </init-param>
+        <init-param>
+            <param-name>xpoweredBy</param-name>
+            <param-value>false</param-value>
+        </init-param>
+        <load-on-startup>3</load-on-startup>
+    </servlet>
+
+
+  <!-- NOTE: An SSI Filter is also available as an alternative SSI          -->
+  <!-- implementation. Use either the Servlet or the Filter but NOT both.   -->
+  <!--                                                                      -->
+  <!-- Server Side Includes processing servlet, which processes SSI         -->
+  <!-- directives in HTML pages consistent with similar support in web      -->
+  <!-- servers like Apache.  Traditionally, this servlet is mapped to the   -->
+  <!-- URL pattern "*.shtml".  This servlet supports the following          -->
+  <!-- initialization parameters (default values are in square brackets):   -->
+  <!--                                                                      -->
+  <!--   buffered            Should output from this servlet be buffered?   -->
+  <!--                       (0=false, 1=true)  [0]                         -->
+  <!--                                                                      -->
+  <!--   debug               Debugging detail level for messages logged     -->
+  <!--                       by this servlet.  [0]                          -->
+  <!--                                                                      -->
+  <!--   expires             The number of seconds before a page with SSI   -->
+  <!--                       directives will expire.  [No default]          -->
+  <!--                                                                      -->
+  <!--   isVirtualWebappRelative                                            -->
+  <!--                       Should "virtual" paths be interpreted as       -->
+  <!--                       relative to the context root, instead of       -->
+  <!--                       the server root? [false]                       -->
+  <!--                                                                      -->
+  <!--   inputEncoding       The encoding to assume for SSI resources if    -->
+  <!--                       one is not available from the resource.        -->
+  <!--                       [Platform default]                             -->
+  <!--                                                                      -->
+  <!--   outputEncoding      The encoding to use for the page that results  -->
+  <!--                       from the SSI processing. [UTF-8]               -->
+  <!--                                                                      -->
+  <!--   allowExec           Is use of the exec command enabled? [false]    -->
+
+<!--
+    <servlet>
+        <servlet-name>ssi</servlet-name>
+        <servlet-class>
+          org.apache.catalina.ssi.SSIServlet
+        </servlet-class>
+        <init-param>
+          <param-name>buffered</param-name>
+          <param-value>1</param-value>
+        </init-param>
+        <init-param>
+          <param-name>debug</param-name>
+          <param-value>0</param-value>
+        </init-param>
+        <init-param>
+          <param-name>expires</param-name>
+          <param-value>666</param-value>
+        </init-param>
+        <init-param>
+          <param-name>isVirtualWebappRelative</param-name>
+          <param-value>false</param-value>
+        </init-param>
+        <load-on-startup>4</load-on-startup>
+    </servlet>
+-->
+
+
+  <!-- Common Gateway Includes (CGI) processing servlet, which supports     -->
+  <!-- execution of external applications that conform to the CGI spec      -->
+  <!-- requirements.  Typically, this servlet is mapped to the URL pattern  -->
+  <!-- "/cgi-bin/*", which means that any CGI applications that are         -->
+  <!-- executed must be present within the web application.  This servlet   -->
+  <!-- supports the following initialization parameters (default values     -->
+  <!-- are in square brackets):                                             -->
+  <!--                                                                      -->
+  <!--   cgiPathPrefix        The CGI search path will start at             -->
+  <!--                        webAppRootDir + File.separator + this prefix. -->
+  <!--                        If not set, then webAppRootDir is used.       -->
+  <!--                        Recommended value: WEB-INF/cgi                -->
+  <!--                                                                      -->
+  <!--   executable           Name of the executable used to run the        -->
+  <!--                        script. [perl]                                -->
+  <!--                                                                      -->
+  <!--   envHttpHeaders       A regular expression used to select the HTTP  -->
+  <!--                        headers passed to the CGI process as          -->
+  <!--                        environment variables. Note that headers are  -->
+  <!--                        converted to upper case before matching and   -->
+  <!--                        that the entire header name must match the    -->
+  <!--                        pattern.                                      -->
+  <!--                        [ACCEPT[-0-9A-Z]*|CACHE-CONTROL|COOKIE|HOST|  -->
+  <!--                         IF-[-0-9A-Z]*|REFERER|USER-AGENT]            -->
+  <!--                                                                      -->
+  <!--   parameterEncoding    Name of parameter encoding to be used with    -->
+  <!--                        CGI servlet.                                  -->
+  <!--                        [System.getProperty("file.encoding","UTF-8")] -->
+  <!--                                                                      -->
+  <!--   passShellEnvironment Should the shell environment variables (if    -->
+  <!--                        any) be passed to the CGI script? [false]     -->
+  <!--                                                                      -->
+  <!--   stderrTimeout        The time (in milliseconds) to wait for the    -->
+  <!--                        reading of stderr to complete before          -->
+  <!--                        terminating the CGI process. [2000]           -->
+
+<!--
+    <servlet>
+        <servlet-name>cgi</servlet-name>
+        <servlet-class>org.apache.catalina.servlets.CGIServlet</servlet-class>
+        <init-param>
+          <param-name>cgiPathPrefix</param-name>
+          <param-value>WEB-INF/cgi</param-value>
+        </init-param>
+        <load-on-startup>5</load-on-startup>
+    </servlet>
+-->
+
+
+  <!-- ================ Built In Servlet Mappings ========================= -->
+
+
+  <!-- The servlet mappings for the built in servlets defined above.  Note  -->
+  <!-- that, by default, the CGI and SSI servlets are *not* mapped.  You    -->
+  <!-- must uncomment these mappings (or add them to your application's own -->
+  <!-- web.xml deployment descriptor) to enable these services              -->
+
+    <!-- The mapping for the default servlet -->
+    <servlet-mapping>
+        <servlet-name>default</servlet-name>
+        <url-pattern>/</url-pattern>
+    </servlet-mapping>
+
+    <!-- The mappings for the JSP servlet -->
+    <servlet-mapping>
+        <servlet-name>jsp</servlet-name>
+        <url-pattern>*.jsp</url-pattern>
+        <url-pattern>*.jspx</url-pattern>
+    </servlet-mapping>
+
+    <!-- The mapping for the SSI servlet -->
+<!--
+    <servlet-mapping>
+        <servlet-name>ssi</servlet-name>
+        <url-pattern>*.shtml</url-pattern>
+    </servlet-mapping>
+-->
+
+    <!-- The mapping for the CGI Gateway servlet -->
+
+<!--
+    <servlet-mapping>
+        <servlet-name>cgi</servlet-name>
+        <url-pattern>/cgi-bin/*</url-pattern>
+    </servlet-mapping>
+-->
+
+
+  <!-- ================== Built In Filter Definitions ===================== -->
+
+  <!-- A filter that sets various security related HTTP Response headers.   -->
+  <!-- This filter supports the following initialization parameters         -->
+  <!-- (default values are in square brackets):                             -->
+  <!--                                                                      -->
+  <!--   hstsEnabled         Should the HTTP Strict Transport Security      -->
+  <!--                       (HSTS) header be added to the response? See    -->
+  <!--                       RFC 6797 for more information on HSTS. [true]  -->
+  <!--                                                                      -->
+  <!--   hstsMaxAgeSeconds   The max age value that should be used in the   -->
+  <!--                       HSTS header. Negative values will be treated   -->
+  <!--                       as zero. [0]                                   -->
+  <!--                                                                      -->
+  <!--   hstsIncludeSubDomains                                              -->
+  <!--                       Should the includeSubDomains parameter be      -->
+  <!--                       included in the HSTS header.                   -->
+  <!--                                                                      -->
+  <!--   antiClickJackingEnabled                                            -->
+  <!--                       Should the anti click-jacking header           -->
+  <!--                       X-Frame-Options be added to every response?    -->
+  <!--                       [true]                                         -->
+  <!--                                                                      -->
+  <!--   antiClickJackingOption                                             -->
+  <!--                       What value should be used for the header. Must -->
+  <!--                       be one of DENY, SAMEORIGIN, ALLOW-FROM         -->
+  <!--                       (case-insensitive). [DENY]                     -->
+  <!--                                                                      -->
+  <!--   antiClickJackingUri IF ALLOW-FROM is used, what URI should be      -->
+  <!--                       allowed? []                                    -->
+  <!--                                                                      -->
+  <!--   blockContentTypeSniffingEnabled                                    -->
+  <!--                       Should the header that blocks content type     -->
+  <!--                       sniffing be added to every response? [true]    -->
+<!--
+    <filter>
+        <filter-name>httpHeaderSecurity</filter-name>
+        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
+        <async-supported>true</async-supported>
+    </filter>
+-->
+
+  <!-- A filter that sets character encoding that is used to decode -->
+  <!-- parameters in a POST request -->
+<!--
+    <filter>
+        <filter-name>setCharacterEncodingFilter</filter-name>
+        <filter-class>org.apache.catalina.filters.SetCharacterEncodingFilter</filter-class>
+        <init-param>
+            <param-name>encoding</param-name>
+            <param-value>UTF-8</param-value>
+        </init-param>
+        <async-supported>true</async-supported>
+    </filter>
+-->
+
+  <!-- A filter that triggers request parameters parsing and rejects the    -->
+  <!-- request if some parameters were skipped because of parsing errors or -->
+  <!-- request size limitations.                                            -->
+<!--
+    <filter>
+        <filter-name>failedRequestFilter</filter-name>
+        <filter-class>
+          org.apache.catalina.filters.FailedRequestFilter
+        </filter-class>
+        <async-supported>true</async-supported>
+    </filter>
+-->
+
+
+  <!-- NOTE: An SSI Servlet is also available as an alternative SSI         -->
+  <!-- implementation. Use either the Servlet or the Filter but NOT both.   -->
+  <!--                                                                      -->
+  <!-- Server Side Includes processing filter, which processes SSI          -->
+  <!-- directives in HTML pages consistent with similar support in web      -->
+  <!-- servers like Apache.  Traditionally, this filter is mapped to the    -->
+  <!-- URL pattern "*.shtml", though it can be mapped to "*" as it will     -->
+  <!-- selectively enable/disable SSI processing based on mime types. For   -->
+  <!-- this to work you will need to uncomment the .shtml mime type         -->
+  <!-- definition towards the bottom of this file.                          -->
+  <!-- The contentType init param allows you to apply SSI processing to JSP -->
+  <!-- pages, javascript, or any other content you wish.  This filter       -->
+  <!-- supports the following initialization parameters (default values are -->
+  <!-- in square brackets):                                                 -->
+  <!--                                                                      -->
+  <!--   contentType         A regex pattern that must be matched before    -->
+  <!--                       SSI processing is applied.                     -->
+  <!--                       [text/x-server-parsed-html(;.*)?]              -->
+  <!--                                                                      -->
+  <!--   debug               Debugging detail level for messages logged     -->
+  <!--                       by this servlet.  [0]                          -->
+  <!--                                                                      -->
+  <!--   expires             The number of seconds before a page with SSI   -->
+  <!--                       directives will expire.  [No default]          -->
+  <!--                                                                      -->
+  <!--   isVirtualWebappRelative                                            -->
+  <!--                       Should "virtual" paths be interpreted as       -->
+  <!--                       relative to the context root, instead of       -->
+  <!--                       the server root? [false]                       -->
+  <!--                                                                      -->
+  <!--   allowExec           Is use of the exec command enabled? [false]    -->
+
+<!--
+    <filter>
+        <filter-name>ssi</filter-name>
+        <filter-class>
+          org.apache.catalina.ssi.SSIFilter
+        </filter-class>
+        <init-param>
+          <param-name>contentType</param-name>
+          <param-value>text/x-server-parsed-html(;.*)?</param-value>
+        </init-param>
+        <init-param>
+          <param-name>debug</param-name>
+          <param-value>0</param-value>
+        </init-param>
+        <init-param>
+          <param-name>expires</param-name>
+          <param-value>666</param-value>
+        </init-param>
+        <init-param>
+          <param-name>isVirtualWebappRelative</param-name>
+          <param-value>false</param-value>
+        </init-param>
+    </filter>
+-->
+
+
+  <!-- ==================== Built In Filter Mappings ====================== -->
+
+  <!-- The mapping for the HTTP header security Filter -->
+<!--
+    <filter-mapping>
+        <filter-name>httpHeaderSecurity</filter-name>
+        <url-pattern>/*</url-pattern>
+        <dispatcher>REQUEST</dispatcher>
+    </filter-mapping>
+-->
+
+  <!-- The mapping for the Set Character Encoding Filter -->
+<!--
+    <filter-mapping>
+        <filter-name>setCharacterEncodingFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+-->
+
+  <!-- The mapping for the Failed Request Filter -->
+<!--
+    <filter-mapping>
+        <filter-name>failedRequestFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+-->
+
+  <!-- The mapping for the SSI Filter -->
+<!--
+    <filter-mapping>
+        <filter-name>ssi</filter-name>
+        <url-pattern>*.shtml</url-pattern>
+    </filter-mapping>
+-->
+
+
+  <!-- ==================== Default Session Configuration ================= -->
+  <!-- You can set the default session timeout (in minutes) for all newly   -->
+  <!-- created sessions by modifying the value below.                       -->
+
+    <session-config>
+        <session-timeout>30</session-timeout>
+    </session-config>
+
+
+  <!-- ===================== Default MIME Type Mappings =================== -->
+  <!-- When serving static resources, Tomcat will automatically generate    -->
+  <!-- a "Content-Type" header based on the resource's filename extension,  -->
+  <!-- based on these mappings.  Additional mappings can be added here (to  -->
+  <!-- apply to all web applications), or in your own application's web.xml -->
+  <!-- deployment descriptor.                                               -->
+  <!-- Note: Extensions are always matched in a case-insensitive manner.    -->
+
+    <mime-mapping>
+        <extension>123</extension>
+        <mime-type>application/vnd.lotus-1-2-3</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>3dml</extension>
+        <mime-type>text/vnd.in3d.3dml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>3ds</extension>
+        <mime-type>image/x-3ds</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>3g2</extension>
+        <mime-type>video/3gpp2</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>3gp</extension>
+        <mime-type>video/3gpp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>7z</extension>
+        <mime-type>application/x-7z-compressed</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>aab</extension>
+        <mime-type>application/x-authorware-bin</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>aac</extension>
+        <mime-type>audio/x-aac</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>aam</extension>
+        <mime-type>application/x-authorware-map</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>aas</extension>
+        <mime-type>application/x-authorware-seg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>abs</extension>
+        <mime-type>audio/x-mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>abw</extension>
+        <mime-type>application/x-abiword</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ac</extension>
+        <mime-type>application/pkix-attr-cert</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>acc</extension>
+        <mime-type>application/vnd.americandynamics.acc</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ace</extension>
+        <mime-type>application/x-ace-compressed</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>acu</extension>
+        <mime-type>application/vnd.acucobol</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>acutc</extension>
+        <mime-type>application/vnd.acucorp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>adp</extension>
+        <mime-type>audio/adpcm</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>aep</extension>
+        <mime-type>application/vnd.audiograph</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>afm</extension>
+        <mime-type>application/x-font-type1</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>afp</extension>
+        <mime-type>application/vnd.ibm.modcap</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ahead</extension>
+        <mime-type>application/vnd.ahead.space</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ai</extension>
+        <mime-type>application/postscript</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>aif</extension>
+        <mime-type>audio/x-aiff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>aifc</extension>
+        <mime-type>audio/x-aiff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>aiff</extension>
+        <mime-type>audio/x-aiff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>aim</extension>
+        <mime-type>application/x-aim</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>air</extension>
+        <mime-type>application/vnd.adobe.air-application-installer-package+zip</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ait</extension>
+        <mime-type>application/vnd.dvb.ait</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ami</extension>
+        <mime-type>application/vnd.amiga.ami</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>anx</extension>
+        <mime-type>application/annodex</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>apk</extension>
+        <mime-type>application/vnd.android.package-archive</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>appcache</extension>
+        <mime-type>text/cache-manifest</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>application</extension>
+        <mime-type>application/x-ms-application</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>apr</extension>
+        <mime-type>application/vnd.lotus-approach</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>arc</extension>
+        <mime-type>application/x-freearc</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>art</extension>
+        <mime-type>image/x-jg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>asc</extension>
+        <mime-type>application/pgp-signature</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>asf</extension>
+        <mime-type>video/x-ms-asf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>asm</extension>
+        <mime-type>text/x-asm</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>aso</extension>
+        <mime-type>application/vnd.accpac.simply.aso</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>asx</extension>
+        <mime-type>video/x-ms-asf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>atc</extension>
+        <mime-type>application/vnd.acucorp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>atom</extension>
+        <mime-type>application/atom+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>atomcat</extension>
+        <mime-type>application/atomcat+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>atomsvc</extension>
+        <mime-type>application/atomsvc+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>atx</extension>
+        <mime-type>application/vnd.antix.game-component</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>au</extension>
+        <mime-type>audio/basic</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>avi</extension>
+        <mime-type>video/x-msvideo</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>avx</extension>
+        <mime-type>video/x-rad-screenplay</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>aw</extension>
+        <mime-type>application/applixware</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>axa</extension>
+        <mime-type>audio/annodex</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>axv</extension>
+        <mime-type>video/annodex</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>azf</extension>
+        <mime-type>application/vnd.airzip.filesecure.azf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>azs</extension>
+        <mime-type>application/vnd.airzip.filesecure.azs</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>azw</extension>
+        <mime-type>application/vnd.amazon.ebook</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>bat</extension>
+        <mime-type>application/x-msdownload</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>bcpio</extension>
+        <mime-type>application/x-bcpio</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>bdf</extension>
+        <mime-type>application/x-font-bdf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>bdm</extension>
+        <mime-type>application/vnd.syncml.dm+wbxml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>bed</extension>
+        <mime-type>application/vnd.realvnc.bed</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>bh2</extension>
+        <mime-type>application/vnd.fujitsu.oasysprs</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>bin</extension>
+        <mime-type>application/octet-stream</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>blb</extension>
