diff --git a/.gitignore b/.gitignore
index 662156404..cb8ad4931 100644
--- a/.gitignore
+++ b/.gitignore
@@ -400,6 +400,7 @@ rdurable
 build-no-tests
 
 beacon/spring/out
+/.classpath
 
 # Eclipse junk
 *.classpath
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/ETagsConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/ETagsConfiguration.java
new file mode 100644
index 000000000..a409c8909
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/ETagsConfiguration.java
@@ -0,0 +1,17 @@
+package edu.internet2.tier.shibboleth.admin.ui.configuration;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.filter.ShallowEtagHeaderFilter;
+
+@Configuration
+public class ETagsConfiguration {
+    @Bean
+    public FilterRegistrationBean<ShallowEtagHeaderFilter> shallowEtagHeaderFilter() {
+        FilterRegistrationBean<ShallowEtagHeaderFilter> filterRegistrationBean = new FilterRegistrationBean<>(new ShallowEtagHeaderFilter());
+        filterRegistrationBean.addUrlPatterns("/api/entities/*", "/entities/*");
+        filterRegistrationBean.setName("etagFilter");
+        return filterRegistrationBean;
+    }
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
index cc6847621..f75f323be 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
@@ -49,15 +49,14 @@ public class WebSecurityConfig {
     @Autowired
     private RoleRepository roleRepository;
 
-    @Bean
-    public HttpFirewall allowUrlEncodedSlashHttpFirewall() {
+    private HttpFirewall allowUrlEncodedSlashHttpFirewall() {
         StrictHttpFirewall firewall = new StrictHttpFirewall();
         firewall.setAllowUrlEncodedSlash(true);
+        firewall.setAllowUrlEncodedDoubleSlash(true);
         return firewall;
     }
 
-    @Bean
-    public HttpFirewall defaultFirewall() {
+    private HttpFirewall defaultFirewall() {
         return new DefaultHttpFirewall();
     }
 
