diff --git a/Workbench/comanage/Dockerfile b/Workbench/comanage/Dockerfile
index 3caa6bf..9bd5a4e 100644
--- a/Workbench/comanage/Dockerfile
+++ b/Workbench/comanage/Dockerfile
@@ -1,24 +1,20 @@
-FROM i2incommon/comanage-registry:3.3.1-20200930
+FROM i2incommon/comanage-registry:3.3.1-20201026
 
-ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=XXXXX
-ENV COMANAGE_REGISTRY_ADMIN_USERNAME=XXXX
+ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Anderson
+ENV COMANAGE_REGISTRY_ADMIN_USERNAME=banderson
 ENV COMANAGE_REGISTRY_DATASOURCE=Database/Mysql
 ENV COMANAGE_REGISTRY_DATABASE=registry
-ENV COMANAGE_REGISTRY_DATABASE_HOST=xxxx.at.internet2.edu
+ENV COMANAGE_REGISTRY_DATABASE_HOST=comanage-data
 ENV COMANAGE_REGISTRY_DATABASE_USER=registry_user
-ENV COMANAGE_REGISTRY_DATABASE_USER_PASSWORD=xxxx
+ENV COMANAGE_REGISTRY_DATABASE_USER_PASSWORD=123321
 ENV COMANAGE_REGISTRY_EMAIL_FROM=xxxx@example.edu
 ENV COMANAGE_REGISTRY_EMAIL_TRANSPORT=Smtp
 ENV COMANAGE_REGISTRY_EMAIL_PORT=25
 ENV COMANAGE_REGISTRY_EMAIL_HOST=smtp.example.edu
+#ENV HTTPS_CERT_FILE=/etc/pki/tls/certs/localhost.crt
+#ENV HTTPS_PRIVKEY_FILE=/etc/pki/tls/private/localhost.key
 # COMANAGE_REGISTRY_SECURITY_SALT - autogenerated if not specified
 # COMANAGE_REGISTRY_SECURITY_SEED - autogenerated if not specified
-ENV HTTPS_CERT_FILE=/etc/pki/tls/certs/localhost.crt
-ENV HTTPS_KEY_FILE=/etc/pki/tls/private/localhost.key
-ENV MYSQL_ROOT_PASSWORD=xxxx
-ENV MYSQL_DATABASE=registry
-ENV MYSQL_USER=registry_user
-ENV MYSQL_PASSWORD_FILE=xxxx
 #ENV SHIBBOLETH_SP_CERT=/etc/shibboleth/sp-cert.pem
 #ENV SHIBBOLETH_SP_PRIVKEY=/etc/shibboleth/sp-key.pem
 #ENV SHIBBOLETH_SP_ENTITY_ID=comanage.example.edu
@@ -30,8 +26,20 @@ RUN yum -y update && yum -y install --setopt=tsflags=nodocs epel-release python-
 ARG maintainer=my
 ARG imagename=comanage
 ARG version=3.3.1
+ARG CSPHOSTNAME=localhost
+ENV CSPHOSTNAME=$CSPHOSTNAME
+ENV COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN=$CSPHOSTNAME
 
 LABEL Version=$version
 ENV VERSION=$version
 
+COPY container_files/shibboleth/* /etc/shibboleth/
+
+COPY container_files/system/setservername.sh /usr/local/bin/
+RUN chmod 755 /usr/local/bin/setservername.sh && rm -f /etc/httpd/conf.d/ssl.conf
+
+#set hostname
+RUN /usr/local/bin/setservername.sh
+
+
 ENV LD_LIBRARY_PATH=/opt/shibboleth/lib64
diff --git a/Workbench/comanage/container_files/shibboleth/idp-metadata.xml b/Workbench/comanage/container_files/shibboleth/idp-metadata.xml
new file mode 100644
index 0000000..8bf0814
--- /dev/null
+++ b/Workbench/comanage/container_files/shibboleth/idp-metadata.xml
@@ -0,0 +1,201 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EntityDescriptor  xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" entityID="https://idptestbed/idp/shibboleth">
+
+    <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+
+        <Extensions>
+            <shibmd:Scope regexp="false">example.org</shibmd:Scope>
+<!--
+    Fill in the details for your IdP here 
+
+            <mdui:UIInfo>
+                <mdui:DisplayName xml:lang="en">A Name for the IdP at idptestbed</mdui:DisplayName>
+                <mdui:Description xml:lang="en">Enter a description of your IdP at idptestbed</mdui:Description>
+                <mdui:Logo height="80" width="80">https://localhost/Path/To/Logo.png</mdui:Logo>
+            </mdui:UIInfo>
+-->
+        </Extensions>
+
+        <KeyDescriptor use="signing">
+            <ds:KeyInfo>
+                    <ds:X509Data>
+                        <ds:X509Certificate>
+MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
+BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
+MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
+YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
+SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
+03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
+5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
+XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
+DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
+hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
+BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
+ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
+NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
+j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
+IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
+t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
+                        </ds:X509Certificate>
+                    </ds:X509Data>
+            </ds:KeyInfo>
+
+        </KeyDescriptor>
+        <KeyDescriptor use="signing">
+            <ds:KeyInfo>
+                    <ds:X509Data>
+                        <ds:X509Certificate>
+MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
+CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
+MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
+u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
+Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
+Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
+MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
+uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
+HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
+ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
+CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
+sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
+RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
+Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
+DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
+s00xrv14zLifcc8oj5DYzOhYRifRXgHX
+                        </ds:X509Certificate>
+                    </ds:X509Data>
+            </ds:KeyInfo>
+
+        </KeyDescriptor>
+        <KeyDescriptor use="encryption">
+            <ds:KeyInfo>
+                    <ds:X509Data>
+                        <ds:X509Certificate>
+MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
+BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
+MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
+cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
+l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
+ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
+9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
+VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
+DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
+hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
+BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
+QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
+jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
+xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
++PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
+p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
+                        </ds:X509Certificate>
+                    </ds:X509Data>
+            </ds:KeyInfo>
+
+        </KeyDescriptor>
+
+        <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+
+        <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://__CSPHOSTNAME__/idp/profile/Shibboleth/SSO"/>
+        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://__CSPHOSTNAME__/idp/profile/SAML2/POST/SSO"/>
+        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://__CSPHOSTNAME__/idp/profile/SAML2/POST-SimpleSign/SSO"/>
+        <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://__CSPHOSTNAME__/idp/profile/SAML2/Redirect/SSO"/>
+
+    </IDPSSODescriptor>
+
+
+    <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+
+        <Extensions>
+            <shibmd:Scope regexp="false">localhost</shibmd:Scope>
+        </Extensions>
+
+        <KeyDescriptor use="signing">
+            <ds:KeyInfo>
+                    <ds:X509Data>
+                        <ds:X509Certificate>
+MIIDEzCCAfugAwIBAgIUS9SuTXwsFVVG+LjOEAbLqqT/el0wDQYJKoZIhvcNAQEL
+BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMjZaFw0zNTEy
+MTEwMjIwMjZaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCMAoDHx8xCIfv/6QKqt9mcHYmEJ8y2dKprUbpdcOjH
+YvNPIl/lHPsUyrb+Nc+q2CDeiWjVk1mWYq0UpIwpBMuw1H6+oOqr4VQRi65pin0M
+SfE0MWIaFo5FPvpvoptkHD4gvREbm4swyXGMczcMRfqgalFXhUD2wz8W3XAM5Cq2
+03XeJbj6TwjvKatG5XPdeUe2FBGuOO2q54L1hcIGnLMCQrg7D31lR13PJbjnJ0No
+5C3k8TPuny6vJsBC03GNLNKfmrKVTdzr3VKp1uay1G3DL9314fgmbl8HA5iRQmy+
+XInUU6/8NXZSF59p3ITAOvZQeZsbJjg5gGDip5OZo9YlAgMBAAGjWzBZMB0GA1Ud
+DgQWBBRPlM4VkKZ0U4ec9GrIhFQl0hNbLDA4BgNVHREEMTAvggppZHB0ZXN0YmVk
+hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
+BQADggEBAIZ0a1ov3my3ljJG588I/PHx+TxAWONWmpKbO9c/qI3Drxk4oRIffiac
+ANxdvtabgIzrlk5gMMisD7oyqHJiWgKv5Bgctd8w3IS3lLl7wHX65mTKQRXniG98
+NIjkvfrhe2eeJxecOqnDI8GOhIGCIqZUn8ShdM/yHjhQ2Mh0Hj3U0LlKvnmfGSQl
+j0viGwbFCaNaIP3zc5UmCrdE5h8sWL3Fu7ILKM9RyFa2ILHrJScV9t623IcHffHP
+IeaY/WtuapsrqRFxuQL9QFWN0FsRIdLmjTq+00+B/XnnKRKFBuWfjhHLF/uu8f+E
+t6Lf23Kb8yD6ZR7dihMZAGHnYQ/hlhM=
+                        </ds:X509Certificate>
+                    </ds:X509Data>
+            </ds:KeyInfo>
+
+        </KeyDescriptor>
+        <KeyDescriptor use="signing">
+            <ds:KeyInfo>
+                    <ds:X509Data>
+                        <ds:X509Certificate>
+MIIDFDCCAfygAwIBAgIVAN3vv+b7KN5Se9m1RZsCllp/B/hdMA0GCSqGSIb3DQEB
+CwUAMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwHhcNMTUxMjExMDIyMDE0WhcNMzUx
+MjExMDIyMDE0WjAVMRMwEQYDVQQDDAppZHB0ZXN0YmVkMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAh91caeY0Q85uhaUyqFwP2bMjwMFxMzRlAoqBHd7g
+u6eo4duaeLz1BaoR2XTBpNNvFR5oHH+TkKahVDGeH5+kcnIpxI8JPdsZml1srvf2
+Z6dzJsulJZUdpqnngycTkGtZgEoC1vmYVky2BSAIIifmdh6s0epbHnMGLsHzMKfJ
+Cb/Q6dYzRWTCPtzE2VMuQqqWgeyMr7u14x/Vqr9RPEFsgY8GIu5jzB6AyUIwrLg+
+MNkv6aIdcHwxYTGL7ijfy6rSWrgBflQoYRYNEnseK0ZHgJahz4ovCag6wZAoPpBs
+uYlY7lEr89Ucb6NHx3uqGMsXlDFdE4QwfDLLhCYHPvJ0uwIDAQABo1swWTAdBgNV
+HQ4EFgQUAkOgED3iYdmvQEOMm6u/JmD/UTQwOAYDVR0RBDEwL4IKaWRwdGVzdGJl
+ZIYhaHR0cHM6Ly9pZHB0ZXN0YmVkL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEB
+CwUAA4IBAQBIdd4YWlnvJjql8+zKKgmWgIY7U8DA8e6QcbAf8f8cdE33RSnjI63X
+sv/y9GfmbAVAD6RIAXPFFeRYJ08GOxGI9axfNaKdlsklJ9bk4ducHqgCSWYVer3s
+RQBjxyOfSTvk9YCJvdJVQRJLcCvxwKakFCsOSnV3t9OvN86Ak+fKPVB5j2fM/0fZ
+Kqjn3iqgdNPTLXPsuJLJO5lITRiBa4onmVelAiCstI9PQiaEck+oAHnMTnC9JE/B
+DHv3e4rwq3LznlqPw0GSd7xqNTdMDwNOWjkuOr3sGpWS8ms/ZHHXV1Vd22uPe70i
+s00xrv14zLifcc8oj5DYzOhYRifRXgHX
+                        </ds:X509Certificate>
