diff --git a/.gitignore b/.gitignore
index 0848cc3ed..b298de799 100644
--- a/.gitignore
+++ b/.gitignore
@@ -412,3 +412,6 @@ beacon/spring/out
 
 # macOS jenv
 .java-version
+/a.xml
+/application.yml
+/backend/src/test/resources/conf/deletem.xml
diff --git a/Jenkinsfile b/Jenkinsfile
index 3ae5f4595..60f82aca1 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -16,32 +16,6 @@ pipeline {
         }
       }
     }
-
-    stage('Build Docker images') {
-      when {
-        expression {
-          return GIT_BRANCH in ['master']
-        }
-      }
-      steps {
-        sh '''./gradlew docker -x test
-        '''
-      }
-    }
-
-    stage('Deploy') {
-      when {
-        expression {
-          return GIT_BRANCH in ['master']
-        }
-      }
-      steps {
-        sh '''
-        docker stop shibui || true && docker rm shibui || true
-        docker run -d --restart always --name shibui -p 8080:8080 -v /etc/shibui:/conf -v /etc/shibui/application.yml:/application.yml -m 2GB --memory-swap=4GB --entrypoint /usr/bin/java unicon/shibui:latest -Xmx1G -jar app.war
-        '''
-      }
-    }
   }
   post {
     failure {
@@ -54,4 +28,4 @@ pipeline {
       cleanWs()
     }
   }
-}
+}
\ No newline at end of file
diff --git a/backend/src/integration/resources/SHIBUI-1364-1.side b/backend/src/integration/resources/SHIBUI-1364-1.side
index b1cb09526..8fe9da05e 100644
--- a/backend/src/integration/resources/SHIBUI-1364-1.side
+++ b/backend/src/integration/resources/SHIBUI-1364-1.side
@@ -2330,13 +2330,22 @@
         ["xpath=//button[contains(.,'Compare Selected(2)')]", "xpath:innerText"]
       ],
       "value": ""
+    }, {
+      "id": "9ddfc4d9-0fbd-44f2-8584-4d7fcb6d0c6b",
+      "comment": "",
+      "command": "waitForElementEditable",
+      "target": "css=#filters > div:nth-child(3) > div:nth-child(2) > div > button",
+      "targets": [
+        ["css=.d-flex:nth-child(3) > .border-primary:nth-child(2) .svg-inline--fa", "css:finder"]
+      ],
+      "value": "30000"
     }, {
       "id": "2ff5a597-9fe0-46b4-9ca5-63123ddb3cef",
       "comment": "",
       "command": "click",
-      "target": "xpath=//section/div/div/div[4]/div[2]/div/button",
+      "target": "css=#filters > div:nth-child(3) > div:nth-child(2) > div > button",
       "targets": [
-        ["css=.border-primary:nth-child(2) .fa-square", "css:finder"]
+        ["css=.d-flex:nth-child(3) > .border-primary:nth-child(2) .svg-inline--fa", "css:finder"]
       ],
       "value": ""
     }, {
@@ -2356,23 +2365,23 @@
       "id": "d7b5550d-1db8-4fa5-800f-fde753413c13",
       "comment": "",
       "command": "assertText",
-      "target": "css=.mb-4:nth-child(8) .p-2 > div > div:nth-child(1) .d-block:nth-child(2)",
+      "target": "css=.bg-diff > .d-block:nth-child(2)",
       "targets": [
-        ["css=.mb-4:nth-child(8) .p-2 > div > div:nth-child(1) .d-block:nth-child(2)", "css:finder"],
-        ["xpath=//div[@id='root']/div/main/div/section/div/div/section[5]/div/div[2]/div[2]/div/div/span[2]", "xpath:idRelative"],
-        ["xpath=//section[5]/div/div[2]/div[2]/div/div/span[2]", "xpath:position"],
