diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..3cf5f0e
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,3 @@
+demo
+.git
+tests
diff --git a/midpoint/midpoint-server/Dockerfile b/Dockerfile
similarity index 78%
rename from midpoint/midpoint-server/Dockerfile
rename to Dockerfile
index be36460..aceaac1 100644
--- a/midpoint/midpoint-server/Dockerfile
+++ b/Dockerfile
@@ -31,9 +31,14 @@ RUN chmod 755 /opt/tier/setenv.sh \
     && chmod 755 /usr/local/bin/setup-cron.sh \
     && chmod 755 /usr/local/bin/start-midpoint.sh \
     && chmod 755 /usr/local/bin/start-httpd.sh \
-    && chmod 755 /usr/local/bin/startup.sh
+    && chmod 755 /usr/local/bin/startup.sh \
+    && chmod 755 /usr/local/bin/healthcheck.sh
 
 RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \
+    && mv /etc/httpd/conf.d/shib.conf /etc/httpd/conf.d/shib.conf.auth.shibboleth \
+    && touch /etc/httpd/conf.d/shib.conf.auth.internal \
+    && mv /etc/httpd/conf.modules.d/00-shib.conf /etc/httpd/conf.modules.d/00-shib.conf.auth.shibboleth \
+    && touch /etc/httpd/conf.modules.d/00-shib.conf.auth.internal \
     && sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \
     && echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \
     && sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/loghttpd"/g' /etc/httpd/conf/httpd.conf \
@@ -60,13 +65,15 @@ VOLUME ${MP_DIR}/var
 
 # Repository parameters
 
-ENV REPO_HOST midpoint-data
-ENV REPO_PORT default
-ENV REPO_USER root
-ENV REPO_DATABASE midpoint
-ENV REPO_JDBC_URL default
-ENV REPO_PASSWORD_FILE /run/secrets/m_database_password.txt
 ENV REPO_DATABASE_TYPE mariadb
+ENV REPO_JDBC_URL default
+ENV REPO_HOST midpoint_data
+ENV REPO_PORT default
+ENV REPO_DATABASE registry
+ENV REPO_USER registry_user
+ENV REPO_PASSWORD_FILE /run/secrets/mp_database_password.txt
+ENV REPO_MISSING_SCHEMA_ACTION create
+ENV REPO_UPGRADEABLE_SCHEMA_ACTION stop
 
 # Logging parameters
 
@@ -83,10 +90,11 @@ ENV LOGOUT_URL https://localhost:8443/Shibboleth.sso/Logout
 
 # Other parameters
 
-ENV KEYSTORE_PASSWORD_FILE /run/secrets/m_keystore_password.txt
-ENV MEM 2048m
-ENV TIER_RELEASE=not-released-yet
-ENV TIER_MAINTAINER=tier
+ENV MP_KEYSTORE_PASSWORD_FILE /run/secrets/mp_keystore_password.txt
+ENV MP_MEM_MAX 2048m
+ENV MP_MEM_INIT 1024m
+ENV TIER_RELEASE not-released-yet
+ENV TIER_MAINTAINER tier
 
 # TIER Beacon Opt-out
 # Completely uncomment the following ENV line to prevent the containers from sending analytics information to Internet2.
@@ -100,4 +108,6 @@ ENV TIER_MAINTAINER=tier
 
 RUN /opt/tier/setenv.sh
 
+HEALTHCHECK --interval=1m --timeout=30s --start-period=2m CMD /usr/local/bin/healthcheck.sh
+
 CMD ["/usr/local/bin/startup.sh"]
diff --git a/Jenkinsfile b/Jenkinsfile
index 2def24c..dac92f0 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -3,76 +3,88 @@ pipeline {
     environment { 
         maintainer = "t"
         imagename = 'm'
-        imagename_data = 'md'
         tag = 'l'
     }
     stages {
-        stage('Setting build context') {
+        stage ('Setting build context') {
             steps {
                 script {
                     maintainer = maintain()
                     imagename = imagename()
-                    imagename_data = imagename_data()
-                    if(env.BRANCH_NAME == "master") {
+                    if (env.BRANCH_NAME == "master" || env.BRANCH_NAME == "bats") {		// temporary
                        tag = "latest"
                     } else {
                        tag = env.BRANCH_NAME
                     }
-                    if(!imagename || !imagename_data){
-                        echo "You must define imagename and imagename_data in common.bash"
+                    if (!imagename) {
+                        echo "You must define imagename in common.bash"
                         currentBuild.result = 'FAILURE'
-                     }
+                    }
                     sh 'mkdir -p bin'
                     sh 'mkdir -p tmp'
-                    dir('tmp'){
-                      git([ url: "https://github.internet2.edu/docker/util.git", credentialsId: "jenkins-github-access-token" ])
-                      sh 'ls'
-                      sh 'mv bin/* ../bin/.'
+                    dir ('tmp') {
+                        git([ url: "https://github.internet2.edu/docker/util.git", credentialsId: "jenkins-github-access-token" ])
+                        sh 'ls'
+                        sh 'mv bin/* ../bin/.'
                     }
                 }  
-             }
+            }
         }    
-        stage('Clean') {
+        stage ('Build') {
+            steps {
+                script {
+                    try {
+			sh '(ls -l ; docker ps -a ; docker image ls ; echo Destroying ; bin/destroy.sh ; docker image ls) 2>&1 | tee debug'	// temporary
+                        sh './download-midpoint 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
+                        sh 'bin/rebuild.sh 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
+                        //sh 'echo Build output ; cat debug'
+                    } catch (error) {
+                        def error_details = readFile('./debug')
+                        def message = "BUILD ERROR: There was a problem building ${imagename}:${tag}. \n\n ${error_details}"
+                        sh "rm -f ./debug"
+                        handleError(message)
+                    }
+                }
+            }
+        }
+        stage ('Test') {
             steps {
                 script {
-                   try{
-                     sh 'bin/destroy.sh >> debug'
-                   } catch(error) {
-                     def error_details = readFile('./debug');
-                     def message = "BUILD ERROR: There was a problem building the Base Image. \n\n ${error_details}"
-                     sh "rm -f ./debug"
-                     handleError(message)
-                   }
+                    try {
+                        sh 'echo Docker containers before root tests ; docker ps -a'		// temporary
+                        sh 'bin/test.sh 2>&1 | tee debug ; test ${PIPESTATUS[0]} -eq 0'
+                        sh 'echo Docker containers before compositions tests ; docker ps -a'		// temporary
+
+                        sh '(cd demo/simple ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
+                        sh '(cd demo/shibboleth ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
+                        sh '(cd demo/postgresql ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
+
+                        // temporarily disabled
+                        //sh '(cd demo/complex ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
+                        // sh 'echo Test output ; cat debug'
+                    } catch (error) {
+                        def error_details = readFile('./debug')
+                        def message = "BUILD ERROR: There was a problem testing ${imagename}:${tag}. \n\n ${error_details}"
+                        sh "rm -f ./debug"
+                        handleError(message)
+                    }
                 }
             }
-        } 
-        stage('Build') {
+        }
+        stage ('Push') {
             steps {
                 script {
-                   sh 'midpoint/download-midpoint'
-                   docker.withRegistry('https://registry.hub.docker.com/',   "dockerhub-$maintainer") {
-                      def baseImg = docker.build("$maintainer/$imagename", "--no-cache midpoint/midpoint-server")
-                      // test the environment 
-                      // sh 'cd test-compose && ./compose.sh'
-                      // bring down after testing
-                      // sh 'cd test-compose && docker-compose down'
-                      baseImg.push("$tag")
-                   }
-                   docker.withRegistry('https://registry.hub.docker.com/',   "dockerhub-$maintainer") {
-                      def baseImg = docker.build("$maintainer/$imagename_data", "--no-cache midpoint/midpoint-data")
-                      // test the environment 
-                      // sh 'cd test-compose && ./compose.sh'
-                      // bring down after testing
-                      // sh 'cd test-compose && docker-compose down'
-                      baseImg.push("$tag")
-                   }
-               }
+                    docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-$maintainer") {
+                        def baseImg = docker.build("$maintainer/$imagename")
+                        baseImg.push("$tag")
+                    }
+                }
             }
         }
-        stage('Notify') {
+        stage ('Notify') {
             steps {
                 echo "$maintainer"
-                slackSend color: 'good', message: "$maintainer/$imagename:$tag and $maintainer/$imagename_data:$tag pushed to DockerHub"
+                slackSend color: 'good', message: "$maintainer/$imagename:$tag pushed to DockerHub"
             }
         }
     }
@@ -82,31 +94,25 @@ pipeline {
         }
         failure {
             // slackSend color: 'good', message: "Build failed"
-            handleError("BUILD ERROR: There was a problem building ${maintainer}/${imagename}:${tag} or ${maintainer}/${imagename_data}:${tag}.")
+            handleError("BUILD ERROR: There was a problem building ${maintainer}/${imagename}:${tag}.")
         }
     }
 }
 
 
 def maintain() {
-  def matcher = readFile('common.bash') =~ 'maintainer="(.+)"'
-  matcher ? matcher[0][1] : 'tier'
+    def matcher = readFile('common.bash') =~ 'maintainer="(.+)"'
+    matcher ? matcher[0][1] : 'tier'
 }
 
 def imagename() {
-  def matcher = readFile('common.bash') =~ 'imagename="(.+)"'
-  matcher ? matcher[0][1] : null
-}
-
-def imagename_data() {
-  def matcher = readFile('common.bash') =~ 'imagename_data="(.+)"'
-  matcher ? matcher[0][1] : null
+    def matcher = readFile('common.bash') =~ 'imagename="(.+)"'
+    matcher ? matcher[0][1] : null
 }
 
-def handleError(String message){
-  echo "${message}"
-  currentBuild.setResult("FAILED")
-  slackSend color: 'danger', message: "${message}"
-  //step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'chubing@internet2.edu', sendToIndividuals: true])
-  sh 'exit 1'
+def handleError(String message) {
+    echo "${message}"
+    currentBuild.setResult("FAILED")
+    slackSend color: 'danger', message: "${message}"
+    sh 'exit 1'
 }
diff --git a/README.md b/README.md
index 503d12d..a1813e9 100644
--- a/README.md
+++ b/README.md
@@ -1,28 +1,29 @@
 [![Build Status](https://jenkins.testbed.tier.internet2.edu/job/docker/job/midPoint_container/job/master/badge/icon)](https://jenkins.testbed.tier.internet2.edu/job/docker/job/midPoint_container/job/master/)
 
-This repository contains sources for TIER-supported images related to [Evolveum midPoint](http://midpoint.evolveum.com).
+This repository contains sources for TIER-supported [midPoint](http://midpoint.evolveum.com) image.
 
-# Images
-- `midpoint` contains the midPoint application along with some TIER-specific components: Apache reverse proxy with optional Shibboleth filter and TIER Beacon.
-- `midpoint-mariadb` hosts the default MariaDB database tailored to meet midPoint needs. It can be exchanged for another repository implementation.
+The image contains the midPoint application along with some TIER-specific components: Apache reverse proxy with optional Shibboleth filter and TIER Beacon.
 
 # Supported tags
-These tags apply to both containers:
 - latest
 - midPoint version-specific tags, e.g. 3.9, 3.9.1, 4.0, etc.
 
 # Content
-- `midpoint` directory contains build instructions for both containers (`midpoint` and `midpoint-mariadb`),
-- `demo` directory contains three demonstration scenarios:
+- the root directory contains build instructions for the `midpoint` image 
+- `demo` directory contains a couple of demonstration scenarios:
+  - `simple` to show simple composition of midPoint with the repository,
   - `shibboleth` to show integration with Shibboleth IdP,
   - `postgresql` to show how to change the repository implementation,
   - `complex` to demonstrate more complex deployment of midPoint in a sample university environment, featuring midPoint along with Grouper, LDAP directory, RabbitMQ, Shibboleth IdP, source and target systems.
 
 # Build instructions
-Please see specific subdirectories: [midpoint](midpoint) and [demo/complex](demo/complex).
+```
+$ ./build.sh
+```
+You can then continue with one of demo composition, e.g. simple or complex one.
 
 # Documentation
-- For the `midpoint` and `midpoint-mariadb` containers themselves please see [Dockerized midPoint](https://spaces.at.internet2.edu/display/MID/Dockerized+midPoint) wiki page.
+- For the `midpoint` image and container themselves please see [Dockerized midPoint](https://spaces.at.internet2.edu/display/MID/Dockerized+midPoint) wiki page.
 - For the complex demo please see [midPoint - Grouper integration demo](https://spaces.at.internet2.edu/display/MID/midPoint+-+Grouper+integration+demo) wiki page.
 
 This is a work in progress. For its current status please see [Status of the work](https://spaces.at.internet2.edu/display/MID/Status+of+the+work).
diff --git a/build.sh b/build.sh
new file mode 100755
index 0000000..783e3bf
--- /dev/null
+++ b/build.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+cd "$(dirname "$0")"
+SKIP_DOWNLOAD=0
+while getopts "nh?" opt; do
+    case $opt in
+    n) SKIP_DOWNLOAD=1 ;;
+    h | ?) echo "Options: -n skip download" ; exit 0 ;;
+    *) echo "Unknown option: $opt" ; exit 1 ;;
+    esac
+done
+if [ "$SKIP_DOWNLOAD" = "0" ]; then ./download-midpoint; fi
+docker build --tag tier/midpoint:latest .
+echo "---------------------------------------------------------------------------------------"
+echo "The midPoint containers were successfully built. To start them, execute the following:"
+echo ""
+echo "(for simple demo)"
+echo ""
+echo "$ cd" $(pwd)/demo/simple
+echo "$ docker-compose up"
+echo ""
+echo "(for complex demo)"
+echo ""
+echo "$ cd" $(pwd)/demo/complex
+echo "$ docker-compose up --build"
diff --git a/common.bash b/common.bash
index 5f9b7b0..45039e1 100644
--- a/common.bash
+++ b/common.bash
@@ -1,3 +1,2 @@
 maintainer="tier"
 imagename="midpoint"
-imagename_data="midpoint-mariadb"
diff --git a/container_files/httpd/conf/midpoint.conf.auth.internal b/container_files/httpd/conf/midpoint.conf.auth.internal
new file mode 100644
index 0000000..2d63bda
--- /dev/null
+++ b/container_files/httpd/conf/midpoint.conf.auth.internal
@@ -0,0 +1,6 @@
+
+Timeout 2400
+ProxyTimeout 2400
+ProxyBadHeader Ignore
+
+ProxyPass /midpoint ajp://localhost:9090/midpoint  timeout=2400 retry=0
diff --git a/midpoint/midpoint-server/container_files/httpd/conf/midpoint.conf.auth.shibboleth b/container_files/httpd/conf/midpoint.conf.auth.shibboleth
similarity index 85%
rename from midpoint/midpoint-server/container_files/httpd/conf/midpoint.conf.auth.shibboleth
rename to container_files/httpd/conf/midpoint.conf.auth.shibboleth
index faef9ae..ca38a30 100644
--- a/midpoint/midpoint-server/container_files/httpd/conf/midpoint.conf.auth.shibboleth
+++ b/container_files/httpd/conf/midpoint.conf.auth.shibboleth
@@ -3,7 +3,7 @@ Timeout 2400
 ProxyTimeout 2400
 ProxyBadHeader Ignore
 
-ProxyPass /midpoint ajp://localhost:9090/midpoint  timeout=2400
+ProxyPass /midpoint ajp://localhost:9090/midpoint  timeout=2400 retry=0
 
 <Location /midpoint>
   AuthType shibboleth
diff --git a/midpoint/midpoint-server/container_files/httpd/conf/ssl-enable.conf b/container_files/httpd/conf/ssl-enable.conf
similarity index 100%
rename from midpoint/midpoint-server/container_files/httpd/conf/ssl-enable.conf
rename to container_files/httpd/conf/ssl-enable.conf
diff --git a/midpoint/midpoint-server/container_files/mp-dir/active-spring-profiles b/container_files/mp-dir/active-spring-profiles
similarity index 100%
rename from midpoint/midpoint-server/container_files/mp-dir/active-spring-profiles
rename to container_files/mp-dir/active-spring-profiles
diff --git a/midpoint/midpoint-server/container_files/mp-dir/repository-url b/container_files/mp-dir/repository-url
similarity index 92%
rename from midpoint/midpoint-server/container_files/mp-dir/repository-url
rename to container_files/mp-dir/repository-url
index 2ba287a..6977cbf 100755
--- a/midpoint/midpoint-server/container_files/mp-dir/repository-url
+++ b/container_files/mp-dir/repository-url
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 function resolvePort() {
-    if [ $REPO_PORT == "default" ]; then
+    if [[ $REPO_PORT == "default" ]]; then
         case $REPO_DATABASE_TYPE in
             mariadb)
               echo 3306
@@ -26,7 +26,7 @@ function resolvePort() {
     fi
 }
 
-if [ $REPO_JDBC_URL == "default" ]; then
+if [[ $REPO_JDBC_URL == "default" ]]; then
   REPO_PORT=$( resolvePort )
   case $REPO_DATABASE_TYPE in
 	mariadb)
diff --git a/midpoint/midpoint-server/container_files/opt-tier/setenv.sh b/container_files/opt-tier/setenv.sh
similarity index 100%
rename from midpoint/midpoint-server/container_files/opt-tier/setenv.sh
rename to container_files/opt-tier/setenv.sh
diff --git a/midpoint/midpoint-server/container_files/shibboleth/attribute-map.xml b/container_files/shibboleth/attribute-map.xml
similarity index 100%
rename from midpoint/midpoint-server/container_files/shibboleth/attribute-map.xml
rename to container_files/shibboleth/attribute-map.xml
diff --git a/midpoint/midpoint-server/container_files/shibboleth/native.logger b/container_files/shibboleth/native.logger
similarity index 100%
rename from midpoint/midpoint-server/container_files/shibboleth/native.logger
rename to container_files/shibboleth/native.logger
diff --git a/midpoint/midpoint-server/container_files/shibboleth/shibd.logger b/container_files/shibboleth/shibd.logger
similarity index 100%
rename from midpoint/midpoint-server/container_files/shibboleth/shibd.logger
rename to container_files/shibboleth/shibd.logger
diff --git a/midpoint/midpoint-server/container_files/supervisor/supervisord.conf b/container_files/supervisor/supervisord.conf
similarity index 100%
rename from midpoint/midpoint-server/container_files/supervisor/supervisord.conf
rename to container_files/supervisor/supervisord.conf
index d0d91e2..8619f53 100644
--- a/midpoint/midpoint-server/container_files/supervisor/supervisord.conf
+++ b/container_files/supervisor/supervisord.conf
@@ -16,10 +16,10 @@ command=/bin/bash -c "/usr/local/bin/start-midpoint.sh"
 stdout_logfile=/dev/fd/2
 stdout_logfile_maxbytes=0
 redirect_stderr=true
+autorestart=false
 
