diff --git a/roles/karaage3.1.17/tasks/karaage.yml b/roles/karaage3.1.17/tasks/karaage.yml
index e406942b0b9652149aa128985b208398af6497cb..c96fbe186fa495017ae8c796c90c823a658b164e 100644
--- a/roles/karaage3.1.17/tasks/karaage.yml
+++ b/roles/karaage3.1.17/tasks/karaage.yml
@@ -95,6 +95,13 @@
   template: src=karaage3-wsgi.conf.j2 dest=/etc/apache2/conf-available/karaage3-wsgi.conf
   sudo: true
 
+- name: install karaage3-wsgi.conf
+  template: src=index.html.j2 dest=/var/www/index.html
+  sudo: true
+
+- name: install karaage3-wsgi.conf
+  template: src=kg-idps.j2 dest=/usr/bin/kg-idps mode=755
+  sudo: true
 -
  name: "enabling Karaage configuration"
  shell: a2enconf karaage3-wsgi
@@ -131,6 +138,11 @@
  sudo: true
  when: karaage_db_init.stdout.find("0") == 0
 
+#-
+# name: "Create IDP institutes (disable it as cache is not available)"
+# shell: kg-idps  
+# sudo: true
+
 - name: install postfix
   apt: name=postfix state=present
   sudo: true
@@ -152,4 +164,7 @@
  sudo: true
  when: ansible_os_family == "RedHat"
 
+- name: "Start cron job for creating idps"
+  cron: name=idps job=/usr/bin/kg-idps user=root day=*/1 state=present
+  sudo: true
 
diff --git a/roles/karaage3.1.17/templates/index.html.j2 b/roles/karaage3.1.17/templates/index.html.j2
new file mode 100644
index 0000000000000000000000000000000000000000..4e1fda227b355c5e60c9f80b410a7873d07ca4ec
--- /dev/null
+++ b/roles/karaage3.1.17/templates/index.html.j2
@@ -0,0 +1,4 @@
+<html><body><h3>HPC identity management</h3>
+<p>To log in via AAF authentication, connect to <a href=https://{{ ansible_fqdn }}/aafbootstrap>aafbootstrap</a></p>
+<p>To log in without AAF authentication, connect to <a href=https://{{ ansible_fqdn }}/users>users</a></p>
+</body></html>
diff --git a/roles/karaage3.1.17/templates/karaage3-wsgi.conf.j2 b/roles/karaage3.1.17/templates/karaage3-wsgi.conf.j2
index 9ce8c092c1a7bcd2969bd33df724b9346af2d18e..e2c20ae5fa4a124cbaad448a6c3752956bfdd231 100644
--- a/roles/karaage3.1.17/templates/karaage3-wsgi.conf.j2
+++ b/roles/karaage3.1.17/templates/karaage3-wsgi.conf.j2
@@ -1,6 +1,7 @@
 #-*-apache-*-
 
 WSGIScriptAlias /karaage /etc/karaage3/karaage.wsgi
+WSGIScriptAlias /aafbootstrap /etc/karaage3/karaage.wsgi
 <IfVersion >= 2.4>
     <Directory /etc/karaage3>
         <Files karaage.wsgi>
@@ -12,6 +13,7 @@ WSGIScriptAlias /karaage /etc/karaage3/karaage.wsgi
 # support old URLs.
 Redirect permanent /kgadmin /karaage
 Redirect permanent /users /karaage
+Redirect permanent /aafbootstrap /karaage/aafbootstrap
 
 Alias /kgstatic "/var/lib/karaage3/static"
 <Location "/kgstatic">
@@ -29,7 +31,7 @@ Alias /kgfiles "/var/cache/karaage3/files"
     </IfVersion>
 </Location>
 