+                    </ds:X509Data>
+            </ds:KeyInfo>
+
+        </KeyDescriptor>
+        <KeyDescriptor use="encryption">
+            <ds:KeyInfo>
+                    <ds:X509Data>
+                        <ds:X509Certificate>
+MIIDEzCCAfugAwIBAgIUG6Nn1rlERS1vsi88tcdzSYX0oqAwDQYJKoZIhvcNAQEL
+BQAwFTETMBEGA1UEAwwKaWRwdGVzdGJlZDAeFw0xNTEyMTEwMjIwMTRaFw0zNTEy
+MTEwMjIwMTRaMBUxEzARBgNVBAMMCmlkcHRlc3RiZWQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCBXv0o3fmT8iluyLjJ4lBAVCW+ZRVyEXPYQuRi7vfD
+cO4a6d1kxiJLsaK0W88VNxjFQRr8PgDkWr28vwoH1rgk4pLsszLD48DBzD942peJ
+l/S6FnsIJjmaHcBh4pbNhU4yowu63iKkvttrcZAEbpEro6Z8CziWEx8sywoaYEQG
+ifPkr9ORV6Cn3txq+9gMBePG41GrtZrUGIu+xrndL0Shh4Pq0eq/9MAsVlIIXEa8
+9WfH8J2kFcTOfoWtIc70b7TLZQsx4YnNcnrGLSUEcstFyPLX+Xtv5SNZF89OOIxX
+VNjNvgE5DbJb9hMM4UAFqI+1bo9QqtxwThjc/sOvIxzNAgMBAAGjWzBZMB0GA1Ud
+DgQWBBStTyogRPuAVG6q7yPyav1uvE+7pTA4BgNVHREEMTAvggppZHB0ZXN0YmVk
+hiFodHRwczovL2lkcHRlc3RiZWQvaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQEL
+BQADggEBAFMfoOv+oISGjvamq7+Y4G7ep5vxlAPeK3RATYPYvAmyH946qZXh98ni
+QXyuqZW5P5eEt86toY45IwDU5r09SKwHughEe99iiEkxh0mb2qo84qX9/qcg+kyN
+jeLd/OSyolpUCEFNwOFcog7pj7Eer+6AHbwTn1Mjb5TBsKwtDMJsaxPvdj0u7M5r
+xL/wHkFhn1rCo2QiojzjSlV3yLTh49iTyhE3cG+RxaNKDCxhp0jSSLX1BW/ZoPA8
++PMJEA+Q0QbyRD8aJOHN5O8jGxCa/ZzcOnYVL6AsEXoDiY3vAUYh1FUonOWw0m9H
+p+tGUbGS2l873J5PrsbpeKEVR/IIoKo=
+                        </ds:X509Certificate>
+                    </ds:X509Data>
+            </ds:KeyInfo>
+
+        </KeyDescriptor>
+
+        
+        <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://__CSPHOSTNAME__/idp/profile/SAML1/SOAP/AttributeQuery"/>
+        <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://__CSPHOSTNAME__/idp/profile/SAML2/SOAP/AttributeQuery"/> 
+        <!-- If you uncomment the above you should add urn:oasis:names:tc:SAML:2.0:protocol to the protocolSupportEnumeration above -->
+
+    </AttributeAuthorityDescriptor>
+
+</EntityDescriptor>
diff --git a/Workbench/comanage/container_files/shibboleth/shibboleth2.xml b/Workbench/comanage/container_files/shibboleth/shibboleth2.xml
new file mode 100644
index 0000000..3991d24
--- /dev/null
+++ b/Workbench/comanage/container_files/shibboleth/shibboleth2.xml
@@ -0,0 +1,112 @@
+<SPConfig xmlns="urn:mace:shibboleth:3.0:native:sp:config"
+    xmlns:conf="urn:mace:shibboleth:3.0:native:sp:config"
+    clockSkew="180">
+
+    <OutOfProcess tranLogFormat="%u|%s|%IDP|%i|%ac|%t|%attr|%n|%b|%E|%S|%SS|%L|%UA|%a" />
+  
+    <!--
+    By default, in-memory StorageService, ReplayCache, ArtifactMap, and SessionCache
+    are used. See example-shibboleth2.xml for samples of explicitly configuring them.
+    -->
+
+    <!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
+    <ApplicationDefaults entityID="https://proxysp.example.org/shibboleth"
+        REMOTE_USER="eppn uid subject-id pairwise-id persistent-id"
+        cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1">
+
+        <!--
+        Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
+        Each Application has an effectively unique handlerURL, which defaults to "/Shibboleth.sso"
+        and should be a relative path, with the SP computing the full value based on the virtual
+        host. Using handlerSSL="true" will force the protocol to be https. You should also set
+        cookieProps to "https" for SSL-only sites. Note that while we default checkAddress to
+        "false", this makes an assertion stolen in transit easier for attackers to misuse.
+        -->
+        <Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
+                  checkAddress="false" handlerSSL="true" cookieProps="https"
+                  redirectLimit="exact">
+
+            <!--
+            Configures SSO for a default IdP. To properly allow for >1 IdP, remove
+            entityID property and adjust discoveryURL to point to discovery service.
+            You can also override entityID on /Login query string, or in RequestMap/htaccess.
+            -->
+            <SSO entityID="https://idptestbed/idp/shibboleth">
+              SAML2
+            </SSO>
+
+            <!-- SAML and local-only logout. -->
+            <Logout>SAML2 Local</Logout>
+
+            <!-- Administrative logout. -->
+            <LogoutInitiator type="Admin" Location="/Logout/Admin" acl="127.0.0.1 ::1" />
+          
+            <!-- Extension service that generates "approximate" metadata based on SP configuration. -->
+            <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
+
+            <!-- Status reporting service. -->
+            <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>
+
+            <!-- Session diagnostic service. -->
+            <Handler type="Session" Location="/Session" showAttributeValues="false"/>
+
+            <!-- JSON feed of discovery information. -->
+            <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
+        </Sessions>
+
+        <!--
+        Allows overriding of error template information/filenames. You can
+        also add your own attributes with values that can be plugged into the
+        templates, e.g., helpLocation below.
