From bbff202de43c68084ba59fbdffc6053c2999ab55 Mon Sep 17 00:00:00 2001
From: Slavek Licehammer <slavek@evolveum.com>
Date: Tue, 29 Nov 2022 12:58:53 +0100
Subject: [PATCH] Upgrade to 4.6

---
 common.bash                                   |   2 +-
 demo/grouper/docker-compose.yml               |   4 +-
 demo/grouper/midpoint_server/Dockerfile       |   2 +-
 .../200-metarole-grouper-provided-group.xml   |   5 +-
 .../securityPolicy/000-security-policy.xml    |  33 +-
 .../010-system-configuration.xml              | 720 +++++++++++++++++-
 demo/shibboleth/docker-compose-tests.yml      |   4 +-
 demo/shibboleth/docker-compose.yml            |   4 +-
 demo/shibboleth/midpoint_server/Dockerfile    |   2 +-
 .../securityPolicy/SecurityPolicy.xml         |  30 +-
 demo/simple/docker-compose.yml                |   4 +-
 download-midpoint.sh                          |   2 +-
 12 files changed, 723 insertions(+), 89 deletions(-)

diff --git a/common.bash b/common.bash
index 4d2352e..b51a008 100644
--- a/common.bash
+++ b/common.bash
@@ -1,3 +1,3 @@
 maintainer="i2incommon"
 imagename="midpoint"
-tag="4.5"
+tag="4.6"
diff --git a/demo/grouper/docker-compose.yml b/demo/grouper/docker-compose.yml
index 21a69e2..d7d9406 100644
--- a/demo/grouper/docker-compose.yml
+++ b/demo/grouper/docker-compose.yml
@@ -173,7 +173,7 @@ services:
      - CREATE_NEW_DATABASE=if_needed
 
   data_init:
-    image: i2incommon/midpoint:${tag:-4.5}
+    image: i2incommon/midpoint:${tag:-4.6}
     command: >
         bash -c "
         chmod 777 /opt/mp-pw/ ;
@@ -229,7 +229,7 @@ services:
     build:
       context: ./midpoint_server/
       args:
-        tag: ${tag:-4.5}
+        tag: ${tag:-4.6}
     depends_on:
      - data_init
      - midpoint_data
diff --git a/demo/grouper/midpoint_server/Dockerfile b/demo/grouper/midpoint_server/Dockerfile
index 56d6f3a..e789c61 100644
--- a/demo/grouper/midpoint_server/Dockerfile
+++ b/demo/grouper/midpoint_server/Dockerfile
@@ -1,4 +1,4 @@
-ARG tag=4.5
+ARG tag=4.6
 
 FROM i2incommon/midpoint:${tag}
 
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-grouper-provided-group.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-grouper-provided-group.xml
index 2ed2227..a57bb9f 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-grouper-provided-group.xml
+++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-grouper-provided-group.xml
@@ -162,12 +162,13 @@
                             import com.evolveum.midpoint.schema.*
                             import com.evolveum.midpoint.xml.ns._public.common.common_3.*
                             import com.evolveum.midpoint.model.common.expression.ModelExpressionThreadLocalHolder
+                            import com.evolveum.midpoint.model.api.context.ProjectionContextKey
 
                             GROUPER_RESOURCE_OID = '1eff65de-5bb6-483d-9edf-8cc2c2ee0233'
 
                             modelContext = ModelExpressionThreadLocalHolder.lensContext
-                            rsd = new ResourceShadowDiscriminator(GROUPER_RESOURCE_OID, ShadowKindType.ENTITLEMENT, 'group', null, false)
-                            if (modelContext.findProjectionContext(rsd) != null) {
+
+                            if (modelContext.findProjectionContextByKeyExact(ProjectionContextKey.classified(GROUPER_RESOURCE_OID, ShadowKindType.ENTITLEMENT, 'group', null)) != null) {
                                 log.info('Projection context for Grouper group found, marking as "active"')
                                 'active'
                             } else {
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
index fbba265..300e5a9 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
+++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
@@ -7,11 +7,11 @@
     <authentication>
         <modules>
             <loginForm>
-                <name>internalLoginForm</name>
+                <name>loginForm</name>
                 <description>Internal username/password authentication, default user password, login form</description>
             </loginForm>
             <httpBasic>
-                <name>internalBasic</name>
+                <name>httpBasic</name>
                 <description>Internal username/password authentication, using HTTP basic auth</description>
             </httpBasic>
             <saml2>
@@ -46,17 +46,18 @@
         </modules>
         <sequence>
             <name>admin-gui-default</name>
+            <displayName>Default gui sequence</displayName>
             <description>
                 Default GUI authentication sequence.
