diff --git a/api-server/src/main/java/org/gluu/oxtrust/api/server/api/impl/BaseWebResource.java b/api-server/src/main/java/org/gluu/oxtrust/api/server/api/impl/BaseWebResource.java
index e90c803114..8c4fa90ece 100644
--- a/api-server/src/main/java/org/gluu/oxtrust/api/server/api/impl/BaseWebResource.java
+++ b/api-server/src/main/java/org/gluu/oxtrust/api/server/api/impl/BaseWebResource.java
@@ -12,7 +12,7 @@
 @OpenAPIDefinition (
 	info = @Info (
 		title = "oxTrust API",
-		version = "4.5.3",
+		version = "4.5.4",
 		description = "This is an API for Gluu Server's oxTrust administrative interface. Go to https://gluu.org for more information",
 		termsOfService = "https://gluu.org/gluu-terms-and-conditions/",
 		contact = @Contact(url="https://support.gluu.org/",name="Gluu Support",email="support@gluu.org"),
diff --git a/api-server/src/main/java/org/gluu/oxtrust/api/server/api/impl/TrustRelationshipWebService.java b/api-server/src/main/java/org/gluu/oxtrust/api/server/api/impl/TrustRelationshipWebService.java
index 063800be06..e1d7fd7ec1 100644
--- a/api-server/src/main/java/org/gluu/oxtrust/api/server/api/impl/TrustRelationshipWebService.java
+++ b/api-server/src/main/java/org/gluu/oxtrust/api/server/api/impl/TrustRelationshipWebService.java
@@ -655,21 +655,7 @@ private String saveTR(GluuSAMLTrustRelationship trustRelationship) {
 
                 break;
             case MDQ:
-            	try {
-                    if (generateSpMetaDataFile(trustRelationship)) {
-                    	if (!update) {
-                            trustRelationship.setStatus(GluuStatus.ACTIVE);
-                        }
-                    } else {
-                        logger.error("Failed to generate MDQ SP meta-data file");
-                        return OxTrustConstants.RESULT_FAILURE;
-                    }
-                } catch (Exception ex) {
-                	logger.error("Failed to generate MDQ  SP certificate", ex);
-
-                    return "MDQ : Failed to generate MDQ SP meta-data file";
-                }
-
+            	//TODO: Implement MDQ Save
                 break;
             default:
 
@@ -1038,17 +1024,7 @@ else if (configuration.getSmtpConfiguration() == null
         }
     }
     
-    private boolean generateSpMetaDataFile(GluuSAMLTrustRelationship trustRelationship) {
-        String spMetadataFileName = trustRelationship.getSpMetaDataFN();
-
-        if (StringHelper.isEmpty(spMetadataFileName)) {
-            // Generate new file name
-            spMetadataFileName = shibboleth3ConfService.getSpNewMetadataFileName(trustRelationship);
-            trustRelationship.setSpMetaDataFN(spMetadataFileName);
-        }
-
-        return shibboleth3ConfService.generateMDQMetadataFile(trustRelationship);
-    }
+    
     
     private boolean saveSpMetaDataFileSourceTypeManual(GluuSAMLTrustRelationship trustRelationship , String metadataStr) throws IOException {
         String spMetadataFileName = trustRelationship.getSpMetaDataFN();
diff --git a/api-server/src/main/java/org/gluu/oxtrust/api/server/api/impl/TrustedIDPWebResource.java b/api-server/src/main/java/org/gluu/oxtrust/api/server/api/impl/TrustedIDPWebResource.java
index 2619d12332..075c8b82bf 100644
--- a/api-server/src/main/java/org/gluu/oxtrust/api/server/api/impl/TrustedIDPWebResource.java
+++ b/api-server/src/main/java/org/gluu/oxtrust/api/server/api/impl/TrustedIDPWebResource.java
@@ -221,7 +221,9 @@ public Response deleteTrustedIdps(@PathParam("remoteIdpHost") String remoteIdpHo
 			if(oxTrustedIdp != null)
 				trustedIDPService.removeTrustedIDP(oxTrustedIdp);
 
-			return Response.status(Response.Status.OK).build();
+			return Response.status(Response.Status.OK).entity("{\r\n" + 
+					"  \"message\": \"OK\"\r\n" + 
+					"}").build();
 		} catch (Exception e) {
 			log(logger, e);
 			return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
diff --git a/configuration/src/main/resources/META-INF/shibboleth3/idp/mdq-metadata.xml.vm b/configuration/src/main/resources/META-INF/shibboleth3/idp/mdq-metadata.xml.vm
deleted file mode 100644
index aa86d75e4c..0000000000
--- a/configuration/src/main/resources/META-INF/shibboleth3/idp/mdq-metadata.xml.vm
+++ /dev/null
@@ -1,21 +0,0 @@
-<MetadataProvider id="DynamicEntityMetadata" xsi:type="DynamicHTTPMetadataProvider"
-                  connectionRequestTimeout="PT2S"
-                  connectionTimeout="PT2S"
-                  socketTimeout="PT4S">
-     <!--
-        Verify the signature on the root element of the metadata
-        using a trusted metadata signing certificate.
-    -->
-    <MetadataFilter xsi:type="SignatureValidation" requireSignedRoot="true"
-        certificateFile="%{idp.home}/credentials/mdq-cert.pem"/>
-
-    <!--
-        Require a validUntil XML attribute on the root element and
-        make sure its value is no more than 14 days into the future.
-    -->
-    <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P14D"/>
-
-    <!-- Specify the base URL for the Metadata Query Protocol -->
-    <MetadataQueryProtocol>$mdqUrl</MetadataQueryProtocol>
-
-</MetadataProvider>
\ No newline at end of file
diff --git a/configuration/src/main/resources/META-INF/shibboleth3/idp/metadata-providers.xml.vm b/configuration/src/main/resources/META-INF/shibboleth3/idp/metadata-providers.xml.vm
index d39a61cd1b..2ed3af8b49 100644
--- a/configuration/src/main/resources/META-INF/shibboleth3/idp/metadata-providers.xml.vm
+++ b/configuration/src/main/resources/META-INF/shibboleth3/idp/metadata-providers.xml.vm
@@ -32,21 +32,28 @@
     -->
 
 #foreach( $trustRelationship in $trustParams.trusts )
-
-    #if($trustRelationship.spMetaDataSourceType.value == "file")
+    #if($trustRelationship.isFileMetadataSourceType())
 
     <MetadataProvider id="SiteSP$trustParams.trustIds.get($trustRelationship.inum)"
                       xsi:type="FilesystemMetadataProvider"
                       metadataFile="$medataFolder$trustRelationship.spMetaDataFN">
 
-    #elseif($trustRelationship.spMetaDataSourceType.value == "uri")
+    #elseif($trustRelationship.isUriMetadataSourceType())
 
     <MetadataProvider id="SiteSP$trustParams.trustIds.get($trustRelationship.inum)"
                       xsi:type="FileBackedHTTPMetadataProvider"
                       maxRefreshDelay="$trustRelationship.maxRefreshDelay"
                       metadataURL="$trustRelationship.spMetaDataURL"
                       backingFile="$medataFolder$trustRelationship.spMetaDataFN">
-
+    
+    #elseif($trustRelationship.isMdqMetadataSourceType() and $trustRelationship.entityTypeIsFederation())
+    <MetadataProvider id="SiteSP$trustParams.trustIds.get($trustRelationship.inum)"
+                    xsi:type="DynamicHTTPMetadataProvider" connectionRequestTimeout="PT0S"
+                    connectionTimeout="PT0S" socketTimeout="PT0S">
+        
+        <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P1D"/>
+        <MetadataQueryProtocol>$trustRelationship.url</MetadataQueryProtocol>
+    
     #end
 
     #if( $trustRelationship.gluuSAMLMetaDataFilter and $trustRelationship.getGluuSAMLMetaDataFilter().size() > 0 )
@@ -59,10 +66,11 @@
 
     #end
 
-    #if($trustRelationship.spMetaDataSourceType.value == 'file' || $trustRelationship.spMetaDataSourceType.value == 'uri')
+    #if($trustRelationship.isFileMetadataSourceType() or $trustRelationship.isUriMetadataSourceType())
+    </MetadataProvider>
+    #end
+    #if($trustRelationship.isMdqMetadataSourceType() and $trustRelationship.entityTypeIsFederation())
     </MetadataProvider>
     #end
-
 #end
-
 </MetadataProvider>
diff --git a/model/src/main/java/org/gluu/oxtrust/model/AuditConfigLogDetails.java b/model/src/main/java/org/gluu/oxtrust/model/AuditConfigLogDetails.java
new file mode 100644
index 0000000000..b9296b79f5
--- /dev/null
+++ b/model/src/main/java/org/gluu/oxtrust/model/AuditConfigLogDetails.java
@@ -0,0 +1,62 @@
+package org.gluu.oxtrust.model;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class AuditConfigLogDetails {
+	
+	private String user;
+	private String objectName;
+	private String property;
+	private String oldValue;
+	private String newValue;
+	
+	
+	public AuditConfigLogDetails(String user, String objectName, String property, String oldValue,
+			String newValue) {
+		super();
+		this.user = user;
+		this.objectName = objectName;
+		this.property = property;
+		this.oldValue = oldValue;
+		this.newValue = newValue;
+	}
+	public String getUser() {
+		return user;
+	}
+	public void setUser(String user) {
+		this.user = user;
+	}
+	public String getProperty() {
+		return property;
+	}
+	public void setProperty(String property) {
+		this.property = property;
+	}
+	public String getOldValue() {
+		return oldValue;
+	}
+	public void setOldValue(String oldValue) {
+		this.oldValue = oldValue;
+	}
+	public String getNewValue() {
+		return newValue;
+	}
+	public void setNewValue(String newValue) {
+		this.newValue = newValue;
+	}
+	public String getObjectName() {
+		return objectName;
+	}
+	public void setObjectName(String objectName) {
+		this.objectName = objectName;
+	}
+
+	@Override
+	public String toString() {
+		return "AuditConfigLogDetails [user=" + user + ", objectName=" + objectName
+				+ ", property=" + property + ", oldValue=" + oldValue + ", newValue=" + newValue + "]";
+	}
+	
+
+}
diff --git a/model/src/main/java/org/gluu/oxtrust/model/GluuMetadataSourceType.java b/model/src/main/java/org/gluu/oxtrust/model/GluuMetadataSourceType.java
index 69be7643fe..a73a6014b6 100644
--- a/model/src/main/java/org/gluu/oxtrust/model/GluuMetadataSourceType.java
+++ b/model/src/main/java/org/gluu/oxtrust/model/GluuMetadataSourceType.java
@@ -8,7 +8,6 @@
 
 import java.util.HashMap;
 import java.util.Map;
-
 import org.gluu.persist.annotation.AttributeEnum;
 