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/CustomAttributesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/CustomAttributesController.java
new file mode 100644
index 000000000..31d6ca809
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/CustomAttributesController.java
@@ -0,0 +1,104 @@
+package edu.internet2.tier.shibboleth.admin.ui.controller;
+
+import java.util.List;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
+
+import edu.internet2.tier.shibboleth.admin.ui.domain.CustomAttributeDefinition;
+import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor;
+import edu.internet2.tier.shibboleth.admin.ui.service.CustomAttributesService;
+
+@Controller
+@RequestMapping(value = "/api/custom")
+public class CustomAttributesController {
+    @Autowired
+    private CustomAttributesService caService;
+
+    @PostMapping("/attribute")
+    @Transactional
+    public ResponseEntity<?> create(@RequestBody CustomAttributeDefinition definition) {
+        // If already defined, we can't create a new one, nor will this call update the definition
+        CustomAttributeDefinition cad = caService.find(definition.getName());
+        
+        if (cad != null) {
+            HttpHeaders headers = new HttpHeaders();
+            headers.setLocation(ServletUriComponentsBuilder.fromCurrentServletMapping().path("/api/custom/attribute").build().toUri());
+            
+            return ResponseEntity.status(HttpStatus.CONFLICT).headers(headers)
+                                 .body(new ErrorResponse(String.valueOf(HttpStatus.CONFLICT.value()), 
+                                       String.format("The custom attribute definition with name: [%s] already exists.", definition.getName())));
+        }
+        
+        CustomAttributeDefinition result = caService.createOrUpdateDefinition(definition);
+        return ResponseEntity.status(HttpStatus.CREATED).body(result);
+    }
+   
+    @PutMapping("/attribute")
+    @Transactional
+    public ResponseEntity<?> update(@RequestBody CustomAttributeDefinition definition) {
+        CustomAttributeDefinition cad = caService.find(definition.getName());      
+        if (cad == null) {
+            HttpHeaders headers = new HttpHeaders();
+            headers.setLocation(ServletUriComponentsBuilder.fromCurrentServletMapping().path("/api/custom/attribute").build().toUri());
+            
+            return ResponseEntity.status(HttpStatus.NOT_FOUND).headers(headers)
+                                 .body(new ErrorResponse(String.valueOf(HttpStatus.NOT_FOUND.value()), 
+                                       String.format("The custom attribute definition with name: [%s] does not already exist.", definition.getName())));
+        }
+        
+        CustomAttributeDefinition result = caService.createOrUpdateDefinition(definition);
+        return ResponseEntity.ok(result);
+    }
+
+    @GetMapping("/attributes")
+    @Transactional(readOnly = true)
+    public ResponseEntity<?> getAll() {
+        return ResponseEntity.ok(caService.getAllDefinitions());
+    }
+    
+    @GetMapping("/attribute/{name}")
+    @Transactional(readOnly = true)
+    public ResponseEntity<?> getOne(@PathVariable String name) {
+        CustomAttributeDefinition cad = caService.find(name);
+        if (cad == null) {
+            HttpHeaders headers = new HttpHeaders();
+            headers.setLocation(
+                            ServletUriComponentsBuilder.fromCurrentServletMapping().path("/api/custom/attribute/" + name).build().toUri());
+
+            return ResponseEntity.status(HttpStatus.NOT_FOUND).headers(headers)
+                            .body(new ErrorResponse(String.valueOf(HttpStatus.NOT_FOUND.value()),
+                                  String.format("The custom attribute definition with name: [%s] does not already exist.", name)));
+        }
+        return ResponseEntity.ok(cad);
+    }
+    
+    @DeleteMapping("/attribute/{name}")
+    @Transactional
+    public ResponseEntity<?> delete(@PathVariable String name) {
+        CustomAttributeDefinition cad = caService.find(name);
+        if (cad == null) {
+            HttpHeaders headers = new HttpHeaders();
+            headers.setLocation(
+                            ServletUriComponentsBuilder.fromCurrentServletMapping().path("/api/custom/attribute/" + name).build().toUri());
+
+            return ResponseEntity.status(HttpStatus.NOT_FOUND).headers(headers)
+                            .body(new ErrorResponse(String.valueOf(HttpStatus.NOT_FOUND.value()),
+                                  String.format("The custom attribute definition with name: [%s] does not already exist.", name)));
+        }
+        caService.deleteDefinition(cad);
+        return ResponseEntity.noContent().build();
+    }
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesController.java
index 8a5172fb6..6adc4c95b 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesController.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesController.java
@@ -1,64 +1,90 @@
 package edu.internet2.tier.shibboleth.admin.ui.controller;
 
-import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation;
-import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects;
-import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService;
-import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
-import net.shibboleth.utilities.java.support.resolver.ResolverException;
-import org.opensaml.core.criterion.EntityIdCriterion;
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.text.SimpleDateFormat;
+import java.time.Instant;
+import java.time.ZoneOffset;
+import java.time.format.DateTimeFormatter;
+import java.util.Date;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.http.client.utils.DateUtils;
 import org.opensaml.core.xml.io.MarshallingException;
-import org.opensaml.saml.metadata.resolver.MetadataResolver;
 import org.opensaml.saml.saml2.metadata.EntityDescriptor;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
+import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
-import javax.servlet.http.HttpServletRequest;
-import java.io.UnsupportedEncodingException;
-import java.net.URLDecoder;
+import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation;
+import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects;
+import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorRepository;
+import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService;
+import lombok.extern.slf4j.Slf4j;
+import net.shibboleth.utilities.java.support.resolver.ResolverException;
 
 @Controller
-@RequestMapping(value = "/api/entities", method = RequestMethod.GET)
+@RequestMapping(value = { "/entities", // per protocol - https://spaces.at.internet2.edu/display/MDQ/Metadata+Query+Protocol
+                          "/api/entities" }, // existing - included to break no existing code
+                method = RequestMethod.GET)
+@Slf4j
+/**
+* EntitiesController is here to meet the requirements for this project being an MDQ. Despite similar logic to the 
+* EntitiesDescriptorController, the required endpoints that make this project an MDQ server are served by this controller.
+*/
 public class EntitiesController {
-    private static final Logger logger = LoggerFactory.getLogger(EntitiesController.class);
-
-    @Autowired
-    private MetadataResolver metadataResolver;
-
     @Autowired
     private EntityDescriptorService entityDescriptorService;
 