             </description>
             <channel>
-                <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channelId>
                 <default>true</default>
+                <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channelId>
                 <urlSuffix>gui-default</urlSuffix>
             </channel>
             <module>
-                <name>internalLoginForm</name>
-                <order>30</order>
+                <name>loginForm</name>
+                <order>1</order>
                 <necessity>sufficient</necessity>
             </module>
         </sequence>
@@ -79,39 +80,38 @@
             </module>
         </sequence>
         <sequence>
-            <name>rest</name>
+            <name>rest-default</name>
             <description>
                 Authentication sequence for REST service.
             </description>
             <channel>
-                <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest</channelId>
                 <default>true</default>
+                <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest</channelId>
                 <urlSuffix>rest-default</urlSuffix>
             </channel>
             <module>
-                <name>internalBasic</name>
-                <order>10</order>
+                <name>httpBasic</name>
+                <order>1</order>
                 <necessity>sufficient</necessity>
             </module>
         </sequence>
         <sequence>
-            <name>actuator</name>
+            <name>actuator-default</name>
             <description>
                 Authentication sequence for actuator.
             </description>
             <channel>
-                <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#actuator</channelId>
                 <default>true</default>
+                <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#actuator</channelId>
                 <urlSuffix>actuator-default</urlSuffix>
             </channel>
             <module>
-                <name>internalBasic</name>
-                <order>10</order>
+                <name>httpBasic</name>
+                <order>1</order>
                 <necessity>sufficient</necessity>
             </module>
         </sequence>
-	<ignoredLocalPath>/actuator</ignoredLocalPath>
-    	<ignoredLocalPath>/actuator/health</ignoredLocalPath>
+        <ignoredLocalPath>/actuator/health</ignoredLocalPath>
     </authentication>
     <credentials>
         <password>
@@ -119,8 +119,7 @@
             <lockoutMaxFailedAttempts>3</lockoutMaxFailedAttempts>
             <lockoutFailedAttemptsDuration>PT3M</lockoutFailedAttemptsDuration>
             <lockoutDuration>PT15M</lockoutDuration>
-            <valuePolicyRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="00000000-0000-0000-0000-000000000003" relation="org:default" type="tns:ValuePolicyType">
-            </valuePolicyRef>
+            <valuePolicyRef oid="00000000-0000-0000-0000-000000000003"/>
         </password>
     </credentials>
 </securityPolicy>
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml
index fe5f876..cf88f07 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml
+++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml
@@ -245,46 +245,263 @@
         <name>demo/grouper</name>
     </deploymentInformation>
     <adminGuiConfiguration>
-        <userDashboardLink>
-            <targetUrl>/self/profile</targetUrl>
-            <label>PageSelfDashboard.profile</label>
-            <description>PageSelfDashboard.profile.description</description>
-            <icon>
-                <cssClass>fa fa-user</cssClass>
-            </icon>
-            <color>green</color>
-            <authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfProfile</authorization>
-            <authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll</authorization>
-        </userDashboardLink>
-        <userDashboardLink>
-            <targetUrl>/self/credentials</targetUrl>
-            <label>PageSelfDashboard.credentials</label>
-            <description>PageSelfDashboard.credentials.description</description>
-            <icon>
-                <cssClass>fa fa-shield</cssClass>
-            </icon>
-            <color>blue</color>
-            <authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfCredentials</authorization>
-            <authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll</authorization>
-        </userDashboardLink>
-        <userDashboardLink>
-            <targetUrl>/admin/users</targetUrl>
-            <label>PageSelfDashboard.listUsers</label>
-            <icon>
-                <cssClass>fa fa-users</cssClass>
-            </icon>
-            <color>red</color>
-            <authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#users</authorization>
-        </userDashboardLink>
-        <userDashboardLink>
-            <targetUrl>/admin/resources</targetUrl>
-            <label>PageSelfDashboard.listResources</label>
-            <icon>
-                <cssClass>fa fa-database</cssClass>
-            </icon>
-            <color>purple</color>
-            <authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resources</authorization>
-        </userDashboardLink>
+        <homePage>
+            <type>UserType</type>
+            <widget>
+                <identifier>myAccesses</identifier>
+                <display>
+                    <label>
+                        <orig>My accesses</orig>
+                        <translation>
+                            <key>PageSelfDashboard.myAccesses</key>
+                        </translation>
+                    </label>
+                    <cssClass>col-12 col-xxl-6</cssClass>
+                    <icon>
+                        <cssClass>fe fe-assignment</cssClass>
+                    </icon>
+                </display>
+                <displayOrder>10</displayOrder>
+                <action>
+                    <identifier>viewAll</identifier>
+                    <display>
+                        <label>
+                            <orig>View all</orig>
+                            <translation>
+                                <key>PageSelfDashboard.button.viewAll</key>
