diff --git a/Dockerfile b/Dockerfile
index f349102..920d48a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,28 +1,82 @@
-FROM tier/shibboleth_idp
+FROM centos:centos7
-ARG maintainer=tier
-ARG imagename=shibboleth_idp
-ARG version=3.3.1
-ENV VERSION=$version
-ENV IMAGENAME=$imagename
-ENV MAINTAINER=$maintainer
+########################
+### VERSION SETTINGS ###
+########################
+#
+##java
+ENV JAVA_VERSION=8u131
+ENV BUILD_VERSION=b11
+ENV JAVA_BUNDLE_ID=d54c1d3a095b4ff2b6607d096fa80163
+##tomcat
+ENV TOMCAT_MAJOR=8
+ENV TOMCAT_VERSION=8.0.44
+##shib-idp
+ENV VERSION=3.3.1
+##TIER
+ENV TIERVERSION=17040
+
+##################
+### OTHER VARS ###
+##################
+#
+#global
+ENV IMAGENAME=shibboleth_idp
+ENV MAINTAINER=tier
+#java
+ENV JAVA_HOME=/usr/java/latest
+ENV JAVA_OPTS=-Xmx3000m -XX:MaxPermSize=256m
+#tomcat
+ENV CATALINA_HOME=/usr/local/tomcat
+ENV TOMCAT_TGZ_URL=https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz
+ENV PATH=$CATALINA_HOME/bin:$JAVA_HOME/bin:$PATH
+#shib-idp
+ENV SHIB_RELDIR=http://shibboleth.net/downloads/identity-provider/$VERSION
+ENV SHIB_PREFIX=shibboleth-identity-provider-$VERSION
# ensure the following locations are accurate if you plan to burn your configuration into your containers by uncommenting the relevant section below
# they represent the folder names/paths on your build host of the relevant config material needed to run the container
-ARG TOMCFG=config/tomcat
-ARG TOMLOG=logs/tomcat
-ARG TOMCERT=credentials/tomcat
-ARG TOMWWWROOT=wwwroot
-ARG SHBCFG=config/shib-idp/conf
-ARG SHBCREDS=credentials/shib-idp
-ARG SHBVIEWS=config/shib-idp/views
-ARG SHBEDWAPP=config/shib-idp/edit-webapp
-ARG SHBMSGS=config/shib-idp/messages
-ARG SHBMD=config/shib-idp/metadata
-ARG SHBLOG=logs/shib-idp
+ARG TOMCFG=$PWD/config/tomcat
+ARG TOMLOG=$PWD/logs/tomcat
+ARG TOMCERT=$PWD/credentials/tomcat
+ARG TOMWWWROOT=$PWD/wwwroot
+ARG SHBCFG=$PWD/config/shib-idp/conf
+ARG SHBCREDS=$PWD/credentials/shib-idp
+ARG SHBVIEWS=$PWD/config/shib-idp/views
+ARG SHBEDWAPP=$PWD/config/shib-idp/edit-webapp
+ARG SHBMSGS=$PWD/config/shib-idp/messages
+ARG SHBMD=$PWD/config/shib-idp/metadata
+ARG SHBLOG=$PWD/logs/shib-idp
+#set labels
+LABEL Vendor="Internet2"
+LABEL ImageType="Shibboleth IDP Release"
+LABEL ImageName=$imagename
+LABEL ImageOS=centos7
+LABEL Version=$VERSION
+
+#########################
+### BEGIN IMAGE BUILD ###
+#########################
+#
+# Set UTC Timezone & Networking
+RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime \
+ && echo "NETWORKING=yes" > /etc/sysconfig/network
+
+# Install base deps
+RUN rm -fr /var/cache/yum/* && yum clean all && yum -y install --setopt=tsflags=nodocs epel-release && \
+ yum -y install net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim wget rsyslog cron krb5-workstation openssl-devel wget && \