+        <mime-type>application/x-blorb</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>blorb</extension>
+        <mime-type>application/x-blorb</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>bmi</extension>
+        <mime-type>application/vnd.bmi</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>bmp</extension>
+        <mime-type>image/bmp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>body</extension>
+        <mime-type>text/html</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>book</extension>
+        <mime-type>application/vnd.framemaker</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>box</extension>
+        <mime-type>application/vnd.previewsystems.box</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>boz</extension>
+        <mime-type>application/x-bzip2</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>bpk</extension>
+        <mime-type>application/octet-stream</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>btif</extension>
+        <mime-type>image/prs.btif</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>bz</extension>
+        <mime-type>application/x-bzip</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>bz2</extension>
+        <mime-type>application/x-bzip2</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>c</extension>
+        <mime-type>text/x-c</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>c11amc</extension>
+        <mime-type>application/vnd.cluetrust.cartomobile-config</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>c11amz</extension>
+        <mime-type>application/vnd.cluetrust.cartomobile-config-pkg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>c4d</extension>
+        <mime-type>application/vnd.clonk.c4group</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>c4f</extension>
+        <mime-type>application/vnd.clonk.c4group</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>c4g</extension>
+        <mime-type>application/vnd.clonk.c4group</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>c4p</extension>
+        <mime-type>application/vnd.clonk.c4group</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>c4u</extension>
+        <mime-type>application/vnd.clonk.c4group</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cab</extension>
+        <mime-type>application/vnd.ms-cab-compressed</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>caf</extension>
+        <mime-type>audio/x-caf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cap</extension>
+        <mime-type>application/vnd.tcpdump.pcap</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>car</extension>
+        <mime-type>application/vnd.curl.car</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cat</extension>
+        <mime-type>application/vnd.ms-pki.seccat</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cb7</extension>
+        <mime-type>application/x-cbr</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cba</extension>
+        <mime-type>application/x-cbr</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cbr</extension>
+        <mime-type>application/x-cbr</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cbt</extension>
+        <mime-type>application/x-cbr</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cbz</extension>
+        <mime-type>application/x-cbr</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cc</extension>
+        <mime-type>text/x-c</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cct</extension>
+        <mime-type>application/x-director</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ccxml</extension>
+        <mime-type>application/ccxml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cdbcmsg</extension>
+        <mime-type>application/vnd.contact.cmsg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cdf</extension>
+        <mime-type>application/x-cdf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cdkey</extension>
+        <mime-type>application/vnd.mediastation.cdkey</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cdmia</extension>
+        <mime-type>application/cdmi-capability</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cdmic</extension>
+        <mime-type>application/cdmi-container</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cdmid</extension>
+        <mime-type>application/cdmi-domain</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cdmio</extension>
+        <mime-type>application/cdmi-object</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cdmiq</extension>
+        <mime-type>application/cdmi-queue</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cdx</extension>
+        <mime-type>chemical/x-cdx</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cdxml</extension>
+        <mime-type>application/vnd.chemdraw+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cdy</extension>
+        <mime-type>application/vnd.cinderella</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cer</extension>
+        <mime-type>application/pkix-cert</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cfs</extension>
+        <mime-type>application/x-cfs-compressed</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cgm</extension>
+        <mime-type>image/cgm</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>chat</extension>
+        <mime-type>application/x-chat</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>chm</extension>
+        <mime-type>application/vnd.ms-htmlhelp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>chrt</extension>
+        <mime-type>application/vnd.kde.kchart</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cif</extension>
+        <mime-type>chemical/x-cif</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cii</extension>
+        <mime-type>application/vnd.anser-web-certificate-issue-initiation</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cil</extension>
+        <mime-type>application/vnd.ms-artgalry</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cla</extension>
+        <mime-type>application/vnd.claymore</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>class</extension>
+        <mime-type>application/java</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>clkk</extension>
+        <mime-type>application/vnd.crick.clicker.keyboard</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>clkp</extension>
+        <mime-type>application/vnd.crick.clicker.palette</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>clkt</extension>
+        <mime-type>application/vnd.crick.clicker.template</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>clkw</extension>
+        <mime-type>application/vnd.crick.clicker.wordbank</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>clkx</extension>
+        <mime-type>application/vnd.crick.clicker</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>clp</extension>
+        <mime-type>application/x-msclip</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cmc</extension>
+        <mime-type>application/vnd.cosmocaller</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cmdf</extension>
+        <mime-type>chemical/x-cmdf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cml</extension>
+        <mime-type>chemical/x-cml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cmp</extension>
+        <mime-type>application/vnd.yellowriver-custom-menu</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cmx</extension>
+        <mime-type>image/x-cmx</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cod</extension>
+        <mime-type>application/vnd.rim.cod</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>com</extension>
+        <mime-type>application/x-msdownload</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>conf</extension>
+        <mime-type>text/plain</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cpio</extension>
+        <mime-type>application/x-cpio</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cpp</extension>
+        <mime-type>text/x-c</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cpt</extension>
+        <mime-type>application/mac-compactpro</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>crd</extension>
+        <mime-type>application/x-mscardfile</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>crl</extension>
+        <mime-type>application/pkix-crl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>crt</extension>
+        <mime-type>application/x-x509-ca-cert</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cryptonote</extension>
+        <mime-type>application/vnd.rig.cryptonote</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>csh</extension>
+        <mime-type>application/x-csh</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>csml</extension>
+        <mime-type>chemical/x-csml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>csp</extension>
+        <mime-type>application/vnd.commonspace</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>css</extension>
+        <mime-type>text/css</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cst</extension>
+        <mime-type>application/x-director</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>csv</extension>
+        <mime-type>text/csv</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cu</extension>
+        <mime-type>application/cu-seeme</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>curl</extension>
+        <mime-type>text/vnd.curl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cww</extension>
+        <mime-type>application/prs.cww</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cxt</extension>
+        <mime-type>application/x-director</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>cxx</extension>
+        <mime-type>text/x-c</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dae</extension>
+        <mime-type>model/vnd.collada+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>daf</extension>
+        <mime-type>application/vnd.mobius.daf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dart</extension>
+        <mime-type>application/vnd.dart</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dataless</extension>
+        <mime-type>application/vnd.fdsn.seed</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>davmount</extension>
+        <mime-type>application/davmount+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dbk</extension>
+        <mime-type>application/docbook+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dcr</extension>
+        <mime-type>application/x-director</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dcurl</extension>
+        <mime-type>text/vnd.curl.dcurl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dd2</extension>
+        <mime-type>application/vnd.oma.dd2+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ddd</extension>
+        <mime-type>application/vnd.fujixerox.ddd</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>deb</extension>
+        <mime-type>application/x-debian-package</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>def</extension>
+        <mime-type>text/plain</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>deploy</extension>
+        <mime-type>application/octet-stream</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>der</extension>
+        <mime-type>application/x-x509-ca-cert</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dfac</extension>
+        <mime-type>application/vnd.dreamfactory</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dgc</extension>
+        <mime-type>application/x-dgc-compressed</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dib</extension>
+        <mime-type>image/bmp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dic</extension>
+        <mime-type>text/x-c</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dir</extension>
+        <mime-type>application/x-director</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dis</extension>
+        <mime-type>application/vnd.mobius.dis</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dist</extension>
+        <mime-type>application/octet-stream</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>distz</extension>
+        <mime-type>application/octet-stream</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>djv</extension>
+        <mime-type>image/vnd.djvu</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>djvu</extension>
+        <mime-type>image/vnd.djvu</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dll</extension>
+        <mime-type>application/x-msdownload</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dmg</extension>
+        <mime-type>application/x-apple-diskimage</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dmp</extension>
+        <mime-type>application/vnd.tcpdump.pcap</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dms</extension>
+        <mime-type>application/octet-stream</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dna</extension>
+        <mime-type>application/vnd.dna</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>doc</extension>
+        <mime-type>application/msword</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>docm</extension>
+        <mime-type>application/vnd.ms-word.document.macroenabled.12</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>docx</extension>
+        <mime-type>application/vnd.openxmlformats-officedocument.wordprocessingml.document</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dot</extension>
+        <mime-type>application/msword</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dotm</extension>
+        <mime-type>application/vnd.ms-word.template.macroenabled.12</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dotx</extension>
+        <mime-type>application/vnd.openxmlformats-officedocument.wordprocessingml.template</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dp</extension>
+        <mime-type>application/vnd.osgi.dp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dpg</extension>
+        <mime-type>application/vnd.dpgraph</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dra</extension>
+        <mime-type>audio/vnd.dra</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dsc</extension>
+        <mime-type>text/prs.lines.tag</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dssc</extension>
+        <mime-type>application/dssc+der</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dtb</extension>
+        <mime-type>application/x-dtbook+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dtd</extension>
+        <mime-type>application/xml-dtd</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dts</extension>
+        <mime-type>audio/vnd.dts</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dtshd</extension>
+        <mime-type>audio/vnd.dts.hd</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dump</extension>
+        <mime-type>application/octet-stream</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dv</extension>
+        <mime-type>video/x-dv</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dvb</extension>
+        <mime-type>video/vnd.dvb.file</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dvi</extension>
+        <mime-type>application/x-dvi</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dwf</extension>
+        <mime-type>model/vnd.dwf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dwg</extension>
+        <mime-type>image/vnd.dwg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dxf</extension>
+        <mime-type>image/vnd.dxf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dxp</extension>
+        <mime-type>application/vnd.spotfire.dxp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>dxr</extension>
+        <mime-type>application/x-director</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ecelp4800</extension>
+        <mime-type>audio/vnd.nuera.ecelp4800</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ecelp7470</extension>
+        <mime-type>audio/vnd.nuera.ecelp7470</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ecelp9600</extension>
+        <mime-type>audio/vnd.nuera.ecelp9600</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ecma</extension>
+        <mime-type>application/ecmascript</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>edm</extension>
+        <mime-type>application/vnd.novadigm.edm</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>edx</extension>
+        <mime-type>application/vnd.novadigm.edx</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>efif</extension>
+        <mime-type>application/vnd.picsel</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ei6</extension>
+        <mime-type>application/vnd.pg.osasli</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>elc</extension>
+        <mime-type>application/octet-stream</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>emf</extension>
+        <mime-type>application/x-msmetafile</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>eml</extension>
+        <mime-type>message/rfc822</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>emma</extension>
+        <mime-type>application/emma+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>emz</extension>
+        <mime-type>application/x-msmetafile</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>eol</extension>
+        <mime-type>audio/vnd.digital-winds</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>eot</extension>
+        <mime-type>application/vnd.ms-fontobject</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>eps</extension>
+        <mime-type>application/postscript</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>epub</extension>
+        <mime-type>application/epub+zip</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>es3</extension>
+        <mime-type>application/vnd.eszigno3+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>esa</extension>
+        <mime-type>application/vnd.osgi.subsystem</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>esf</extension>
+        <mime-type>application/vnd.epson.esf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>et3</extension>
+        <mime-type>application/vnd.eszigno3+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>etx</extension>
+        <mime-type>text/x-setext</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>eva</extension>
+        <mime-type>application/x-eva</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>evy</extension>
+        <mime-type>application/x-envoy</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>exe</extension>
+        <mime-type>application/octet-stream</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>exi</extension>
+        <mime-type>application/exi</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ext</extension>
+        <mime-type>application/vnd.novadigm.ext</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ez</extension>
+        <mime-type>application/andrew-inset</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ez2</extension>
+        <mime-type>application/vnd.ezpix-album</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ez3</extension>
+        <mime-type>application/vnd.ezpix-package</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>f</extension>
+        <mime-type>text/x-fortran</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>f4v</extension>
+        <mime-type>video/x-f4v</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>f77</extension>
+        <mime-type>text/x-fortran</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>f90</extension>
+        <mime-type>text/x-fortran</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fbs</extension>
+        <mime-type>image/vnd.fastbidsheet</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fcdt</extension>
+        <mime-type>application/vnd.adobe.formscentral.fcdt</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fcs</extension>
+        <mime-type>application/vnd.isac.fcs</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fdf</extension>
+        <mime-type>application/vnd.fdf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fe_launch</extension>
+        <mime-type>application/vnd.denovo.fcselayout-link</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fg5</extension>
+        <mime-type>application/vnd.fujitsu.oasysgp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fgd</extension>
+        <mime-type>application/x-director</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fh</extension>
+        <mime-type>image/x-freehand</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fh4</extension>
+        <mime-type>image/x-freehand</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fh5</extension>
+        <mime-type>image/x-freehand</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fh7</extension>
+        <mime-type>image/x-freehand</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fhc</extension>
+        <mime-type>image/x-freehand</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fig</extension>
+        <mime-type>application/x-xfig</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>flac</extension>
+        <mime-type>audio/flac</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fli</extension>
+        <mime-type>video/x-fli</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>flo</extension>
+        <mime-type>application/vnd.micrografx.flo</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>flv</extension>
+        <mime-type>video/x-flv</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>flw</extension>
+        <mime-type>application/vnd.kde.kivio</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>flx</extension>
+        <mime-type>text/vnd.fmi.flexstor</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fly</extension>
+        <mime-type>text/vnd.fly</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fm</extension>
+        <mime-type>application/vnd.framemaker</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fnc</extension>
+        <mime-type>application/vnd.frogans.fnc</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>for</extension>
+        <mime-type>text/x-fortran</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fpx</extension>
+        <mime-type>image/vnd.fpx</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>frame</extension>
+        <mime-type>application/vnd.framemaker</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fsc</extension>
+        <mime-type>application/vnd.fsc.weblaunch</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fst</extension>
+        <mime-type>image/vnd.fst</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ftc</extension>
+        <mime-type>application/vnd.fluxtime.clip</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fti</extension>
+        <mime-type>application/vnd.anser-web-funds-transfer-initiation</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fvt</extension>
+        <mime-type>video/vnd.fvt</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fxp</extension>
+        <mime-type>application/vnd.adobe.fxp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fxpl</extension>
+        <mime-type>application/vnd.adobe.fxp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>fzs</extension>
+        <mime-type>application/vnd.fuzzysheet</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>g2w</extension>
+        <mime-type>application/vnd.geoplan</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>g3</extension>
+        <mime-type>image/g3fax</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>g3w</extension>
+        <mime-type>application/vnd.geospace</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gac</extension>
+        <mime-type>application/vnd.groove-account</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gam</extension>
+        <mime-type>application/x-tads</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gbr</extension>