+                            </translation>
+                        </label>
+                        <icon>
+                            <cssClass>fa fa-search</cssClass>
+                        </icon>
+                    </display>
+                    <target>
+                        <targetUrl>/self/profile/user</targetUrl>
+                        <panelIdentifier>allAssignments</panelIdentifier>
+                    </target>
+                </action>
+                <action>
+                    <identifier>requestAccess</identifier>
+                    <display>
+                        <label>
+                            <orig>Request access</orig>
+                            <translation>
+                                <key>PageRequestAccess.title</key>
+                            </translation>
+                        </label>
+                        <icon>
+                            <cssClass>fas fa-plus-circle</cssClass>
+                        </icon>
+                    </display>
+                    <target>
+                        <targetUrl>/self/requestAccess</targetUrl>
+                    </target>
+                </action>
+                <panelType>allAssignments</panelType>
+                <previewSize>5</previewSize>
+            </widget>
+            <widget>
+                <identifier>myRequests</identifier>
+                <display>
+                    <label>
+                        <orig>My requests</orig>
+                        <translation>
+                            <key>PageSelfDashboard.myRequests</key>
+                        </translation>
+                    </label>
+                    <cssClass>col-12 col-xxl-6</cssClass>
+                    <icon>
+                        <cssClass>fe fe-case</cssClass>
+                    </icon>
+                </display>
+                <displayOrder>20</displayOrder>
+                <action>
+                    <identifier>viewAll</identifier>
+                    <display>
+                        <label>
+                            <orig>View all</orig>
+                            <translation>
+                                <key>PageSelfDashboard.button.viewAll</key>
+                            </translation>
+                        </label>
+                        <icon>
+                            <cssClass>fa fa-search</cssClass>
+                        </icon>
+                    </display>
+                    <target>
+                        <targetUrl>/admin/casesAll</targetUrl>
+                        <collectionIdentifier>my-cases</collectionIdentifier>
+                    </target>
+                </action>
+                <panelType>myRequests</panelType>
+                <previewSize>5</previewSize>
+            </widget>
+            <widget>
+                <identifier>myWorkItems</identifier>
+                <display>
+                    <label>
+                        <orig>My work items</orig>
+                        <translation>
+                            <key>PageSelfDashboard.workItems</key>
+                        </translation>
+                    </label>
+                    <cssClass>col-12 col-xxl-6</cssClass>
+                    <icon>
+                        <cssClass>fa fa-inbox</cssClass>
+                    </icon>
+                </display>
+                <displayOrder>40</displayOrder>
+                <action>
+                    <identifier>viewAll</identifier>
+                    <display>
+                        <label>
+                            <orig>View all</orig>
+                            <translation>
+                                <key>PageSelfDashboard.button.viewAll</key>
+                            </translation>
+                        </label>
+                        <icon>
+                            <cssClass>fa fa-search</cssClass>
+                        </icon>
+                    </display>
+                    <target>
+                        <targetUrl>/admin/myWorkItems</targetUrl>
+                    </target>
+                </action>
+                <panelType>myWorkItems</panelType>
+                <previewSize>5</previewSize>
+            </widget>
+            <widget>
+                <identifier>myAccounts</identifier>
+                <display>
+                    <label>
+                        <orig>My accounts</orig>
+                        <translation>
+                            <key>PageDashboard.accounts</key>
+                        </translation>
+                    </label>
+                    <cssClass>col-12 col-xxl-6</cssClass>
+                    <icon>
+                        <cssClass>fa fa-male</cssClass>
+                    </icon>
+                </display>
+                <displayOrder>30</displayOrder>
+                <action>
+                    <identifier>viewAll</identifier>
+                    <display>
+                        <label>
+                            <orig>View all</orig>
+                            <translation>
+                                <key>PageSelfDashboard.button.viewAll</key>
+                            </translation>
+                        </label>
+                        <icon>
+                            <cssClass>fa fa-search</cssClass>
+                        </icon>
+                    </display>
+                    <target>
+                        <targetUrl>/self/profile/user</targetUrl>
+                        <panelIdentifier>projections</panelIdentifier>
+                    </target>
+                </action>
+                <panelType>projections</panelType>
+                <previewSize>5</previewSize>
+            </widget>
+            <widget>
+                <identifier>profileWidget</identifier>
+                <display>
+                    <label>
+                        <orig>Profile</orig>
+                        <translation>
+                            <key>PageSelfDashboard.profile</key>
+                        </translation>
+                    </label>
+                    <help>PageSelfDashboard.profile.description</help>
