diff --git a/Dockerfile b/Dockerfile
index 53cfc5cb..a913af5c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,8 +8,8 @@ LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
 
 ARG GROUPER_CONTAINER_VERSION
 
-ENV GROUPER_VERSION=5.6.0 \
-    GROUPER_CONTAINER_VERSION=5.6.0 \
+ENV GROUPER_VERSION=5.7.0 \
+    GROUPER_CONTAINER_VERSION=5.7.0 \
     JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto \
     PATH=$PATH:$JAVA_HOME/bin \
     GROUPER_HOME=/opt/grouper/grouperWebapp/WEB-INF
diff --git a/container_files/certs/client/localhost.pem b/container_files/certs/client/localhost.pem
new file mode 100644
index 00000000..59b8f374
--- /dev/null
+++ b/container_files/certs/client/localhost.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF4zCCA8ugAwIBAgIJAIGLhBfhRQ1IMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD
+VQQGEwJYWDESMBAGA1UECAwJU3RhdGVOYW1lMREwDwYDVQQHDAhDaXR5TmFtZTEU
+MBIGA1UECgwLQ29tcGFueU5hbWUxGzAZBgNVBAsMEkNvbXBhbnlTZWN0aW9uTmFt
+ZTEdMBsGA1UEAwwUQ29tbW9uTmFtZU9ySG9zdG5hbWUwIBcNMjMxMjI5MjAyOTE1
+WhgPMjA1MTA1MTYyMDI5MTVaMIGGMQswCQYDVQQGEwJYWDESMBAGA1UECAwJU3Rh
+dGVOYW1lMREwDwYDVQQHDAhDaXR5TmFtZTEUMBIGA1UECgwLQ29tcGFueU5hbWUx
+GzAZBgNVBAsMEkNvbXBhbnlTZWN0aW9uTmFtZTEdMBsGA1UEAwwUQ29tbW9uTmFt
+ZU9ySG9zdG5hbWUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCx09MP
+vAx8q5tzHQ6wdg7E7DtIFpBWds///mM1eP114510kmm4Fe+uleYLXSydzA47fDqH
+HqWOu7mOAyRJuXGGXJ/KWFwBnam0GDhq4kxBUM3wvQbPDcpw1CrUhXaCkeM8ddFI
+wQQ0t0dEzJfRuJgriXk3lIfcPMDgHP16gV7KwFdWKN+JQwGHVYXJabCH93hbr1+d
++pzHWyr/g/DEdWVJ9coGL++w3xLJUxjPX8DzJX55NUIbrBA4JIjZMZh96qPQOXii
+UvfVQaelnQNLF3YD0GkJ7ZdO3AucwGjfyQBtBhaS/wiXe7xm6PxGdWmDa350sWO9
+XVQUx32KJvoW8ViybPceoJkdhN6IE66lNjwJGzQ4zVA2Cs6Tl03DJ9TKiiTi4z2k
+1Yor9l+yYm4c1p74FSOdPcqT8yaoXwW4s7WpSZZMHP0FCzWN2E+Fw+Bp+nnQVI7G
+rVeFiaBm898DBChb1wVZuBHeeXumx89oUKdww+Mly5tmdgtaCI7ac22AauK9SKEL
+xsceWWjz7Y8r8QZNzJpezlT/gmZz+JGg6CuC6oN4Zuu2QbBoaNFOv3Vvs6SFg0T+
+1OZ3hu5aiSpRUDM9qFsaAXxqbFwafd/Yc3rcaKTiUICusjJQjysaT/0ANCDIIooW
+Vc4I01crHQJIRDVm5cLK5psZk4bBDuzioziu9wIDAQABo1AwTjAdBgNVHQ4EFgQU
+oKZqZBHHaKTPJFRj44vl+wQoMtowHwYDVR0jBBgwFoAUoKZqZBHHaKTPJFRj44vl
++wQoMtowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAkvPB/463LNJC
+gmEIpldcse4dHs7o2GrtGLAA3XH0hGRSOa+6revsq/QQTYlYXPz6S2yv+byEA/ru
+nMd33kOYtRTfzajxQ8uNNLf/EycfPvKZhO9S4tPy3HWnLMt+PzTjK2zubyNCilxz
+Y6nfkNwFDl2+mmf+oSE8XqGvcjLAotoAIpp/lrqK224vaLxZrHH/07brmC4cOWWz
+c6ibDhMmvMjcXJh7yQ0RxIAHpUhht7nDJfZMPCdn2PWOtJFwn0ep3lXTc4fjd7qq
+UH+aQyOIVQo3PWa538kR7hBMTTUVgSM9ueeJvQRCwtRp38Yv2+a6gDNZRwE1Nt6V
+apTL99GZqE0WURHIByqV/mHZBVT5tjv9ypv49Cy6HiEo+UtYXbF06qHJqjjhbmb4
+mK/+1F2qmc5apIQPrk+MURF+0N6126OfRMg9nN3epsa13gvFrXi9k8HnwY+SXod6
+eX7/XnZzMWLZHHtsCHAozTFYDQGpihFvq24CH4MlDhGJxFYs53txX7eKcwyKC2i8
+ZPPsHe8/PltHwdnonuHZ1pp0XU6EtjI0n17CVeVFjZI+nfd30MTkBl+tnQm8caYd
+CsxEiUuVzCceJjlqqB/Cug767QWkzxr3HcRYgkQQ5UUW1alqjMgI3mnr6MrqyJFq
+i1A4cbdYt2h0WcSM/5M+ABe4CG8JOgc=
+-----END CERTIFICATE-----
diff --git a/container_files/certs/keys/localhost.key b/container_files/certs/keys/localhost.key
new file mode 100644
index 00000000..da840e97
--- /dev/null
+++ b/container_files/certs/keys/localhost.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCx09MPvAx8q5tz
+HQ6wdg7E7DtIFpBWds///mM1eP114510kmm4Fe+uleYLXSydzA47fDqHHqWOu7mO
+AyRJuXGGXJ/KWFwBnam0GDhq4kxBUM3wvQbPDcpw1CrUhXaCkeM8ddFIwQQ0t0dE
+zJfRuJgriXk3lIfcPMDgHP16gV7KwFdWKN+JQwGHVYXJabCH93hbr1+d+pzHWyr/
+g/DEdWVJ9coGL++w3xLJUxjPX8DzJX55NUIbrBA4JIjZMZh96qPQOXiiUvfVQael