+ yum -y clean all && \
+ mkdir -p /opt/tier
+
+# Install Trusted Certificates
+RUN update-ca-trust force-enable
+ADD container_files/cert/InCommon.crt /etc/pki/ca-trust/source/anchors/
+RUN update-ca-trust extract
+
+# TIER Beacon Opt-out
# Completely uncomment the following ENV line to prevent the containers from sending analytics information to Internet2.
# With the default/release configuration, it will only send product (Shibb/Grouper/COmanage) and version (3.3.1-17040, etc)
# once daily between midnight and 4am. There is no configuration or private information collected or sent.
@@ -30,13 +84,11 @@ ARG SHBLOG=logs/shib-idp
# To keep it commented, keep multiple comments on the following line (to prevent other scripts from processing it).
##### ENV TIER_BEACON_OPT_OUT True
+
+# Install java/JCE
+#
# Uncomment the following commands to download the JDK to your Shibboleth IDP image.
-# ==> By uncommenting these next 11 lines, you agree to the Oracle Binary Code License Agreement for Java SE (http://www.oracle.com/technetwork/java/javase/terms/license/index.html)
-# ENV JAVA_OPTS=-Xmx3000m -XX:MaxPermSize=256m
-# ENV JAVA_VERSION 8u131
-# ENV BUILD_VERSION b11
-# ENV JAVA_BUNDLE_ID d54c1d3a095b4ff2b6607d096fa80163
-# ENV JAVA_HOME /usr/java/latest
+# ==> By uncommenting these next 6 lines, you agree to the Oracle Binary Code License Agreement for Java SE (http://www.oracle.com/technetwork/java/javase/terms/license/index.html)
# RUN wget -nv --no-cookies --no-check-certificate --header "Cookie: oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/$JAVA_VERSION-$BUILD_VERSION/$JAVA_BUNDLE_ID/jdk-$JAVA_VERSION-linux-x64.rpm" -O /tmp/jdk-$JAVA_VERSION-$BUILD_VERSION-linux-x64.rpm && \
# yum -y install /tmp/jdk-$JAVA_VERSION-$BUILD_VERSION-linux-x64.rpm && \
# rm -f /tmp/jdk-$JAVA_VERSION-$BUILD_VERSION-linux-x64.rpm && \
@@ -55,28 +107,103 @@ ARG SHBLOG=logs/shib-idp
# && rm jce_policy-8.zip \
# && chmod -R 640 $JAVA_HOME/jre/lib/security/
-RUN chown -R root:root /opt/shibboleth/shibboleth-identity-provider-$version && \
- rm -rf /usr/local/tomcat/webapps/* && \
- mkdir -p /opt/shibboleth/shibboleth-identity-provider-$VERSION/edit-webapp && \
- ANT_OPTS="-Didp.target.dir=/opt/shibboleth/current" /opt/shibboleth/current/bin/build.sh && \
- ln -s /opt/shibboleth/current /opt/shibboleth-idp && \
+# Copy IdP installer properties file(s)
+ADD container_files/idp/idp.installer.properties /tmp/idp.installer.properties
+ADD container_files/idp/idp.merge.properties /tmp/idp.merge.properties
+ADD container_files/idp/ldap.merge.properties /tmp/ldap.merge.properties
+
+# Install IdP
+RUN mkdir -p /tmp/shibboleth && cd /tmp/shibboleth && \
+ wget -q https://shibboleth.net/downloads/PGP_KEYS \
+ $SHIB_RELDIR/$SHIB_PREFIX.tar.gz \
+ $SHIB_RELDIR/$SHIB_PREFIX.tar.gz.asc \
+ $SHIB_RELDIR/$SHIB_PREFIX.tar.gz.sha256 && \
+# Perform verifications
+ gpg --import PGP_KEYS && \
+ gpg $SHIB_PREFIX.tar.gz.asc && \
+ sha256sum --check $SHIB_PREFIX.tar.gz.sha256 && \