+                    <cssClass>col-md-3</cssClass>
+                    <icon>
+                        <cssClass>fa fa-user</cssClass>
+                        <color>green</color>
+                    </icon>
+                </display>
+                <panelType>linkWidget</panelType>
+                <action>
+                    <identifier>profile-widget-action</identifier>
+                    <target>
+                        <targetUrl>/self/profile/user</targetUrl>
+                    </target>
+                </action>
+            </widget>
+            <widget>
+                <identifier>credentialsWidget</identifier>
+                <display>
+                    <label>
+                        <orig>Credentials</orig>
+                        <translation>
+                            <key>PageSelfDashboard.credentials</key>
+                        </translation>
+                    </label>
+                    <help>PageSelfDashboard.credentials.description</help>
+                    <cssClass>col-md-3</cssClass>
+                    <icon>
+                        <cssClass>fa fa-shield-alt</cssClass>
+                        <color>blue</color>
+                    </icon>
+                </display>
+                <panelType>linkWidget</panelType>
+                <action>
+                    <identifier>credentials-widget-action</identifier>
+                    <target>
+                        <targetUrl>/self/credentials</targetUrl>
+                    </target>
+                </action>
+            </widget>
+           <widget>
+               <identifier>listResourcesWidget</identifier>
+                <display>
+                    <label>
+                        <orig>List resources</orig>
+                        <translation>
+                            <key>PageSelfDashboard.listResources</key>
+                        </translation>
+                    </label>
+                    <cssClass>col-md-3</cssClass>
+                    <icon>
+                        <cssClass>fa fa-database</cssClass>
+                        <color>purple</color>
+                    </icon>
+                </display>
+                <panelType>linkWidget</panelType>
+                <action>
+                    <identifier>list-resources-widget-action</identifier>
+                   <target>
+                        <targetUrl>/admin/resources</targetUrl>
+                    </target>
+                </action>
+            </widget>
+            <widget>
+                <identifier>listUsersWidget</identifier>
+                <display>
+                    <label>
+                        <orig>List users</orig>
+                        <translation>
+                            <key>PageSelfDashboard.listUsers</key>
+                        </translation>
+                    </label>
+                    <cssClass>col-md-3</cssClass>
+                    <icon>
+                        <cssClass>fa fa-user</cssClass>
+                        <color>red</color>
+                    </icon>
+                </display>
+                <panelType>linkWidget</panelType>
+                <action>
+                    <identifier>list-resources-widget-action</identifier>
+                    <target>
+                        <targetUrl>/admin/users</targetUrl>
+                    </target>
+                </action>
+            </widget>
+        </homePage>
         <objectCollectionViews>
             <objectCollectionView>
                 <identifier>my-cases</identifier>
@@ -432,7 +649,7 @@
                         </translation>
                     </pluralLabel>
                     <icon>
-                        <cssClass>fa fa-pie-chart</cssClass>
+                        <cssClass>fa fa-chart-pie</cssClass>
                         <color>green</color>
                     </icon>
                 </display>
@@ -771,12 +988,431 @@
                     </container>
                 </panel>
             </objectDetailsPage>
+            <resourceDetailsPage>
+                <panel>
+                    <identifier>rw-type-basic</identifier>
+                    <container>
+                        <identifier>basic</identifier>
+                        <display>
+                            <label>PageResource.wizard.step.objectType.basicSettings</label>
+                        </display>
+                        <item>
+                            <path>schemaHandling/objectType/displayName</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/description</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/kind</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/intent</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/securityPolicyRef</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/default</path>
+                            <visibility>visible</visibility>
+                        </item>
+                    </container>
+                    <container>
+                        <visibility>hidden</visibility>
+                        <path>schemaHandling/objectType</path>
+                    </container>
+                    <panelType>rw-type-basic</panelType>
+                </panel>
+                <panel>
+                    <identifier>rw-type-delineation</identifier>
+                    <container>
+                        <identifier>delineation</identifier>
+                        <display>
+                            <label>PageResource.wizard.step.objectType.delineation</label>
+                        </display>
+                        <item>
+                            <path>schemaHandling/objectType/delineation/objectClass</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/delineation/auxiliaryObjectClass</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/delineation/searchHierarchyScope</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/delineation/filter</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/delineation/classificationCondition</path>
+                            <visibility>visible</visibility>
+                        </item>
+                    </container>
+                    <container>