-        ["xpath=//span[contains(.,'Entity Attributes Filter')]", "xpath:innerText"]
+        ["css=.bg-diff > .d-block:nth-child(2)", "css:finder"],
+        ["xpath=//div[@id='filters']/section/div/div[2]/div[2]/div/div/span[2]", "xpath:idRelative"],
+        ["xpath=//div[2]/section/div/div[2]/div[2]/div/div/span[2]", "xpath:position"],
+        ["xpath=//span[contains(.,'Entity Attributes Filter Version 2')]", "xpath:innerText"]
       ],
       "value": "Entity Attributes Filter Version 2"
     }, {
       "id": "ad797f09-746e-4778-954e-6f92ac5934ea",
       "comment": "",
       "command": "assertText",
-      "target": "css=.mb-4:nth-child(8) .p-2 > div > div:nth-child(1) .d-block:nth-child(3)",
+      "target": "css=.bg-diff > .d-block:nth-child(3)",
       "targets": [
-        ["css=.mb-4:nth-child(8) .p-2 > div > div:nth-child(1) .d-block:nth-child(3)", "css:finder"],
-        ["xpath=//div[@id='root']/div/main/div/section/div/div/section[5]/div/div[2]/div[2]/div/div/span[3]", "xpath:idRelative"],
-        ["xpath=//section[5]/div/div[2]/div[2]/div/div/span[3]", "xpath:position"]
+        ["css=.bg-diff > .d-block:nth-child(3)", "css:finder"],
+        ["xpath=//div[@id='filters']/section/div/div[2]/div[2]/div/div/span[3]", "xpath:idRelative"],
+        ["xpath=//div[2]/section/div/div[2]/div[2]/div/div/span[3]", "xpath:position"]
       ],
       "value": "Entity Attributes Filter"
     }, {
diff --git a/backend/src/integration/resources/SHIBUI-1364-4.side b/backend/src/integration/resources/SHIBUI-1364-4.side
index 8f5192665..3384d27ea 100644
--- a/backend/src/integration/resources/SHIBUI-1364-4.side
+++ b/backend/src/integration/resources/SHIBUI-1364-4.side
@@ -1417,23 +1417,14 @@
         ["xpath=//input", "xpath:position"]
       ],
       "value": ""
-    }, {
-      "id": "e83dc2da-ad95-4e50-b969-57721eb8f1dc",
-      "comment": "",
-      "command": "click",
-      "target": "css=.d-flex:nth-child(5) > .border-primary:nth-child(2) .svg-inline--fa",
-      "targets": [
-        ["css=.d-flex:nth-child(5) > .border-primary:nth-child(2) .svg-inline--fa", "css:finder"]
-      ],
-      "value": ""
     }, {
       "id": "c2102a31-6e18-4d6c-8146-e23459403b65",
       "comment": "",
       "command": "assertText",
-      "target": "css=.border-primary:nth-child(2) > .bg-primary-light .mb-0:nth-child(1)",
+      "target": "css=.d-flex:nth-child(3) > .border-primary:nth-child(2) .mb-0:nth-child(1)",
       "targets": [
-        ["css=.border-primary:nth-child(2) > .bg-primary-light .mb-0:nth-child(1)", "css:finder"],
-        ["xpath=//div[@id='root']/div/main/div/section/div/div/div[4]/div[2]/div/div/p", "xpath:idRelative"],
+        ["css=.d-flex:nth-child(3) > .border-primary:nth-child(2) .mb-0:nth-child(1)", "css:finder"],
+        ["xpath=//div[@id='filters']/div[3]/div[2]/div/div/p", "xpath:idRelative"],
         ["xpath=//p", "xpath:position"],
         ["xpath=//p[contains(.,'Entity Attributes Filter V2')]", "xpath:innerText"]
       ],
@@ -1442,10 +1433,10 @@
       "id": "cac6c125-c81b-40af-ae21-2b717df9511e",
       "comment": "",
       "command": "assertText",
