diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..a8c98cb
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,8 @@
+FROM bigfleet/shibboleth_idp
+
+ARG maintainer=tier
+ARG imagename=shibboleth_idp
+ARG version=3.2.1
+ENV VERSION=$version
+
+RUN chown -R root:root /opt/shibboleth/shibboleth-identity-provider-$version
\ No newline at end of file
diff --git a/Jenkinsfile b/Jenkinsfile
index f283330..195076b 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -14,6 +14,14 @@ node {
       sh 'mv bin/* .'
     }
     
+  stage 'Acquire conftree'
+
+    sh 'mkdir -p root'
+    dir('root'){
+      git([ url: "https://github.internet2.edu/docker/shib-idp-conftree.git",
+          branch: "test", credentialsId: "jenkins-github-access-token" ])
+    }    
+    
   stage 'Tests'
   
     sh 'bin/test.sh'
diff --git a/bin/download.sh b/bin/download.sh
index 4045d91..b726b7a 100755
--- a/bin/download.sh
+++ b/bin/download.sh
@@ -4,8 +4,5 @@ source common.bash .
 
 rm -rf root
 if [ ! -f shibboleth-identity-provider.tar.gz ]; then
-  curl -o shibboleth-identity-provider.tar.gz "https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-$version.tar.gz"
-fi
-tar xf shibboleth-identity-provider.tar.gz
-mv shibboleth-identity-provider-$version root
-rm -rf root/bin root/logs
+    git clone git@github.internet2.edu:docker/shib-idp-conftree.git --depth 1 --branch test root
+fi
\ No newline at end of file
diff --git a/tests/download.bats b/tests/download.bats
deleted file mode 100644
index 7077da4..0000000
--- a/tests/download.bats
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/usr/bin/env bats
-
-load ../common
-
-setup() {
-  echo $PWD > test.log
-  ./bin/download.sh
-}
-
-@test "Downloads a Shibboleth IDP tree" {
-  result="$(ls root/conf/idp.properties)"
-  [ "$result" = 'root/conf/idp.properties' ]
-}
-
-@test "Prunes Shibboleth IDP binaries" {
-  run find root/bin
-  [ "$status" -eq 1 ]
-}
-
-@test "Prunes Shibboleth IDP logs" {
-  run find root/logs
-  [ "$status" -eq 1 ]
-}
diff --git a/tests/image.bats b/tests/image.bats
new file mode 100644
index 0000000..5cd7405
--- /dev/null
+++ b/tests/image.bats
@@ -0,0 +1,27 @@
+#!/usr/bin/env bats
+
+load ../common
+
+setup() {
+  ./bin/rebuild.sh
+}
+
+@test "Creates non-root Shib IDP home" {
+  result="$(docker run -i $maintainer/$imagename ls /opt/shibboleth/current/bin/)"
+  [ "$result" != '' ]
+}
+
+@test "Retains first-run experience" {
+  result="$(docker run -i $maintainer/$imagename ls /tmp/firsttimerunning)"
+  [ "$result" != '' ]
+}
+
+@test "Contains java" {
+  run docker run -i $maintainer/$imagename which java
+  [ "$status" -eq 0 ]
+}
+
+@test "Logs directory exists, owned by root" {
+  result="$(docker run -i $maintainer/$imagename stat -c '%U' /opt/shibboleth/current/logs)"
+  [ "$result" != 'UNKNOWN' ]
+}