diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml
index 66be446..65d1d5c 100644
--- a/Workbench/docker-compose.yml
+++ b/Workbench/docker-compose.yml
@@ -205,6 +205,7 @@ services:
 
   midpoint_server:
     build: ./midpoint_server/
+    command: /usr/local/bin/startup.sh
     depends_on:
      - midpoint_data
     ports:
diff --git a/Workbench/midpoint_server/Dockerfile b/Workbench/midpoint_server/Dockerfile
index cd162ee..c24ac99 100644
--- a/Workbench/midpoint_server/Dockerfile
+++ b/Workbench/midpoint_server/Dockerfile
@@ -11,7 +11,9 @@ COPY container_files/mp-home/ ${MP_DIR}/var/
 
 #Shibb SP
 COPY container_files/shibboleth/ /etc/shibboleth/
-COPY container_files/httpd/shib.conf /etc/httpd/conf.d
+COPY container_files/httpd/00-shib.conf /etc/httpd/conf.modules.d/
+COPY container_files/httpd/midpoint-shib.conf /etc/httpd/conf.d/
+COPY container_files/httpd/vhosts.conf /etc/httpd/conf.d/vhosts/
 
 #set dynamic hostname
 COPY container_files/system/setservername.sh /usr/local/bin/
@@ -19,7 +21,7 @@ RUN chmod 755 /usr/local/bin/setservername.sh
 #set hostname
 RUN /usr/local/bin/setservername.sh
 
-COPY container_files/supervisor/supervisord.conf /etc/supervisor/
+#COPY container_files/supervisor/supervisord.conf /etc/supervisor/
 
