diff --git a/auth/Dockerfile b/auth/Dockerfile
deleted file mode 100644
index 896601fb377a64987f89abaf6ebe62c66296e293..0000000000000000000000000000000000000000
--- a/auth/Dockerfile
+++ /dev/null
@@ -1,5 +0,0 @@
-FROM unicon/shibboleth-sp:3.0.4
-
-COPY shibboleth-conf /etc/shibboleth/
-COPY index.html /var/www/html/
-COPY etc-httpd/ /etc/httpd/
diff --git a/auth/shibboleth-conf/shibboleth2.xml b/auth/shibboleth-conf/shibboleth2.xml
deleted file mode 100644
index 342e057e6200ffdb53c2747364b4482045529a30..0000000000000000000000000000000000000000
--- a/auth/shibboleth-conf/shibboleth2.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<SPConfig xmlns="urn:mace:shibboleth:3.0:native:sp:config"
-xmlns:conf="urn:mace:shibboleth:3.0:native:sp:config"
-clockSkew="180">
-<OutOfProcess tranLogFormat="%u|%s|%IDP|%i|%ac|%t|%attr|%n|%b|%E|%S|%SS|%L|%UA|%a" />
-<ApplicationDefaults entityID="https://samplesp3.eo.esa.int/shibboleth"
-REMOTE_USER="eppn subject-id pairwise-id persistent-id"
-cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSL
-v2:!SSLv3:!TLSv1:!TLSv1.1">
-<Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
-checkAddress="false" handlerSSL="true" cookieProps="https">
-<SSO entityID="https://eo-sso-idp.eo.esa.int:443/shibboleth"
-discoveryProtocol="SAMLDS" discoveryURL="https://ds.example.org/DS/WAYF">
-SAML2
-</SSO>
-<Logout>SAML2 Local</Logout>
-<LogoutInitiator type="Admin" Location="/Logout/Admin" acl="127.0.0.1 ::1" />
-<Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
-<Handler type="Status" Location="/Status" acl="127.0.0.1 ::1 192.168.24.1/24"/>
-<Handler type="Session" Location="/Session" showAttributeValues="false"/>
-<Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
-</Sessions>
-<Errors supportContact="root@samplesp3.eo.esa.int"
-helpLocation="/about.html"
-styleSheet="/shibboleth-sp/main.css"/>
-<MetadataProvider type="XML" validate="false" path="idp-metadata.xml"/>
-<AttributeExtractor type="XML" validate="true" reloadChanges="false"
-path="attribute-map.xml"/>
-<AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
-<CredentialResolver type="File" use="signing"
-key="sp-signing-key.pem" certificate="sp-signing-cert.pem"/>
-<CredentialResolver type="File" use="encryption"
-key="sp-encrypt-key.pem" certificate="sp-encrypt-cert.pem"/>
-</ApplicationDefaults>
-<SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
-<ProtocolProvider type="XML" validate="true" reloadChanges="false"
-path="protocols.xml"/>
-</SPConfig>
\ No newline at end of file
diff --git a/shibauth/Dockerfile b/shibauth/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..a1c6d7660c43fa132b1d1e4a457b240f091ce835
--- /dev/null
+++ b/shibauth/Dockerfile
@@ -0,0 +1,39 @@
+#------------------------------------------------------------------------------
+#
+# Project: prism view server
+# Authors: Stephan Meissl <stephan.meissl@eox.at>
+#
+#------------------------------------------------------------------------------
+# Copyright (C) 2020 EOX IT Services GmbH <https://eox.at>
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies of this Software or works derived from this Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+#-----------------------------------------------------------------------------
+
+FROM unicon/shibboleth-sp:3.0.4
+
+MAINTAINER EOX
+LABEL name="prism view server cache" \
+ vendor="EOX IT Services GmbH <https://eox.at>" \
+ license="MIT Copyright (C) 2019 EOX IT Services GmbH <https://eox.at>" \
+ type="prism view server shibauth" \
+ version="0.0.1"
+
+COPY shibboleth-conf /etc/shibboleth/
+COPY index.html /var/www/html/
+COPY conf.d /etc/httpd/etc-httpd/
diff --git a/auth/etc-httpd/conf.d/sp.conf b/shibauth/conf.d/sp.conf
similarity index 77%
rename from auth/etc-httpd/conf.d/sp.conf
rename to shibauth/conf.d/sp.conf
index 92bbe24aa93be1060dce0ecfecef0307a50cb08f..091f85e98444da0aca5748330850e23e63682676 100644
--- a/auth/etc-httpd/conf.d/sp.conf
+++ b/shibauth/conf.d/sp.conf
@@ -5,6 +5,10 @@ ServerName idptestbed
UseCanonicalName On
DocumentRoot "/var/www/html"
+ <Location /Shibboleth.sso>
+ Satisfy Any
+ Allow from all
+ </Location>
<Location />
AuthType shibboleth
diff --git a/auth/index.html b/shibauth/index.html
similarity index 100%
rename from auth/index.html
rename to shibauth/index.html
diff --git a/auth/shibboleth-conf/attribute-map.xml b/shibauth/shibboleth-conf/attribute-map.xml
similarity index 100%
rename from auth/shibboleth-conf/attribute-map.xml
rename to shibauth/shibboleth-conf/attribute-map.xml
diff --git a/auth/shibboleth-conf/idp-metadata.xml b/shibauth/shibboleth-conf/idp-metadata.xml
similarity index 100%
rename from auth/shibboleth-conf/idp-metadata.xml
rename to shibauth/shibboleth-conf/idp-metadata.xml
diff --git a/shibauth/shibboleth-conf/shibboleth2.xml b/shibauth/shibboleth-conf/shibboleth2.xml
new file mode 100644
index 0000000000000000000000000000000000000000..f890b39c7d687137579b48702a88dfd059c8eb6c
--- /dev/null
+++ b/shibauth/shibboleth-conf/shibboleth2.xml
@@ -0,0 +1,125 @@
+<SPConfig xmlns="urn:mace:shibboleth:3.0:native:sp:config"
+ xmlns:conf="urn:mace:shibboleth:3.0:native:sp:config"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+ clockSkew="180">
+
+ <!--
+ By default, in-memory StorageService, ReplayCache, ArtifactMap, and SessionCache
+ are used. See example-shibboleth2.xml for samples of explicitly configuring them.