+nQNLF3YD0GkJ7ZdO3AucwGjfyQBtBhaS/wiXe7xm6PxGdWmDa350sWO9XVQUx32K
+JvoW8ViybPceoJkdhN6IE66lNjwJGzQ4zVA2Cs6Tl03DJ9TKiiTi4z2k1Yor9l+y
+Ym4c1p74FSOdPcqT8yaoXwW4s7WpSZZMHP0FCzWN2E+Fw+Bp+nnQVI7GrVeFiaBm
+898DBChb1wVZuBHeeXumx89oUKdww+Mly5tmdgtaCI7ac22AauK9SKELxsceWWjz
+7Y8r8QZNzJpezlT/gmZz+JGg6CuC6oN4Zuu2QbBoaNFOv3Vvs6SFg0T+1OZ3hu5a
+iSpRUDM9qFsaAXxqbFwafd/Yc3rcaKTiUICusjJQjysaT/0ANCDIIooWVc4I01cr
+HQJIRDVm5cLK5psZk4bBDuzioziu9wIDAQABAoICABtZ2TyyT7ldK6uo7Hl3rw3a
+x8NutQSXgaZ+GgQ/d7yKJc2oN1p5BUR1Ccz1p8cde5LqqJXfwNcTSJbvJMWyICPq
+WylkLcKR3Wg10XefFtt08jf02vc9x8VS3MOTQ4cRqUHDXU0zYtI43l1WmoNHQSBx
+JJPH5J2bOo895j7RZyMIMmauIrOZ+sI2BT3VY7GF/p0bfDlwMmz3OMXUJVQSOmIF
+y+znspYhuWH9xfMfZy3+tlUuO9zFujjoZaQCXNIBJPEB5ewRlszWLFLss3T5Rs2P
+YJiGUp9ueNrDPV4uLEKYjSBO2aNzBKdPbn3n0TLFdc28+vpFQIlxpX16QT0GIf4N
+vyCevCj0oRKBSJ5UxMcag/Pj8DXxh+vQ7x+NduYqL8ciNJLHMvyoy4591RJMOQbM
+P3YNqZ/hY8IdPMVMww4t8wm1R7GhHZaVcDAEUiebtE/Wd2pdyPNZ/9d3m91a7MLl
+KnVU3qdDXKmcC0uxat2xlb2sIJthHwjUj2sjNJ+xGxMiqxBbg9VNyQ7DmwKHyTL1
+6YngahdrFQXjA6Df1iuf6Xzh7nNmV5GfT+yKny+rTSszUx5fZNo1qvJ2oTC87gUe
+HV7qYO6+vzaM8hUpb3vSAzmgjynymmq9m8A0Yim/GkxGHt7GJ+JqMrwSKz5zT+3f
+qZJFAuraKJJVZ9A2/C0BAoIBAQDjlRxnXO9Co0OafJcn8ylHEOfcTAKQkb9Ncsoh
+r4LLTmkhZFs830C6WG4PXZOtKbYElqTk2AQZeZlKLN217etMoC6jh1fCjDrlGE9R
+btzWEsT6j+Ol6yOClAznZoQQClyQiI7ycijANrPhnoNKrIqC23L56ZklHQktfWoy
+smwnm6ulNh7UeYkX/jv02j1I1zaUjGWA0CPm/xzpjYeUWkdwgelzqBxPOCzPv9oT
+bvNoyNqSj/5ZuTPBtI+n4GH/tJxk51hYSb9+igpx98wMux7XxHgthwSiqa5Lwlkq
+OJWnTwXFV7heDDcTjVorxXE3lhU3iDbqvqQdQQaUBLQHjhgjAoIBAQDICD868TeV
+r01ab9RrqoDCyl2+hmNh6TBODCDu0eLxewN1kGymVkzdi/VBGEDMhdd3mro/wxTa
+ZXPUrBeznMwvUVlnI2s7RZKrhrf1O5w7Qv4TG09kZKIn4aXYx5uhxxgDgc7aPxjS
+XQAWbAZtbrtFaaXEvC0rsExLatfOJXgURiYDXKBiwV8rg//65YnPtVHBfVGiWF3p
+62EDZYYkGHVuF5UpbVHm0DVT8xW5ixmwhpNcBqKM+WobPaZEwGbULu75bvSqA7Sw
+g4Cz6m7aCL/3TQVEEpdS4HkEqqN7ClsTn+VMqOWPkAbtkzTHmrDjn0n4ZtIw9g/y
+70PgpJXZ7fEdAoIBAApr1I4jIk2h3kGfvOg2aUh4zLU4wdFO6zynqfva5plasNO3
+nbnu2y7tR7Tqaw294DjbkRdtkNp9x/guj8R57ZFnsFsKooklFLlS4Kbw9anT2DNF
+DX6WgtzC3Mhn2FpHry9rIWiWs6kBmEEXmhl8Rydw1xX8jWe2qansmUVTCELUDQsW
+rFi8a/uuR56Rs8a3HCe3Ohqo7UvxmKhVM8UmUSkkucTzCMDT6LFmrpy/MuQ0dlXJ
+xDLlmSogk4dzbelgoty3/0KjteIcfhfz6eMXWnU06O/kw+CS9ok/kAev6aJsqu37
+c1TTKF571Yo1k1ahR71wPluHeUphpOR4Rqol5pMCggEAadaTPiirdHPQxe0tw9nv
+TyGsAEczBndPq7wXIMXFAmhIKEhGdKxs9zw6hDrE7nJS02H28g3SVswfQYPc9pgc
+IV01pLDE6BOjy0X4x7TGsUR9Erb8hu4ILnniOpVC75JcTl68iBWimIvEpBh8PiK8
+y7lekH3QmLErbSwXC2gf5PpI2raD1jziki/BnYseI9yYaXxZWUDQUBjOt/FbzHV0
+jM/FiKnjD/FShhy0ffvvl8tc5PBNybGeRtOTygTTY6mBoFDo+5wCWvL5gjikdpDy
+oXMLOj1r+9nxrlprLYsJLZUIyksDS7a1M7cT0hkzRvzdMqWUyXsobS3UCGSNNUYE
+sQKCAQAgUoFwyU32kbabX1w+rq+mMY5fHtactIGI6Fj+s05jEmiAG0IQDcArA3Yf
+HsU4WD5hSAYJ2Pe4JFBiRT1qaxZGTLGsDHWPf1t/Likx6W7CKvlY1oMd5/48EEkk
+MuGUdor3nlG2FfHeIj/2Qxb5M4wxEnCu5UlHVTwwQq3JKVdjSae0p+DMemE6jt4U
+55ctAR054R1Y+y83KMmjgaoBHFiRjIiN83Rbi/r+9LqJhEgSO4xyJg2munsGhSDc
+TKX2Kq2rbkop9lmIB4dxFlAc0hkYRaErgO6i7eBolhpflw+WRGp1fx1aoJcTrT+1
+64pohvmZMxTgi91XAfPdirMLS7MQ
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/container_files/docker-build-bin/containerDockerfileInstall.sh b/container_files/docker-build-bin/containerDockerfileInstall.sh
index 5fc89a72..147c9b26 100644
--- a/container_files/docker-build-bin/containerDockerfileInstall.sh
+++ b/container_files/docker-build-bin/containerDockerfileInstall.sh
@@ -165,9 +165,19 @@ returnCode=$?
 echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/grouper/certs/anchors, result: $returnCode"
 if [ $returnCode != 0 ]; then exit $returnCode; fi
 