-      "target": "css=.border-primary:nth-child(3) > .bg-primary-light .mb-0:nth-child(1)",
+      "target": "css=.d-flex:nth-child(3) .bg-lighter .mb-0:nth-child(1)",
       "targets": [
-        ["css=.border-primary:nth-child(3) > .bg-primary-light .mb-0:nth-child(1)", "css:finder"],
-        ["xpath=//div[@id='root']/div/main/div/section/div/div/div[4]/div[3]/div/div/p", "xpath:idRelative"],
+        ["css=.d-flex:nth-child(3) .bg-lighter .mb-0:nth-child(1)", "css:finder"],
+        ["xpath=//div[@id='filters']/div[3]/div[3]/div/div/p", "xpath:idRelative"],
         ["xpath=//div[3]/div/div/p", "xpath:position"]
       ],
       "value": "Entity Attributes Filter"
diff --git a/backend/src/integration/resources/SHIBUI-1732-3.side b/backend/src/integration/resources/SHIBUI-1732-3.side
index c7d0f9fd4..54573d88b 100644
--- a/backend/src/integration/resources/SHIBUI-1732-3.side
+++ b/backend/src/integration/resources/SHIBUI-1732-3.side
@@ -1325,13 +1325,9 @@
       "id": "2dd7992f-ee99-45a3-ad85-20488c4bd4b1",
       "comment": "",
       "command": "click",
-      "target": "xpath=//section/div/div/div[4]/div[2]/div/button",
+      "target": "css=#filters > div:nth-child(3) > div:nth-child(2) > div > button",
       "targets": [
-        ["css=.border-primary:nth-child(2) .mx-auto", "css:finder"],
-        ["xpath=(//button[@type='button'])[5]", "xpath:attributes"],
-        ["xpath=//div[@id='root']/div/main/div/section/div/div/div[4]/div[2]/div/button", "xpath:idRelative"],
-        ["xpath=//div[2]/div/button", "xpath:position"],
-        ["xpath=//button[contains(.,'Compare')]", "xpath:innerText"]
+        ["css=.border-primary:nth-child(2) .svg-inline--fa", "css:finder"]
       ],
       "value": ""
     }, {
@@ -1553,21 +1549,21 @@
         ["xpath=//ul[2]/li[2]/span", "xpath:position"]
       ],
       "value": "bar"
-    },{
-            "id": "4ec2c493-85e4-403b-9b09-031c5728f498",
-            "comment": "",
-            "command": "open",
-            "target": "/api/heheheheheheheWipeout",
-            "targets": [],
-            "value": ""
-          }, {
-            "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4",
-            "comment": "",
-            "command": "assertText",
-            "target": "css=body",
-            "targets": [],
-            "value": "yes, you did it"
-          }]
+    }, {
+      "id": "4ec2c493-85e4-403b-9b09-031c5728f498",
+      "comment": "",
+      "command": "open",
+      "target": "/api/heheheheheheheWipeout",
+      "targets": [],
+      "value": ""
+    }, {
+      "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4",
+      "comment": "",
+      "command": "assertText",
+      "target": "css=body",
+      "targets": [],
+      "value": "yes, you did it"
+    }]
   }],
   "suites": [{
     "id": "575d414c-556d-45f7-b2f2-c9971ad51348",
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java
index e875932cd..7afd88814 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java
@@ -19,6 +19,7 @@
 import javax.xml.namespace.QName;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.List;
 import java.util.stream.Collectors;
 