+                        <visibility>hidden</visibility>
+                        <path>schemaHandling/objectType/delineation</path>
+                    </container>
+                    <panelType>rw-type-delineation</panelType>
+                </panel>
+                <panel>
+                    <identifier>rw-attribute-limitations</identifier>
+                    <container>
+                        <identifier>limitationsMapping</identifier>
+                        <display>
+                            <label>PageResource.wizard.step.attributes.limitation</label>
+                        </display>
+                        <item>
+                            <path>schemaHandling/objectType/attribute/limitations/access/read</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/attribute/limitations/access/add</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/attribute/limitations/access/modify</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/attribute/limitations/minOccurs</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/attribute/limitations/maxOccurs</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/attribute/limitations/processing</path>
+                            <visibility>visible</visibility>
+                        </item>
+                    </container>
+                    <container>
+                        <visibility>hidden</visibility>
+                        <path>schemaHandling/objectType/attribute/limitations</path>
+                    </container>
+                    <panelType>rw-attribute-limitations</panelType>
+                </panel>
+                <panel>
+                    <identifier>rw-synchronization-reaction-main</identifier>
+                    <container>
+                        <identifier>reactionMainSetting</identifier>
+                        <display>
+                            <label>PageResource.wizard.step.synchronization.reaction.mainSettings</label>
+                        </display>
+                        <item>
+                            <path>schemaHandling/objectType/synchronization/reaction/name</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/synchronization/reaction/description</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/synchronization/reaction/situation</path>
+                            <visibility>visible</visibility>
+                        </item>
+                    </container>
+                    <container>
+                        <visibility>hidden</visibility>
+                        <path>schemaHandling/objectType/synchronization/reaction</path>
+                    </container>
+                    <panelType>rw-synchronization-reaction-main</panelType>
+                </panel>
+                <panel>
+                    <identifier>rw-synchronization-reaction-optional</identifier>
+                    <container>
+                        <identifier>reactionOptionalSetting</identifier>
+                        <display>
+                            <label>PageResource.wizard.step.synchronization.reaction.optionalSettings</label>
+                        </display>
+                        <item>
+                            <path>schemaHandling/objectType/synchronization/reaction/condition</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/synchronization/reaction/channel</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/synchronization/reaction/order</path>
+                            <visibility>visible</visibility>
+                        </item>
+                    </container>
+                    <container>
+                        <visibility>hidden</visibility>
+                        <path>schemaHandling/objectType/synchronization/reaction</path>
+                    </container>
+                    <panelType>rw-synchronization-reaction-optional</panelType>
+                </panel>
+                <panel>
+                    <identifier>rw-attribute</identifier>
+                    <container>
+                        <identifier>mainConfigurationAttribute</identifier>
+                        <display>
+                            <label>PageResource.wizard.step.attributes.mainConfiguration</label>
+                        </display>
+                        <item>
+                            <path>schemaHandling/objectType/attribute/ref</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/attribute/displayName</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/attribute/help</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/attribute/description</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/attribute/tolerant</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/attribute/exclusiveStrong</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/attribute/readReplaceMode</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/attribute/fetchStrategy</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/attribute/matchingRule</path>
+                            <visibility>visible</visibility>
+                        </item>
+                    </container>
+                    <container>
+                        <visibility>hidden</visibility>
+                        <path>schemaHandling/objectType/attribute</path>
+                    </container>
+                    <panelType>rw-attribute</panelType>
+                </panel>
+                <panel>
+                    <identifier>rw-association</identifier>
+                    <container>
+                        <identifier>association</identifier>
+                        <display>
+                            <label>PageResource.wizard.step.associations</label>
+                        </display>
+                        <item>
