From 12d74e66faa46fc63930dec9d6214027dc79bbc6 Mon Sep 17 00:00:00 2001
From: root <root@ip-172-31-24-200.us-west-2.compute.internal>
Date: Wed, 3 Jul 2024 19:46:37 +0000
Subject: [PATCH] update grouper and comanage

---
 Workbench/comanage/Dockerfile                 |  7 +--
 .../shibboleth/shibboleth.repo                |  9 ---
 .../shibboleth/sp-encrypt-cert.pem            | 24 +++++++
 .../shibboleth/sp-encrypt-key.pem             | 40 ++++++++++++
 .../shibboleth/sp-signing-cert.pem            | 24 +++++++
 .../shibboleth/sp-signing-key.pem             | 40 ++++++++++++
 Workbench/comanage_cron/Dockerfile            |  2 +-
 Workbench/docker-compose.yml                  |  1 -
 Workbench/grouper_daemon/Dockerfile           |  2 +-
 Workbench/grouper_data/Dockerfile             |  2 +-
 Workbench/grouper_ui/Dockerfile               |  2 +-
 Workbench/grouper_ws/Dockerfile               |  2 +-
 .../container_files/idp_ui/application.yml    |  2 +-
 .../idp_ui/container_files/idp_ui/users.txt   |  4 +-
 .../container_files/idp_ui/application.yml    |  2 +-
 .../container_files/idp_ui/users.txt          |  2 +-
 Workbench/webproxy/Dockerfile                 |  4 +-
 .../webproxy/container_files/httpd/index.html |  4 +-
 .../container_files/httpd/server-chain.crt    | 63 ++++++++++++-------
 .../container_files/mdload/comanage-sp.xml    | 43 +++++++------
 20 files changed, 211 insertions(+), 68 deletions(-)
 delete mode 100644 Workbench/comanage/container_files/shibboleth/shibboleth.repo
 create mode 100644 Workbench/comanage/container_files/shibboleth/sp-encrypt-cert.pem
 create mode 100644 Workbench/comanage/container_files/shibboleth/sp-encrypt-key.pem
 create mode 100644 Workbench/comanage/container_files/shibboleth/sp-signing-cert.pem
 create mode 100644 Workbench/comanage/container_files/shibboleth/sp-signing-key.pem

diff --git a/Workbench/comanage/Dockerfile b/Workbench/comanage/Dockerfile
index 1102e44..4ac1082 100644
--- a/Workbench/comanage/Dockerfile
+++ b/Workbench/comanage/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/comanage-registry:4.3.3-20240430
+FROM i2incommon/comanage-registry:4.3.4-rocky9.3
 
 ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Anderson
 ENV COMANAGE_REGISTRY_ADMIN_USERNAME=banderson
@@ -25,9 +25,6 @@ ENV COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD=BNAp6WlvsI4iXK3ush8pwPD2QKHDYQ09ti+
 #ENV SHIBBOLETH_SP_METADATA_PROVIDER_XML=sdf
 #ENV SHIBBOLETH_SP_SAMLDS_URL=thing
 
-#temp - override upstream shib SP repo
-COPY container_files/shibboleth/shibboleth.repo /etc/yum.repos.d/security:shibboleth.repo
-
 RUN yum -y update && yum -y install --setopt=tsflags=nodocs epel-release python-pip && pip install awscli && pip install --upgrade pip
 
 ARG maintainer=my
@@ -41,6 +38,8 @@ LABEL Version=$version
 ENV VERSION=$version
 
 COPY container_files/shibboleth/* /etc/shibboleth/
+RUN chown shibd:shibd /etc/shibboleth/sp-*.pem && chmod 600 /etc/shibboleth/sp-*.pem
+
 
