The V2 compatible customisation of the OP discovery flow is now documented here: https://github.com/CSCfi/shibboleth-idp-oidc-extension/wiki/DiscoveryAndOPConfiguration

The default discovery flow configuration can now be overridden via the following property: _idp.oidc.discovery.resolver_ .

If not set, the default value _shibboleth.oidc.DefaultOpenIdConfigurationResolver_ is used, which exists in the discovery beans configuration together with its dependencies. 

TODO: Document this to GitHub.

Former user I think the last bit for this is to fix the discovery flows so they don't require editing the flow files to configure settings.

e.g. https://github.com/CSCfi/shibboleth-idp-oidc-extension/wiki/DiscoveryAndOPConfiguration

It mentions editing the beans file. I don't know if there are other cases like that one.

We need uber testing (and I mean the old stuff, not even this) but I have the IdP tests passing with the audit import moved up and out. The apparent/hopeful issue is that it was really just the metadata protocol for the SAML flows that was always causing the problem, so I converted it into a script.

This is blowing up where we expected, on the audit import. All the obvious tricks to get the test resources to override non-test aren't working.

Even if they did, we'd have to bake in an ugly hack of some kind to make the jar-based flow beans file do the import as a file:///, when technically we don't guarantee it has to be a file.

The audit beans have always been the circular mess that keeps things from working like they should, so it's probably time to just deal with it.

Even duplicating audit-system.xml won't help because an import of audit.xml itself will just fail the same way.

I was pretty sure that moving the audit beans up into global-system.xml wouldn't work but I think I need to test that theory.