     @Autowired
     private OpenSamlObjects openSamlObjects;
+    
+    @Autowired
+    private EntityDescriptorRepository entityDescriptorRepository;
 
-    @RequestMapping(value = "{entityId:.*}")
+    @RequestMapping(value = "/{entityId:.*}")
+    @Transactional(readOnly = true)
     public ResponseEntity<?> getOne(final @PathVariable String entityId, HttpServletRequest request) throws UnsupportedEncodingException, ResolverException {
         EntityDescriptor entityDescriptor = this.getEntityDescriptor(entityId);
         if (entityDescriptor == null) {
             return ResponseEntity.notFound().build();
         }
         EntityDescriptorRepresentation entityDescriptorRepresentation = entityDescriptorService.createRepresentationFromDescriptor(entityDescriptor);
-        return ResponseEntity.ok(entityDescriptorRepresentation);
+        HttpHeaders headers = new HttpHeaders();
+        headers.set("Last-Modified", formatModifiedDate(entityDescriptorRepresentation));
+        return new ResponseEntity<>(entityDescriptorRepresentation, headers, HttpStatus.OK);
     }
 
-    @RequestMapping(value = "{entityId:.*}", produces = "application/xml")
+    private String formatModifiedDate(EntityDescriptorRepresentation entityDescriptorRepresentation) {
+        Instant instant = entityDescriptorRepresentation.getModifiedDateAsDate().toInstant(ZoneOffset.UTC);
+        Date date = Date.from(instant);     
+        return DateUtils.formatDate(date, DateUtils.PATTERN_RFC1123);
+    }
+
+    @RequestMapping(value = "/{entityId:.*}", produces = "application/xml")
+    @Transactional(readOnly = true)
     public ResponseEntity<?> getOneXml(final @PathVariable String entityId) throws MarshallingException, ResolverException, UnsupportedEncodingException {
         EntityDescriptor entityDescriptor = this.getEntityDescriptor(entityId);
         if (entityDescriptor == null) {
             return ResponseEntity.notFound().build();
         }
         final String xml = this.openSamlObjects.marshalToXmlString(entityDescriptor);
-        return ResponseEntity.ok(xml);
+        EntityDescriptorRepresentation entityDescriptorRepresentation = entityDescriptorService.createRepresentationFromDescriptor(entityDescriptor);
+        HttpHeaders headers = new HttpHeaders();
+        headers.set("Last-Modified", formatModifiedDate(entityDescriptorRepresentation));
+        return new ResponseEntity<>(xml, headers, HttpStatus.OK);
     }
 
     private EntityDescriptor getEntityDescriptor(final String entityId) throws ResolverException, UnsupportedEncodingException {
         String decodedEntityId = URLDecoder.decode(entityId, "UTF-8");
-        EntityDescriptor entityDescriptor = this.metadataResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(decodedEntityId)));
+        EntityDescriptor entityDescriptor = entityDescriptorRepository.findByEntityID(decodedEntityId);
         // TODO: we need to clean this up sometime
         if (entityDescriptor instanceof edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor) {
             ((edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor) entityDescriptor).setResourceId(null);
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/CustomAttributeDefinition.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/CustomAttributeDefinition.java
new file mode 100644
index 000000000..03b9db95d
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/CustomAttributeDefinition.java
@@ -0,0 +1,44 @@
+package edu.internet2.tier.shibboleth.admin.ui.domain;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.persistence.CollectionTable;
+import javax.persistence.Column;
+import javax.persistence.ElementCollection;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.JoinColumn;
+
+import org.hibernate.envers.Audited;
+
+import lombok.Data;
+
+@Entity(name = "custom_attribute_definition")
+@Audited
+@Data
+public class CustomAttributeDefinition {
+    @Id
+    @Column(nullable = false)
+    String name;
+
+    @Column(name = "help_text", nullable = true)
+    String helpText;
+
+    @Column(name = "attribute_type", nullable = false)
+    CustomAttributeType attributeType;
+
+    @Column(name = "default_value", nullable = true)
+    String defaultValue;
+    
+    @ElementCollection
+    @CollectionTable(name = "custom_attr_list_defs", joinColumns = @JoinColumn(name = "name"))
+    @Column(name = "value", nullable = false)
+    Set<String> customAttrListDefinitions = new HashSet<>();
+    
+    // @TODO: logic to ensure defaultValue matches an item from the list of values when SELECTION_LIST is the type ??
+}
+
+enum CustomAttributeType {
+    BOOLEAN, INTEGER, LONG, DOUBLE, DURATION, SELECTION_LIST, SPRING_BEAN_ID
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/frontend/EntityDescriptorRepresentation.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/frontend/EntityDescriptorRepresentation.java
index 2131696c4..32063271e 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/frontend/EntityDescriptorRepresentation.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/frontend/EntityDescriptorRepresentation.java
@@ -1,5 +1,6 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain.frontend;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
@@ -188,6 +189,12 @@ public void setCreatedDate(LocalDateTime createdDate) {
     public String getModifiedDate() {
         return modifiedDate != null ? modifiedDate.toString() : null;
     }
+    
+    @JsonIgnore
+    public LocalDateTime getModifiedDateAsDate() {
+        // we shouldn't have an ED without either modified or created date, so this is mostly for testing where data can be odd
+        return modifiedDate != null ? modifiedDate : createdDate != null ? createdDate : LocalDateTime.now();
+    }
 