 # activate SQL plugin
 RUN mkdir -p /srv/comanage-registry/local/Plugin/
diff --git a/Workbench/comanage/container_files/shibboleth/shibboleth.repo b/Workbench/comanage/container_files/shibboleth/shibboleth.repo
deleted file mode 100644
index dabe005..0000000
--- a/Workbench/comanage/container_files/shibboleth/shibboleth.repo
+++ /dev/null
@@ -1,9 +0,0 @@
-[shibboleth]
-name=Shibboleth (CentOS_7)
-# Please report any problems to https://shibboleth.atlassian.net/jira
-type=rpm-md
-mirrorlist=https://shibboleth.net/cgi-bin/mirrorlist.cgi/CentOS_7
-gpgcheck=1
-gpgkey=https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
-        https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key
-enabled=1
diff --git a/Workbench/comanage/container_files/shibboleth/sp-encrypt-cert.pem b/Workbench/comanage/container_files/shibboleth/sp-encrypt-cert.pem
new file mode 100644
index 0000000..74df63b
--- /dev/null
+++ b/Workbench/comanage/container_files/shibboleth/sp-encrypt-cert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID7TCCAlWgAwIBAgIUPpg+wOKuPfj+oKMNVrzpOJsr6RcwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAxMJd29ya2JlbmNoMB4XDTI0MDcwMjE5MjA0NloXDTQ0MDYy
+NzE5MjA0NlowFDESMBAGA1UEAxMJd29ya2JlbmNoMIIBojANBgkqhkiG9w0BAQEF
+AAOCAY8AMIIBigKCAYEA5s3xhXhHVRymBx2YpiwvufUS5ZfoH92Gny8p01Rt2ZRf
+HHZ7AfjgrVQYnclTjUN0xxGouC3VgCbxp+GAf6f0AywBjJVILgckFtuTZf9walD1
+sxAHPqzYEKAP9Rknjh2gWF8piFkg0cK8l6Um3tlJX4BFkQMR0M0dfAKfuwS4NAQH
+XyyhjDhflJlyiCLr2sVluUEKPoxrZCX90+9OVswimAHdbTrpYhFylcHFuFDfbvkS
+MQ4YRegJMukIJBOw1IO6KLHuosJIf5M2LnRo9ua1PPSRL3+G7DrahXd0TWyV2QVY
+uUPcDizs3dft5EnJmv8whGap5lqSdYYbmuRdE7YpX78WI885aEMFirhq7gfCTUZK
+cK0AU+s+rlo7SNda8pkhsiCG6WqmgHzBJPRZ2fJ/Q5bwRpJ/gFcCUgvF/48Ju2UU
+YdylRYW2xjwCn5Dn6s4kXoXFginFYP4w997VnfmmhoxuedjwvMwcw7jlUQ/KR3Iw
+9AZjcH5xq1Pdq66p1JdLAgMBAAGjNzA1MBQGA1UdEQQNMAuCCXdvcmtiZW5jaDAd
+BgNVHQ4EFgQU9lcSmnfkGEetIlugSEsMcjOkR/kwDQYJKoZIhvcNAQELBQADggGB
+AG74bSN7P8+GNMiKQuOOE4MDvx4tSaN69ACaY+1KnfjbZ9KB0xLtwd56S/G0YTvK
+FGW0kV9QeNHh18f+y9EAjRHnQPMduLKyHLtQBKAKvuaIhinLzerjgGPR37Rf9yqJ
+Kr42dcIeW5cgdR0qUEwwvXIvOQQHuvq0aKUXQcrWlCTPxN9B21GeWWzahKfPU8th
+ttk2f5lI8R/GV+eskulzkHg2sdMpumruY73YZKWEWCPzso0QMFCme1g2eRr5F7Vx
+xC8KHp70CIzPy6XFVrwahGTbAKDdzTp5wYLTcgv6PNKO+/PjVZ/4FgJAbwB3X6Ky
+DxXKm66yiy6CbzhK8y4Jv5fard8r9zR7x0IPpmR/VyQ2hCkDc0l/rsJcHQUGmx1H
+NMoocXt2WfJs4g+cLn7YNkt2+ekuPsD7gR8RN7Z9NFpi19/IkfLMi90eGh1JRR1V
+EPkYEwb9MT4ArW9FhwNbibFiFJVbk+HGtcgFclPze1vk2/6z1wRg88UWL7vhFYdD
+1Q==
+-----END CERTIFICATE-----
diff --git a/Workbench/comanage/container_files/shibboleth/sp-encrypt-key.pem b/Workbench/comanage/container_files/shibboleth/sp-encrypt-key.pem
new file mode 100644
index 0000000..72f54d6
--- /dev/null
+++ b/Workbench/comanage/container_files/shibboleth/sp-encrypt-key.pem
@@ -0,0 +1,40 @@
+-----BEGIN PRIVATE KEY-----
+MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQDmzfGFeEdVHKYH
+HZimLC+59RLll+gf3YafLynTVG3ZlF8cdnsB+OCtVBidyVONQ3THEai4LdWAJvGn
+4YB/p/QDLAGMlUguByQW25Nl/3BqUPWzEAc+rNgQoA/1GSeOHaBYXymIWSDRwryX
+pSbe2UlfgEWRAxHQzR18Ap+7BLg0BAdfLKGMOF+UmXKIIuvaxWW5QQo+jGtkJf3T
+705WzCKYAd1tOuliEXKVwcW4UN9u+RIxDhhF6Aky6QgkE7DUg7oose6iwkh/kzYu
+dGj25rU89JEvf4bsOtqFd3RNbJXZBVi5Q9wOLOzd1+3kScma/zCEZqnmWpJ1hhua
+5F0TtilfvxYjzzloQwWKuGruB8JNRkpwrQBT6z6uWjtI11rymSGyIIbpaqaAfMEk
+9FnZ8n9DlvBGkn+AVwJSC8X/jwm7ZRRh3KVFhbbGPAKfkOfqziRehcWCKcVg/jD3
+3tWd+aaGjG552PC8zBzDuOVRD8pHcjD0BmNwfnGrU92rrqnUl0sCAwEAAQKCAYAf