+                            <path>schemaHandling/objectType/association/ref</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/association/displayName</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/association/description</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/association/auxiliaryObjectClass</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/association/kind</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/association/intent</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/association/direction</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/association/associationAttribute</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/association/shortcutAssociationAttribute</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/association/valueAttribute</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/association/shortcutValueAttribute</path>
+                            <visibility>visible</visibility>
+                        </item>
+                        <item>
+                            <path>schemaHandling/objectType/association/explicitReferentialIntegrity</path>
+                            <visibility>visible</visibility>
+                        </item>
+                    </container>
+                    <container>
+                        <visibility>hidden</visibility>
+                        <path>schemaHandling/objectType/association</path>
+                    </container>
+                    <panelType>rw-association</panelType>
+                </panel>
+            </resourceDetailsPage>
+            <resourceDetailsPage>
+                <panel>
+                    <identifier>rw-connectorConfiguration-partial</identifier>
+                    <container>
+                        <identifier>required</identifier>
+                        <display>
+                            <label>PageResource.wizard.step.configuration</label>
+                        </display>
+                        <item>
+                            <path>connectorConfiguration/configurationProperties/jdbcUrlTemplate</path>
+                        </item>
+                        <item>
+                            <path>connectorConfiguration/configurationProperties/jdbcDriver</path>
+                        </item>
+                        <item>
+                            <path>connectorConfiguration/configurationProperties/password</path>
+                        </item>
+                        <item>
+                            <path>connectorConfiguration/configurationProperties/user</path>
+                        </item>
+                        <item>
+                            <path>connectorConfiguration/configurationProperties/port</path>
+                        </item>
+                    </container>
+                    <container>
+                        <visibility>hidden</visibility>
+                        <path>connectorConfiguration/configurationProperties</path>
+                    </container>
+                    <panelType>rw-connectorConfiguration-partial</panelType>
+                </panel>
+                <connectorRef type="ConnectorType">
+                    <resolutionTime>run</resolutionTime>
+                    <filter>
+                        <q:and>
+                            <q:equal>
+                                <q:path>connectorType</q:path>
+                                <q:value>org.identityconnectors.databasetable.DatabaseTableConnector</q:value>
+                            </q:equal>
+                            <q:equal>
+                                <q:path>available</q:path>
+                                <q:value>true</q:value>
+                            </q:equal>
+                        </q:and>
+                    </filter>
+                </connectorRef>
+            </resourceDetailsPage>
+            <resourceDetailsPage>
+                <panel>
+                    <identifier>rw-connectorConfiguration-partial</identifier>
+                    <container>
+                        <identifier>required</identifier>
+                        <display>
+                            <label>PageResource.wizard.step.configuration</label>
+                        </display>
+                        <item>
+                            <path>connectorConfiguration/configurationProperties/host</path>
+                        </item>
+                        <item>
+                            <path>connectorConfiguration/configurationProperties/port</path>
+                        </item>
+                        <item>
+                            <path>connectorConfiguration/configurationProperties/connectionSecurity</path>
+                        </item>
+                    </container>
+                    <container>
+                        <visibility>hidden</visibility>
+                        <path>connectorConfiguration/configurationProperties</path>
+                    </container>
+                    <panelType>rw-connectorConfiguration-partial</panelType>
+                </panel>
+                <connectorRef type="ConnectorType">
+                    <resolutionTime>run</resolutionTime>
+                    <filter>
+                        <q:and>
+                            <q:equal>
+                                <q:path>connectorType</q:path>
+                                <q:value>com.evolveum.polygon.connector.ldap.LdapConnector</q:value>
+                            </q:equal>
+                            <q:equal>
+                                <q:path>available</q:path>
+                                <q:value>true</q:value>
+                            </q:equal>
+                        </q:and>
+                    </filter>
+                </connectorRef>
+            </resourceDetailsPage>
+            <resourceDetailsPage>
+                <panel>
+                    <identifier>rw-connectorConfiguration-partial</identifier>
+                    <container>
+                        <identifier>required</identifier>
+                        <display>
+                            <label>PageResource.wizard.step.configuration</label>
+                        </display>
+                        <item>
+                            <path>connectorConfiguration/configurationProperties/host</path>
+                        </item>
+                        <item>
+                            <path>connectorConfiguration/configurationProperties/port</path>
+                        </item>
+                        <item>
+                            <path>connectorConfiguration/configurationProperties/connectionSecurity</path>