     public void setModifiedDate(LocalDateTime modifiedDate) {
         this.modifiedDate = modifiedDate;
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/CustomAttributeRepository.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/CustomAttributeRepository.java
new file mode 100644
index 000000000..3470e9834
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/CustomAttributeRepository.java
@@ -0,0 +1,20 @@
+package edu.internet2.tier.shibboleth.admin.ui.repository;
+
+import java.util.List;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import edu.internet2.tier.shibboleth.admin.ui.domain.CustomAttributeDefinition;
+
+/**
+ * Repository to manage {@link CustomAttributeDefinition} instances.
+ */
+public interface CustomAttributeRepository extends JpaRepository<CustomAttributeDefinition, String> {
+   
+    List<CustomAttributeDefinition> findAll();
+    
+    CustomAttributeDefinition findByName(String name);
+    
+    @SuppressWarnings("unchecked")
+    CustomAttributeDefinition save(CustomAttributeDefinition attribute);
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomAttributesService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomAttributesService.java
new file mode 100644
index 000000000..6e2436bdf
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomAttributesService.java
@@ -0,0 +1,17 @@
+package edu.internet2.tier.shibboleth.admin.ui.service;
+
+import java.util.List;
+
+import edu.internet2.tier.shibboleth.admin.ui.domain.CustomAttributeDefinition;
+
+public interface CustomAttributesService {
+
+    CustomAttributeDefinition createOrUpdateDefinition(CustomAttributeDefinition definition);
+
+    void deleteDefinition(CustomAttributeDefinition definition);
+
+    CustomAttributeDefinition find(String name);
+
+    List<CustomAttributeDefinition> getAllDefinitions();
+
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomAttributesServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomAttributesServiceImpl.java
new file mode 100644
index 000000000..1dba4dae5
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomAttributesServiceImpl.java
@@ -0,0 +1,36 @@
+package edu.internet2.tier.shibboleth.admin.ui.service;
+
+import java.util.List;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import edu.internet2.tier.shibboleth.admin.ui.domain.CustomAttributeDefinition;
+import edu.internet2.tier.shibboleth.admin.ui.repository.CustomAttributeRepository;
+
+@Service
+public class CustomAttributesServiceImpl implements CustomAttributesService {
+    @Autowired
+    private CustomAttributeRepository repository;
+
+    @Override
+    public CustomAttributeDefinition createOrUpdateDefinition(CustomAttributeDefinition definition) {
+        return repository.save(definition);
+    }
+    
+    @Override
+    public void deleteDefinition(CustomAttributeDefinition definition) {
+        repository.delete(definition);
+    }
+
+    @Override
+    public CustomAttributeDefinition find(String name) {
+        return repository.findByName(name);
+    }
+
+    @Override
+    public List<CustomAttributeDefinition> getAllDefinitions() {
+        return repository.findAll();
+    }
+
+}
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesControllerIntegrationTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesControllerIntegrationTests.groovy
index 01a4ff060..bda1b4dfa 100644
--- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesControllerIntegrationTests.groovy
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesControllerIntegrationTests.groovy
@@ -1,14 +1,20 @@
 package edu.internet2.tier.shibboleth.admin.ui.controller
 