 [program:crond]
 command=/usr/sbin/crond -n -i -m off
 stdout_logfile=/tmp/logcrond
 stdout_logfile_maxbytes=0
 redirect_stderr=true
-autorestart=false
diff --git a/container_files/usr-local-bin/healthcheck.sh b/container_files/usr-local-bin/healthcheck.sh
new file mode 100755
index 0000000..99f8963
--- /dev/null
+++ b/container_files/usr-local-bin/healthcheck.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+(set -o pipefail ; curl -k -f https://localhost:443/midpoint/actuator/health | tr -d '[:space:]' | grep -q "\"status\":\"UP\"") || exit 1
diff --git a/midpoint/midpoint-server/container_files/usr-local-bin/sendtierbeacon.sh b/container_files/usr-local-bin/sendtierbeacon.sh
similarity index 100%
rename from midpoint/midpoint-server/container_files/usr-local-bin/sendtierbeacon.sh
rename to container_files/usr-local-bin/sendtierbeacon.sh
diff --git a/midpoint/midpoint-server/container_files/usr-local-bin/setup-cron.sh b/container_files/usr-local-bin/setup-cron.sh
similarity index 100%
rename from midpoint/midpoint-server/container_files/usr-local-bin/setup-cron.sh
rename to container_files/usr-local-bin/setup-cron.sh
diff --git a/container_files/usr-local-bin/start-httpd.sh b/container_files/usr-local-bin/start-httpd.sh
new file mode 100755
index 0000000..0bc2028
--- /dev/null
+++ b/container_files/usr-local-bin/start-httpd.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+echo "Linking secrets and config files; using authentication: $AUTHENTICATION"
+ln -sf /run/secrets/mp_sp-key.pem /etc/shibboleth/sp-key.pem
+ln -sf /run/secrets/mp_host-key.pem /etc/pki/tls/private/host-key.pem
+ln -sf /etc/httpd/conf.d/midpoint.conf.auth.$AUTHENTICATION /etc/httpd/conf.d/midpoint.conf
+ln -sf /etc/httpd/conf.d/shib.conf.auth.$AUTHENTICATION /etc/httpd/conf.d/shib.conf
+ln -sf /etc/httpd/conf.modules.d/00-shib.conf.auth.$AUTHENTICATION /etc/httpd/conf.modules.d/00-shib.conf
+
+case $AUTHENTICATION in
+  shibboleth)
+    echo "*** Starting httpd WITH Shibboleth support"
+    httpd-shib-foreground
+    ;;
+  internal)
+    echo "*** Starting httpd WITHOUT Shibboleth support"
+    rm -f /etc/httpd/logs/httpd.pid /run/httpd/httpd.pid
+    httpd -DFOREGROUND
+    ;;
+  *)
+    echo "*** Couldn't start httpd: unsupported AUTHENTICATION variable value: '$AUTHENTICATION'"
+    sleep infinity
+    ;;
+esac
diff --git a/container_files/usr-local-bin/start-midpoint.sh b/container_files/usr-local-bin/start-midpoint.sh
new file mode 100755
index 0000000..ddc377b
--- /dev/null
+++ b/container_files/usr-local-bin/start-midpoint.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+function check () {
+    local VARNAME=$1
+    if [ -z ${!VARNAME} ]; then
+        echo "*** Couldn't start midPoint: $VARNAME variable is undefined. Please check your Docker composition."
+        exit 1
+    fi
+}
+
+# These variables have reasonable defaults in Dockerfile. So we will _not_ supply defaults here.
+# The composer or user has to make sure they are well defined.
+
+check MP_MEM_MAX
+check MP_MEM_INIT
+check MP_DIR
+check REPO_DATABASE_TYPE
+check REPO_USER
+check REPO_PASSWORD_FILE
+check REPO_MISSING_SCHEMA_ACTION
+check REPO_UPGRADEABLE_SCHEMA_ACTION
+check MP_KEYSTORE_PASSWORD_FILE
+check SSO_HEADER
+check AJP_ENABLED
+check AJP_PORT
+
+java -Xmx$MP_MEM_MAX -Xms$MP_MEM_INIT -Dfile.encoding=UTF8 \
+       -Dmidpoint.home=$MP_DIR/var \
+       -Dmidpoint.repository.database=$REPO_DATABASE_TYPE \
+       -Dmidpoint.repository.jdbcUsername=$REPO_USER \
+       -Dmidpoint.repository.jdbcPassword_FILE=$REPO_PASSWORD_FILE \
+       -Dmidpoint.repository.jdbcUrl="`$MP_DIR/repository-url`" \
+       -Dmidpoint.repository.hibernateHbm2ddl=none \
+       -Dmidpoint.repository.missingSchemaAction=$REPO_MISSING_SCHEMA_ACTION \
+       -Dmidpoint.repository.upgradeableSchemaAction=$REPO_UPGRADEABLE_SCHEMA_ACTION \
+       $(if [ -n "$REPO_SCHEMA_VERSION_IF_MISSING" ]; then echo "-Dmidpoint.repository.schemaVersionIfMissing=$REPO_SCHEMA_VERSION_IF_MISSING"; fi) \
+       $(if [ -n "$REPO_SCHEMA_VARIANT" ]; then echo "-Dmidpoint.repository.schemaVariant=$REPO_SCHEMA_VARIANT"; fi) \
+       -Dmidpoint.repository.initializationFailTimeout=60000 \
+       -Dmidpoint.keystore.keyStorePassword_FILE=$MP_KEYSTORE_PASSWORD_FILE \
+       -Dmidpoint.logging.alt.enabled=true \
+       -Dmidpoint.logging.alt.filename=/tmp/logmidpoint \
+       -Dmidpoint.logging.alt.timezone=UTC \
+       -Dspring.profiles.active="`$MP_DIR/active-spring-profiles`" \
+       $(if [ "$AUTHENTICATION" = "shibboleth" ]; then echo "-Dauth.logout.url=$LOGOUT_URL -Dauth.sso.header=$SSO_HEADER"; fi) \
+       -Dserver.tomcat.ajp.enabled=$AJP_ENABLED \
+       -Dserver.tomcat.ajp.port=$AJP_PORT \
+       -Dlogging.path=/tmp/logtomcat \
+       $MP_JAVA_OPTS \
+       -jar $MP_DIR/lib/midpoint.war &>/tmp/logmidpoint-console
diff --git a/midpoint/midpoint-server/container_files/usr-local-bin/startup.sh b/container_files/usr-local-bin/startup.sh
similarity index 100%
rename from midpoint/midpoint-server/container_files/usr-local-bin/startup.sh
rename to container_files/usr-local-bin/startup.sh
diff --git a/demo/complex/.env b/demo/complex/.env
index 03f48af..d58a3c3 100644
--- a/demo/complex/.env
+++ b/demo/complex/.env
@@ -3,12 +3,15 @@ ENV=demo
 USERTOKEN=
 REPO_DATABASE_TYPE=mariadb
 REPO_JDBC_URL=default
-REPO_HOST=midpoint-data
+REPO_HOST=midpoint_data
 REPO_PORT=default
-REPO_DATABASE=midpoint
-REPO_USER=root
-REPO_PASSWORD_FILE=/run/secrets/m_database_password.txt
-KEYSTORE_PASSWORD_FILE=/run/secrets/m_keystore_password.txt
-MEM=2048m
+REPO_DATABASE=registry
+REPO_USER=registry_user
+REPO_MISSING_SCHEMA_ACTION=create
+REPO_UPGRADEABLE_SCHEMA_ACTION=stop
+REPO_PASSWORD_FILE=/run/secrets/mp_database_password.txt
+MP_KEYSTORE_PASSWORD_FILE=/run/secrets/mp_keystore_password.txt
+MP_MEM_MAX=2048m
+MP_MEM_INIT=1024m
 LOGOUT_URL=https://localhost:8443/Shibboleth.sso/Logout
 SSO_HEADER=uid
diff --git a/demo/complex/README.md b/demo/complex/README.md
index 4d99adf..7e24d42 100644
--- a/demo/complex/README.md
+++ b/demo/complex/README.md
@@ -2,7 +2,7 @@ This is a demonstration of using midPoint dockerization for TIER environment in
 
 # Building and execution
 ```
-$ ../../midpoint/build.sh
+$ ../../build.sh
 $ docker-compose up --build
 ```
 
diff --git a/demo/complex/configs-and-secrets/grouper/application/grouper.client.properties b/demo/complex/configs-and-secrets/grouper/application/grouper.client.properties
index ee9895f..d25ad96 100644
--- a/demo/complex/configs-and-secrets/grouper/application/grouper.client.properties
+++ b/demo/complex/configs-and-secrets/grouper/application/grouper.client.properties
@@ -48,7 +48,7 @@ grouperClient.ldap.password =
 # url of web service, should include everything up to the first resource to access
 # e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
 # e.g. https://groups.school.edu/grouper-ws/servicesRest
-grouperClient.webService.url = https://grouper-ws/grouper-ws/servicesRest
+grouperClient.webService.url = https://grouper_ws/grouper-ws/servicesRest
 
 # kerberos principal used to connect to web service
 grouperClient.webService.login = banderson
diff --git a/demo/complex/configs-and-secrets/grouper/application/grouper.hibernate.properties b/demo/complex/configs-and-secrets/grouper/application/grouper.hibernate.properties
index f4849ba..deb0d75 100644
--- a/demo/complex/configs-and-secrets/grouper/application/grouper.hibernate.properties
+++ b/demo/complex/configs-and-secrets/grouper/application/grouper.hibernate.properties
@@ -20,7 +20,7 @@
 # e.g. hsqldb (b):      jdbc:hsqldb:hsql://localhost:9001/grouper
 # e.g. postgres:        jdbc:postgresql://localhost:5432/database
 # e.g. mssql:           jdbc:sqlserver://localhost:3280;databaseName=grouper
-hibernate.connection.url = jdbc:mysql://grouper-data:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8
+hibernate.connection.url = jdbc:mysql://grouper_data:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8
 
 hibernate.connection.username         = root
 # If you are using an empty password, depending upon your version of
diff --git a/demo/complex/configs-and-secrets/midpoint/application/database_password.txt b/demo/complex/configs-and-secrets/midpoint/application/database_password.txt
index 11bac01..11bff19 100644
--- a/demo/complex/configs-and-secrets/midpoint/application/database_password.txt
+++ b/demo/complex/configs-and-secrets/midpoint/application/database_password.txt
@@ -1 +1 @@
-456654
+WJzesbe3poNZ91qIbmR7
diff --git a/demo/complex/docker-compose.yml b/demo/complex/docker-compose.yml
index c691377..aa9b0f9 100644
--- a/demo/complex/docker-compose.yml
+++ b/demo/complex/docker-compose.yml
@@ -1,21 +1,21 @@
 version: "3.3"
 
 services:
-  grouper-daemon:
-    build: ./grouper-daemon/
-    command: bash -c "while ! curl -s grouper-data:3306 > /dev/null; do echo waiting for mysql on grouper-data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec daemon"
+  grouper_daemon:
+    build: ./grouper_daemon/
+    command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec daemon"
     depends_on:
-     - grouper-data
+     - grouper_data
      - directory
     environment:
-     - ENV=demo
+     - ENV
+     - USERTOKEN
      - GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE=password
      - GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
      - RABBITMQ_PASSWORD_FILE=/run/secrets/rabbitmq_password.txt
      - SUBJECT_SOURCE_LDAP_PASSWORD=password
-     - USERTOKEN=build-2
     networks:
-     - back
+     - net
     secrets:
      - g_database_password.txt
      - rabbitmq_password.txt
@@ -34,21 +34,21 @@ services:
        target: /opt/grouper/conf/grouper.client.properties
 
 
-  grouper-ui:
-    build: ./grouper-ui/
-    command: bash -c "while ! curl -s grouper-data:3306 > /dev/null; do echo waiting for mysql on grouper-data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec ui"
+  grouper_ui:
+    build: ./grouper_ui/
+    command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec ui"
     depends_on:
-     - grouper-data
+     - grouper_data
      - directory
     environment:
-     - ENV=demo
+     - ENV
+     - USERTOKEN
      - GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
      - SUBJECT_SOURCE_LDAP_PASSWORD=password
-     - USERTOKEN=build-2
     networks:
-     - back
+     - net
     ports:
-     - "443:443"
+     - 443:443
     secrets:
      - g_database_password.txt
      - source: grouper.hibernate.properties
@@ -84,126 +84,60 @@ services:
        source: ./configs-and-secrets/grouper/httpd/host-cert.pem
        target: /etc/pki/tls/certs/cachain.pem
 
-
-#  grouper-ws:
-#    build: ./grouper-ws/
-#    command: bash -c "while ! curl -s grouper-data:3306 > /dev/null; do echo waiting for mysql on grouper-data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec ws"
-#    depends_on:
-#     - grouper-data
-#     - directory
-#    environment:
-#     - ENV=dev
-#     - GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
-#     - SUBJECT_SOURCE_LDAP_PASSWORD=password
-#     - USERTOKEN=build-2
-#    networks:
-#     - back
-#    ports:
-#     - "8443:443"
-#    secrets:
-#     - g_database_password.txt
-#     - source: grouper.hibernate.properties
-#       target: grouper_grouper.hibernate.properties
-#     - source: grouper-loader.properties
-#       target: grouper_grouper-loader.properties
-#     - source: subject.properties
-#       target: grouper_subject.properties
-#     - source: sp-key.pem
-#       target: shib_sp-key.pem
-#     - source: host-key.pem
-#    volumes:
-#     - type: bind
-#       source: ./configs-and-secrets/grouper/grouper.properties
-#       target: /opt/grouper/conf/grouper.properties
-#     - type: bind
-#       source: ./configs-and-secrets/grouper/grouper.client.properties
-#       target: /opt/grouper/conf/grouper.client.properties
-#     - type: bind
-#       source: ./configs-and-secrets/httpd/host-cert.pem
-#       target: /etc/pki/tls/certs/host-cert.pem
-#     - type: bind
-#       source: ./configs-and-secrets/httpd/host-cert.pem
-#       target: /etc/pki/tls/certs/cachain.pem
-#
-#  gsh:
-#    build: ./gsh/
-#    depends_on:
-#     - grouper-data
-#     - directory
-#    environment:
-#     - ENV=dev
-#     - GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
-#     - SUBJECT_SOURCE_LDAP_PASSWORD=password
-#     - USERTOKEN=build-2
-#    networks:
-#     - back
-#    secrets:
-#     - g_database_password.txt
-#     - source: grouper.hibernate.properties
-#       target: grouper_grouper.hibernate.properties
-#     - source: grouper-loader.properties
-#       target: grouper_grouper-loader.properties
-#     - source: subject.properties
-#       target: grouper_subject.properties
-#    volumes:
-#     - type: bind
-#       source: ./configs-and-secrets/grouper/grouper.properties
-#       target: /opt/grouper/conf/grouper.properties
-#     - type: bind
-#       source: ./configs-and-secrets/grouper/grouper.client.properties
-#       target: /opt/grouper/conf/grouper.client.properties
-
-  grouper-data:
-    build: ./grouper-data/
+  grouper_data:
+    build: ./grouper_data/
     networks:
-     - back
+     - net
     ports:
-     - "3306:3306"
+     - 3306:3306
     volumes:
      - grouper_data:/var/lib/mysql  
 
   directory:
     build: ./directory/
     ports:
-     - "389:389"
+     - 389:389
     networks:
-     - back
+     - net
     volumes:
      - ldap:/var/lib/dirsrv
 
   sources:
     build: ./sources/
     ports:
-     - "13306:3306"
+     - 13306:3306
     networks:
-     - back
+     - net
     volumes:
      - source_data:/var/lib/mysql
 
   targets:
     build: ./targets/
     ports:
-     - "23306:389"
+     - 23306:389
     networks:
-     - back
+     - net
     volumes:
      - target_data:/var/lib/mysql
 
-  midpoint-data:
-    image: tier/midpoint-mariadb:latest
+  midpoint_data:
+    image: tier/mariadb:mariadb10
     ports:
-     - "33306:3306"
+     - 33306:3306
     networks:
-     - back
+     - net
     volumes:
-     - midpoint_data:/var/lib/mysql
+     - midpoint_mysql:/var/lib/mysql
+     - midpoint_data:/var/lib/mysqlmounted
+    environment:
+     - CREATE_NEW_DATABASE=if_needed
 
