diff --git a/test-compose/idp/Dockerfile b/test-compose/idp/Dockerfile
index 671c2bd..671b9ad 100644
--- a/test-compose/idp/Dockerfile
+++ b/test-compose/idp/Dockerfile
@@ -1,4 +1,4 @@
-FROM tier/shib-idp:4.0.beta_20200206
+FROM tier/shib-idp:4.0.beta2_20200228
 
 # The build args below can be used at build-time to tell the build process where to find your config files.  This is for a completely burned-in config.
 ARG TOMCFG=config/tomcat
diff --git a/test-compose/idp/container_files/config/shib-idp/conf/idp.properties b/test-compose/idp/container_files/config/shib-idp/conf/idp.properties
index d03fc19..1ea41c1 100644
--- a/test-compose/idp/container_files/config/shib-idp/conf/idp.properties
+++ b/test-compose/idp/container_files/config/shib-idp/conf/idp.properties
@@ -69,9 +69,8 @@ idp.encryption.cert=%{idp.home}/credentials/idp-encryption.crt
 # To downgrade to SHA-1, set to shibboleth.SigningConfiguration.SHA1
 #idp.signing.config = shibboleth.SigningConfiguration.SHA256
 
-# To upgrade to AES-GCM encryption, set to shibboleth.EncryptionConfiguration.GCM
-# This is unlikely to work for all SPs, but this is a quick way to test them.
-#idp.encryption.config = shibboleth.EncryptionConfiguration.CBC
+# The new install default for encryption is now AES-GCM.
+idp.encryption.config=shibboleth.EncryptionConfiguration.GCM
 
 # Configures trust evaluation of keys used by services at runtime
 # Internal default is Chaining, overriden for new installs
@@ -222,5 +221,6 @@ idp.ui.fallbackLanguages=en,fr,de
 #idp.fticks.salt=somethingsecret
 #idp.fticks.loghost=localhost
 #idp.fticks.logport=514
-idp.sealer.keyPassword=90fa668e-ce0f-45e7-82f1-fa4bd0273b51
-idp.sealer.storePassword=90fa668e-ce0f-45e7-82f1-fa4bd0273b51
+
+# Set false if you want SAML bindings "spelled out" in audit log
+idp.audit.shortenBindings=true