+nHVH4oFiltnmf5c4qzSeM4KzD2srchvOEZeY6idhdYDRVSjjzEJ5etskQT7ASkzk
+Nvb0wtJLCwpuA+Sll0tEY/KSXp/ULgYzWz+E6MdsyEnejINxghrVrBaDaz6PqF8d
+u2rk0dA86n8KBgSc4QW7nsXoZpM6Fd3D7lgSNUNFXIfl8SbvHYl5wMp++sly3TZh
+eRb+Gh1bShjJvizslmjmiNra6war99fJyxBZfjob6OEk9tk8OduIrYH/7vJ5KNFD
+yuGN+zF5fAzSVGl10Y78BEN+NMKnmDmgmt+8BEcuBRqnqV1JzB47sB4SY1cchs+V
+X18NFK7dEmljrGeS9TC5ycFTCKe9drX5GK1Wr+HMuWji6Rbt68Ai1ULmMhxaQeBU
+fwBGPhimJuGT3Yk1ii60FzUoNg9Aoz8+QAJVKFZuMQ8wmxnKz93oolms7UG5HFzi
+xEbsVRiTxsQ+4z5ew0mAAW+atQTIYJDkeNx8S4YCnKL42N3MSbChheLNk1ZD5gEC
+gcEA8G6XAlp4PEs6BkLkY/WatbmaW4thbqFGa6Vz5kJ4ddlmbODHsbErrJrNX2bS
+dV52Q2ZJPgc9NHa8/sQ/2WJyt2d4GQk/1IW0iwyGYHTkpKXcRhMLzEKMJuaElmr/
+KYhhj8rz6LRgKTA34tPPIYkzRT/DQUngeEUT66Hy+zXc7SVHHLZAcgy3FFTytPdF
+3K4vvGaV4e/H7K1FQXX+tr4lTdf0Agbbjjmzdnymt89cgTrJu1Pp4KS4V3Ulkem0
+H/3xAoHBAPW/xG+r0mk6HYPhUv+wn9hdM+fL9wyTnITt0/FRRJDpEz8J9FQAUSta
+go7iscn3FaDcM5UNoWkuNzEt8IagRYRzIuzT0FVESp2ZdMVTMbhHSU8NICMwvRCn
+HYAVlWLmApOFzxaph3mJdrLdi4uYLXgC8qCSVV8oS3LBbDIiFc2UTBTxKcqG5XEY
+vG3TKzpxd5/OmJBeWzRy6qN8ii7UI5SSQ9GV3Kvo2Wopgfz1hngb3UEHnmCimJvI
+sSgyXnRc+wKBwGIPKKW8Eje9ErBFDfM601t0lGDrytQdEKSMuWVbDNg7z4tubeOp
+978Q79wOCp315dP9XrfeqfbAyro5fjUB8vmcSJ4laJQb6BOiCxhB9JK2Vs15rSEk
+rxaag875WpIs3mWQB8SL9IA3+0MW0e7Cj1eZ9t+k6tkCi2paBcixIibSQluSdVxO
+lUjEkKyAAU1M+YkkadLZQbfkv09AeZ88k+hYwFsnQtqR7ADSPAjRmM/YEzjEs6l8
+ZPa+f5EwONencQKBwB/DrMleZTESwPPl8Qt5sf+OdIIWnBU1EzsfXpDHl1w/tCwm
+xj0BWXyIE24SoTZgyJvlOomenGly/tFNhdRw7Otk0nPYIQqUbCyYxD4pNbkDBdfA
+85F44EdBwo9mustwvY6B8jWUrh0ohn4yIrJldiMYBnJ4164YEECB/dExFK5g58Ch
+N2ylKQ0ITHrJm8HPHs46LwAiIhnSbL+6/kV1SDARA9EYVNCnpUqSmOmwdrQZreyU
+5oTJH36rXzK55/mUdwKBwQCvsrRWDhywd6YsoDVL1c8vEcSPCW2KMVWSbJpnhAXV
+y84ATH6pDZKWXapI9I7ba96bLEVEMHskCfiTVdQHm06lQuMlfNQjqSHX2Cgv3ORR
+/uXfifm7INRgIGVBrqo+vGthriytmR83IZ09PkCSwANjqZ5TLLFv7IaM31fuodQ6
+zwvujMogG/nDIxnpDSn5E/5OgSNEJfudNwudR5TDqJSn/l/v/Kny9Wd54AyhidJN
+sJjFSCbCh4pXH63aC2XQ/4o=
+-----END PRIVATE KEY-----
diff --git a/Workbench/comanage/container_files/shibboleth/sp-signing-cert.pem b/Workbench/comanage/container_files/shibboleth/sp-signing-cert.pem
new file mode 100644
index 0000000..74df63b
--- /dev/null
+++ b/Workbench/comanage/container_files/shibboleth/sp-signing-cert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID7TCCAlWgAwIBAgIUPpg+wOKuPfj+oKMNVrzpOJsr6RcwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAxMJd29ya2JlbmNoMB4XDTI0MDcwMjE5MjA0NloXDTQ0MDYy
+NzE5MjA0NlowFDESMBAGA1UEAxMJd29ya2JlbmNoMIIBojANBgkqhkiG9w0BAQEF
+AAOCAY8AMIIBigKCAYEA5s3xhXhHVRymBx2YpiwvufUS5ZfoH92Gny8p01Rt2ZRf
+HHZ7AfjgrVQYnclTjUN0xxGouC3VgCbxp+GAf6f0AywBjJVILgckFtuTZf9walD1
+sxAHPqzYEKAP9Rknjh2gWF8piFkg0cK8l6Um3tlJX4BFkQMR0M0dfAKfuwS4NAQH
+XyyhjDhflJlyiCLr2sVluUEKPoxrZCX90+9OVswimAHdbTrpYhFylcHFuFDfbvkS
+MQ4YRegJMukIJBOw1IO6KLHuosJIf5M2LnRo9ua1PPSRL3+G7DrahXd0TWyV2QVY
+uUPcDizs3dft5EnJmv8whGap5lqSdYYbmuRdE7YpX78WI885aEMFirhq7gfCTUZK
+cK0AU+s+rlo7SNda8pkhsiCG6WqmgHzBJPRZ2fJ/Q5bwRpJ/gFcCUgvF/48Ju2UU
+YdylRYW2xjwCn5Dn6s4kXoXFginFYP4w997VnfmmhoxuedjwvMwcw7jlUQ/KR3Iw
+9AZjcH5xq1Pdq66p1JdLAgMBAAGjNzA1MBQGA1UdEQQNMAuCCXdvcmtiZW5jaDAd
+BgNVHQ4EFgQU9lcSmnfkGEetIlugSEsMcjOkR/kwDQYJKoZIhvcNAQELBQADggGB
+AG74bSN7P8+GNMiKQuOOE4MDvx4tSaN69ACaY+1KnfjbZ9KB0xLtwd56S/G0YTvK
+FGW0kV9QeNHh18f+y9EAjRHnQPMduLKyHLtQBKAKvuaIhinLzerjgGPR37Rf9yqJ
+Kr42dcIeW5cgdR0qUEwwvXIvOQQHuvq0aKUXQcrWlCTPxN9B21GeWWzahKfPU8th
+ttk2f5lI8R/GV+eskulzkHg2sdMpumruY73YZKWEWCPzso0QMFCme1g2eRr5F7Vx
+xC8KHp70CIzPy6XFVrwahGTbAKDdzTp5wYLTcgv6PNKO+/PjVZ/4FgJAbwB3X6Ky