-  midpoint-server:
-    build: ./midpoint-server/
+  midpoint_server:
+    build: ./midpoint_server/
     depends_on:
-     - midpoint-data
+     - midpoint_data
     ports:
-     - "8443:443"
+     - 8443:443
     environment:
      - AUTHENTICATION
      - ENV
@@ -215,18 +149,24 @@ services:
      - REPO_DATABASE
      - REPO_USER
      - REPO_PASSWORD_FILE
-     - KEYSTORE_PASSWORD_FILE
-     - MEM
+     - REPO_MISSING_SCHEMA_ACTION
+     - REPO_UPGRADEABLE_SCHEMA_ACTION
+     - REPO_SCHEMA_VERSION_IF_MISSING
+     - REPO_SCHEMA_VARIANT
+     - MP_KEYSTORE_PASSWORD_FILE
+     - MP_MEM_MAX
+     - MP_MEM_INIT
+     - MP_JAVA_OPTS
      - SSO_HEADER
      - LOGOUT_URL
      - TIER_BEACON_OPT_OUT
     networks:
-     - back
+     - net
     secrets:
-     - m_database_password.txt
-     - m_keystore_password.txt
-     - m_sp-key.pem
-     - m_host-key.pem
+     - mp_database_password.txt
+     - mp_keystore_password.txt
+     - mp_sp-key.pem
+     - mp_host-key.pem
     volumes:
      - midpoint_home:/opt/midpoint/var
      - type: bind
@@ -254,9 +194,9 @@ services:
      - JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=password
      - JETTY_BACKCHANNEL_SSL_KEYSTORE_PASSWORD=password
     networks:
-     - back
+     - net
     ports:
-     - "4443:4443"
+     - 4443:4443
 
   mq:
     image: rabbitmq:management
@@ -264,12 +204,12 @@ services:
      - RABBITMQ_NODENAME=docker-rabbit
     hostname: rabbitmq
     networks:
-     - back
+     - net
     ports:
-     - "15672:15672"
+     - 15672:15672
 
 networks:
-  back:    
+  net:    
     driver: bridge
 
 secrets:
@@ -289,13 +229,13 @@ secrets:
   subject.properties:
     file: ./configs-and-secrets/grouper/application/subject.properties
 # midPoint
-  m_host-key.pem:
+  mp_host-key.pem:
     file: ./configs-and-secrets/midpoint/httpd/host-key.pem
-  m_sp-key.pem:
+  mp_sp-key.pem:
     file: ./configs-and-secrets/midpoint/shibboleth/sp-key.pem
-  m_database_password.txt:
+  mp_database_password.txt:
     file: ./configs-and-secrets/midpoint/application/database_password.txt
-  m_keystore_password.txt:
+  mp_keystore_password.txt:
     file: ./configs-and-secrets/midpoint/application/keystore_password.txt    
     
 volumes:
@@ -304,4 +244,5 @@ volumes:
   target_data:
   ldap:
   midpoint_data:
+  midpoint_mysql:
   midpoint_home:
diff --git a/demo/complex/grouper-daemon/Dockerfile b/demo/complex/grouper_daemon/Dockerfile
similarity index 100%
rename from demo/complex/grouper-daemon/Dockerfile
rename to demo/complex/grouper_daemon/Dockerfile
diff --git a/demo/complex/grouper-data/Dockerfile b/demo/complex/grouper_data/Dockerfile
similarity index 100%
rename from demo/complex/grouper-data/Dockerfile
rename to demo/complex/grouper_data/Dockerfile
diff --git a/demo/complex/grouper-data/container_files/conf/grouper.hibernate.properties b/demo/complex/grouper_data/container_files/conf/grouper.hibernate.properties
similarity index 100%
rename from demo/complex/grouper-data/container_files/conf/grouper.hibernate.properties
rename to demo/complex/grouper_data/container_files/conf/grouper.hibernate.properties
diff --git a/demo/complex/grouper-data/container_files/conf/grouper.properties b/demo/complex/grouper_data/container_files/conf/grouper.properties
similarity index 100%
rename from demo/complex/grouper-data/container_files/conf/grouper.properties
rename to demo/complex/grouper_data/container_files/conf/grouper.properties
diff --git a/demo/complex/grouper-data/container_files/conf/subject.properties b/demo/complex/grouper_data/container_files/conf/subject.properties
similarity index 100%
rename from demo/complex/grouper-data/container_files/conf/subject.properties
rename to demo/complex/grouper_data/container_files/conf/subject.properties
diff --git a/demo/complex/grouper-data/container_files/seed-data/demo.gsh b/demo/complex/grouper_data/container_files/seed-data/demo.gsh
similarity index 100%
rename from demo/complex/grouper-data/container_files/seed-data/demo.gsh
rename to demo/complex/grouper_data/container_files/seed-data/demo.gsh
diff --git a/demo/complex/grouper-ui/Dockerfile b/demo/complex/grouper_ui/Dockerfile
similarity index 100%
rename from demo/complex/grouper-ui/Dockerfile
rename to demo/complex/grouper_ui/Dockerfile
diff --git a/demo/complex/grouper-ui/container_files/shibboleth/shibd.logger b/demo/complex/grouper_ui/container_files/shibboleth/shibd.logger
similarity index 100%
rename from demo/complex/grouper-ui/container_files/shibboleth/shibd.logger
rename to demo/complex/grouper_ui/container_files/shibboleth/shibd.logger
diff --git a/demo/complex/midpoint-objects/resources/scriptedsql-grouper2.xml b/demo/complex/midpoint-objects/resources/scriptedsql-grouper2.xml
index ddd0c4b..250ddb1 100644
--- a/demo/complex/midpoint-objects/resources/scriptedsql-grouper2.xml
+++ b/demo/complex/midpoint-objects/resources/scriptedsql-grouper2.xml
@@ -18,7 +18,7 @@
 