+                        </item>
+                    </container>
+                    <container>
+                        <visibility>hidden</visibility>
+                        <path>connectorConfiguration/configurationProperties</path>
+                    </container>
+                    <panelType>rw-connectorConfiguration-partial</panelType>
+                </panel>
+                <connectorRef type="ConnectorType">
+                    <resolutionTime>run</resolutionTime>
+                    <filter>
+                        <q:and>
+                            <q:equal>
+                                <q:path>connectorType</q:path>
+                                <q:value>com.evolveum.polygon.connector.ldap.ad.AdLdapConnector</q:value>
+                            </q:equal>
+                            <q:equal>
+                                <q:path>available</q:path>
+                                <q:value>true</q:value>
+                            </q:equal>
+                        </q:and>
+                    </filter>
+                </connectorRef>
+            </resourceDetailsPage>
         </objectDetails>
         <enableExperimentalFeatures>true</enableExperimentalFeatures>
         <configurableUserDashboard>
             <identifier>admin-dashboard</identifier>
             <configurableDashboardRef oid="00000000-0000-0000-0001-000000000001" relation="org:default" type="c:DashboardType"/>
         </configurableUserDashboard>
+        <accessRequest>
+            <roleCatalog>
+                <collection>
+                    <identifier>allRoles</identifier>
+                    <default>true</default>
+                    <collectionIdentifier>allRoles</collectionIdentifier>
+                </collection>
+                <collection>
+                    <identifier>allOrgs</identifier>
+                    <collectionIdentifier>allOrgs</collectionIdentifier>
+                </collection>
+                <collection>
+                    <identifier>allServices</identifier>
+                    <collectionIdentifier>allServices</collectionIdentifier>
+                </collection>
+            </roleCatalog>
+        </accessRequest>
     </adminGuiConfiguration>
     <workflowConfiguration>
         <useLegacyApproversSpecification>never</useLegacyApproversSpecification>
@@ -942,7 +1578,7 @@
                 <decision>allow</decision>
             </class>
             <class>
-                <name>org.apache.commons.lang.StringUtils</name>
+                <name>org.apache.commons.lang3.StringUtils</name>
                 <description>Apache Commons: Strings</description>
                 <decision>allow</decision>
             </class>
diff --git a/demo/shibboleth/docker-compose-tests.yml b/demo/shibboleth/docker-compose-tests.yml
index 64dcbe2..b51d7bc 100644
--- a/demo/shibboleth/docker-compose-tests.yml
+++ b/demo/shibboleth/docker-compose-tests.yml
@@ -5,7 +5,7 @@ version: "3.3"
 
 services:
   data_init:
-    image: i2incommon/midpoint:${tag:-4.5}
+    image: i2incommon/midpoint:${tag:-4.6}
     command: >
         bash -c "
         chmod 777 /opt/mp-pw/ ;
@@ -61,7 +61,7 @@ services:
     build:
       context: ./midpoint_server/
       args:
-        tag: ${tag:-4.5}
+        tag: ${tag:-4.6}
     command: /usr/local/bin/startup.sh
     depends_on:
      - data_init
diff --git a/demo/shibboleth/docker-compose.yml b/demo/shibboleth/docker-compose.yml
index adfba65..64b9c2a 100644
--- a/demo/shibboleth/docker-compose.yml
+++ b/demo/shibboleth/docker-compose.yml
@@ -2,7 +2,7 @@ version: "3.3"
 
 services:
   data_init:
-    image: i2incommon/midpoint:${tag:-4.5}
+    image: i2incommon/midpoint:${tag:-4.6}
     command: >
         bash -c "
         chmod 777 /opt/mp-pw/ ;
@@ -58,7 +58,7 @@ services:
     build:
       context: ./midpoint_server/
       args:
-        tag: ${tag:-4.5}
+        tag: ${tag:-4.6}
     command: /usr/local/bin/startup.sh
     depends_on:
      - data_init
diff --git a/demo/shibboleth/midpoint_server/Dockerfile b/demo/shibboleth/midpoint_server/Dockerfile
index 56d6f3a..e789c61 100644
--- a/demo/shibboleth/midpoint_server/Dockerfile
+++ b/demo/shibboleth/midpoint_server/Dockerfile
@@ -1,4 +1,4 @@
-ARG tag=4.5
+ARG tag=4.6
 
 FROM i2incommon/midpoint:${tag}
 
diff --git a/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml b/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml
index 321d03b..87cd75d 100644
--- a/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml
+++ b/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml
@@ -7,11 +7,11 @@
     <authentication>
         <modules>
             <loginForm>
-                <name>internalLoginForm</name>
+                <name>loginForm</name>
                 <description>Internal username/password authentication, default user password, login form</description>
             </loginForm>
             <httpBasic>
-                <name>internalBasic</name>
+                <name>httpBasic</name>
                 <description>Internal username/password authentication, using HTTP basic auth</description>
             </httpBasic>
             <saml2>
@@ -85,53 +85,53 @@
         </sequence>
         <sequence>
             <name>admin-gui-default</name>
+            <displayName>Default gui sequence</displayName>
             <description>
                 Special GUI authentication sequence that is using Shibboleth SP
             </description>
             <channel>
-                <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channelId>
                 <default>true</default>
+                <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channelId>
                 <urlSuffix>shib</urlSuffix>
             </channel>
             <module>
                 <name>httpHeader</name>
-                <order>30</order>
+                <order>1</order>
                 <necessity>sufficient</necessity>
             </module>
         </sequence>
         <sequence>
-            <name>rest</name>
+            <name>rest-default</name>
             <description>
                 Authentication sequence for REST service.