 #set shib auth in apache
-RUN mv /etc/httpd/conf.d/midpoint.conf /etc/httpd/conf.d/midpoint.conf.default && mv /etc/httpd/conf.d/midpoint.conf.auth.shibboleth /etc/httpd/conf.d/midpoint.conf
+#RUN mv /etc/httpd/conf.d/midpoint.conf /etc/httpd/conf.d/midpoint.conf.default && mv /etc/httpd/conf.d/midpoint.conf.auth.shibboleth /etc/httpd/conf.d/midpoint.conf
diff --git a/Workbench/midpoint_server/container_files/httpd/00-shib.conf b/Workbench/midpoint_server/container_files/httpd/00-shib.conf
new file mode 100644
index 0000000..04b785c
--- /dev/null
+++ b/Workbench/midpoint_server/container_files/httpd/00-shib.conf
@@ -0,0 +1,4 @@
+#
+# Load the Shibboleth module.
+#
+LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so
diff --git a/Workbench/midpoint_server/container_files/httpd/midpoint-shib.conf b/Workbench/midpoint_server/container_files/httpd/midpoint-shib.conf
new file mode 100644
index 0000000..a93663b
--- /dev/null
+++ b/Workbench/midpoint_server/container_files/httpd/midpoint-shib.conf
@@ -0,0 +1,17 @@
+RequestHeader unset Authorization
+
+<Location /midpoint/auth/shib>
+  AuthType shibboleth
+  ShibRequestSetting requireSession 1
+  ShibRequireSession on
+  ShibUseHeaders On
+  require shibboleth
+</Location>
+
+<Location />
+  AuthType shibboleth
+  ShibRequestSetting requireSession false
+  ShibUseHeaders On
+  require shibboleth
+</Location>
+
diff --git a/Workbench/midpoint_server/container_files/httpd/shib.conf b/Workbench/midpoint_server/container_files/httpd/shib.conf
deleted file mode 100644
index e7bc2e1..0000000
--- a/Workbench/midpoint_server/container_files/httpd/shib.conf
+++ /dev/null
@@ -1,58 +0,0 @@
-# https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig
-
-# RPM installations on platforms with a conf.d directory will
-# result in this file being copied into that directory for you
-# and preserved across upgrades.
-
-# For non-RPM installs, you should copy the relevant contents of
-# this file to a configuration location you control.
-
-#
-# Load the Shibboleth module.
-#
-LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so
-
-#
-# Turn this on to support "require valid-user" rules from other
-# mod_authn_* modules, and use "require shib-session" for anonymous
-# session-based authorization in mod_shib.
-#
-ShibCompatValidUser Off
-
-#
-# Ensures handler will be accessible.
-#
-<Location /MPSSO/Shibboleth.sso>
-  AuthType None
-  Require all granted
-  SetHandler shib
-</Location>
-
-#
-# Used for example style sheet in error templates.
-#
-<IfModule mod_alias.c>
-  <Location /shibboleth-sp>
-    AuthType None
-    Require all granted
-  </Location>
-  Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css
-</IfModule>
-
-#
-# Configure the module for content.
-#
-# You MUST enable AuthType shibboleth for the module to process
-# any requests, and there MUST be a require command as well. To
-# enable Shibboleth but not specify any session/access requirements
-# use "require shibboleth".
-#
-<Location /secure>
-  AuthType shibboleth
-  ShibRequestSetting requireSession 1
-  require shibboleth
-</Location>
-
-#for midpoint
-RewriteRule   "^/midpoint/$"  "/midpoint/auth/shib"  [R]
-
diff --git a/Workbench/midpoint_server/container_files/httpd/vhosts.conf b/Workbench/midpoint_server/container_files/httpd/vhosts.conf
new file mode 100644
index 0000000..7b9ffdd
--- /dev/null
+++ b/Workbench/midpoint_server/container_files/httpd/vhosts.conf
@@ -0,0 +1,3 @@
+#for midpoint
+RewriteRule   "^/midpoint/$"  "/midpoint/auth/shib"  [R]
+
diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
index 83e7c3c..890d165 100644
--- a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
+++ b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
@@ -66,7 +66,7 @@
             <httpHeader>
               <name>httpHeader</name>
               <logoutUrl>https://__CSPHOSTNAME__/MPSSO/Shibboleth.sso/Logout</logoutUrl>
-              <usernameHeader>uid</usernameHeader>
+              <usernameHeader>REMOTE_USER</usernameHeader>
             </httpHeader>
         </modules>
         <sequence>
diff --git a/Workbench/midpoint_server/container_files/supervisor/supervisord.conf b/Workbench/midpoint_server/container_files/supervisor/supervisord.conf
deleted file mode 100644
index 4a6b5fa..0000000
--- a/Workbench/midpoint_server/container_files/supervisor/supervisord.conf
+++ /dev/null
@@ -1,32 +0,0 @@
-[supervisord]
-logfile=/tmp/logsuperd
-logfile_maxbytes=0
-loglevel=error
-nodaemon=true
-user=root
-
-[program:httpd]
-command=/bin/bash -c "/usr/local/bin/start-httpd.sh"
-stdout_logfile=/tmp/loghttpd
-stdout_logfile_maxbytes=0
-redirect_stderr=true
-
-[program:midpoint]
-command=/bin/bash -c "/usr/local/bin/start-midpoint.sh"
-stdout_logfile=/dev/fd/2
-stdout_logfile_maxbytes=0
-redirect_stderr=true
-autorestart=false
-
-[program:shibboleth]
-command=/usr/sbin/shibd -f
-stdout_logfile=/dev/fd/2
-stdout_logfile_maxbytes=0
-redirect_stderr=true
-autorestart=false
-
-[program:crond]
-command=/usr/sbin/crond -n -i -m off
-stdout_logfile=/tmp/logcrond
-stdout_logfile_maxbytes=0
-redirect_stderr=true
\ No newline at end of file
diff --git a/Workbench/webproxy/container_files/httpd/proxy.conf b/Workbench/webproxy/container_files/httpd/proxy.conf
index 84c63d7..e7fb9f6 100644
--- a/Workbench/webproxy/container_files/httpd/proxy.conf
+++ b/Workbench/webproxy/container_files/httpd/proxy.conf
@@ -46,7 +46,7 @@ ProxyPass /registry https://comanage/registry
 ProxyPass /registrySSO https://comanage/registrySSO
 #ProxyPassReverse /comanage https://comanage/
 
-ProxyPass /wordpress http://wordpress_server/
+ProxyPass /wordpress http://wordpress_server/ nocanon
 ProxyPassReverse /wordpress http://wordpress_server/
 ProxyPass /wp-includes http://wordpress_server/wp-includes
 ProxyPassReverse /wp-includes http://wordpress_server/wp-includes