@@ -74,10 +75,11 @@ public void addX509Certificate(edu.internet2.tier.shibboleth.admin.ui.domain.X50
         this.xmlObjects.add(x509Certificate);
     }
 
+    // TODO: might need to really implement this
     @Nonnull
     @Override
     public List<X509CRL> getX509CRLs() {
-        return null;
+        return Collections.EMPTY_LIST;
     }
 
     @Nonnull
diff --git a/backend/src/main/resources/jpa-signature-config.xml b/backend/src/main/resources/jpa-signature-config.xml
index 0a6696db5..9a8da32e8 100644
--- a/backend/src/main/resources/jpa-signature-config.xml
+++ b/backend/src/main/resources/jpa-signature-config.xml
@@ -39,7 +39,275 @@
             <MarshallingClass className="org.opensaml.xmlsec.signature.impl.X509DataMarshaller"/>
             <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.X509DataUnmarshaller"/>
         </ObjectProvider>
+
+        <!-- Jj! -->
+
+        <!-- CryptoBinary type -->
+        <ObjectProvider qualifiedName="ds:CryptoBinary">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- DigestMethod -->
+        <ObjectProvider qualifiedName="ds:DigestMethod">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.DigestMethodBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.DigestMethodMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.DigestMethodUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- DSAKeyValue -->
+        <ObjectProvider qualifiedName="ds:DSAKeyValue">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.DSAKeyValueBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.DSAKeyValueMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.DSAKeyValueUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Exponent -->
+        <ObjectProvider qualifiedName="ds:Exponent">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.ExponentBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- G -->
+        <ObjectProvider qualifiedName="ds:G">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.GBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- J -->
+        <ObjectProvider qualifiedName="ds:J">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.JBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- KeyValue -->
+        <ObjectProvider qualifiedName="ds:KeyValue">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.KeyValueBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.KeyValueMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.KeyValueUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- MgmtData -->
+        <ObjectProvider qualifiedName="ds:MgmtData">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.MgmtDataBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Modulus -->
+        <ObjectProvider qualifiedName="ds:Modulus">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.ModulusBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- P -->
+        <ObjectProvider qualifiedName="ds:P">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.PBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- PgenCounter -->
+        <ObjectProvider qualifiedName="ds:PgenCounter">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.PgenCounterBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- PGPData -->
+        <ObjectProvider qualifiedName="ds:PGPData">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.PGPDataBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.PGPDataMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.PGPDataUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- PGPKeyID -->
+        <ObjectProvider qualifiedName="ds:PGPKeyID">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.PGPKeyIDBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- PGPKeyPacket -->
+        <ObjectProvider qualifiedName="ds:PGPKeyPacket">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.PGPKeyPacketBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Q -->
+        <ObjectProvider qualifiedName="ds:Q">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.QBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- RetrievalMethod -->
+        <ObjectProvider qualifiedName="ds:RetrievalMethod">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.RetrievalMethodBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.RetrievalMethodMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.RetrievalMethodUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- RSAKeyValue -->
+        <ObjectProvider qualifiedName="ds:RSAKeyValue">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.RSAKeyValueBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.RSAKeyValueMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.RSAKeyValueUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Seed -->
+        <ObjectProvider qualifiedName="ds:Seed">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.SeedBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Signature -->
+        <ObjectProvider qualifiedName="ds:Signature">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.SignatureBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.SignatureMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.SignatureUnmarshaller"/>
+        </ObjectProvider>
+        <ObjectProvider qualifiedName="ds:SignatureType">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.SignatureBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.SignatureMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.SignatureUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- SPKIData -->
+        <ObjectProvider qualifiedName="ds:SPKIData">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.SPKIDataBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.SPKIDataMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.SPKIDataUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- SPKISexp -->
+        <ObjectProvider qualifiedName="ds:SPKISexp">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.SPKISexpBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Transform -->
+        <ObjectProvider qualifiedName="ds:Transform">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.TransformBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.TransformMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.TransformUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Transforms -->
+        <ObjectProvider qualifiedName="ds:Transforms">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.TransformsBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.TransformsMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.TransformsUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- XPath -->
+        <ObjectProvider qualifiedName="ds:XPath">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.XPathBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509CRL -->
+        <ObjectProvider qualifiedName="ds:X509CRL">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509CRLBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509IssuerName -->
+        <ObjectProvider qualifiedName="ds:X509IssuerName">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509IssuerNameBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509IssuerSerial -->
+        <ObjectProvider qualifiedName="ds:X509IssuerSerial">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509IssuerSerialBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.X509IssuerSerialMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.X509IssuerSerialUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509SerialNumber -->
+        <ObjectProvider qualifiedName="ds:X509SerialNumber">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509SerialNumberBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.X509SerialNumberMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.X509SerialNumberUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509SKI -->
+        <ObjectProvider qualifiedName="ds:X509SKI">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509SKIBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509SubjectName : CONFLICT/BREAKING to add this
+        <ObjectProvider qualifiedName="ds:X509SubjectName">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509SubjectNameBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringUnmarshaller"/>
+        </ObjectProvider>-->
+
+        <!-- Y -->
+        <ObjectProvider qualifiedName="ds:Y">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.YBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- 1.1 Stuff -->
+
+        <!-- DEREncodedKeyValue -->
+        <ObjectProvider qualifiedName="ds11:DEREncodedKeyValue">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.DEREncodedKeyValueBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.DEREncodedKeyValueMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.DEREncodedKeyValueUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- ECKeyValue -->
+        <ObjectProvider qualifiedName="ds11:ECKeyValue">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.ECKeyValueBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.ECKeyValueMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.ECKeyValueUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- KeyInfoReference -->
+        <ObjectProvider qualifiedName="ds11:KeyInfoReference">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.KeyInfoReferenceBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.KeyInfoReferenceMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.KeyInfoReferenceUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- NamedCurve -->
+        <ObjectProvider qualifiedName="ds11:NamedCurve">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.NamedCurveBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.NamedCurveMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.NamedCurveUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- PublicKey -->
+        <ObjectProvider qualifiedName="ds11:PublicKey">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.PublicKeyBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509Digest -->
+        <ObjectProvider qualifiedName="ds11:X509Digest">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509DigestBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.X509DigestMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.X509DigestUnmarshaller"/>
+        </ObjectProvider>
         