+        <mime-type>application/rpki-ghostbusters</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gca</extension>
+        <mime-type>application/x-gca-compressed</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gdl</extension>
+        <mime-type>model/vnd.gdl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>geo</extension>
+        <mime-type>application/vnd.dynageo</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gex</extension>
+        <mime-type>application/vnd.geometry-explorer</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ggb</extension>
+        <mime-type>application/vnd.geogebra.file</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ggt</extension>
+        <mime-type>application/vnd.geogebra.tool</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ghf</extension>
+        <mime-type>application/vnd.groove-help</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gif</extension>
+        <mime-type>image/gif</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gim</extension>
+        <mime-type>application/vnd.groove-identity-message</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gml</extension>
+        <mime-type>application/gml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gmx</extension>
+        <mime-type>application/vnd.gmx</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gnumeric</extension>
+        <mime-type>application/x-gnumeric</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gph</extension>
+        <mime-type>application/vnd.flographit</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gpx</extension>
+        <mime-type>application/gpx+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gqf</extension>
+        <mime-type>application/vnd.grafeq</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gqs</extension>
+        <mime-type>application/vnd.grafeq</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gram</extension>
+        <mime-type>application/srgs</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gramps</extension>
+        <mime-type>application/x-gramps-xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gre</extension>
+        <mime-type>application/vnd.geometry-explorer</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>grv</extension>
+        <mime-type>application/vnd.groove-injector</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>grxml</extension>
+        <mime-type>application/srgs+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gsf</extension>
+        <mime-type>application/x-font-ghostscript</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gtar</extension>
+        <mime-type>application/x-gtar</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gtm</extension>
+        <mime-type>application/vnd.groove-tool-message</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gtw</extension>
+        <mime-type>model/vnd.gtw</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gv</extension>
+        <mime-type>text/vnd.graphviz</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gxf</extension>
+        <mime-type>application/gxf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gxt</extension>
+        <mime-type>application/vnd.geonext</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>gz</extension>
+        <mime-type>application/x-gzip</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>h</extension>
+        <mime-type>text/x-c</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>h261</extension>
+        <mime-type>video/h261</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>h263</extension>
+        <mime-type>video/h263</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>h264</extension>
+        <mime-type>video/h264</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>hal</extension>
+        <mime-type>application/vnd.hal+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>hbci</extension>
+        <mime-type>application/vnd.hbci</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>hdf</extension>
+        <mime-type>application/x-hdf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>hh</extension>
+        <mime-type>text/x-c</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>hlp</extension>
+        <mime-type>application/winhlp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>hpgl</extension>
+        <mime-type>application/vnd.hp-hpgl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>hpid</extension>
+        <mime-type>application/vnd.hp-hpid</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>hps</extension>
+        <mime-type>application/vnd.hp-hps</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>hqx</extension>
+        <mime-type>application/mac-binhex40</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>htc</extension>
+        <mime-type>text/x-component</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>htke</extension>
+        <mime-type>application/vnd.kenameaapp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>htm</extension>
+        <mime-type>text/html</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>html</extension>
+        <mime-type>text/html</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>hvd</extension>
+        <mime-type>application/vnd.yamaha.hv-dic</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>hvp</extension>
+        <mime-type>application/vnd.yamaha.hv-voice</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>hvs</extension>
+        <mime-type>application/vnd.yamaha.hv-script</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>i2g</extension>
+        <mime-type>application/vnd.intergeo</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>icc</extension>
+        <mime-type>application/vnd.iccprofile</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ice</extension>
+        <mime-type>x-conference/x-cooltalk</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>icm</extension>
+        <mime-type>application/vnd.iccprofile</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ico</extension>
+        <mime-type>image/x-icon</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ics</extension>
+        <mime-type>text/calendar</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ief</extension>
+        <mime-type>image/ief</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ifb</extension>
+        <mime-type>text/calendar</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ifm</extension>
+        <mime-type>application/vnd.shana.informed.formdata</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>iges</extension>
+        <mime-type>model/iges</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>igl</extension>
+        <mime-type>application/vnd.igloader</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>igm</extension>
+        <mime-type>application/vnd.insors.igm</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>igs</extension>
+        <mime-type>model/iges</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>igx</extension>
+        <mime-type>application/vnd.micrografx.igx</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>iif</extension>
+        <mime-type>application/vnd.shana.informed.interchange</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>imp</extension>
+        <mime-type>application/vnd.accpac.simply.imp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ims</extension>
+        <mime-type>application/vnd.ms-ims</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>in</extension>
+        <mime-type>text/plain</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ink</extension>
+        <mime-type>application/inkml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>inkml</extension>
+        <mime-type>application/inkml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>install</extension>
+        <mime-type>application/x-install-instructions</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>iota</extension>
+        <mime-type>application/vnd.astraea-software.iota</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ipfix</extension>
+        <mime-type>application/ipfix</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ipk</extension>
+        <mime-type>application/vnd.shana.informed.package</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>irm</extension>
+        <mime-type>application/vnd.ibm.rights-management</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>irp</extension>
+        <mime-type>application/vnd.irepository.package+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>iso</extension>
+        <mime-type>application/x-iso9660-image</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>itp</extension>
+        <mime-type>application/vnd.shana.informed.formtemplate</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ivp</extension>
+        <mime-type>application/vnd.immervision-ivp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ivu</extension>
+        <mime-type>application/vnd.immervision-ivu</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jad</extension>
+        <mime-type>text/vnd.sun.j2me.app-descriptor</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jam</extension>
+        <mime-type>application/vnd.jam</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jar</extension>
+        <mime-type>application/java-archive</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>java</extension>
+        <mime-type>text/x-java-source</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jisp</extension>
+        <mime-type>application/vnd.jisp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jlt</extension>
+        <mime-type>application/vnd.hp-jlyt</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jnlp</extension>
+        <mime-type>application/x-java-jnlp-file</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>joda</extension>
+        <mime-type>application/vnd.joost.joda-archive</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jpe</extension>
+        <mime-type>image/jpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jpeg</extension>
+        <mime-type>image/jpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jpg</extension>
+        <mime-type>image/jpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jpgm</extension>
+        <mime-type>video/jpm</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jpgv</extension>
+        <mime-type>video/jpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jpm</extension>
+        <mime-type>video/jpm</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>js</extension>
+        <mime-type>application/javascript</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jsf</extension>
+        <mime-type>text/plain</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>json</extension>
+        <mime-type>application/json</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jsonml</extension>
+        <mime-type>application/jsonml+json</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>jspf</extension>
+        <mime-type>text/plain</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>kar</extension>
+        <mime-type>audio/midi</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>karbon</extension>
+        <mime-type>application/vnd.kde.karbon</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>kfo</extension>
+        <mime-type>application/vnd.kde.kformula</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>kia</extension>
+        <mime-type>application/vnd.kidspiration</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>kml</extension>
+        <mime-type>application/vnd.google-earth.kml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>kmz</extension>
+        <mime-type>application/vnd.google-earth.kmz</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>kne</extension>
+        <mime-type>application/vnd.kinar</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>knp</extension>
+        <mime-type>application/vnd.kinar</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>kon</extension>
+        <mime-type>application/vnd.kde.kontour</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>kpr</extension>
+        <mime-type>application/vnd.kde.kpresenter</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>kpt</extension>
+        <mime-type>application/vnd.kde.kpresenter</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>kpxx</extension>
+        <mime-type>application/vnd.ds-keypoint</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ksp</extension>
+        <mime-type>application/vnd.kde.kspread</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ktr</extension>
+        <mime-type>application/vnd.kahootz</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ktx</extension>
+        <mime-type>image/ktx</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ktz</extension>
+        <mime-type>application/vnd.kahootz</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>kwd</extension>
+        <mime-type>application/vnd.kde.kword</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>kwt</extension>
+        <mime-type>application/vnd.kde.kword</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>lasxml</extension>
+        <mime-type>application/vnd.las.las+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>latex</extension>
+        <mime-type>application/x-latex</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>lbd</extension>
+        <mime-type>application/vnd.llamagraphics.life-balance.desktop</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>lbe</extension>
+        <mime-type>application/vnd.llamagraphics.life-balance.exchange+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>les</extension>
+        <mime-type>application/vnd.hhe.lesson-player</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>lha</extension>
+        <mime-type>application/x-lzh-compressed</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>link66</extension>
+        <mime-type>application/vnd.route66.link66+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>list</extension>
+        <mime-type>text/plain</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>list3820</extension>
+        <mime-type>application/vnd.ibm.modcap</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>listafp</extension>
+        <mime-type>application/vnd.ibm.modcap</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>lnk</extension>
+        <mime-type>application/x-ms-shortcut</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>log</extension>
+        <mime-type>text/plain</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>lostxml</extension>
+        <mime-type>application/lost+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>lrf</extension>
+        <mime-type>application/octet-stream</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>lrm</extension>
+        <mime-type>application/vnd.ms-lrm</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ltf</extension>
+        <mime-type>application/vnd.frogans.ltf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>lvp</extension>
+        <mime-type>audio/vnd.lucent.voice</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>lwp</extension>
+        <mime-type>application/vnd.lotus-wordpro</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>lzh</extension>
+        <mime-type>application/x-lzh-compressed</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>m13</extension>
+        <mime-type>application/x-msmediaview</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>m14</extension>
+        <mime-type>application/x-msmediaview</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>m1v</extension>
+        <mime-type>video/mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>m21</extension>
+        <mime-type>application/mp21</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>m2a</extension>
+        <mime-type>audio/mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>m2v</extension>
+        <mime-type>video/mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>m3a</extension>
+        <mime-type>audio/mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>m3u</extension>
+        <mime-type>audio/x-mpegurl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>m3u8</extension>
+        <mime-type>application/vnd.apple.mpegurl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>m4a</extension>
+        <mime-type>audio/mp4</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>m4b</extension>
+        <mime-type>audio/mp4</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>m4r</extension>
+        <mime-type>audio/mp4</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>m4u</extension>
+        <mime-type>video/vnd.mpegurl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>m4v</extension>
+        <mime-type>video/mp4</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ma</extension>
+        <mime-type>application/mathematica</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mac</extension>
+        <mime-type>image/x-macpaint</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mads</extension>
+        <mime-type>application/mads+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mag</extension>
+        <mime-type>application/vnd.ecowin.chart</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>maker</extension>
+        <mime-type>application/vnd.framemaker</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>man</extension>
+        <mime-type>text/troff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mar</extension>
+        <mime-type>application/octet-stream</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mathml</extension>
+        <mime-type>application/mathml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mb</extension>
+        <mime-type>application/mathematica</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mbk</extension>
+        <mime-type>application/vnd.mobius.mbk</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mbox</extension>
+        <mime-type>application/mbox</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mc1</extension>
+        <mime-type>application/vnd.medcalcdata</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mcd</extension>
+        <mime-type>application/vnd.mcd</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mcurl</extension>
+        <mime-type>text/vnd.curl.mcurl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mdb</extension>
+        <mime-type>application/x-msaccess</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mdi</extension>
+        <mime-type>image/vnd.ms-modi</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>me</extension>
+        <mime-type>text/troff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mesh</extension>
+        <mime-type>model/mesh</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>meta4</extension>
+        <mime-type>application/metalink4+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>metalink</extension>
+        <mime-type>application/metalink+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mets</extension>
+        <mime-type>application/mets+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mfm</extension>
+        <mime-type>application/vnd.mfmp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mft</extension>
+        <mime-type>application/rpki-manifest</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mgp</extension>
+        <mime-type>application/vnd.osgeo.mapguide.package</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mgz</extension>
+        <mime-type>application/vnd.proteus.magazine</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mid</extension>
+        <mime-type>audio/midi</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>midi</extension>
+        <mime-type>audio/midi</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mie</extension>
+        <mime-type>application/x-mie</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mif</extension>
+        <mime-type>application/x-mif</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mime</extension>
+        <mime-type>message/rfc822</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mj2</extension>
+        <mime-type>video/mj2</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mjp2</extension>
+        <mime-type>video/mj2</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mk3d</extension>
+        <mime-type>video/x-matroska</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mka</extension>
+        <mime-type>audio/x-matroska</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mks</extension>
+        <mime-type>video/x-matroska</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mkv</extension>
+        <mime-type>video/x-matroska</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mlp</extension>
+        <mime-type>application/vnd.dolby.mlp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mmd</extension>
+        <mime-type>application/vnd.chipnuts.karaoke-mmd</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mmf</extension>
+        <mime-type>application/vnd.smaf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mmr</extension>
+        <mime-type>image/vnd.fujixerox.edmics-mmr</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mng</extension>
+        <mime-type>video/x-mng</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mny</extension>
+        <mime-type>application/x-msmoney</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mobi</extension>
+        <mime-type>application/x-mobipocket-ebook</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mods</extension>
+        <mime-type>application/mods+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mov</extension>
+        <mime-type>video/quicktime</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>movie</extension>
+        <mime-type>video/x-sgi-movie</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mp1</extension>
+        <mime-type>audio/mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mp2</extension>
+        <mime-type>audio/mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mp21</extension>
+        <mime-type>application/mp21</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mp2a</extension>
+        <mime-type>audio/mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mp3</extension>
+        <mime-type>audio/mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mp4</extension>
+        <mime-type>video/mp4</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mp4a</extension>
+        <mime-type>audio/mp4</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mp4s</extension>
+        <mime-type>application/mp4</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mp4v</extension>
+        <mime-type>video/mp4</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpa</extension>
+        <mime-type>audio/mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpc</extension>
+        <mime-type>application/vnd.mophun.certificate</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpe</extension>
+        <mime-type>video/mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpeg</extension>
+        <mime-type>video/mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpega</extension>
+        <mime-type>audio/x-mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpg</extension>
+        <mime-type>video/mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpg4</extension>
+        <mime-type>video/mp4</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpga</extension>
+        <mime-type>audio/mpeg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpkg</extension>
+        <mime-type>application/vnd.apple.installer+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpm</extension>
+        <mime-type>application/vnd.blueice.multipass</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpn</extension>