 /**
@@ -18,10 +17,11 @@
  */
 public enum GluuMetadataSourceType implements AttributeEnum {
 
-	FILE("file", "File"), URI("uri", "URI"), FEDERATION("federation", "Federation"), MANUAL("manual", "Manual"), MDQ("mdq", "MDQ");
+	FILE("file", "File",1), URI("uri", "URI",2), FEDERATION("federation", "Federation",3), MANUAL("manual", "Manual",4), MDQ("mdq", "MDQ",5);
 
 	private final String value;
 	private final String displayName;
+	private final int rank; // used for ordering 
 
 	private static final Map<String, GluuMetadataSourceType> mapByValues = new HashMap<String, GluuMetadataSourceType>();
 	static {
@@ -30,9 +30,10 @@ public enum GluuMetadataSourceType implements AttributeEnum {
 		}
 	}
 
-	private GluuMetadataSourceType(String value, String displayName) {
+	private GluuMetadataSourceType(String value, String displayName,int rank) {
 		this.value = value;
 		this.displayName = displayName;
+		this.rank = rank;
 	}
 
 	@Override
@@ -44,6 +45,11 @@ public String getDisplayName() {
 		return displayName;
 	}
 
+	public int getRank() {
+
+		return this.rank;
+	}
+
 	public static GluuMetadataSourceType getByValue(String value) {
 		return mapByValues.get(value);
 	}
diff --git a/model/src/main/java/org/gluu/oxtrust/model/GluuSAMLTrustRelationship.java b/model/src/main/java/org/gluu/oxtrust/model/GluuSAMLTrustRelationship.java
index 765f96ca31..8f8cf56d20 100644
--- a/model/src/main/java/org/gluu/oxtrust/model/GluuSAMLTrustRelationship.java
+++ b/model/src/main/java/org/gluu/oxtrust/model/GluuSAMLTrustRelationship.java
@@ -8,6 +8,8 @@
 
 import java.io.Serializable;
 import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Comparator;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -32,7 +34,6 @@
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonInclude;
 
-import javax.xml.bind.annotation.XmlTransient;
 import com.fasterxml.jackson.annotation.JsonInclude.Include;
 
 @DataEntry
@@ -140,6 +141,7 @@ public class GluuSAMLTrustRelationship extends InumEntry implements Serializable
 	
 	private String certificate;
 
+
 	public String getCertificate() {
 		return certificate;
 	}
@@ -222,15 +224,6 @@ public boolean getSpecificRelyingPartyConfig() {
 		return Boolean.parseBoolean(gluuSpecificRelyingPartyConfig);
 	}
 
-	/*public List<DeconstructedTrustRelationship> getDeconstructedTrustRelationships() {
-		return deconstructedTrustRelationships;
-	}
-
-	public void setDeconstructedTrustRelationships(
-			List<DeconstructedTrustRelationship> deconstructedTrustRelationships) {
-		this.deconstructedTrustRelationships = deconstructedTrustRelationships;
-	}*/
-
 	public String getDescription() {
 		return description;
 	}
@@ -450,4 +443,46 @@ public GluuEntityType getEntityType() {
 	public void setEntityType(GluuEntityType entityType) {
 		this.entityType = entityType;
 	}
+
+	public boolean entityTypeIsFederation() {
+
+		return (this.entityType == GluuEntityType.FederationAggregate);
+	}
+
+	public boolean entityTypeIsSingleSp() {
+
+		return (this.entityType == GluuEntityType.SingleSP);
+	}
+
+	public boolean isFileMetadataSourceType() {
+
+		return (this.spMetaDataSourceType == GluuMetadataSourceType.FILE);
+	}
+
+	public boolean isUriMetadataSourceType() {
+
+		return (this.spMetaDataSourceType == GluuMetadataSourceType.URI);
+	}
+
+	public boolean isMdqMetadataSourceType() {
+
+		return (this.spMetaDataSourceType == GluuMetadataSourceType.MDQ);
+	}
+
+	public boolean isMdqFederation() {
+
+		return (this.entityType == GluuEntityType.FederationAggregate) && (this.spMetaDataSourceType == GluuMetadataSourceType.MDQ);
+	}
+
+	private static class SortByDatasourceTypeComparator implements Comparator<GluuSAMLTrustRelationship> {
+
+		public int compare(GluuSAMLTrustRelationship first, GluuSAMLTrustRelationship second) {
+
+			return first.getSpMetaDataSourceType().getRank() - second.getSpMetaDataSourceType().getRank();
+		}
+	}
+
+	public static void sortByDataSourceType(List<GluuSAMLTrustRelationship> trustRelationships) {
+		Collections.sort(trustRelationships,new SortByDatasourceTypeComparator());
+	}
 }
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 006bfdc50c..0fb89d7795 100644
--- a/pom.xml
+++ b/pom.xml
@@ -15,9 +15,9 @@
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<maven.min-version>3.3.9</maven.min-version>
 
-		<gluu.parent.version>4.5.3.Final</gluu.parent.version>
-		<oxcore.version>4.5.3.Final</oxcore.version>
-		<oxauth.version>4.5.3.Final</oxauth.version>
+		<gluu.parent.version>4.5.4-SNAPSHOT</gluu.parent.version>
+		<oxcore.version>4.5.4-SNAPSHOT</oxcore.version>
+		<oxauth.version>4.5.4-SNAPSHOT</oxauth.version>
 
 		<jettison.version>1.5.4</jettison.version>
 
@@ -202,7 +202,7 @@
 			<dependency>
 				<groupId>org.gluu</groupId>
 				<artifactId>uma-rs-resteasy</artifactId>
-				<version>4.5.3.Final</version>
+				<version>4.5.4-SNAPSHOT</version>
 				<exclusions>
 					<exclusion>
 						<groupId>org.slf4j</groupId>
diff --git a/server/src/main/java/org/gluu/oxtrust/action/FederationDeconstructionAction.java b/server/src/main/java/org/gluu/oxtrust/action/FederationDeconstructionAction.java
index 095ca00f28..93deebdc60 100644
--- a/server/src/main/java/org/gluu/oxtrust/action/FederationDeconstructionAction.java
+++ b/server/src/main/java/org/gluu/oxtrust/action/FederationDeconstructionAction.java
@@ -87,7 +87,11 @@ public List<String> getBulkEntities() {
 				trustRelationship = trustService.getTrustContainerFederation(trustRelationship) ;
 			}
 
-			bulkEntities.addAll(trustRelationship.getGluuEntityId());
+			List<String> gluuEntityIds = trustRelationship.getGluuEntityId();
+			if(gluuEntityIds != null) {
+				bulkEntities.addAll(gluuEntityIds);
+			}
+			
 			List<GluuSAMLTrustRelationship> currentDeconstruction = trustService.getDeconstructedTrustRelationships(trustRelationship);
 			for (GluuSAMLTrustRelationship configuredTR : currentDeconstruction) {
 				bulkEntities.remove(configuredTR.getEntityId());
@@ -95,8 +99,11 @@ public List<String> getBulkEntities() {
 
 		}
 		bulkFiltered = new ArrayList<String>();
-		bulkFiltered.addAll(bulkEntities);
 
+		if(bulkEntities != null) {
+			bulkFiltered.addAll(bulkEntities);
+		}
+		
 		if (filteredEntities != null) {
 			bulkFiltered.retainAll(filteredEntities);
 
diff --git a/server/src/main/java/org/gluu/oxtrust/action/PasswordResetAction.java b/server/src/main/java/org/gluu/oxtrust/action/PasswordResetAction.java
index 47021d33a8..f1d00e2b86 100644
--- a/server/src/main/java/org/gluu/oxtrust/action/PasswordResetAction.java
+++ b/server/src/main/java/org/gluu/oxtrust/action/PasswordResetAction.java
@@ -178,9 +178,10 @@ public void update() {
 		String outcome = updateImpl();
 		if (OxTrustConstants.RESULT_SUCCESS.equals(outcome)) {
 			facesMessages.add(FacesMessage.SEVERITY_INFO, "Password reset successful.");
+			redirect();
+			conversationService.endConversation();
 		}
-		redirect();
-		conversationService.endConversation();
+		
 	}
 
 	public String updateImpl() {
diff --git a/server/src/main/java/org/gluu/oxtrust/action/RegisterPersonAction.java b/server/src/main/java/org/gluu/oxtrust/action/RegisterPersonAction.java
index ed9a5c6b6e..f95b2bea71 100644
--- a/server/src/main/java/org/gluu/oxtrust/action/RegisterPersonAction.java
+++ b/server/src/main/java/org/gluu/oxtrust/action/RegisterPersonAction.java
@@ -20,6 +20,7 @@
 import javax.enterprise.context.ConversationScoped;
 import javax.faces.application.FacesMessage;
 import javax.faces.component.UIComponent;
+import javax.faces.component.UIInput;
 import javax.faces.context.ExternalContext;
 import javax.faces.context.FacesContext;
 import javax.faces.validator.ValidatorException;
@@ -36,6 +37,7 @@
 import org.gluu.model.GluuStatus;
 import org.gluu.model.GluuUserRole;
 import org.gluu.model.SimpleCustomProperty;
+import org.gluu.model.attribute.AttributeValidation;
 import org.gluu.model.custom.script.conf.CustomScriptConfiguration;
 import org.gluu.oxtrust.exception.DuplicateEmailException;
 import org.gluu.oxtrust.model.GluuCustomAttribute;
@@ -510,5 +512,39 @@ public boolean isConfirmationOkay() {
 	public void setConfirmationOkay(boolean confirmationOkay) {
 		this.confirmationOkay = confirmationOkay;
 	}
+	public void validateConfirmPassword(FacesContext context, UIComponent comp, Object value) {
+		Pattern pattern = null;
+		String attributeValue = (String) value;
+		if (StringHelper.isEmpty(attributeValue)) {
+			FacesMessage message = new FacesMessage("Value is required");
+			message.setSeverity(FacesMessage.SEVERITY_ERROR);
+			throw new ValidatorException(message);
+		}
+		AttributeValidation validation = attributeService.getAttributeByName("userPassword").getAttributeValidation();
+		boolean canValidate = validation != null && validation.getRegexp() != null && !validation.getRegexp().isEmpty();
+		if (comp.getClientId().endsWith("password")) {
+			this.password = (String) value;
+		} else if (comp.getClientId().endsWith("passwordValidation")) {
+			this.repeatPassword = (String) value;
+		}
+		this.repeatPassword = this.repeatPassword == null ? "" : this.repeatPassword;
+		if (canValidate) {
+			pattern = Pattern.compile(validation.getRegexp());
+		}
+		if (!StringHelper.equalsIgnoreCase(password, repeatPassword) && this.repeatPassword != null) {
+			((UIInput) comp).setValid(false);
+			FacesMessage message = new FacesMessage("Both passwords should be the same!");
+			message.setSeverity(FacesMessage.SEVERITY_ERROR);
+			throw new ValidatorException(message);
+		}
+		if (canValidate
+				&& (!pattern.matcher(this.password).matches() || !pattern.matcher(this.repeatPassword).matches())) {
+			((UIInput) comp).setValid(false);
+			FacesMessage message = new FacesMessage(FacesMessage.SEVERITY_ERROR,
+					facesMessages.evalResourceAsString("#{msgs['password.validation.invalid']}"),
+					facesMessages.evalResourceAsString("#{msgs['password.validation.invalid']}"));
+			context.addMessage(comp.getClientId(context), message);
+		}
+	}
 