+ -->
+
+ <!--
+ To customize behavior for specific resources on Apache, and to link vhosts or
+ resources to ApplicationOverride settings below, use web server options/commands.
+ See https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPConfigurationElements for help.
+
+ For examples with the RequestMap XML syntax instead, see the example-shibboleth2.xml
+ file, and the https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPRequestMapHowTo topic.
+ -->
+
+ <!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
+ <ApplicationDefaults entityID="https://sp.idptestbed/shibboleth"
+ REMOTE_USER="eppn uid persistent-id targeted-id">
+
+ <!--
+ Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
+ You MUST supply an effectively unique handlerURL value for each of your applications.
+ The value defaults to /Shibboleth.sso, and should be a relative path, with the SP computing
+ a relative value based on the virtual host. Using handlerSSL="true", the default, will force
+ the protocol to be https. You should also set cookieProps to "https" for SSL-only sites.
+ Note that while we default checkAddress to "false", this has a negative impact on the
+ security of your site. Stealing sessions via cookie theft is much easier with this disabled.
+ -->
+ <Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
+ checkAddress="false" handlerSSL="true" cookieProps="https">
+
+ <!--
+ Configures SSO for a default IdP. To allow for >1 IdP, remove
+ entityID property and adjust discoveryURL to point to discovery service.
+ (Set discoveryProtocol to "WAYF" for legacy Shibboleth WAYF support.)
+ You can also override entityID on /Login query string, or in RequestMap/htaccess.
+ -->
+ <SSO entityID="https://idptestbed/idp/shibboleth">
+ SAML2 SAML1
+ </SSO>
+
+ <!-- SAML and local-only logout. -->
+ <Logout>SAML2 Local</Logout>
+
+ <!-- Extension service that generates "approximate" metadata based on SP configuration. -->
+ <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
+
+ <!-- Status reporting service. -->
+ <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>
+
+ <!-- Session diagnostic service. -->
+ <Handler type="Session" Location="/Session" showAttributeValues="false"/>
+
+ <!-- JSON feed of discovery information. -->
+ <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
+ </Sessions>
+
+ <!--
+ Allows overriding of error template information/filenames. You can
+ also add attributes with values that can be plugged into the templates.
+ -->
+ <Errors supportContact="admin@idptestbed"
+ helpLocation="/about.html"
+ styleSheet="/shibboleth-sp/main.css"/>
+
+ <!-- Example of remotely supplied batch of signed metadata. -->
+ <!--
+ <MetadataProvider type="XML" validate="true"
+ url="http://federation.org/federation-metadata.xml"
+ backingFilePath="federation-metadata.xml" reloadInterval="7200">
+ <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
+ <MetadataFilter type="Signature" certificate="fedsigner.pem"/>
+ <DiscoveryFilter type="Blacklist" matcher="EntityAttributes" trimTags="true"
+ attributeName="http://macedir.org/entity-category"
+ attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+ attributeValue="http://refeds.org/category/hide-from-discovery" />
+ </MetadataProvider>
+ -->
+
+ <!-- Example of locally maintained metadata. -->
+ <!--
+ <MetadataProvider type="XML" validate="true" path="partner-metadata.xml"/>
+ -->
+
+ <MetadataProvider type="XML" validate="true" path="idp-metadata.xml"/>
+
+ <!-- Map to extract attributes from SAML assertions. -->
+ <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>
+
+ <!-- Use a SAML query if no attributes are supplied during SSO. -->
+ <AttributeResolver type="Query" subjectMatch="true"/>
+
+ <!-- Default filtering policy for recognized attributes, lets other data pass. -->
+ <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
+
+ <!-- Simple file-based resolver for using a single keypair. -->
+ <CredentialResolver type="File" key="sp-signing-key-test.pem" certificate="sp-encrypt-cert-test.pem"/>
+
+ <!--
+ The default settings can be overridden by creating ApplicationOverride elements (see
+ the https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApplicationOverride topic).
+ Resource requests are mapped by web server commands, or the RequestMapper, to an
+ applicationId setting.
+
+ Example of a second application (for a second vhost) that has a different entityID.
+ Resources on the vhost would map to an applicationId of "admin":
+ -->
+ <!--
+ <ApplicationOverride id="admin" entityID="https://admin.example.org/shibboleth"/>
+ -->
+ </ApplicationDefaults>
+
+ <!-- Policies that determine how to process and authenticate runtime messages. -->
+ <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
+
+ <!-- Low-level configuration about protocols and bindings available for use. -->
+ <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
+
+</SPConfig>
\ No newline at end of file
diff --git a/auth/shibboleth-conf/shibd.logger b/shibauth/shibboleth-conf/shibd.logger
similarity index 100%
rename from auth/shibboleth-conf/shibd.logger
rename to shibauth/shibboleth-conf/shibd.logger