+        -->
+        <Errors supportContact="root@localhost"
+            helpLocation="/about.html"
+            styleSheet="/shibboleth-sp/main.css"/>
+
+        <!-- Example of locally maintained metadata. -->
+        <MetadataProvider type="XML" validate="true" path="idp-metadata.xml"/>
+
+        <!-- Example of remotely supplied batch of signed metadata. -->
+        <!--
+        <MetadataProvider type="XML" validate="true"
+	            url="http://federation.org/federation-metadata.xml"
+              backingFilePath="federation-metadata.xml" maxRefreshDelay="7200">
+            <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
+            <MetadataFilter type="Signature" certificate="fedsigner.pem" verifyBackup="false"/>
+            <DiscoveryFilter type="Blacklist" matcher="EntityAttributes" trimTags="true" 
+              attributeName="http://macedir.org/entity-category"
+              attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+              attributeValue="http://refeds.org/category/hide-from-discovery" />
+        </MetadataProvider>
+        -->
+
+        <!-- Example of remotely supplied "on-demand" signed metadata. -->
+        <!--
+        <MetadataProvider type="MDQ" validate="true" cacheDirectory="mdq"
+	            baseUrl="http://mdq.federation.org" ignoreTransport="true">
+            <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
+            <MetadataFilter type="Signature" certificate="mdqsigner.pem" />
+        </MetadataProvider>
+        -->
+
+        <!-- Map to extract attributes from SAML assertions. -->
+        <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>
+
+        <!-- Default filtering policy for recognized attributes, lets other data pass. -->
+        <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
+
+        <!-- Simple file-based resolvers for separate signing/encryption keys. -->
+        <CredentialResolver type="File" use="signing"
+            key="sp-signing-key.pem" certificate="sp-signing-cert.pem"/>
+        <CredentialResolver type="File" use="encryption"
+            key="sp-encrypt-key.pem" certificate="sp-encrypt-cert.pem"/>
+        
+    </ApplicationDefaults>
+    
+    <!-- Policies that determine how to process and authenticate runtime messages. -->
+    <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
+
+    <!-- Low-level configuration about protocols and bindings available for use. -->
+    <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
+
+</SPConfig>
diff --git a/Workbench/comanage/container_files/shibboleth/shibd.logger b/Workbench/comanage/container_files/shibboleth/shibd.logger
new file mode 100644
index 0000000..2589b43
--- /dev/null
+++ b/Workbench/comanage/container_files/shibboleth/shibd.logger
@@ -0,0 +1,69 @@
+# set overall behavior
+log4j.rootCategory=DEBUG, shibd_log, warn_log
+
+# fairly verbose for DEBUG, so generally leave at DEBUG
+log4j.category.XMLTooling.XMLObject=DEBUG
+log4j.category.XMLTooling.KeyInfoResolver=DEBUG
+log4j.category.Shibboleth.IPRange=DEBUG
+log4j.category.Shibboleth.PropertySet=DEBUG
+
+# raise for low-level tracing of SOAP client HTTP/SSL behavior
+log4j.category.XMLTooling.libcurl=DEBUG
+
+# useful categories to tune independently:
+#
+# tracing of SAML messages and security policies
+#log4j.category.OpenSAML.MessageDecoder=DEBUG
+#log4j.category.OpenSAML.MessageEncoder=DEBUG
+#log4j.category.OpenSAML.SecurityPolicyRule=DEBUG
+#log4j.category.XMLTooling.SOAPClient=DEBUG
+# interprocess message remoting
+#log4j.category.Shibboleth.Listener=DEBUG
+# mapping of requests to applicationId
+#log4j.category.Shibboleth.RequestMapper=DEBUG
+# high level session cache operations