+# Unzip
+ tar xf $SHIB_PREFIX.tar.gz && \
+# Install
+ cd /tmp/shibboleth/$SHIB_PREFIX && \
+ ./bin/install.sh \
+ -Didp.noprompt=true \
+ -Didp.property.file=/tmp/idp.installer.properties && \
+# Cleanup
+ rm -rf /tmp/shibboleth
+
+
+# Install tomcat
+RUN mkdir -p "$CATALINA_HOME"
+
+# Not having trouble with this locally [JVF]
+# see https://www.apache.org/dist/tomcat/tomcat-8/KEYS
+# RUN set -ex \
+# && for key in \
+# 05AB33110949707C93A279E3D3EFE6B686867BA6 \
+# 07E48665A34DCAFAE522E5E6266191C37C037D42 \
+# 47309207D818FFD8DCD3F83F1931D684307A10A5 \
+# 541FBE7D8F78B25E055DDEE13C370389288584E7 \
+# 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 \
+# 713DA88BE50911535FE716F5208B0AB1D63011C7 \
+# 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED \
+# 9BA44C2621385CB966EBA586F72C284D731FABEE \
+# A27677289986DB50844682F8ACB77FC2E86E29AC \
+# A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 \
+# DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 \
+# F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE \
+# F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23 \
+# ; do \
+# gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
+# done
+
+#WORKDIR $CATALINA_HOME
+RUN set -x \
+ \
+ && wget -q -O $CATALINA_HOME/tomcat.tar.gz "$TOMCAT_TGZ_URL" \
+ && wget -q -O $CATALINA_HOME/tomcat.tar.gz.asc "$TOMCAT_TGZ_URL.asc" \
+# && gpg --batch --verify $CATALINA_HOME/tomcat.tar.gz.asc $CATALINA_HOME/tomcat.tar.gz \
+ && tar -xvf $CATALINA_HOME/tomcat.tar.gz -C $CATALINA_HOME --strip-components=1 \
+ && rm $CATALINA_HOME/bin/*.bat \
+ && rm $CATALINA_HOME/tomcat.tar.gz* \
+ && mkdir -p $CATALINA_HOME/conf/Catalina \
+ && curl -o /usr/local/tomcat/lib/jstl1.2.jar https://build.shibboleth.net/nexus/service/local/repositories/thirdparty/content/javax/servlet/jstl/1.2/jstl-1.2.jar
+ADD container_files/idp/idp.xml /usr/local/tomcat/conf/Catalina/idp.xml
+ADD container_files/tomcat/server.xml /usr/local/tomcat/conf/server.xml
+RUN rm -rf /usr/local/tomcat/webapps/* && \
ln -s /opt/shibboleth-idp/war/idp.war $CATALINA_HOME/webapps/idp.war
+
+
-# for a mounted config
+# Copy TIER helper scripts
+ADD container_files/bin/setenv.sh /opt/tier/setenv.sh
+RUN chmod +x /opt/tier/setenv.sh
+ADD container_files/bin/startup.sh /usr/bin/startup.sh
+RUN chmod +x /usr/bin/startup.sh
+ADD container_files/bin/sendtierbeacon.sh /usr/bin/sendtierbeacon.sh
+RUN chmod +x /usr/bin/sendtierbeacon.sh
+
+
+###############################################
+### Settings for a mounted config (default) ###
+###############################################
VOLUME ["/usr/local/tomcat/conf", \
"/usr/local/tomcat/webapps/ROOT", \
"/usr/local/tomcat/logs", \
"/opt/certs", \
- "/opt/shibboleth/shibboleth-identity-provider-$VERSION/conf", \
- "/opt/shibboleth/shibboleth-identity-provider-$VERSION/credentials", \
- "/opt/shibboleth/shibboleth-identity-provider-$VERSION/views", \
- "/opt/shibboleth/shibboleth-identity-provider-$VERSION/edit-webapp", \
