friedrta
diff --git a/‎docker/Dockerfile
+2-2 b/‎docker/Dockerfile
+2-2
diff --git a/‎docker/README.md
+10-10 b/‎docker/README.md
+10-10
diff --git a/‎docker/entrypoint.sh
+13 b/‎docker/entrypoint.sh
+13
diff --git a/‎docs/Clustering_Guide_Linux.md
+14-14 b/‎docs/Clustering_Guide_Linux.md
+14-14
@@ -51,8 +51,8 @@ RUN yum -y install wget unzip libaio java-1.8.0-openjdk ncurses-compat-libs rng-
     wget https://repo1.maven.org/maven2/fish/payara/distributions/payara/5.2020.7/payara-5.2020.7.zip -q &&\
     wget https://downloads.mariadb.com/Connectors/java/connector-java-2.2.6/mariadb-java-client-2.2.6.jar -q &&\
     wget https://download-ib01.fedoraproject.org/pub/epel/7/x86_64/Packages/j/jemalloc-3.6.0-1.el7.x86_64.rpm -q &&\
-    wget https://github.com/StrongKey/fido2/raw/master/fido2server-v4.4.0-dist.tgz -q &&\
-    tar xzf fido2server-v4.4.0-dist.tgz
+    wget https://github.com/StrongKey/fido2/raw/master/fido2server-v4.4.1-dist.tgz -q &&\
+    tar xzf fido2server-v4.4.1-dist.tgz
 
 # Create necessary directories
 RUN mkdir -p ${STRONGKEY_HOME}/certs ${STRONGKEY_HOME}/Desktop ${STRONGKEY_HOME}/dbdumps ${STRONGKEY_HOME}/lib ${STRONGKEY_HOME}/bin ${STRONGKEY_HOME}/appliance/etc ${STRONGKEY_HOME}/crypto/etc ${SKFS_HOME}/etc ${SKFS_HOME}/keystores ${STRONGKEY_HOME}/skce/etc
 
@@ -1,10 +1,10 @@
 
-# StrongKey FIDO Server (SKFS), Community Edition, Dockerized
+# FIDO2 Server, Community Edition, Dockerized
 ## Overview:
-This branch contains a Dockerized version of the FIDO(R) Certified [StrongKey FIDO Server (SKFS), Community Edition](https://github.com/StrongKey/fido2). This implementation allows for the creation of a FIDO2 server within a container, which allows for the ability to be deployed in any environment. This README will focus on the Docker portion of SKFS; please refer to the main [README](https://github.com/StrongKey/fido2) for anything related to the FIDO side of the server.
+This branch contains a Dockerized version of StrongKey's Certified FIDO2 Server, Community Edition. This implementation allows for the creation of a FIDO2 server within a container, which allows for the ability to be deployed in any environment. This README will focus on the Docker portion of the StrongKey FIDO2 Server; please refer to the main [README](https://github.com/StrongKey/fido2) for anything related to the FIDO side of the server.
 
 ## Prerequisites: Host machine/VM
-Docker must be installed and enabled to build and use the SKFS image.
+Docker must be installed and enabled to build and use the StrongKey FIDO2 Server image.
 It is recommended that you have a machine or VM with the following minimum requirements:
 
 * 10 GB storage
@@ -15,26 +15,26 @@ These values are also the recommended minimums for each container. CPUs and memo
 The host machine's firewall should open port 8181 (or the port bound to the Docker container's port 8181) as well as ports 7001-7003 if clustering containers.
 
 ## Prerequisites: External DB and LDAP/AD
-In this specific version of the Dockerized SKFS, both the  MySQL database and LDAP are not included, so an external MySQL 5 database and LDAP/AD are required for setup. The containers can be configured to use the external database and LDAP/AD in the *base64-input.sh* script.
+In this specific version of the Dockerized StrongKey FIDO2 Server, both the  MySQL database and LDAP are not included, so an external MySQL 5 database and LDAP/AD are required for setup. The containers can be configured to use the external database and LDAP/AD in the *base64-input.sh* script.
 