-mv /opt/container_files/certs/* /opt/grouper/certs/
+mkdir -p /opt/grouper/certs/keys
 returnCode=$?
-echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mv /opt/container_files/certs/* /opt/grouper/certs/, result: $returnCode"
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) mkdir -p /opt/grouper/certs/keys, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+cp -R /opt/container_files/certs/* /opt/grouper/certs/
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) cp -R /opt/container_files/certs/* /opt/grouper/certs/, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
+rm -rf /opt/container_files/certs
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) rm -rf /opt/container_files/certs, result: $returnCode"
 if [ $returnCode != 0 ]; then exit $returnCode; fi
 
 echo 'umask 002' >> /home/tomcat/.bashrc
diff --git a/container_files/docker-build-bin/containerDockerfileInstallPermissions.sh b/container_files/docker-build-bin/containerDockerfileInstallPermissions.sh
index 885b2f5b..9d8f44b1 100644
--- a/container_files/docker-build-bin/containerDockerfileInstallPermissions.sh
+++ b/container_files/docker-build-bin/containerDockerfileInstallPermissions.sh
@@ -75,6 +75,11 @@ if [ $lines -ne 0 ]; then
   if [ $returnCode != 0 ]; then exit $returnCode; fi
 fi
 
+chmod 660 /opt/grouper/certs/keys/*
+returnCode=$?
+echo "grouperDockerfile; INFO: (containerDockerfileInstall.sh) chmod 660 /opt/grouper/certs/keys/*, result: $returnCode"
+if [ $returnCode != 0 ]; then exit $returnCode; fi
+
 /opt/container_files/docker-build-bin/containerDockerfileInstallDos2unix.sh /usr/local/bin
 returnCode=$?
 echo "grouperDockerfile; INFO: (containerDockerfileInstallPermissions.sh) /opt/container_files/docker-build-bin/containerDockerfileInstallDos2unix.sh /usr/local/bin, result: $returnCode"
diff --git a/container_files/tomcat/conf/server.xml.grouper b/container_files/tomcat/conf/server.xml.grouper
index 5cc1afeb..bb8b4910 100644
--- a/container_files/tomcat/conf/server.xml.grouper
+++ b/container_files/tomcat/conf/server.xml.grouper
@@ -66,11 +66,12 @@
          APR (HTTP/AJP) Connector: /docs/apr.html
          Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
     -->
-    <Connector port="8080" protocol="HTTP/1.1"
+    <!--GROUPER_HTTP_CONNECTOR-->
+    <!--Connector port="8080" protocol="HTTP/1.1"
                connectionTimeout="20000"
                redirectPort="8443"
-               maxParameterCount="10000"
-               />
+               maxParameterCount="1000"
+    -->
     <!-- A "Connector" using the shared thread pool-->
     <!--
     <Connector executor="tomcatThreadPool"
@@ -98,6 +99,7 @@
         </SSLHostConfig>
     </Connector>
     -->
+    <!--GROUPER_HTTPS_CONNECTOR-->
     <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
          This connector uses the APR/native implementation which always uses
          OpenSSL for TLS.
@@ -169,6 +171,8 @@
         -->
         <!--GROUPER_REMOTE_CIDR_VALVE-->
 
+        <!--GROUPER_REMOTE_IP_VALVE-->
+
         <!-- Access log processes all example.
              Documentation at: /docs/config/valve.html
              Note: The pattern used is equivalent to using pattern="common" -->
diff --git a/container_files/tomcat/conf/server.xml.grouper.patch b/container_files/tomcat/conf/server.xml.grouper.patch
index 0196ac53..5a721287 100644
--- a/container_files/tomcat/conf/server.xml.grouper.patch
+++ b/container_files/tomcat/conf/server.xml.grouper.patch
@@ -1,15 +1,29 @@
---- server.xml.original	2023-06-27 13:54:24.000000000 -0400
-+++ server.xml.grouper	2023-07-03 02:37:07.000000000 -0400
-@@ -69,7 +69,7 @@
-     <Connector port="8080" protocol="HTTP/1.1"
+--- server.xml.original	2023-08-21 10:59:20.000000000 -0400
++++ server.xml.grouper	2023-12-29 16:10:49.000000000 -0500
+@@ -66,11 +66,12 @@
+          APR (HTTP/AJP) Connector: /docs/apr.html
+          Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+     -->
+-    <Connector port="8080" protocol="HTTP/1.1"
++    <!--GROUPER_HTTP_CONNECTOR-->
++    <!--Connector port="8080" protocol="HTTP/1.1"
                 connectionTimeout="20000"
                 redirectPort="8443"
--               maxParameterCount="1000"
-+               maxParameterCount="10000"
-                />
+                maxParameterCount="1000"
+-               />
++    -->
      <!-- A "Connector" using the shared thread pool-->
      <!--
-@@ -128,7 +128,8 @@
+     <Connector executor="tomcatThreadPool"
+@@ -98,6 +99,7 @@
+         </SSLHostConfig>
+     </Connector>
+     -->
++    <!--GROUPER_HTTPS_CONNECTOR-->
+     <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
+          This connector uses the APR/native implementation which always uses
+          OpenSSL for TLS.
+@@ -128,7 +130,8 @@
                 maxParameterCount="1000"
                 />
      -->
@@ -19,11 +33,13 @@
      <!-- An Engine represents the entry point (within Catalina) that processes
           every request.  The Engine implementation for Tomcat stand alone
           analyzes the HTTP headers included with the request, and passes them
-@@ -166,13 +167,12 @@
+@@ -166,13 +169,14 @@
          <!--
          <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
          -->
 +        <!--GROUPER_REMOTE_CIDR_VALVE-->
++
++        <!--GROUPER_REMOTE_IP_VALVE-->
  