 		<icfc:configurationProperties 
 			xmlns:icscscriptedsql="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/net.tirasa.connid.bundles.db.scriptedsql/net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector">
-			<icscscriptedsql:host>grouper-data</icscscriptedsql:host>
+			<icscscriptedsql:host>grouper_data</icscscriptedsql:host>
 			<icscscriptedsql:port>3306</icscscriptedsql:port>
 			<icscscriptedsql:quoting></icscscriptedsql:quoting>
 			<icscscriptedsql:user>root</icscscriptedsql:user>
diff --git a/demo/complex/midpoint-server/Dockerfile b/demo/complex/midpoint_server/Dockerfile
similarity index 100%
rename from demo/complex/midpoint-server/Dockerfile
rename to demo/complex/midpoint_server/Dockerfile
diff --git a/demo/complex/midpoint-server/container_files/mp-home/icf-connectors/net.tirasa.connid.bundles.db.scriptedsql-2.2.6-SNAPSHOT.jar b/demo/complex/midpoint_server/container_files/mp-home/icf-connectors/net.tirasa.connid.bundles.db.scriptedsql-2.2.6-SNAPSHOT.jar
similarity index 100%
rename from demo/complex/midpoint-server/container_files/mp-home/icf-connectors/net.tirasa.connid.bundles.db.scriptedsql-2.2.6-SNAPSHOT.jar
rename to demo/complex/midpoint_server/container_files/mp-home/icf-connectors/net.tirasa.connid.bundles.db.scriptedsql-2.2.6-SNAPSHOT.jar
diff --git a/demo/complex/midpoint-server/container_files/mp-home/lib/amqp-client-5.3.0.jar b/demo/complex/midpoint_server/container_files/mp-home/lib/amqp-client-5.3.0.jar
similarity index 100%
rename from demo/complex/midpoint-server/container_files/mp-home/lib/amqp-client-5.3.0.jar
rename to demo/complex/midpoint_server/container_files/mp-home/lib/amqp-client-5.3.0.jar
diff --git a/demo/complex/midpoint-server/container_files/mp-home/res/grouper/SchemaScript.groovy b/demo/complex/midpoint_server/container_files/mp-home/res/grouper/SchemaScript.groovy
similarity index 100%
rename from demo/complex/midpoint-server/container_files/mp-home/res/grouper/SchemaScript.groovy
rename to demo/complex/midpoint_server/container_files/mp-home/res/grouper/SchemaScript.groovy
diff --git a/demo/complex/midpoint-server/container_files/mp-home/res/grouper/SearchScript.groovy b/demo/complex/midpoint_server/container_files/mp-home/res/grouper/SearchScript.groovy
similarity index 100%
rename from demo/complex/midpoint-server/container_files/mp-home/res/grouper/SearchScript.groovy
rename to demo/complex/midpoint_server/container_files/mp-home/res/grouper/SearchScript.groovy
diff --git a/demo/complex/midpoint-server/container_files/mp-home/res/grouper/TestScript.groovy b/demo/complex/midpoint_server/container_files/mp-home/res/grouper/TestScript.groovy
similarity index 100%
rename from demo/complex/midpoint-server/container_files/mp-home/res/grouper/TestScript.groovy
rename to demo/complex/midpoint_server/container_files/mp-home/res/grouper/TestScript.groovy
diff --git a/demo/complex/midpoint-server/container_files/mp-home/res/grouper2/SchemaScript.groovy b/demo/complex/midpoint_server/container_files/mp-home/res/grouper2/SchemaScript.groovy
similarity index 100%
rename from demo/complex/midpoint-server/container_files/mp-home/res/grouper2/SchemaScript.groovy
rename to demo/complex/midpoint_server/container_files/mp-home/res/grouper2/SchemaScript.groovy
diff --git a/demo/complex/midpoint-server/container_files/mp-home/res/grouper2/SearchScript.groovy b/demo/complex/midpoint_server/container_files/mp-home/res/grouper2/SearchScript.groovy
similarity index 100%
rename from demo/complex/midpoint-server/container_files/mp-home/res/grouper2/SearchScript.groovy
rename to demo/complex/midpoint_server/container_files/mp-home/res/grouper2/SearchScript.groovy
diff --git a/demo/complex/midpoint-server/container_files/mp-home/res/grouper2/SyncScript.groovy b/demo/complex/midpoint_server/container_files/mp-home/res/grouper2/SyncScript.groovy
similarity index 100%
rename from demo/complex/midpoint-server/container_files/mp-home/res/grouper2/SyncScript.groovy
rename to demo/complex/midpoint_server/container_files/mp-home/res/grouper2/SyncScript.groovy
diff --git a/demo/complex/midpoint-server/container_files/mp-home/res/grouper2/TestScript.groovy b/demo/complex/midpoint_server/container_files/mp-home/res/grouper2/TestScript.groovy
similarity index 100%
rename from demo/complex/midpoint-server/container_files/mp-home/res/grouper2/TestScript.groovy
rename to demo/complex/midpoint_server/container_files/mp-home/res/grouper2/TestScript.groovy
diff --git a/demo/complex/midpoint-server/container_files/mp-home/res/sis-persons/SchemaScript.groovy b/demo/complex/midpoint_server/container_files/mp-home/res/sis-persons/SchemaScript.groovy
similarity index 100%
rename from demo/complex/midpoint-server/container_files/mp-home/res/sis-persons/SchemaScript.groovy
rename to demo/complex/midpoint_server/container_files/mp-home/res/sis-persons/SchemaScript.groovy
diff --git a/demo/complex/midpoint-server/container_files/mp-home/res/sis-persons/SearchScript.groovy b/demo/complex/midpoint_server/container_files/mp-home/res/sis-persons/SearchScript.groovy
similarity index 100%
rename from demo/complex/midpoint-server/container_files/mp-home/res/sis-persons/SearchScript.groovy
rename to demo/complex/midpoint_server/container_files/mp-home/res/sis-persons/SearchScript.groovy
diff --git a/demo/complex/midpoint-server/container_files/mp-home/res/sis-persons/TestScript.groovy b/demo/complex/midpoint_server/container_files/mp-home/res/sis-persons/TestScript.groovy
similarity index 100%
rename from demo/complex/midpoint-server/container_files/mp-home/res/sis-persons/TestScript.groovy
rename to demo/complex/midpoint_server/container_files/mp-home/res/sis-persons/TestScript.groovy
diff --git a/demo/complex/midpoint-server/container_files/mp-home/res/sis/SchemaScript.groovy b/demo/complex/midpoint_server/container_files/mp-home/res/sis/SchemaScript.groovy
similarity index 100%
rename from demo/complex/midpoint-server/container_files/mp-home/res/sis/SchemaScript.groovy
rename to demo/complex/midpoint_server/container_files/mp-home/res/sis/SchemaScript.groovy
diff --git a/demo/complex/midpoint-server/container_files/mp-home/res/sis/SearchScript.groovy b/demo/complex/midpoint_server/container_files/mp-home/res/sis/SearchScript.groovy
similarity index 100%
rename from demo/complex/midpoint-server/container_files/mp-home/res/sis/SearchScript.groovy
rename to demo/complex/midpoint_server/container_files/mp-home/res/sis/SearchScript.groovy
diff --git a/demo/complex/midpoint-server/container_files/mp-home/res/sis/TestScript.groovy b/demo/complex/midpoint_server/container_files/mp-home/res/sis/TestScript.groovy
similarity index 100%
rename from demo/complex/midpoint-server/container_files/mp-home/res/sis/TestScript.groovy
rename to demo/complex/midpoint_server/container_files/mp-home/res/sis/TestScript.groovy
diff --git a/demo/complex/midpoint-server/container_files/mp-home/schema/user-schema.xsd b/demo/complex/midpoint_server/container_files/mp-home/schema/user-schema.xsd
similarity index 100%
rename from demo/complex/midpoint-server/container_files/mp-home/schema/user-schema.xsd
rename to demo/complex/midpoint_server/container_files/mp-home/schema/user-schema.xsd
diff --git a/demo/complex/test-resources b/demo/complex/test-resources
new file mode 100755
index 0000000..0674f73
--- /dev/null
+++ b/demo/complex/test-resources
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+source $(dirname "$0")/../../library.bash
+
+test_resource 0a37121f-d515-4a23-9b6d-554c5ef61272
+test_resource 6dcb84f5-bf82-4931-9072-fbdf87f96442
+test_resource 13660d60-071b-4596-9aa1-5efcd1256c04
+test_resource 4d70a0da-02dd-41cf-b0a1-00e75d3eaa15
diff --git a/demo/complex/tests/main.bats b/demo/complex/tests/main.bats
new file mode 100755
index 0000000..5cd95bb
--- /dev/null
+++ b/demo/complex/tests/main.bats
@@ -0,0 +1,151 @@
+#!/usr/bin/env bats
+
+load ../../../common
+load ../../../library
+
+@test "000 Cleanup before running the tests" {
+    (cd ../simple ; docker-compose down -v)
+    (cd ../shibboleth ; docker-compose down -v)
+    (cd ../postgresql ; docker-compose down -v)
+    docker-compose down -v
+}
+
+@test "010 Initialize and start the composition" {
+    # We want to fail cleanly if there's any interference
+    docker ps
+    ! (docker ps | grep -E "shibboleth_(idp|directory)_1|(complex|simple|shibboleth|postgresql)_(midpoint_server|midpoint_data)_1")
+    docker-compose up -d --build
+}
+
+@test "020 Wait until components are started" {
+    touch $BATS_TMPDIR/not-started
+    wait_for_midpoint_start complex_midpoint_server_1 complex_midpoint_data_1
+    wait_for_shibboleth_idp_start complex_idp_1
+    wait_for_grouper_ui_start complex_grouper_ui_1
+    rm $BATS_TMPDIR/not-started
+}
+
+@test "040 Check midPoint health" {
+    if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
+    check_health
+}
+
+@test "050 Check Shibboleth IDP health" {
+    if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
+    check_health_shibboleth_idp
+}
+
+@test "060 Check Grouper health" {
+    if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
+    skip TODO
+}
+
+@test "100 Get 'administrator'" {
+    if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
+    check_health
+    get_and_check_object users 00000000-0000-0000-0000-000000000002 administrator
+}
+
+@test "110 And and get 'test110'" {
+    if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
+    check_health
+    echo "<user><name>test110</name></user>" >/tmp/test110.xml
+    add_object users /tmp/test110.xml
+    rm /tmp/test110.xml
+    search_and_check_object users test110
+    delete_object_by_name users test110
+}
+
+@test "200 Upload objects" {
+    if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
+
+    # reduce data in SIS database so imports will take reasonable time
+    docker exec complex_sources_1 mysql sis -e "delete from SIS_COURSES where uid not in ('amorrison', 'banderson', 'cmorrison', 'danderson', 'ddavis', 'jsmith', 'kwhite', 'mroberts', 'whenderson', 'wprice')"
+    docker exec complex_sources_1 mysql sis -e "delete from SIS_AFFILIATIONS where uid not in ('amorrison', 'banderson', 'cmorrison', 'danderson', 'ddavis', 'jsmith', 'kwhite', 'mroberts', 'whenderson', 'wprice')"
+    docker exec complex_sources_1 mysql sis -e "delete from SIS_PERSONS where uid not in ('amorrison', 'banderson', 'cmorrison', 'danderson', 'ddavis', 'jsmith', 'kwhite', 'mroberts', 'whenderson', 'wprice')"
+
+    check_health
+    ./upload-objects
+
+    search_and_check_object objectTemplates template-org-course
+    search_and_check_object objectTemplates template-org-department
+    search_and_check_object objectTemplates template-role-affiliation
+    search_and_check_object objectTemplates template-role-generic-group
+    
+    search_and_check_object orgs courses
+    search_and_check_object orgs departments
+
+    search_and_check_object resources "OpenLDAP (directory)"
+    search_and_check_object resources "Grouper SQL/MQ"
+    search_and_check_object resources "SQL SIS courses (sources)"
+    search_and_check_object resources "SQL SIS persons (sources)"
+
+    search_and_check_object roles metarole-affiliation
+    search_and_check_object roles metarole-course
+    search_and_check_object roles metarole-department 
+    search_and_check_object roles metarole-generic-group
+    search_and_check_object roles role-grouper-sysadmin
+    search_and_check_object roles role-ldap-basic
+}
+
+@test "210 Test resource" {
+    if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
+    test_resource 0a37121f-d515-4a23-9b6d-554c5ef61272
+    test_resource 6dcb84f5-bf82-4931-9072-fbdf87f96442
+    test_resource 13660d60-071b-4596-9aa1-5efcd1256c04
+    test_resource 4d70a0da-02dd-41cf-b0a1-00e75d3eaa15
+}
+
+@test "220 Import SIS_PERSONS" {
+    if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
+
+    add_object tasks midpoint-objects-manual/tasks/task-import-sis-persons.xml
+    search_and_check_object tasks "Import from SIS persons"
+    wait_for_task_completion 22c2a3d0-0961-4255-9eec-c550a79aeaaa 6 10
+    assert_task_success 22c2a3d0-0961-4255-9eec-c550a79aeaaa
+
+    search_and_check_object users jsmith
+    search_and_check_object users banderson
+    search_and_check_object users kwhite
+    search_and_check_object users whenderson
+    search_and_check_object users ddavis
+    search_and_check_object users cmorrison
+    search_and_check_object users danderson
+    search_and_check_object users amorrison
+    search_and_check_object users wprice
+    search_and_check_object users mroberts
+
+    check_ldap_account_by_user_name jsmith complex_directory_1
+    check_ldap_account_by_user_name banderson complex_directory_1
+    check_ldap_account_by_user_name kwhite complex_directory_1
+    check_ldap_account_by_user_name whenderson complex_directory_1
+    check_ldap_account_by_user_name ddavis complex_directory_1
+    check_ldap_account_by_user_name cmorrison complex_directory_1
+    check_ldap_account_by_user_name danderson complex_directory_1
+    check_ldap_account_by_user_name amorrison complex_directory_1
+    check_ldap_account_by_user_name wprice complex_directory_1
+    check_ldap_account_by_user_name mroberts complex_directory_1
+    # TODO check assignments etc
+}
+
+@test "230 Check 'TestUser230' in Midpoint and LDAP" {
+    if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
+    check_health
+    echo "<user><name>TestUser230</name><fullName>Test User230</fullName><givenName>Test</givenName><familyName>User230</familyName><credentials><password><value><clearValue>password</clearValue></value></password></credentials></user>" >/tmp/testuser230.xml
+    add_object users /tmp/testuser230.xml
+    rm /tmp/testuser230.xml
+    search_and_check_object users TestUser230
+
+    execute_bulk_action tests/resources/bulk-action/recompute-role-grouper-sysadmin.xml complex_midpoint_server_1
+    execute_bulk_action tests/resources/bulk-action/assign-role-grouper-sysadmin-to-test-user.xml complex_midpoint_server_1
+
+    check_ldap_account_by_user_name TestUser230 complex_directory_1
+    check_of_ldap_membership TestUser230 sysadmingroup complex_directory_1
+    
+    delete_object_by_name users TestUser230
+}
+
+
+@test "999 Clean up" {
+    docker-compose down -v
+}
diff --git a/demo/complex/tests/resources/bulk-action/assign-role-grouper-sysadmin-to-test-user.xml b/demo/complex/tests/resources/bulk-action/assign-role-grouper-sysadmin-to-test-user.xml
new file mode 100644
index 0000000..c2736da
--- /dev/null
+++ b/demo/complex/tests/resources/bulk-action/assign-role-grouper-sysadmin-to-test-user.xml
@@ -0,0 +1,22 @@
+<scext:executeScript xmlns:scext="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3">
+                <s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"
+   			  xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+			  xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+			  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         		  xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+                    <s:type>c:UserType</s:type>
+                    <s:searchFilter>
+                        <q:equal>
+                            <q:path>c:name</q:path>
+                            <q:value>TestUser230</q:value>
+                        </q:equal>
+                    </s:searchFilter>
+                    <s:action>
+                        <s:type>assign</s:type>
+                        <s:parameter>
+                            <s:name>role</s:name>
