diff --git a/common.bash b/common.bash
index 29c9848..08d7cd7 100644
--- a/common.bash
+++ b/common.bash
@@ -1,3 +1,3 @@
 maintainer="i2incommon"
 imagename="midpoint"
-tag="4.8"
+tag="4.8.2"
diff --git a/demo/grouper/docker-compose.yml b/demo/grouper/docker-compose.yml
index 52f2478..a80751a 100644
--- a/demo/grouper/docker-compose.yml
+++ b/demo/grouper/docker-compose.yml
@@ -173,7 +173,7 @@ services:
      - CREATE_NEW_DATABASE=if_needed
 
   data_init:
-    image: i2incommon/midpoint:${tag:-4.8}
+    image: i2incommon/midpoint:${tag:-4.8.2}
     command: >
         bash -c "
         chmod 777 /opt/mp-pw/ ;
@@ -229,7 +229,7 @@ services:
     build:
       context: ./midpoint_server/
       args:
-        tag: ${tag:-4.8}
+        tag: ${tag:-4.8.2}
     depends_on:
      - data_init
      - midpoint_data
@@ -238,6 +238,7 @@ services:
     environment:
      - ENV
      - USERTOKEN
+     - MP_SET_midpoint_administrator_initialPassword=Password1
      - MP_SET_midpoint_repository_jdbcUsername=midpoint
      - MP_SET_midpoint_repository_jdbcPassword_FILE=/opt/mp-pw/dbpassword
      - MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
diff --git a/demo/grouper/midpoint_server/Dockerfile b/demo/grouper/midpoint_server/Dockerfile
index d1ef481..11ab497 100644
--- a/demo/grouper/midpoint_server/Dockerfile
+++ b/demo/grouper/midpoint_server/Dockerfile
@@ -1,4 +1,4 @@
-ARG tag=4.8
+ARG tag=4.8.2
 
 FROM i2incommon/midpoint:${tag}
 
diff --git a/demo/grouper/upload-objects.sh b/demo/grouper/upload-objects.sh
index 3f1c9b8..93f8a15 100755
--- a/demo/grouper/upload-objects.sh
+++ b/demo/grouper/upload-objects.sh
@@ -8,7 +8,7 @@ function upload () {
     type="${BASH_REMATCH[1]}"
     oid=`cat $filename | sed -n 's:.*oid=\"\([A-Za-z0-9\-]*\)\".*:\1:p' | sed -n '1 p'`
     echo "Uploading $filename ($type, $oid)"
-    curl -k --user administrator:5ecr3t -H "Content-Type: application/xml" -X PUT "https://localhost:8443/midpoint/ws/rest/$type/$oid?options=overwrite&options=raw" --data-binary @$filename
+    curl -k --user administrator:Password1 -H "Content-Type: application/xml" -X PUT "https://localhost:8443/midpoint/ws/rest/$type/$oid?options=overwrite&options=raw" --data-binary @$filename
   else
     echo "Skipping $filename"
   fi
diff --git a/demo/shibboleth/docker-compose-tests.yml b/demo/shibboleth/docker-compose-tests.yml
index 377a686..5f58d39 100644
--- a/demo/shibboleth/docker-compose-tests.yml
+++ b/demo/shibboleth/docker-compose-tests.yml
@@ -5,7 +5,7 @@ version: "3.3"
 
 services:
   data_init:
-    image: i2incommon/midpoint:${tag:-4.8}
+    image: i2incommon/midpoint:${tag:-4.8.2}
     command: >
         bash -c "
         chmod 777 /opt/mp-pw/ ;
@@ -61,7 +61,7 @@ services:
     build:
       context: ./midpoint_server/
       args:
-        tag: ${tag:-4.8}
+        tag: ${tag:-4.8.2}
     command: /usr/local/bin/startup.sh
     depends_on:
      - data_init
@@ -71,6 +71,7 @@ services:
     environment:
      - ENV
      - USERTOKEN
+     - MP_SET_midpoint_administrator_initialPassword=Password1
      - MP_SET_midpoint_repository_jdbcUsername=midpoint
      - MP_SET_midpoint_repository_jdbcPassword_FILE=/opt/mp-pw/dbpassword
      - MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
diff --git a/demo/shibboleth/docker-compose.yml b/demo/shibboleth/docker-compose.yml
index 5f908dd..e083b78 100644
--- a/demo/shibboleth/docker-compose.yml
+++ b/demo/shibboleth/docker-compose.yml
@@ -2,7 +2,7 @@ version: "3.3"
 