+        <mime-type>application/vnd.mophun.application</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpp</extension>
+        <mime-type>application/vnd.ms-project</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpt</extension>
+        <mime-type>application/vnd.ms-project</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpv2</extension>
+        <mime-type>video/mpeg2</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mpy</extension>
+        <mime-type>application/vnd.ibm.minipay</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mqy</extension>
+        <mime-type>application/vnd.mobius.mqy</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mrc</extension>
+        <mime-type>application/marc</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mrcx</extension>
+        <mime-type>application/marcxml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ms</extension>
+        <mime-type>text/troff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mscml</extension>
+        <mime-type>application/mediaservercontrol+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mseed</extension>
+        <mime-type>application/vnd.fdsn.mseed</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mseq</extension>
+        <mime-type>application/vnd.mseq</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>msf</extension>
+        <mime-type>application/vnd.epson.msf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>msh</extension>
+        <mime-type>model/mesh</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>msi</extension>
+        <mime-type>application/x-msdownload</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>msl</extension>
+        <mime-type>application/vnd.mobius.msl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>msty</extension>
+        <mime-type>application/vnd.muvee.style</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mts</extension>
+        <mime-type>model/vnd.mts</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mus</extension>
+        <mime-type>application/vnd.musician</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>musicxml</extension>
+        <mime-type>application/vnd.recordare.musicxml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mvb</extension>
+        <mime-type>application/x-msmediaview</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mwf</extension>
+        <mime-type>application/vnd.mfer</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mxf</extension>
+        <mime-type>application/mxf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mxl</extension>
+        <mime-type>application/vnd.recordare.musicxml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mxml</extension>
+        <mime-type>application/xv+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mxs</extension>
+        <mime-type>application/vnd.triscape.mxs</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>mxu</extension>
+        <mime-type>video/vnd.mpegurl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>n-gage</extension>
+        <mime-type>application/vnd.nokia.n-gage.symbian.install</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>n3</extension>
+        <mime-type>text/n3</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>nb</extension>
+        <mime-type>application/mathematica</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>nbp</extension>
+        <mime-type>application/vnd.wolfram.player</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>nc</extension>
+        <mime-type>application/x-netcdf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ncx</extension>
+        <mime-type>application/x-dtbncx+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>nfo</extension>
+        <mime-type>text/x-nfo</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ngdat</extension>
+        <mime-type>application/vnd.nokia.n-gage.data</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>nitf</extension>
+        <mime-type>application/vnd.nitf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>nlu</extension>
+        <mime-type>application/vnd.neurolanguage.nlu</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>nml</extension>
+        <mime-type>application/vnd.enliven</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>nnd</extension>
+        <mime-type>application/vnd.noblenet-directory</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>nns</extension>
+        <mime-type>application/vnd.noblenet-sealer</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>nnw</extension>
+        <mime-type>application/vnd.noblenet-web</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>npx</extension>
+        <mime-type>image/vnd.net-fpx</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>nsc</extension>
+        <mime-type>application/x-conference</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>nsf</extension>
+        <mime-type>application/vnd.lotus-notes</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ntf</extension>
+        <mime-type>application/vnd.nitf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>nzb</extension>
+        <mime-type>application/x-nzb</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>oa2</extension>
+        <mime-type>application/vnd.fujitsu.oasys2</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>oa3</extension>
+        <mime-type>application/vnd.fujitsu.oasys3</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>oas</extension>
+        <mime-type>application/vnd.fujitsu.oasys</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>obd</extension>
+        <mime-type>application/x-msbinder</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>obj</extension>
+        <mime-type>application/x-tgif</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>oda</extension>
+        <mime-type>application/oda</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- OpenDocument Database -->
+        <extension>odb</extension>
+        <mime-type>application/vnd.oasis.opendocument.database</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- OpenDocument Chart -->
+        <extension>odc</extension>
+        <mime-type>application/vnd.oasis.opendocument.chart</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- OpenDocument Formula -->
+        <extension>odf</extension>
+        <mime-type>application/vnd.oasis.opendocument.formula</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>odft</extension>
+        <mime-type>application/vnd.oasis.opendocument.formula-template</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- OpenDocument Drawing -->
+        <extension>odg</extension>
+        <mime-type>application/vnd.oasis.opendocument.graphics</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- OpenDocument Image -->
+        <extension>odi</extension>
+        <mime-type>application/vnd.oasis.opendocument.image</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- OpenDocument Master Document -->
+        <extension>odm</extension>
+        <mime-type>application/vnd.oasis.opendocument.text-master</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- OpenDocument Presentation -->
+        <extension>odp</extension>
+        <mime-type>application/vnd.oasis.opendocument.presentation</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- OpenDocument Spreadsheet -->
+        <extension>ods</extension>
+        <mime-type>application/vnd.oasis.opendocument.spreadsheet</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- OpenDocument Text -->
+        <extension>odt</extension>
+        <mime-type>application/vnd.oasis.opendocument.text</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>oga</extension>
+        <mime-type>audio/ogg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ogg</extension>
+        <mime-type>audio/ogg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ogv</extension>
+        <mime-type>video/ogg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- xiph mime types -->
+        <extension>ogx</extension>
+        <mime-type>application/ogg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>omdoc</extension>
+        <mime-type>application/omdoc+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>onepkg</extension>
+        <mime-type>application/onenote</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>onetmp</extension>
+        <mime-type>application/onenote</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>onetoc</extension>
+        <mime-type>application/onenote</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>onetoc2</extension>
+        <mime-type>application/onenote</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>opf</extension>
+        <mime-type>application/oebps-package+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>opml</extension>
+        <mime-type>text/x-opml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>oprc</extension>
+        <mime-type>application/vnd.palm</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>org</extension>
+        <mime-type>application/vnd.lotus-organizer</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>osf</extension>
+        <mime-type>application/vnd.yamaha.openscoreformat</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>osfpvg</extension>
+        <mime-type>application/vnd.yamaha.openscoreformat.osfpvg+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>otc</extension>
+        <mime-type>application/vnd.oasis.opendocument.chart-template</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>otf</extension>
+        <mime-type>application/x-font-otf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- OpenDocument Drawing Template -->
+        <extension>otg</extension>
+        <mime-type>application/vnd.oasis.opendocument.graphics-template</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- HTML Document Template -->
+        <extension>oth</extension>
+        <mime-type>application/vnd.oasis.opendocument.text-web</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>oti</extension>
+        <mime-type>application/vnd.oasis.opendocument.image-template</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- OpenDocument Presentation Template -->
+        <extension>otp</extension>
+        <mime-type>application/vnd.oasis.opendocument.presentation-template</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- OpenDocument Spreadsheet Template -->
+        <extension>ots</extension>
+        <mime-type>application/vnd.oasis.opendocument.spreadsheet-template</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- OpenDocument Text Template -->
+        <extension>ott</extension>
+        <mime-type>application/vnd.oasis.opendocument.text-template</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>oxps</extension>
+        <mime-type>application/oxps</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>oxt</extension>
+        <mime-type>application/vnd.openofficeorg.extension</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>p</extension>
+        <mime-type>text/x-pascal</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>p10</extension>
+        <mime-type>application/pkcs10</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>p12</extension>
+        <mime-type>application/x-pkcs12</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>p7b</extension>
+        <mime-type>application/x-pkcs7-certificates</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>p7c</extension>
+        <mime-type>application/pkcs7-mime</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>p7m</extension>
+        <mime-type>application/pkcs7-mime</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>p7r</extension>
+        <mime-type>application/x-pkcs7-certreqresp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>p7s</extension>
+        <mime-type>application/pkcs7-signature</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>p8</extension>
+        <mime-type>application/pkcs8</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pas</extension>
+        <mime-type>text/x-pascal</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>paw</extension>
+        <mime-type>application/vnd.pawaafile</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pbd</extension>
+        <mime-type>application/vnd.powerbuilder6</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pbm</extension>
+        <mime-type>image/x-portable-bitmap</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pcap</extension>
+        <mime-type>application/vnd.tcpdump.pcap</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pcf</extension>
+        <mime-type>application/x-font-pcf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pcl</extension>
+        <mime-type>application/vnd.hp-pcl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pclxl</extension>
+        <mime-type>application/vnd.hp-pclxl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pct</extension>
+        <mime-type>image/pict</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pcurl</extension>
+        <mime-type>application/vnd.curl.pcurl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pcx</extension>
+        <mime-type>image/x-pcx</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pdb</extension>
+        <mime-type>application/vnd.palm</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pdf</extension>
+        <mime-type>application/pdf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pfa</extension>
+        <mime-type>application/x-font-type1</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pfb</extension>
+        <mime-type>application/x-font-type1</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pfm</extension>
+        <mime-type>application/x-font-type1</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pfr</extension>
+        <mime-type>application/font-tdpfr</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pfx</extension>
+        <mime-type>application/x-pkcs12</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pgm</extension>
+        <mime-type>image/x-portable-graymap</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pgn</extension>
+        <mime-type>application/x-chess-pgn</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pgp</extension>
+        <mime-type>application/pgp-encrypted</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pic</extension>
+        <mime-type>image/pict</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pict</extension>
+        <mime-type>image/pict</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pkg</extension>
+        <mime-type>application/octet-stream</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pki</extension>
+        <mime-type>application/pkixcmp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pkipath</extension>
+        <mime-type>application/pkix-pkipath</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>plb</extension>
+        <mime-type>application/vnd.3gpp.pic-bw-large</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>plc</extension>
+        <mime-type>application/vnd.mobius.plc</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>plf</extension>
+        <mime-type>application/vnd.pocketlearn</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pls</extension>
+        <mime-type>audio/x-scpls</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pml</extension>
+        <mime-type>application/vnd.ctc-posml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>png</extension>
+        <mime-type>image/png</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pnm</extension>
+        <mime-type>image/x-portable-anymap</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pnt</extension>
+        <mime-type>image/x-macpaint</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>portpkg</extension>
+        <mime-type>application/vnd.macports.portpkg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pot</extension>
+        <mime-type>application/vnd.ms-powerpoint</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>potm</extension>
+        <mime-type>application/vnd.ms-powerpoint.template.macroenabled.12</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>potx</extension>
+        <mime-type>application/vnd.openxmlformats-officedocument.presentationml.template</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ppam</extension>
+        <mime-type>application/vnd.ms-powerpoint.addin.macroenabled.12</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ppd</extension>
+        <mime-type>application/vnd.cups-ppd</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ppm</extension>
+        <mime-type>image/x-portable-pixmap</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pps</extension>
+        <mime-type>application/vnd.ms-powerpoint</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ppsm</extension>
+        <mime-type>application/vnd.ms-powerpoint.slideshow.macroenabled.12</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ppsx</extension>
+        <mime-type>application/vnd.openxmlformats-officedocument.presentationml.slideshow</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ppt</extension>
+        <mime-type>application/vnd.ms-powerpoint</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pptm</extension>
+        <mime-type>application/vnd.ms-powerpoint.presentation.macroenabled.12</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pptx</extension>
+        <mime-type>application/vnd.openxmlformats-officedocument.presentationml.presentation</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pqa</extension>
+        <mime-type>application/vnd.palm</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>prc</extension>
+        <mime-type>application/x-mobipocket-ebook</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pre</extension>
+        <mime-type>application/vnd.lotus-freelance</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>prf</extension>
+        <mime-type>application/pics-rules</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ps</extension>
+        <mime-type>application/postscript</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>psb</extension>
+        <mime-type>application/vnd.3gpp.pic-bw-small</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>psd</extension>
+        <mime-type>image/vnd.adobe.photoshop</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>psf</extension>
+        <mime-type>application/x-font-linux-psf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pskcxml</extension>
+        <mime-type>application/pskc+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ptid</extension>
+        <mime-type>application/vnd.pvi.ptid1</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pub</extension>
+        <mime-type>application/x-mspublisher</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pvb</extension>
+        <mime-type>application/vnd.3gpp.pic-bw-var</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pwn</extension>
+        <mime-type>application/vnd.3m.post-it-notes</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pya</extension>
+        <mime-type>audio/vnd.ms-playready.media.pya</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>pyv</extension>
+        <mime-type>video/vnd.ms-playready.media.pyv</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>qam</extension>
+        <mime-type>application/vnd.epson.quickanime</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>qbo</extension>
+        <mime-type>application/vnd.intu.qbo</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>qfx</extension>
+        <mime-type>application/vnd.intu.qfx</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>qps</extension>
+        <mime-type>application/vnd.publishare-delta-tree</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>qt</extension>
+        <mime-type>video/quicktime</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>qti</extension>
+        <mime-type>image/x-quicktime</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>qtif</extension>
+        <mime-type>image/x-quicktime</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>qwd</extension>
+        <mime-type>application/vnd.quark.quarkxpress</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>qwt</extension>
+        <mime-type>application/vnd.quark.quarkxpress</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>qxb</extension>
+        <mime-type>application/vnd.quark.quarkxpress</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>qxd</extension>
+        <mime-type>application/vnd.quark.quarkxpress</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>qxl</extension>
+        <mime-type>application/vnd.quark.quarkxpress</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>qxt</extension>
+        <mime-type>application/vnd.quark.quarkxpress</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ra</extension>
+        <mime-type>audio/x-pn-realaudio</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ram</extension>
+        <mime-type>audio/x-pn-realaudio</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rar</extension>
+        <mime-type>application/x-rar-compressed</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ras</extension>
+        <mime-type>image/x-cmu-raster</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rcprofile</extension>
+        <mime-type>application/vnd.ipunplugged.rcprofile</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rdf</extension>
+        <mime-type>application/rdf+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rdz</extension>
+        <mime-type>application/vnd.data-vision.rdz</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rep</extension>
+        <mime-type>application/vnd.businessobjects</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>res</extension>
+        <mime-type>application/x-dtbresource+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rgb</extension>
+        <mime-type>image/x-rgb</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rif</extension>
+        <mime-type>application/reginfo+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rip</extension>
+        <mime-type>audio/vnd.rip</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ris</extension>
+        <mime-type>application/x-research-info-systems</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rl</extension>
+        <mime-type>application/resource-lists+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rlc</extension>
+        <mime-type>image/vnd.fujixerox.edmics-rlc</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rld</extension>
+        <mime-type>application/resource-lists-diff+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rm</extension>
+        <mime-type>application/vnd.rn-realmedia</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rmi</extension>
+        <mime-type>audio/midi</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rmp</extension>
+        <mime-type>audio/x-pn-realaudio-plugin</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rms</extension>
+        <mime-type>application/vnd.jcp.javame.midlet-rms</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rmvb</extension>
+        <mime-type>application/vnd.rn-realmedia-vbr</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rnc</extension>
+        <mime-type>application/relax-ng-compact-syntax</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>roa</extension>
+        <mime-type>application/rpki-roa</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>roff</extension>
+        <mime-type>text/troff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rp9</extension>
+        <mime-type>application/vnd.cloanto.rp9</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rpss</extension>
+        <mime-type>application/vnd.nokia.radio-presets</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rpst</extension>
+        <mime-type>application/vnd.nokia.radio-preset</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rq</extension>