 import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects
+import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorRepository
+import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService
 import groovy.json.JsonOutput
 import net.shibboleth.ext.spring.resource.ResourceHelper
+import net.shibboleth.utilities.java.support.resolver.CriteriaSet
+
 import org.joda.time.DateTime
+import org.opensaml.core.criterion.EntityIdCriterion
 import org.opensaml.saml.metadata.resolver.ChainingMetadataResolver
 import org.opensaml.saml.metadata.resolver.MetadataResolver
 import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain
 import org.opensaml.saml.metadata.resolver.impl.FilesystemMetadataResolver
 import org.opensaml.saml.metadata.resolver.impl.ResourceBackedMetadataResolver
+import org.spockframework.spring.SpringBean
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.test.context.SpringBootTest
 import org.springframework.boot.test.context.TestConfiguration
@@ -35,11 +41,26 @@ class EntitiesControllerIntegrationTests extends Specification {
     @Autowired
     private WebTestClient webClient
 
-    /*def setup() {
-        // yeah, don't ask... this is just shenanigans
-        // The API is changed. Doesn't work anymore. Not sure if we need it here
-        this.webClient.webClient.uriBuilderFactory.encodingMode = DefaultUriBuilderFactory.EncodingMode.NONE
-    }*/
+    def openSamlObjects = new OpenSamlObjects().with {
+        init()
+        it
+    }
+
+    def resource = ResourceHelper.of(new ClassPathResource("/metadata/aggregate.xml"))
+
+    def metadataResolver = new ResourceBackedMetadataResolver(resource).with {
+        it.id = 'test'
+        it.parserPool = openSamlObjects.parserPool
+        initialize()
+        it
+    }
+    
+    // This stub will spit out the results from the resolver instead of actually finding them in the DB
+    @SpringBean
+    EntityDescriptorRepository edr =  Stub(EntityDescriptorRepository) {
+        findByEntityID("http://test.scaldingspoon.org/test1") >> metadataResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion("http://test.scaldingspoon.org/test1")))
+        findByEntityID("test") >> metadataResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion("test")))
+    }
 
     //todo review
     def "GET /api/entities returns the proper json"() {
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesControllerTests.groovy
index 1eb4e7159..8f262b6a1 100644
--- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesControllerTests.groovy
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesControllerTests.groovy
@@ -5,25 +5,32 @@ import edu.internet2.tier.shibboleth.admin.ui.configuration.Internationalization
 import edu.internet2.tier.shibboleth.admin.ui.configuration.SearchConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.configuration.TestConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects
+import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorRepository
 import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService
 import edu.internet2.tier.shibboleth.admin.ui.service.JPAEntityDescriptorServiceImpl
 import edu.internet2.tier.shibboleth.admin.ui.service.JPAEntityServiceImpl
 import net.shibboleth.ext.spring.resource.ResourceHelper
+import net.shibboleth.utilities.java.support.resolver.CriteriaSet
+
+import org.opensaml.core.criterion.EntityIdCriterion
 import org.opensaml.saml.metadata.resolver.impl.ResourceBackedMetadataResolver
+import org.spockframework.spring.SpringBean
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.autoconfigure.domain.EntityScan
 import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest
 import org.springframework.core.io.ClassPathResource
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories
+import org.springframework.http.HttpHeaders
 import org.springframework.http.MediaType
 import org.springframework.test.context.ContextConfiguration
 import org.springframework.test.web.servlet.setup.MockMvcBuilders
 import spock.lang.Specification
 import spock.lang.Subject
 
+import static org.hamcrest.Matchers.is;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*
 
 @DataJpaTest
 @ContextConfiguration(classes=[CoreShibUiConfiguration, SearchConfiguration, TestConfiguration, InternationalizationConfiguration])
@@ -46,12 +53,19 @@ class EntitiesControllerTests extends Specification {
 