          <!-- Access log processes all example.
               Documentation at: /docs/config/valve.html
diff --git a/container_files/usr-local-bin/libraryPrep.sh b/container_files/usr-local-bin/libraryPrep.sh
index 86eedf33..9aec2c78 100644
--- a/container_files/usr-local-bin/libraryPrep.sh
+++ b/container_files/usr-local-bin/libraryPrep.sh
@@ -197,9 +197,9 @@ prep_finishBegin() {
       export GROUPER_USE_SSL=true
     fi
     if [ "$GROUPER_USE_SSL" = "true" ]; then
-      if [ -z "$GROUPER_SELF_SIGNED_CERT" ] && [ -z "$GROUPER_SSL_CERT_FILE" ] && [ ! -f /etc/pki/tls/certs/host-cert.pem ] ; then 
+      if [ -z "$GROUPER_SELF_SIGNED_CERT" ] && [ -z "$GROUPER_SSL_CERT_FILE" ] && [ ! -f /opt/grouper/certs/client/localhost.pem ] ; then 
       
-        echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) GROUPER_SELF_SIGNED_CERT and GROUPER_SSL_CERT_FILE are not specified and /etc/pki/tls/certs/host-cert.pem does not exist, so: export GROUPER_SELF_SIGNED_CERT=true"
+        echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) GROUPER_SELF_SIGNED_CERT and GROUPER_SSL_CERT_FILE are not specified and /opt/grouper/certs/client/localhost.pem does not exist, so: export GROUPER_SELF_SIGNED_CERT=true"
         export GROUPER_SELF_SIGNED_CERT=true
       
       fi
@@ -207,12 +207,12 @@ prep_finishBegin() {
   
         # default the cert path to self signed and no chain file
         if [ -z "$GROUPER_SSL_CERT_FILE" ] ; then 
-          echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/localhost.crt"
-          export GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/localhost.crt
+          echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_CERT_FILE=/opt/grouper/certs/client/localhost.pem"
+          export GROUPER_SSL_CERT_FILE=/opt/grouper/certs/client/localhost.pem
         fi
         if [ -z "$GROUPER_SSL_KEY_FILE" ] ; then 
-          echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_KEY_FILE=/etc/pki/tls/private/localhost.key"
-          export GROUPER_SSL_KEY_FILE=/etc/pki/tls/private/localhost.key
+          echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_KEY_FILE=/opt/grouper/certs/keys/localhost.key"
+          export GROUPER_SSL_KEY_FILE=/opt/grouper/certs/keys/localhost.key
         fi
         if [ -z "$GROUPER_SSL_CHAIN_FILE" ] && [ -z "$GROUPER_SSL_USE_CHAIN_FILE" ] ; then 
           echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=false"
@@ -220,30 +220,6 @@ prep_finishBegin() {
         fi
       
       fi
-      # default the cert path
-      if [ -z "$GROUPER_SSL_CERT_FILE" ] ; then 
-        echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem"
-        export GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem
-      fi
-      if [ -z "$GROUPER_SSL_KEY_FILE" ] ; then 
-        echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_KEY_FILE=/etc/pki/tls/private/host-key.pem"
-        export GROUPER_SSL_KEY_FILE=/etc/pki/tls/private/host-key.pem
-      fi
-      if [ -z "$GROUPER_SSL_CHAIN_FILE" ] ; then 
-      
-        if [ -f /etc/pki/tls/certs/cachain.pem ]; then
-      
-          echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=true"
-          export GROUPER_SSL_USE_CHAIN_FILE=true
-          echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_CHAIN_FILE=/etc/pki/tls/certs/cachain.pem"
-          export GROUPER_SSL_CHAIN_FILE=/etc/pki/tls/certs/cachain.pem
-        else 
-
-          echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_SSL_USE_CHAIN_FILE=false"
-          export GROUPER_SSL_USE_CHAIN_FILE=false
-        
-        fi
-      fi
       if [ -z "$GROUPER_SSL_USE_CHAIN_FILE" ] ; then 
 
         if [ -z "$GROUPER_SSL_CHAIN_FILE" ]; then
@@ -314,6 +290,10 @@ prep_finishBegin() {
       echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_TOMCAT_HTTP_PORT=8080"
       export GROUPER_TOMCAT_HTTP_PORT=8080
     fi
+    if [ -z "$GROUPER_TOMCAT_HTTPS_PORT" ]; then 
+      echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_TOMCAT_HTTPS_PORT=8443"
+      export GROUPER_TOMCAT_HTTP_PORT=8443
+    fi
     if [ -z "$GROUPER_TOMCAT_MAX_HEADER_COUNT" ]; then 
       echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_TOMCAT_MAX_HEADER_COUNT=200"
       export GROUPER_TOMCAT_MAX_HEADER_COUNT=200
@@ -327,6 +307,11 @@ prep_finishBegin() {
       export GROUPER_TOMCAT_SHUTDOWN_PORT=8005
     fi
     
+    if [ -z "$GROUPER_TOMCAT_HTTPS_ALIAS" ] && [ "$GROUPER_SELF_SIGNED_CERT" = "true" ]; then 
+      echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_TOMCAT_HTTPS_ALIAS=localhost"
+      export GROUPER_TOMCAT_HTTPS_ALIAS=localhost
+    fi    
+    
     if [ -z "$GROUPER_GSH_JVMARGS" ] ; then 
       echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_GSH_JVMARGS=\"-Djavax.net.ssl.trustStore=/etc/pki/java/cacerts\""
       export GROUPER_GSH_JVMARGS="-Djavax.net.ssl.trustStore=/etc/pki/java/cacerts"
@@ -382,6 +367,10 @@ prep_finishEnd() {
       echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_TOMCAT_LOG_ACCESS=false"
       export GROUPER_TOMCAT_LOG_ACCESS=false
     fi
+    if [ -z "$GROUPER_TOMCAT_REMOTE_IP_VALVE" ]; then 
+      echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishEnd) export GROUPER_TOMCAT_REMOTE_IP_VALVE=false"
+      export GROUPER_TOMCAT_REMOTE_IP_VALVE=false
+    fi
     if [ -z "$GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER" ]; then 
       if [ "$GROUPER_PROXY_PASS" = "#" ]; then 
     