- "/opt/shibboleth/shibboleth-identity-provider-$VERSION/messages", \
- "/opt/shibboleth/shibboleth-identity-provider-$VERSION/metadata", \
- "/opt/shibboleth/shibboleth-identity-provider-$VERSION/logs"]
+ "/opt/shibboleth-idp/conf", \
+ "/opt/shibboleth-idp/credentials", \
+ "/opt/shibboleth-idp/views", \
+ "/opt/shibboleth-idp/edit-webapp", \
+ "/opt/shibboleth-idp/messages", \
+ "/opt/shibboleth-idp/metadata", \
+ "/opt/shibboleth-idp/logs"]
-#
-# for a burned config, *uncomment* the COPY lines below and *comment* the lines of the VOLUME command above
+
+#################################################
+### Settings for a burned-in config (default) ###
+#################################################
+# Conversely, for a burned config, *uncomment* the COPY lines below and *comment* the lines of the VOLUME command above
#
# consider not doing the volumes below as it creates a run-time dependency and a better solution might be to use syslog from the container
# VOLUME ["/usr/local/tomcat/logs", "/opt/shibboleth-idp/logs"]
@@ -91,7 +218,8 @@ VOLUME ["/usr/local/tomcat/conf", \
## COPY ${SHBMSGS} /opt/shibboleth/shibboleth-identity-provider-$VERSION/messages
## COPY ${SHBMD} /opt/shibboleth/shibboleth-identity-provider-$VERSION/metadata
-
+# Expose the port tomcat will be serving on
EXPOSE 8443
+# Start tomcat/crond
CMD ["/usr/bin/startup.sh"]
diff --git a/README.md b/README.md
index 56bfb04..792ea68 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
# TIER "No VM" Shibboleth-IdP
-Used for building/running a TIER Shibb-IdP container without the TIER VM.
+Used for building/running a TIER Shibb-IdP container without the TIER VM or the TIER intermediate docker image.
This repository contains untested developmental work.
diff --git a/setup-config.sh b/configBuilder.sh
similarity index 100%
rename from setup-config.sh
rename to configBuilder.sh
diff --git a/container_files/bin/sendtierbeacon.sh b/container_files/bin/sendtierbeacon.sh
new file mode 100644
index 0000000..f00684e
--- /dev/null
+++ b/container_files/bin/sendtierbeacon.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+LOGHOST="collector.testbed.tier.internet2.edu"
+LOGPORT="5001"
+if [ -s /opt/tier/env.bash ]; then
+ . /opt/tier/env.bash
+fi
+
+#below for syslog, F-TICKS style
+#LOGTEXT="TIERBEACON/TIER/1.0#IM=$IMAGENAME#PV=$VERSION#TR=$TIERVERSION#MT=$MAINTAINER#"
+
+#below for JSON/REST style
+LOGTEXT="{ \"msgType\" : \"TIERBEACON\", \"msgName\" : \"TIER\", \"msgVersion\" : \"1.0\", \"tbProduct\" : \"$IMAGENAME\", \"tbProductVersion\" : \"$VERSION\", \"tbTIERRelease\" : \"$TIERVERSION\", \"tbMaintainer\" : \"$MAINTAINER\" }"
+
+
+if [ -z "$TIER_BEACON_OPT_OUT" ]; then
+ #send JSON
+ echo $LOGTEXT > msgjson.txt
+ curl -s -XPOST "${LOGHOST}:${LOGPORT}/" -H 'Content-Type: application/json' -T msgjson.txt 1>/dev/null
+ rm -f msgjson.txt
+
+ #below is for syslog, F-TICKS style
+ #`logger -n $LOGHOST -P $LOGPORT -t TIERBEACON $LOGTEXT`
+
+ echo `date`"; TIER beacon sent."
