diff --git a/conf/access-control.xml b/conf/access-control.xml
index a9184e6..d8c1f04 100644
--- a/conf/access-control.xml
+++ b/conf/access-control.xml
@@ -30,7 +30,7 @@
+ p:allowedRanges="#{ {'127.0.0.1/32', '::1/128', '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16'} }" />
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/attribute-resolver.xml b/conf/attribute-resolver.xml
index 471bf0b..a4b32d7 100644
--- a/conf/attribute-resolver.xml
+++ b/conf/attribute-resolver.xml
@@ -1,86 +1,311 @@
-
-
-
-
-
-
-
-
-
-
-
+
+
+
-
-
-
+
+
-
-
-
- uid
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
- member
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/attribute-resolver.xml.orig b/conf/attribute-resolver.xml.orig
new file mode 100644
index 0000000..471bf0b
--- /dev/null
+++ b/conf/attribute-resolver.xml.orig
@@ -0,0 +1,86 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ uid
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ member
+
+
+
+
diff --git a/conf/idp.properties b/conf/idp.properties
index 783adfa..e992125 100644
--- a/conf/idp.properties
+++ b/conf/idp.properties
@@ -8,7 +8,7 @@ idp.additionalProperties=/conf/ldap.properties, /conf/saml-nameid.properties, /c
# Uncomment them and change the value to change functionality.
# Set the entityID of the IdP
-idp.entityID=https://idp.example.org/idp/shibboleth
+idp.entityID=https://example.org/idp/shibboleth
# Set the file path which backs the IdP's own metadata publishing endpoint at /shibboleth.
# Set to empty value to disable and return a 404.
@@ -19,7 +19,7 @@ idp.scope=example.org
# General cookie properties (maxAge only applies to persistent cookies)
# Note the default for idp.cookie.secure, you will usually want it set.
-#idp.cookie.secure = false
+idp.cookie.secure = true
#idp.cookie.httpOnly = true
#idp.cookie.domain =
#idp.cookie.path =
diff --git a/conf/ldap.properties b/conf/ldap.properties
index 241aba1..c8811a9 100644
--- a/conf/ldap.properties
+++ b/conf/ldap.properties
@@ -6,8 +6,8 @@
## Connection properties ##
idp.authn.LDAP.ldapURL=ldap://localhost:10389
-#idp.authn.LDAP.useStartTLS = true
-#idp.authn.LDAP.useSSL = false
+idp.authn.LDAP.useStartTLS = false
+idp.authn.LDAP.useSSL = false
# Time in milliseconds that connects will block
#idp.authn.LDAP.connectTimeout = PT3S
# Time in milliseconds to wait for responses
diff --git a/conf/metadata-providers.xml b/conf/metadata-providers.xml
index d723005..1c95d2b 100644
--- a/conf/metadata-providers.xml
+++ b/conf/metadata-providers.xml
@@ -75,4 +75,18 @@
indexesRef="shibboleth.CASMetadataIndices" />
-->
+
+
+
+
+
+
+
+
+
+ https://mdq.incommon.org/
+
+
diff --git a/credentials/inc-md-cert-mdq.pem b/credentials/inc-md-cert-mdq.pem
new file mode 100644
index 0000000..4b62170
--- /dev/null
+++ b/credentials/inc-md-cert-mdq.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIEvjCCAyagAwIBAgIJANpi9/mkU/zoMA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRYwFAYDVQQK
+DA1JbnRlcm5ldDIuZWR1MREwDwYDVQQLDAhJbkNvbW1vbjEZMBcGA1UEAwwQbWRx