 }
diff --git a/server/src/main/java/org/gluu/oxtrust/action/SearchClientAction.java b/server/src/main/java/org/gluu/oxtrust/action/SearchClientAction.java
index b8536350d2..25b78ed9b7 100644
--- a/server/src/main/java/org/gluu/oxtrust/action/SearchClientAction.java
+++ b/server/src/main/java/org/gluu/oxtrust/action/SearchClientAction.java
@@ -9,6 +9,7 @@
 import java.io.Serializable;
 import java.util.Comparator;
 import java.util.List;
+import java.util.stream.Collectors;
 
 import javax.enterprise.context.ConversationScoped;
 import javax.faces.application.FacesMessage;
@@ -76,7 +77,10 @@ protected String searchImpl() {
 			} else {
 				this.clientList = clientService.searchClients(this.searchPattern, 100);
 			}
-			this.clientList.sort(Comparator.comparing(OxAuthClient::getDisplayName));
+			this.clientList = this.clientList.stream()
+					.sorted(Comparator.comparing(OxAuthClient::getDisplayName,
+							Comparator.nullsFirst(Comparator.naturalOrder())))
+					.collect(Collectors.toList());
 			this.oldSearchPattern = this.searchPattern;
 			this.searchPattern = "";
 		} catch (Exception ex) {
diff --git a/server/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java b/server/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java
index 64f40c7e5e..08ad3e3e5b 100644
--- a/server/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java
+++ b/server/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java
@@ -738,11 +738,13 @@ private boolean hasSameHostname(String url1) throws MalformedURLException {
         boolean result = true;
         URL uri1 = new URL(url1);
         for (String url : this.loginUris) {
-            URL uri = new URL(url);
-            if (!(uri1.getHost().equalsIgnoreCase(uri.getHost()))) {
-                result = false;
-                break;
-            }
+        	if(url.startsWith(HTTPS)) {
+	            URL uri = new URL(url);
+	            if (!(uri1.getHost().equalsIgnoreCase(uri.getHost()))) {
+	                result = false;
+	                break;
+	            }
+        	}
         }
         return result;
     }
diff --git a/server/src/main/java/org/gluu/oxtrust/action/UpdateTrustRelationshipAction.java b/server/src/main/java/org/gluu/oxtrust/action/UpdateTrustRelationshipAction.java
index ea2ec043a9..e57b678d09 100644
--- a/server/src/main/java/org/gluu/oxtrust/action/UpdateTrustRelationshipAction.java
+++ b/server/src/main/java/org/gluu/oxtrust/action/UpdateTrustRelationshipAction.java
@@ -71,6 +71,7 @@
 import org.gluu.oxtrust.model.GluuEntityType;
 import org.gluu.oxtrust.model.GluuMetadataSourceType;
 import org.gluu.oxtrust.model.GluuSAMLTrustRelationship;
+import org.gluu.oxtrust.model.GluuValidationStatus;
 import org.gluu.oxtrust.model.OxAuthClient;
 import org.gluu.oxtrust.security.Identity;
 import org.gluu.oxtrust.service.AttributeService;
@@ -224,19 +225,19 @@ public class UpdateTrustRelationshipAction implements Serializable {
 	private String orgUrl;
 
     public List<GluuMetadataSourceType> getMetadataSourceTypesList() {
-        List<GluuMetadataSourceType> metadataSourceTypesList = (Arrays.asList(GluuMetadataSourceType.values()));
-        if (GluuEntityType.FederationAggregate.equals(trustRelationship.getEntityType())) {
-            List<GluuMetadataSourceType> GluuMetadataSourceTypeSubList = new ArrayList<GluuMetadataSourceType>();
-            for (GluuMetadataSourceType enumType : GluuMetadataSourceType.values()) {
-                if (!GluuMetadataSourceType.FEDERATION.equals(enumType)) {
-                    GluuMetadataSourceTypeSubList.add(enumType);
+        
+        List<GluuMetadataSourceType> ret = null;
+        if(GluuEntityType.FederationAggregate.equals(trustRelationship.getEntityType())) {
+            ret = new ArrayList<GluuMetadataSourceType>();
+            for(GluuMetadataSourceType enumType: GluuMetadataSourceType.values()) {
+                if(!GluuMetadataSourceType.FEDERATION.equals(enumType)) {
+                    ret.add(enumType);
                 }
             }
-            return GluuMetadataSourceTypeSubList;
-        } else {
-            return metadataSourceTypesList;
+        }else {
+            ret = Arrays.asList(GluuMetadataSourceType.values());   
         }
-
+        return ret;
     }
 
     public String add() {
@@ -411,21 +412,16 @@ public String saveImpl() {
                 }
                 break;
             case MDQ:
-            	try {
-                    if (generateSpMetaDataFile(trustRelationship)) {
-                    	if (!update) {
-                            this.trustRelationship.setStatus(GluuStatus.ACTIVE);
-                        }
-                    } else {
-                        log.error("Failed to generate SP meta-data file");
-                        return OxTrustConstants.RESULT_FAILURE;
-                    }
-                } catch (Exception ex) {
-                    log.error("Failed to download SP certificate", ex);
-
-                    return OxTrustConstants.RESULT_FAILURE;
+            	//TODO: Implement MDQ save 
+                if(!update) {
+                    this.trustRelationship.setStatus(GluuStatus.ACTIVE);
+                    this.trustRelationship.setValidationStatus(GluuValidationStatus.SUCCESS);
                 }
 
+                if(this.trustRelationship.getEntityType().equals(GluuEntityType.SingleSP) && this.trustRelationship.getEntityId() == null) {
+                    facesMessages.add(FacesMessage.SEVERITY_ERROR,"EntityID required for MDQ");
+                    return "invalid_entity_id";
+                }
                 break;
                 
             default:
@@ -433,10 +429,15 @@ public String saveImpl() {
                 break;
             }
             updateReleasedAttributes(this.trustRelationship);
+
+            if(trustRelationship.isMdqFederation()) {
+                trustRelationship.setFederation(true);
+            }
             if (trustRelationship.getSpMetaDataSourceType().equals(GluuMetadataSourceType.FEDERATION)) {
                 boolean federation = shibboleth3ConfService.isFederation(this.trustRelationship);
                 this.trustRelationship.setFederation(federation);
             }
+            
             trustContactsAction.saveContacts();
             if (update) {
                 try {
@@ -1220,7 +1221,7 @@ public void setAvailableEntities(List<String> availableEntities) {
     }
 
     public List<String> getAvailableEntities() {
-        if (getContainerFederationTr() == null) {
+        if (!trustRelationship.isFederation() || getContainerFederationTr() == null) {
             return null;
         } else {
             if (!getContainerFederationTr().getGluuEntityId().contains(trustRelationship.getEntityId())) {
@@ -1312,6 +1313,16 @@ public List<GluuSAMLTrustRelationship> getFederatees(GluuSAMLTrustRelationship t
 
     }
 
+    public List<GluuSAMLTrustRelationship> getAllMdqFederatedTrustRelationships() {
+
+        try {
+            return trustService.getAllMdqFederatedTrustRelationships();
+        }catch(Exception e) {
+            e.printStackTrace();
+            return new ArrayList<GluuSAMLTrustRelationship>();
+        }
+    }
+
 	public Saml2Settings getSaml2Settings() {
 		return saml2Settings;
 	}
@@ -1344,17 +1355,7 @@ public void generateMetadata() throws MalformedURLException, CertificateExceptio
 		
 	}
 	
-	private boolean generateSpMetaDataFile(GluuSAMLTrustRelationship trustRelationship) {
-        String spMetadataFileName = trustRelationship.getSpMetaDataFN();
-
-        if (StringHelper.isEmpty(spMetadataFileName)) {
-            // Generate new file name
-            spMetadataFileName = shibboleth3ConfService.getSpNewMetadataFileName(trustRelationship);
-            trustRelationship.setSpMetaDataFN(spMetadataFileName);
-        }
-
-        return shibboleth3ConfService.generateMDQMetadataFile(trustRelationship);
-    }
+	
 