+DxXKm66yiy6CbzhK8y4Jv5fard8r9zR7x0IPpmR/VyQ2hCkDc0l/rsJcHQUGmx1H
+NMoocXt2WfJs4g+cLn7YNkt2+ekuPsD7gR8RN7Z9NFpi19/IkfLMi90eGh1JRR1V
+EPkYEwb9MT4ArW9FhwNbibFiFJVbk+HGtcgFclPze1vk2/6z1wRg88UWL7vhFYdD
+1Q==
+-----END CERTIFICATE-----
diff --git a/Workbench/comanage/container_files/shibboleth/sp-signing-key.pem b/Workbench/comanage/container_files/shibboleth/sp-signing-key.pem
new file mode 100644
index 0000000..72f54d6
--- /dev/null
+++ b/Workbench/comanage/container_files/shibboleth/sp-signing-key.pem
@@ -0,0 +1,40 @@
+-----BEGIN PRIVATE KEY-----
+MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQDmzfGFeEdVHKYH
+HZimLC+59RLll+gf3YafLynTVG3ZlF8cdnsB+OCtVBidyVONQ3THEai4LdWAJvGn
+4YB/p/QDLAGMlUguByQW25Nl/3BqUPWzEAc+rNgQoA/1GSeOHaBYXymIWSDRwryX
+pSbe2UlfgEWRAxHQzR18Ap+7BLg0BAdfLKGMOF+UmXKIIuvaxWW5QQo+jGtkJf3T
+705WzCKYAd1tOuliEXKVwcW4UN9u+RIxDhhF6Aky6QgkE7DUg7oose6iwkh/kzYu
+dGj25rU89JEvf4bsOtqFd3RNbJXZBVi5Q9wOLOzd1+3kScma/zCEZqnmWpJ1hhua
+5F0TtilfvxYjzzloQwWKuGruB8JNRkpwrQBT6z6uWjtI11rymSGyIIbpaqaAfMEk
+9FnZ8n9DlvBGkn+AVwJSC8X/jwm7ZRRh3KVFhbbGPAKfkOfqziRehcWCKcVg/jD3
+3tWd+aaGjG552PC8zBzDuOVRD8pHcjD0BmNwfnGrU92rrqnUl0sCAwEAAQKCAYAf
+nHVH4oFiltnmf5c4qzSeM4KzD2srchvOEZeY6idhdYDRVSjjzEJ5etskQT7ASkzk
+Nvb0wtJLCwpuA+Sll0tEY/KSXp/ULgYzWz+E6MdsyEnejINxghrVrBaDaz6PqF8d
+u2rk0dA86n8KBgSc4QW7nsXoZpM6Fd3D7lgSNUNFXIfl8SbvHYl5wMp++sly3TZh
+eRb+Gh1bShjJvizslmjmiNra6war99fJyxBZfjob6OEk9tk8OduIrYH/7vJ5KNFD
+yuGN+zF5fAzSVGl10Y78BEN+NMKnmDmgmt+8BEcuBRqnqV1JzB47sB4SY1cchs+V
+X18NFK7dEmljrGeS9TC5ycFTCKe9drX5GK1Wr+HMuWji6Rbt68Ai1ULmMhxaQeBU
+fwBGPhimJuGT3Yk1ii60FzUoNg9Aoz8+QAJVKFZuMQ8wmxnKz93oolms7UG5HFzi
+xEbsVRiTxsQ+4z5ew0mAAW+atQTIYJDkeNx8S4YCnKL42N3MSbChheLNk1ZD5gEC
+gcEA8G6XAlp4PEs6BkLkY/WatbmaW4thbqFGa6Vz5kJ4ddlmbODHsbErrJrNX2bS
+dV52Q2ZJPgc9NHa8/sQ/2WJyt2d4GQk/1IW0iwyGYHTkpKXcRhMLzEKMJuaElmr/
+KYhhj8rz6LRgKTA34tPPIYkzRT/DQUngeEUT66Hy+zXc7SVHHLZAcgy3FFTytPdF
+3K4vvGaV4e/H7K1FQXX+tr4lTdf0Agbbjjmzdnymt89cgTrJu1Pp4KS4V3Ulkem0
+H/3xAoHBAPW/xG+r0mk6HYPhUv+wn9hdM+fL9wyTnITt0/FRRJDpEz8J9FQAUSta
+go7iscn3FaDcM5UNoWkuNzEt8IagRYRzIuzT0FVESp2ZdMVTMbhHSU8NICMwvRCn
+HYAVlWLmApOFzxaph3mJdrLdi4uYLXgC8qCSVV8oS3LBbDIiFc2UTBTxKcqG5XEY
+vG3TKzpxd5/OmJBeWzRy6qN8ii7UI5SSQ9GV3Kvo2Wopgfz1hngb3UEHnmCimJvI
+sSgyXnRc+wKBwGIPKKW8Eje9ErBFDfM601t0lGDrytQdEKSMuWVbDNg7z4tubeOp
+978Q79wOCp315dP9XrfeqfbAyro5fjUB8vmcSJ4laJQb6BOiCxhB9JK2Vs15rSEk
+rxaag875WpIs3mWQB8SL9IA3+0MW0e7Cj1eZ9t+k6tkCi2paBcixIibSQluSdVxO
+lUjEkKyAAU1M+YkkadLZQbfkv09AeZ88k+hYwFsnQtqR7ADSPAjRmM/YEzjEs6l8
+ZPa+f5EwONencQKBwB/DrMleZTESwPPl8Qt5sf+OdIIWnBU1EzsfXpDHl1w/tCwm
+xj0BWXyIE24SoTZgyJvlOomenGly/tFNhdRw7Otk0nPYIQqUbCyYxD4pNbkDBdfA
+85F44EdBwo9mustwvY6B8jWUrh0ohn4yIrJldiMYBnJ4164YEECB/dExFK5g58Ch
+N2ylKQ0ITHrJm8HPHs46LwAiIhnSbL+6/kV1SDARA9EYVNCnpUqSmOmwdrQZreyU
+5oTJH36rXzK55/mUdwKBwQCvsrRWDhywd6YsoDVL1c8vEcSPCW2KMVWSbJpnhAXV
+y84ATH6pDZKWXapI9I7ba96bLEVEMHskCfiTVdQHm06lQuMlfNQjqSHX2Cgv3ORR
+/uXfifm7INRgIGVBrqo+vGthriytmR83IZ09PkCSwANjqZ5TLLFv7IaM31fuodQ6
+zwvujMogG/nDIxnpDSn5E/5OgSNEJfudNwudR5TDqJSn/l/v/Kny9Wd54AyhidJN
+sJjFSCbCh4pXH63aC2XQ/4o=
+-----END PRIVATE KEY-----
diff --git a/Workbench/comanage_cron/Dockerfile b/Workbench/comanage_cron/Dockerfile
index 0caa2d6..57c76d6 100644
--- a/Workbench/comanage_cron/Dockerfile
+++ b/Workbench/comanage_cron/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/comanage-registry-cron:4.3.3-20240430
+FROM i2incommon/comanage-registry-cron:4.3.4-20240624
 
 ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Anderson
 ENV COMANAGE_REGISTRY_ADMIN_USERNAME=banderson
diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml
index 80d97fa..0f1384b 100644
--- a/Workbench/docker-compose.yml
+++ b/Workbench/docker-compose.yml
@@ -1,4 +1,3 @@
-version: "3.3"
 
 services:
   grouper_daemon:
diff --git a/Workbench/grouper_daemon/Dockerfile b/Workbench/grouper_daemon/Dockerfile
index e8cd467..bbbfc8a 100644
--- a/Workbench/grouper_daemon/Dockerfile
+++ b/Workbench/grouper_daemon/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/grouper:4.12.0
+FROM i2incommon/grouper:4.14.0
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 
diff --git a/Workbench/grouper_data/Dockerfile b/Workbench/grouper_data/Dockerfile
index 81cee24..0d10876 100644
--- a/Workbench/grouper_data/Dockerfile
+++ b/Workbench/grouper_data/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/grouper:4.12.0
+FROM i2incommon/grouper:4.14.0
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 
diff --git a/Workbench/grouper_ui/Dockerfile b/Workbench/grouper_ui/Dockerfile
index 94fb7a6..100f912 100644
--- a/Workbench/grouper_ui/Dockerfile
+++ b/Workbench/grouper_ui/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/grouper:4.12.0
+FROM i2incommon/grouper:4.14.0
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 
diff --git a/Workbench/grouper_ws/Dockerfile b/Workbench/grouper_ws/Dockerfile
index 96bffe1..877d564 100644
--- a/Workbench/grouper_ws/Dockerfile
+++ b/Workbench/grouper_ws/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/grouper:4.12.0
+FROM i2incommon/grouper:4.14.0
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 
diff --git a/Workbench/idp_ui/container_files/idp_ui/application.yml b/Workbench/idp_ui/container_files/idp_ui/application.yml
index f1e986f..19e854c 100644
--- a/Workbench/idp_ui/container_files/idp_ui/application.yml
+++ b/Workbench/idp_ui/container_files/idp_ui/application.yml
@@ -49,7 +49,7 @@ spring:
     show-sql: false
     properties:
       hibernate:
-        dialect: org.hibernate.dialect.PostgreSQL95Dialect
+        dialect: org.hibernate.dialect.PostgreSQLDialect
         format_sql: true
 logging:
   level:
diff --git a/Workbench/idp_ui/container_files/idp_ui/users.txt b/Workbench/idp_ui/container_files/idp_ui/users.txt
index 6198804..78a6c71 100644
--- a/Workbench/idp_ui/container_files/idp_ui/users.txt
+++ b/Workbench/idp_ui/container_files/idp_ui/users.txt
@@ -1,2 +1,2 @@
-root,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,user1@example.org
-banderson,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,user1@example.org
\ No newline at end of file
+root,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,Super,Admin,ROLE_ADMIN,user1@example.org
+banderson,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,Bob,Anderson,ROLE_ADMIN,user1@example.org
diff --git a/Workbench/idp_ui_api/container_files/idp_ui/application.yml b/Workbench/idp_ui_api/container_files/idp_ui/application.yml
index f249ed8..8740666 100644
--- a/Workbench/idp_ui_api/container_files/idp_ui/application.yml
+++ b/Workbench/idp_ui_api/container_files/idp_ui/application.yml
@@ -32,6 +32,6 @@ spring:
     show-sql: false
     properties:
       hibernate:
-        dialect: org.hibernate.dialect.PostgreSQL95Dialect
+        dialect: org.hibernate.dialect.PostgreSQLDialect
         format_sql: true
 