+#log4j.category.Shibboleth.SessionCache=DEBUG
+# persistent storage and caching
+#log4j.category.XMLTooling.StorageService=DEBUG
+
+# logs XML being signed or verified if set to DEBUG
+log4j.category.XMLTooling.Signature.Debugger=DEBUG, sig_log
+log4j.additivity.XMLTooling.Signature.Debugger=false
+
+# the tran log blocks the "default" appender(s) at runtime
+# Level should be left at DEBUG for this category
+log4j.category.Shibboleth-TRANSACTION=DEBUG, tran_log
+log4j.additivity.Shibboleth-TRANSACTION=false
+# uncomment to suppress particular event types
+#log4j.category.Shibboleth-TRANSACTION.AuthnRequest=WARN
+#log4j.category.Shibboleth-TRANSACTION.Login=WARN
+#log4j.category.Shibboleth-TRANSACTION.Logout=WARN
+
+# define the appenders
+
+log4j.appender.shibd_log=org.apache.log4j.RollingFileAppender
+log4j.appender.shibd_log.fileName=/var/log/shibboleth/shibd.log
+log4j.appender.shibd_log.maxFileSize=1000000
+log4j.appender.shibd_log.maxBackupIndex=10
+log4j.appender.shibd_log.layout=org.apache.log4j.PatternLayout
+log4j.appender.shibd_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
+
+log4j.appender.warn_log=org.apache.log4j.RollingFileAppender
+log4j.appender.warn_log.fileName=/var/log/shibboleth/shibd_warn.log
+log4j.appender.warn_log.maxFileSize=1000000
+log4j.appender.warn_log.maxBackupIndex=10
+log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout
+log4j.appender.warn_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
+log4j.appender.warn_log.threshold=WARN
+
+log4j.appender.tran_log=org.apache.log4j.RollingFileAppender
+log4j.appender.tran_log.fileName=/var/log/shibboleth/transaction.log
+log4j.appender.tran_log.maxFileSize=1000000
+log4j.appender.tran_log.maxBackupIndex=20
+log4j.appender.tran_log.layout=org.apache.log4j.PatternLayout
+log4j.appender.tran_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
+
+log4j.appender.sig_log=org.apache.log4j.FileAppender
+log4j.appender.sig_log.fileName=/var/log/shibboleth/signature.log
+log4j.appender.sig_log.layout=org.apache.log4j.PatternLayout
+log4j.appender.sig_log.layout.ConversionPattern=%m
diff --git a/Workbench/comanage/container_files/shibboleth/sp-encrypt-cert.pem b/Workbench/comanage/container_files/shibboleth/sp-encrypt-cert.pem
new file mode 100644
index 0000000..d3c288c
--- /dev/null
+++ b/Workbench/comanage/container_files/shibboleth/sp-encrypt-cert.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID6zCCAlOgAwIBAgIJAIB4eHZ1M1ByMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV
+BAMTDDdjZjI3NzhiZWIxNTAeFw0yMDEwMzExODA4NDVaFw0zMDEwMjkxODA4NDVa
+MBcxFTATBgNVBAMTDDdjZjI3NzhiZWIxNTCCAaIwDQYJKoZIhvcNAQEBBQADggGP
+ADCCAYoCggGBAOPMP1n+c6q6IdujWWvW0/kW3if2rmk9WfHAxvLyguJCP1W3kMwV
+CZMKky8+26zcHX2PvdEHwJsrjDltsg73ZAnZYYFXTPh7JY3W1bAoRuywvUmyUIel
+tjH03d+riKaE4eqaCgPqyJaI2zLxNJHwCmr6FjLZ5cj8GatPQeNf0WPSnQonk8NW
+3eAWvOIeqS9w3bNfpIpP/mw49M9m6LbwH1VKEPHJDUY952fqWIJBSGDfrzCCftsl
+xQ9m7DrKARUfSFjwu3uTunKZAzkhVX/DWQ9SnyTADIfD5fgFq3wVIFmXTFLIWaWS
+Yr03qGs2XcDKkfoRcBXEWyQKp3zfxjCRks1Nr6cqdPyyJvZW6OVigbrMQP23CQca
+dinD0I1bpAMW/hIMWI3HPu/Cxli8GM3/03u5XDvTBrSXxmXncNCrAQBAYhZ9vrIc
+nqyGS8lTnzsNNZXzPK3dsJvBNE4ogk/MK4Cg9bBieyBZz0IZR46EnI7qVsycIGHy
+ttv2xyZ05sMgTQIDAQABozowODAXBgNVHREEEDAOggw3Y2YyNzc4YmViMTUwHQYD
+VR0OBBYEFKdOek6UqVa8xmmBFcz5pizhCEQgMA0GCSqGSIb3DQEBCwUAA4IBgQDK
+qFQyjhO6PVjHWy3PyhaXuCQ3UTyMEr1ZUY4nYZd2eIJXMssLpxzVAu93aWowDmNO
+m2bg5MI0agNUhly7zs+cbepkH9r32Z/c5H1fuJs1iuPdfZb4xPKic2or0Kx6n8eq
+NNZBPBXnb1ulEOWokn3PaaNPLHWk23k0SmgXHp5ibpWKpETO+Py3dnMjRzCTJeY1
+M2B+ovMgNK1otlK+IV3GPMNEkMeUa/uX/IjW+YlhhUqvL9b/lWdLY4D7ZL7F2Ieq
+u4Kb1ezOTjZ0A/8oVbTK8MXHNCouwVtPl00jsSHchIHDAz/iB524Eve/ayeV0KWd
+n8+t02stqKPqiS1wzM+zatgINaCTDQOEaq6TeRy423xoBps8yBF7qPPEIBwsI9Hv