 services:
   data_init:
-    image: i2incommon/midpoint:${tag:-4.8}
+    image: i2incommon/midpoint:${tag:-4.8.2}
     command: >
         bash -c "
         chmod 777 /opt/mp-pw/ ;
@@ -58,7 +58,7 @@ services:
     build:
       context: ./midpoint_server/
       args:
-        tag: ${tag:-4.8}
+        tag: ${tag:-4.8.2}
     command: /usr/local/bin/startup.sh
     depends_on:
      - data_init
@@ -68,6 +68,7 @@ services:
     environment:
      - ENV
      - USERTOKEN
+     - MP_SET_midpoint_administrator_initialPassword=Password1
      - MP_SET_midpoint_repository_jdbcUsername=midpoint
      - MP_SET_midpoint_repository_jdbcPassword_FILE=/opt/mp-pw/dbpassword
      - MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
diff --git a/demo/shibboleth/midpoint_server/Dockerfile b/demo/shibboleth/midpoint_server/Dockerfile
index d1ef481..11ab497 100644
--- a/demo/shibboleth/midpoint_server/Dockerfile
+++ b/demo/shibboleth/midpoint_server/Dockerfile
@@ -1,4 +1,4 @@
-ARG tag=4.8
+ARG tag=4.8.2
 
 FROM i2incommon/midpoint:${tag}
 
diff --git a/demo/simple/docker-compose.yml b/demo/simple/docker-compose.yml
index 83aeb19..4de3aec 100644
--- a/demo/simple/docker-compose.yml
+++ b/demo/simple/docker-compose.yml
@@ -2,7 +2,7 @@ version: "3.3"
 
 services:
   data_init:
-    image: i2incommon/midpoint:${tag:-4.8}
+    image: i2incommon/midpoint:${tag:-4.8.2}
     command: >
         bash -c "
         chmod 777 /opt/mp-pw/ ;
@@ -57,7 +57,7 @@ services:
      - mp_pw:/opt/mp-pw
 
   midpoint_server:
-    image: i2incommon/midpoint:${tag:-4.8}
+    image: i2incommon/midpoint:${tag:-4.8.2}
     depends_on:
      - data_init
      - midpoint_data
@@ -66,6 +66,7 @@ services:
     environment:
      - ENV
      - USERTOKEN
+     - MP_SET_midpoint_administrator_initialPassword=Password1
      - MP_SET_midpoint_repository_jdbcUsername=midpoint
      - MP_SET_midpoint_repository_jdbcPassword_FILE=/opt/mp-pw/dbpassword
      - MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
diff --git a/download-midpoint.sh b/download-midpoint.sh
index 7c35db6..7ebc712 100755
--- a/download-midpoint.sh
+++ b/download-midpoint.sh
@@ -10,7 +10,7 @@ else
     # But if we need to incorporate interim changes to I2 distribution during
     # midPoint development cycle, we can specify concrete file from "midpoint-tier"
     # download directory by using its name (like "latest-stable").
-    MP_VERSION="4.8"
+    MP_VERSION="4.8.2"
   else
     MP_VERSION=$tag
   fi
diff --git a/library.bash b/library.bash
index 251f6a7..7254b64 100644
--- a/library.bash
+++ b/library.bash
@@ -4,6 +4,8 @@
 # Contains common functions usable for midPoint system tests
 #
 