+							<c:value xsi:type="xsd:string">d48ec05b-fffd-4262-acd3-d9ff63365b62</c:value>
+                        </s:parameter>
+                    </s:action>
+                </s:search>
+            </scext:executeScript>
diff --git a/demo/complex/tests/resources/bulk-action/recompute-role-grouper-sysadmin.xml b/demo/complex/tests/resources/bulk-action/recompute-role-grouper-sysadmin.xml
new file mode 100644
index 0000000..1356484
--- /dev/null
+++ b/demo/complex/tests/resources/bulk-action/recompute-role-grouper-sysadmin.xml
@@ -0,0 +1,16 @@
+<scext:executeScript xmlns:scext="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3"
+		     xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+		     xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
+                <s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">
+                    <s:type>c:RoleType</s:type>
+                    <s:searchFilter>
+                        <q:equal>
+                            <q:path>name</q:path>
+                            <q:value>role-grouper-sysadmin</q:value>
+                        </q:equal>
+                    </s:searchFilter>
+                    <s:action>
+                        <s:type>recompute</s:type>
+                    </s:action>
+                </s:search>
+            </scext:executeScript>
diff --git a/demo/complex/tests/resources/sql/courses.sql b/demo/complex/tests/resources/sql/courses.sql
new file mode 100644
index 0000000..51d1a56
--- /dev/null
+++ b/demo/complex/tests/resources/sql/courses.sql
@@ -0,0 +1,31 @@
+CREATE TABLE SIS_COURSES (
+  uid varchar(255) NOT NULL,
+  surname varchar(255) default NULL,
+  givenName varchar(255) default NULL,
+  courseId varchar(255) default NULL,
+  PRIMARY KEY (uid, courseId)
+);
+
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kwhite','White','Karl','CS252');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kwhite','White','Karl','ACCT201');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kwhite','White','Karl','SCI404');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('kwhite','White','Karl','MATH100');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('whenderson','Henderson','William','ACCT101');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('ddavis','Davis','David','CS251');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('ddavis','Davis','David','MATH100');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('cmorrison','Morrison','Colin','ACCT101');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('cmorrison','Morrison','Colin','CS251');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('cmorrison','Morrison','Colin','MATH101');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('cmorrison','Morrison','Colin','ACCT201');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('danderson','Anderson','Donna','SCI123');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('danderson','Anderson','Donna','ACCT201');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('danderson','Anderson','Donna','MATH100');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('amorrison','Morrison','Ann','CS251');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('amorrison','Morrison','Ann','ACCT101');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('amorrison','Morrison','Ann','MATH101');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('wprice','Price','William','MATH100');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('wprice','Price','William','SCI404');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mroberts','Roberts','Marie','SCI123');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mroberts','Roberts','Marie','ACCT101');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mroberts','Roberts','Marie','CS251');
+INSERT INTO SIS_COURSES (uid, surname, givenName, courseId) VALUES ('mroberts','Roberts','Marie','MATH101');
diff --git a/demo/complex/tests/resources/sql/persons.sql b/demo/complex/tests/resources/sql/persons.sql
new file mode 100644
index 0000000..8eec175
--- /dev/null
+++ b/demo/complex/tests/resources/sql/persons.sql
@@ -0,0 +1,38 @@
+CREATE TABLE SIS_PERSONS (
+  uid varchar(255) NOT NULL,
+  surname varchar(255) default NULL,
+  givenName varchar(255) default NULL,
+  fullName varchar(255) default NULL,
+  department varchar(255) default NULL,
+  mail varchar(255) default NULL,
+  PRIMARY KEY (uid)
+);
+
+CREATE TABLE SIS_AFFILIATIONS (
+  uid varchar(255) NOT NULL,
+  affiliation varchar(255) NOT NULL,
+  PRIMARY KEY (uid, affiliation)
+);
+
+INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('jsmith','Smith','Joe','John Smith',NULL,NULL);
+INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('banderson','Anderson','Bob','Bob Anderson',NULL,NULL);
+INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('kwhite','White','Karl','Karl White','Law','kwhite@example.edu');
+INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('kwhite','member');
+INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('kwhite','student');
+INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('whenderson','Henderson','William','William Henderson','Advising','whenderson@example.edu');
+INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('whenderson','community');
+INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('ddavis','Davis','David','David Davis','Computer Science','ddavis@example.edu');
+INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('ddavis','staff');
+INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('cmorrison','Morrison','Colin','Colin Morrison','Financial Aid','cmorrison@example.edu');
+INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('cmorrison','member');
+INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('cmorrison','faculty');
+INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('danderson','Anderson','Donna','Donna Anderson','Account Payable','danderson@example.edu');
+INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('danderson','member');
+INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('amorrison','Morrison','Ann','Ann Morrison','Law','amorrison@example.edu');
+INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('amorrison','student');
+INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('amorrison','alum');
+INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('wprice','Price','William','William Price','Account Payable','wprice@example.edu');
+INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('wprice','community');
+INSERT INTO SIS_PERSONS (uid, surname, givenName, fullName, department, mail) VALUES ('mroberts','Roberts','Marie','Marie Roberts','Law','mroberts@example.edu');
+INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('mroberts','student');
+INSERT INTO SIS_AFFILIATIONS (uid, affiliation) VALUES ('mroberts','community');
diff --git a/demo/extrepo/.env b/demo/extrepo/.env
new file mode 100644
index 0000000..a29d2b2
--- /dev/null
+++ b/demo/extrepo/.env
@@ -0,0 +1,9 @@
+# These parameters can be overridden by setting environment variables before calling docker-compose up
+ENV=demo
+USERTOKEN=
+REPO_JDBC_URL=default
+REPO_PORT=default
+REPO_MISSING_SCHEMA_ACTION=create
+REPO_UPGRADEABLE_SCHEMA_ACTION=stop
+MP_MEM_MAX=2048m
+MP_MEM_INIT=1024m
diff --git a/demo/extrepo/configs-and-secrets/midpoint/application/database_password.txt b/demo/extrepo/configs-and-secrets/midpoint/application/database_password.txt
new file mode 100644
index 0000000..d71d29d
--- /dev/null
+++ b/demo/extrepo/configs-and-secrets/midpoint/application/database_password.txt
@@ -0,0 +1 @@
+oracle
diff --git a/midpoint/configs-and-secrets/midpoint/application/keystore_password.txt b/demo/extrepo/configs-and-secrets/midpoint/application/keystore_password.txt
similarity index 100%
rename from midpoint/configs-and-secrets/midpoint/application/keystore_password.txt
rename to demo/extrepo/configs-and-secrets/midpoint/application/keystore_password.txt
diff --git a/midpoint/configs-and-secrets/midpoint/httpd/host-cert.pem b/demo/extrepo/configs-and-secrets/midpoint/httpd/host-cert.pem
similarity index 100%
rename from midpoint/configs-and-secrets/midpoint/httpd/host-cert.pem
rename to demo/extrepo/configs-and-secrets/midpoint/httpd/host-cert.pem
diff --git a/midpoint/configs-and-secrets/midpoint/httpd/host-key.pem b/demo/extrepo/configs-and-secrets/midpoint/httpd/host-key.pem
similarity index 100%
rename from midpoint/configs-and-secrets/midpoint/httpd/host-key.pem
rename to demo/extrepo/configs-and-secrets/midpoint/httpd/host-key.pem
diff --git a/demo/extrepo/docker-compose.yml b/demo/extrepo/docker-compose.yml
new file mode 100644
index 0000000..43c1d5d
--- /dev/null
+++ b/demo/extrepo/docker-compose.yml
@@ -0,0 +1,53 @@
+version: "3.3"
+
+services:
+  midpoint_server:
+    image: tier/midpoint:latest
+    ports:
+      - 8443:443
+    environment:
+     - ENV
+     - USERTOKEN
+     - REPO_DATABASE_TYPE
+     - REPO_JDBC_URL
+     - REPO_HOST
+     - REPO_PORT
+     - REPO_DATABASE
+     - REPO_USER
+     - REPO_MISSING_SCHEMA_ACTION
+     - REPO_UPGRADEABLE_SCHEMA_ACTION
+     - REPO_SCHEMA_VERSION_IF_MISSING
+     - REPO_SCHEMA_VARIANT
+     - MP_MEM_MAX
+     - MP_MEM_INIT
+     - MP_JAVA_OPTS
+     - TIER_BEACON_OPT_OUT
+    networks:
+     - net
+    secrets:
+     - mp_database_password.txt
+     - mp_keystore_password.txt
+     - mp_host-key.pem
+    volumes:
+     - midpoint_home:/opt/midpoint/var
+     - type: bind
+       source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
+       target: /etc/pki/tls/certs/host-cert.pem
+     - type: bind
+       source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
+       target: /etc/pki/tls/certs/cachain.pem
+
+networks:
+  net:
+    driver: bridge
+
+secrets:
+  mp_database_password.txt:
+    file: ./configs-and-secrets/midpoint/application/database_password.txt
+  mp_keystore_password.txt:
+    file: ./configs-and-secrets/midpoint/application/keystore_password.txt
+  mp_host-key.pem:
+    file: ./configs-and-secrets/midpoint/httpd/host-key.pem
+    
+volumes:
+  midpoint_home:
diff --git a/demo/postgresql/.env b/demo/postgresql/.env
new file mode 100644
index 0000000..a92b22a
--- /dev/null
+++ b/demo/postgresql/.env
@@ -0,0 +1,7 @@
+# These parameters can be overridden by setting environment variables before calling docker-compose up
+ENV=demo
+USERTOKEN=
+REPO_MISSING_SCHEMA_ACTION=create
+REPO_UPGRADEABLE_SCHEMA_ACTION=stop
+MP_MEM_MAX=2048m
+MP_MEM_INIT=1024m
diff --git a/demo/postgresql/configs-and-secrets/midpoint/application/database_password.txt b/demo/postgresql/configs-and-secrets/midpoint/application/database_password.txt
new file mode 100644
index 0000000..11bff19
--- /dev/null
+++ b/demo/postgresql/configs-and-secrets/midpoint/application/database_password.txt
@@ -0,0 +1 @@
+WJzesbe3poNZ91qIbmR7
diff --git a/demo/postgresql/configs-and-secrets/midpoint/application/keystore_password.txt b/demo/postgresql/configs-and-secrets/midpoint/application/keystore_password.txt
new file mode 100644
index 0000000..1d40192
--- /dev/null
+++ b/demo/postgresql/configs-and-secrets/midpoint/application/keystore_password.txt
@@ -0,0 +1 @@
+changeit
diff --git a/demo/postgresql/configs-and-secrets/midpoint/httpd/host-cert.pem b/demo/postgresql/configs-and-secrets/midpoint/httpd/host-cert.pem
new file mode 100644
index 0000000..9b1021b
--- /dev/null
+++ b/demo/postgresql/configs-and-secrets/midpoint/httpd/host-cert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIJAMOSkn4oS2aAMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRcwFQYDVQQK
+DA5JbnRlcm5ldDIvVElFUjEgMB4GA1UEAwwXbWlkcG9pbnQuc3AuZXhhbXBsZS5v
+cmcwHhcNMTgwOTE0MDU1OTQ1WhcNMTkwOTE0MDU1OTQ1WjBpMQswCQYDVQQGEwJV
+UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50
+ZXJuZXQyL1RJRVIxIDAeBgNVBAMMF21pZHBvaW50LnNwLmV4YW1wbGUub3JnMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj/b7MEUSfu3oXMfNgRwTse7
+a5UV7Jswf1M/ZN/ZZkAkIxNBevZgozjesvLPWrmsTgONi7XigJUJvCjdjmlW9eDM
+lri/rkD8HuOR1DQCVKL9nvoS2c3D7sq5Emda3V8Tlj82VqfEmePd3sajx7mcTfbH
+8jwAL9NhkC+WMib5IpjLGpG0FEAC0ha7Lxb+7jIiqHVJaqLXJGCyGN4mh6c1Q9S1
+f8RVTiW2a8x22G+9wnZYbkiA2Kxls177imHlhSz8EdvV4IpGw1amrEWhhuDEum7B
+vZ1xQDLatgRqh4qAKLIVYeRnJ8H1FelMa90qB4G08MIPifmTsQwqJyBYaEdgWQID
+AQABo1MwUTAdBgNVHQ4EFgQUqb9BteODF6wv5R57aEON/wGXMiowHwYDVR0jBBgw
+FoAUqb9BteODF6wv5R57aEON/wGXMiowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQsFAAOCAQEAAcKhxI+tSItrXmqC0PSmgWyAYpqbkz6W/cefTutXqhIgY09f
+h0LSv7ogTahoGpyiZk9vy6u3OE9bYwxapEfa4KBjO6HxBMIVBBb3RegVjoPzjElN
+BDwAx0VGFcZTXwMxDWycWdG8ql7rCZBvS50w04uTaIgnGmqXAdWWmBgfJ9cRbxW+
+JwO/mOl1QM1lR/5142NpvuUVWlmZSKEGydE5A1qPz2wpDbBR1ym1BQNS4NEqw6Kp
+GSB8jKyCS1Ve0v2wVze2038Wukz02dq9uKPTIO3T+B+ibZmxn6Op/kFCc1/kK5NS
+Q6JdO1B6KquGAYdGmKAcQ19mv+jqGktqWEEf0g==
+-----END CERTIFICATE-----
diff --git a/demo/postgresql/configs-and-secrets/midpoint/httpd/host-key.pem b/demo/postgresql/configs-and-secrets/midpoint/httpd/host-key.pem
new file mode 100644
index 0000000..5746e59
--- /dev/null
+++ b/demo/postgresql/configs-and-secrets/midpoint/httpd/host-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCmP9vswRRJ+7eh
+cx82BHBOx7trlRXsmzB/Uz9k39lmQCQjE0F69mCjON6y8s9auaxOA42LteKAlQm8
+KN2OaVb14MyWuL+uQPwe45HUNAJUov2e+hLZzcPuyrkSZ1rdXxOWPzZWp8SZ493e
+xqPHuZxN9sfyPAAv02GQL5YyJvkimMsakbQUQALSFrsvFv7uMiKodUlqotckYLIY
+3iaHpzVD1LV/xFVOJbZrzHbYb73CdlhuSIDYrGWzXvuKYeWFLPwR29XgikbDVqas
+RaGG4MS6bsG9nXFAMtq2BGqHioAoshVh5GcnwfUV6Uxr3SoHgbTwwg+J+ZOxDCon
+IFhoR2BZAgMBAAECggEAEIRBpjjceiku6jRUwnoYaks/nIWYQwR8AfpUTwJKR/VR
+Yca097Fokm7A+UhUP3A45RtHQb0VPq8P44iv0kk24YCu8r5yFK7SHYOAZnOwU5ZJ
+2jSAEPF3aM7tKh3okhuzB3dKP7u1NZDE5zAW723KUJiW7sL1RcsbY0bHBj6G+9/H
+NplmsjuGt684vRBB0qOBfKF7EiG7mT69tHuNj4gRza9SMY31UtKbZdt2fNY6mp5V
+HscMba7egZP+Ke0pVX4+go9j7K8GG8hYaQDLjrzlPqrxZ2c5X9cC+CRDI/CHuL/s
+V/2yGZJ6n6UabwZoH83RdFrbQ94rU8Hkli6EvxXvMQKBgQDRpheNW5jDG5TfeJKh
+yfKTDQqH2Tk3BsBYYBN7Hf3m7vbkzlxnAKJAoSLmtRMuoeXvI5MrhzaHGsNIUS76
+LDIZnvB7DLUxhFUZsCPkpAA1QHuTWY96oR3PHnPjpk8lSUvtbOPwDLdzVApeFJgZ
+VqMNArZ7AHsK3Kkyi+f4WVQjbQKBgQDLAWiGb5dx6fAM2W6B6HjNmzjBWOuVEXa2
+76to9jzupBZmETfZgxtWUaWUDuNS+f7dtVUTE+p6v/w8clrHEhEZYkqunIOLo/UA
+LFPiuoTfEsWb1rh+nsCjCgy4uimixj/bSkf7NC6NyKTvCygA1mGnVVJUEPegYlDy
+LXCkaKWxHQKBgQCmyHSKL2lrJkEcOwakEU2acNCE3Gno/cT9SYmV83kvQ8JEqmrW
+QqnRsp9aXIljGscapPmKsmnNt5vNp1AxFAHTYh88NRLczsMIyZj0ZwgHVUI6KhC7
+5Psa78YQQBlMt2/g9TSsnuE+rYgF6mpKFiNm0Vasqeg47uzn2mdzqlUGTQKBgE04
+JutkTUY+h1pL5vYxWKpVDfy19z7H2tFxT1FowPrBneeLSyRI88Ac5I/yLdRlVeY9
+0LOmEr5Igwj3MsKgg7KVKfVLgdo/LrW3Jt2Kt3onKNXDkoBPoNUjwH0QC0Boiue+
+VK0gR0kVdm+bXccbxR+im+NwZNE0NLg6Qqu3RredAoGBALuVoqbPPmTCZXYG328H
+bzOs2aiR7BzPSVByV+qG6jW7w03RAnFPJZp7HMU+ViI5VY0wabUscMSvz5163+gM
+4KwY3v9ZjZzZGukIfLuudkdqtaiVOx/KeAC0n+nG21YU+wpZww8gkfHh1/sa2CME
+CWYCgOnmiTHcj83UaTqEXtmv
+-----END PRIVATE KEY-----
diff --git a/demo/postgresql/docker-compose.yml b/demo/postgresql/docker-compose.yml
index 79a3738..60879d7 100644
--- a/demo/postgresql/docker-compose.yml
+++ b/demo/postgresql/docker-compose.yml
@@ -1,23 +1,67 @@
 version: "3.3"
 
 services:
-  postgresql:
-    build: ./postgresql/
+  midpoint_data:
+    image: postgres:9.5
     environment:
-     - POSTGRES_PASSWORD=password
-    expose:
-     - 5432
+     - POSTGRES_PASSWORD_FILE=/run/secrets/mp_database_password.txt
+     - POSTGRES_USER=midpoint
+     - POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8
     ports:
      - 5432:5432
     networks:
      - net
+    secrets:
+     - mp_database_password.txt
     volumes:
-     - data:/var/lib/postgresql/data
+     - midpoint_data:/var/lib/postgresql/data
 