+HNUq5NfIHltpt9TfbfHWRr4S/Ccslyi14gpNFZQO7mmuAZdUPGd/m4GzdGd9lFmz
+IvRCNeI0FpjTvdt4stm66ZqRfH8Ww+hzCHtDz6MBBRIl5uRaYPqakjsW6/UK7hs=
+-----END CERTIFICATE-----
diff --git a/Workbench/comanage/container_files/shibboleth/sp-encrypt-key.pem b/Workbench/comanage/container_files/shibboleth/sp-encrypt-key.pem
new file mode 100644
index 0000000..3bfdafe
--- /dev/null
+++ b/Workbench/comanage/container_files/shibboleth/sp-encrypt-key.pem
@@ -0,0 +1,40 @@
+-----BEGIN PRIVATE KEY-----
+MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQDjzD9Z/nOquiHb
+o1lr1tP5Ft4n9q5pPVnxwMby8oLiQj9Vt5DMFQmTCpMvPtus3B19j73RB8CbK4w5
+bbIO92QJ2WGBV0z4eyWN1tWwKEbssL1JslCHpbYx9N3fq4imhOHqmgoD6siWiNsy
+8TSR8Apq+hYy2eXI/BmrT0HjX9Fj0p0KJ5PDVt3gFrziHqkvcN2zX6SKT/5sOPTP
+Zui28B9VShDxyQ1GPedn6liCQUhg368wgn7bJcUPZuw6ygEVH0hY8Lt7k7pymQM5
+IVV/w1kPUp8kwAyHw+X4Bat8FSBZl0xSyFmlkmK9N6hrNl3AypH6EXAVxFskCqd8
+38YwkZLNTa+nKnT8sib2VujlYoG6zED9twkHGnYpw9CNW6QDFv4SDFiNxz7vwsZY
+vBjN/9N7uVw70wa0l8Zl53DQqwEAQGIWfb6yHJ6shkvJU587DTWV8zyt3bCbwTRO
+KIJPzCuAoPWwYnsgWc9CGUeOhJyO6lbMnCBh8rbb9scmdObDIE0CAwEAAQKCAYAj
+mnGwXB+x6GOQU4iPXUVGIjfYoSqDUk5zhYDSyeqA+H+zovwjmYokjDuS380vyDtn
+u4acXAzTc8v30dhJlIrzKyGdOIrUL1MgRxqg7LqhFcKP+Smy+chvKGlhIws5k31H
+0ImOMSzmsj8oSCDCSnUmYS4FBp9ueVB9wOZ4Zipw4qMeyi7DEhmdg5BD+yzQOGC+
+P02VPIl0WraQj/IBXahYCTp6v8SuXNCFIlBxE0j/sxZLi6nOEKorDRgQ3C+tIHU/
+th9VMQ7BsrpgZqLrvmvlhFtct4hYO4a6vdYgl87pU1amg3HbKR1rtG/lccDHDXUc
+Upx5pv67lBm8E3XLQVTtNwlHu0b1Z/+aebm84vCVR55Rt84rqIKM5tr9fkX3SX9f
+loydVMWPXhPI7X4Atj2PBNJ8aKFe69YTYIE7guqngcjFHZ6sPydmHq8p3shaNNwT
+PVQbrcFJngFypWuD+BcO4/m0pDC79Ig8k7qyTgKDkBU0118gyW+3/M/DntF+pCEC
+gcEA/XU0oJXSFJ5nRDUZkxqW5zZQo9zjaebdRPc+TYs/tqiwhDuT2EsYQ6lE6QKN
+6RxnFiY3xBxOJesYXAaCCFOhOiOj6MGdi+G90iUoRiuxOlhTH5io1c+jUSmY5QDQ
+/6ivZAxVbG7CGgt3XBfzMgvQe7ku2/JLMOwygdoURTGp6ySF8uyALakNzpebCJq+
+8MFm0BqLXbFA0kDhqPoEjJLhjfe4/BtHtGoXDirEVw3/rFWRqXCBI9F60eoGe1k8
+NxW5AoHBAOYVJ9m1GvVY9GcQY/QGA90tGtEXazQCmVNLljvpSXPQiwP09TkMMZYt
+JvRNf7IirehMq+dNBI5JA51h4SSwmwL1GVh5uChi6uQ62Cy7EGCoOU/oPpDY5trd
+2a0r+fzr1D0I+sK9HGJ1eVlunUTfYtDBSHX37mK5hhCGT5K+PaeBRfXe+gpxBoaO
+T8RyioplpKH4zK4TEefCk6jvDkkYLEHP4spGN33mRHvpVQ3oaLYHfgKXKpKqe09k
+KICOVGkpNQKBwA3ZYqfHp/QCd8gNUrlsAYTevedGQZLez4ZeMCRSkIetjf+btcdi
+yw+fZymIPzLWn3dhXTi1BzwhLXKR1HcaArxHiERGmBI1ooaiCyJSbtuuSdR3JfqQ
+3u6nZDhXJBRkJjlER0Kmhqqfp8T7dgltBdZM1xejlKI2tcfMn8DsJsm3dC5C5/oW
+u69nL0x4ECjdmH2Uhbr33X/flbUC/E6mE/cK6yuzXeaoyVu30ISlOiwzfMMSZ6wK
+XTitHe+Nf7HO2QKBwALyDGOOHP09GUvketMZ7Jy9QhWhLh8pVVsqoY68ytLvvYfc
+b/M+A7h/dXs1LshSB1Xs/VplswQ7TQ+LvD0jAakFCEEIteHWellXo4LXFjuWi71J
+JNvn2vS8WFgOMxIY1su9PLCXiTB9foM1lk/WaEZx4wKXnPaol13IymX/h3yIfCPM
+qfjOP54jXkQOj1V8PaJRNBWaauVDqW5FOTKYW6CwD6A1S+qRsxi/APa/ne+Oov9X
+fhUIl7GJf7c9mzkJbQKBwQCThYQtED8ganxTHsOYPp+NUR4sqgXSox2aBpRJRfEz
+eb2IkyBbQIbHXDkn1WDKiE33e39NXEPgSc2lDrkQSfhtgAniAdg5TEWorMVzl9Wx
+FOb3+zECzgB6wKnfPwA3SH+YbystUAaI1SEnJXUoqq4nBVVj8o1NTdxTnEI8zvhU
+tdG6t6Ao/VKBmFyDS5JPbnXVXCnym0QsPBcP67zVK8FnUz+p2S4OsVRVVrfYi9LB
+SnL+ZAlsa3/NQWPBfOqIWNc=
+-----END PRIVATE KEY-----
diff --git a/Workbench/comanage/container_files/shibboleth/sp-signing-cert.pem b/Workbench/comanage/container_files/shibboleth/sp-signing-cert.pem
new file mode 100644
index 0000000..c5a4988
--- /dev/null
+++ b/Workbench/comanage/container_files/shibboleth/sp-signing-cert.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID6zCCAlOgAwIBAgIJAPeLX7GZ1mdUMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV
+BAMTDDdjZjI3NzhiZWIxNTAeFw0yMDEwMzExODA3MjVaFw0zMDEwMjkxODA3MjVa
+MBcxFTATBgNVBAMTDDdjZjI3NzhiZWIxNTCCAaIwDQYJKoZIhvcNAQEBBQADggGP
+ADCCAYoCggGBAJmgdbLZgwGaITfXZdIUpTuujVf+IPzvUgxyAmsyECJSAzLEYpvy
+AUEymK3NgGdfM9kYvaHqwNSzZgsLG+24fWtim3e4ksVJOV1ZOYdpe8+6Kbd6bMOp
+3Xc2BQYeMCZ/daP+v7i8UCiFQQr5qECfYkHli6WpOYlyCMFOa6hzLoEcuakLQz6k