     @Autowired
     UserService userService
-
+    
+    // This stub will spit out the results from the resolver instead of actually finding them in the DB
+    @SpringBean
+    EntityDescriptorRepository edr =  Stub(EntityDescriptorRepository) {
+        findByEntityID("http://test.scaldingspoon.org/test1") >> metadataResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion("http://test.scaldingspoon.org/test1")))
+        findByEntityID("test") >> metadataResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion("test")))
+    }
+        
     @Subject
     def controller = new EntitiesController(
             openSamlObjects: openSamlObjects,
             entityDescriptorService: new JPAEntityDescriptorServiceImpl(openSamlObjects, new JPAEntityServiceImpl(openSamlObjects), userService),
-            metadataResolver: metadataResolver
+            entityDescriptorRepository: edr
     )
 
     def mockMvc = MockMvcBuilders.standaloneSetup(controller).build()
@@ -64,6 +78,14 @@ class EntitiesControllerTests extends Specification {
         result.andExpect(status().isNotFound())
     }
 
+    def 'GET /entities/test'() {
+        when:
+        def result = mockMvc.perform(get("/entities/test"))
+
+        then:
+        result.andExpect(status().isNotFound())
+    }
+    
     def 'GET /api/entities/test XML'() {
         when:
         def result = mockMvc.perform(get("/api/entities/test").header('Accept', 'application/xml'))
@@ -72,7 +94,14 @@ class EntitiesControllerTests extends Specification {
         result.andExpect(status().isNotFound())
     }
 
-    //todo  review
+    def 'GET /entities/test XML'() {
+        when:
+        def result = mockMvc.perform(get("/entities/test").header('Accept', 'application/xml'))
+
+        then:
+        result.andExpect(status().isNotFound())
+    }
+
     def 'GET /api/entities/http%3A%2F%2Ftest.scaldingspoon.org%2Ftest1'() {
         given:
         def expectedBody = '''
@@ -100,16 +129,67 @@ class EntitiesControllerTests extends Specification {
                 "current":false
             }
         '''
+        
         when:
-        def result = mockMvc.perform(get('/api/entities/http%3A%2F%2Ftest.scaldingspoon.org%2Ftest1'))
+        def result = mockMvc.perform(get('/entities/http%3A%2F%2Ftest.scaldingspoon.org%2Ftest1'))
 
         then:
-        def x = content()
+        // Response headers section 2.5
+        // from the spec https://www.ietf.org/archive/id/draft-young-md-query-14.txt
         result.andExpect(status().isOk())
-                .andExpect(content().contentType(MediaType.APPLICATION_JSON))
-                .andExpect(content().json(expectedBody, false))
+              .andExpect(header().exists(HttpHeaders.CONTENT_TYPE))     // MUST HAVE
+//              .andExpect(header().exists(HttpHeaders.CONTENT_LENGTH)) // SHOULD HAVE - should end up from etag filter, so skipped for test
+//              .andExpect(header().exists(HttpHeaders.CACHE_CONTROL))  // SHOULD HAVE - should be included by Spring Security               
+//              .andExpect(header().exists(HttpHeaders.ETAG))           // MUST HAVE - is done by filter, so skipped for test  
+              .andExpect(header().exists(HttpHeaders.LAST_MODIFIED))
+              .andExpect(content().contentType(MediaType.APPLICATION_JSON))
+              .andExpect(content().json(expectedBody, false))
     }
 