 	public String getMetadataStr() {
 		return metadataStr;
diff --git a/server/src/main/java/org/gluu/oxtrust/exception/GlobalExceptionHandler.java b/server/src/main/java/org/gluu/oxtrust/exception/GlobalExceptionHandler.java
index fd133f4531..87cfef920b 100644
--- a/server/src/main/java/org/gluu/oxtrust/exception/GlobalExceptionHandler.java
+++ b/server/src/main/java/org/gluu/oxtrust/exception/GlobalExceptionHandler.java
@@ -55,7 +55,7 @@ public void handle() throws FacesException {
                     storeRequestURI();
                     performRedirect(externalContext, "/login.htm");
 				} else {
-					log.trace(t.getMessage(), t);
+					log.debug(t.getMessage(), t);
 					performRedirect(externalContext, "/error.htm");
 				}
                 fc.renderResponse();
diff --git a/server/src/main/java/org/gluu/oxtrust/ldap/cache/service/CacheRefreshTimer.java b/server/src/main/java/org/gluu/oxtrust/ldap/cache/service/CacheRefreshTimer.java
index 720bc8423a..ea1f7700fb 100644
--- a/server/src/main/java/org/gluu/oxtrust/ldap/cache/service/CacheRefreshTimer.java
+++ b/server/src/main/java/org/gluu/oxtrust/ldap/cache/service/CacheRefreshTimer.java
@@ -39,7 +39,6 @@
 import org.gluu.model.SchemaEntry;
 import org.gluu.model.custom.script.model.bind.BindCredentials;
 import org.gluu.model.ldap.GluuLdapConfiguration;
-import org.gluu.oxtrust.service.config.ConfigurationFactory;
 import org.gluu.oxtrust.ldap.cache.model.CacheCompoundKey;
 import org.gluu.oxtrust.ldap.cache.model.GluuInumMap;
 import org.gluu.oxtrust.ldap.cache.model.GluuSimplePerson;
@@ -59,6 +58,7 @@
 import org.gluu.oxtrust.service.PairwiseIdService;
 import org.gluu.oxtrust.service.PersonService;
 import org.gluu.oxtrust.service.cdi.event.CacheRefreshEvent;
+import org.gluu.oxtrust.service.config.ConfigurationFactory;
 import org.gluu.oxtrust.service.external.ExternalCacheRefreshService;
 import org.gluu.oxtrust.util.OxTrustConstants;
 import org.gluu.oxtrust.util.PropertyUtil;
@@ -68,7 +68,6 @@
 import org.gluu.persist.exception.BasePersistenceException;
 import org.gluu.persist.exception.EntryPersistenceException;
 import org.gluu.persist.exception.operation.SearchException;
-import org.gluu.persist.ldap.impl.LdapEntryManager;
 import org.gluu.persist.ldap.impl.LdapEntryManagerFactory;
 import org.gluu.persist.ldap.operation.LdapOperationService;
 import org.gluu.persist.model.SearchScope;
@@ -920,6 +919,7 @@ private List<GluuSimplePerson> loadSourceServerEntriesWithoutLimits(
 				// Add to result and ignore root entry if needed
 				for (GluuSimplePerson currentSourcePerson : currentSourcePersons) {
 					currentSourcePerson.setSourceServerName(sourceServerName);
+					externalCacheRefreshService.executeExternalUpdateSourceUserMethods(currentSourcePerson);
 					// if (!StringHelper.equalsIgnoreCase(baseDn,
 					// currentSourcePerson.getDn())) {
 					String currentSourcePersonDn = currentSourcePerson.getDn().toLowerCase();
@@ -969,6 +969,7 @@ private List<GluuSimplePerson> loadSourceServerEntries(CacheRefreshConfiguration
 					// Add to result and ignore root entry if needed
 					for (GluuSimplePerson currentSourcePerson : currentSourcePersons) {
 						currentSourcePerson.setSourceServerName(sourceServerName);
+						externalCacheRefreshService.executeExternalUpdateSourceUserMethods(currentSourcePerson);
 						// if (!StringHelper.equalsIgnoreCase(baseDn,
 						// currentSourcePerson.getDn())) {
 						String currentSourcePersonDn = currentSourcePerson.getDn().toLowerCase();
diff --git a/server/src/main/java/org/gluu/oxtrust/service/EntityIDMonitoringService.java b/server/src/main/java/org/gluu/oxtrust/service/EntityIDMonitoringService.java
index fe574d7f6f..223f26b9e8 100644
--- a/server/src/main/java/org/gluu/oxtrust/service/EntityIDMonitoringService.java
+++ b/server/src/main/java/org/gluu/oxtrust/service/EntityIDMonitoringService.java
@@ -102,6 +102,7 @@ public void processMetadataValidationTimerEvent(
 			}
 		} catch (Throwable ex) {
 			log.error("Exception happened while monitoring EntityId", ex);
+			ex.printStackTrace();
 		} finally {
 			this.isActive.set(false);
 		}
@@ -111,7 +112,7 @@ public void process() {
 		log.trace("Starting entityId monitoring process.");
 		log.trace("EVENT_METADATA_ENTITY_ID_UPDATE Starting");
 		for (GluuSAMLTrustRelationship tr : trustService.getAllTrustRelationships().stream()
-				.filter(e -> e.isFederation()).collect(Collectors.toList())) {
+				.filter(e -> e.isFederation()).filter(e -> !e.isMdqFederation()).collect(Collectors.toList())) {
 			log.info("==========================CURRENT TR " + tr.getInum());
 			String idpMetadataFolder = shibboleth3ConfService.getIdpMetadataDir();
 			String metadataFile = idpMetadataFolder + tr.getSpMetaDataFN();
diff --git a/server/src/main/java/org/gluu/oxtrust/service/MetadataValidationTimer.java b/server/src/main/java/org/gluu/oxtrust/service/MetadataValidationTimer.java
index 97e66ff798..9daef05158 100644
--- a/server/src/main/java/org/gluu/oxtrust/service/MetadataValidationTimer.java
+++ b/server/src/main/java/org/gluu/oxtrust/service/MetadataValidationTimer.java
@@ -8,6 +8,8 @@
 
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
+import java.util.Comparator;
 import java.util.HashSet;
 import java.util.LinkedList;
 import java.util.List;
@@ -70,6 +72,7 @@ public class MetadataValidationTimer {
 
     private LinkedBlockingQueue<String> metadataUpdates;
 
+    
     @PostConstruct
     public void init() {
         this.isActive = new AtomicBoolean(true);
diff --git a/server/src/main/java/org/gluu/oxtrust/service/external/ExternalCacheRefreshService.java b/server/src/main/java/org/gluu/oxtrust/service/external/ExternalCacheRefreshService.java
index 00149aec5f..5da32bf0b8 100644
--- a/server/src/main/java/org/gluu/oxtrust/service/external/ExternalCacheRefreshService.java
+++ b/server/src/main/java/org/gluu/oxtrust/service/external/ExternalCacheRefreshService.java
@@ -16,6 +16,7 @@
 import org.gluu.model.custom.script.conf.CustomScriptConfiguration;
 import org.gluu.model.custom.script.model.bind.BindCredentials;
 import org.gluu.model.custom.script.type.user.CacheRefreshType;
+import org.gluu.oxtrust.ldap.cache.model.GluuSimplePerson;
 import org.gluu.oxtrust.model.GluuCustomPerson;
 import org.gluu.service.custom.script.ExternalScriptService;
 import org.gluu.util.StringHelper;
@@ -49,6 +50,25 @@ public boolean executeExternalUpdateUserMethod(CustomScriptConfiguration customS
 		return false;
 	}
 
+	public boolean executeExternalUpdateSourceUserMethod(CustomScriptConfiguration customScriptConfiguration, GluuSimplePerson user) {
+		try {
+            CacheRefreshType externalType = (CacheRefreshType) customScriptConfiguration.getExternalType();
+            Map<String, SimpleCustomProperty> configurationAttributes = customScriptConfiguration.getConfigurationAttributes();
+            
+            // Execute only if API > 3
+            if (externalType.getApiVersion() > 3) {
+                log.debug("Executing python 'updateSourceUser' method");
+
+				return externalType.updateSourceUser(user, configurationAttributes);
+            }
+		} catch (Exception ex) {
+			log.error(ex.getMessage(), ex);
+            saveScriptError(customScriptConfiguration.getCustomScript(), ex);
+		}
+
+		return false;
+	}
+
     public BindCredentials executeExternalGetBindCredentialsMethod(CustomScriptConfiguration customScriptConfiguration, String configId) {
         try {
             log.debug("Executing python 'getBindCredentialsMethod' method");
@@ -97,6 +117,18 @@ public boolean executeExternalUpdateUserMethods(GluuCustomPerson user) {
 		return result;
 	}
 
+	public boolean executeExternalUpdateSourceUserMethods(GluuSimplePerson user) {
+		boolean result = true;
+		for (CustomScriptConfiguration customScriptConfiguration : this.customScriptConfigurations) {
+			result &= executeExternalUpdateSourceUserMethod(customScriptConfiguration, user);
+			if (!result) {
+				return result;
+			}
+		}
+
+		return result;
+	}
+
     public BindCredentials executeExternalGetBindCredentialsMethods(String configId) {
         BindCredentials result = null;
         for (CustomScriptConfiguration customScriptConfiguration : this.customScriptConfigurations) {
diff --git a/server/src/main/java/org/gluu/oxtrust/util/PasswordValidator.java b/server/src/main/java/org/gluu/oxtrust/util/PasswordValidator.java
index 4f4d87e527..3b02095315 100644
--- a/server/src/main/java/org/gluu/oxtrust/util/PasswordValidator.java
+++ b/server/src/main/java/org/gluu/oxtrust/util/PasswordValidator.java
@@ -49,6 +49,9 @@ public void validate(FacesContext arg0, UIComponent arg1, Object value) throws V
 		if (hasValidation) {
 			matcher = pattern.matcher(value.toString());
 		}
+		if (facesMessages == null) {
+			facesMessages = CdiUtil.bean(FacesMessages.class);
+		}
 		if (hasValidation && !matcher.matches()) {
 			FacesMessage msg = new FacesMessage(
 					facesMessages.evalResourceAsString("#{msgs['password.validation.invalid']}"));
diff --git a/server/src/main/resources/oxtrust.properties b/server/src/main/resources/oxtrust.properties
index 422b76384b..b840f5e8e8 100644
--- a/server/src/main/resources/oxtrust.properties
+++ b/server/src/main/resources/oxtrust.properties
@@ -434,7 +434,7 @@ organization.lastRun = Last run
 organization.updatesAtTheLastRun = Updates at the last run
 organization.problemsAtTheLastRun = Problems at the last run
 organization.refreshMethod = Refresh Method
-organization.sourceAttributeToDesitnation = Add source attribute to destination attribute mapping
+organization.sourceAttributeToDesitnation = Change attribute name from source to destination:
 organization.pollingInterval = Polling interval (minutes)
 organization.serverIPAddress = Server IP Address
 organization.snapshotFolder = Snapshot Folder
@@ -738,6 +738,10 @@ trustmanager.filter = Filter
 trustmanager.selectWhichMembers = Select which members of this federation you would like configure individually
 trustmanager.availableFederationMembers = Available federation members
 trustmanager.membersSelectedForIndividualsConfiguration = Members selected for individuals configuration
+trustmanager.mdqUrl = MDQ Base Url
+trustmanager.selectMdqProvider =  Select MDQ Provider
+trustmanager.mdqProviderSelectLabel = MDQ Provider
+trustmanager.mdqEntityId = MDQ Entity ID
 
 uma.uma = UMA
 uma.scopes = Scopes
@@ -996,7 +1000,7 @@ mail.verify.message.subject = SMTP Server Configuration Verification
 mail.verify.message.plain.body = SMTP Server Configuration Verification Successful.
 mail.verify.message.html.body = SMTP Server Configuration Verification Successful.
 