+MP_USERPWD='administrator:Password1'
+
 # do not use from outside (ugly signature)
 function generic_wait_for_log () {
     CONTAINER_NAME=$1
@@ -113,7 +115,7 @@ function get_object () {
       PARAM='?include=result'
     fi
 
-    curl -k --user administrator:5ecr3t -H "Content-Type: application/xml" -X GET "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID$PARAM" >$OUTFILE || (rm $OUTFILE ; return 1)
+    curl -k --user $MP_USERPWD -H "Content-Type: application/xml" -X GET "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID$PARAM" >$OUTFILE || (rm $OUTFILE ; return 1)
     return 0
 }
 
@@ -125,7 +127,7 @@ function get_and_check_object () {
     local NAME=$3
     local TMPFILE=$(mktemp /tmp/get.XXXXXX)
     echo tmp file is $TMPFILE
-    curl -k --user administrator:5ecr3t -H "Content-Type: application/xml" -X GET "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID" >$TMPFILE || (rm $TMPFILE ; return 1)
+    curl -k --user $MP_USERPWD -H "Content-Type: application/xml" -X GET "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID" >$TMPFILE || (rm $TMPFILE ; return 1)
     if (grep -q "<name>$NAME</name>" <$TMPFILE); then
         echo "Object $TYPE/$OID '$NAME' is OK"
         rm $TMPFILE
@@ -145,7 +147,7 @@ function add_object () {
     TMPFILE=$(mktemp /tmp/addobject.XXXXXX)
     echo "Adding to $TYPE from $FILE..."
 
-    curl -k -sD - --silent --write-out "%{http_code}" --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/$TYPE" -d @$FILE >$TMPFILE
+    curl -k -sD - --silent --write-out "%{http_code}" --user $MP_USERPWD -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/$TYPE" -d @$FILE >$TMPFILE
     local HTTP_CODE=$(sed '$!d' $TMPFILE)
     sed -i '$ d' $TMPFILE
 
@@ -177,7 +179,7 @@ function execute_bulk_action () {
     echo "Executing bulk action from $FILE..."
     TMPFILE=$(mktemp /tmp/execbulkaction.XXXXXX)
 
-    (curl -k --silent --write-out "%{http_code}" --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/rpc/executeScript" -d @$FILE >$TMPFILE)  || (echo "Midpoint logs: " ; ([[ -n "$CONTAINER" ]] && docker logs $CONTAINER ) ; return 1)
+    (curl -k --silent --write-out "%{http_code}" --user $MP_USERPWD -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/rpc/executeScript" -d @$FILE >$TMPFILE)  || (echo "Midpoint logs: " ; ([[ -n "$CONTAINER" ]] && docker logs $CONTAINER ) ; return 1)
     local HTTP_CODE=$(sed '$!d' $TMPFILE)
     sed -i '$ d' $TMPFILE
 
@@ -217,7 +219,7 @@ function run_task_now () {
     echo "Running task $1 now..."
     TMPFILE=$(mktemp /tmp/runtasknow.XXXXXX)
 
-    (curl -k --silent --write-out "%{http_code}" --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/tasks/$OID/run" >$TMPFILE)  || (echo "Midpoint logs: " ; ([[ -n "$CONTAINER" ]] && docker logs $CONTAINER ) ; return 1)
+    (curl -k --silent --write-out "%{http_code}" --user $MP_USERPWD -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/tasks/$OID/run" >$TMPFILE)  || (echo "Midpoint logs: " ; ([[ -n "$CONTAINER" ]] && docker logs $CONTAINER ) ; return 1)
     local HTTP_CODE=$(sed '$!d' $TMPFILE)
     sed -i '$ d' $TMPFILE
 
@@ -239,7 +241,7 @@ function suspend_task () {
     echo "Suspending task $OID..."
     TMPFILE=$(mktemp /tmp/suspendtask.XXXXXX)
 