-<Location /karaage>
+<Location /karaage/aafbootstrap>
 AuthType Shibboleth
 ShibRequireSession On
 ShibUseHeaders On
diff --git a/roles/karaage3.1.17/templates/kg-idps.j2 b/roles/karaage3.1.17/templates/kg-idps.j2
new file mode 100755
index 0000000000000000000000000000000000000000..ad4df9e21c2676af7a7a174105e2ca696c952012
--- /dev/null
+++ b/roles/karaage3.1.17/templates/kg-idps.j2
@@ -0,0 +1,76 @@
+#!/usr/bin/python
+
+import os
+import django
+os.environ['DJANGO_SETTINGS_MODULE'] = "karaage.conf.settings"
+
+def get_idps_from_metadata():
+    import xml.etree.ElementTree as ET
+    tree = ET.parse('/var/cache/shibboleth/metadata.aaf.xml')
+    root=tree.getroot()
+    idps=[]
+    for entity in root.findall("{urn:oasis:names:tc:SAML:2.0:metadata}EntityDescriptor"):
+        idp=False
+        # %s"%entity.attrib['entityID']
+        for idp in entity.findall('{urn:oasis:names:tc:SAML:2.0:metadata}IDPSSODescriptor'):
+            idp=True
+        if idp:
+            for o in entity.findall('{urn:oasis:names:tc:SAML:2.0:metadata}Organization'):
+                for c in o.findall('{urn:oasis:names:tc:SAML:2.0:metadata}OrganizationDisplayName'):
+                    idps.append({'entityID':entity.attrib['entityID'],'name':c.text})
+        
+    return idps
+
+def get_next_idp_group():
+    from karaage.people.models import Group
+    i=-1
+    available=False
+    nextgroup=None
+    groupname='idpgroup{idx}'
+    while not available:
+        i=i+1
+        try:
+            group =Group.objects.get(name=groupname.format(idx=i))
+        except Group.DoesNotExist:
+            available=True
+            nextgroup=groupname.format(idx=i)
+    return nextgroup
+
+
+def get_or_create_idp(entityID,name):
+    print "get_or_create %s"%name
+    from karaage.institutes.forms import InstituteForm
+    from karaage.institutes.models import Institute
+    from karaage.people.models import Group
+    try:
+        Institute.objects.get(saml_entityid=entityID)
+        return
+    except Institute.DoesNotExist:
+        print "does not exists, creating"
+        groupname=get_next_idp_group()
+        group, _ =Group.objects.get_or_create(name=groupname)
+        institute=Institute(name=name,group=group,saml_entityid=entityID,is_active=True)
+        institute.save()
+#
+#        d={}
+#        d['name']=name
+#        d['group_id']=group
+#        d['saml_entityid']=entityID
+#        d['is_active']=True
+#        form=InstituteForm(d)
+#        if form.is_valid():
+#            print "tying to save"
+#            form.save()
+#        else:
+#            print "form not valid"
+#            print dir(form)
+#            #print "not actually saving my form"
+
+django.setup()
+idps = get_idps_from_metadata()
+for idp in idps:
+    try:
+        get_or_create_idp(entityID=idp['entityID'],name=idp['name'])
+    except:
+        pass
+
diff --git a/roles/karaage3.1.17/templates/settings.py.j2 b/roles/karaage3.1.17/templates/settings.py.j2
index ceb441480ac8dd5bfb897fa8da95b5c4e7bc6b26..7c4d2ad2c9fd5f2f87c2b0a2f22b7560aa235edf 100644
--- a/roles/karaage3.1.17/templates/settings.py.j2
+++ b/roles/karaage3.1.17/templates/settings.py.j2
@@ -82,6 +82,13 @@ MANAGERS = ADMINS
 DEFAULT_PROJECT_PID = "{{ defaultProject }}"
 DEFAULT_MACHINE_CATEGORY_NAME = "{{ defaultMachineCategory }}"
 {% endif %}
+DEFAULT_INSTITUTE_NAME = "Monash University"
+DEFAULT_PROJECTS = [
+{"project_name": "MCC2", "pid": "pMcc2", "institute_name": "Monash University"},
+{"project_name": "MCC3", "pid": "pMcc3", "institute_name": "Monash University"},
+{"project_name": "MASSIVE", "pid": "pMassive", "institute_name": "Monash University"},
+{"project_name": "CVL", "pid": "pCvl", "institute_name": "Monash University"}
+]
 
 # A dictionary containing the settings for all databases to be used with
 # Django. It is a nested dictionary whose contents maps database aliases to a
diff --git a/roles/shibboleth-sp/templates/attribute-map.xml.j2 b/roles/shibboleth-sp/templates/attribute-map.xml.j2
index b25ca20e519c99ba45852d94c5d795bcc7669cab..1910ba1bf725266984e82a6cd9b0c575a22cfd03 100644
--- a/roles/shibboleth-sp/templates/attribute-map.xml.j2
+++ b/roles/shibboleth-sp/templates/attribute-map.xml.j2
@@ -85,7 +85,7 @@
     <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.6.1.2" id="eduCourseMember"/>
     -->
    <!-- Added BY Shahaan -->
-	<Attribute name="urn:oid:2.5.4.3" id="commonName"/>
+	<Attribute name="urn:oid:2.5.4.3" id="cn"/>
 	<Attribute name="urn:oid:2.5.4.4" id="sn"/>
 	<Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/>
 	<Attribute name="urn:oid:2.5.4.42" id="givenName"/>
diff --git a/roles/slurm-common/templates/nhc.sysconfig.j2 b/roles/slurm-common/templates/nhc.sysconfig.j2
index df7125af6522d7d71e2773d2b0696b952858a8fa..1a8faf38e69de20e38c28ae8589e9fddeb1976f2 100644
--- a/roles/slurm-common/templates/nhc.sysconfig.j2
+++ b/roles/slurm-common/templates/nhc.sysconfig.j2
@@ -5,8 +5,8 @@ PATH={{ slurm_dir }}/bin:{{ nhc_dir }}/sbin:$PATH
 LOGFILE=/var/log/nhc.log
 LOG_LEVEL={{ nhc_log_level }}
 CONFFILE="{{ nhc_dir }}/etc/nhc/{{ nhc_config_file }}"
-NHC_EMAIL_TO={{ nhc_emails }}
-NHC_EMAIL_SUBJECT={{ nhc_email_subject }}
+NHC_EMAIL_TO="{{ nhc_emails }}"
+NHC_EMAIL_SUBJECT="{{ nhc_email_subject }}"
 NHC_LOOP_TIME="300"