domain refactoring

client/pom.xml

@@ -12,6 +12,11 @@
     <artifactId>pwm-client</artifactId>
     <packaging>jar</packaging>
 
+    <properties>
+        <node.version>v14.15.0</node.version>
+        <npm.version>6.14.8</npm.version>
+    </properties>
+
     <name>PWM Password Self Service: Angular Client JAR</name>
 
     <profiles>
@@ -77,10 +82,10 @@
                 <artifactId>frontend-maven-plugin</artifactId>
                 <version>1.10.3</version>
                 <configuration>
-                    <nodeVersion>v14.15.0</nodeVersion>
-                    <npmVersion>6.14.8</npmVersion>
+                    <nodeVersion>${node.version}</nodeVersion>
+                    <npmVersion>${npm.version}</npmVersion>
                     <workingDirectory>angular/</workingDirectory>
-                    <installDirectory>target/node-executable</installDirectory>
+                    <installDirectory>${settings.localRepository}/frontend-maven-plugin/node-${node.version}</installDirectory>
                 </configuration>
                 <executions>
                     <execution>

pom.xml

@@ -332,7 +332,7 @@
                 </configuration>
                 <executions>
                     <execution>
-                        <phase>test</phase>
+                        <phase>verify</phase>
                         <goals>
                             <goal>check</goal>
                         </goals>

server/pom.xml

@@ -61,7 +61,7 @@
                         <path>
                             <groupId>org.projectlombok</groupId>
                             <artifactId>lombok</artifactId>
-                            <version>1.18.12</version>
+                            <version>1.18.16</version>
                         </path>
                     </annotationProcessorPaths>
                 </configuration>

server/src/main/java/password/pwm/PwmAboutProperty.java

@@ -48,7 +48,7 @@ public enum PwmAboutProperty
     app_startTime( null, pwmApplication -> format( pwmApplication.getStartupTime() ) ),
     app_installTime( null, pwmApplication -> format( pwmApplication.getInstallTime() ) ),
     app_siteUrl( null, pwmApplication -> pwmApplication.getConfig().readSettingAsString( PwmSetting.PWM_SITE_URL ) ),
-    app_instanceID( null, PwmDomain::getInstanceID ),
+    app_instanceID( null, PwmApplication::getInstanceID ),
     app_trialMode( null, pwmApplication -> Boolean.toString( PwmConstants.TRIAL_MODE ) ),
     app_mode_appliance( null, pwmApplication -> Boolean.toString( pwmApplication.getPwmEnvironment().getFlags().contains( PwmEnvironment.ApplicationFlag.Appliance ) ) ),
     app_mode_docker( null, pwmApplication -> Boolean.toString( pwmApplication.getPwmEnvironment().getFlags().contains( PwmEnvironment.ApplicationFlag.Docker ) ) ),
@@ -71,10 +71,10 @@ public enum PwmAboutProperty
     app_configurationRestartCounter( null, pwmApplication -> Integer.toString( pwmApplication.getPwmEnvironment().getContextManager().getRestartCount() ) ),
     app_secureBlockAlgorithm( null, pwmApplication -> pwmApplication.getSecureService().getDefaultBlockAlgorithm().getLabel() ),
     app_secureHashAlgorithm( null, pwmApplication -> pwmApplication.getSecureService().getDefaultHashAlgorithm().toString() ),
-    app_ldapProfileCount( null, pwmApplication -> Integer.toString( pwmApplication.getConfig().getLdapProfiles().size() ) ),
+    app_ldapProfileCount( null, pwmApplication -> Integer.toString( pwmApplication.getDefaultDomain().getConfig().getLdapProfiles().size() ) ),
     app_ldapConnectionCount( null, pwmApplication -> Integer.toString( pwmApplication.getLdapConnectionService().connectionCount() ) ),
     app_activeSessionCount( "Active Session Count", pwmApplication -> Integer.toString( pwmApplication.getSessionTrackService().sessionCount() ) ),
-    app_activeRequestCount( "Active Request Count", pwmApplication -> Integer.toString( pwmApplication.getPwmApplication().getActiveServletRequests().get() ) ),
+    app_activeRequestCount( "Active Request Count", pwmApplication -> Integer.toString( pwmApplication.getActiveServletRequests().get() ) ),
 
     build_Time( "Build Time", pwmApplication -> PwmConstants.BUILD_TIME ),
     build_Number( "Build Number", pwmApplication -> PwmConstants.BUILD_NUMBER ),
@@ -112,9 +112,9 @@ public enum PwmAboutProperty
             pwmApplication -> pwmApplication.getDatabaseService().getConnectionDebugProperties().get( DatabaseService.DatabaseAboutProperty.databaseProductVersion ) ),;
 
     private final String label;
-    private final transient Function<PwmDomain, String> value;
+    private final transient Function<PwmApplication, String> value;
 