+fi
\ No newline at end of file
diff --git a/container_files/bin/setenv.sh b/container_files/bin/setenv.sh
new file mode 100644
index 0000000..a43bc0b
--- /dev/null
+++ b/container_files/bin/setenv.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+printenv | sed 's/^\(.*\)$/\1/g' | grep -E "^VERSION" > /opt/tier/env.bash
+printenv | sed 's/^\(.*\)$/\1/g' | grep -E "^TIERVERSION" >> /opt/tier/env.bash
+printenv | sed 's/^\(.*\)$/\1/g' | grep -E "^IMAGE" >> /opt/tier/env.bash
+printenv | sed 's/^\(.*\)$/\1/g' | grep -E "^MAINTAINER" >> /opt/tier/env.bash
diff --git a/container_files/bin/startup.sh b/container_files/bin/startup.sh
new file mode 100644
index 0000000..ff771bf
--- /dev/null
+++ b/container_files/bin/startup.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+CRONFILE=/opt/tier/tier-cron
+
+#set env vars for cron job
+/opt/tier/setenv.sh
+
+#build crontab file with random start time between midnight and 3:59am
+echo "#send daily beacon to TIER Central" > ${CRONFILE}
+echo $(expr $RANDOM % 59) $(expr $RANDOM % 3) "* * * /usr/bin/sendtierbeacon.sh >> /var/log/cron.log 2>&1" >> ${CRONFILE}
+chmod 644 ${CRONFILE}
+
+#install crontab
+crontab ${CRONFILE}
+
+#create cron logfile
+touch /var/log/cron.log
+
+#start crond
+/usr/sbin/crond
+
+#start tomcat
+/usr/local/tomcat/bin/catalina.sh run
diff --git a/container_files/cert/InCommon.crt b/container_files/cert/InCommon.crt
new file mode 100644
index 0000000..edcc20e
--- /dev/null
+++ b/container_files/cert/InCommon.crt
@@ -0,0 +1,91 @@
+-----BEGIN CERTIFICATE-----
+MIIF+TCCA+GgAwIBAgIQRyDQ+oVGGn4XoWQCkYRjdDANBgkqhkiG9w0BAQwFADCB
+iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
+cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
+BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQx
+MDA2MDAwMDAwWhcNMjQxMDA1MjM1OTU5WjB2MQswCQYDVQQGEwJVUzELMAkGA1UE
+CBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjESMBAGA1UEChMJSW50ZXJuZXQyMREw
+DwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMWSW5Db21tb24gUlNBIFNlcnZlciBD
+QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwb8bsvf2MYFVFRVA+e
+xU5NEFj6MJsXKZDmMwysE1N8VJG06thum4ltuzM+j9INpun5uukNDBqeso7JcC7v
+HgV9lestjaKpTbOc5/MZNrun8XzmCB5hJ0R6lvSoNNviQsil2zfVtefkQnI/tBPP
+iwckRR6MkYNGuQmm/BijBgLsNI0yZpUn6uGX6Ns1oytW61fo8BBZ321wDGZq0GTl
+qKOYMa0dYtX6kuOaQ80tNfvZnjNbRX3EhigsZhLI2w8ZMA0/6fDqSl5AB8f2IHpT
+eIFken5FahZv9JNYyWL7KSd9oX8hzudPR9aKVuDjZvjs3YncJowZaDuNi+L7RyML
+fzcCAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bL
+MB0GA1UdDgQWBBQeBaN3j2yW4luHS6a0hqxxAAznODAOBgNVHQ8BAf8EBAMCAYYw
+EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
+AwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB
+hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh
+dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo
+dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j
+cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI
+hvcNAQEMBQADggIBAC0RBjjW29dYaK+qOGcXjeIT16MUJNkGE+vrkS/fT2ctyNMU
+11ZlUp5uH5gIjppIG8GLWZqjV5vbhvhZQPwZsHURKsISNrqOcooGTie3jVgU0W+0
++Wj8mN2knCVANt69F2YrA394gbGAdJ5fOrQmL2pIhDY0jqco74fzYefbZ/VS29fR
+5jBxu4uj1P+5ZImem4Gbj1e4ZEzVBhmO55GFfBjRidj26h1oFBHZ7heDH1Bjzw72
+hipu47Gkyfr2NEx3KoCGMLCj3Btx7ASn5Ji8FoU+hCazwOU1VX55mKPU1I2250Lo
+RCASN18JyfsD5PVldJbtyrmz9gn/TKbRXTr80U2q5JhyvjhLf4lOJo/UzL5WCXED
+Smyj4jWG3R7Z8TED9xNNCxGBMXnMete+3PvzdhssvbORDwBZByogQ9xL2LUZFI/i
+eoQp0UM/L8zfP527vWjEzuDN5xwxMnhi+vCToh7J159o5ah29mP+aJnvujbXEnGa
+nrNxHzu+AGOePV8hwrGGG7hOIcPDQwkuYwzN/xT29iLp/cqf9ZhEtkGcQcIImH3b
+oJ8ifsCnSbu0GB9L06Yqh7lcyvKDTEADslIaeSEINxhO2Y1fmcYFX/Fqrrp1WnhH
+OjplXuXE0OPa0utaKC25Aplgom88L2Z8mEWcyfoB7zKOfD759AN7JKZWCYwk
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv
+MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
+ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
+eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
+gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
+ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
+VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt
+UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC
+tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf
+jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM
+8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm
+AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV
+Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9
+N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF
+qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9
+HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ
++gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX
+HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv
+A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/
+BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
+HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4
+dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0
+dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD
+lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn
+RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ
+YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8
+Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf
+Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p
+0fKtirOMxyHNwu8=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
+IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
+MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
+FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
+bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
+H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
+uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
+mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
+a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
+E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
+WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
+VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
+Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
+cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
+IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
+AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
+YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
+6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
+Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
+c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
+mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/container_files/idp/idp.installer.properties b/container_files/idp/idp.installer.properties
new file mode 100644
index 0000000..58ab969
--- /dev/null
+++ b/container_files/idp/idp.installer.properties
@@ -0,0 +1,9 @@
+idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-3.3.1
+idp.target.dir=/opt/shibboleth-idp
+idp.host.name=idp.example.org
+idp.sealer.password=changeit
+idp.sealer.alias=secret
+idp.keystore.password=changeit
+idp.scope=example.org
+idp.merge.properties=/tmp/idp.merge.properties
+ldap.merge.properties=/tmp/ldap.merge.properties
\ No newline at end of file
diff --git a/container_files/idp/idp.merge.properties b/container_files/idp/idp.merge.properties
new file mode 100644
index 0000000..830b59f
--- /dev/null
+++ b/container_files/idp/idp.merge.properties
@@ -0,0 +1,5 @@
+idp.entityID=https://idp.example.org/idp/shibboleth
+idp.sealer.storePassword=changeit
+idp.sealer.keyPassword=changeit
+idp.scope=example.org
+
diff --git a/container_files/idp/idp.xml b/container_files/idp/idp.xml
new file mode 100644
index 0000000..8b6d092
--- /dev/null
+++ b/container_files/idp/idp.xml
@@ -0,0 +1,4 @@
+
\ No newline at end of file
diff --git a/container_files/idp/ldap.merge.properties b/container_files/idp/ldap.merge.properties
new file mode 100644
index 0000000..139597f
--- /dev/null
+++ b/container_files/idp/ldap.merge.properties
@@ -0,0 +1,2 @@
+
+
diff --git a/container_files/tomcat/server.xml b/container_files/tomcat/server.xml
new file mode 100644
index 0000000..8272b19
--- /dev/null
+++ b/container_files/tomcat/server.xml
@@ -0,0 +1,144 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file