diff --git a/Workbench/idp_ui_api/container_files/idp_ui/users.txt b/Workbench/idp_ui_api/container_files/idp_ui/users.txt
index 5487297..ffa9251 100644
--- a/Workbench/idp_ui_api/container_files/idp_ui/users.txt
+++ b/Workbench/idp_ui_api/container_files/idp_ui/users.txt
@@ -1 +1 @@
-00c34830-9028-418c-976c-624a61578c8f,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,user1@example.org
+00c34830-9028-418c-976c-624a61578c8f,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,API,User,ROLE_ADMIN,user1@example.org
diff --git a/Workbench/webproxy/Dockerfile b/Workbench/webproxy/Dockerfile
index 109ecae..d7d0360 100644
--- a/Workbench/webproxy/Dockerfile
+++ b/Workbench/webproxy/Dockerfile
@@ -1,9 +1,9 @@
-FROM i2incommon/shibboleth_sp:3.4.1_06122023_rocky8_multiarch
+FROM i2incommon/shibboleth_sp:3.4.1_05152024_rocky9_multiarch
 
 ARG CSPHOSTNAME=localhost
 ENV CSPHOSTNAME=$CSPHOSTNAME
 
-RUN yum -y install cronie php php-json wget php-bcmath jq yum-utils
+RUN dnf -y install cronie php php-json wget php-bcmath jq yum-utils
 
 RUN wget https://getcomposer.org/installer -O composer-installer.php
 RUN php composer-installer.php --filename=composer --install-dir=/usr/local/bin
diff --git a/Workbench/webproxy/container_files/httpd/index.html b/Workbench/webproxy/container_files/httpd/index.html
index 6bd6134..8ded87e 100644
--- a/Workbench/webproxy/container_files/httpd/index.html
+++ b/Workbench/webproxy/container_files/httpd/index.html
@@ -9,10 +9,10 @@ <h3>Welcome to the InCommon TAP Workbench!</h3>
 The system contains the following TAP components (click the links to access each component in its own tab):
 
 <ul>
-<li><a href="https://__CSPHOSTNAME__/grouper" target="TAP-WB-GROUPER">Grouper (4.12.0)</a></li>
+<li><a href="https://__CSPHOSTNAME__/grouper" target="TAP-WB-GROUPER">Grouper (4.14.0)</a></li>
 <li><a href="https://__CSPHOSTNAME__/midpoint" target="TAP-WB-MIDPOINT">midPoint (4.8.2)</a></li>
 <ul><li><a href="https://__CSPHOSTNAME__/midPoint-doc.html" target="TAP-WB-MIDPOINT-CONFIG">Technical doc on midPoint's configuration</a></li></ul>
-<li><a href="https://__CSPHOSTNAME__/registry" target="TAP-WB-COMANAGE">COmanage Registry (4.3.3)</a></li>
+<li><a href="https://__CSPHOSTNAME__/registry" target="TAP-WB-COMANAGE">COmanage Registry (4.3.4)</a></li>
 <li><a href="https://__CSPHOSTNAME__/idpui/" target="TAP-WB-IDPUI">Shibboleth IdP UI (1.18.0)</a></li>
 </ul>
 