             </description>
             <channel>
-                <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest</channelId>
                 <default>true</default>
+                <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest</channelId>
                 <urlSuffix>rest-default</urlSuffix>
             </channel>
             <module>
-                <name>internalBasic</name>
-                <order>10</order>
+                <name>httpBasic</name>
+                <order>1</order>
                 <necessity>sufficient</necessity>
             </module>
         </sequence>
         <sequence>
-            <name>actuator</name>
+            <name>actuator-default</name>
             <description>
                 Authentication sequence for actuator.
             </description>
             <channel>
-                <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#actuator</channelId>
                 <default>true</default>
+                <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#actuator</channelId>
                 <urlSuffix>actuator-default</urlSuffix>
             </channel>
             <module>
-                <name>internalBasic</name>
-                <order>10</order>
+                <name>httpBasic</name>
+                <order>1</order>
                 <necessity>sufficient</necessity>
             </module>
         </sequence>
-        <ignoredLocalPath>/actuator</ignoredLocalPath>
         <ignoredLocalPath>/actuator/health</ignoredLocalPath>
     </authentication>
     <credentials>
@@ -140,10 +140,8 @@
             <lockoutMaxFailedAttempts>3</lockoutMaxFailedAttempts>
             <lockoutFailedAttemptsDuration>PT3M</lockoutFailedAttemptsDuration>
             <lockoutDuration>PT15M</lockoutDuration>
-            <valuePolicyRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="00000000-0000-0000-0000-000000000003" relation="org:default" type="tns:ValuePolicyType">
-            </valuePolicyRef>
+            <valuePolicyRef oid="00000000-0000-0000-0000-000000000003"/>
         </password>
     </credentials>
 </securityPolicy>
-
 </objects>
diff --git a/demo/simple/docker-compose.yml b/demo/simple/docker-compose.yml
index 06a3735..f57dd15 100644
--- a/demo/simple/docker-compose.yml
+++ b/demo/simple/docker-compose.yml
@@ -2,7 +2,7 @@ version: "3.3"
 
 services:
   data_init:
-    image: i2incommon/midpoint:${tag:-4.5}
+    image: i2incommon/midpoint:${tag:-4.6}
     command: >
         bash -c "
         chmod 777 /opt/mp-pw/ ;
@@ -57,7 +57,7 @@ services:
      - mp_pw:/opt/mp-pw
 
   midpoint_server:
-    image: i2incommon/midpoint:${tag:-4.5}
+    image: i2incommon/midpoint:${tag:-4.6}
     depends_on:
      - data_init
      - midpoint_data
diff --git a/download-midpoint.sh b/download-midpoint.sh
index 48e31f9..abbd545 100755
--- a/download-midpoint.sh
+++ b/download-midpoint.sh
@@ -10,7 +10,7 @@ else
     # But if we need to incorporate interim changes to I2 distribution during
     # midPoint development cycle, we can specify concrete file from "midpoint-tier"
     # download directory by using its name (like "latest-stable").
-    MP_VERSION="4.5"
+    MP_VERSION="4.6"
   else
     MP_VERSION=$tag
   fi