+        <mime-type>application/sparql-query</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rs</extension>
+        <mime-type>application/rls-services+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rsd</extension>
+        <mime-type>application/rsd+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rss</extension>
+        <mime-type>application/rss+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rtf</extension>
+        <mime-type>application/rtf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>rtx</extension>
+        <mime-type>text/richtext</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>s</extension>
+        <mime-type>text/x-asm</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>s3m</extension>
+        <mime-type>audio/s3m</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>saf</extension>
+        <mime-type>application/vnd.yamaha.smaf-audio</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sbml</extension>
+        <mime-type>application/sbml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sc</extension>
+        <mime-type>application/vnd.ibm.secure-container</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>scd</extension>
+        <mime-type>application/x-msschedule</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>scm</extension>
+        <mime-type>application/vnd.lotus-screencam</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>scq</extension>
+        <mime-type>application/scvp-cv-request</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>scs</extension>
+        <mime-type>application/scvp-cv-response</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>scurl</extension>
+        <mime-type>text/vnd.curl.scurl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sda</extension>
+        <mime-type>application/vnd.stardivision.draw</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sdc</extension>
+        <mime-type>application/vnd.stardivision.calc</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sdd</extension>
+        <mime-type>application/vnd.stardivision.impress</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sdkd</extension>
+        <mime-type>application/vnd.solent.sdkm+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sdkm</extension>
+        <mime-type>application/vnd.solent.sdkm+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sdp</extension>
+        <mime-type>application/sdp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sdw</extension>
+        <mime-type>application/vnd.stardivision.writer</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>see</extension>
+        <mime-type>application/vnd.seemail</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>seed</extension>
+        <mime-type>application/vnd.fdsn.seed</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sema</extension>
+        <mime-type>application/vnd.sema</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>semd</extension>
+        <mime-type>application/vnd.semd</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>semf</extension>
+        <mime-type>application/vnd.semf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ser</extension>
+        <mime-type>application/java-serialized-object</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>setpay</extension>
+        <mime-type>application/set-payment-initiation</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>setreg</extension>
+        <mime-type>application/set-registration-initiation</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sfd-hdstx</extension>
+        <mime-type>application/vnd.hydrostatix.sof-data</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sfs</extension>
+        <mime-type>application/vnd.spotfire.sfs</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sfv</extension>
+        <mime-type>text/x-sfv</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sgi</extension>
+        <mime-type>image/sgi</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sgl</extension>
+        <mime-type>application/vnd.stardivision.writer-global</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sgm</extension>
+        <mime-type>text/sgml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sgml</extension>
+        <mime-type>text/sgml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sh</extension>
+        <mime-type>application/x-sh</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>shar</extension>
+        <mime-type>application/x-shar</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>shf</extension>
+        <mime-type>application/shf+xml</mime-type>
+    </mime-mapping>
+    <!--
+    <mime-mapping>
+        <extension>shtml</extension>
+        <mime-type>text/x-server-parsed-html</mime-type>
+    </mime-mapping>
+    -->
+    <mime-mapping>
+        <extension>sid</extension>
+        <mime-type>image/x-mrsid-image</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sig</extension>
+        <mime-type>application/pgp-signature</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sil</extension>
+        <mime-type>audio/silk</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>silo</extension>
+        <mime-type>model/mesh</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sis</extension>
+        <mime-type>application/vnd.symbian.install</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sisx</extension>
+        <mime-type>application/vnd.symbian.install</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sit</extension>
+        <mime-type>application/x-stuffit</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sitx</extension>
+        <mime-type>application/x-stuffitx</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>skd</extension>
+        <mime-type>application/vnd.koan</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>skm</extension>
+        <mime-type>application/vnd.koan</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>skp</extension>
+        <mime-type>application/vnd.koan</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>skt</extension>
+        <mime-type>application/vnd.koan</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sldm</extension>
+        <mime-type>application/vnd.ms-powerpoint.slide.macroenabled.12</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sldx</extension>
+        <mime-type>application/vnd.openxmlformats-officedocument.presentationml.slide</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>slt</extension>
+        <mime-type>application/vnd.epson.salt</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sm</extension>
+        <mime-type>application/vnd.stepmania.stepchart</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>smf</extension>
+        <mime-type>application/vnd.stardivision.math</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>smi</extension>
+        <mime-type>application/smil+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>smil</extension>
+        <mime-type>application/smil+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>smv</extension>
+        <mime-type>video/x-smv</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>smzip</extension>
+        <mime-type>application/vnd.stepmania.package</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>snd</extension>
+        <mime-type>audio/basic</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>snf</extension>
+        <mime-type>application/x-font-snf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>so</extension>
+        <mime-type>application/octet-stream</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>spc</extension>
+        <mime-type>application/x-pkcs7-certificates</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>spf</extension>
+        <mime-type>application/vnd.yamaha.smaf-phrase</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>spl</extension>
+        <mime-type>application/x-futuresplash</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>spot</extension>
+        <mime-type>text/vnd.in3d.spot</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>spp</extension>
+        <mime-type>application/scvp-vp-response</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>spq</extension>
+        <mime-type>application/scvp-vp-request</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>spx</extension>
+        <mime-type>audio/ogg</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sql</extension>
+        <mime-type>application/x-sql</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>src</extension>
+        <mime-type>application/x-wais-source</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>srt</extension>
+        <mime-type>application/x-subrip</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sru</extension>
+        <mime-type>application/sru+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>srx</extension>
+        <mime-type>application/sparql-results+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ssdl</extension>
+        <mime-type>application/ssdl+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sse</extension>
+        <mime-type>application/vnd.kodak-descriptor</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ssf</extension>
+        <mime-type>application/vnd.epson.ssf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ssml</extension>
+        <mime-type>application/ssml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>st</extension>
+        <mime-type>application/vnd.sailingtracker.track</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>stc</extension>
+        <mime-type>application/vnd.sun.xml.calc.template</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>std</extension>
+        <mime-type>application/vnd.sun.xml.draw.template</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>stf</extension>
+        <mime-type>application/vnd.wt.stf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sti</extension>
+        <mime-type>application/vnd.sun.xml.impress.template</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>stk</extension>
+        <mime-type>application/hyperstudio</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>stl</extension>
+        <mime-type>application/vnd.ms-pki.stl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>str</extension>
+        <mime-type>application/vnd.pg.format</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>stw</extension>
+        <mime-type>application/vnd.sun.xml.writer.template</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sub</extension>
+        <mime-type>text/vnd.dvb.subtitle</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sus</extension>
+        <mime-type>application/vnd.sus-calendar</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>susp</extension>
+        <mime-type>application/vnd.sus-calendar</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sv4cpio</extension>
+        <mime-type>application/x-sv4cpio</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sv4crc</extension>
+        <mime-type>application/x-sv4crc</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>svc</extension>
+        <mime-type>application/vnd.dvb.service</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>svd</extension>
+        <mime-type>application/vnd.svd</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>svg</extension>
+        <mime-type>image/svg+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>svgz</extension>
+        <mime-type>image/svg+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>swa</extension>
+        <mime-type>application/x-director</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>swf</extension>
+        <mime-type>application/x-shockwave-flash</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>swi</extension>
+        <mime-type>application/vnd.aristanetworks.swi</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sxc</extension>
+        <mime-type>application/vnd.sun.xml.calc</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sxd</extension>
+        <mime-type>application/vnd.sun.xml.draw</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sxg</extension>
+        <mime-type>application/vnd.sun.xml.writer.global</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sxi</extension>
+        <mime-type>application/vnd.sun.xml.impress</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sxm</extension>
+        <mime-type>application/vnd.sun.xml.math</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>sxw</extension>
+        <mime-type>application/vnd.sun.xml.writer</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>t</extension>
+        <mime-type>text/troff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>t3</extension>
+        <mime-type>application/x-t3vm-image</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>taglet</extension>
+        <mime-type>application/vnd.mynfc</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tao</extension>
+        <mime-type>application/vnd.tao.intent-module-archive</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tar</extension>
+        <mime-type>application/x-tar</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tcap</extension>
+        <mime-type>application/vnd.3gpp2.tcap</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tcl</extension>
+        <mime-type>application/x-tcl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>teacher</extension>
+        <mime-type>application/vnd.smart.teacher</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tei</extension>
+        <mime-type>application/tei+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>teicorpus</extension>
+        <mime-type>application/tei+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tex</extension>
+        <mime-type>application/x-tex</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>texi</extension>
+        <mime-type>application/x-texinfo</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>texinfo</extension>
+        <mime-type>application/x-texinfo</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>text</extension>
+        <mime-type>text/plain</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tfi</extension>
+        <mime-type>application/thraud+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tfm</extension>
+        <mime-type>application/x-tex-tfm</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tga</extension>
+        <mime-type>image/x-tga</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>thmx</extension>
+        <mime-type>application/vnd.ms-officetheme</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tif</extension>
+        <mime-type>image/tiff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tiff</extension>
+        <mime-type>image/tiff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tmo</extension>
+        <mime-type>application/vnd.tmobile-livetv</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>torrent</extension>
+        <mime-type>application/x-bittorrent</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tpl</extension>
+        <mime-type>application/vnd.groove-tool-template</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tpt</extension>
+        <mime-type>application/vnd.trid.tpt</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tr</extension>
+        <mime-type>text/troff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tra</extension>
+        <mime-type>application/vnd.trueapp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>trm</extension>
+        <mime-type>application/x-msterminal</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tsd</extension>
+        <mime-type>application/timestamped-data</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>tsv</extension>
+        <mime-type>text/tab-separated-values</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ttc</extension>
+        <mime-type>application/x-font-ttf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ttf</extension>
+        <mime-type>application/x-font-ttf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ttl</extension>
+        <mime-type>text/turtle</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>twd</extension>
+        <mime-type>application/vnd.simtech-mindmapper</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>twds</extension>
+        <mime-type>application/vnd.simtech-mindmapper</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>txd</extension>
+        <mime-type>application/vnd.genomatix.tuxedo</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>txf</extension>
+        <mime-type>application/vnd.mobius.txf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>txt</extension>
+        <mime-type>text/plain</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>u32</extension>
+        <mime-type>application/x-authorware-bin</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>udeb</extension>
+        <mime-type>application/x-debian-package</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ufd</extension>
+        <mime-type>application/vnd.ufdl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ufdl</extension>
+        <mime-type>application/vnd.ufdl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ulw</extension>
+        <mime-type>audio/basic</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ulx</extension>
+        <mime-type>application/x-glulx</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>umj</extension>
+        <mime-type>application/vnd.umajin</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>unityweb</extension>
+        <mime-type>application/vnd.unity</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uoml</extension>
+        <mime-type>application/vnd.uoml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uri</extension>
+        <mime-type>text/uri-list</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uris</extension>
+        <mime-type>text/uri-list</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>urls</extension>
+        <mime-type>text/uri-list</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>ustar</extension>
+        <mime-type>application/x-ustar</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>utz</extension>
+        <mime-type>application/vnd.uiq.theme</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uu</extension>
+        <mime-type>text/x-uuencode</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uva</extension>
+        <mime-type>audio/vnd.dece.audio</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvd</extension>
+        <mime-type>application/vnd.dece.data</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvf</extension>
+        <mime-type>application/vnd.dece.data</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvg</extension>
+        <mime-type>image/vnd.dece.graphic</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvh</extension>
+        <mime-type>video/vnd.dece.hd</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvi</extension>
+        <mime-type>image/vnd.dece.graphic</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvm</extension>
+        <mime-type>video/vnd.dece.mobile</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvp</extension>
+        <mime-type>video/vnd.dece.pd</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvs</extension>
+        <mime-type>video/vnd.dece.sd</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvt</extension>
+        <mime-type>application/vnd.dece.ttml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvu</extension>
+        <mime-type>video/vnd.uvvu.mp4</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvv</extension>
+        <mime-type>video/vnd.dece.video</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvva</extension>
+        <mime-type>audio/vnd.dece.audio</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvvd</extension>
+        <mime-type>application/vnd.dece.data</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvvf</extension>
+        <mime-type>application/vnd.dece.data</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvvg</extension>
+        <mime-type>image/vnd.dece.graphic</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvvh</extension>
+        <mime-type>video/vnd.dece.hd</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvvi</extension>
+        <mime-type>image/vnd.dece.graphic</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvvm</extension>
+        <mime-type>video/vnd.dece.mobile</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvvp</extension>
+        <mime-type>video/vnd.dece.pd</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvvs</extension>
+        <mime-type>video/vnd.dece.sd</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvvt</extension>
+        <mime-type>application/vnd.dece.ttml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvvu</extension>
+        <mime-type>video/vnd.uvvu.mp4</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvvv</extension>
+        <mime-type>video/vnd.dece.video</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvvx</extension>
+        <mime-type>application/vnd.dece.unspecified</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvvz</extension>
+        <mime-type>application/vnd.dece.zip</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvx</extension>
+        <mime-type>application/vnd.dece.unspecified</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>uvz</extension>
+        <mime-type>application/vnd.dece.zip</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>vcard</extension>
+        <mime-type>text/vcard</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>vcd</extension>
+        <mime-type>application/x-cdlink</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>vcf</extension>
+        <mime-type>text/x-vcard</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>vcg</extension>
+        <mime-type>application/vnd.groove-vcard</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>vcs</extension>
+        <mime-type>text/x-vcalendar</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>vcx</extension>
+        <mime-type>application/vnd.vcx</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>vis</extension>
+        <mime-type>application/vnd.visionary</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>viv</extension>
+        <mime-type>video/vnd.vivo</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>vob</extension>
+        <mime-type>video/x-ms-vob</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>vor</extension>
+        <mime-type>application/vnd.stardivision.writer</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>vox</extension>
+        <mime-type>application/x-authorware-bin</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>vrml</extension>
+        <mime-type>model/vrml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>vsd</extension>
+        <mime-type>application/vnd.visio</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>vsf</extension>
+        <mime-type>application/vnd.vsf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>vss</extension>
+        <mime-type>application/vnd.visio</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>vst</extension>
+        <mime-type>application/vnd.visio</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>vsw</extension>
+        <mime-type>application/vnd.visio</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>vtu</extension>
+        <mime-type>model/vnd.vtu</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>vxml</extension>
+        <mime-type>application/voicexml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>w3d</extension>
+        <mime-type>application/x-director</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wad</extension>
+        <mime-type>application/x-doom</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wav</extension>
+        <mime-type>audio/x-wav</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wax</extension>