+    def 'GET /entities/http%3A%2F%2Ftest.scaldingspoon.org%2Ftest1'() {
+        given:
+        def expectedBody = '''
+            {
+                "id":null,
+                "serviceProviderName":null,
+                "entityId":"http://test.scaldingspoon.org/test1",
+                "organization": {},
+                "contacts":null,
+                "serviceProviderSsoDescriptor": {
+                    "protocolSupportEnum":"SAML 2",
+                    "nameIdFormats":["urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"]
+                },
+                "logoutEndpoints":null,
+                "securityInfo":null,
+                "assertionConsumerServices":[
+                    {"locationUrl":"https://test.scaldingspoon.org/test1/acs","binding":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST","makeDefault":false}
+                ],
+                "serviceEnabled":false,
+                "createdDate":null,
+                "modifiedDate":null,
+                "attributeRelease":["givenName","employeeNumber"],
+                "version":-1891841119,
+                "createdBy":null,
+                "current":false
+            }
+        '''
+        
+        when:
+        def result = mockMvc.perform(get('/entities/http%3A%2F%2Ftest.scaldingspoon.org%2Ftest1'))
+
+        then:
+        // Response headers section 2.5
+        // from the spec https://www.ietf.org/archive/id/draft-young-md-query-14.txt
+        result.andExpect(status().isOk())
+              .andExpect(header().exists(HttpHeaders.CONTENT_TYPE))     // MUST HAVE
+//              .andExpect(header().exists(HttpHeaders.CONTENT_LENGTH)) // SHOULD HAVE - should end up from etag filter, so skipped for test
+//              .andExpect(header().exists(HttpHeaders.CACHE_CONTROL))  // SHOULD HAVE - should be included by Spring Security
+//              .andExpect(header().exists(HttpHeaders.ETAG))           // MUST HAVE - is done by filter, so skipped for test  
+              .andExpect(header().exists(HttpHeaders.LAST_MODIFIED))
+              .andExpect(content().contentType(MediaType.APPLICATION_JSON))
+              .andExpect(content().json(expectedBody, false))
+    }
+    
     def 'GET /api/entities/http%3A%2F%2Ftest.scaldingspoon.org%2Ftest1 XML'() {
         given:
         def expectedBody = '''<?xml version="1.0" encoding="UTF-8"?>
@@ -139,4 +219,34 @@ class EntitiesControllerTests extends Specification {
                 .andExpect(content().contentType('application/xml;charset=ISO-8859-1'))
                 .andExpect(content().xml(expectedBody))
     }
+    
+    def 'GET /entities/http%3A%2F%2Ftest.scaldingspoon.org%2Ftest1 XML'() {
+        given:
+        def expectedBody = '''<?xml version="1.0" encoding="UTF-8"?>
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://test.scaldingspoon.org/test1">
+  <md:Extensions>
+    <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
+      <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://scaldingspoon.org/realm" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+        <saml:AttributeValue>internal</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://shibboleth.net/ns/attributes/releaseAllValues" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+        <saml:AttributeValue>givenName</saml:AttributeValue>
+        <saml:AttributeValue>employeeNumber</saml:AttributeValue>
+      </saml:Attribute>
+    </mdattr:EntityAttributes>
+  </md:Extensions>
+  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://test.scaldingspoon.org/test1/acs" index="1"/>
+  </md:SPSSODescriptor>
+</md:EntityDescriptor>
+'''
+        when:
+        def result = mockMvc.perform(get('/entities/http%3A%2F%2Ftest.scaldingspoon.org%2Ftest1').header('Accept', 'application/xml'))
+
+        then:
+        result.andExpect(status().isOk())
+                .andExpect(content().contentType('application/xml;charset=ISO-8859-1'))
+                .andExpect(content().xml(expectedBody))
+    }
 }
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/CustomAttributeRepositoryTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/CustomAttributeRepositoryTests.groovy
new file mode 100644
index 000000000..f9af4b2a4
--- /dev/null
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/CustomAttributeRepositoryTests.groovy
@@ -0,0 +1,156 @@
+package edu.internet2.tier.shibboleth.admin.ui.repository
+
+import javax.persistence.EntityManager
+
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.boot.autoconfigure.domain.EntityScan
+import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest
+import org.springframework.data.jpa.repository.config.EnableJpaRepositories