-mail.reset.found.message.subject = Password reset was requested at #{organizationName} identity server
+mail.reset.found.message.subject = Password reset was requested at #{renderParams.map['organizationName']} identity server
 mail.reset.found.message.plain.body = <p style="text-align: center;">Hello <b><span style="color:#337ab7;">#{renderParams.map['givenName']}</span></b>,<br></br><br></br></p><p style="text-align: center;">We received a request to reset your password.<br></br>If you did not make this request, you can safely ignore this message.<br></br> You may click the button below to choose your new password.<br></br><a href='#{renderParams.map['resetLink']}'> <button style="border-radius:5px; background:#337ab7; color:white; border:none;padding:10px;margin-top:15px;">Agree to reset my password</button></a></p><p style="color:red;text-align: center; font-size:1.1em;">This link will expire in <span style="color:#337ab7;">#{renderParams.map['expirationTime']}</span>.</p>
 mail.reset.found.message.html.body = <p style="text-align: center;">Hello <b><span style="color:#337ab7;">#{renderParams.map['givenName']}</span></b>,<br></br><br></br></p><p style="text-align: center;">We received a request to reset your password.<br></br>If you did not make this request, you can safely ignore this message.<br></br> You may click the button below to choose your new password.<br></br><a href='#{renderParams.map['resetLink']}'> <button style="border-radius:5px; background:#337ab7; color:white; border:none;padding:10px;margin-top:15px;">Agree to reset my password</button></a></p><p style="color:red;text-align: center; font-size:1.1em;">This link will expire in <span style="color:#337ab7;">#{renderParams.map['expirationTime']}</span>.</p>
 
diff --git a/server/src/main/resources/oxtrust_en.properties b/server/src/main/resources/oxtrust_en.properties
index 822f33e702..5d1ea43085 100644
--- a/server/src/main/resources/oxtrust_en.properties
+++ b/server/src/main/resources/oxtrust_en.properties
@@ -440,7 +440,7 @@ organization.lastRun = Last run
 organization.updatesAtTheLastRun = Updates at the last run
 organization.problemsAtTheLastRun = Problems at the last run
 organization.refreshMethod = Refresh Method
-organization.sourceAttributeToDesitnation = Add source attribute to destination attribute mapping
+organization.sourceAttributeToDesitnation = Change attribute name from source to destination:
 organization.pollingInterval = Polling interval (minutes)
 organization.serverIPAddress = Server IP Address
 organization.snapshotFolder = Snapshot Folder
@@ -749,6 +749,10 @@ trustmanager.filter = Filter
 trustmanager.selectWhichMembers = Select which members of this federation you would like configure individually
 trustmanager.availableFederationMembers = Available federation members
 trustmanager.membersSelectedForIndividualsConfiguration = Members selected for individuals configuration
+trustmanager.mdqUrl = MDQ Base Url
+trustmanager.selectMdqProvider =  Select MDQ Provider
+trustmanager.mdqProviderSelectLabel = MDQ Provider
+trustmanager.mdqEntityId = MDQ Entity ID
 
 uma.uma = UMA
 uma.scopes = Scopes
@@ -1029,7 +1033,7 @@ mail.verify.message.subject = SMTP Server Configuration Verification
 mail.verify.message.plain.body = SMTP Server Configuration Verification Successful.
 mail.verify.message.html.body = SMTP Server Configuration Verification Successful.
 
-mail.reset.found.message.subject = Password reset was requested at #{organizationName} identity server
+mail.reset.found.message.subject = Password reset was requested at #{renderParams.map['organizationName']} identity server
 mail.reset.found.message.plain.body = <p style="text-align: center;">Hello <b><span style="color:#337ab7;">#{renderParams.map['givenName']}</span></b>,<br></br><br></br></p><p style="text-align: center;">We received a request to reset your password.<br></br>If you did not make this request, you can safely ignore this message.<br></br> You may click the button below to choose your new password.<br></br><a href='#{renderParams.map['resetLink']}'> <button style="border-radius:5px; background:#337ab7; color:white; border:none;padding:10px;margin-top:15px;">Agree to reset my password</button></a></p><p style="color:red;text-align: center; font-size:1.1em;">This link will expire in <span style="color:#337ab7;">#{renderParams.map['expirationTime']}</span>.</p>
 mail.reset.found.message.html.body = <p style="text-align: center;">Hello <b><span style="color:#337ab7;">#{renderParams.map['givenName']}</span></b>,<br></br><br></br></p><p style="text-align: center;">We received a request to reset your password.<br></br>If you did not make this request, you can safely ignore this message.<br></br> You may click the button below to choose your new password.<br></br><a href='#{renderParams.map['resetLink']}'> <button style="border-radius:5px; background:#337ab7; color:white; border:none;padding:10px;margin-top:15px;">Agree to reset my password</button></a></p><p style="color:red;text-align: center; font-size:1.1em;">This link will expire in <span style="color:#337ab7;">#{renderParams.map['expirationTime']}</span>.</p>
 
diff --git a/server/src/main/resources/oxtrust_fr.properties b/server/src/main/resources/oxtrust_fr.properties
index 28ca8bf3f4..eef30ba59e 100644
--- a/server/src/main/resources/oxtrust_fr.properties
+++ b/server/src/main/resources/oxtrust_fr.properties
@@ -729,7 +729,8 @@ trustmanager.selectEntityID = Choisir l'entityID de ce Trust Relationship
 trustmanager.filter = Filtre
 trustmanager.selectWhichMembers = Sélectionnez les membres de cette fédération que vous souhaitez configurer individuellement
 trustmanager.availableFederationMembers = Membres de la fédération disponibles
-trustmanager.membersSelectedForIndividualsConfiguration = Membres sélectionnés pour la configuration des individus
+trustmanager.membersSelectedForIndividualsConfiguration = Membres sélectionnés pour la configuration des individus  
+trustmanager.mdqUrl = URL De Base MDQ
 
 uma.uma = UMA
 uma.scopes = Scopes
diff --git a/server/src/main/webapp/WEB-INF/incl/layout/topmenu.xhtml b/server/src/main/webapp/WEB-INF/incl/layout/topmenu.xhtml
index 24949763c6..96e0d148be 100644
--- a/server/src/main/webapp/WEB-INF/incl/layout/topmenu.xhtml
+++ b/server/src/main/webapp/WEB-INF/incl/layout/topmenu.xhtml
@@ -24,18 +24,7 @@
 				<!-- Navbar Right Menu -->
 				<div class="navbar-custom-menu">
 					<ul class="nav navbar-nav">
-						<!-- Tasks: style can be found in dropdown.less -->
-						<li class="dropdown tasks-menu"><i
-								class="fa flag"></i> <span class="label"> 
-																
-								<h:selectOneMenu style="margin-top:15px !important;"
-									value="#{language.localeCode}" onchange="submit()"
-									valueChangeListener="#{language.countryLocaleCodeChanged}">
-									<f:selectItems value="#{language.getCountriesInMap()}" var="localeSupported"
-										itemValue="#{localeSupported.locale}" itemLabel="#{localeSupported.displayName}" />
-								</h:selectOneMenu>
-						</span>
-							</li>
+						
 						<!-- User Account: style can be found in dropdown.less -->
 						<li class="dropdown user user-menu"><a href="#"
 							class="dropdown-toggle" data-bs-toggle="dropdown"><span
diff --git a/server/src/main/webapp/WEB-INF/incl/trustmanager/trustForm.xhtml b/server/src/main/webapp/WEB-INF/incl/trustmanager/trustForm.xhtml
index a3b1922729..132c472893 100644
--- a/server/src/main/webapp/WEB-INF/incl/trustmanager/trustForm.xhtml
+++ b/server/src/main/webapp/WEB-INF/incl/trustmanager/trustForm.xhtml
@@ -149,7 +149,7 @@ input[submit] {
 											<f:selectItems
 												value="#{_trustRelationshipAction.entityTypeList}"
 												var="_type" itemLabel="#{_type.displayName}" />
-											<a4j:ajax event="change" render="metadataType, spSingleGroup"
+											<a4j:ajax event="change" render="metadataType, spSingleGroup, mdqUrlId, mdqProviderId, mdqEntityId"
 												execute="@this" />
 										</h:selectOneMenu>
 									</ox:decorate>
@@ -169,7 +169,7 @@ input[submit] {
 														value="#{_trustRelationshipAction.metadataSourceTypesList}"
 														var="_type" itemLabel="#{_type.displayName}" />
 													<a4j:ajax event="change"
-														render="MetadataOperations, spMetaDataUrlGroupId, FederationWizard, FederationWizardEntitySelection, urlId, mdqEntityId"
+														render="MetadataOperations, spMetaDataUrlGroupId, FederationWizard, FederationWizardEntitySelection, urlId, mdqUrlId, mdqProviderId, mdqEntityId"
 														limitRender="true" execute="@this" />
 												</h:selectOneMenu>
 											</ox:decorate>
@@ -288,16 +288,36 @@ input[submit] {
 										</ox:decorate>
 									</h:panelGroup>
 									
-									<h:panelGroup id="mdqEntityId" >
-										<h:panelGroup rendered="#{_trustRelationship.spMetaDataSourceType.value eq 'mdq'}">
-
-										<ox:decorate id="mdqUriId"
-											label="MDQ URL">
+									<h:panelGroup id="mdqUrlId">
+										<ox:decorate id="mdqUrlId_"
+											rendered="#{(_trustRelationship.spMetaDataSourceType.value eq 'mdq') and (_trustRelationship.entityType.value eq 'Federation/Aggregate')}"
+											label="#{msgs['trustmanager.mdqUrl']}">
 											<h:inputText styleClass="form-control"
 												size="40" value="#{_trustRelationship.url}"
-												required="true" id="mdquriId" />
+												required="true" id="mdqUrlId__" />
+										</ox:decorate>
+									</h:panelGroup>
+
+									<h:panelGroup id="mdqProviderId">
+										<ox:decorate id="mdqProviderId_"
+											rendered="#{(_trustRelationship.spMetaDataSourceType.value eq 'mdq') and (_trustRelationship.entityType.value eq 'Single SP')}"
+											label="#{msgs['trustmanager.selectMdqProvider']}">
+											<h:selectOneMenu styleClass="rounded form-control"
+												value="#{_trustRelationship.gluuContainerFederation}" required="true"
+												id="mdqProviderId__">
+												<f:selectItem noSelectOption="true" itemLabel="#{msgs['trustmanager.mdqProviderSelectLabel']}"/>
+												<f:selectItems value="#{_trustRelationshipAction.allMdqFederatedTrustRelationships}"
+													var="_type" itemLabel="#{_type.displayName}" itemValue="#{_type.dn}" />
+											</h:selectOneMenu>
 										</ox:decorate>
 									</h:panelGroup>
+									<h:panelGroup id="mdqEntityId">
+										<ox:decorate id="mdqEntityId_"
+											rendered="#{(_trustRelationship.spMetaDataSourceType.value eq 'mdq') and (_trustRelationship.entityType.value eq 'Single SP')}"
+											label="#{msgs['trustmanager.mdqEntityId']}">
+											<h:inputText styleClass="form-control"
+												size="40" value="#{_trustRelationship.entityId}" required="true" id="mdqEntityId__"/>
+										</ox:decorate>
 									</h:panelGroup>
 										
 									<h:panelGroup id="spSingleGroup">
diff --git a/server/src/main/webapp/client/updateClient.xhtml b/server/src/main/webapp/client/updateClient.xhtml
index a127f7a412..5698290d82 100644
--- a/server/src/main/webapp/client/updateClient.xhtml
+++ b/server/src/main/webapp/client/updateClient.xhtml
@@ -112,7 +112,7 @@
 				searchResult="#{updateClientAction.availableScopes}" 
 				searchPattern="#{updateClientAction.scopePattern}"/>
 