+        <mime-type>audio/x-ms-wax</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- Wireless Bitmap -->
+        <extension>wbmp</extension>
+        <mime-type>image/vnd.wap.wbmp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wbs</extension>
+        <mime-type>application/vnd.criticaltools.wbs+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wbxml</extension>
+        <mime-type>application/vnd.wap.wbxml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wcm</extension>
+        <mime-type>application/vnd.ms-works</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wdb</extension>
+        <mime-type>application/vnd.ms-works</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wdp</extension>
+        <mime-type>image/vnd.ms-photo</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>weba</extension>
+        <mime-type>audio/webm</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>webm</extension>
+        <mime-type>video/webm</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>webp</extension>
+        <mime-type>image/webp</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wg</extension>
+        <mime-type>application/vnd.pmi.widget</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wgt</extension>
+        <mime-type>application/widget</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wks</extension>
+        <mime-type>application/vnd.ms-works</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wm</extension>
+        <mime-type>video/x-ms-wm</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wma</extension>
+        <mime-type>audio/x-ms-wma</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wmd</extension>
+        <mime-type>application/x-ms-wmd</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wmf</extension>
+        <mime-type>application/x-msmetafile</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- WML Source -->
+        <extension>wml</extension>
+        <mime-type>text/vnd.wap.wml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- Compiled WML -->
+        <extension>wmlc</extension>
+        <mime-type>application/vnd.wap.wmlc</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- WML Script Source -->
+        <extension>wmls</extension>
+        <mime-type>text/vnd.wap.wmlscript</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <!-- Compiled WML Script -->
+        <extension>wmlsc</extension>
+        <mime-type>application/vnd.wap.wmlscriptc</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wmv</extension>
+        <mime-type>video/x-ms-wmv</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wmx</extension>
+        <mime-type>video/x-ms-wmx</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wmz</extension>
+        <mime-type>application/x-msmetafile</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>woff</extension>
+        <mime-type>application/x-font-woff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wpd</extension>
+        <mime-type>application/vnd.wordperfect</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wpl</extension>
+        <mime-type>application/vnd.ms-wpl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wps</extension>
+        <mime-type>application/vnd.ms-works</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wqd</extension>
+        <mime-type>application/vnd.wqd</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wri</extension>
+        <mime-type>application/x-mswrite</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wrl</extension>
+        <mime-type>model/vrml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wsdl</extension>
+        <mime-type>application/wsdl+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wspolicy</extension>
+        <mime-type>application/wspolicy+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wtb</extension>
+        <mime-type>application/vnd.webturbo</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>wvx</extension>
+        <mime-type>video/x-ms-wvx</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>x32</extension>
+        <mime-type>application/x-authorware-bin</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>x3d</extension>
+        <mime-type>model/x3d+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>x3db</extension>
+        <mime-type>model/x3d+binary</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>x3dbz</extension>
+        <mime-type>model/x3d+binary</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>x3dv</extension>
+        <mime-type>model/x3d+vrml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>x3dvz</extension>
+        <mime-type>model/x3d+vrml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>x3dz</extension>
+        <mime-type>model/x3d+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xaml</extension>
+        <mime-type>application/xaml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xap</extension>
+        <mime-type>application/x-silverlight-app</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xar</extension>
+        <mime-type>application/vnd.xara</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xbap</extension>
+        <mime-type>application/x-ms-xbap</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xbd</extension>
+        <mime-type>application/vnd.fujixerox.docuworks.binder</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xbm</extension>
+        <mime-type>image/x-xbitmap</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xdf</extension>
+        <mime-type>application/xcap-diff+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xdm</extension>
+        <mime-type>application/vnd.syncml.dm+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xdp</extension>
+        <mime-type>application/vnd.adobe.xdp+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xdssc</extension>
+        <mime-type>application/dssc+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xdw</extension>
+        <mime-type>application/vnd.fujixerox.docuworks</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xenc</extension>
+        <mime-type>application/xenc+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xer</extension>
+        <mime-type>application/patch-ops-error+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xfdf</extension>
+        <mime-type>application/vnd.adobe.xfdf</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xfdl</extension>
+        <mime-type>application/vnd.xfdl</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xht</extension>
+        <mime-type>application/xhtml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xhtml</extension>
+        <mime-type>application/xhtml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xhvml</extension>
+        <mime-type>application/xv+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xif</extension>
+        <mime-type>image/vnd.xiff</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xla</extension>
+        <mime-type>application/vnd.ms-excel</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xlam</extension>
+        <mime-type>application/vnd.ms-excel.addin.macroenabled.12</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xlc</extension>
+        <mime-type>application/vnd.ms-excel</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xlf</extension>
+        <mime-type>application/x-xliff+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xlm</extension>
+        <mime-type>application/vnd.ms-excel</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xls</extension>
+        <mime-type>application/vnd.ms-excel</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xlsb</extension>
+        <mime-type>application/vnd.ms-excel.sheet.binary.macroenabled.12</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xlsm</extension>
+        <mime-type>application/vnd.ms-excel.sheet.macroenabled.12</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xlsx</extension>
+        <mime-type>application/vnd.openxmlformats-officedocument.spreadsheetml.sheet</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xlt</extension>
+        <mime-type>application/vnd.ms-excel</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xltm</extension>
+        <mime-type>application/vnd.ms-excel.template.macroenabled.12</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xltx</extension>
+        <mime-type>application/vnd.openxmlformats-officedocument.spreadsheetml.template</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xlw</extension>
+        <mime-type>application/vnd.ms-excel</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xm</extension>
+        <mime-type>audio/xm</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xml</extension>
+        <mime-type>application/xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xo</extension>
+        <mime-type>application/vnd.olpc-sugar</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xop</extension>
+        <mime-type>application/xop+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xpi</extension>
+        <mime-type>application/x-xpinstall</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xpl</extension>
+        <mime-type>application/xproc+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xpm</extension>
+        <mime-type>image/x-xpixmap</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xpr</extension>
+        <mime-type>application/vnd.is-xpr</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xps</extension>
+        <mime-type>application/vnd.ms-xpsdocument</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xpw</extension>
+        <mime-type>application/vnd.intercon.formnet</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xpx</extension>
+        <mime-type>application/vnd.intercon.formnet</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xsl</extension>
+        <mime-type>application/xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xslt</extension>
+        <mime-type>application/xslt+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xsm</extension>
+        <mime-type>application/vnd.syncml+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xspf</extension>
+        <mime-type>application/xspf+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xul</extension>
+        <mime-type>application/vnd.mozilla.xul+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xvm</extension>
+        <mime-type>application/xv+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xvml</extension>
+        <mime-type>application/xv+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xwd</extension>
+        <mime-type>image/x-xwindowdump</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xyz</extension>
+        <mime-type>chemical/x-xyz</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>xz</extension>
+        <mime-type>application/x-xz</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>yang</extension>
+        <mime-type>application/yang</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>yin</extension>
+        <mime-type>application/yin+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>z</extension>
+        <mime-type>application/x-compress</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>Z</extension>
+        <mime-type>application/x-compress</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>z1</extension>
+        <mime-type>application/x-zmachine</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>z2</extension>
+        <mime-type>application/x-zmachine</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>z3</extension>
+        <mime-type>application/x-zmachine</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>z4</extension>
+        <mime-type>application/x-zmachine</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>z5</extension>
+        <mime-type>application/x-zmachine</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>z6</extension>
+        <mime-type>application/x-zmachine</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>z7</extension>
+        <mime-type>application/x-zmachine</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>z8</extension>
+        <mime-type>application/x-zmachine</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>zaz</extension>
+        <mime-type>application/vnd.zzazz.deck+xml</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>zip</extension>
+        <mime-type>application/zip</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>zir</extension>
+        <mime-type>application/vnd.zul</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>zirz</extension>
+        <mime-type>application/vnd.zul</mime-type>
+    </mime-mapping>
+    <mime-mapping>
+        <extension>zmm</extension>
+        <mime-type>application/vnd.handheld-entertainment+xml</mime-type>
+    </mime-mapping>
+
+  <!-- ==================== Default Welcome File List ===================== -->
+  <!-- When a request URI refers to a directory, the default servlet looks  -->
+  <!-- for a "welcome file" within that directory and, if present, to the   -->
+  <!-- corresponding resource URI for display.                              -->
+  <!-- If no welcome files are present, the default servlet either serves a -->
+  <!-- directory listing (see default servlet configuration on how to       -->
+  <!-- customize) or returns a 404 status, depending on the value of the    -->
+  <!-- listings setting.                                                    -->
+  <!--                                                                      -->
+  <!-- If you define welcome files in your own application's web.xml        -->
+  <!-- deployment descriptor, that list *replaces* the list configured      -->
+  <!-- here, so be sure to include any of the default values that you wish  -->
+  <!-- to use within your application.                                       -->
+
+    <welcome-file-list>
+        <welcome-file>index.html</welcome-file>
+        <welcome-file>index.htm</welcome-file>
+        <welcome-file>index.jsp</welcome-file>
+    </welcome-file-list>
+
+</web-app>
diff --git a/testbed/integration/shibboleth-idp/credentials/shib-idp/idp-encryption.crt b/testbed/integration/shibboleth-idp/credentials/shib-idp/idp-encryption.crt
new file mode 100644
index 000000000..5587059bf
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/credentials/shib-idp/idp-encryption.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIJAJ2AOdYo1M8xMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV
+BAMMEGlkcC51bmljb24ubG9jYWwwHhcNMjAwNTI3MTgxMDE0WhcNMjUwNTI2MTgx
+MDE0WjAbMRkwFwYDVQQDDBBpZHAudW5pY29uLmxvY2FsMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAp3MXVm6QP7qEhSQ16mIDjFAoUuBeqD7hzFlh4neY
+9N1rlU3Ut+qUWQWPeuJtjl3c3RMR9Uctbaw9H7wrI0pn8YBRAOhJg3Xu4mwpQfMl
+R4/QnE+Wno/S0khksfWtBU8B5DqR7UzhwjjRjJPfHCcKP+GXxVkfKNzNjf8VodVG
+e0Nn81cJP3PbYYgMkax4jEKUcZ/6YZzc1UY53Vnjbi4nqQU7pDUhfAtusi7rRXFm
+tB5z6qiwTM79aeW0SExYF1up6/06ImIU5RQY3f1ouonSUVSgmXc2/lGXQJdFJe7C
+9ELkOUmzgLacGQ8OUA6Xy5lbz0xiTHqc8h+1v4/PTYRJVQIDAQABo2cwZTBEBgNV
+HREEPTA7ghBpZHAudW5pY29uLmxvY2FshidodHRwczovL2lkcC51bmljb24ubG9j
+YWwvaWRwL3NoaWJib2xldGgwHQYDVR0OBBYEFCMykG71ww3BiwZl9Mv9QyqjyJTL
+MA0GCSqGSIb3DQEBCwUAA4IBAQA83eXZlUb9mPl9a9cgUdTaVvGLQ+mZj1AB5gS4
+GxOsDiUi648LDEjiCjhbvB9SM4j3n2mQ0G+hPk15Mv18EKOJkV8ft0N7JmZz6D+f
+JVUO39ynWVKGnMM1H/93IltgzYwOHnfIoWcrErqCRjXxjHQgweZ6yCoYSLxHjVI/
+KsYkds46PY5Hrs7cnnFMehylmVnCqopUUwFBn6/XgQtj/ESkz8L/zJc0zuxJbCLB
+rs3HcGkhBFOn77YBwQMsAKooiA07QLeqQYtYo+JcTD+t57eE40qNaMkioY06QlFr
+gduIdTOHEVXbEPawoSgdYlg8qOG1dPyuKrhZu+Cbyq7bs8cG
+-----END CERTIFICATE-----
diff --git a/testbed/integration/shibboleth-idp/credentials/shib-idp/idp-encryption.key b/testbed/integration/shibboleth-idp/credentials/shib-idp/idp-encryption.key
new file mode 100644
index 000000000..e188b6b9f
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/credentials/shib-idp/idp-encryption.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCncxdWbpA/uoSF
+JDXqYgOMUChS4F6oPuHMWWHid5j03WuVTdS36pRZBY964m2OXdzdExH1Ry1trD0f
+vCsjSmfxgFEA6EmDde7ibClB8yVHj9CcT5aej9LSSGSx9a0FTwHkOpHtTOHCONGM
+k98cJwo/4ZfFWR8o3M2N/xWh1UZ7Q2fzVwk/c9thiAyRrHiMQpRxn/phnNzVRjnd
+WeNuLiepBTukNSF8C26yLutFcWa0HnPqqLBMzv1p5bRITFgXW6nr/ToiYhTlFBjd
+/Wi6idJRVKCZdzb+UZdAl0Ul7sL0QuQ5SbOAtpwZDw5QDpfLmVvPTGJMepzyH7W/
+j89NhElVAgMBAAECggEAHPLWvAiNQ5c5RdNGxuh++Ij7D6jedHO6kZt6Qq6ucNa+
+vKch+VHCp8lATtxKWGx9vHKJjj/p6KX4Qz5Cru00Hxox5thBrUp8LATK9S3V6hNA
+22UfAvaWWehOED4K1XodN5mwlLfP58Xu5EDEN5fAO98CYAnSSzwxBTVuRfYbIz/y
+ZtbBnsrq+PSG1acPjlftbzRlSlVxSWmITCnNAH3zO5ugAnrbbvA2HPXQe042Xe25
+x0NS83zP/KK198THlzV+UeW1S08gyzWdF2sE+6UYL4Dp6weuPv4EafRRYWUgV0z8
+z8IE3PwPb8LdNgdP8v0Zhoz5lSC5Y3WL6YwbgRro2QKBgQDRdl7FLszcvr/yuHA4
+DFRnK6DrR1fqRnK7xlLTWgOIh27lC8wY/qRPP+7mVwOvECKasBE1sxRoURG/DDAa
+QNVqJWszBOwHlIRvwMhbze9JXO5D6M3hWLZu+ZbWn+dGdVeBlyTX2y95V32ZzaUv
+CNVjQ3FNF7U/6ZvqaCGeroZ/2wKBgQDMpyaexWYypvNOoExyoO46IH4fFVO7raCG
+aWgDgmhyifTLIysgCdDAs7tPPkNhxt5BgSc5Awa9MVmpK2scttJnjnGwsHQyaGmD
+fi6UTDkzN1ijL/hXtd5SnuynVWTDkdLvYfSr8t8zevmYddZRKjnzIaYG7IFueO0C
+oQtKfMX6jwKBgDYMlFHPTL+dXQx1uUdNLy5cHK75ft8OBKcdetvcu1Ksl9n0nFrK
+wn1Mowm+5E11HWjLC/XOWvK8EJc6vuLXXfqA41OL7pfaI/5uQYUm85r7puPRG+cN
+LC4gq2KAan5M4yKmbLRic7Kc9+ULIpercNynV4IsHvH6BuiKrDo1ELHHAoGAE/EN
+sFbn2HOwLa8tA9ZuoDdeUsUPPbBzfeVzfzQL3W1X7xtkLmEGeGCLFfOpOTPZoGRn
+YATNeU3/wJ48d7XQ1spohaEMEYVfErMO8uBiin0QJAaeml1cZoyZ3sxRX0UsWqse
+3kpyOV/4RkTlN094ChrzRKVzD0K1RZZPtVhnKj0CgYAPqNvfgj1YB9Ejc0wM6zGx
+iElOKPAwmmUqr2odFs5YVmICp2sIi/OSIjL4WTzQ2PBtBaU8NVVFjchmrpYWQQNe
+D7k8ZaGBjRivTnswS+xTdIKbsY9VchFXhGkFFUBswHWCLG7myvgNd/0JTvZtkK3C
+4Bohg2T1ArE7WMcY4QgXNw==
+-----END PRIVATE KEY-----
diff --git a/testbed/integration/shibboleth-idp/credentials/shib-idp/idp-signing.crt b/testbed/integration/shibboleth-idp/credentials/shib-idp/idp-signing.crt
new file mode 100644
index 000000000..1e8cc50ea
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/credentials/shib-idp/idp-signing.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIJAN45D3DbemrtMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV
+BAMMEGlkcC51bmljb24ubG9jYWwwHhcNMjAwNTI3MTgxMDE0WhcNMjUwNTI2MTgx
+MDE0WjAbMRkwFwYDVQQDDBBpZHAudW5pY29uLmxvY2FsMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAoDNLPFL/47cSWKbfb89lVz3EsIlb4z8lZbZUNyzF
+m3my5mioe9b6xrS8QF16l1ALb8SEwQzECPKuyRp1LQ5Rj79Ba38TDl+4BezjC7Ui
+f9OwzXIYfcetEFZ85tjufIl3ryVbY2kQ1TRypqk72pF1uDLEnqXrnystRxi4x22f
+wTu+KkTy0tL/5oV2tjJY0vtO3YAsjNpqqI6WqcbjewtJVIrG4OuOF3r9CPCU7hOY
+fc4BtvSQhOgryJM+dF9PmpvALJO8LrMBsNdAO3gz37+mA1F/tD7WYP2XLvrHh+Wd
+c0QJ/f8AzCJm5QV4lA/UH/0tKMQS178ti7+4Jyw38iHkYQIDAQABo2cwZTBEBgNV
+HREEPTA7ghBpZHAudW5pY29uLmxvY2FshidodHRwczovL2lkcC51bmljb24ubG9j
+YWwvaWRwL3NoaWJib2xldGgwHQYDVR0OBBYEFGFkPVcsjWlZDfUk1+SifxhP1l7I
+MA0GCSqGSIb3DQEBCwUAA4IBAQBZUq9P9A9DsypasD6WcHNP/EyP5spKRRu2CTWm
+Y645kOjg7qMIasHVwA5jSPU7ozgPRV6MpdjCJVWYjUpeSCwXx6YAEKFLZ9WXV26i
+e1GFTP1lJqlpnJZqs1RBgvF7q/JxFvxSl8UpjoxNufBANC14T6T3EMQ9EvWLTdCM
+cEuXxkwzpeEkh5MtCoicgQ1yvay2QGQBbfCauPAASd957+S7brRON4R2gPonCf18
+5rzh7Do7kFBc6pqAHCYGTUz7uY11EPktIC6AIlZmXV1J0wBCP6SoiZDFjwZsj6m6
+S1N5qGtWDOT5vZiT1nF+mNd990c8qjVcyQST42VyXCBnJ7DR
+-----END CERTIFICATE-----
diff --git a/testbed/integration/shibboleth-idp/credentials/shib-idp/idp-signing.key b/testbed/integration/shibboleth-idp/credentials/shib-idp/idp-signing.key
new file mode 100644
index 000000000..3e93b9fbe
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/credentials/shib-idp/idp-signing.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCgM0s8Uv/jtxJY
+pt9vz2VXPcSwiVvjPyVltlQ3LMWbebLmaKh71vrGtLxAXXqXUAtvxITBDMQI8q7J
+GnUtDlGPv0FrfxMOX7gF7OMLtSJ/07DNchh9x60QVnzm2O58iXevJVtjaRDVNHKm
+qTvakXW4MsSepeufKy1HGLjHbZ/BO74qRPLS0v/mhXa2MljS+07dgCyM2mqojpap
+xuN7C0lUisbg644Xev0I8JTuE5h9zgG29JCE6CvIkz50X0+am8Ask7wuswGw10A7
+eDPfv6YDUX+0PtZg/Zcu+seH5Z1zRAn9/wDMImblBXiUD9Qf/S0oxBLXvy2Lv7gn
+LDfyIeRhAgMBAAECggEASJM0UF3ho036t8LRkpvIc19+TePMhwTCcnPJbz2PQEI/
+8/YR7hiUf5S9fANdWFNg+v9yjOq1nMAkwuKDlyfXd2HTx1lITsi6W6TXryQePv6u
+KES6J7FgC/jCmOpKEI1OdUBdSIn+oDgkgLBGd1xSkmIdhSnxtqge2QiwHVjieO1a
+O4zR2lI4eywWJJWWYxgftDNTWwtL94vmfi33up95kAXk8hxIZtMJ0MnNxTrCr1sh
+i3yF/JETK0VzbI/eJecIXKtGZO0X01boWoeMSAZXJGkK/d0SGSSeISfADgFn4VxA
+aktuq6byui0dSVuT8arA0lC2n4W8p8BVceKrEvH36QKBgQDR7h7m9WckQ9HqTIdH
+ITdBNkevrId0GOdC8MRVvEMJQDBtVomdmmSVS4taQFdZ9yUqMw5PY2o6D7qI3KoK
+DyzyPJalNzMoOvSR5Xieg9IjBEdYrz8PZr4aFUc0+fTR0C1mPiLMVyO0IftJOQzR
+aCHJc+JIO6cYMirTKMjxdNVC5wKBgQDDW1pNrcGBmviEQAqdUfdZlFz26jv3jdgT
+81QAgTUq0ieSkbxMTtd0ugk0r48HaRGl+4+agGYHIx8LjuKEHGrezjWF4k9VSsjD
+vd1y6FSBVZKiKEOrrVRpuBi4bSDXM6anR6ovvWRjUoS24PrKdGgEYo8cib4QTTVh
+088rDmN9dwKBgBANJ/m629cPBHbowRM0O/hVgSeyhmzfFpestyZjDbEgYlOJ4V3W
+l0g/DXmqH8O2PPY8DyUM0et8lmOuk6XPQT2IWnBphxTVZSveotlj9OZOhnIGfEje
+LzzpUZeAYTLFuyLtL1X2d7lnO8J+hTdhweuYW73wKbeU5mdc3/huWXwTAoGAL4t2
+KN2W8MIUpasoai1es7CGB5nuSkt9QS3BTfYkSG2pL+TEHRY7Ha+BOg9YEgeiQfE9
+e+6v5iDIF3oI6vo3kE5DfHgdsrZmsiztTl/44RlAfLKr9YZTuv8RFSGKEpYBg0jP
+xJqlaf7VSeTrZIZ8IkUSa3GijjkcOtjf3Ky9zfUCgYB6Hk6Ixb2ksM2tdLFFm+/x
+w+pzI6kaK5KW0kaNax2WwyzrvF0W3pQwVeFwPVgeWjdL0F4pXtHc4HGKwTNMEJfO
+4B5Gi5unIrff9gCNpkwMlfLSTmvvhthzs8dNGTGjWzAuGqug2xQlPCWLK/c0mZSq
+55MS3HX0pv+LFsKGr9+nZQ==
+-----END PRIVATE KEY-----
diff --git a/testbed/integration/shibboleth-idp/credentials/shib-idp/inc-md-cert-mdq.pem b/testbed/integration/shibboleth-idp/credentials/shib-idp/inc-md-cert-mdq.pem
new file mode 100644
index 000000000..178dcf853
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/credentials/shib-idp/inc-md-cert-mdq.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEvjCCAyagAwIBAgIJANpi9/mkU/zoMA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRYwFAYDVQQK
+DA1JbnRlcm5ldDIuZWR1MREwDwYDVQQLDAhJbkNvbW1vbjEZMBcGA1UEAwwQbWRx
+LmluY29tbW9uLm9yZzAeFw0xODExMTMxNDI5NDNaFw0zODExMTAxNDI5NDNaMHQx
+CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRYw
+FAYDVQQKDA1JbnRlcm5ldDIuZWR1MREwDwYDVQQLDAhJbkNvbW1vbjEZMBcGA1UE
+AwwQbWRxLmluY29tbW9uLm9yZzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoC
+ggGBAJ0+fUTzYVSP6ZOutOEhNdp3WPCPOYqnB4sQFz7IeGbFL1o0lZjx5Izm4Yho
+4wNDd0h486iSkHxNf5dDhCqgz7ZRSmbusOl98SYn70PrUQj/Nzs3w47dPg9Tpb/x
+y44PvNLS/rE56hPgCz/fbHoTTiJt5eosysa1ZebQ3LEyW3jGm+LGtLbdIfkynKVQ
+vpp1FVeCamzdeB3ZRICAvqTYQKE1JQDGlWrEsSW0VVEGNjfbzMzr/g4l8JRdMabQ
+Jig8tj3UIXnu7A2CKSMJSy3WZ3HX+85oHEbL+EV4PtpQz765c69tUIdNTJax9jQ2
+1c3wL0K27HE8jSRlrXImD50R3dXQBKH+iiynBWxRPdyMBa1YfK+zZEWPbLHshSTc
+9hkylQv3awmPR/+Plz5AtTpe5yss/Ifyp01wz1jt42R+6jDE+WbUjp5XDBCAjGEE
+0FPaYtxjZLkmNl367bdTN12OIn/ixPNH+Z/S/4skdBB9Gc4lb2fEBywJQY0OYNOd
+WOxmPwIDAQABo1MwUTAdBgNVHQ4EFgQUMHZuwMaYSJM5mlu3Wc4Ts5xq4/swHwYD
+VR0jBBgwFoAUMHZuwMaYSJM5mlu3Wc4Ts5xq4/swDwYDVR0TAQH/BAUwAwEB/zAN
+BgkqhkiG9w0BAQsFAAOCAYEAMr4wfLrSoPTzfpXtvL+2vrKBJNnRfuJpOYTbPKUc
+DOP2QfzRlczi7suYJvd5rLiRonq8rjyPUyM8gvTfbTps+JhJ6S9mS6dTBxOV1qPZ
+3Ab+XKmq8LUtguGRabKgJgmJH0+inR/wVoal7EVHcWXfij9AT8DZOXW88shc6grh
+jUaFZBu/2+q8c8ee0e4ip8B+CVEnCwDKI0d+nTcSmPvAE34CNa33F+QGpXawv5yv
+VvIpSaLAeFQhc/jKcnNHfy+Zi7JmSnKZiMvQCbWANQmDjHg7pGmBW9nyQcm6P2/B
+0AVcEj1YTpAR8Mbh1pUdIhoB+chaNnFEIZsXeRsdbbAFpxodInlJ7WekfuvSQ6sU
+EXpoyBGOeuuTmR1va8k3QeL8Wc4yNu/g5LwjmtvPrh2jBF8xujc4J6VzP8K2BjA4
+xk4LnXgjHOT93dBAJhVYJkykDHwyvHUvsBHoP6lfjrt5P8zunK2mdP/AZKik+Rdt
+1GGlErV2AyWShTOaDLW6NxdP
+-----END CERTIFICATE-----
diff --git a/testbed/integration/shibboleth-idp/credentials/shib-idp/sealer.jks b/testbed/integration/shibboleth-idp/credentials/shib-idp/sealer.jks
new file mode 100644
index 0000000000000000000000000000000000000000..fe7529f3b5316452de44e17ac070d49f85864fa0
GIT binary patch
literal 518
zcmX?i?%X*B1_mY|W&~np2KM6A<f7CPLm<ECQQoDwYu+-j78fxXC+Fwt6_@7eB^Ol|
zl;rCb6y=v?rlc0>1*azFq^9^MWu+#UxaAjlr&b0O<(B|C`9){LPendA*c}WsyrPIf
zGApqxu>z(aS(}}i?Xtt$LkgG}SfUwtQ}dGZQ&Lj`5{nXZi%S@oqMf1{1b~7dds9=K
z^Ycnl^GXUC>KK@O7&r^SsvL9DOBjTFKo;odB<7{-2bUCO=A~QvfP9mf1C$1-XRatH
zEdrUh=Ck+@Hja=7Aa@l2JuPU!&%$x{&CI?1x9WJAn3;JUN<r#bfl>?f1ev`i^`}ZL
zGYvQ&t>F=+;4tA~mqGdA=sf4M<&C*rvz}zPo)0lu>w8!9%(5j4MbEW2wq0AyDX=>~
z%jsH|;&RJ=;U<edNtF${D>goV*JS=gGobU*+OO;$^)}3IbGn0OuZUQ?yz5|mihHYo
zr)TM0*7;Ma&+OMay<tu0%8!1vkGDUY@p;q7<i(F>X-%E7=1*k8+yz;T)pJ=wrrhge
zI^qys!XOsl<Qkq?lHu!O>X?@jQj}Sclj`Ccj8o!Be#^ASztuM<&)mpzOnbsKp8TGj
E082o}-2eap