+o4Hf5zN/lemKZ8M1YHJcAMmCjYCwxtzJsHAvJWS1rTQIafoWyOYVNl0nwf+NJlNp
+StWcYb6O7DBmxO9mec4rQ8yp9pi2WqUL9Eha2/P7VNJVDvO32SdWQiCXKSxdZ+vi
+nSOA1BfgcAJkePl21FKHFVQzjtC7wl/u3DVSk+Pbq5gm7jOS1Rh9EYmoNRzV/jbX
+jp8RJlxTABIKNNeD0qvtJ1vImEzXCaa9elnSmcbNlmcFK3izHBffrqk08LS6Nh5S
+//yFX+OObEI0kIdLjuHwgml+DeiWyOJi8ca98gps2Pph4A2xAYu3khE9pFdAe8Mo
+1O5FhRmzJteYnwIDAQABozowODAXBgNVHREEEDAOggw3Y2YyNzc4YmViMTUwHQYD
+VR0OBBYEFHHqoc9SPoSYSC1aF2hDAzzu+qogMA0GCSqGSIb3DQEBCwUAA4IBgQBh
+AtP/C43KuGIngpn8Bz9/iJocNmvUqZd3UonEFP9+ThW147HGK+FNeOCUSAFr5TKD
++J/NkfZ9u3uLRd6vYP6WBwgEXivjac8cyQwKwPAsE0ottO8A6lmc5rf2rsw/e1nj
+QGjKMIAwo4n8/H8mcTRmY3zP9DmevfyXbimNZpXHUIGbqUWLwMZRPRjBNajG3R8A
+SSXfuPqSe6Vu52cfPtELcInHTBTo2B1yYtqk/xlFMUxM4HT+JqZpiXFGV+0cxSoD
+Z4RijtBi/B2Oqy5xHaHM/Me0pQtuKz0JtEw3IUNKIU/nVCryLNU8uGJC7nEJF4aW
+JF7ErYSEwvCCjm2GH3tmkeguNZN4sc+ah6spA5AazakzXJntMVac42OKjDsqfxKA
+fdY5ejYiTq+4q0qCan7CjHcKy0y6wTUakLhHyHXFOrJu6hrWC1Tm68i41yrIj9sJ
+6fGzRN1eZFSaq95Sc2nq6xrUE6ldgu6udIDeCfn7y+a3N0RTaUhgPjylglOB9aU=
+-----END CERTIFICATE-----
diff --git a/Workbench/comanage/container_files/shibboleth/sp-signing-key.pem b/Workbench/comanage/container_files/shibboleth/sp-signing-key.pem
new file mode 100644
index 0000000..915002a
--- /dev/null
+++ b/Workbench/comanage/container_files/shibboleth/sp-signing-key.pem
@@ -0,0 +1,40 @@
+-----BEGIN PRIVATE KEY-----
+MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQCZoHWy2YMBmiE3
+12XSFKU7ro1X/iD871IMcgJrMhAiUgMyxGKb8gFBMpitzYBnXzPZGL2h6sDUs2YL
+CxvtuH1rYpt3uJLFSTldWTmHaXvPuim3emzDqd13NgUGHjAmf3Wj/r+4vFAohUEK
++ahAn2JB5YulqTmJcgjBTmuocy6BHLmpC0M+pKOB3+czf5XpimfDNWByXADJgo2A
+sMbcybBwLyVkta00CGn6FsjmFTZdJ8H/jSZTaUrVnGG+juwwZsTvZnnOK0PMqfaY
+tlqlC/RIWtvz+1TSVQ7zt9knVkIglyksXWfr4p0jgNQX4HACZHj5dtRShxVUM47Q
+u8Jf7tw1UpPj26uYJu4zktUYfRGJqDUc1f42146fESZcUwASCjTXg9Kr7SdbyJhM
+1wmmvXpZ0pnGzZZnBSt4sxwX366pNPC0ujYeUv/8hV/jjmxCNJCHS47h8IJpfg3o
+lsjiYvHGvfIKbNj6YeANsQGLt5IRPaRXQHvDKNTuRYUZsybXmJ8CAwEAAQKCAYBD
+NVaocs4EYmiL5HjQCmYrEPcW+r91yEEt3qa+PL2gNh7eE9pL/PidjEQNLS0yjAzD
+ujYj4u6PXxiSVj7WpfKAizgWjTHwi1NESmeHnRckTn43naB9jQ+tOn3CKmzIOtS9
+dRJtAD1VLM7CvWvlMZUr3P9V7w2T2saHwwYIQLOkmmuCz8GQYziA9fJQrk1oSTuR
+xAU4opVZkvrSxQOKzdWZjpaeU3i9nby3Q0aKmdcZs+4EHb0ZmqO5hduhISelGR/7
+Sl0dQOV60MsF6zXAthrX4y3w/DJgYlytOKuHfUWsCD5dB9+cKAsKFkhceNpW9JYl
+6QiygFdblj9CRhJY1sMccOfwP3ktdSaNopt6hX5R7tgeDNbmOeXJMzFtB4jSSsVP
+LsWcxi/MWvy4cJmCudjJ48Fm7AHXKXF8Z2ry3BquAiS88qPQDXgZgavv9BeW8QRN
+iEtAoTw8pKmQICEeizY+RT5KtVk/ZlO0afAIHqiLnfz8ePHtEqJMgy1ZSs123jEC
+gcEAykp84C7ppVr+HoDQ/s2PrbA67GDG5M2/Of9IpNGw7HQ4fEL768op1M3l1W7U
+s17y8r63EnclpWrqYQbKm6ERvoXim01uPxvtGbTUn+2LuwfXTtRjv0WGnvmB3y6L
+y5mrmsABJhSwmNU9/aV7/PmOMYh56Dm/VNj0h8TxwNFWXKLs6LUSdelMI0rs25y3
+ADuai4V7LEiGVNeIFWOGNVn17hi1+77DTxjVFEIVRa8DtqiYmTCrU5MXuanaNZ42
+/ccXAoHBAMJqUUZ4i99Ej5w3mCH7QHOBFZ8gKbkFJ5Er+0DSJhlXdxwa2ED+ZOmz
+lBkOdkhFocpnKNpe8LXQdyT4Hc39oLg/hgM+9xiS0knwWYR9aEsaPscdEa9XkJfy
+MHArST+YQ6VkkSQFw5JlsgOSbqQsMsTzbCSRPnK1kh2FpAeCFdBKc7zPkXDz/eDN
+U1PyUbxvhnvO/7Wm3qk8prGxYPTo3lT+YCOvGBB0D7Dszqo1lmDhmMLW3wQ+7d3Z
+zgx3PLavuQKBwQCvPUniVyF2alX7jLIAGYke+KyCuu9xpD7E+j4u8awnmiKYmtpr
+j40fWWKBu2otHNKvsMEdEPQe0XjKprx7h1O8zXTZ/oDD0OhbvYf4JytF0WwWUO07
+8/nD2/dCpKrbrHq5Kx2TpJa7PvddtK6tHm6swEKDBwuVcACdYOHgnDgJNeavTLT6
+Sij35d87/A2X+QpPVUm3ufgMpU2w4a+QpibipKt5su60pZlo3DpbTFqWMIVJJ50z
+YBhMcTSkADQ5Me8CgcA+O/BmgaIsx3K9TCKcBiTclJ7KQG56tsaytwSH/H2LsS8E
+xScirwy4ru6ikrmUaw3ej+VI+glN+jyZjf9keGMhd9w7X8WTjTRZzOGrAsYG/JDK
+Bmkp2vsDWNjen0ykWeaVpDq98EZpr7orYI2gajGaUF322rPF3o+2eZhHewHmml6w
+OzXQlZpYgwHAppo5mu3O5jV+/brbK/okeaaS35SEWqWF5r/qTGzVcwi4/cx0mOLg
+xA3B+y8DzHwkC2tZA6kCgcEArXovFQS56M+Kcfi/gv4s0/Ax33loCRuaaRKHJBJ2
+SRQFMQ+a5UzUiUI9YLjuonchsaieoBUkdzhkqqY1rdzbEuOL7SzfL9Xcp6IM/gXk
+eLdscobfFonbDlJJIm1lkWvBbLTe9V7/IOmd3f06U66jwGEH9+gahKags1lmWBl3