-			<ox:selectSelectableEntityDialog
+      <ox:selectSelectableEntityDialog
 				acceptMethod="#{updateClientAction.acceptSelectResponseTypes}"
 				cancelMethod="#{updateClientAction.cancelSelectResponseTypes}"
 				displayNameProperty="entity.value" displaySearchForm="false"
diff --git a/server/src/main/webapp/register.xhtml b/server/src/main/webapp/register.xhtml
index afe4f7e00f..8828b13dbe 100644
--- a/server/src/main/webapp/register.xhtml
+++ b/server/src/main/webapp/register.xhtml
@@ -151,9 +151,11 @@ iframe {
 											template="/WEB-INF/incl/layout/edit.xhtml">
 											<h:inputSecret autocomplete="off" class="form-control"
 												id="password" binding="#{passwordComponent}" maxlength="60"
+												validator="#{registerPersonAction.validateConfirmPassword}"
 												redisplay="true" required="true" size="40" tabindex="6"
 												value="#{registerPersonAction.password}" />
 											<h:outputText value=" " />
+											<b:message/>
 										</ox:decorate>
 										<ox:decorate id="repeatPasswordField"
 											label="#{msgs['register.repeatPassword']}"
@@ -162,12 +164,14 @@ iframe {
 											<h:inputSecret autocomplete="off" class="form-control"
 												id="passwordValidation" maxlength="60" redisplay="true"
 												required="true" size="40" tabindex="7"
+												validator="#{registerPersonAction.validateConfirmPassword}"
 												value="#{registerPersonAction.repeatPassword}">
 												<f:validator validatorId="equalsValidator" />
 												<f:attribute name="otherValue"
 													value="#{passwordComponent.value}" />
 											</h:inputSecret>
 											<h:outputText value=" " />
+											<b:message/>
 										</ox:decorate>
 										<ox:decorate id="email" label="#{msgs['register.email']} "
 											style="margin-left: -15px;"
diff --git a/server/src/main/webapp/resetPassword.xhtml b/server/src/main/webapp/resetPassword.xhtml
index d2e4402b56..b7bd577415 100644
--- a/server/src/main/webapp/resetPassword.xhtml
+++ b/server/src/main/webapp/resetPassword.xhtml
@@ -63,10 +63,13 @@ iframe {
 							</h:panelGroup>
 							<h:panelGroup>
 								<h:outputLabel for="pass">#{msgs['resetPassword.enterNewPassword']}:</h:outputLabel>
-								<h:inputSecret id="pass" maxlength="160" size="40" autocomplete="off"
+								<h:inputSecret id="pass" maxlength="160" size="40" autocomplete="off" 
 									style="width:100%;" value="#{passwordResetAction.password}">
-									<f:validator validatorId="gluuPasswordValidator" />
+									<f:validator validatorId="gluuPasswordValidator" for="pass"/>
 								</h:inputSecret>
+								<h:message id="passmsg" for="pass" style="color: red !important;font-weight: bold;"/>
+								<br/>
+								<br/>
 								<h:inputHidden id="response"
 									value="#{passwordResetAction.response}" />
 								<h:outputLabel for="conf">#{msgs['resetPassword.confirmNewPassword']}:</h:outputLabel>
@@ -74,6 +77,8 @@ iframe {
 									style="width:100%;" value="#{passwordResetAction.confirm}">
 									<f:validator validatorId="gluuPasswordValidator" />
 								</h:inputSecret>
+								<h:message id="confmsg" for="conf" style="color: red !important;font-weight: bold;"/>
+								<br/>
 								<h:inputHidden value="#{passwordResetAction.code}" />
 							</h:panelGroup>
 							<h:panelGroup>
diff --git a/service/src/main/java/org/gluu/oxtrust/service/JsonConfigurationService.java b/service/src/main/java/org/gluu/oxtrust/service/JsonConfigurationService.java
index d8d419e83e..723e29ec07 100644
--- a/service/src/main/java/org/gluu/oxtrust/service/JsonConfigurationService.java
+++ b/service/src/main/java/org/gluu/oxtrust/service/JsonConfigurationService.java
@@ -6,13 +6,23 @@
 
 package org.gluu.oxtrust.service;
 
+import java.io.File;
 import java.io.IOException;
 import java.io.Serializable;
+import java.lang.reflect.Method;
+import java.nio.charset.StandardCharsets;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
 
 import javax.enterprise.context.ApplicationScoped;
 import javax.inject.Inject;
 import javax.inject.Named;
 
+import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.io.FileUtils;
 import org.apache.commons.lang.StringUtils;
 import org.gluu.config.oxtrust.AppConfiguration;
 import org.gluu.config.oxtrust.AttributeResolverConfiguration;
@@ -22,7 +32,9 @@
 import org.gluu.config.oxtrust.LdapOxAuthConfiguration;
 import org.gluu.config.oxtrust.LdapOxTrustConfiguration;
 import org.gluu.service.config.ConfigurationFactory;
+import org.gluu.oxtrust.model.AuditConfigLogDetails;
 import org.gluu.oxtrust.model.GluuConfiguration;
+import org.gluu.oxtrust.security.Identity;
 import org.gluu.persist.PersistenceEntryManager;
 import org.gluu.persist.exception.BasePersistenceException;
 import org.gluu.service.JsonService;
@@ -59,6 +71,9 @@ public class JsonConfigurationService implements Serializable {
 
 	@Inject
 	private ConfigurationService configurationService;
+	
+    @Inject
+    private Identity identity;
 
 	public AppConfiguration getOxTrustappConfiguration() {
 		LdapOxTrustConfiguration ldapOxTrustConfiguration = getOxTrustConfiguration();
@@ -98,6 +113,7 @@ public org.gluu.oxauth.model.configuration.AppConfiguration getOxauthAppConfigur
 
 	public boolean saveOxTrustappConfiguration(AppConfiguration oxTrustappConfiguration) {
 		LdapOxTrustConfiguration ldapOxTrustConfiguration = getOxTrustConfiguration();
+		diff( ldapOxTrustConfiguration.getApplication(), oxTrustappConfiguration);
 		ldapOxTrustConfiguration.setApplication(oxTrustappConfiguration);
 		ldapOxTrustConfiguration.setRevision(ldapOxTrustConfiguration.getRevision() + 1);
 		persistenceEntryManager.merge(ldapOxTrustConfiguration);
@@ -106,6 +122,7 @@ public boolean saveOxTrustappConfiguration(AppConfiguration oxTrustappConfigurat
 
 	public boolean saveOxTrustImportPersonConfiguration(ImportPersonConfig oxTrustImportPersonConfiguration) {
 		LdapOxTrustConfiguration ldapOxTrustConfiguration = getOxTrustConfiguration();
+		diff( ldapOxTrustConfiguration.getImportPersonConfig(), oxTrustImportPersonConfiguration);
 		ldapOxTrustConfiguration.setImportPersonConfig(oxTrustImportPersonConfiguration);
 		ldapOxTrustConfiguration.setRevision(ldapOxTrustConfiguration.getRevision() + 1);
 		persistenceEntryManager.merge(ldapOxTrustConfiguration);
@@ -114,6 +131,7 @@ public boolean saveOxTrustImportPersonConfiguration(ImportPersonConfig oxTrustIm
 
 	public boolean saveOxTrustCacheRefreshConfiguration(CacheRefreshConfiguration oxTrustCacheRefreshConfiguration) {
 		LdapOxTrustConfiguration ldapOxTrustConfiguration = getOxTrustConfiguration();
+		diff( ldapOxTrustConfiguration.getCacheRefresh(), oxTrustCacheRefreshConfiguration);
 		ldapOxTrustConfiguration.setCacheRefresh(oxTrustCacheRefreshConfiguration);
 		ldapOxTrustConfiguration.setRevision(ldapOxTrustConfiguration.getRevision() + 1);
 		persistenceEntryManager.merge(ldapOxTrustConfiguration);
@@ -123,6 +141,7 @@ public boolean saveOxTrustCacheRefreshConfiguration(CacheRefreshConfiguration ox
 	public boolean saveOxTrustAttributeResolverConfigurationConfiguration(
 			AttributeResolverConfiguration attributeResolverConfiguration) {
 		LdapOxTrustConfiguration ldapOxTrustConfiguration = getOxTrustConfiguration();
+		diff( ldapOxTrustConfiguration.getAttributeResolverConfig(), attributeResolverConfiguration);
 		ldapOxTrustConfiguration.setAttributeResolverConfig(attributeResolverConfiguration);
 		ldapOxTrustConfiguration.setRevision(ldapOxTrustConfiguration.getRevision() + 1);
 		persistenceEntryManager.merge(ldapOxTrustConfiguration);
@@ -131,6 +150,7 @@ public boolean saveOxTrustAttributeResolverConfigurationConfiguration(
 
 	public boolean saveOxAuthAppConfiguration(org.gluu.oxauth.model.configuration.AppConfiguration appConfiguration) {
 		try {
+			diff( getOxauthAppConfiguration(), appConfiguration);
 			String appConfigurationJson = jsonService.objectToJson(appConfiguration);
 			return saveOxAuthDynamicConfigJson(appConfigurationJson);
 		} catch (IOException e) {
@@ -152,6 +172,7 @@ public boolean saveOxAuthDynamicConfigJson(String oxAuthDynamicConfigJson) throw
 	public boolean saveOxMemCacheConfiguration(CacheConfiguration cachedConfiguration) {
 		encrypPassword(cachedConfiguration.getRedisConfiguration());
 		GluuConfiguration gluuConfiguration = configurationService.getConfiguration();
+		diff( gluuConfiguration.getCacheConfiguration(), cachedConfiguration);
 		gluuConfiguration.setCacheConfiguration(cachedConfiguration);
 		configurationService.updateConfiguration(gluuConfiguration);
 		return true;
@@ -159,6 +180,7 @@ public boolean saveOxMemCacheConfiguration(CacheConfiguration cachedConfiguratio
 