+import org.springframework.test.context.ContextConfiguration
+
+import edu.internet2.tier.shibboleth.admin.ui.configuration.InternationalizationConfiguration
+import edu.internet2.tier.shibboleth.admin.ui.domain.CustomAttributeDefinition
+import spock.lang.Specification
+
+/**
+ * Tests to validate the repo and model for custom entity attributes
+ * @author chasegawa
+ */
+@DataJpaTest
+@ContextConfiguration(classes=[InternationalizationConfiguration])
+@EnableJpaRepositories(basePackages = ["edu.internet2.tier.shibboleth.admin.ui"])
+@EntityScan("edu.internet2.tier.shibboleth.admin.ui")
+class CustomAttributeRepositoryTests extends Specification {
+
+    @Autowired
+    CustomAttributeRepository repo
+    
+    @Autowired
+    EntityManager entityManager
+    
+    def "basic CRUD operations validated"() {
+        given:
+        def setItems = new HashSet<String>(["val1", "val2", "val3"])
+        def ca = new CustomAttributeDefinition().with {
+            it.name = "ca-name"
+            it.attributeType = "SELECTION_LIST"
+            it.customAttrListDefinitions = setItems
+            it
+        }
+
+        // Confirm empty state
+        when:
+        def atts = repo.findAll()
+
+        then:
+        atts.size() == 0
+        
+        // save check
+        when:
+        repo.save(ca)
+        entityManager.flush()
+        entityManager.clear()
+        
+        then:
+        // save check
+        def cas = repo.findAll()
+        cas.size() == 1
+        def caFromDb1 = cas.get(0).asType(CustomAttributeDefinition)
+        caFromDb1.equals(ca) == true
+      
+        // fetch checks
+        repo.findByName("not a name") == null
+        repo.findByName("ca-name").equals(ca)
+        
+        // update check
+        caFromDb1.with {
+            it.helpText = "some new text that wasn't there before"
+        }
+        caFromDb1.equals(ca) == false
+        
+        when:
+        repo.save(caFromDb1)
+        entityManager.flush()
+        entityManager.clear()
+        
+        then:
+        def cas2 = repo.findAll()
+        cas2.size() == 1
+        def caFromDb2 = cas2.get(0).asType(CustomAttributeDefinition)
+        caFromDb2.equals(ca) == false
+        caFromDb2.equals(caFromDb1) == true
+        
+        // delete tests
+        when:
+        def delByName = new CustomAttributeDefinition().with {
+            it.name = "ca-name"
+            it
+        }
+        repo.delete(delByName)
+        entityManager.flush()
+        entityManager.clear()
+        
+        then:
+        repo.findAll().size() == 0
+    }
+    
+    def "attribute list tests"() {
+        given:
+        def setItems2 = new HashSet<String>(["val2", "val1"])
+        def setItems3 = new HashSet<String>(["val1", "val2", "val3"])
+        def setItems4 = new HashSet<String>(["val1", "val2", "val3", "val4"])
+        def ca2 = new CustomAttributeDefinition().with {
+            it.name = "ca-name"
+            it.attributeType = "SELECTION_LIST"
+            it.customAttrListDefinitions = setItems2
+            it
+        }
+        def ca3 = new CustomAttributeDefinition().with {
+            it.name = "ca-name"
+            it.attributeType = "SELECTION_LIST"
+            it.customAttrListDefinitions = setItems3
+            it
+        }        
+        def ca4 = new CustomAttributeDefinition().with {
+            it.name = "ca-name"
+            it.attributeType = "SELECTION_LIST"
+            it.customAttrListDefinitions = setItems4
+            it
+        }
+        
+        when:
+        repo.save(ca3)
+        entityManager.flush()
+        entityManager.clear()
+        
+        then:
+        def cas = repo.findAll()
+        cas.size() == 1
+        def caFromDb = cas.get(0).asType(CustomAttributeDefinition)
+        caFromDb.equals(ca3) == true
+        
+        // now update the attribute list items
+        caFromDb.with { 
+            it.customAttrListDefinitions = setItems4
+            it
+        }
+        repo.save(caFromDb)
+        entityManager.flush()
+        entityManager.clear()
+        
+        def caFromDb4 = repo.findAll().get(0).asType(CustomAttributeDefinition)
+        caFromDb4.equals(ca4) == true
+        
+        // now remove items
+        caFromDb.with {
+            it.customAttrListDefinitions = setItems2
+            it
+        }
+        repo.save(caFromDb)
+        entityManager.flush()
+        entityManager.clear()
+        
+        def caFromDb2 = repo.findAll().get(0).asType(CustomAttributeDefinition)
+        caFromDb2.equals(ca2) == true
+    }
+}
\ No newline at end of file