+kUMKfdm2ZiJOW6Mg2r86FKs3rCoe0XpxnIcNyTuJ/u8/faR6+9XINo/RkzRDUPb1
+ECX4/movLrhpXT8i3sM/E7Kq
+-----END PRIVATE KEY-----
diff --git a/Workbench/comanage/container_files/system/setservername.sh b/Workbench/comanage/container_files/system/setservername.sh
new file mode 100644
index 0000000..6b16d28
--- /dev/null
+++ b/Workbench/comanage/container_files/system/setservername.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+files="/etc/shibboleth/idp-metadata.xml"
+
+for file in $files
+  do
+    sed -i "s|__CSPHOSTNAME__|$CSPHOSTNAME|g" $file
+  done
\ No newline at end of file
diff --git a/Workbench/comanage_data/Dockerfile b/Workbench/comanage_data/Dockerfile
new file mode 100644
index 0000000..6d0993a
--- /dev/null
+++ b/Workbench/comanage_data/Dockerfile
@@ -0,0 +1,8 @@
+FROM tier/mariadb:mariadb10
+
+ENV MYSQL_DATABASE registry
+ENV MYSQL_USER registry_user
+ENV MYSQL_PASSWORD 123321
+ENV MYSQL_DATADIR /var/lib/mysqlmounted
+#ENV AFTER_FIRST_TIME_SQL /seed-data/persons-and-courses.sql
+
diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml
index fadd384..080b8f5 100644
--- a/Workbench/docker-compose.yml
+++ b/Workbench/docker-compose.yml
@@ -175,6 +175,20 @@ services:
     environment:
      - CREATE_NEW_DATABASE=if_needed
 
+  comanage_data:
+    build: ./comanage_data
+    ports:
+     - 23306:3306
+    networks:
+      net:
+        aliases:
+         - comanage-data
+    volumes:
+     - comanage_mysql:/var/lib/mysql
+     - comanage_data:/var/lib/mysqlmounted
+    environment:
+     - CREATE_NEW_DATABASE=if_needed
+
   midpoint_data:
     image: tier/mariadb:mariadb10
     ports:
@@ -274,7 +288,7 @@ services:
      - net
     ports:
      - 443:443
-
+     
   wordpress_server:
     build: ./wordpress_server/
     container_name: wordpress_server
@@ -299,7 +313,18 @@ services:
       - wordpress_data:/var/lib/mysql
     ports:
       - 3306
-
+  comanage:
+    build: 
+      context: ./comanage/
+      args:
+        - CSPHOSTNAME
+    environment:
+     - ENV
+     - USERTOKEN
+    networks:
+     - net
+    ports:
+     - 11443:443
 
 networks:
   net:    
@@ -334,6 +359,8 @@ secrets:
 volumes:
   grouper_data:
   source_data:
+  comanage_data:
+  comanage_mysql:
   source_mysql:
   target_data:
   ldap:
diff --git a/Workbench/webproxy/container_files/httpd/index.html b/Workbench/webproxy/container_files/httpd/index.html
index 738e986..f503cc4 100644
--- a/Workbench/webproxy/container_files/httpd/index.html
+++ b/Workbench/webproxy/container_files/httpd/index.html
@@ -12,7 +12,7 @@ <h3>Welcome to the InCommon TAP Workbench!</h3>
 <li><a href="https://__CSPHOSTNAME__/grouperSSO/Shibboleth.sso/Status" target="TAP-WB-SP">Shibboleth SP</a></li>
 <li><a href="https://__CSPHOSTNAME__/grouper" target="TAP-WB-GROUPER">Grouper</a></li>
 <li><a href="https://__CSPHOSTNAME__/midpoint" target="TAP-WB-MIDPOINT">midPoint</a></li>
-<li>COmanage (coming soon)</li>
+<li><a href="https://__CSPHOSTNAME__/registry" target="TAP-WB-COMANAGE">COmanage</a></li>
 </ul>
  In addition, the following applications are available:
 <ul>
diff --git a/Workbench/webproxy/container_files/httpd/proxy.conf b/Workbench/webproxy/container_files/httpd/proxy.conf
index 4530105..bb6ec23 100644
--- a/Workbench/webproxy/container_files/httpd/proxy.conf
+++ b/Workbench/webproxy/container_files/httpd/proxy.conf
@@ -38,6 +38,5 @@ ProxyPassReverse /ldapadmin https://directory/ldapadmin
 ProxyPass /phpmyadmin https://directory/phpmyadmin
 ProxyPassReverse /phpmyadmin https://directory/phpmyadmin
 
-ProxyPass /comanage https://comanage/
-ProxyPassReverse /comanage https://comanage/
-
+ProxyPass /registry https://comanage/registry
+#ProxyPassReverse /comanage https://comanage/