+  midpoint_server:
+    image: tier/midpoint:latest
+    ports:
+      - 8443:443
+    environment:
+     - ENV
+     - USERTOKEN
+     - REPO_DATABASE_TYPE=postgresql
+     - REPO_HOST=midpoint_data
+     - REPO_DATABASE=midpoint
+     - REPO_USER=midpoint
+     - REPO_MISSING_SCHEMA_ACTION
+     - REPO_UPGRADEABLE_SCHEMA_ACTION
+     - REPO_SCHEMA_VERSION_IF_MISSING
+     - REPO_SCHEMA_VARIANT
+     - MP_MEM_MAX
+     - MP_MEM_INIT
+     - MP_JAVA_OPTS
+     - TIER_BEACON_OPT_OUT
+    networks:
+     - net
+    secrets:
+     - mp_database_password.txt
+     - mp_keystore_password.txt
+     - mp_host-key.pem
+    volumes:
+     - midpoint_home:/opt/midpoint/var
+     - type: bind
+       source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
+       target: /etc/pki/tls/certs/host-cert.pem
+     - type: bind
+       source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
+       target: /etc/pki/tls/certs/cachain.pem
 
 networks:
-  net:
+  net:    
     driver: bridge
 
+secrets:
+  mp_database_password.txt:
+    file: ./configs-and-secrets/midpoint/application/database_password.txt
+  mp_keystore_password.txt:
+    file: ./configs-and-secrets/midpoint/application/keystore_password.txt
+  mp_host-key.pem:
+    file: ./configs-and-secrets/midpoint/httpd/host-key.pem
+    
 volumes:
-  data:
+  midpoint_data:
+  midpoint_home:
diff --git a/demo/postgresql/midpoint-additions-for-standalone-run.yml b/demo/postgresql/midpoint-additions-for-standalone-run.yml
deleted file mode 100644
index 2e3cabe..0000000
--- a/demo/postgresql/midpoint-additions-for-standalone-run.yml
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# This is a file with additions to ../midpoint/docker-compose.yml file, to be used in the following way:
-#
-# (in this directory)
-#
-# $ docker-compose up
-#
-# (in ../midpoint directory)
-#
-# $ docker-compose -f docker-compose.yml -f ../demo/postgresql/midpoint-additions-for-standalone-run.yml up midpoint-server
-#
-# It expects that PostgreSQL is started independently of midPoint. When executing the containers in this way, there are two compositions with the following containers:
-#
-# "midpoint"
-#
-# - midpoint-server
-#
-# "postgresql"
-#
-# - postgresql
-#
-
-version: "3.3"
-
-services:
-  midpoint-server:
-    environment:
-     - REPO_DATABASE_TYPE=postgresql
-     - REPO_HOST=postgresql
-     - REPO_DATABASE=midpoint
-     - REPO_USER=midpoint
-    networks:
-     - postgresql_net
-
-networks:
-  postgresql_net:
-    external: true
diff --git a/demo/postgresql/midpoint-additions.yml b/demo/postgresql/midpoint-additions.yml
deleted file mode 100644
index 5cf43d4..0000000
--- a/demo/postgresql/midpoint-additions.yml
+++ /dev/null
@@ -1,38 +0,0 @@
-#
-# This is a file with additions to ../midpoint/docker-compose.yml file, to be used in the following way:
-#
-# (in ../midpoint directory)
-#
-# $ docker-compose -f docker-compose.yml -f ../demo/postgresql/midpoint-additions.yml up midpoint-server postgresql
-#
-# It expects that PostgreSQL is started as part of midPoint composition. So there will be three containers there:
-#
-# 1) midpoint-server
-# 2) postgresql
-#
-
-version: "3.3"
-
-services:
-  postgresql:
-    build: ../demo/postgresql/postgresql/
-    environment:
-     - POSTGRES_PASSWORD=password
-    expose:
-     - 5432
-    ports:
-     - 5432:5432
-    networks:
-     - back
-    volumes:
-     - postgresql_data:/var/lib/postgresql/data
-
-  midpoint-server:
-    environment:
-     - REPO_DATABASE_TYPE=postgresql
-     - REPO_HOST=postgresql
-     - REPO_DATABASE=midpoint
-     - REPO_USER=midpoint
-
-volumes:
-  postgresql_data:
diff --git a/demo/postgresql/postgresql/Dockerfile b/demo/postgresql/postgresql/Dockerfile
deleted file mode 100644
index dcaf4d6..0000000
--- a/demo/postgresql/postgresql/Dockerfile
+++ /dev/null
@@ -1,3 +0,0 @@
-FROM postgres:9.5
-
-COPY container_files/* /docker-entrypoint-initdb.d/
diff --git a/demo/postgresql/postgresql/container_files/init-user-db.sh b/demo/postgresql/postgresql/container_files/init-user-db.sh
deleted file mode 100755
index 95df619..0000000
--- a/demo/postgresql/postgresql/container_files/init-user-db.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-set -e
-
-echo Creating midPoint user and database
-
-psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
-    CREATE USER midpoint WITH PASSWORD '456654' LOGIN SUPERUSER;
-    CREATE DATABASE midpoint WITH OWNER = midpoint ENCODING = 'UTF8' TABLESPACE = pg_default LC_COLLATE = 'en_US.utf8' LC_CTYPE = 'en_US.utf8' CONNECTION LIMIT = -1;
-EOSQL
-
-echo midPoint user and database were created
-
diff --git a/demo/postgresql/tests/main.bats b/demo/postgresql/tests/main.bats
new file mode 100755
index 0000000..5d82e6e
--- /dev/null
+++ b/demo/postgresql/tests/main.bats
@@ -0,0 +1,34 @@
+#!/usr/bin/env bats
+
+load ../../../common
+load ../../../library
+
+@test "000 Cleanup before running the tests" {
+    run docker-compose down -v
+}
+
+@test "010 Initialize and start midPoint" {
+    docker-compose up -d
+    wait_for_midpoint_start postgresql_midpoint_server_1
+}
+
+@test "010 Check health" {
+    check_health
+}
+
+@test "100 Get 'administrator'" {
+    check_health
+    get_and_check_object users 00000000-0000-0000-0000-000000000002 administrator
+}
+
+@test "110 And and get 'test110'" {
+    check_health
+    echo "<user><name>test110</name></user>" >/tmp/test110.xml
+    add_object users /tmp/test110.xml
+    rm /tmp/test110.xml
+    search_and_check_object users test110
+}
+
+@test "999 Clean up" {
+    docker-compose down -v
+}
diff --git a/demo/shibboleth/.env b/demo/shibboleth/.env
new file mode 100644
index 0000000..21ec0af
--- /dev/null
+++ b/demo/shibboleth/.env
@@ -0,0 +1,14 @@
+# These parameters can be overridden by setting environment variables before calling docker-compose up
+AUTHENTICATION=shibboleth
+ENV=demo
+USERTOKEN=
+REPO_DATABASE_TYPE=mariadb
+REPO_JDBC_URL=default
+REPO_HOST=midpoint_data
+REPO_PORT=default
+REPO_DATABASE=registry
+REPO_USER=registry_user
+REPO_MISSING_SCHEMA_ACTION=create
+REPO_UPGRADEABLE_SCHEMA_ACTION=stop
+MP_MEM_MAX=2048m
+MP_MEM_INIT=1024m
diff --git a/demo/shibboleth/configs-and-secrets/midpoint/application/database_password.txt b/demo/shibboleth/configs-and-secrets/midpoint/application/database_password.txt
new file mode 100644
index 0000000..11bff19
--- /dev/null
+++ b/demo/shibboleth/configs-and-secrets/midpoint/application/database_password.txt
@@ -0,0 +1 @@
+WJzesbe3poNZ91qIbmR7
diff --git a/demo/shibboleth/configs-and-secrets/midpoint/application/keystore_password.txt b/demo/shibboleth/configs-and-secrets/midpoint/application/keystore_password.txt
new file mode 100644
index 0000000..1d40192
--- /dev/null
+++ b/demo/shibboleth/configs-and-secrets/midpoint/application/keystore_password.txt
@@ -0,0 +1 @@
+changeit
diff --git a/demo/shibboleth/configs-and-secrets/midpoint/httpd/host-cert.pem b/demo/shibboleth/configs-and-secrets/midpoint/httpd/host-cert.pem
new file mode 100644
index 0000000..9b1021b
--- /dev/null
+++ b/demo/shibboleth/configs-and-secrets/midpoint/httpd/host-cert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIJAMOSkn4oS2aAMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRcwFQYDVQQK
+DA5JbnRlcm5ldDIvVElFUjEgMB4GA1UEAwwXbWlkcG9pbnQuc3AuZXhhbXBsZS5v
+cmcwHhcNMTgwOTE0MDU1OTQ1WhcNMTkwOTE0MDU1OTQ1WjBpMQswCQYDVQQGEwJV
+UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50
+ZXJuZXQyL1RJRVIxIDAeBgNVBAMMF21pZHBvaW50LnNwLmV4YW1wbGUub3JnMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj/b7MEUSfu3oXMfNgRwTse7
+a5UV7Jswf1M/ZN/ZZkAkIxNBevZgozjesvLPWrmsTgONi7XigJUJvCjdjmlW9eDM
+lri/rkD8HuOR1DQCVKL9nvoS2c3D7sq5Emda3V8Tlj82VqfEmePd3sajx7mcTfbH
+8jwAL9NhkC+WMib5IpjLGpG0FEAC0ha7Lxb+7jIiqHVJaqLXJGCyGN4mh6c1Q9S1
+f8RVTiW2a8x22G+9wnZYbkiA2Kxls177imHlhSz8EdvV4IpGw1amrEWhhuDEum7B
+vZ1xQDLatgRqh4qAKLIVYeRnJ8H1FelMa90qB4G08MIPifmTsQwqJyBYaEdgWQID
+AQABo1MwUTAdBgNVHQ4EFgQUqb9BteODF6wv5R57aEON/wGXMiowHwYDVR0jBBgw
+FoAUqb9BteODF6wv5R57aEON/wGXMiowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQsFAAOCAQEAAcKhxI+tSItrXmqC0PSmgWyAYpqbkz6W/cefTutXqhIgY09f
+h0LSv7ogTahoGpyiZk9vy6u3OE9bYwxapEfa4KBjO6HxBMIVBBb3RegVjoPzjElN
+BDwAx0VGFcZTXwMxDWycWdG8ql7rCZBvS50w04uTaIgnGmqXAdWWmBgfJ9cRbxW+
+JwO/mOl1QM1lR/5142NpvuUVWlmZSKEGydE5A1qPz2wpDbBR1ym1BQNS4NEqw6Kp
+GSB8jKyCS1Ve0v2wVze2038Wukz02dq9uKPTIO3T+B+ibZmxn6Op/kFCc1/kK5NS
+Q6JdO1B6KquGAYdGmKAcQ19mv+jqGktqWEEf0g==
+-----END CERTIFICATE-----
diff --git a/demo/shibboleth/configs-and-secrets/midpoint/httpd/host-key.pem b/demo/shibboleth/configs-and-secrets/midpoint/httpd/host-key.pem
new file mode 100644
index 0000000..5746e59
--- /dev/null
+++ b/demo/shibboleth/configs-and-secrets/midpoint/httpd/host-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCmP9vswRRJ+7eh
+cx82BHBOx7trlRXsmzB/Uz9k39lmQCQjE0F69mCjON6y8s9auaxOA42LteKAlQm8
+KN2OaVb14MyWuL+uQPwe45HUNAJUov2e+hLZzcPuyrkSZ1rdXxOWPzZWp8SZ493e
+xqPHuZxN9sfyPAAv02GQL5YyJvkimMsakbQUQALSFrsvFv7uMiKodUlqotckYLIY
+3iaHpzVD1LV/xFVOJbZrzHbYb73CdlhuSIDYrGWzXvuKYeWFLPwR29XgikbDVqas
+RaGG4MS6bsG9nXFAMtq2BGqHioAoshVh5GcnwfUV6Uxr3SoHgbTwwg+J+ZOxDCon
+IFhoR2BZAgMBAAECggEAEIRBpjjceiku6jRUwnoYaks/nIWYQwR8AfpUTwJKR/VR
+Yca097Fokm7A+UhUP3A45RtHQb0VPq8P44iv0kk24YCu8r5yFK7SHYOAZnOwU5ZJ
+2jSAEPF3aM7tKh3okhuzB3dKP7u1NZDE5zAW723KUJiW7sL1RcsbY0bHBj6G+9/H
+NplmsjuGt684vRBB0qOBfKF7EiG7mT69tHuNj4gRza9SMY31UtKbZdt2fNY6mp5V
+HscMba7egZP+Ke0pVX4+go9j7K8GG8hYaQDLjrzlPqrxZ2c5X9cC+CRDI/CHuL/s
+V/2yGZJ6n6UabwZoH83RdFrbQ94rU8Hkli6EvxXvMQKBgQDRpheNW5jDG5TfeJKh
+yfKTDQqH2Tk3BsBYYBN7Hf3m7vbkzlxnAKJAoSLmtRMuoeXvI5MrhzaHGsNIUS76
+LDIZnvB7DLUxhFUZsCPkpAA1QHuTWY96oR3PHnPjpk8lSUvtbOPwDLdzVApeFJgZ
+VqMNArZ7AHsK3Kkyi+f4WVQjbQKBgQDLAWiGb5dx6fAM2W6B6HjNmzjBWOuVEXa2
+76to9jzupBZmETfZgxtWUaWUDuNS+f7dtVUTE+p6v/w8clrHEhEZYkqunIOLo/UA
+LFPiuoTfEsWb1rh+nsCjCgy4uimixj/bSkf7NC6NyKTvCygA1mGnVVJUEPegYlDy
+LXCkaKWxHQKBgQCmyHSKL2lrJkEcOwakEU2acNCE3Gno/cT9SYmV83kvQ8JEqmrW
+QqnRsp9aXIljGscapPmKsmnNt5vNp1AxFAHTYh88NRLczsMIyZj0ZwgHVUI6KhC7
+5Psa78YQQBlMt2/g9TSsnuE+rYgF6mpKFiNm0Vasqeg47uzn2mdzqlUGTQKBgE04
+JutkTUY+h1pL5vYxWKpVDfy19z7H2tFxT1FowPrBneeLSyRI88Ac5I/yLdRlVeY9
+0LOmEr5Igwj3MsKgg7KVKfVLgdo/LrW3Jt2Kt3onKNXDkoBPoNUjwH0QC0Boiue+
+VK0gR0kVdm+bXccbxR+im+NwZNE0NLg6Qqu3RredAoGBALuVoqbPPmTCZXYG328H
+bzOs2aiR7BzPSVByV+qG6jW7w03RAnFPJZp7HMU+ViI5VY0wabUscMSvz5163+gM
+4KwY3v9ZjZzZGukIfLuudkdqtaiVOx/KeAC0n+nG21YU+wpZww8gkfHh1/sa2CME
+CWYCgOnmiTHcj83UaTqEXtmv
+-----END PRIVATE KEY-----
diff --git a/midpoint/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml b/demo/shibboleth/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml
similarity index 100%
rename from midpoint/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml
rename to demo/shibboleth/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml
diff --git a/midpoint/configs-and-secrets/midpoint/shibboleth/shibboleth2.xml b/demo/shibboleth/configs-and-secrets/midpoint/shibboleth/shibboleth2.xml
similarity index 100%
rename from midpoint/configs-and-secrets/midpoint/shibboleth/shibboleth2.xml
rename to demo/shibboleth/configs-and-secrets/midpoint/shibboleth/shibboleth2.xml
diff --git a/midpoint/configs-and-secrets/midpoint/shibboleth/sp-cert.pem b/demo/shibboleth/configs-and-secrets/midpoint/shibboleth/sp-cert.pem
similarity index 100%
rename from midpoint/configs-and-secrets/midpoint/shibboleth/sp-cert.pem
rename to demo/shibboleth/configs-and-secrets/midpoint/shibboleth/sp-cert.pem
diff --git a/midpoint/configs-and-secrets/midpoint/shibboleth/sp-key.pem b/demo/shibboleth/configs-and-secrets/midpoint/shibboleth/sp-key.pem
similarity index 100%
rename from midpoint/configs-and-secrets/midpoint/shibboleth/sp-key.pem
rename to demo/shibboleth/configs-and-secrets/midpoint/shibboleth/sp-key.pem
diff --git a/demo/shibboleth/docker-compose.yml b/demo/shibboleth/docker-compose.yml
index 3b57a84..c656fe4 100644
--- a/demo/shibboleth/docker-compose.yml
+++ b/demo/shibboleth/docker-compose.yml
@@ -1,12 +1,70 @@
 version: "3.3"
 