-    PwmAboutProperty( final String label, final Function<PwmDomain, String> value )
+    PwmAboutProperty( final String label, final Function<PwmApplication, String> value )
     {
         this.label = label;
         this.value = value;
@@ -123,19 +123,19 @@ public enum PwmAboutProperty
     private static final PwmLogger LOGGER = PwmLogger.forClass( PwmAboutProperty.class );
 
     public static Map<PwmAboutProperty, String> makeInfoBean(
-            final PwmDomain pwmDomain
+            final PwmApplication pwmApplication
     )
     {
         final Map<String, String> aboutMap = new TreeMap<>();
 
         for ( final PwmAboutProperty pwmAboutProperty : PwmAboutProperty.values() )
         {
-            final Function<PwmDomain, String> valueProvider = pwmAboutProperty.value;
+            final Function<PwmApplication, String> valueProvider = pwmAboutProperty.value;
             if ( valueProvider != null )
             {
                 try
                 {
-                    final String value = valueProvider.apply( pwmDomain );
+                    final String value = valueProvider.apply( pwmApplication );
                     aboutMap.put( pwmAboutProperty.name(), value == null ? "" : value );
                 }
                 catch ( final Throwable t )

server/src/main/java/password/pwm/PwmApplication.java

@@ -123,7 +123,7 @@ public class PwmApplication
     private Map<DomainID, PwmDomain> domains;
     private String runtimeNonce = PwmRandom.getInstance().randomUUID().toString();
 
-    private final PwmServiceManager pwmServiceManager = new PwmServiceManager();
+    private final PwmServiceManager pwmServiceManager = new PwmServiceManager( this, DomainID.systemId() );
 
     private final Instant startupTime = Instant.now();
     private Instant installTime = Instant.now();
@@ -272,7 +272,7 @@ public class PwmApplication
 
         pwmScheduler = new PwmScheduler( getInstanceID() );
 
-        pwmServiceManager.initAllServices( this.getDefaultDomain() );
+        pwmServiceManager.initAllServices();
 
         final boolean skipPostInit = pwmEnvironment.isInternalRuntimeInstance()
                 || pwmEnvironment.getFlags().contains( PwmEnvironment.ApplicationFlag.CommandLineInstance );
@@ -326,7 +326,7 @@ public class PwmApplication
 
         try
         {
-            final Map<PwmAboutProperty, String> infoMap = PwmAboutProperty.makeInfoBean( this.getDefaultDomain() );
+            final Map<PwmAboutProperty, String> infoMap = PwmAboutProperty.makeInfoBean( this );
             LOGGER.trace( () ->  "application info: " + JsonUtil.serializeMap( infoMap ) );
         }
         catch ( final Exception e )

server/src/main/java/password/pwm/PwmDomain.java

@@ -36,7 +36,6 @@ import password.pwm.ldap.LdapConnectionService;
 import password.pwm.ldap.search.UserSearchEngine;
 import password.pwm.svc.PwmService;
 import password.pwm.svc.cache.CacheService;
-import password.pwm.svc.email.EmailService;
 import password.pwm.svc.event.AuditService;
 import password.pwm.svc.httpclient.HttpClientService;
 import password.pwm.svc.intruder.IntruderManager;
@@ -62,9 +61,7 @@ import password.pwm.util.operations.OtpService;
 import password.pwm.util.queue.SmsQueueManager;
 import password.pwm.util.secure.SecureService;
 
-import java.io.File;
 import java.io.Serializable;
-import java.time.Instant;
 import java.util.List;
 import java.util.Objects;
 import java.util.Optional;
@@ -140,19 +137,6 @@ public class PwmDomain
         return pwmApplication.getSecureService();
     }
 
-
-
-
-    public Instant getStartupTime( )
-    {
-        return pwmApplication.getStartupTime();
-    }
-
-    public Instant getInstallTime( )
-    {
-        return pwmApplication.getInstallTime();
-    }
-
     public LocalDB getLocalDB( )
     {
         return pwmApplication.getLocalDB();
@@ -163,17 +147,11 @@ public class PwmDomain
         return pwmApplication;
     }
 
-
     public PwmEnvironment getPwmEnvironment( )
     {
         return pwmApplication.getPwmEnvironment();
     }
 