 	public boolean saveDocumentStoreConfiguration(DocumentStoreConfiguration documentStoreConfiguration) {
 		GluuConfiguration gluuConfiguration = configurationService.getConfiguration();
+		diff( gluuConfiguration.getDocumentStoreConfiguration(), documentStoreConfiguration);
 		gluuConfiguration.setDocumentStoreConfiguration(documentStoreConfiguration);
 		configurationService.updateConfiguration(gluuConfiguration);
 		return true;
@@ -221,5 +243,104 @@ public void saveFido2Configuration(String fido2ConfigJson) {
 		fido2Configuration.setRevision(fido2Configuration.getRevision() + 1);
 		persistenceEntryManager.merge(fido2Configuration);
 	}
+	
+	public void diff(Object obj1, Object obj2) {
+		// Make sure that 2 objects has same type
+		if (obj1 != null && obj2 != null) {
+			if (obj1.getClass().equals(obj2.getClass())) {
+				LdapOxTrustConfiguration ldapOxTrustConfiguration = getOxTrustConfiguration();
+				String auditLogLocation = ldapOxTrustConfiguration.getApplication().getAuditConfigLogsLocation();
+				if (auditLogLocation != null && !auditLogLocation.isEmpty()) {
+					File file = new File(
+							auditLogLocation + "_" + new SimpleDateFormat("yyyy-MM-dd").format(new Date()) + ".txt");
+					String logline = "";
+
+					try {
+						Class c = Class.forName(obj1.getClass().getName());
+						Method m[] = c.getDeclaredMethods();
+						Object oo1, oo2;
+
+						for (int i = 0; i < m.length; i++) {
+							if (m[i].getName().startsWith("get") || m[i].getName().startsWith("is")) {
+								oo1 = m[i].invoke(obj1, null);
+								oo2 = m[i].invoke(obj2, null);
+								if (oo1 != null || oo2 != null) {
+									Date date = new Date();
+									DateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+									if (oo1.getClass().getName().startsWith("org.gluu")) {
+										diff(oo1, oo2);
+										continue;
+									}
+									if (oo1.getClass().isArray()) {
+										if (!Arrays.deepEquals((Object[]) oo1, (Object[]) oo2)) {
+											
+											AuditConfigLogDetails auditConfigLogDetails = new AuditConfigLogDetails(
+													identity.getUser().getDisplayName(),
+													c.getSimpleName(),
+													m[i].getName().substring(2),
+													oo1.toString(),
+													oo2.toString());
+											
+											logline = logline + dateFormat.format(date) + " " + jsonService.objectToJson(auditConfigLogDetails) + "\n";
+											log.info(auditConfigLogDetails.toString());
+										}
+										continue;
+									}
+									if (oo1 instanceof List) {
+										if (!CollectionUtils.isEqualCollection((List) oo1, (List) oo2)) {
+											AuditConfigLogDetails auditConfigLogDetails = new AuditConfigLogDetails(
+													identity.getUser().getDisplayName(),
+													c.getSimpleName(),
+													m[i].getName().substring(2),
+													oo1.toString(),
+													oo2.toString());
+											
+											logline = logline + dateFormat.format(date) + " " +  jsonService.objectToJson(auditConfigLogDetails) + "\n";
+											log.info(auditConfigLogDetails.toString());
+										}
+										continue;
+									}
+									if (!oo1.equals(oo2)) {
+										if (m[i].getName().startsWith("is")) {
+											AuditConfigLogDetails auditConfigLogDetails = new AuditConfigLogDetails(
+													identity.getUser().getDisplayName(),
+													c.getSimpleName(),
+													m[i].getName().substring(2),
+													oo1.toString(),
+													oo2.toString());
+											
+											logline = logline + dateFormat.format(date) + " " + jsonService.objectToJson(auditConfigLogDetails) + "\n";
+											
+											log.info(auditConfigLogDetails.toString());
+
+										} else {
+											AuditConfigLogDetails auditConfigLogDetails = new AuditConfigLogDetails(
+													identity.getUser().getDisplayName(),
+													c.getSimpleName(),
+													m[i].getName().substring(3),
+													oo1.toString(),
+													oo2.toString());
+											
+											logline = logline + dateFormat.format(date) + " " +  jsonService.objectToJson(auditConfigLogDetails) + "\n";
+											log.info(auditConfigLogDetails.toString());
+
+										}
+									}
+								}
+							}
+						}
+						FileUtils.writeStringToFile(file, logline, StandardCharsets.UTF_8, true);
+					} catch (Throwable e) {
+						log.error(e.getMessage());
+					}
+				} else {
+					log.info(
+							"Audit log location is not set to save log files.please set AuditLogsLocation property in oxtrust configuration. ");
+				}
+			} else {
+				log.info("compare object class mismatch");
+			}
+		}
+	}
 
 }
diff --git a/service/src/main/java/org/gluu/oxtrust/service/PersonService.java b/service/src/main/java/org/gluu/oxtrust/service/PersonService.java
index 1101bc2f69..3be5b0281c 100644
--- a/service/src/main/java/org/gluu/oxtrust/service/PersonService.java
+++ b/service/src/main/java/org/gluu/oxtrust/service/PersonService.java
@@ -514,8 +514,8 @@ public List<GluuCustomAttribute> getMandatoryAtributes() {
 		if (this.mandatoryAttributes == null) {
 			mandatoryAttributes = new ArrayList<GluuCustomAttribute>();
 			mandatoryAttributes.add(new GluuCustomAttribute(OxConstants.UID, "", true, true));
-			mandatoryAttributes.add(new GluuCustomAttribute("givenName", "", true, true));
 			mandatoryAttributes.add(new GluuCustomAttribute("displayName", "", true, true));
+			mandatoryAttributes.add(new GluuCustomAttribute("givenName", "", true, true));
 			mandatoryAttributes.add(new GluuCustomAttribute("sn", "", true, true));
 			mandatoryAttributes.add(new GluuCustomAttribute("mail", "", true, true));
 			mandatoryAttributes.add(new GluuCustomAttribute("userPassword", "", true, true));
diff --git a/service/src/main/java/org/gluu/oxtrust/service/Shibboleth3ConfService.java b/service/src/main/java/org/gluu/oxtrust/service/Shibboleth3ConfService.java
index 898c3160d5..f28609088b 100644
--- a/service/src/main/java/org/gluu/oxtrust/service/Shibboleth3ConfService.java
+++ b/service/src/main/java/org/gluu/oxtrust/service/Shibboleth3ConfService.java
@@ -44,6 +44,7 @@
 import org.gluu.model.GluuStatus;
 import org.gluu.model.GluuUserRole;
 import org.gluu.model.SchemaEntry;
+import org.gluu.oxtrust.model.GluuEntityType;
 import org.gluu.oxtrust.model.GluuMetadataSourceType;
 import org.gluu.oxtrust.model.GluuSAMLFederationProposal;
 import org.gluu.oxtrust.model.GluuSAMLTrustRelationship;
@@ -96,7 +97,6 @@ public class Shibboleth3ConfService implements Serializable {
     public static final String SHIB3_IDP_IDP_METADATA_FILE = "idp-metadata.xml";
     public static final String SHIB3_IDP_SP_METADATA_FILE = "sp-metadata.xml";
     private static final String SHIB_IDP_GLUU_ATTRIBUTE_RULES_FILE = "gluu-attribute-rules.xml";
-    public static final String SHIB3_MDQ_METADATA_FILE = "mdq-metadata.xml";
     public static final String SHIB3_SP_ATTRIBUTE_MAP_FILE = "attribute-map.xml";
     public static final String SHIB3_SP_SHIBBOLETH2_FILE = "shibboleth2.xml";
     
@@ -281,7 +281,7 @@ public boolean generateGluuAttributeRulesFile(List<GluuAttribute> attributes) {
     public boolean generateConfigurationFiles(List<GluuSAMLTrustRelationship> trustRelationships) {
 
         log.info(">>>>>>>>>> IN Shibboleth3ConfService.generateConfigurationFiles()...");
-
+        GluuSAMLTrustRelationship.sortByDataSourceType(trustRelationships);
         if (appConfiguration.getShibboleth3IdpRootDir() == null) {
             throw new InvalidConfigurationException("Failed to update configuration due to undefined IDP root folder");
         }
@@ -411,25 +411,23 @@ private void initAttributes(List<GluuSAMLTrustRelationship> trustRelationships)
      * Prepare trustRelationships to generate files
      */
     private HashMap<String, Object> initTrustParamMap(List<GluuSAMLTrustRelationship> trustRelationships) {
-
-        log.trace("Starting trust parameters map initialization.");
-
-        HashMap<String, Object> trustParams = new HashMap<String, Object>();
+        
+        log.trace("Starting trust parameter map initialization");
+        HashMap<String,Object> ret = new HashMap<String,Object>();
 
         // Metadata signature verification engines
         // https://wiki.shibboleth.net/confluence/display/SHIB2/IdPTrustEngine
-        List<Map<String, String>> trustEngines = new ArrayList<Map<String, String>>();
+        List<Map<String,String>> trustEngines = new ArrayList<Map<String,String>>();
 
         // the map of {inum,number} for easy naming of relying parties.
-        Map<String, String> trustIds = new HashMap<String, String>();
+        Map<String,String> trustIds = new HashMap<String,String>();
 
         // Trust relationships that are part of some federation
         List<GluuSAMLTrustRelationship> deconstructed = new ArrayList<GluuSAMLTrustRelationship>();
 
-        // the map of {inum,number} for easy naming of federated relying
-        // parties.
+        // the map of {inum,number} for easy naming of federated relying parties
         Map<String, String> deconstructedIds = new HashMap<String, String>();
-
+        
         // the map of {inum, {inum, inum, inum...}} describing the federations
         // and TRs defined from them.
         Map<String, List<String>> deconstructedMap = new HashMap<String, List<String>>();
@@ -438,116 +436,118 @@ private HashMap<String, Object> initTrustParamMap(List<GluuSAMLTrustRelationship
         Map<String, List<String>> trustEntityIds = new HashMap<String, List<String>>();
 
         int id = 1;
-        for (GluuSAMLTrustRelationship trustRelationship : trustRelationships) {
-
-            boolean isPartOfFederation = !(trustRelationship.getSpMetaDataSourceType()
-                    .equals(GluuMetadataSourceType.URI)
-                    || trustRelationship.getSpMetaDataSourceType().equals(GluuMetadataSourceType.FILE));
+        String idpMetadataDir = getIdpMetadataDir();
+        for(GluuSAMLTrustRelationship trustRelationship: trustRelationships) {
 
-            if (!isPartOfFederation) {
+            if(isMetadataProviderSource(trustRelationship)) {
 
-                // Set Id
-                trustIds.put(trustRelationship.getInum(), String.valueOf(id++));
+                trustIds.put(trustRelationship.getInum(),String.valueOf(id++));
 
-                // Set entityId
-                String idpMetadataFolder = getIdpMetadataDir();
+                if(isFileOrUriMetadataSource(trustRelationship)) {
+                    String metadataFile = idpMetadataDir + trustRelationship.getSpMetaDataFN();
+                    List<String> entityIds = samlMetadataParser.getEntityIdFromMetadataFile(metadataFile);
 
-                String metadataFile = idpMetadataFolder + trustRelationship.getSpMetaDataFN();
-                List<String> entityIds = samlMetadataParser.getEntityIdFromMetadataFile(metadataFile);
+                    //If for some reason metadata is corrupted or missing 
+                    //Mark TR as INACTIVE.
+                    //User will be able to fix this in the UI 
+                    if(entityIds == null) {
+                        trustRelationship.setStatus(GluuStatus.INACTIVE);
+                        trustService.updateTrustRelationship(trustRelationship);
+                        continue;
+                    }
 