 services:
+
+  midpoint_data:
+    image: tier/mariadb:mariadb10
+    ports:
+     - 3306:3306
+    networks:
+     - net
+    volumes:
+     - midpoint_mysql:/var/lib/mysql
+     - midpoint_data:/var/lib/mysqlmounted
+    environment:
+     - CREATE_NEW_DATABASE=if_needed
+
+  midpoint_server:
+    image: tier/midpoint:latest
+    ports:
+      - 8443:443
+    environment:
+     - AUTHENTICATION
+     - ENV
+     - USERTOKEN
+     - REPO_DATABASE_TYPE
+     - REPO_JDBC_URL
+     - REPO_HOST
+     - REPO_PORT
+     - REPO_DATABASE
+     - REPO_USER
+     - REPO_MISSING_SCHEMA_ACTION
+     - REPO_UPGRADEABLE_SCHEMA_ACTION
+     - REPO_SCHEMA_VERSION_IF_MISSING
+     - REPO_SCHEMA_VARIANT
+     - MP_MEM_MAX
+     - MP_MEM_INIT
+     - MP_JAVA_OPTS
+     - TIER_BEACON_OPT_OUT
+    networks:
+     - net
+    secrets:
+     - mp_database_password.txt
+     - mp_keystore_password.txt
+     - mp_sp-key.pem
+     - mp_host-key.pem
+    volumes:
+     - midpoint_home:/opt/midpoint/var
+     - type: bind
+       source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
+       target: /etc/pki/tls/certs/host-cert.pem
+     - type: bind
+       source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
+       target: /etc/pki/tls/certs/cachain.pem
+     - type: bind
+       source: ./configs-and-secrets/midpoint/shibboleth/shibboleth2.xml
+       target: /etc/shibboleth/shibboleth2.xml
+     - type: bind
+       source: ./configs-and-secrets/midpoint/shibboleth/idp-metadata.xml
+       target: /etc/shibboleth/idp-metadata.xml
+     - type: bind
+       source: ./configs-and-secrets/midpoint/shibboleth/sp-cert.pem
+       target: /etc/shibboleth/sp-cert.pem
+
   directory:
     build: ./directory/
-    expose:
-     - "389"
     ports:
-     - "389:389"
+     - 389:389
     networks:
      - net
     volumes:
@@ -16,18 +74,31 @@ services:
     build: ./idp/
     depends_on:
      - directory
+    ports:
+     - 4443:4443
     environment:
      - JETTY_MAX_HEAP=64m
      - JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=password
      - JETTY_BACKCHANNEL_SSL_KEYSTORE_PASSWORD=password
     networks:
      - net
-    ports:
-     - "4443:4443"
 
 networks:
   net:
     driver: bridge
 
+secrets:
+  mp_database_password.txt:
+    file: ./configs-and-secrets/midpoint/application/database_password.txt
+  mp_keystore_password.txt:
+    file: ./configs-and-secrets/midpoint/application/keystore_password.txt
+  mp_host-key.pem:
+    file: ./configs-and-secrets/midpoint/httpd/host-key.pem
+  mp_sp-key.pem:
+    file: ./configs-and-secrets/midpoint/shibboleth/sp-key.pem
+    
 volumes:
+  midpoint_mysql:
+  midpoint_data:
+  midpoint_home:
   ldap:
diff --git a/demo/shibboleth/tests/main.bats b/demo/shibboleth/tests/main.bats
new file mode 100755
index 0000000..8244ad0
--- /dev/null
+++ b/demo/shibboleth/tests/main.bats
@@ -0,0 +1,80 @@
+#!/usr/bin/env bats
+
+load ../../../common
+load ../../../library
+
+@test "000 Cleanup before running the tests" {
+    cd ../simple ; docker-compose down -v ; true
+    run docker-compose down -v
+}
+
+@test "010 Initialize and start containers" {
+    docker-compose up -d
+}
+
+@test "012 Wait for Shibboleth to start up" {
+    wait_for_shibboleth_idp_start shibboleth_idp_1
+}
+
+@test "014 Wait for midPoint to start up" {
+    wait_for_midpoint_start shibboleth_midpoint_server_1
+}
+
+@test "030 Check health" {
+    check_health
+}
+
+@test "040 Check Shibboleth redirection (/midpoint)" {
+    curl -k --write-out %{redirect_url} --silent --output /dev/null https://localhost:8443/midpoint | grep 'https:\/\/localhost:4443\/idp\/profile\/SAML2\/Redirect'
+}
+
+@test "041 Check Shibboleth redirection (/midpoint/)" {
+    curl -k --write-out %{redirect_url} --silent --output /dev/null https://localhost:8443/midpoint/ | grep 'https:\/\/localhost:4443\/idp\/profile\/SAML2\/Redirect'
+}
+
+@test "042 Check Shibboleth redirection (/midpoint/login)" {
+    curl -k --write-out %{redirect_url} --silent --output /dev/null https://localhost:8443/midpoint/login | grep 'https:\/\/localhost:4443\/idp\/profile\/SAML2\/Redirect'
+}
+
+@test "043 Check Shibboleth redirection (/midpoint/something)" {
+    curl -k --write-out %{redirect_url} --silent --output /dev/null https://localhost:8443/midpoint/something | grep 'https:\/\/localhost:4443\/idp\/profile\/SAML2\/Redirect'
+}
+
+@test "044 Check SOAP without Shibboleth redirection (/midpoint/ws/)" {
+    status="$(curl -k --write-out %{http_code} --silent --output /dev/null https://localhost:8443/midpoint/ws/)"
+    [ "$status" -eq 200 ]
+}
+
+@test "045 Check SOAP without Shibboleth redirection (/midpoint/model/)" {
+    status="$(curl -k --write-out %{http_code} --silent --output /dev/null https://localhost:8443/midpoint/model/)"
+    [ "$status" -eq 200 ]
+}
+
+@test "100 Check internally-authenticated REST call: get 'administrator'" {
+    check_health
+    get_and_check_object users 00000000-0000-0000-0000-000000000002 administrator
+}
+
+@test "200 Shut down" {
+    docker-compose down
+}
+
+@test "210 Start with internal authentication" {
+    env AUTHENTICATION=internal docker-compose up -d
+}
+
+@test "210 Wait for midPoint to start up" {
+    wait_for_midpoint_start shibboleth_midpoint_server_1
+}
+
+@test "220 Check health" {
+    check_health
+}
+
+@test "230 Check internal login redirection" {
+    curl -k --write-out %{redirect_url} --silent --output /dev/null https://localhost:8443/midpoint/self/dashboard | grep 'https:\/\/localhost:8443\/midpoint\/login'
+}
+
+@test "999 Clean up" {
+    docker-compose down -v
+}
diff --git a/demo/simple/.env b/demo/simple/.env
new file mode 100644
index 0000000..2ae3222
--- /dev/null
+++ b/demo/simple/.env
@@ -0,0 +1,13 @@
+# These parameters can be overridden by setting environment variables before calling docker-compose up
+ENV=demo
+USERTOKEN=
+REPO_DATABASE_TYPE=mariadb
+REPO_JDBC_URL=default
+REPO_HOST=midpoint_data
+REPO_PORT=default
+REPO_DATABASE=registry
+REPO_USER=registry_user
+REPO_MISSING_SCHEMA_ACTION=create
+REPO_UPGRADEABLE_SCHEMA_ACTION=stop
+MP_MEM_MAX=2048m
+MP_MEM_INIT=1024m
diff --git a/demo/simple/configs-and-secrets/midpoint/application/database_password.txt b/demo/simple/configs-and-secrets/midpoint/application/database_password.txt
new file mode 100644
index 0000000..11bff19
--- /dev/null
+++ b/demo/simple/configs-and-secrets/midpoint/application/database_password.txt
@@ -0,0 +1 @@
+WJzesbe3poNZ91qIbmR7
diff --git a/demo/simple/configs-and-secrets/midpoint/application/keystore_password.txt b/demo/simple/configs-and-secrets/midpoint/application/keystore_password.txt
new file mode 100644
index 0000000..1d40192
--- /dev/null
+++ b/demo/simple/configs-and-secrets/midpoint/application/keystore_password.txt
@@ -0,0 +1 @@
+changeit
diff --git a/demo/simple/configs-and-secrets/midpoint/httpd/host-cert.pem b/demo/simple/configs-and-secrets/midpoint/httpd/host-cert.pem
new file mode 100644
index 0000000..9b1021b
--- /dev/null
+++ b/demo/simple/configs-and-secrets/midpoint/httpd/host-cert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIJAMOSkn4oS2aAMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRcwFQYDVQQK
+DA5JbnRlcm5ldDIvVElFUjEgMB4GA1UEAwwXbWlkcG9pbnQuc3AuZXhhbXBsZS5v
+cmcwHhcNMTgwOTE0MDU1OTQ1WhcNMTkwOTE0MDU1OTQ1WjBpMQswCQYDVQQGEwJV
+UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50
+ZXJuZXQyL1RJRVIxIDAeBgNVBAMMF21pZHBvaW50LnNwLmV4YW1wbGUub3JnMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj/b7MEUSfu3oXMfNgRwTse7
+a5UV7Jswf1M/ZN/ZZkAkIxNBevZgozjesvLPWrmsTgONi7XigJUJvCjdjmlW9eDM
+lri/rkD8HuOR1DQCVKL9nvoS2c3D7sq5Emda3V8Tlj82VqfEmePd3sajx7mcTfbH
+8jwAL9NhkC+WMib5IpjLGpG0FEAC0ha7Lxb+7jIiqHVJaqLXJGCyGN4mh6c1Q9S1
+f8RVTiW2a8x22G+9wnZYbkiA2Kxls177imHlhSz8EdvV4IpGw1amrEWhhuDEum7B
+vZ1xQDLatgRqh4qAKLIVYeRnJ8H1FelMa90qB4G08MIPifmTsQwqJyBYaEdgWQID
+AQABo1MwUTAdBgNVHQ4EFgQUqb9BteODF6wv5R57aEON/wGXMiowHwYDVR0jBBgw
+FoAUqb9BteODF6wv5R57aEON/wGXMiowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQsFAAOCAQEAAcKhxI+tSItrXmqC0PSmgWyAYpqbkz6W/cefTutXqhIgY09f
+h0LSv7ogTahoGpyiZk9vy6u3OE9bYwxapEfa4KBjO6HxBMIVBBb3RegVjoPzjElN
+BDwAx0VGFcZTXwMxDWycWdG8ql7rCZBvS50w04uTaIgnGmqXAdWWmBgfJ9cRbxW+
+JwO/mOl1QM1lR/5142NpvuUVWlmZSKEGydE5A1qPz2wpDbBR1ym1BQNS4NEqw6Kp
+GSB8jKyCS1Ve0v2wVze2038Wukz02dq9uKPTIO3T+B+ibZmxn6Op/kFCc1/kK5NS
+Q6JdO1B6KquGAYdGmKAcQ19mv+jqGktqWEEf0g==
+-----END CERTIFICATE-----
diff --git a/demo/simple/configs-and-secrets/midpoint/httpd/host-key.pem b/demo/simple/configs-and-secrets/midpoint/httpd/host-key.pem
new file mode 100644
index 0000000..5746e59
--- /dev/null
+++ b/demo/simple/configs-and-secrets/midpoint/httpd/host-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCmP9vswRRJ+7eh
+cx82BHBOx7trlRXsmzB/Uz9k39lmQCQjE0F69mCjON6y8s9auaxOA42LteKAlQm8
+KN2OaVb14MyWuL+uQPwe45HUNAJUov2e+hLZzcPuyrkSZ1rdXxOWPzZWp8SZ493e
+xqPHuZxN9sfyPAAv02GQL5YyJvkimMsakbQUQALSFrsvFv7uMiKodUlqotckYLIY
+3iaHpzVD1LV/xFVOJbZrzHbYb73CdlhuSIDYrGWzXvuKYeWFLPwR29XgikbDVqas
+RaGG4MS6bsG9nXFAMtq2BGqHioAoshVh5GcnwfUV6Uxr3SoHgbTwwg+J+ZOxDCon
+IFhoR2BZAgMBAAECggEAEIRBpjjceiku6jRUwnoYaks/nIWYQwR8AfpUTwJKR/VR
+Yca097Fokm7A+UhUP3A45RtHQb0VPq8P44iv0kk24YCu8r5yFK7SHYOAZnOwU5ZJ
+2jSAEPF3aM7tKh3okhuzB3dKP7u1NZDE5zAW723KUJiW7sL1RcsbY0bHBj6G+9/H
+NplmsjuGt684vRBB0qOBfKF7EiG7mT69tHuNj4gRza9SMY31UtKbZdt2fNY6mp5V
+HscMba7egZP+Ke0pVX4+go9j7K8GG8hYaQDLjrzlPqrxZ2c5X9cC+CRDI/CHuL/s
+V/2yGZJ6n6UabwZoH83RdFrbQ94rU8Hkli6EvxXvMQKBgQDRpheNW5jDG5TfeJKh
+yfKTDQqH2Tk3BsBYYBN7Hf3m7vbkzlxnAKJAoSLmtRMuoeXvI5MrhzaHGsNIUS76
+LDIZnvB7DLUxhFUZsCPkpAA1QHuTWY96oR3PHnPjpk8lSUvtbOPwDLdzVApeFJgZ
+VqMNArZ7AHsK3Kkyi+f4WVQjbQKBgQDLAWiGb5dx6fAM2W6B6HjNmzjBWOuVEXa2
+76to9jzupBZmETfZgxtWUaWUDuNS+f7dtVUTE+p6v/w8clrHEhEZYkqunIOLo/UA
+LFPiuoTfEsWb1rh+nsCjCgy4uimixj/bSkf7NC6NyKTvCygA1mGnVVJUEPegYlDy
+LXCkaKWxHQKBgQCmyHSKL2lrJkEcOwakEU2acNCE3Gno/cT9SYmV83kvQ8JEqmrW
+QqnRsp9aXIljGscapPmKsmnNt5vNp1AxFAHTYh88NRLczsMIyZj0ZwgHVUI6KhC7
+5Psa78YQQBlMt2/g9TSsnuE+rYgF6mpKFiNm0Vasqeg47uzn2mdzqlUGTQKBgE04
+JutkTUY+h1pL5vYxWKpVDfy19z7H2tFxT1FowPrBneeLSyRI88Ac5I/yLdRlVeY9
+0LOmEr5Igwj3MsKgg7KVKfVLgdo/LrW3Jt2Kt3onKNXDkoBPoNUjwH0QC0Boiue+
+VK0gR0kVdm+bXccbxR+im+NwZNE0NLg6Qqu3RredAoGBALuVoqbPPmTCZXYG328H
+bzOs2aiR7BzPSVByV+qG6jW7w03RAnFPJZp7HMU+ViI5VY0wabUscMSvz5163+gM
+4KwY3v9ZjZzZGukIfLuudkdqtaiVOx/KeAC0n+nG21YU+wpZww8gkfHh1/sa2CME
+CWYCgOnmiTHcj83UaTqEXtmv
+-----END PRIVATE KEY-----
diff --git a/demo/simple/docker-compose.yml b/demo/simple/docker-compose.yml
new file mode 100644
index 0000000..2d1788c
--- /dev/null
+++ b/demo/simple/docker-compose.yml
@@ -0,0 +1,67 @@
+version: "3.3"
+
+services:
+  midpoint_data:
+    image: tier/mariadb:mariadb10
+    ports:
+     - 3306:3306
+    networks:
+     - net
+    volumes:
+     - midpoint_mysql:/var/lib/mysql
+     - midpoint_data:/var/lib/mysqlmounted
+    environment:
+     - CREATE_NEW_DATABASE=if_needed
+
+  midpoint_server:
+    image: tier/midpoint:latest
+    ports:
+      - 8443:443
+    environment:
+     - ENV
+     - USERTOKEN
+     - REPO_DATABASE_TYPE
+     - REPO_JDBC_URL
+     - REPO_HOST
+     - REPO_PORT
+     - REPO_DATABASE
+     - REPO_USER
+     - REPO_MISSING_SCHEMA_ACTION
+     - REPO_UPGRADEABLE_SCHEMA_ACTION
+     - REPO_SCHEMA_VERSION_IF_MISSING
+     - REPO_SCHEMA_VARIANT
+     - MP_MEM_MAX
+     - MP_MEM_INIT
+     - MP_JAVA_OPTS
+     - TIER_BEACON_OPT_OUT
+    networks:
+     - net
+    secrets:
+     - mp_database_password.txt
+     - mp_keystore_password.txt
+     - mp_host-key.pem
+    volumes:
+     - midpoint_home:/opt/midpoint/var
+     - type: bind
+       source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
+       target: /etc/pki/tls/certs/host-cert.pem
+     - type: bind
+       source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
+       target: /etc/pki/tls/certs/cachain.pem
+
+networks:
+  net:
+    driver: bridge
+
+secrets:
+  mp_database_password.txt:
+    file: ./configs-and-secrets/midpoint/application/database_password.txt
+  mp_keystore_password.txt:
+    file: ./configs-and-secrets/midpoint/application/keystore_password.txt
+  mp_host-key.pem:
+    file: ./configs-and-secrets/midpoint/httpd/host-key.pem
+    
+volumes:
+  midpoint_mysql:
+  midpoint_data:
+  midpoint_home:
diff --git a/demo/simple/tests/main.bats b/demo/simple/tests/main.bats
new file mode 100755
index 0000000..1d0a671
--- /dev/null
+++ b/demo/simple/tests/main.bats
@@ -0,0 +1,89 @@
+#!/usr/bin/env bats
+
+load ../../../common
+load ../../../library
+
+@test "000 Cleanup before running the tests" {
+    run docker-compose down -v
+}
+
+@test "010 Initialize and start midPoint" {
+    docker-compose up -d
+    wait_for_midpoint_start simple_midpoint_server_1
+}
+
+@test "010 Check health" {
+    check_health
+}
+
+@test "100 Get 'administrator'" {
+    check_health
+    get_and_check_object users 00000000-0000-0000-0000-000000000002 administrator
+}
+
+@test "110 And and get 'test110'" {
+    check_health
+    echo "<user><name>test110</name></user>" >/tmp/test110.xml
+    add_object users /tmp/test110.xml
+    rm /tmp/test110.xml
+    search_and_check_object users test110
+}
+
+@test "300 Check repository preserved between restarts" {
+    check_health
+
+    echo "Creating user test300 and checking its existence"
+    echo "<user><name>test300</name></user>" >/tmp/test300.xml
+    add_object users /tmp/test300.xml
+    rm /tmp/test300.xml
+    search_and_check_object users test300
+
+    echo "Bringing the containers down"
+    docker-compose down
+
+    echo "Re-creating the containers"
+    docker-compose up --no-start
+    docker-compose start
+    wait_for_midpoint_start simple_midpoint_server_1
+
+    echo "Searching for the user again"
+    search_and_check_object users test300
+}
+
+@test "350 Test DB schema version check" {
+    echo "Removing version information from m_global_metadata"
+    docker exec simple_midpoint_data_1 mysql -p123321 registry -e "drop table m_global_metadata"
+
+    echo "Bringing the containers down"
+    docker-compose down
+
+    echo "Re-creating the containers"
+    docker-compose up -d
+
+    wait_for_log_message simple_midpoint_server_1 "Database schema is not compatible with the executing code; however, an upgrade path is available."
+}
+
+@test "360 Test DB schema upgrade" {
+    echo "Stopping midpoint_server container"
+    docker stop simple_midpoint_server_1
+
+    echo "Installing empty 3.8 repository"
+    docker exec simple_midpoint_data_1 mysql -p123321 -e "DROP DATABASE registry"
+    docker exec simple_midpoint_data_1 bash -c " curl https://raw.githubusercontent.com/Evolveum/midpoint/v3.8/config/sql/_all/mysql-3.8-all-utf8mb4.sql > /tmp/create-3.8-utf8mb4.sql"
+    docker exec simple_midpoint_data_1 mysql -p123321 -e "CREATE DATABASE IF NOT EXISTS registry;"
+    docker exec simple_midpoint_data_1 mysql -p123321 -e "GRANT ALL ON registry.* TO 'registry_user'@'%' IDENTIFIED BY 'WJzesbe3poNZ91qIbmR7' ;"
+    docker exec simple_midpoint_data_1 bash -c "mysql -p123321 registry < /tmp/create-3.8-utf8mb4.sql"
+
+    echo "Bringing the containers down"
+    docker-compose down
+
+    echo "Re-creating the containers"
+    env REPO_SCHEMA_VERSION_IF_MISSING=3.8 REPO_UPGRADEABLE_SCHEMA_ACTION=upgrade REPO_SCHEMA_VARIANT=utf8mb4 docker-compose up -d
+
+    wait_for_log_message simple_midpoint_server_1 "Schema was successfully upgraded from 3.8 to 3.9 using script 'mysql-upgrade-3.8-3.9-utf8mb4.sql'"
+    wait_for_midpoint_start simple_midpoint_server_1
+}
+
+@test "999 Clean up" {
+    docker-compose down -v
+}
diff --git a/midpoint/download-midpoint b/download-midpoint
similarity index 53%
rename from midpoint/download-midpoint
rename to download-midpoint
index 3757cc2..b00f1c1 100755
--- a/midpoint/download-midpoint
+++ b/download-midpoint
@@ -3,12 +3,14 @@
 dir=`dirname "$0"`
 echo "Downloading midPoint 3.9-SNAPSHOT"
 echo "-----------------------------------------"
-curl --output $dir/midpoint-server/midpoint-3.9-SNAPSHOT-dist.tar.gz "https://evolveum.com/downloads/midpoint-tier/midpoint-3.9-SNAPSHOT-stable-dist.tar.gz"
+curl --output $dir/midpoint-3.9-SNAPSHOT-dist.tar.gz "https://evolveum.com/downloads/midpoint-tier/midpoint-3.9-SNAPSHOT-stable-dist.tar.gz"
 echo "-----------------------------------------"
 echo "Checking the download..."
-if tar -tf $dir/midpoint-server/midpoint-3.9-SNAPSHOT-dist.tar.gz >/dev/null; then
+if tar -tf $dir/midpoint-3.9-SNAPSHOT-dist.tar.gz >/dev/null; then
   echo "OK"
+  exit 0
 else
   echo "The file was not downloaded correctly"
+  exit 1
 fi
 