-The database configuration should be sourced from SKFS's *create.txt* in the server's [*fidoserverSQL* directory](https://github.com/StrongKey/fido2/tree/master/server/fidoserverInstall/fidoserverSQL). Additionally, any database insert commands found in the _install-skfs.sh_ from a regular SKFS should be performed on this database.
+The database configuration should be sourced from the FIDO2 Server's *create.txt* in the server's [*fidoserverSQL* directory](https://github.com/StrongKey/fido2/tree/master/server/fidoserverInstall/fidoserverSQL). Additionally, any database insert commands found in the install-skfs.sh from a regular StrongKey FIDO2 Server should be performed on this database.
 
-The external LDAP/AD must be configured in the same way as a normal SKFS, as described in the distribution's *.ldif* files.
+Theexternal LDAP/AD must be configured in the same way as a normal FIDO2 Server as described in the distribution's *.ldif* files.
 
 ## Getting Started
 1. **Build the image**.
 	```sh
 	[sudo] docker build -t fidoserver .
 	```
-2. **Configure the image settings**. Here you may configure the external LDAP/AD database and clustering.
+2. **Configure the image settings**. Here you may configure the external LDAP/AD database, and clustering.
 	```sh
 	vi base64-input.sh
 	```
-3. Get the base64 input for the container. **Save the output** of the *base64-input.sh* script somewhere for the next step.
+3. Get base64 input for the container. **Save the output** of the *base64-input.sh* script somewhere for the next step.
 	```sh
 	./base64-input.sh
 	```
-4. **Run the image in a container** with the output from the *base64-input.sh* script as its only argument. The hostname flag (_-h_) and bound port 8181 are necessary. To debug any issues with GlassFish, it may be a good idea to remove the _-d_ (detach) flag to be able to view the logs
+4. **Run the image in a container** with the output from the *base64-input.sh* script as its only argument. The hostname flag (-h) and bound port 8181 are necessary. To debug any issues with glassfish, it may be a good idea to remove the -d (detach) flag to be able to view the logs
 	```sh
 	[sudo] docker run -dit -h fido01.strongkey.com -p 8181:8181 fidoserver <base64-input>
 	```
@@ -50,7 +50,7 @@ To enter into a bash terminal within the container, perform the following additi
 	```
 
 ## Clustering
-For replication to work properly when clustering, open ports 7001-7003 on the container when running it. For example, 
+When clustering,  for replication to work properly, open ports 7001-7003 on the container when running it. For example, 
 ```sh
 [sudo] docker run -dit -h fido01.strongkey.com -p 8181:8181 -p 7001-7003:7001-7003 fidoserver <base64-input>
 ```
 
@@ -36,10 +36,23 @@ JWT_DID="${args[16]}"
 JWT_KEYSTORE_PASS="${args[17]}"
 JWT_KEY_VALIDITY="${args[18]}"
 
+# SKFS Default Vars
+FIDOSERVER_VERSION=4.4.1
+ALLOW_USERNAME_CHANGE=false
+
+
 # Start glassfish
 echo "Starting glassfish..."
 $GLASSFISH_HOME/bin/asadmin start-domain || { echo 'Failed to start domain' ; exit 1; }
 
+# Configure SKFS
+mkdir -p $STRONGKEY_HOME/fido
+touch $STRONGKEY_HOME/fido/VersionFidoServer-$FIDOSERVER_VERSION
+
+cat >> $STRONGKEY_HOME/skfs/etc/skfs-configuration.properties <<- EOFSKFSCONF
+skfs.cfg.property.allow.changeusername=$ALLOW_USERNAME_CHANGE
+EOFSKFSCONF
+
 # Configure AD
 echo "Configuring Active Directory..."
 cat >> $STRONGKEY_HOME/appliance/etc/appliance-configuration.properties <<- EOFAPPCONF
 
@@ -1,8 +1,8 @@
 # StrongKey FIDO Server (SKFS), Community Edition for Linux
 
-## Cluster Installation
+## Clustered Installation
 
-StrongKey FIDO Server can be clustered with multiple nodes to deliver high availability (HA) across a local area network (LAN) and/or disaster recovery (DR) on a wide area network (WAN). No additonal software is required to enable these features because StrongKey has enabled this capability as a **standard** feature in SKFS. Furthermore, with multiple nodes processing FIDO2 transactions at the same time, the SKFS cluster can deliver higher throughput to multiple web applications that use this server. This document guides you through setting up an SKFS cluster with two nodes, as depicted in the image below.
+StrongKey FIDO Server can be clustered with multiple nodes to deliver _high availability (HA)_ across a _local area network (LAN)_ and/or _disaster recovery (DR)_ on a _wide area network (WAN)_. No additonal software is required to enable these features because StrongKey has enabled this capability as a **standard** feature in SKFS. Furthermore, with multiple nodes processing FIDO2 transactions at the same time, the SKFS cluster can deliver higher throughput to multiple web applications that use this server. This document guides you through setting up an SKFS cluster with two nodes, as depicted in the image below.
 