diff --git a/container_files/usr-local-bin/librarySetupFilesTomcat.sh b/container_files/usr-local-bin/librarySetupFilesTomcat.sh
index 0b40ea64..562a25dc 100644
--- a/container_files/usr-local-bin/librarySetupFilesTomcat.sh
+++ b/container_files/usr-local-bin/librarySetupFilesTomcat.sh
@@ -3,7 +3,10 @@
 setupFilesTomcat() {
   setupFilesTomcat_serverXml
   setupFilesTomcat_remoteCidrValve
+  setupFilesTomcat_remoteIpValve
   setupFilesTomcat_turnOnAjp
+  setupFilesTomcat_turnOnHttp
+  setupFilesTomcat_turnOnHttps
   setupFilesTomcat_authn
   setupFilesTomcat_context
   setupFilesTomcat_ports
@@ -14,6 +17,122 @@ setupFilesTomcat() {
   setupFilesTomcat_sslCertsClient
 }
 
+setupFilesTomcat_remoteIpValve() {
+
+  if [ "$GROUPER_TOMCAT_REMOTE_IP_VALVE" = "true" ]; then 
+    if [ $(grep -c '<!--GROUPER_REMOTE_IP_VALVE-->' /opt/tomcat/conf/server.xml) -ge 1 ]; then
+    
+      # <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="192\.168\.0\.10|192\.168\.0\.11" remoteIpHeader="x-forwarded-for" proxiesHeader="x-forwarded-by" trustedProxies="proxy1|proxy2" />
+      # <Valve className="org.apache.catalina.valves.RemoteIpValve" __REMOTE_IP_INTERNAL_PROXIES__ __REMOTE_IP_HEADER__ __REMOTE_IP_PROXIES_HEADER__ __REMOTE_IP_TRUSTED_PROXIES__ __REMOTE_IP_PROCOL_HEADER__ __REMOTE_IP_PROCOL_HEADER_HTTPS_VALUE__ __REMOTE_IP_HTTP_SERVER_PORT__ __REMOTE_IP_HTTPS_SERVER_PORT__ />
+    
+      sed -i 's|<!--GROUPER_REMOTE_IP_VALVE-->|<Valve className="org.apache.catalina.valves.RemoteIpValve" __REMOTE_IP_INTERNAL_PROXIES__ __REMOTE_IP_HEADER__ __REMOTE_IP_PROXIES_HEADER__ __REMOTE_IP_TRUSTED_PROXIES__ />|g' /opt/tomcat/conf/server.xml 
+      returnCode=$?
+      echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_remoteIpValve) Apply remote IP valve: sed -i 's|<!--GROUPER_REMOTE_IP_VALVE-->|<Valve className="org.apache.catalina.valves.RemoteIpValve" __REMOTE_IP_INTERNAL_PROXIES__ __REMOTE_IP_HEADER__ __REMOTE_IP_PROXIES_HEADER__ __REMOTE_IP_TRUSTED_PROXIES__ />|g' /opt/tomcat/conf/server.xml, result: $returnCode"
+      if [ $returnCode != 0 ]; then exit $returnCode; fi
+      
+      if [ ! -z "$REMOTE_IP_INTERNAL_PROXIES" ]; then 
+        sed -i 's|__REMOTE_IP_INTERNAL_PROXIES__|internalProxies="$REMOTE_IP_INTERNAL_PROXIES"|g' /opt/tomcat/conf/server.xml 
+        returnCode=$?
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_remoteIpValve) sed -i 's|__REMOTE_IP_INTERNAL_PROXIES__|internalProxies=\"$REMOTE_IP_INTERNAL_PROXIES\"|g' /opt/tomcat/conf/server.xml, result: $returnCode"
+        if [ $returnCode != 0 ]; then exit $returnCode; fi
+      else
+        sed -i 's|__REMOTE_IP_INTERNAL_PROXIES__||g' /opt/tomcat/conf/server.xml 
+        returnCode=$?
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_remoteIpValve) sed -i 's|__REMOTE_IP_INTERNAL_PROXIES__||g' /opt/tomcat/conf/server.xml, result: $returnCode"
+        if [ $returnCode != 0 ]; then exit $returnCode; fi
+      fi
+      
+      if [ ! -z "$REMOTE_IP_HEADER" ]; then 
+        sed -i 's|__REMOTE_IP_HEADER__|remoteIpHeader="$REMOTE_IP_HEADER"|g' /opt/tomcat/conf/server.xml 
+        returnCode=$?
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_remoteIpValve) sed -i 's|__REMOTE_IP_HEADER__|remoteIpHeader=\"$REMOTE_IP_HEADER\"|g' /opt/tomcat/conf/server.xml, result: $returnCode"
+        if [ $returnCode != 0 ]; then exit $returnCode; fi
+      else
+        sed -i 's|__REMOTE_IP_HEADER__||g' /opt/tomcat/conf/server.xml 
+        returnCode=$?
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_remoteIpValve) sed -i 's|__REMOTE_IP_HEADER__||g' /opt/tomcat/conf/server.xml, result: $returnCode"
+        if [ $returnCode != 0 ]; then exit $returnCode; fi
+      fi
+      
+      if [ ! -z "$REMOTE_IP_PROXIES_HEADER" ]; then 
+        sed -i 's|__REMOTE_IP_PROXIES_HEADER__|proxiesHeader="$REMOTE_IP_PROXIES_HEADER"|g' /opt/tomcat/conf/server.xml 
+        returnCode=$?
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_remoteIpValve) sed -i 's|__REMOTE_IP_PROXIES_HEADER__|proxiesHeader=\"$REMOTE_IP_PROXIES_HEADER\"|g' /opt/tomcat/conf/server.xml, result: $returnCode"
+        if [ $returnCode != 0 ]; then exit $returnCode; fi
+      else
+        sed -i 's|__REMOTE_IP_PROXIES_HEADER__||g' /opt/tomcat/conf/server.xml 
+        returnCode=$?
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_remoteIpValve) sed -i 's|__REMOTE_IP_PROXIES_HEADER__||g' /opt/tomcat/conf/server.xml, result: $returnCode"
+        if [ $returnCode != 0 ]; then exit $returnCode; fi