diff --git a/Workbench/webproxy/container_files/httpd/server-chain.crt b/Workbench/webproxy/container_files/httpd/server-chain.crt
index 881c325..0fdbd23 100644
--- a/Workbench/webproxy/container_files/httpd/server-chain.crt
+++ b/Workbench/webproxy/container_files/httpd/server-chain.crt
@@ -1,23 +1,44 @@
 -----BEGIN CERTIFICATE-----
-MIID6jCCAtKgAwIBAgICaaIwDQYJKoZIhvcNAQELBQAwgakxCzAJBgNVBAYTAi0t
-MRIwEAYDVQQIDAlTb21lU3RhdGUxETAPBgNVBAcMCFNvbWVDaXR5MRkwFwYDVQQK
-DBBTb21lT3JnYW5pemF0aW9uMR8wHQYDVQQLDBZTb21lT3JnYW5pemF0aW9uYWxV
-bml0MRUwEwYDVQQDDAxiYWFhMWFiNTE0NGExIDAeBgkqhkiG9w0BCQEWEXJvb3RA
-YmFhYTFhYjUxNDRhMB4XDTIwMDQyMTE4NTkwN1oXDTIxMDQyMTE4NTkwN1owgakx
-CzAJBgNVBAYTAi0tMRIwEAYDVQQIDAlTb21lU3RhdGUxETAPBgNVBAcMCFNvbWVD
-aXR5MRkwFwYDVQQKDBBTb21lT3JnYW5pemF0aW9uMR8wHQYDVQQLDBZTb21lT3Jn
-YW5pemF0aW9uYWxVbml0MRUwEwYDVQQDDAxiYWFhMWFiNTE0NGExIDAeBgkqhkiG
-9w0BCQEWEXJvb3RAYmFhYTFhYjUxNDRhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEArzuaMkF/83JBHj8mQMm5jhKLSSC+viuisAxNHGHM6j33lJl9ls4R
-iUBnbW4sTW4l1uYMfKZJKr5y9msTQXu8+CCON7oscUvFuc/D8gRb/J9QmJK188Cr
-L6DS+ofZXZqqV4Ou5FKjOax7gOvAMAGV7x4F9qEfdy8SyjSjhK5+57BaboH/PgLY
-qu0i7SJ+NzkGq7M0lt/DdqGZazOQbBhaoryB/hvo7JgSbxAfhVqQdtkcidSsNbBA
-/+PLlk1+hhOhiA15h/laA854T6FNYyeurEyr530zUo7P4/PZZyu/7y4D+s8KlNt3
-zpfVy9hNXgxFRCpLBC4XWLVwYmT18DfHIQIDAQABoxowGDAJBgNVHRMEAjAAMAsG
-A1UdDwQEAwIF4DANBgkqhkiG9w0BAQsFAAOCAQEAJcmopkftBDCpVW8GmtlD23o6
-oBOAnD566BK5zA23R9QDyoTX2Roz6moXxMrY3tlgL4LO/2prrR70vBIG6zn5q/xG
-goAwnWcQmFSg3HhiVJlcjRNrBEIbYw2edeZC38r6sWVj50RFCtlCMIaDdRAZCiVy
-Avf+S2Dw1QD9urkdjTMQaogMNmjZiXxKB2Zteqnks3JEVpOdlnLZYObIvSa1leIP
-gw4HgTllV1IqOJtgciczBX3xr8l6WR730BOv39ciGk25R4DQZxR/dR61NpnaYYuz
-8Rb+n48KaBe3vcxDtgAP8skFf1FN72bMOxrSYy6TEcN4URUMK4ybcXvLVKWEjg==
+MIIDXzCCAuSgAwIBAgIRAKjg16/B1MulLLyGBcf9FmMwCgYIKoZIzj0EAwMwgYgx
+CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJz
+ZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQD
+EyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIyMTEx
+NjAwMDAwMFoXDTMyMTExNTIzNTk1OVowRDELMAkGA1UEBhMCVVMxEjAQBgNVBAoT
+CUludGVybmV0MjEhMB8GA1UEAxMYSW5Db21tb24gRUNDIFNlcnZlciBDQSAyMFkw
+EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERdem6VwRp4k+kplQr0CJEgK+EuhLa1sV
+/kLWxfHaHpq/tAY8pLAMG19qRcYwVEl/zfF81FKjn+kxChUAjakOG6OCAXAwggFs
+MB8GA1UdIwQYMBaAFDrhCYbUzxnClnZ0SXbc4DXGY2OaMB0GA1UdDgQWBBQyXwrZ
+GFntQXEh1e4J4tmvstcPsTAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB
+/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwIgYDVR0gBBswGTAN
+BgsrBgEEAbIxAQICZzAIBgZngQwBAgIwUAYDVR0fBEkwRzBFoEOgQYY/aHR0cDov
+L2NybC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdEVDQ0NlcnRpZmljYXRpb25BdXRo
+b3JpdHkuY3JsMHEGCCsGAQUFBwEBBGUwYzA6BggrBgEFBQcwAoYuaHR0cDovL2Ny
+dC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdEVDQ0FBQUNBLmNydDAlBggrBgEFBQcw
+AYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTAKBggqhkjOPQQDAwNpADBmAjEA
+gKnucjW0Le2dHezMD4mFvVH5QTATQG7sRhGOUAfFVd1BU4AF3iekMQ0CnafF603G
+AjEAziSrw1zt1WdlJMgCDqE9NBTeb1JmkdrjKPb0Vk9rnbuQeRIw8fHGj3tL+4CO
+5K0S
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID0zCCArugAwIBAgIQVmcdBOpPmUxvEIFHWdJ1lDANBgkqhkiG9w0BAQwFADB7
+MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
+VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
+AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
+MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
+MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
+ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEGqxUWqn5aCPnetUkb1PGWthL
+q8bVttHmc3Gu3ZzWDGH926CJA7gFFOxXzu5dP+Ihs8731Ip54KODfi2X0GHE8Znc
+JZFjq38wo7Rw4sehM5zzvy5cU7Ffs30yf4o043l5o4HyMIHvMB8GA1UdIwQYMBaA
+FKARCiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1
+xmNjmjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zARBgNVHSAECjAI
+MAYGBFUdIAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5j
+b20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNAYIKwYBBQUHAQEEKDAmMCQG
+CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEM
+BQADggEBABns652JLCALBIAdGN5CmXKZFjK9Dpx1WywV4ilAbe7/ctvbq5AfjJXy
+ij0IckKJUAfiORVsAYfZFhr1wHUrxeZWEQff2Ji8fJ8ZOd+LygBkc7xGEJuTI42+
+FsMuCIKchjN0djsoTI0DQoWz4rIjQtUfenVqGtF8qmchxDM6OW1TyaLtYiKou+JV
+bJlsQ2uRl9EMC5MCHdK8aXdJ5htN978UeAOwproLtOGFfy/cQjutdAFI3tZs4RmY
+CV4Ks2dH/hzg1cEo70qLRDEmBDeNiXQ2Lu+lIg+DdEmSx/cQwgwp+7e9un/jX9Wf
+8qn0dNW44bOwgeThpWOjzOoEeJBuv/c=
 -----END CERTIFICATE-----
diff --git a/Workbench/webproxy/container_files/mdload/comanage-sp.xml b/Workbench/webproxy/container_files/mdload/comanage-sp.xml
index 0a774a1..b945cef 100644
--- a/Workbench/webproxy/container_files/mdload/comanage-sp.xml
+++ b/Workbench/webproxy/container_files/mdload/comanage-sp.xml
@@ -28,25 +28,30 @@
       <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
         <ds:KeyName>sp.example.org</ds:KeyName>
         <ds:X509Data>
-          <ds:X509Certificate>MIIDPDCCAiQCCQDNZe8r0hVtuTANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50
-ZXJuZXQyL1RJRVIxFzAVBgNVBAMMDnNwLmV4YW1wbGUub3JnMB4XDTE3MDkyMjE5
-NTAzNVoXDTI3MDkyMDE5NTAzNVowYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1J
-MRIwEAYDVQQHDAlBbm4gQXJib3IxFzAVBgNVBAoMDkludGVybmV0Mi9USUVSMRcw
-FQYDVQQDDA5zcC5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAMTNJmsNpTpR4NrDJwOgK/o3UYlNdi1c6xBflt+liLAsQc160QReV4dS
-SGK8LZvN58a/BTIsH8dLhQlUQ8qQUY2AfolVrNxb7Waumeh/POzYUTRylnoGpU3W
-bGMEPxE/AdgP5U/adYvyu4XI5epv7wjZJOTqcVag15SalY+aso+ZC/5l+UzRxmWB
-ZxKTsSL1y7PFehY4/Zl3Y3oGVsVl/zspt5lteoZQeeVxUX29S3Af11yHY4xpEp+7
-rvAzY/nlsTiHAsUoCFK/NFQ2evvSRx52B9Fk1cWP1MDVDm2QjQqD9xBGYSnX6bhQ
-ejVx7JUJHlblu2Q5p5XdW0BihgFluoECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
-n/qhYnIviPs4tglCdrw+M7gbqKNWadDC3F9HDYzlJMFeS/ae2turhEUgQPbYPDQQ
-eO3oOILtvCXNFUPM58jf8V5YFRrOqrTgx44kexQDaHO5YYNft5tF5TdvBYE2gOVr
-GdYrH2iSP8WX+Yy7JH5uqkfwWzEntWHJdey39rCWKAUCCB35+/2b4N53Qmlv2+ug
-CpNJYFtXInd4YMmM5HjXLyoWXtjnKiwDqYUCeYPSwAajnCqRqRXUX0gYTFDRiwRP
-HbmO9We0nqoc/71nikmGGoSRMO/zWVMFjwmAx1fGiWdU61sjGX8sHifzmVyJVEBI
-Z75p+JrWYZJYrx/vpWxL8g==
-</ds:X509Certificate>
+	<ds:X509Certificate>
+MIID7TCCAlWgAwIBAgIUPpg+wOKuPfj+oKMNVrzpOJsr6RcwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAxMJd29ya2JlbmNoMB4XDTI0MDcwMjE5MjA0NloXDTQ0MDYy
+NzE5MjA0NlowFDESMBAGA1UEAxMJd29ya2JlbmNoMIIBojANBgkqhkiG9w0BAQEF
+AAOCAY8AMIIBigKCAYEA5s3xhXhHVRymBx2YpiwvufUS5ZfoH92Gny8p01Rt2ZRf
+HHZ7AfjgrVQYnclTjUN0xxGouC3VgCbxp+GAf6f0AywBjJVILgckFtuTZf9walD1
+sxAHPqzYEKAP9Rknjh2gWF8piFkg0cK8l6Um3tlJX4BFkQMR0M0dfAKfuwS4NAQH
+XyyhjDhflJlyiCLr2sVluUEKPoxrZCX90+9OVswimAHdbTrpYhFylcHFuFDfbvkS
+MQ4YRegJMukIJBOw1IO6KLHuosJIf5M2LnRo9ua1PPSRL3+G7DrahXd0TWyV2QVY
+uUPcDizs3dft5EnJmv8whGap5lqSdYYbmuRdE7YpX78WI885aEMFirhq7gfCTUZK
+cK0AU+s+rlo7SNda8pkhsiCG6WqmgHzBJPRZ2fJ/Q5bwRpJ/gFcCUgvF/48Ju2UU
+YdylRYW2xjwCn5Dn6s4kXoXFginFYP4w997VnfmmhoxuedjwvMwcw7jlUQ/KR3Iw
+9AZjcH5xq1Pdq66p1JdLAgMBAAGjNzA1MBQGA1UdEQQNMAuCCXdvcmtiZW5jaDAd
+BgNVHQ4EFgQU9lcSmnfkGEetIlugSEsMcjOkR/kwDQYJKoZIhvcNAQELBQADggGB
+AG74bSN7P8+GNMiKQuOOE4MDvx4tSaN69ACaY+1KnfjbZ9KB0xLtwd56S/G0YTvK
+FGW0kV9QeNHh18f+y9EAjRHnQPMduLKyHLtQBKAKvuaIhinLzerjgGPR37Rf9yqJ
+Kr42dcIeW5cgdR0qUEwwvXIvOQQHuvq0aKUXQcrWlCTPxN9B21GeWWzahKfPU8th
+ttk2f5lI8R/GV+eskulzkHg2sdMpumruY73YZKWEWCPzso0QMFCme1g2eRr5F7Vx
+xC8KHp70CIzPy6XFVrwahGTbAKDdzTp5wYLTcgv6PNKO+/PjVZ/4FgJAbwB3X6Ky
+DxXKm66yiy6CbzhK8y4Jv5fard8r9zR7x0IPpmR/VyQ2hCkDc0l/rsJcHQUGmx1H
+NMoocXt2WfJs4g+cLn7YNkt2+ekuPsD7gR8RN7Z9NFpi19/IkfLMi90eGh1JRR1V
+EPkYEwb9MT4ArW9FhwNbibFiFJVbk+HGtcgFclPze1vk2/6z1wRg88UWL7vhFYdD
+1Q==
+          </ds:X509Certificate>
         </ds:X509Data>
       </ds:KeyInfo>
       <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>