     </ObjectProviders>
     
-</XMLTooling>
+</XMLTooling>
\ No newline at end of file
diff --git a/backend/src/main/resources/modified-saml2-assertion-config.xml b/backend/src/main/resources/modified-saml2-assertion-config.xml
index 2f09fa77b..3349e4558 100644
--- a/backend/src/main/resources/modified-saml2-assertion-config.xml
+++ b/backend/src/main/resources/modified-saml2-assertion-config.xml
@@ -230,7 +230,19 @@
             <MarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeMarshaller"/>
             <UnmarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeUnmarshaller"/>
         </ObjectProvider>
- 
+
+        <ObjectProvider qualifiedName="saml2:Issuer">
+            <BuilderClass className="org.opensaml.saml.saml2.core.impl.IssuerBuilder"/>
+            <MarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeUnmarshaller"/>
+        </ObjectProvider>
+
+        <ObjectProvider qualifiedName="saml2:IssuerType">
+            <BuilderClass className="org.opensaml.saml.saml2.core.impl.IssuerBuilder"/>
+            <MarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeUnmarshaller"/>
+        </ObjectProvider>
+
         <!-- OneTimeUse -->
         <ObjectProvider qualifiedName="saml2:OneTimeUse">
             <BuilderClass className="org.opensaml.saml.saml2.core.impl.OneTimeUseBuilder"/>
diff --git a/build.gradle b/build.gradle
index ee0af8876..3fcdff1c6 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,6 +1,6 @@
 plugins {
     id 'base'
-    id 'net.researchgate.release' version '2.6.0'
+    id 'net.researchgate.release' version '3.0.0'
     id 'com.github.breadmoirai.github-release' version '2.2.9'
 }
 