 **The clustering capability in SKFS only applies to the FIDO2 capability**. Web applications that use SKFS must make their own arrangements to deliver HA and/or DR independent of SKFS. The sample application used here to demonstrate FIDO2 clustering will, itself, not be highly available, but demonstrates that the web application can use either or both SKFS nodes in this HA configuration.
 
@@ -14,17 +14,17 @@ While it is possible to add more than two nodes to the cluster, IT architects wi
 
 ## Prerequisites
 
-1. **Two (2)** virtual machines (VMs) for the FIDO2 Servers, running the current version of CentOS Linux 7.x, with fully qualified domain names (FQDN) and internet protocol (IP) addresses
-2. **One (1)** virtual machine for the load-balancer, running HAProxy version 1.5.18 software on the current version of CentOS Linux 7.x with an FQDN and an IP address
-3. **One (1)** virtual machine for the StrongKey sample Proof-of-Concept web application from this GitHub repository, also running on the current version of CentOS Linux 7.x with an FQDN and an IP address
+1. **Two (2)** _virtual machines (VMs)_ for the FIDO2 Servers, running the current version of CentOS Linux 7.x, with _fully qualified domain names (FQDN)_ and _internet protocol (IP)_ addresses
+2. **One (1)** VM for the load-balancer, running HAProxy version 1.5.18 software on the current version of CentOS Linux 7.x with an FQDN and an IP address
+3. **One (1)** VM for the StrongKey sample Proof-of-Concept web application from this GitHub repository, also running on the current version of CentOS Linux 7.x with an FQDN and an IP address
 
 **NOTE:** This document assumes you are setting up this cluster with all nodes connected to a single ethernet switch. If your intent is to do a more realistic test, you should plan on using VMs with multiple network interfaces connected to different switches to isolate traffic to the appropriate segments as you might except in a more real-world environment.
 
 
-## Setting up the Cluster
+## Cluster Setup
 
 1. Using the installation steps [here](../docs/Installation_Guide_Linux.md), install and configure the two FIDO2 Server VMs **as if they were individual FIDO2 Servers, but do NOT install any web applications to test out the FIDO2 Server at this point**; we will do this later.
-2. For each server **determine the FQDN and assign it a unique Server ID**. A _Server id (SID)_ is a numeric value that uniquely identifies a node within the cluster. Conventionally, StrongKey cluster SIDs begin with the numeral **1** and continue incrementally for each node in the cluster. In the current setup, the following values are used:
+2. For each server **determine the FQDN and assign it a unique Server ID**. A _Server ID (SID)_ is a numeric value that uniquely identifies a node within the cluster. Conventionally, StrongKey cluster SIDs begin with the numeral **1** and continue incrementally for each node in the cluster. In the current setup, the following values are used:
 
 	|  SID  |  FQDN  |
 	|  --  |  --  |
@@ -37,12 +37,12 @@ While it is possible to add more than two nodes to the cluster, IT architects wi
 
 	b. If DNS **is configured**, make sure that it is configured for **forward and reverse** lookups&mdash;meaning that it should be possible to resolve the IP address using the FQDN, as well as resolve the FQDN using the IP address doing a reverse lookup. Without the reverse resolution, services in the Payara application server configuration will not work correctly.
 
-	If Domain Name Service (DNS) **is not configured**, add the following entries to the **_/etc/hosts_** file to identify the cluster nodes. Use a text editor such as _vi_ to modify the _/etc/hosts_ file. For the two-node cluster, add the following to the end of the _hosts_ file, substituting the _strongkey.com_ domain name for your own environment:
+	If _Domain Name Service (DNS)_ **is not configured**, add the following entries to the **_/etc/hosts_** file to identify the cluster nodes. Use a text editor such as _vi_ to modify the _/etc/hosts_ file. For the two-node cluster, add the following to the end of the _hosts_ file, substituting the _strongkey.com_ domain name for your own environment:
 		
 		<ip-fidoserver1>	fidoserver1.strongkey.com fidoserver1