diff --git a/library.bash b/library.bash
new file mode 100644
index 0000000..eae9fb2
--- /dev/null
+++ b/library.bash
@@ -0,0 +1,393 @@
+#!/bin/bash
+
+#
+# Contains common functions usable for midPoint system tests
+#
+
+# do not use from outside (ugly signature)
+function generic_wait_for_log () {
+    CONTAINER_NAME=$1
+    MESSAGE="$2"
+    WAITING_FOR="$3"
+    FAILURE="$4"
+    ADDITIONAL_CONTAINER_NAME=$5
+    ATTEMPT=0
+    MAX_ATTEMPTS=40
+    DELAY=10
+
+    until [[ $ATTEMPT = $MAX_ATTEMPTS ]]; do
+        ATTEMPT=$((ATTEMPT+1))
+        echo "Waiting $DELAY seconds for $WAITING_FOR (attempt $ATTEMPT) ..."
+        sleep $DELAY
+        docker ps
+        ( docker logs $CONTAINER_NAME 2>&1 | grep "$MESSAGE" ) && return 0
+    done
+
+    echo "$FAILURE" in $(( $MAX_ATTEMPTS * $DELAY )) seconds in $CONTAINER_NAME
+    echo "========== Container log =========="
+    docker logs $CONTAINER_NAME 2>&1
+    echo "========== End of the container log =========="
+    if [ -n "ADDITIONAL_CONTAINER_NAME" ]; then
+        echo "========== Container log ($ADDITIONAL_CONTAINER_NAME) =========="
+        docker logs $ADDITIONAL_CONTAINER_NAME 2>&1
+        echo "========== End of the container log ($DATABASE_CONTAINER_NAME) =========="
+    fi
+    return 1
+}
+
+
+function wait_for_log_message () {
+    generic_wait_for_log $1 "$2" "log message" "log message has not appeared"
+}
+
+# Waits until midPoint starts
+function wait_for_midpoint_start () {
+    generic_wait_for_log $1 "INFO (com.evolveum.midpoint.web.boot.MidPointSpringApplication): Started MidPointSpringApplication in" "midPoint to start" "midPoint did not start" $2
+}
+
+# Waits until Shibboleth IDP starts
+function wait_for_shibboleth_idp_start () {
+    generic_wait_for_log $1 "INFO:oejs.Server:main: Started" "shibboleth idp to start" "shibboleth idp did not start" $2
+}
+
+# Waits until Grouper UI starts
+function wait_for_grouper_ui_start () {
+    generic_wait_for_log $1 "INFO  org.apache.catalina.startup.Catalina- Server startup in" "grouper ui to start" "grouper ui did not start" $2
+}
+
+# Checks the health of midPoint server
+function check_health () {
+    echo Checking health...
+    (set -o pipefail ; curl -k -f https://localhost:8443/midpoint/actuator/health | tr -d '[:space:]' | grep -q "\"status\":\"UP\"")
+    status=$?
+    if [ $status -ne 0 ]; then
+        echo Error: $status
+        docker ps
+        return 1
+    else
+        echo OK
+        return 0
+    fi
+}
+
+# Checks the health of Shibboleth IDP server
+function check_health_shibboleth_idp () {
+    echo Checking health of shibboleth idp...
+    status="$(curl -k --write-out %{http_code} --silent --output /dev/null https://localhost:4443/idp/)"
+    if [ $status -ne 200 ]; then
+        echo Error: Http code of response is $status
+        docker ps
+        return 1
+    else
+        echo OK
+        return 0
+    fi
+}
+
+# Result is in OUTFILE
+function get_object () {
+    local TYPE=$1
+    local OID=$2
+    OUTFILE=$(mktemp /tmp/get.XXXXXX)
+    echo out file is $OUTFILE
+    curl -k --user administrator:5ecr3t -H "Content-Type: application/xml" -X GET "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID" >$OUTFILE || (rm $OUTFILE ; return 1)
+    return 0
+}
+
+# Retrieves XML object and checks if the name matches
+# Object is deleted before return
+function get_and_check_object () {
+    local TYPE=$1
+    local OID=$2
+    local NAME=$3
+    local TMPFILE=$(mktemp /tmp/get.XXXXXX)
+    echo tmp file is $TMPFILE
+    curl -k --user administrator:5ecr3t -H "Content-Type: application/xml" -X GET "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID" >$TMPFILE || (rm $TMPFILE ; return 1)
+    if (grep -q "<name>$NAME</name>" <$TMPFILE); then
+        echo "Object $TYPE/$OID '$NAME' is OK"
+        rm $TMPFILE
+        return 0
+    else
+        echo "Object $TYPE/$OID '$NAME' was not found or not retrieved correctly:"
+        cat $TMPFILE
+        rm $TMPFILE
+        return 1
+    fi
+}
+
+# Adds object from a given file
+function add_object () {
+    local TYPE=$1
+    local FILE=$2
+    TMPFILE=$(mktemp /tmp/addobject.XXXXXX)
+    echo "Adding to $TYPE from $FILE..."
+
+    curl -k -sD - --silent --write-out "%{http_code}" --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/$TYPE" -d @$FILE >$TMPFILE
+    local HTTP_CODE=$(sed '$!d' $TMPFILE)
+
+    if [ "$HTTP_CODE" -eq 201 ] || [ "$HTTP_CODE" -eq 202 ]; then
+
+	OID=$(grep -oP "Location: \K.*" $TMPFILE | awk -F "$TYPE/" '{print $2}') || (echo "Couldn't extract oid from file:" ; cat $TMPFILE ; rm $TMPFILE; return 1)
+
+        echo "OID of created object: $OID"
+	rm $TMPFILE
+        return 0
+    else
+    	echo "Error code: $HTTP_CODE"
+    	if [ "$HTTP_CODE" -ge 500 ]; then
+            echo "Error message: Internal server error. Unexpected error occurred, if necessary please contact system administrator."
+    	else
+	    local ERROR_MESSAGE=$(xmllint --xpath "/*/*[local-name()='error']/text()" $TMPFILE) || (echo "Couldn't extract error message from file:" ; cat $TMPFILE ; rm $TMPFILE; return 1)
+            echo "Error message: $ERROR_MESSAGE"
+    	fi
+	rm $TMPFILE
+        return 1
+    fi
+}
+
+# parameter $2 (CONTAINER) is just for diagnostics: it is the container whose logs we want to dump on error (might be omitted)
+function execute_bulk_action () {
+    local FILE=$1
+    local CONTAINER=$2
+    echo "Executing bulk action from $FILE..."
+    TMPFILE=$(mktemp /tmp/execbulkaction.XXXXXX)
+
+    (curl -k --silent --write-out "%{http_code}" --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/rpc/executeScript" -d @$FILE >$TMPFILE)  || (echo "Midpoint logs: " ; ([[ -n "$CONTAINER" ]] && docker logs $CONTAINER ) ; return 1)
+    local HTTP_CODE=$(sed '$!d' $TMPFILE)
+    sed -i '$ d' $TMPFILE
+
+    if [ "$HTTP_CODE" -eq 200 ]; then
+
+        local STATUS=$(xmllint --xpath "/*/*/*[local-name()='status']/text()" $TMPFILE) || (echo "Couldn't extract status from file:" ; cat $TMPFILE ; rm $TMPFILE; return 1)
+        if [ $STATUS = "success" ]; then
+            local CONSOLE_OUTPUT=$(xmllint --xpath "/*/*/*[local-name()='consoleOutput']/text()" $TMPFILE) || (echo "Couldn't extract console output from file:" ; cat $TMPFILE ; rm $TMPFILE; return 1)
+            echo "Console output: $CONSOLE_OUTPUT"
+            rm $TMPFILE
+            return 0
+	else
+            echo "Bulk action status is not OK: $STATUS"
+            local CONSOLE_OUTPUT=$(xmllint --xpath "/*/*/*[local-name()='consoleOutput']/text()" $TMPFILE) || (echo "Couldn't extract console output from file:" ; cat $TMPFILE ; rm $TMPFILE; return 1)
+ 	    echo "Console output: $CONSOLE_OUTPUT"
+	    rm $TMPFILE
+            return 1
+        fi
+
+    else
+        echo "Error code: $HTTP_CODE"
+        if [ "$HTTP_CODE" -ge 500 ]; then
+            echo "Error message: Internal server error. Unexpected error occurred, if necessary please contact system administrator."
+        else
+            local ERROR_MESSAGE=$(xmllint --xpath "/*/*[local-name()='error']/text()" $TMPFILE) || (echo "Couldn't extract error message from file:" ; cat $TMPFILE ; rm $TMPFILE; return 1)
+	    echo "Error message: $ERROR_MESSAGE"
+        fi
+  	rm $TMPFILE
+        return 1
+    fi
+}
+
+function delete_object_by_name () {
+    local TYPE=$1
+    local NAME=$2
+    search_objects_by_name users $NAME
+    local OID=$(xmllint --xpath "/*/*[local-name()='object']/@oid" $SEARCH_RESULT_FILE | awk -F"\"" '{print $2}' ) || (echo "Couldn't extract oid from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE; return 1)
+    delete_object $TYPE $OID
+}
+
+function delete_object () {
+    local TYPE=$1
+    local OID=$2
+    echo "Deleting object with type $TYPE and oid $OID..."
+    TMPFILE=$(mktemp /tmp/delete.XXXXXX)
+
+    curl -k --silent --write-out "%{http_code}" --user administrator:5ecr3t -H "Content-Type: application/xml" -X DELETE "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID" >$TMPFILE
+    local HTTP_CODE=$(sed '$!d' $TMPFILE)
+    sed -i '$ d' $TMPFILE
+
+    if [ "$HTTP_CODE" -eq 204 ]; then
+	echo "Object with type $TYPE and oid $OID was deleted"
+        rm $TMPFILE
+        return 0
+    else
+        echo "Error code: $HTTP_CODE"
+        if [ "$HTTP_CODE" -ge 500 ]; then
+            echo "Error message: Internal server error. Unexpected error occurred, if necessary please contact system administrator."
+        else
+            local ERROR_MESSAGE=$(xmllint --xpath "/*/*[local-name()='error']/text()" $TMPFILE) || (echo "Couldn't extract error message from file:" ; cat $TMPFILE ; rm $TMPFILE; return 1)
+            echo "Error message: $ERROR_MESSAGE"
+	fi
+	rm $TMPFILE
+        return 1
+    fi
+}
+
+# Tries to find an object with a given name
+# Results of the search are in the $SEARCH_RESULT_FILE
+# TODO check if the result is valid (i.e. not an error) - return 1 if invalid, otherwise return 0 ("no objects" is considered OK here)
+function search_objects_by_name () {
+    local TYPE=$1
+    local NAME="$2"
+    TMPFILE=$(mktemp /tmp/search.XXXXXX)
+
+    curl -k --write-out %{http_code}  --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/$TYPE/search" -d @- << EOF >$TMPFILE || (rm $TMPFILE ; return 1)
+<q:query xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3">
+    <q:filter>
+        <q:equal>
+            <q:path>name</q:path>
+            <q:value>$NAME</q:value>
+        </q:equal>
+    </q:filter>
+</q:query>
+EOF
+    local HTTP_CODE=$(sed '$!d' <<<"$(cat $TMPFILE)")
+    sed -i '$ d' $TMPFILE
+    cat $TMPFILE
+
+    if [ "$HTTP_CODE" -eq 200 ]; then
+        SEARCH_RESULT_FILE=$TMPFILE
+        return 0
+    else
+        echo "Error code: $HTTP_CODE"
+        if [ "$HTTP_CODE" -ge 500 ]; then
+            echo "Error message: Internal server error. Unexpected error occurred, if necessary please contact system administrator."
+        else
+            local ERROR_MESSAGE=$(xmllint --xpath "/*/*[local-name()='error']/text()" $TMPFILE) || (echo "Couldn't extract error message from file:" ; cat $TMPFILE ; rm $TMPFILE; return 1)
+            echo "Error message: $ERROR_MESSAGE"
+        fi
+        rm $SEARCH_RESULT_FILE
+    	return 1
+    fi
+}
+
+# Searches for object with a given name and verifies it was found
+function search_and_check_object () {
+    local TYPE=$1
+    local NAME="$2"
+    search_objects_by_name $TYPE "$NAME" || return 1
+    if (grep -q "<name>$NAME</name>" <$SEARCH_RESULT_FILE); then
+        echo "Object $TYPE/'$NAME' is OK"
+        rm $SEARCH_RESULT_FILE
+        return 0
+    else
+        echo "Object $TYPE/'$NAME' was not found or not retrieved correctly:"
+        cat $SEARCH_RESULT_FILE
+        rm $SEARCH_RESULT_FILE
+        return 1
+    fi
+}
+
+# Tests a resource
+function test_resource () {
+    local OID=$1
+    local TMPFILE=$(mktemp /tmp/test.resource.XXXXXX)
+
+    curl -k --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/resources/$OID/test" >$TMPFILE || (rm $TMPFILE ; return 1)
+    if [[ $(xmllint --xpath "/*/*[local-name()='status']/text()" $TMPFILE) == "success" ]]; then
+        echo "Resource $OID test succeeded"
+        rm $TMPFILE
+        return 0
+    else
+        echo "Resource $OID test failed"
+        cat $TMPFILE
+        rm $TMPFILE
+        return 1
+    fi
+}
+
+function assert_task_success () {
+    local OID=$1
+    get_object tasks $OID
+    TASK_STATUS=$(xmllint --xpath "/*/*[local-name()='resultStatus']/text()" $OUTFILE) || (echo "Couldn't extract task status from task $OID" ; cat $OUTFILE ; rm $OUTFILE ; return 1)
+    if [[ $TASK_STATUS = "success" ]]; then
+        echo "Task $OID status is OK"
+        rm $OUTFILE
+        return 0
+    else
+        echo "Task $OID status is not OK: $TASK_STATUS"
+        cat $OUTFILE
+        rm $OUTFILE
+        return 1
+    fi
+}
+
+function wait_for_task_completion () {
+    local OID=$1
+    local ATTEMPT=0
+    local MAX_ATTEMPTS=$2
+    local DELAY=$3
+
+    until [[ $ATTEMPT = $MAX_ATTEMPTS ]]; do
+        ATTEMPT=$((ATTEMPT+1))
+        echo "Waiting $DELAY seconds for task with oid $OID to finish (attempt $ATTEMPT) ..."
+        sleep $DELAY
+	get_object tasks $OID
+        TASK_EXECUTION_STATUS=$(xmllint --xpath "/*/*[local-name()='executionStatus']/text()" $OUTFILE) || (echo "Couldn't extract task status from task $OID" ; cat $OUTFILE ; rm $OUTFILE ; return 1)
+        if [[ $TASK_EXECUTION_STATUS = "suspended" ]] || [[ $TASK_EXECUTION_STATUS = "closed" ]]; then
+    	    echo "Task $OID is finished"
+        	rm $OUTFILE
+        	return 0
+        fi
+    done
+    rm $OUTFILE
+    echo Task with $OID did not finish in $(( $MAX_ATTEMPTS * $DELAY )) seconds
+    return 1
+}
+
+
+#search LDAP accout by uid
+function search_ldap_object_by_filter () {
+    local BASE_CONTEXT_FOR_SEARCH=$1
+    local FILTER="$2"
+    local LDAP_CONTAINER=$3
+    TMPFILE=$(mktemp /tmp/ldapsearch.XXXXXX)
+
+    docker exec $LDAP_CONTAINER ldapsearch -h localhost -p 389 -D "cn=Directory Manager" -w password -b "$BASE_CONTEXT_FOR_SEARCH" "($FILTER)" >$TMPFILE || (rm $TMPFILE ; return 1)
+    LDAPSEARCH_RESULT_FILE=$TMPFILE
+    return 0
+}
+
+function check_ldap_account_by_user_name () {
+    local NAME="$1"
+    local LDAP_CONTAINER=$2
+    search_ldap_object_by_filter "ou=people,dc=internet2,dc=edu" "uid=$NAME" $LDAP_CONTAINER
+    search_objects_by_name users $NAME
+
+    local MP_FULL_NAME=$(xmllint --xpath "/*/*/*[local-name()='fullName']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract user fullName from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
+    local MP_GIVEN_NAME=$(xmllint --xpath "/*/*/*[local-name()='givenName']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract user givenName from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
+    local MP_FAMILY_NAME=$(xmllint --xpath "/*/*/*[local-name()='familyName']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract user familyName from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
+
+    local LDAP_CN=$(grep -oP "cn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user cn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
+    local LDAP_GIVEN_NAME=$(grep -oP "givenName: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user givenName from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
+    local LDAP_SN=$(grep -oP "sn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user sn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
+
+    rm $SEARCH_RESULT_FILE
+    rm $LDAPSEARCH_RESULT_FILE
+
+    if [[ $MP_FULL_NAME = $LDAP_CN ]] && [[ $MP_GIVEN_NAME = $LDAP_GIVEN_NAME ]] && [[ $MP_FAMILY_NAME = $LDAP_SN ]]; then
+	return 0
+    fi
+
+    echo "User in Midpoint and LDAP Account with uid $NAME are not same"
+    return 1
+}
+
+function check_of_ldap_membership () {
+    local NAME_OF_USER="$1"
+    local NAME_OF_GROUP="$2"
+    local LDAP_CONTAINER=$3
+    search_ldap_object_by_filter "ou=people,dc=internet2,dc=edu" "uid=$NAME_OF_USER" $LDAP_CONTAINER
+
+    local LDAP_ACCOUNT_DN=$(grep -oP "dn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user dn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
+
+    search_ldap_object_by_filter "ou=groups,dc=internet2,dc=edu" "cn=$NAME_OF_GROUP" $LDAP_CONTAINER
+
+    local LDAP_MEMBERS_DNS=$(grep -oP "uniqueMember: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user uniqueMember from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
+
+    rm $LDAPSEARCH_RESULT_FILE
+
+    if [[ $LDAP_MEMBERS_DNS =~ $LDAP_ACCOUNT_DN ]]; then
+        return 0
+    fi
+
+    echo "LDAP Account with uid $NAME_OF_USER is not member of LDAP Group $NAME_OF_GROUP"
+    return 1
+}
diff --git a/midpoint/.env b/midpoint/.env
deleted file mode 100644
index 03f48af..0000000
--- a/midpoint/.env
+++ /dev/null
@@ -1,14 +0,0 @@
-AUTHENTICATION=internal
-ENV=demo
-USERTOKEN=
-REPO_DATABASE_TYPE=mariadb
-REPO_JDBC_URL=default
-REPO_HOST=midpoint-data
-REPO_PORT=default
-REPO_DATABASE=midpoint
-REPO_USER=root
-REPO_PASSWORD_FILE=/run/secrets/m_database_password.txt
-KEYSTORE_PASSWORD_FILE=/run/secrets/m_keystore_password.txt
-MEM=2048m
-LOGOUT_URL=https://localhost:8443/Shibboleth.sso/Logout
-SSO_HEADER=uid
diff --git a/midpoint/README.md b/midpoint/README.md
deleted file mode 100644
index bd1cfd4..0000000
--- a/midpoint/README.md
+++ /dev/null
@@ -1,9 +0,0 @@
-This is a midPoint dockerization for TIER environment. It is a work in progress.
-
-# Building and execution
-```
-$ ./build.sh
-$ docker-compose up --build
-```
-
-Please see a detailed description [here](https://spaces.at.internet2.edu/display/MID/Dockerized+midPoint).
diff --git a/midpoint/build.sh b/midpoint/build.sh
deleted file mode 100755
index 0463d37..0000000
--- a/midpoint/build.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/bash
-
-function normalize_path()
-{
-    # Remove all /./ sequences.
-    local path=${1//\/.\//\/}
-
-    # Remove dir/.. sequences.
-    while [[ $path =~ ([^/][^/]*/\.\./) ]]
-    do
-        path=${path/${BASH_REMATCH[0]}/}
-    done
-    echo $path
-}
-
-cd "$(dirname "$0")"
-./download-midpoint
-cd midpoint-data
-docker build --tag tier/midpoint-mariadb:latest .
-cd ../midpoint-server
-docker build --tag tier/midpoint:latest .
-cd ..
-echo "---------------------------------------------------------------------------------------"
-echo "The midPoint containers were successfully built. To start them, execute the following:"
-echo ""
-echo "(for standalone execution)"
-echo ""
-echo "$ cd" `pwd`
-echo "$ docker-compose up --build"
-echo ""
-echo "(for complex demo)"
-echo ""
-echo "$ cd" $(normalize_path `pwd`/../demo/complex)
-echo "$ docker-compose up --build"
diff --git a/midpoint/configs-and-secrets/midpoint/application/database_password.txt b/midpoint/configs-and-secrets/midpoint/application/database_password.txt
deleted file mode 100644
index 11bac01..0000000
--- a/midpoint/configs-and-secrets/midpoint/application/database_password.txt
+++ /dev/null
@@ -1 +0,0 @@
-456654
diff --git a/midpoint/docker-compose.yml b/midpoint/docker-compose.yml
deleted file mode 100644
index 6605429..0000000
--- a/midpoint/docker-compose.yml
+++ /dev/null
@@ -1,85 +0,0 @@
-#
-# Building:
-#  - docker-compose up --build
-#
-# It assumes that midpoint-3.9-SNAPSHOT-dist.tar.gz is present in the 'midpoint-server' directory. (TODO: eliminate this!)
-#
-
-version: "3.3"
-
-services:
-  midpoint-data:
-    build: ./midpoint-data/
-    expose:
-     - 3306
-    ports:
-     - 3306:3306
-    networks:
-     - back
-    volumes:
-     - midpoint_data:/var/lib/mysql
-
-  midpoint-server:
-    build: ./midpoint-server/
-    expose:
-      - 443
-    ports:
-      - 8443:443
-    environment:
-     - AUTHENTICATION
-     - ENV
-     - USERTOKEN
-     - REPO_DATABASE_TYPE
-     - REPO_JDBC_URL
-     - REPO_HOST
-     - REPO_PORT
-     - REPO_DATABASE
-     - REPO_USER
-     - REPO_PASSWORD_FILE
-     - KEYSTORE_PASSWORD_FILE
-     - MEM
-     - SSO_HEADER
-     - LOGOUT_URL
-     - TIER_BEACON_OPT_OUT
-    networks:
-     - back
-    secrets:
-     - m_database_password.txt
-     - m_keystore_password.txt
-     - m_sp-key.pem
-     - m_host-key.pem
-    volumes:
-     - midpoint_home:/opt/midpoint/var
-     - type: bind
-       source: ./configs-and-secrets/midpoint/shibboleth/shibboleth2.xml
-       target: /etc/shibboleth/shibboleth2.xml
-     - type: bind
-       source: ./configs-and-secrets/midpoint/shibboleth/idp-metadata.xml
-       target: /etc/shibboleth/idp-metadata.xml
-     - type: bind
-       source: ./configs-and-secrets/midpoint/shibboleth/sp-cert.pem
-       target: /etc/shibboleth/sp-cert.pem
-     - type: bind
-       source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
-       target: /etc/pki/tls/certs/host-cert.pem
-     - type: bind
-       source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
-       target: /etc/pki/tls/certs/cachain.pem
-
-networks:
-  back:    
-    driver: bridge
-
-secrets:
-  m_host-key.pem:
-    file: ./configs-and-secrets/midpoint/httpd/host-key.pem
-  m_sp-key.pem:
-    file: ./configs-and-secrets/midpoint/shibboleth/sp-key.pem
-  m_database_password.txt:
-    file: ./configs-and-secrets/midpoint/application/database_password.txt
-  m_keystore_password.txt:
-    file: ./configs-and-secrets/midpoint/application/keystore_password.txt
-    
-volumes:
-  midpoint_data:
-  midpoint_home:
diff --git a/midpoint/midpoint-data/Dockerfile b/midpoint/midpoint-data/Dockerfile
deleted file mode 100644
index 3249b23..0000000
--- a/midpoint/midpoint-data/Dockerfile
+++ /dev/null
@@ -1,35 +0,0 @@
-FROM centos:centos7
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
-
-COPY ./conf/mariadb.repo /etc/yum.repos.d/
-
-RUN yum install -y epel-release \
-    && yum update -y \
-    && yum install -y mariadb-server mariadb \
-    && yum clean all \
-    && rm -rf /var/cache/yum
-
-COPY database_password.txt /tmp/
-
-RUN mysql_install_db \
-    && chown -R mysql:mysql /var/lib/mysql/ \
-    && sed -i 's/^\(bind-address\s.*\)/# \1/' /etc/my.cnf \
-    && sed -i 's/^\(log_error\s.*\)/# \1/' /etc/my.cnf \
-    && sed -i 's/\[mysqld\]/\[mysqld\]\ncharacter_set_server = utf8/' /etc/my.cnf \
-    && sed -i 's/\[mysqld\]/\[mysqld\]\ncollation_server = utf8_bin/' /etc/my.cnf \
-    && sed -i 's/\[mysqld\]/\[mysqld\]\nport = 3306/' /etc/my.cnf \
-    && cat  /etc/my.cnf \
-    && echo "/usr/bin/mysqld_safe &" > /tmp/config \
-    && echo "mysqladmin --silent --wait=30 ping || exit 1" >> /tmp/config \
-    && echo "mysql -e \"CREATE USER 'root'@'%' IDENTIFIED BY '`cat /tmp/database_password.txt`';\"" >> /tmp/config \
-    && echo "mysql -e 'GRANT ALL PRIVILEGES ON *.* TO \"root\"@\"%\" WITH GRANT OPTION;'" >> /tmp/config \
-    && echo "mysql -e 'CREATE DATABASE midpoint CHARACTER SET utf8 COLLATE utf8_bin;'" >> /tmp/config \
-    && echo "mysql -e \"SET PASSWORD FOR 'root'@'localhost' = PASSWORD('`cat /tmp/database_password.txt`');\"" >> /tmp/config \
-    && cat /tmp/config \
-    && bash /tmp/config \
-    && rm -f /tmp/config /tmp/database_password.txt
-
-EXPOSE 3306
-
-CMD mysqld_safe
diff --git a/midpoint/midpoint-data/conf/mariadb.repo b/midpoint/midpoint-data/conf/mariadb.repo
deleted file mode 100644
index e24b3a0..0000000
--- a/midpoint/midpoint-data/conf/mariadb.repo
+++ /dev/null
@@ -1,6 +0,0 @@
-[mariadb]
-name = MariaDB
-baseurl = http://yum.mariadb.org/10.1/centos7-amd64
-gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
-gpgcheck=1
-
diff --git a/midpoint/midpoint-data/database_password.txt b/midpoint/midpoint-data/database_password.txt
deleted file mode 100644
index 11bac01..0000000
--- a/midpoint/midpoint-data/database_password.txt
+++ /dev/null
@@ -1 +0,0 @@
-456654
diff --git a/midpoint/midpoint-data/readme.txt b/midpoint/midpoint-data/readme.txt
deleted file mode 100644
index e0affb1..0000000
--- a/midpoint/midpoint-data/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-database_password.txt should be synchronized with ../configs-and-secrets/midpoint/database_password.txt
diff --git a/midpoint/midpoint-server/container_files/httpd/conf/midpoint.conf.auth.internal b/midpoint/midpoint-server/container_files/httpd/conf/midpoint.conf.auth.internal
deleted file mode 100644
index 690a4cd..0000000
--- a/midpoint/midpoint-server/container_files/httpd/conf/midpoint.conf.auth.internal
+++ /dev/null
@@ -1,6 +0,0 @@
-
-Timeout 2400
-ProxyTimeout 2400
-ProxyBadHeader Ignore
-
-ProxyPass /midpoint ajp://localhost:9090/midpoint  timeout=2400
\ No newline at end of file
diff --git a/midpoint/midpoint-server/container_files/usr-local-bin/start-httpd.sh b/midpoint/midpoint-server/container_files/usr-local-bin/start-httpd.sh
deleted file mode 100755
index 8dd3583..0000000
--- a/midpoint/midpoint-server/container_files/usr-local-bin/start-httpd.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-echo "Linking secrets and config files; using authentication: $AUTHENTICATION"
-ln -sf /run/secrets/m_sp-key.pem /etc/shibboleth/sp-key.pem
-ln -sf /run/secrets/m_host-key.pem /etc/pki/tls/private/host-key.pem
-ln -sf /etc/httpd/conf.d/midpoint.conf.auth.$AUTHENTICATION /etc/httpd/conf.d/midpoint.conf
-
-httpd-shib-foreground
diff --git a/midpoint/midpoint-server/container_files/usr-local-bin/start-midpoint.sh b/midpoint/midpoint-server/container_files/usr-local-bin/start-midpoint.sh
deleted file mode 100755
index 856f34e..0000000
--- a/midpoint/midpoint-server/container_files/usr-local-bin/start-midpoint.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/bash
-
-if [ "$AUTHENTICATION" = "shibboleth" ]; then
-  LOGOUT_URL_DIRECTIVE="-Dauth.logout.url=$LOGOUT_URL"
-else
-  LOGOUT_URL_DIRECTIVE=
-fi
-
-java -Xmx$MEM -Xms2048m -Dfile.encoding=UTF8 \
-       -Dmidpoint.home=$MP_DIR/var \
-       -Dmidpoint.repository.database=$REPO_DATABASE_TYPE \
-       -Dmidpoint.repository.jdbcUsername=$REPO_USER \
-       -Dmidpoint.repository.jdbcPassword_FILE=$REPO_PASSWORD_FILE \
-       -Dmidpoint.repository.jdbcUrl="`$MP_DIR/repository-url`" \
-       -Dmidpoint.repository.hibernateHbm2ddl=none \
-       -Dmidpoint.repository.missingSchemaAction=create \
-       -Dmidpoint.repository.initializationFailTimeout=60000 \
-       -Dmidpoint.keystore.keyStorePassword_FILE=$KEYSTORE_PASSWORD_FILE \
-       -Dmidpoint.logging.alt.enabled=true \
-       -Dmidpoint.logging.alt.filename=/tmp/logmidpoint \
-       -Dmidpoint.logging.alt.timezone=UTC \
-       -Dspring.profiles.active="`$MP_DIR/active-spring-profiles`" \
-       -Dauth.sso.header=$SSO_HEADER \
-       $LOGOUT_URL_DIRECTIVE \
-       -Dserver.tomcat.ajp.enabled=$AJP_ENABLED \
-       -Dserver.tomcat.ajp.port=$AJP_PORT \
-       -Dlogging.path=/tmp/logtomcat \
-       -jar $MP_DIR/lib/midpoint.war &>/tmp/logmidpoint-console
diff --git a/tests/main.bats b/tests/main.bats
new file mode 100755
index 0000000..36dc6c1
--- /dev/null
+++ b/tests/main.bats
@@ -0,0 +1,39 @@
+#!/usr/bin/env bats
+
+load ../common
+
+@test "010 Image is present" {
+    docker image inspect tier/midpoint:latest
+}
+
+@test "020 Check basic components" {
+    docker run -i $maintainer/$imagename \
+	find \
+		/usr/local/bin/startup.sh \
+		/opt/midpoint/var/ \
+		/etc/shibboleth/ \
+		/etc/httpd/
+}
+
+@test "100 Cleanup before further tests - demo/simple" {
+    docker ps -a
+    cd demo/simple ; docker-compose down -v ; true
+}
+
+@test "110 Cleanup before further tests - demo/shibboleth" {
+    docker ps -a
+    cd demo/shibboleth ; docker-compose down -v ; true
+}
+
+@test "120 Cleanup before further tests - demo/postgresql" {
+    docker ps -a
+    cd demo/postgresql ; docker-compose down -v ; true
+}
+
+@test "130 Cleanup before further tests - demo/complex" {
+    docker ps -a
+    cd demo/complex ; docker-compose down -v ; true
+}
+
+# not much more to check here, as we cannot start midpoint container without having a repository
+# so continuing with tests in demo/plain directory