@@ -23,9 +23,10 @@ githubRelease {
 
 release {
     git {
-        pushToRemote = 'i2'
+        pushToRemote.set(project.'i2.git.remote')
+        requireBranch.set(project.'i2.git.branch')
     }
 }
 
 afterReleaseBuild.dependsOn project.getTasksByName('githubRelease', false)
-afterReleaseBuild.dependsOn project.getTasksByName('dockerTagsPush', true)
+afterReleaseBuild.dependsOn project.getTasksByName('dockerTagsPush', true)
\ No newline at end of file
diff --git a/gradle.properties b/gradle.properties
index f891afd02..7efe1ae08 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,6 +1,6 @@
 name=shibui
 group=edu.internet2.tier.shibboleth.admin.ui
-version=1.11.0-SNAPSHOT
+version=1.12.0-SNAPSHOT
 
 ### library versions ###
 commonsCollections4Version=4.4
@@ -29,6 +29,8 @@ i2.github.token=
 i2.github.owner=TIER
 i2.github.repo=shib-idp-ui
 i2.github.apiEndpoint=https://github.internet2.edu/api/v3
+i2.git.remote=i2
+i2.git.branch=master
 
 ## NOTES
 # pac4j spring security 7.0.3 here uses the pac4j 5.4.3 core, thus differences in versions (they used use the same versions, now
diff --git a/pac4j-module/build.gradle b/pac4j-module/build.gradle
index 6a1295758..4080df12a 100644
--- a/pac4j-module/build.gradle
+++ b/pac4j-module/build.gradle
@@ -46,8 +46,11 @@ dependencies {
         exclude group: 'org.opensaml'
         exclude group: 'commons-collections'
     }
+    // But we do need this opensaml lib that wasn't provided
+    implementation "org.opensaml:opensaml-storage-impl:${project.'opensamlVersion'}"
     compile "org.apache.commons:commons-collections4:${project.'commonsCollections4Version'}"
 
+
     testCompile project(':backend')
     testCompile "org.opensaml:opensaml-saml-api:${project.'opensamlVersion'}"
 
diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java
index a67bf4a96..884569ac7 100644
--- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java
+++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java
@@ -5,7 +5,7 @@
 import edu.internet2.tier.shibboleth.admin.ui.security.service.IRolesService;
 import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
 import edu.internet2.tier.shibboleth.admin.ui.service.EmailService;
-import static net.unicon.shibui.pac4j.Pac4jConfiguration.PAC4J_CLIENT_NAME;
+import org.pac4j.core.authorization.authorizer.DefaultAuthorizers;
 import org.pac4j.core.config.Config;
 import org.pac4j.core.matching.matcher.Matcher;
 import org.pac4j.springframework.security.web.CallbackFilter;
@@ -26,6 +26,8 @@
 import javax.servlet.Filter;
 import java.util.Optional;
 
+import static net.unicon.shibui.pac4j.Pac4jConfiguration.PAC4J_CLIENT_NAME;
+
 @Configuration
 @AutoConfigureOrder(-1)
 @ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true")
@@ -62,7 +64,8 @@ public Pac4jWebSecurityConfigurerAdapter(final Config config, UserService userSe
         protected void configure(HttpSecurity http) throws Exception {
             http.authorizeRequests().antMatchers("/unsecured/**/*").permitAll();
 
-            final SecurityFilter securityFilter = new SecurityFilter(this.config, PAC4J_CLIENT_NAME);
+            // adding the authorizor bypasses the default behavior of checking CSRF in Pac4J's default securitylogic+defaultauthorizationchecker
+            final SecurityFilter securityFilter = new SecurityFilter(this.config, PAC4J_CLIENT_NAME, DefaultAuthorizers.IS_AUTHENTICATED);
 