-    (curl -k --silent --write-out "%{http_code}" --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/tasks/$OID/suspend" >$TMPFILE)  || (echo "Midpoint logs: " ; ([[ -n "$CONTAINER" ]] && docker logs $CONTAINER ) ; return 1)
+    (curl -k --silent --write-out "%{http_code}" --user $MP_USERPWD -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/tasks/$OID/suspend" >$TMPFILE)  || (echo "Midpoint logs: " ; ([[ -n "$CONTAINER" ]] && docker logs $CONTAINER ) ; return 1)
     local HTTP_CODE=$(sed '$!d' $TMPFILE)
     sed -i '$ d' $TMPFILE
 
@@ -268,7 +270,7 @@ function delete_object () {
     echo "Deleting object with type $TYPE and oid $OID..."
     TMPFILE=$(mktemp /tmp/delete.XXXXXX)
 
-    curl -k --silent --write-out "%{http_code}" --user administrator:5ecr3t -H "Content-Type: application/xml" -X DELETE "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID" >$TMPFILE
+    curl -k --silent --write-out "%{http_code}" --user $MP_USERPWD -H "Content-Type: application/xml" -X DELETE "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID" >$TMPFILE
     local HTTP_CODE=$(sed '$!d' $TMPFILE)
     sed -i '$ d' $TMPFILE
 
@@ -297,7 +299,7 @@ function search_objects_by_name () {
     local NAME="$2"
     TMPFILE=$(mktemp /tmp/search.XXXXXX)
 
-    curl -k --write-out %{http_code}  --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/$TYPE/search" -d @- << EOF >$TMPFILE || (rm $TMPFILE ; return 1)
+    curl -k --write-out %{http_code}  --user $MP_USERPWD -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/$TYPE/search" -d @- << EOF >$TMPFILE || (rm $TMPFILE ; return 1)
 <q:query xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3">
     <q:filter>
         <q:equal>
@@ -350,7 +352,7 @@ function test_resource () {
     local OID=$1
     local TMPFILE=$(mktemp /tmp/test.resource.XXXXXX)
 
-    curl -k --silent --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/resources/$OID/test" >$TMPFILE || (rm $TMPFILE ; return 1)
+    curl -k --silent --user $MP_USERPWD -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/resources/$OID/test" >$TMPFILE || (rm $TMPFILE ; return 1)
     if [[ $(xmllint --xpath "/*/*[local-name()='status']/text()" $TMPFILE) == "success" ]]; then
         echo "Resource $OID test succeeded"
         rm $TMPFILE
@@ -368,7 +370,7 @@ function recompute () {
     local OID=$2
     local TMPFILE=$(mktemp /tmp/recompute.XXXXXX)
 
-    curl -k --silent --write-out "%{http_code}" --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID" -d @- << EOF >$TMPFILE || (rm $TMPFILE ; return 1)
+    curl -k --silent --write-out "%{http_code}" --user $MP_USERPWD -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID" -d @- << EOF >$TMPFILE || (rm $TMPFILE ; return 1)
 <objectModification xmlns='http://midpoint.evolveum.com/xml/ns/public/common/api-types-3'></objectModification>
 EOF
     local HTTP_CODE=$(sed '$!d' $TMPFILE)
@@ -580,7 +582,7 @@ function upload_from_file () {
     TYPE="${BASH_REMATCH[1]}"
     OID=`cat $FILENAME | sed -n 's:.*oid=\"\([A-Za-z0-9\-]*\)\".*:\1:p' | sed -n '1 p'`
     echo "Uploading $FILENAME ($TYPE, $OID)"
-    curl -k --user administrator:5ecr3t -H "Content-Type: application/xml" -X PUT "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID?options=overwrite$OPTIONS_TO_ADD" --data-binary @$FILENAME
+    curl -k --user $MP_USERPWD -H "Content-Type: application/xml" -X PUT "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID?options=overwrite$OPTIONS_TO_ADD" --data-binary @$FILENAME
   else
     echo "Skipping $FILENAME"
   fi