+      fi
+      
+      if [ ! -z "$REMOTE_IP_TRUSTED_PROXIES" ]; then 
+        sed -i 's|__REMOTE_IP_TRUSTED_PROXIES__|trustedProxies="$REMOTE_IP_TRUSTED_PROXIES"|g' /opt/tomcat/conf/server.xml 
+        returnCode=$?
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_remoteIpValve) sed -i 's|__REMOTE_IP_TRUSTED_PROXIES__|trustedProxies=\"$REMOTE_IP_TRUSTED_PROXIES\"|g' /opt/tomcat/conf/server.xml, result: $returnCode"
+        if [ $returnCode != 0 ]; then exit $returnCode; fi
+      else
+        sed -i 's|__REMOTE_IP_TRUSTED_PROXIES__||g' /opt/tomcat/conf/server.xml 
+        returnCode=$?
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_remoteIpValve) sed -i 's|__REMOTE_IP_TRUSTED_PROXIES__||g' /opt/tomcat/conf/server.xml, result: $returnCode"
+        if [ $returnCode != 0 ]; then exit $returnCode; fi
+      fi
+        
+      if [ ! -z "$REMOTE_IP_PROCOL_HEADER" ]; then 
+        sed -i 's|__REMOTE_IP_PROCOL_HEADER__|protocolHeader="$REMOTE_IP_PROCOL_HEADER"|g' /opt/tomcat/conf/server.xml 
+        returnCode=$?
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_remoteIpValve) sed -i 's|__REMOTE_IP_PROCOL_HEADER__|protocolHeader=\"$REMOTE_IP_PROCOL_HEADER\"|g' /opt/tomcat/conf/server.xml, result: $returnCode"
+        if [ $returnCode != 0 ]; then exit $returnCode; fi
+      else
+        sed -i 's|__REMOTE_IP_PROCOL_HEADER__||g' /opt/tomcat/conf/server.xml 
+        returnCode=$?
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_remoteIpValve) sed -i 's|__REMOTE_IP_PROCOL_HEADER__||g' /opt/tomcat/conf/server.xml, result: $returnCode"
+        if [ $returnCode != 0 ]; then exit $returnCode; fi
+      fi
+        
+      if [ ! -z "$REMOTE_IP_PROCOL_HEADER_HTTPS_VALUE" ]; then 
+        sed -i 's|__REMOTE_IP_PROCOL_HEADER_HTTPS_VALUE__|protocolHeaderHttpsValue="$REMOTE_IP_PROCOL_HEADER_HTTPS_VALUE"|g' /opt/tomcat/conf/server.xml 
+        returnCode=$?
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_remoteIpValve) sed -i 's|__REMOTE_IP_PROCOL_HEADER_HTTPS_VALUE__|protocolHeaderHttpsValue=\"$REMOTE_IP_PROCOL_HEADER_HTTPS_VALUE\"|g' /opt/tomcat/conf/server.xml, result: $returnCode"
+        if [ $returnCode != 0 ]; then exit $returnCode; fi
+      else
+        sed -i 's|__REMOTE_IP_PROCOL_HEADER_HTTPS_VALUE__||g' /opt/tomcat/conf/server.xml 
+        returnCode=$?
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_remoteIpValve) sed -i 's|__REMOTE_IP_PROCOL_HEADER_HTTPS_VALUE__||g' /opt/tomcat/conf/server.xml, result: $returnCode"
+        if [ $returnCode != 0 ]; then exit $returnCode; fi
+      fi
+        
+      if [ ! -z "$REMOTE_IP_HTTP_SERVER_PORT" ]; then 
+        sed -i 's|__REMOTE_IP_HTTP_SERVER_PORT__|httpServerPort="$REMOTE_IP_HTTP_SERVER_PORT"|g' /opt/tomcat/conf/server.xml 
+        returnCode=$?
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_remoteIpValve) sed -i 's|__REMOTE_IP_HTTP_SERVER_PORT__|httpServerPort=\"$REMOTE_IP_HTTP_SERVER_PORT\"|g' /opt/tomcat/conf/server.xml, result: $returnCode"
+        if [ $returnCode != 0 ]; then exit $returnCode; fi
+      else
+        sed -i 's|__REMOTE_IP_HTTP_SERVER_PORT__||g' /opt/tomcat/conf/server.xml 
+        returnCode=$?
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_remoteIpValve) sed -i 's|__REMOTE_IP_HTTP_SERVER_PORT__||g' /opt/tomcat/conf/server.xml, result: $returnCode"
+        if [ $returnCode != 0 ]; then exit $returnCode; fi
+      fi
+        
+      if [ ! -z "$REMOTE_IP_HTTPS_SERVER_PORT" ]; then 
+        sed -i 's|__REMOTE_IP_HTTPS_SERVER_PORT__|httpsServerPort="$REMOTE_IP_HTTPS_SERVER_PORT"|g' /opt/tomcat/conf/server.xml 
+        returnCode=$?
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_remoteIpValve) sed -i 's|__REMOTE_IP_HTTPS_SERVER_PORT__|httpsServerPort=\"$REMOTE_IP_HTTPS_SERVER_PORT\"|g' /opt/tomcat/conf/server.xml, result: $returnCode"
+        if [ $returnCode != 0 ]; then exit $returnCode; fi
+      else
+        sed -i 's|__REMOTE_IP_HTTPS_SERVER_PORT__||g' /opt/tomcat/conf/server.xml 
+        returnCode=$?
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_remoteIpValve) sed -i 's|__REMOTE_IP_HTTPS_SERVER_PORT__||g' /opt/tomcat/conf/server.xml, result: $returnCode"
+        if [ $returnCode != 0 ]; then exit $returnCode; fi
+      fi
+      
+    else
+      echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_remoteIpValve) /opt/tomcat/conf/server.xml does not contain <!--GROUPER_REMOTE_IP_VALVE--> so will not have remote IP valve applied"
+    fi
+    
+  fi
+
+}
 