             // add filter based on auth type 
             http.antMatcher("/**").addFilterBefore(getFilter(config, pac4jConfigurationProperties.getTypeOfAuth()), BasicAuthenticationFilter.class);
diff --git a/testbed/authentication/docker-compose.yml b/testbed/authentication/docker-compose.yml
index 884042c4a..42b12cb6a 100644
--- a/testbed/authentication/docker-compose.yml
+++ b/testbed/authentication/docker-compose.yml
@@ -20,7 +20,7 @@ services:
       - "8080:8080"
       - "443:443"
       - "8443:8443"
-#      - "8000:8000"
+      - "9090:9090"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../reverse-proxy/:/configuration/
@@ -72,6 +72,7 @@ services:
       - ./shibui/application.yml:/application.yml
     ports:
       - "8000:8000"
+#      - "9090:9090"
     entrypoint: ["/usr/bin/java", "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8000", "-jar", "app.war"]
 networks:
   reverse-proxy:
diff --git a/ui/src/app/metadata/view/MetadataComparison.js b/ui/src/app/metadata/view/MetadataComparison.js
index de0022ce0..2e9307acf 100644
--- a/ui/src/app/metadata/view/MetadataComparison.js
+++ b/ui/src/app/metadata/view/MetadataComparison.js
@@ -4,13 +4,14 @@ import {
     ArrayParam,
     withDefault
 } from 'use-query-params';
+import { scroller } from 'react-scroll';
 import { MetadataDefinitionContext, MetadataSchemaContext } from '../hoc/MetadataSchema';
 import { MetadataVersionsLoader } from '../hoc/MetadataVersionsLoader';
 import { Configuration } from '../hoc/Configuration';
 import { MetadataConfiguration } from '../component/MetadataConfiguration';
 import { Link, useParams } from 'react-router-dom';
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
-import { faHistory } from '@fortawesome/free-solid-svg-icons';
+import { faArrowDown, faHistory } from '@fortawesome/free-solid-svg-icons';
 import Translate from '../../i18n/components/translate';
 import Form from 'react-bootstrap/Form';
 import { useTranslation } from '../../i18n/hooks';
@@ -18,6 +19,14 @@ import { MetadataFilterVersionList } from '../domain/filter/component/MetadataFi
 import { MetadataFilterVersionContext } from '../domain/filter/component/MetadataFilterVersionContext';
 import { useMetadataSchema } from '../hooks/schema';
 import { FilterableProviders } from '../domain/provider';
+import Button from 'react-bootstrap/Button';
+const onScrollTo = (element, offset = 0) => {
+        scroller.scrollTo(element, {
+            duration: 500,
+            smooth: true,
+            offset
+        });
+    };
 
 export function MetadataComparison () {
 
@@ -54,6 +63,12 @@ export function MetadataComparison () {
                                             <FontAwesomeIcon icon={faHistory} />&nbsp;
                                             <Translate value="action.version-history">Version History</Translate>
                                         </Link>
+                                        {type === 'provider' && canFilter &&
+                                            <Button variant="link" onClick={() => onScrollTo('filters')}>
+                                                <FontAwesomeIcon icon={faArrowDown} />&nbsp;
+                                                <Translate value="label.filters">Filters</Translate>
+                                            </Button>
+                                        }
                                     </div>
                                     <Form.Check type="switch"
                                         id="toggleLimited"
@@ -65,7 +80,7 @@ export function MetadataComparison () {
                                 <MetadataConfiguration configuration={config} />
 
                                 {type === 'provider' && canFilter && v &&
-                                <React.Fragment>
+                                <div id="filters">
                                     <div className="numbered-header d-flex justify-content-start bg-light align-items-center py-1">
                                         <h2 className="title h4 m-0 flex-grow-1">
                                             <span className="text ms-2"><Translate value="label.metadata-filter">Metadata Filter</Translate></span>
@@ -74,7 +89,7 @@ export function MetadataComparison () {
                                     <MetadataFilterVersionContext models={v} dates={config.dates}>
                                         {(c) => <MetadataFilterVersionList configuration={c} columns={ c.dates.length } limited={limited}/>}
                                     </MetadataFilterVersionContext>
-                                </React.Fragment>
+                                </div>
                                 }
                             </div>
                         }