 		<ip-fidoserver2>	fidoserver2.strongkey.com fidoserver2
 
-	c. **Modify the firewall** configuration to open ports 7001, 7002, and 7003 to accept connections between _just the FIDO2 Servers_ to enable multi-way replication. Run the following command once for each cluster node's IP address (substituting for \<ip-target-fidoserver\>). 
+	c. **Modify the firewall** configuration to open ports 7001, 7002, and 7003 to accept connections between _just the FIDO2 Servers_ to enable multi-way replication. Run the following command once for each cluster node's IP address (substituting for _\<ip-target-fidoserver\>_). 
 
 	**Do _not_ execute this command for the IP address of the cluster node on which you are executing the command itself**. It is not necessary to open the node's ports on the firewall for itself since the replication module in the FIDO2 Server does not need to replicate to itself.
 
@@ -82,7 +82,7 @@ While it is possible to add more than two nodes to the cluster, IT architects wi
 
         mysql> exit
 
- 	g. **Import the self-signed certificates** generated as part of the SKFS installation into the Payara Application Server's truststore&mdash;this is necessary to ensure that replication between the SKFS nodes occurs over a trusted Transport Layer Security (TLS) connection. Execute the _certimport.sh_ script included in the _/usr/local/strongkey/bin_ directory to import the certificate.
+ 	g. **Import the self-signed certificates** generated as part of the SKFS installation into the Payara Application Server's truststore&mdash;this is necessary to ensure that replication between the SKFS nodes occurs over a trusted _Transport Layer Security (TLS)_ connection. Execute the _certimport.sh_ script included in the _/usr/local/strongkey/bin_ directory to import the certificate.
 
 	 	shell> /usr/local/strongkey/bin/certimport.sh fidoserver1.strongkey.com -kGLASSFISH
 	 	shell> /usr/local/strongkey/bin/certimport.sh fidoserver2.strongkey.com -kGLASSFISH
@@ -96,7 +96,7 @@ While it is possible to add more than two nodes to the cluster, IT architects wi
 
 ## Install HAProxy Load Balancer
 
-High availability (HA) is enabled for applications by inserting a _load balancer_ between components of the infrastructure, such as between the web application and the two SKFS nodes of this configuration. The load balancer determines which target server is available to receive application connections, and distributes application requests to the appropriate target server.
+HA is enabled for applications by inserting a _load balancer_ between components of the infrastructure, such as between the web application and the two SKFS nodes of this configuration. The load balancer determines which target server is available to receive application connections, and distributes application requests to the appropriate target server.
 
 SKFS has been tested with the open-source HAProxy load balancer, part of the standard CentOS Linux distribution. It is conceivable that SKFS will work with other load balancers; please contact us to discuss your needs.
 
@@ -171,7 +171,7 @@ If it is set to _enforcing_, change it to _permissive_ by running the following
     shell> setenforce 0
 
 
-## Testing the FIDO2 Server Cluster with a Sample Web Application
+## Testing the SKFS Cluster with a Sample Web Application
 
 To test the cluster with a sample web application, provision the fourth VM to install the sample application and follow the steps [here](https://github.com/StrongKey/fido2/tree/master/sampleapps/java/poc) to install the **StrongKey Proof of Concept (PoC) Java Application**. When installing the PoC application, make sure that you **follow the steps to NOT install it with SKFS on the VM**; because you already have an SKFS cluster setup following this document, there is no need for an additional SKFS.
 
@@ -199,11 +199,11 @@ e. Open a browser to the appropriate URL to **access the PoC application** on th
 
     https://<PoC-VM-FQDN>:8181
 
-## Simulating Node Failures in the FIDO2 Server Cluster
+## Simulating Node Failures in the SKFS Cluster
 
 Following are several methods to simulate failures of an SKFS node within the cluster for verification purposes:
 
- 1. Remove the ethernet cable from one of the SKFS nodes.
+ 1. Remove the Ethernet cable from one of the SKFS nodes.
  2. Shut down the Payara Applicatiion Server on one of the SKFS nodes.
  3. Close port 8181 by disabling the firewall rule that accepts connections on SKFS.
  4. Modify the configuration of HAProxy on the load balancer to remove one of the SKFS nodes.