 setupFilesTomcat_remoteCidrValve() {
 
@@ -60,16 +179,59 @@ setupFilesTomcat_serverXml() {
 
 setupFilesTomcat_turnOnAjp() {
 
-  if [ $(grep -c '<!--GROUPER_AJP_CONNECTOR-->' /opt/tomcat/conf/server.xml) -ge 1 ]; then
+  if [ "$GROUPER_TOMCAT_AJP_PORT" != "-1" ]; then
+
+    if [ $(grep -c '<!--GROUPER_AJP_CONNECTOR-->' /opt/tomcat/conf/server.xml) -ge 1 ]; then
+    
+      sed -i 's|<!--GROUPER_AJP_CONNECTOR-->|<Connector address="0.0.0.0" secretRequired="false" secure="true"  scheme="https"  URIEncoding="UTF-8"  tomcatAuthentication="false"  port="8009" protocol="AJP/1.3" redirectPort="8443" maxParameterCount="10000" />|g' /opt/tomcat/conf/server.xml 
+      returnCode=$?
+      echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_turnOnAjp) Apply AJP: sed -i 's|<!--GROUPER_AJP_CONNECTOR-->|<Connector address=\"0.0.0.0\" secretRequired=\"false\" secure=\"true\"  scheme=\"https\"  URIEncoding=\"UTF-8\"  tomcatAuthentication=\"false\"  port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" maxParameterCount=\"10000\" />|g' /opt/tomcat/conf/server.xml, result: $returnCode"
+      if [ $returnCode != 0 ]; then exit $returnCode; fi
+    else
+      echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_turnOnAjp) /opt/tomcat/conf/server.xml does not contain <!--GROUPER_AJP_CONNECTOR--> so will not have AJP connector applied"
+    fi
+  else 
+    echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_turnOnAjp) GROUPER_TOMCAT_AJP_PORT is set to -1, so will not have AJP connector applied"
+  fi  
+}
+
   
-    sed -i 's|<!--GROUPER_AJP_CONNECTOR-->|<Connector address="0.0.0.0" secretRequired="false" secure="true"  scheme="https"  URIEncoding="UTF-8"  tomcatAuthentication="false"  port="8009" protocol="AJP/1.3" redirectPort="8443" maxParameterCount="10000" />|g' /opt/tomcat/conf/server.xml 
-    returnCode=$?
-    echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_turnOnAjp) Apply AJP: sed -i 's|<!--GROUPER_AJP_CONNECTOR-->|<Connector address=\"0.0.0.0\" secretRequired=\"false\" secure=\"true\"  scheme=\"https\"  URIEncoding=\"UTF-8\"  tomcatAuthentication=\"false\"  port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" maxParameterCount=\"10000\" />|g' /opt/tomcat/conf/server.xml, result: $returnCode"
-    if [ $returnCode != 0 ]; then exit $returnCode; fi
-  else
-    echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_turnOnAjp) /opt/tomcat/conf/server.xml does not contain <!--GROUPER_AJP_CONNECTOR--> so will not have AJP connector applied"
-  fi
   
+
+setupFilesTomcat_turnOnHttp() {
+
+  if [ "$GROUPER_TOMCAT_HTTP_PORT" != "-1" ]; then
+
+    if [ $(grep -c '<!--GROUPER_HTTP_CONNECTOR-->' /opt/tomcat/conf/server.xml) -ge 1 ]; then
+    
+      sed -i 's|<!--GROUPER_HTTP_CONNECTOR-->|<Connector address="0.0.0.0" secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8080" protocol="HTTP/1.1" redirectPort="8443" maxParameterCount="10000" />|g' /opt/tomcat/conf/server.xml 
+      returnCode=$?
+      echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_turnOnHttp) Apply AJP: sed -i 's|<!--GROUPER_HTTP_CONNECTOR-->|<Connector address=\"0.0.0.0\" secure=\"true\" scheme=\"https\" URIEncoding=\"UTF-8\" tomcatAuthentication=\"false\" port=\"8080\" protocol=\"HTTP/1.1\" redirectPort=\"8443\" maxParameterCount=\"10000\" />|g' /opt/tomcat/conf/server.xml, result: $returnCode"
+      if [ $returnCode != 0 ]; then exit $returnCode; fi
+    else
+      echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_turnOnHttp) /opt/tomcat/conf/server.xml does not contain <!--GROUPER_HTTP_CONNECTOR--> so will not have HTTP connector applied"
+    fi
+  else 
+    echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_turnOnHttp) GROUPER_TOMCAT_HTTP_PORT is set to -1, so will not have HTTP connector applied"
+  fi  
+}
+
+setupFilesTomcat_turnOnHttps() {
+
+  if [ "$GROUPER_TOMCAT_HTTPS_PORT" != "-1" ]; then
+
+    if [ $(grep -c '<!--GROUPER_HTTPS_CONNECTOR-->' /opt/tomcat/conf/server.xml) -ge 1 ]; then
+    
+      sed -i 's|<!--GROUPER_HTTPS_CONNECTOR-->|<Connector address="0.0.0.0" secure="true" scheme="https" URIEncoding="UTF-8" tomcatAuthentication="false" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxParameterCount="10000" keyAlias="$GROUPER_TOMCAT_HTTPS_ALIAS" SSLEnabled="true" />|g' /opt/tomcat/conf/server.xml 
+      returnCode=$?
+      echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_turnOnHttps) Apply AJP: sed -i 's|<!--GROUPER_HTTPS_CONNECTOR-->|<Connector address=\"0.0.0.0\" secure=\"true\" scheme=\"https\" URIEncoding=\"UTF-8\" tomcatAuthentication=\"false\" port=\"8443\" protocol=\"org.apache.coyote.http11.Http11NioProtocol\" maxParameterCount=\"10000\" keyAlias=\"$GROUPER_TOMCAT_HTTPS_ALIAS\" SSLEnabled=\"true\" />|g' /opt/tomcat/conf/server.xml, result: $returnCode"
+      if [ $returnCode != 0 ]; then exit $returnCode; fi
+    else
+      echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_turnOnHttps) /opt/tomcat/conf/server.xml does not contain <!--GROUPER_HTTPS_CONNECTOR--> so will not have HTTPS connector applied"
+    fi
+  else 
+    echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_turnOnHttps) GROUPER_TOMCAT_HTTPS_PORT is set to -1, so will not have AJP connector applied"
+  fi  
 }
 
 setupFilesTomcat_accessLogs() {
@@ -77,10 +239,11 @@ setupFilesTomcat_accessLogs() {
   if [ "$GROUPER_TOMCAT_LOG_ACCESS" = "true" ]; then
     if [ $(grep -c '<!--GROUPER_LOGGING_VALVE-->' /opt/tomcat/conf/server.xml) -ge 1 ]; then
     