literal 0
HcmV?d00001

diff --git a/testbed/integration/shibboleth-idp/credentials/shib-idp/sealer.kver b/testbed/integration/shibboleth-idp/credentials/shib-idp/sealer.kver
new file mode 100644
index 000000000..81a9ede16
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/credentials/shib-idp/sealer.kver
@@ -0,0 +1,2 @@
+#Thu Feb 06 17:19:55 UTC 2020
+CurrentVersion=1
diff --git a/testbed/integration/shibboleth-idp/credentials/shib-idp/secrets.properties b/testbed/integration/shibboleth-idp/credentials/shib-idp/secrets.properties
new file mode 100644
index 000000000..e1963309a
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/credentials/shib-idp/secrets.properties
@@ -0,0 +1,14 @@
+# This is a reserved spot for most properties containing passwords or other secrets.
+# Created by install at Wed May 27 18:10:14 UTC 2020
+
+# Access to internal AES encryption key
+idp.sealer.storePassword = e1ef1671-661c-43d6-be51-ae9888fa3879
+idp.sealer.keyPassword = e1ef1671-661c-43d6-be51-ae9888fa3879
+
+# Default access to LDAP authn and attribute stores. 
+idp.authn.LDAP.bindDNCredential              = admin
+idp.attribute.resolver.LDAP.bindDNCredential = %{idp.authn.LDAP.bindDNCredential:undefined}
+
+# Salt used to generate persistent/pairwise IDs, must be kept secret
+#idp.persistentId.salt = changethistosomethingrandom
+
diff --git a/testbed/integration/shibboleth-idp/credentials/tomcat/keystore.jks b/testbed/integration/shibboleth-idp/credentials/tomcat/keystore.jks
new file mode 100644
index 0000000000000000000000000000000000000000..ea9ad03b73e121bbe04b2e84b31c446e69777826
GIT binary patch
literal 3840
zcmc&$`A=Ne6`nUR1AdG!3<LvVv)RWiZw46Su-J^jX7ON_nZ)c2!#04~$7Xj@(MGMR
zDpjPkiCd{v7d4IgLz=~HqNoy$9i@?)O;IE#QKTeN6s4{Ig?`_hn+I+Bd!_GuXSsLo
za_+hJ&HcZ;cK;h#EEX$7i;2EAwJ^OFnOU5gL}(SA7Nw)bV$%$m@em`~uAjDR@tVt;
zs%bV0W0WZf;9J`)%j<#>%+K~oD1NpkDwgn_TcS%!?bS!)r{LU7h$bD4)xo*gU*eJ2
zz*Gy2z{cL_RW_tTwhM~EE0CmJP{RhO05TCSFJ(J03i;RLzZ@RXXJCD{{{%Q?6Lj~F
zbER)RbE@+7U!Q{)m@WkSCMPr~z{TY^L$1_-_)}nEyH|{rcF_(|+oG;PS+X7mXGvh5
zgA6b?vjxtgaS6Wreds1g5Mqb;^)0Yq%(OUVubu<eA#p?RzF;=NV2+tF;IgPQqJ&RC
z>6|09v5}LX2;-r(S#Zk1D*>p90w>dQ6yqiE3=+UqorEwK3uT~+s=NE4au{2!zR+9G
z?!elGlwYN_21$khlgz||*x;}BUuI4!azT+c38z4DNWpc}g5g)w$2QF45RA`5bHjtx
z)8M$W_kIY~31LHU0yGwVkTbha7cDWXiKBfg*^TgqA?c9gT&SwKG?+|FcVQx%fqAZv
zS*a~_<eZn7t=`UiP$eFi^%WJb2dZ)<#B{nP0(SDO1>NfQz;k#d#FaK>%!vc$QmdPz
zLuNpXq5)%xxvo|}<3Ka4SS!Q@S#+kd<h_@M4`&V|aN%Me_y%O~7)w{c%yDKG8Gl^_
z5i~Do7fc66VWhqx7y1DRM`|ux$$=7ZMJ71T@G)`2ebDFD_zJi#fwq@3r9oIP&i;={
zx>ymw%?|3@zu;to#v14uHuKbMB*C(2^}qQz>^;+mu~Nxn4RgImF}LE(n6|zDoWyu6
zvH4K5tFta<l#>l}^22hig=eB{c9A(PU6+V@gKVGv3BF4E-JhDh#qc+%W#o!K#0Sg7
zg@<6Ox?F39z2O8U8)k>>qF8;ypT7vobE(3ss+2A~j0_fn4HD-pzVlMWwPKh#HRS`v
zvAfDc=*Ybaj(qeem_B=`Sz+<51AL+iz4?4T_%wXJ|H>D?e;x*pQ?RS{IjW1#(fBM>
zcz66fX%lTZ|NQaK#H*g|tV;+c!{I8jTKJ&tZL8^EKLP;~MEOMtr$Vu&HkooBY6Ikh
z7eE5X2qzbmLybb15}@GP8V~5;)%6{y8+;2MgqZmFxxekh>4z{+CiqSs{MK~E;I#y}
zepbZUxlHiVF8czU70B8H>9yQIdh2ZMY6*-a$bVsoOA);HJ7{M5e}V_@J9rTs>b8Sf
z8o(r^UCgoMdKflR%lS|VOL|yZaz*WCb}&IqBj5>EfQMLJJW(cAup6m^!5rT#kjUZZ
zr%VE1ml_l%2MwxHY_H4Z#P@&l>_7hed>gG8SVYqh=BsFF035X*{HPF`b;3*vuJ})j
z!DMc;o>&iYki{kt&*qU8P`fJFgzgN6@7xBfQCN$YU;hEv#J!*M)LS4dg5G)Vjfn#q
z*<#}Dr%e;aPVvl{(eUPK9(Ucz8PjG!<D{jJzpIwON(0V{s_h))u7EB+ATzv94CI$*
z*2Mlr*{)XA8D}jP?uohoM)U2aYt^jQc%BSk7`pu!pHg+gx~3)BEXJPu0VB;G7mT+%
z9Q{FG=h%fS!R|ocfIH1dWjN8H$HM)AmOz`^X{0ci;5a6II|2jl;}{q*-C>W#uDDb1
zzYT#TM}h=`?kwX3BXMadk;&z%=wc+iv{<#U6b>yIc_(y_VR$_??s|{6&NB$tZFt@F
z%Kg8u4++yweLHpdH_Bvd$1TjerZeN3W&wA_|Mj)BWuB+k2Fiw<UIJAof>^|@Zk__5
z9=ts9z>)TOaM@hBx<C9n^>WMr3s;aOs;Xg;#ST;ruvUF3pz9-`FQ2%ro`GI??>}}t
z3>AS0cyWdxe}5U|DFX2UaPfi3>3JBO00Funbjw}K5~#NG8VO2FtLHjj-@}&H=v?-v
z-%&Tal3V621=N)mr>CZAD~q4Q_3W;s(K%yK!XN#n3C1<<XH(}!J1!SX3wV8`5bQUG
z>!Ip7GSCefVz&6T6HGwy9_vi+!nw*-#|W3pJp)n5nGUge%P72Cz(^@y+s+|toMz$M
zaMH*(a#6Oq$?+NS>6tukpmmw~X!ajw6mA()-PZi=GQkatl}W5J)@wG<ZIZwA@L>To
zer!j5O)6omqI^DD^KDECJMqoG$F4y4Vcv5javmygnkTsZ!K;aCBQ`4wuWM%n+&DA7
zF*eV^m{q`GusXPhGzjYr2z>Y}aO-eC;|;SCZ2ja9{bIerR)9rv6g{irZHfv*-8?xZ
zj?>k0?(Qu$z!uXCs6$Xzr>fwuZ#}hgX&1qJ-vfmpygerP)CPHR*aEOoeT!gaN|1^#
zG2p*(U5spQn+fJJ&xZDRyt<ayHv-Kn*=||hDS&1LoABr-VQ+csC6X>`j4S6H$&K$k
Y3B{WU^riD3e!r>(wJ5I7Ded~d0mC}}@&Et;

literal 0
HcmV?d00001

diff --git a/testbed/integration/shibboleth-idp/metadata/dynamic/700bfe6fa4495100f5c193fa5b7ca4192c150923.xml b/testbed/integration/shibboleth-idp/metadata/dynamic/700bfe6fa4495100f5c193fa5b7ca4192c150923.xml
new file mode 100644
index 000000000..3d2f94edf
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/metadata/dynamic/700bfe6fa4495100f5c193fa5b7ca4192c150923.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_ovnpetykvemkdiggdzbbopckyuitcjk7wy9vz4v" entityID="https://unicon.net/test/shibui" validUntil="2041-09-09T18:02:00.352Z">
+    <md:Extensions>
+        <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
+        <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
+        <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
+        <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+        <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
+        <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>
+        <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+        <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+        <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
+    </md:Extensions>
+    <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+        <md:Extensions>
+            <init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://shibui.unicon.local/callback?client_name=shibUIAuthClient"/>
+        </md:Extensions>
+        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://shibui.unicon.local/callback?client_name=shibUIAuthClient&amp;idplogoutrequest=true"/>
+        <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
+        <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
+        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
+        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://shibui.unicon.local/callback?client_name=shibUIAuthClient" index="0"/>
+    </md:SPSSODescriptor>
+</md:EntityDescriptor>
diff --git a/testbed/integration/shibboleth-idp/wwwroot/robots.txt b/testbed/integration/shibboleth-idp/wwwroot/robots.txt
new file mode 100644
index 000000000..1f53798bb
--- /dev/null
+++ b/testbed/integration/shibboleth-idp/wwwroot/robots.txt
@@ -0,0 +1,2 @@
+User-agent: *
+Disallow: /
diff --git a/testbed/integration/shibui/application.yml b/testbed/integration/shibui/application.yml
new file mode 100644
index 000000000..9ac3a21f9
--- /dev/null
+++ b/testbed/integration/shibui/application.yml
@@ -0,0 +1,20 @@
+server:
+  forward-headers-strategy: NATIVE
+spring:
+  profiles:
+    include:
+  datasource:
+    platform: postgres
+    driver-class-name: org.postgresql.Driver
+    url: jdbc:postgresql://database:5432/shibui
+    username: shibui
+    password: shibui
+  jpa:
+    properties:
+      hibernate:
+        dialect: org.hibernate.dialect.PostgreSQLDialect
+shibui:
+  default-password: "{noop}letmein7"
+  metadata-dir: /var/shibboleth/dynamic_metadata
+  metadataProviders:
+    target: file:/var/shibboleth/dynamic_config/metadata-providers.xml

From 05e7a129303ad909620f8e874e67de8641ae308d Mon Sep 17 00:00:00 2001
From: Jj! <jj@unicon.net>
Date: Fri, 15 Oct 2021 16:06:01 -0500
Subject: [PATCH 3/3] [SHIBUI-1751] integration sample using docker compose and
 shared volume

---
 testbed/integration/cheat.html                |  39 +++-
 .../config/shib-idp/conf/attribute-filter.xml | 170 +++++++-----------
 .../shib-idp/conf/attribute-resolver.xml      |   4 +-
 .../shib-idp/conf/metadata-providers.xml      |  79 --------
 .../config/shib-idp/conf/relying-party.xml    |   2 +-
 5 files changed, 101 insertions(+), 193 deletions(-)

diff --git a/testbed/integration/cheat.html b/testbed/integration/cheat.html
index c29eea878..74682f912 100644
--- a/testbed/integration/cheat.html
+++ b/testbed/integration/cheat.html
@@ -4,7 +4,15 @@ <h2>Reload Service</h2>
 <form action="https://idp.unicon.local/idp/profile/admin/reload-service" target="_blank" method="get">
     <label for="id">id</label>
     <select name="id" id="id">
+        <option value="shibboleth.LoggingService">LoggingService</option>
+        <option value="shibboleth.AttributeFilterService">AttributeFilterService</option>
+        <option value="shibboleth.AttributeResolverService">AttributeResolverService</option>
+        <option value="shibboleth.AttributeRegistryService">AttributeRegistryService</option>
+        <option value="shibboleth.NameIdentifierGenerationService">NameIdentifierGenerationService</option>
+        <option value="shibboleth.RelyingPartyResolverService">RelyingPartyResolverService</option>
         <option value="shibboleth.MetadataResolverService">MetadataResolverService</option>
+        <option value="shibboleth.ReloadableAccessControlService">ReloadableAccessControlService</option>
+        <option value="shibboleth.ReloadableCASServiceRegistry">ReloadableCASServiceRegistry</option>
     </select>
     <input type="submit" />
 </form>
@@ -55,8 +63,8 @@ <h2>Attribute Resolution</h2>
     <input type="submit" />
 