+LmluY29tbW9uLm9yZzAeFw0xODExMTMxNDI5NDNaFw0zODExMTAxNDI5NDNaMHQx
+CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRYw
+FAYDVQQKDA1JbnRlcm5ldDIuZWR1MREwDwYDVQQLDAhJbkNvbW1vbjEZMBcGA1UE
+AwwQbWRxLmluY29tbW9uLm9yZzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoC
+ggGBAJ0+fUTzYVSP6ZOutOEhNdp3WPCPOYqnB4sQFz7IeGbFL1o0lZjx5Izm4Yho
+4wNDd0h486iSkHxNf5dDhCqgz7ZRSmbusOl98SYn70PrUQj/Nzs3w47dPg9Tpb/x
+y44PvNLS/rE56hPgCz/fbHoTTiJt5eosysa1ZebQ3LEyW3jGm+LGtLbdIfkynKVQ
+vpp1FVeCamzdeB3ZRICAvqTYQKE1JQDGlWrEsSW0VVEGNjfbzMzr/g4l8JRdMabQ
+Jig8tj3UIXnu7A2CKSMJSy3WZ3HX+85oHEbL+EV4PtpQz765c69tUIdNTJax9jQ2
+1c3wL0K27HE8jSRlrXImD50R3dXQBKH+iiynBWxRPdyMBa1YfK+zZEWPbLHshSTc
+9hkylQv3awmPR/+Plz5AtTpe5yss/Ifyp01wz1jt42R+6jDE+WbUjp5XDBCAjGEE
+0FPaYtxjZLkmNl367bdTN12OIn/ixPNH+Z/S/4skdBB9Gc4lb2fEBywJQY0OYNOd
+WOxmPwIDAQABo1MwUTAdBgNVHQ4EFgQUMHZuwMaYSJM5mlu3Wc4Ts5xq4/swHwYD
+VR0jBBgwFoAUMHZuwMaYSJM5mlu3Wc4Ts5xq4/swDwYDVR0TAQH/BAUwAwEB/zAN
+BgkqhkiG9w0BAQsFAAOCAYEAMr4wfLrSoPTzfpXtvL+2vrKBJNnRfuJpOYTbPKUc
+DOP2QfzRlczi7suYJvd5rLiRonq8rjyPUyM8gvTfbTps+JhJ6S9mS6dTBxOV1qPZ
+3Ab+XKmq8LUtguGRabKgJgmJH0+inR/wVoal7EVHcWXfij9AT8DZOXW88shc6grh
+jUaFZBu/2+q8c8ee0e4ip8B+CVEnCwDKI0d+nTcSmPvAE34CNa33F+QGpXawv5yv
+VvIpSaLAeFQhc/jKcnNHfy+Zi7JmSnKZiMvQCbWANQmDjHg7pGmBW9nyQcm6P2/B
+0AVcEj1YTpAR8Mbh1pUdIhoB+chaNnFEIZsXeRsdbbAFpxodInlJ7WekfuvSQ6sU
+EXpoyBGOeuuTmR1va8k3QeL8Wc4yNu/g5LwjmtvPrh2jBF8xujc4J6VzP8K2BjA4
+xk4LnXgjHOT93dBAJhVYJkykDHwyvHUvsBHoP6lfjrt5P8zunK2mdP/AZKik+Rdt
+1GGlErV2AyWShTOaDLW6NxdP
+-----END CERTIFICATE-----
+
diff --git a/credentials/inc-md-cert.pem b/credentials/inc-md-cert.pem
new file mode 100644
index 0000000..3ab31d6
--- /dev/null
+++ b/credentials/inc-md-cert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
+BAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9u
+IEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1
+WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21t
+b24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNp
+Z25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+
+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSp
+g4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQK
+CNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq
+/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcA
+TPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0mo
+C1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/
+lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2V
+WOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWq
+Dh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBcl
+AGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLE
+CQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8C
+GzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==
+-----END CERTIFICATE-----
+
diff --git a/edit-webapp/WEB-INF/lib/jstl-1.2.jar b/edit-webapp/WEB-INF/lib/jstl-1.2.jar
new file mode 100644
index 0000000..0fd275e
Binary files /dev/null and b/edit-webapp/WEB-INF/lib/jstl-1.2.jar differ