-      sed -i 's|<!--GROUPER_LOGGING_VALVE-->|<Valve className="org.apache.catalina.valves.AccessLogValve" directory="/tmp" prefix="tomcat_access_log" rotatable="false" pattern="%h %l %u %t \&quot;%r\&quot; %s %b" />|g' /opt/tomcat/conf/server.xml 
+      sed -i 's|<!--GROUPER_LOGGING_VALVE-->|<Valve className="org.apache.catalina.valves.AccessLogValve" requestAttributesEnabled="$GROUPER_TOMCAT_REMOTE_IP_VALVE" directory="/tmp" prefix="tomcat_access_log" rotatable="false" pattern="%h %l %u %t \&quot;%r\&quot; %s %b" />|g' /opt/tomcat/conf/server.xml 
       returnCode=$?
       echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_accessLogs) Apply access logs: sed -i 's|<!--GROUPER_LOGGING_VALVE-->|<Valve className=\"org.apache.catalina.valves.AccessLogValve\" directory=\"/tmp\" prefix=\"tomcat_access_log\" rotatable=\"false\" pattern=\"%h %l %u %t &quot;%r&quot; %s %b\" />|g' /opt/tomcat/conf/server.xml, result: $returnCode"
       if [ $returnCode != 0 ]; then exit $returnCode; fi
+
     else
       echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_accessLogs) /opt/tomcat/conf/server.xml does not contain <!--GROUPER_LOGGING_VALVE--> so will not have access logs applied"
     fi
@@ -97,6 +260,13 @@ setupFilesTomcat_ports() {
         if [ $returnCode != 0 ]; then exit $returnCode; fi
       fi
       
+      if [ "$GROUPER_TOMCAT_HTTPS_PORT" != "8443" ]; then 
+        sed -i "s|8443|$GROUPER_TOMCAT_HTTPS_PORT|g" /opt/tomcat/conf/server.xml
+        returnCode=$?
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_ports) update server.xml to change https port: sed -i \"s|8443|$GROUPER_TOMCAT_HTTPS_PORT|g\" /opt/tomcat/conf/server.xml, result: $returnCode"
+        if [ $returnCode != 0 ]; then exit $returnCode; fi
+      fi
+      
       if [ "$GROUPER_TOMCAT_AJP_PORT" != "8009" ]; then 
         sed -i "s|8009|$GROUPER_TOMCAT_AJP_PORT|g" /opt/tomcat/conf/server.xml
         returnCode=$?
@@ -255,10 +425,10 @@ setupFilesTomcat_sslCertsAnchors() {
 
         fileNameNoExtension=$(basename -- "$fileName")
         fileNameNoExtension="${fileNameNoExtension%.*}"
-        /usr/lib/jvm/java/bin/keytool -import -trustcacerts -noprompt -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -alias "$fileNameNoExtension" -file "$fileName"
+        /usr/lib/jvm/java/bin/keytool -import -trustcacerts -noprompt -cacerts -storepass changeit -alias "$fileNameNoExtension" -file "$fileName"
 
         returnCode=$?
-        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) /usr/lib/jvm/java/bin/keytool -import -trustcacerts -noprompt -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -alias \"$fileNameNoExtension\" -file \"$fileName\" , result=$returnCode"
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) /usr/lib/jvm/java/bin/keytool -import -trustcacerts -noprompt -cacerts -storepass changeit -alias \"$fileNameNoExtension\" -file \"$fileName\" , result=$returnCode"
         if [ $returnCode != 0 ]
         then
           exit $returnCode
@@ -298,10 +468,10 @@ setupFilesTomcat_sslCertsClient() {
 
         fileNameNoExtension=$(basename -- "$fileName")
         fileNameNoExtension="${fileNameNoExtension%.*}"
-        /usr/lib/jvm/java/bin/keytool -import -noprompt -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -alias "$fileNameNoExtension" -file "$fileName"
+        /usr/lib/jvm/java/bin/keytool -import -noprompt -cacerts -storepass changeit -alias "$fileNameNoExtension" -file "$fileName"
 
         returnCode=$?
-        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsClient) /usr/lib/jvm/java/bin/keytool -import -noprompt -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -alias \"$fileNameNoExtension\" -file \"$fileName\" , result=$returnCode"
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsClient) /usr/lib/jvm/java/bin/keytool -import -noprompt -cacerts -storepass changeit -alias \"$fileNameNoExtension\" -file \"$fileName\" , result=$returnCode"
         if [ $returnCode != 0 ]
         then
           exit $returnCode
@@ -331,6 +501,7 @@ setupFilesTomcat_unsetAll() {
   unset -f setupFilesTomcat_context
   unset -f setupFilesTomcat_ports
   unset -f setupFilesTomcat_remoteCidrValve
+  unset -f setupFilesTomcat_remoteIpValve
   unset -f setupFilesTomcat_serverXml
   unset -f setupFilesTomcat_ssl
   unset -f setupFilesTomcat_sslCertsAnchors
@@ -339,6 +510,8 @@ setupFilesTomcat_unsetAll() {
   unset -f setupFilesTomcat_accessLogs
   unset -f setupFilesTomcat_sessionTimeout
   unset -f setupFilesTomcat_turnOnAjp
+  unset -f setupFilesTomcat_turnOnHttp
+  unset -f setupFilesTomcat_turnOnHttps
 
 }
 
@@ -347,8 +520,10 @@ setupFilesTomcat_exportAll() {
   export -f setupFilesTomcat
   export -f setupFilesTomcat_authn
   export -f setupFilesTomcat_context
+  export -f setupFilesTomcat_http
   export -f setupFilesTomcat_ports
   export -f setupFilesTomcat_remoteCidrValve
+  export -f setupFilesTomcat_remoteIpValve
   export -f setupFilesTomcat_serverXml
   export -f setupFilesTomcat_ssl
   export -f setupFilesTomcat_sslCertsAnchors
@@ -357,6 +532,9 @@ setupFilesTomcat_exportAll() {
   export -f setupFilesTomcat_accessLogs
   export -f setupFilesTomcat_sessionTimeout
   export -f setupFilesTomcat_turnOnAjp
+  export -f setupFilesTomcat_turnOnHttp
+  export -f setupFilesTomcat_turnOnHttps
+  
 }
 
 # export everything