-                // if for some reason metadata is corrupted or missing - mark trust relationship
-                // INACTIVE
-                // user will be able to fix this in UI
-                if (entityIds == null) {
-                    trustRelationship.setStatus(GluuStatus.INACTIVE);
-                    trustService.updateTrustRelationship(trustRelationship);
-                    continue;
+                    trustEntityIds.put(trustRelationship.getInum(),entityIds);
                 }
 
-                trustEntityIds.put(trustRelationship.getInum(), entityIds);
-
                 initProfileConfiguration(trustRelationship);
-
-                if (trustRelationship.getMetadataFilters().get("signatureValidation") != null) {
-
-                    Map<String, String> trustEngine = new HashMap<String, String>();
-
-                    trustEngine.put("id", "Trust" + StringHelper.removePunctuation(trustRelationship.getInum()));
-
-                    trustEngine.put("certPath", getIdpMetadataDir() + "credentials" + File.separator + trustRelationship
-                            .getMetadataFilters().get("signatureValidation").getFilterCertFileName());
-
+                if(trustRelationship.getMetadataFilters().get("signatureValidation") != null) {
+                    Map<String,String> trustEngine = new HashMap<String, String>();
+                    trustEngine.put("id","Trust"+StringHelper.removePunctuation(trustRelationship.getInum()));
+                    trustEngine.put("certPath",idpMetadataDir+"credentials"+File.separator+
+                        trustRelationship.getMetadataFilters().get("signatureValidation").getFilterCertFileName());
                     trustEngines.add(trustEngine);
                 }
 
-                // If there is an intrusive filter - push it to the end of the list.
-                if (trustRelationship.getGluuSAMLMetaDataFilter() != null) {
+                //Push intrusive filters to the end of the list if need be 
+                if(trustRelationship.getGluuSAMLMetaDataFilter() != null) {
 
-                    List<String> filtersList = new ArrayList<String>();
+                    List<String> filters = new ArrayList<String>();
                     String entityRoleWhiteList = null;
-                    for (String filterXML : trustRelationship.getGluuSAMLMetaDataFilter()) {
-
-                        Document xmlDocument;
-
+                    for(String filterXml : trustRelationship.getGluuSAMLMetaDataFilter()) {
+                        Document xmldoc;
                         try {
-
-                            xmlDocument = xmlService.getXmlDocument(filterXML.getBytes());
-
-                        } catch (Exception e) {
-                            log.error("GluuSAMLMetaDataFilter contains invalid value.", e);
-                            e.printStackTrace();
+                            xmldoc = xmlService.getXmlDocument(filterXml.getBytes());
+                        }catch(Exception e) {
+                            log.error("GluuSAMLMetaDataFilter contains an invalid value",e);
                             continue;
                         }
 
-                        if (xmlDocument.getFirstChild().getAttributes().getNamedItem("xsi:type").getNodeValue()
-                                .equals(FilterService.ENTITY_ROLE_WHITE_LIST_TYPE)) {
-                            entityRoleWhiteList = filterXML;
+                        if(xmldoc.getFirstChild().getAttributes().getNamedItem("xsi:type").getNodeValue()
+                            .equals(FilterService.ENTITY_ROLE_WHITE_LIST_TYPE)) {
+                            
+                            entityRoleWhiteList = filterXml;
                             continue;
                         }
 
-                        filtersList.add(filterXML);
+                        filters.add(filterXml);
                     }
 
-                    if (entityRoleWhiteList != null) {
-                        filtersList.add(entityRoleWhiteList);
+                    if(entityRoleWhiteList !=null) {
+                        filters.add(entityRoleWhiteList);
                     }
-
-                    trustRelationship.setGluuSAMLMetaDataFilter(filtersList);
+                    trustRelationship.setGluuSAMLMetaDataFilter(filters);
                 }
 
-            } else {
-                initProfileConfiguration(trustRelationship);
+            }else {
 
+                initProfileConfiguration(trustRelationship);
                 String federationInum = trustRelationship.getGluuContainerFederation();
-
-                if (deconstructedMap.get(federationInum) == null) {
+                if(deconstructedMap.get(federationInum) == null) {
                     deconstructedMap.put(federationInum, new ArrayList<String>());
                 }
-
+                
                 deconstructedMap.get(federationInum).add(trustRelationship.getEntityId());
                 deconstructed.add(trustRelationship);
-                deconstructedIds.put(trustRelationship.getEntityId(), String.valueOf(id++));
+                deconstructedIds.put(trustRelationship.getEntityId(),String.valueOf(id++));
             }
         }
 
-        for (String trustRelationshipInum : trustEntityIds.keySet()) {
-            List<String> federatedSites = deconstructedMap.get(trustRelationshipInum);
-            if (federatedSites != null) {
-                trustEntityIds.get(trustRelationshipInum).removeAll(federatedSites);
+        for(String trInum : trustEntityIds.keySet()) {
+            List<String> federatedsites = deconstructedMap.get(trInum);
+            if(federatedsites != null) {
+                trustEntityIds.get(trInum).removeAll(federatedsites);
             }
         }
+        
+        ret.put("deconstructed",deconstructed);
+        ret.put("deconstructedIds",deconstructedIds);
+        ret.put("trustEngines",trustEngines);
+        ret.put("trusts",trustRelationships);
+        ret.put("trustIds",trustIds);
+        ret.put("trustEntityIds",trustEntityIds);
+        return ret;
+    }
 
-        trustParams.put("idpCredentialsPath", getIdpMetadataDir() + "credentials" + File.separator);
+    private boolean isMetadataProviderSource(GluuSAMLTrustRelationship trustRelationship) {
 
-        trustParams.put("deconstructed", deconstructed);
-        trustParams.put("deconstructedIds", deconstructedIds);
+        if(trustRelationship.getSpMetaDataSourceType().equals(GluuMetadataSourceType.URI)
+            || trustRelationship.getSpMetaDataSourceType().equals(GluuMetadataSourceType.FILE)) {
+            
+            return true;
+        }
 
-        trustParams.put("trustEngines", trustEngines);
-        trustParams.put("trusts", trustRelationships);
-        trustParams.put("trustIds", trustIds);
-        trustParams.put("trustEntityIds", trustEntityIds);
+        if(trustRelationship.getEntityType().equals(GluuEntityType.FederationAggregate) && 
+           trustRelationship.getSpMetaDataSourceType().equals(GluuMetadataSourceType.MDQ)) {
 
-        return trustParams;
+            return true;
+        } 
+        return false;
+    }
+
+    private boolean isFileOrUriMetadataSource(GluuSAMLTrustRelationship trustRelationship) {
+
+        return trustRelationship.getSpMetaDataSourceType().equals(GluuMetadataSourceType.FILE)
+            || trustRelationship.getSpMetaDataSourceType().equals(GluuMetadataSourceType.URI);
     }
 
     protected void initProfileConfiguration(GluuSAMLTrustRelationship trustRelationship)
@@ -926,38 +926,6 @@ public String generateSpMetadataFileContent(GluuSAMLTrustRelationship trustRelat
         return spMetadataFileContent;
     }
     
-    public boolean generateMDQMetadataFile(GluuSAMLTrustRelationship trustRelationship) {
-        if (appConfiguration.getShibboleth3IdpRootDir() == null) {
-            throw new InvalidConfigurationException(
-                    "Failed to generate SP meta-data file due to undefined IDP root folder");
-        }
-
-        String idpMetadataFolder = getIdpMetadataDir();
-
-        // Generate sp-metadata.xml meta-data file
-        String spMetadataFileContent = generateMDQSpMetadataFileContent(trustRelationship);
-        if (StringHelper.isEmpty(spMetadataFileContent)) {
-            return false;
-        }
-
-        if (StringHelper.isEmpty(trustRelationship.getUrl())) {
-            log.error("Trust relationship URL is empty");
-            return false;
-        }
-
-        return writeConfFile(idpMetadataFolder + trustRelationship.getSpMetaDataFN(), spMetadataFileContent);
-    }
-
-    public String generateMDQSpMetadataFileContent(GluuSAMLTrustRelationship trustRelationship) {
-        VelocityContext context = new VelocityContext();
-        context.put("trustRelationship", trustRelationship);
-        context.put("mdqUrl", trustRelationship.getUrl().replaceFirst("/$", ""));
-
-        // Generate mdq-metadata.xml.xml meta-data file
-        String mdqMetadataFileContent = generateConfFile(SHIB3_MDQ_METADATA_FILE, context);
-        return mdqMetadataFileContent;
-    }
-
     public void removeSpMetadataFile(String spMetadataFileName) {
         if (appConfiguration.getShibboleth3IdpRootDir() == null) {
             throw new InvalidConfigurationException(
diff --git a/service/src/main/java/org/gluu/oxtrust/service/TrustService.java b/service/src/main/java/org/gluu/oxtrust/service/TrustService.java
index 53e89179ce..920be04f87 100644
--- a/service/src/main/java/org/gluu/oxtrust/service/TrustService.java
+++ b/service/src/main/java/org/gluu/oxtrust/service/TrustService.java
@@ -22,6 +22,7 @@
 import org.gluu.model.GluuAttribute;
 import org.gluu.model.GluuStatus;
 import org.gluu.model.TrustContact;
+import org.gluu.oxtrust.model.GluuEntityType;
 import org.gluu.oxtrust.model.GluuMetadataSourceType;
 import org.gluu.oxtrust.model.GluuSAMLTrustRelationship;
 import org.gluu.oxtrust.util.OxTrustConstants;
@@ -163,6 +164,26 @@ public List<GluuSAMLTrustRelationship> getAllOtherFederations(String inum) {
 		return result;
 	}
 
+	public List<GluuSAMLTrustRelationship> getAllMdqFederatedTrustRelationships() {
+
+		GluuSAMLTrustRelationship trustRelationship = new GluuSAMLTrustRelationship();
+		trustRelationship.setBaseDn(getDnForTrustRelationShip(null));
+		//trustRelationship.setStatus(GluuStatus.ACTIVE);
+		trustRelationship.setEntityType(GluuEntityType.FederationAggregate);
+		trustRelationship.setSpMetaDataSourceType((GluuMetadataSourceType.MDQ));
+		return persistenceEntryManager.findEntries(trustRelationship);
+	}
+
+	public List<GluuSAMLTrustRelationship> getAllActiveMdqFederatedTrustRelationships() {
+
+		GluuSAMLTrustRelationship trustRelationship = new GluuSAMLTrustRelationship();
+		trustRelationship.setBaseDn(getDnForTrustRelationShip(null));
+		trustRelationship.setStatus(GluuStatus.ACTIVE);
+		trustRelationship.setEntityType(GluuEntityType.FederationAggregate);
+		trustRelationship.setSpMetaDataSourceType(GluuMetadataSourceType.MDQ);
+		return persistenceEntryManager.findEntries(trustRelationship);
+	}
+
 	/**
 	 * Check if LDAP server contains trust relationship with specified attributes
 	 *