 </form>
-<h2>Metadata Query</h2>
 <form action="https://idp.unicon.local/idp/profile/admin/mdquery" target="_blank" method="get">
+    <h2>Metadata Query</h2>
     <table>
         <tr>
             <td>
@@ -69,5 +77,34 @@ <h2>Metadata Query</h2>
     </table>
     <input type="submit" />
 </form>
+<form action="https://idp.unicon.local/idp/profile/admin/reload-metadata" target="_blank" method="get">
+    <h2>Reload Metadata</h2>
+    <table>
+        <tr>
+            <td>
+                <label for="id">provider id</label>
+            </td>
+            <td>
+                <input name="id" id="provider" type="text" />
+            </td>
+        </tr>
+    </table>
+    <input type="submit" />
+</form>
+<form action="https://idp.unicon.local/idp/profile/SAML2/Unsolicited/SSO" target="_blank" method="get">
+    <h2>Unsolicited SSO</h2>
+    <table>
+        <tr>
+            <td>
+                <label for="providerId">provider id</label>
+            </td>
+            <td>
+                <input name="providerId" type="text" />
+            </td>
+        </tr>
+    </table>
+    <input type="submit" />
+</form>
+<a href="https://idp.unicon.local/idp/profile/admin/metrics" target="_blank">metrics</a>
 </body>
 </html>
diff --git a/testbed/integration/shibboleth-idp/config/shib-idp/conf/attribute-filter.xml b/testbed/integration/shibboleth-idp/config/shib-idp/conf/attribute-filter.xml
index d4d57250a..d55617ecd 100644
--- a/testbed/integration/shibboleth-idp/config/shib-idp/conf/attribute-filter.xml
+++ b/testbed/integration/shibboleth-idp/config/shib-idp/conf/attribute-filter.xml
@@ -18,30 +18,68 @@
     Example rule relying on a locally applied tag in metadata to trigger attribute
     release of some specific attributes. Add additional attributes as desired.
     -->
-<!--
 	<AttributeFilterPolicy id="Per-Attribute-singleValued">
 	    <PolicyRequirementRule xsi:type="ANY" />
-	 
 	    <AttributeRule attributeID="eduPersonPrincipalName">
 	        <PermitValueRule xsi:type="EntityAttributeExactMatch"
 	            attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
 	            attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
 	            attributeValue="eduPersonPrincipalName" />
 	    </AttributeRule>
-	 
-	    <AttributeRule attributeID="mail">
-	        <PermitValueRule xsi:type="EntityAttributeExactMatch"
-	            attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
-	            attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
-	            attributeValue="mail" />
-	    </AttributeRule>
+
+        <AttributeRule attributeID="mail">
+            <PermitValueRule xsi:type="EntityAttributeExactMatch"
+                             attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
+                             attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+                             attributeValue="mail" />
+        </AttributeRule>
+
+        <AttributeRule attributeID="surname">
+            <PermitValueRule xsi:type="EntityAttributeExactMatch"
+                             attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
+                             attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+                             attributeValue="surname" />
+        </AttributeRule>
+
+        <AttributeRule attributeID="givenName">
+            <PermitValueRule xsi:type="EntityAttributeExactMatch"
+                             attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
+                             attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+                             attributeValue="givenName" />
+        </AttributeRule>
+
+        <AttributeRule attributeID="eduPersonPrimaryAffiliation">
+            <PermitValueRule xsi:type="EntityAttributeExactMatch"
+                             attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
+                             attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+                             attributeValue="eduPersonPrimaryAffiliation" />
+        </AttributeRule>
+
+        <AttributeRule attributeID="eduPersonAssurance">
+            <PermitValueRule xsi:type="EntityAttributeExactMatch"
+                             attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
+                             attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+                             attributeValue="eduPersonAssurance" />
+        </AttributeRule>
+
+        <AttributeRule attributeID="eduPersonUniqueId">
+            <PermitValueRule xsi:type="EntityAttributeExactMatch"
+                             attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
+                             attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+                             attributeValue="eduPersonUniqueId" />
+        </AttributeRule>
+
+        <AttributeRule attributeID="employeeNumber">
+            <PermitValueRule xsi:type="EntityAttributeExactMatch"
+                             attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
+                             attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+                             attributeValue="employeeNumber" />
+        </AttributeRule>
 	</AttributeFilterPolicy>
--->
 
     <!--
     Same as above but more efficient form for an attribute with multiple values.
     -->
-<!--
     <AttributeFilterPolicy id="Per-Attribute-Affiliation">
         <PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
             attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
@@ -50,111 +88,23 @@
      
         <AttributeRule attributeID="eduPersonScopedAffiliation" permitAny="true" />
     </AttributeFilterPolicy>
--->
 
-    <!--
-    Example rule for honoring Subject ID requirement tag in metadata.
-    The example supplies pairwise-id if subject-id isn't explicitly required.
-    -->
-<!--
-    <AttributeFilterPolicy id="subject-identifiers">
-        <PolicyRequirementRule xsi:type="ANY" />
-
-        <AttributeRule attributeID="samlPairwiseID">
-            <PermitValueRule xsi:type="OR">
-                <Rule xsi:type="EntityAttributeExactMatch"
-                    attributeName="urn:oasis:names:tc:SAML:profiles:subject-id:req"
-                    attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
-                    attributeValue="pairwise-id" />
-                <Rule xsi:type="EntityAttributeExactMatch"
-                    attributeName="urn:oasis:names:tc:SAML:profiles:subject-id:req"
-                    attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
-                    attributeValue="any" />
-            </PermitValueRule>
-        </AttributeRule>
-
-        <AttributeRule attributeID="samlSubjectID">
-            <PermitValueRule xsi:type="EntityAttributeExactMatch"
-                attributeName="urn:oasis:names:tc:SAML:profiles:subject-id:req"
-                attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
-                attributeValue="subject-id" />
-        </AttributeRule>
-    </AttributeFilterPolicy>
--->
-
-    <!-- Release an additional attribute to an SP. -->
-<!--
-    <AttributeFilterPolicy id="example1">
-        <PolicyRequirementRule xsi:type="Requester" value="https://sp.example.org" />
-
-        <AttributeRule attributeID="uid" permitAny="true" />
-    </AttributeFilterPolicy>
--->
-
-    <!-- Release eduPersonScopedAffiliation to two specific SPs. -->
-<!--
-    <AttributeFilterPolicy id="example2">
-        <PolicyRequirementRule xsi:type="OR">
-            <Rule xsi:type="Requester" value="https://sp.example.org" />
-            <Rule xsi:type="Requester" value="https://another.example.org/shibboleth" />
-        </PolicyRequirementRule>
-        <AttributeRule attributeID="eduPersonScopedAffiliation" permitAny="true" />
-    </AttributeFilterPolicy>
--->
     <AttributeFilterPolicy>
-        <PolicyRequirementRule xsi:type="Requester" value="https://unicon.net/test/shibui"/>
-        <AttributeRule attributeID="uid">
-            <PermitValueRule xsi:type="ANY" />
-        </AttributeRule>
-    </AttributeFilterPolicy>
+        <PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
+                               attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
+                               attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+                               attributeValue="eduPersonAffiliation" />
 
-    <!-- release some attributes to everyone. this is the R&S bundle -->
-    <AttributeFilterPolicy id="releaseRandSAttributeBundle">
-        <PolicyRequirementRule xsi:type="ANY" />
-        <AttributeRule attributeID="eduPersonPrincipalName">
-            <PermitValueRule xsi:type="ANY" />
-        </AttributeRule>
-        <AttributeRule attributeID="eduPersonScopedAffiliation">
-            <PermitValueRule xsi:type="ANY" />
-        </AttributeRule>
-        <AttributeRule attributeID="givenName">
-            <PermitValueRule xsi:type="ANY" />
-        </AttributeRule>
-        <AttributeRule attributeID="surname">
-            <PermitValueRule xsi:type="ANY" />
-        </AttributeRule>
-        <AttributeRule attributeID="displayName">
-            <PermitValueRule xsi:type="ANY" />
-        </AttributeRule>
-        <AttributeRule attributeID="mail">
-            <PermitValueRule xsi:type="ANY" />
-        </AttributeRule>
+        <AttributeRule attributeID="eduPersonAffiliation" permitAny="true" />
     </AttributeFilterPolicy>
 
-    <!-- Attribute release for all InCommon SPs -->
-    <AttributeFilterPolicy id="releaseToInCommon">
+    <AttributeFilterPolicy>
         <PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
-                        attributeName="http://macedir.org/entity-category"
-                        attributeValue="http://id.incommon.org/category/registered-by-incommon"/>
-        <AttributeRule attributeID="eduPersonPrincipalName">
-            <PermitValueRule xsi:type="ANY" />
-        </AttributeRule>
-        <AttributeRule attributeID="eduPersonScopedAffiliation">
-            <PermitValueRule xsi:type="ANY" />
-        </AttributeRule>
-        <AttributeRule attributeID="givenName">
-            <PermitValueRule xsi:type="ANY" />
-        </AttributeRule>
-        <AttributeRule attributeID="surname">
-            <PermitValueRule xsi:type="ANY" />
-        </AttributeRule>
-        <AttributeRule attributeID="displayName">
-            <PermitValueRule xsi:type="ANY" />
-        </AttributeRule>
-        <AttributeRule attributeID="mail">
-            <PermitValueRule xsi:type="ANY" />
-        </AttributeRule>
-    </AttributeFilterPolicy>
+                               attributeName="http://shibboleth.net/ns/attributes/releaseAllValues"
+                               attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+                               attributeValue="eduPersonEntitlement" />
 
+        <AttributeRule attributeID="eduPersonEntitlement" permitAny="true" />
+    </AttributeFilterPolicy>
 
 </AttributeFilterPolicyGroup>
diff --git a/testbed/integration/shibboleth-idp/config/shib-idp/conf/attribute-resolver.xml b/testbed/integration/shibboleth-idp/config/shib-idp/conf/attribute-resolver.xml
index 135b4bc53..eb9ebbd79 100644
--- a/testbed/integration/shibboleth-idp/config/shib-idp/conf/attribute-resolver.xml
+++ b/testbed/integration/shibboleth-idp/config/shib-idp/conf/attribute-resolver.xml
@@ -141,8 +141,8 @@
         <InputDataConnector ref="myLDAP" attributeNames="eduPersonPrimaryAffiliation"/>
     </AttributeDefinition>
 
-    <AttributeDefinition xsi:type="Prescoped" id="eduPersonPrincipalName">
-        <InputDataConnector ref="myLDAP" attributeNames="eduPersonPrincipalName"/>
+    <AttributeDefinition xsi:type="Scoped" id="eduPersonPrincipalName" scope="%{idp.scope}">
+        <InputDataConnector ref="myLDAP" attributeNames="uid"/>
     </AttributeDefinition>
 
     <AttributeDefinition xsi:type="Prescoped" id="eduPersonPrincipalNamePrior">
diff --git a/testbed/integration/shibboleth-idp/config/shib-idp/conf/metadata-providers.xml b/testbed/integration/shibboleth-idp/config/shib-idp/conf/metadata-providers.xml
index bbe9759c8..59dd76a66 100644
--- a/testbed/integration/shibboleth-idp/config/shib-idp/conf/metadata-providers.xml
+++ b/testbed/integration/shibboleth-idp/config/shib-idp/conf/metadata-providers.xml
@@ -20,84 +20,5 @@
                         http://www.w3.org/2001/04/xmlenc# http://www.w3.org/TR/xmlenc-core/xenc-schema.xsd
                         http://www.w3.org/2009/xmlenc11# http://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/xenc-schema-11.xsd">
 
-    <!--
-    Below you place the mechanisms which define how to load the metadata for SP(s) you will
-    provide service to.
-    
-    Some simple examples are provided. The documentation provides more details; in most cases,
-    the modern replacement for these older plugins are the "DynamicHTTPMetadataProvider" and
-    "LocalDynamic" variants, which provide dramatic memory savings and more reliable operation.
-     
-    NOTE: You do NOT need to load metadata for this IdP itself within this configuration.
-    -->
-    
-    
-    
-    <!--
-    Example HTTP metadata provider.  Use this if you want to download the metadata
-    from a remote source.
-
-    You *MUST* provide the SignatureValidationFilter in order to function securely.
-    Get the public key certificate from the party publishing the metadata, and validate
-    it with them via some out of band mechanism (e.g., a fingerprint on a secure page).
-
-    The EntityRoleWhiteList saves memory by only loading metadata from SAML roles
-    that the IdP needs to interoperate with.
-    -->
-    
-    <!--
-    <MetadataProvider id="HTTPMetadata"
-                      xsi:type="FileBackedHTTPMetadataProvider"
-                      backingFile="%{idp.home}/metadata/localCopyFromXYZHTTP.xml"
-                      metadataURL="http://WHATEVER"> 
-        
-        <MetadataFilter xsi:type="SignatureValidation" certificateFile="%{idp.home}/credentials/metaroot.pem" />
-        <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P30D"/>
-        <MetadataFilter xsi:type="EntityRoleWhiteList">
-            <RetainedRole>md:SPSSODescriptor</RetainedRole>
-        </MetadataFilter>
-    </MetadataProvider>
-    -->   
-
-    <!--
-    Example file metadata provider.  Use this if you want to load metadata
-    from a local file. You use this if you have some local SPs which are not
-    "federated" but you wish to offer a service to.
-    
-    If you do not provide a SignatureValidation filter, then you have the
-    responsibility to ensure that the contents on disk are trustworthy.
-    -->
-    
-    <!--
-    <MetadataProvider id="LocalMetadata"  xsi:type="FilesystemMetadataProvider" metadataFile="PATH_TO_YOUR_METADATA"/>
-    -->
-
-
-    <!--
-    Example CAS metadata source for managing CAS services using SAML metadata.
-    -->
-
-    <!--
-    <MetadataProvider id="CASMetadata"
-                      xsi:type="FilesystemMetadataProvider"
-                      metadataFile="PATH_TO_YOUR_METADATA"
-                      indexesRef="shibboleth.CASMetadataIndices" />
-    -->
-
-    <MetadataProvider id="local-dynamic" xsi:type="LocalDynamicMetadataProvider" sourceDirectory="%{idp.home}/metadata/dynamic" />
-
-     <!-- InCommon Per-Entity Metadata Distribution Service -->
-     <MetadataProvider id="incommon" xsi:type="DynamicHTTPMetadataProvider"
-                   maxCacheDuration="PT24H" minCacheDuration="PT10M">
-       <!-- Verify the signature on the root element (i.e., the EntityDescriptor element) -->
-       <MetadataFilter xsi:type="SignatureValidation" requireSignedRoot="true"
-                   certificateFile="%{idp.home}/credentials/inc-md-cert-mdq.pem" />
-  
-       <!-- Require a validUntil XML attribute no more than 14 days into the future -->
-       <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P14D" />
-  
-       <!-- The MetadataQueryProtocol element specifies the base URL for the query protocol -->
-       <MetadataQueryProtocol>https://mdq.incommon.org/</MetadataQueryProtocol>
-     </MetadataProvider>
 
 </MetadataProvider>
diff --git a/testbed/integration/shibboleth-idp/config/shib-idp/conf/relying-party.xml b/testbed/integration/shibboleth-idp/config/shib-idp/conf/relying-party.xml
index 5127515ed..478731ac5 100644
--- a/testbed/integration/shibboleth-idp/config/shib-idp/conf/relying-party.xml
+++ b/testbed/integration/shibboleth-idp/config/shib-idp/conf/relying-party.xml
@@ -40,7 +40,7 @@
                 <ref bean="SAML1.AttributeQuery" />
                 <ref bean="SAML1.ArtifactResolution" />
                 -->
-                <bean parent="SAML2.SSO" p:postAuthenticationFlows="attribute-release" />
+                <ref bean="SAML2.SSO.MDDriven" />
                 <ref bean="SAML2.ECP" />
                 <ref bean="SAML2.Logout" />
                 <!--