-    public String getRuntimeNonce( )
-    {
-        return pwmApplication.getRuntimeNonce();
-    }
-
     public <T extends Serializable> Optional<T> readAppAttribute( final AppAttribute appAttribute, final Class<T> returnClass )
     {
        return getPwmApplication().readAppAttribute( appAttribute, returnClass );
@@ -184,11 +162,6 @@ public class PwmDomain
         getPwmApplication().writeAppAttribute( appAttribute, value );
     }
 
-    public File getTempDirectory( ) throws PwmUnrecoverableException
-    {
-       return pwmApplication.getTempDirectory();
-    }
-
     public boolean determineIfDetailErrorMsgShown( )
     {
         return pwmApplication.determineIfDetailErrorMsgShown();
@@ -214,11 +187,6 @@ public class PwmDomain
         return pwmApplication.getInstanceID();
     }
 
-    public EmailService getEmailQueue()
-    {
-        return pwmApplication.getEmailQueue();
-    }
-
     public SessionTrackService getSessionTrackService()
     {
         return pwmApplication.getSessionTrackService();
@@ -335,6 +303,11 @@ public class PwmDomain
     {
 
     }
+
+    public DomainID getDomainID()
+    {
+        return domainID;
+    }
 }
 
 

server/src/main/java/password/pwm/bean/DomainID.java

@@ -29,7 +29,8 @@ import java.util.regex.Pattern;
 
 public class DomainID implements Comparable<DomainID>, Serializable
 {
-    private static final DomainID SYSTEM_DOMAIN_ID = new DomainID( "system" );
+    private static final String SYSTEM_ID = "system";
+    private static final DomainID SYSTEM_DOMAIN_ID = new DomainID( SYSTEM_ID );
     private static final Pattern REGEX_PATTERN = PwmSetting.DOMAIN_LIST.getRegExPattern();
 
     private final String domainID;
@@ -85,4 +86,9 @@ public class DomainID implements Comparable<DomainID>, Serializable
     {
         return SYSTEM_DOMAIN_ID;
     }
+
+    public boolean isSystem()
+    {
+        return SYSTEM_ID.equals( domainID );
+    }
 }

server/src/main/java/password/pwm/bean/UserIdentity.java

@@ -24,9 +24,9 @@ import com.novell.ldapchai.ChaiUser;
 import com.novell.ldapchai.exception.ChaiException;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import org.jetbrains.annotations.NotNull;
-import password.pwm.PwmDomain;
+import password.pwm.PwmApplication;
 import password.pwm.PwmConstants;
-import password.pwm.config.DomainConfig;
+import password.pwm.config.AppConfig;
 import password.pwm.config.profile.LdapProfile;
 import password.pwm.error.ErrorInformation;
 import password.pwm.error.PwmError;
@@ -91,11 +91,12 @@ public class UserIdentity implements Serializable, Comparable<UserIdentity>
     public static UserIdentity createUserIdentity(
             final String userDN,
             final String ldapProfile,
+            final DomainID domainID,
             final Flag... flags
     )
     {
         final boolean canonical = JavaHelper.enumArrayContainsValue( flags, Flag.PreCanonicalized );
-        return new UserIdentity( userDN, ldapProfile, PwmConstants.DOMAIN_ID_PLACEHOLDER, canonical );
+        return new UserIdentity( userDN, ldapProfile, domainID, canonical );
     }
 
     public String getUserDN( )
@@ -113,10 +114,10 @@ public class UserIdentity implements Serializable, Comparable<UserIdentity>
         return ldapProfile;
     }
 
-    public LdapProfile getLdapProfile( final DomainConfig domainConfig )
+    public LdapProfile getLdapProfile( final AppConfig appConfig )
     {
-        Objects.requireNonNull( domainConfig );
-        final LdapProfile ldapProfile = domainConfig.getLdapProfiles().get( this.getLdapProfileID() );
+        Objects.requireNonNull( appConfig );
+        final LdapProfile ldapProfile = appConfig.getDomainConfigs().get( domainID ).getLdapProfiles().get( this.getLdapProfileID() );
         if ( ldapProfile == null )
         {
             throw new IllegalStateException( "bogus ldapProfileID on userIdentity: "  + this.getLdapProfileID() );
@@ -129,7 +130,7 @@ public class UserIdentity implements Serializable, Comparable<UserIdentity>
         return toDisplayString();
     }
 
-    public String toObfuscatedKey( final PwmDomain pwmDomain )
+    public String toObfuscatedKey( final PwmApplication pwmApplication )
             throws PwmUnrecoverableException
     {
         // use local cache first.
@@ -139,7 +140,7 @@ public class UserIdentity implements Serializable, Comparable<UserIdentity>
         }
 
         // check app cache.  This is used primarily so that keys are static over some meaningful lifetime, allowing browser caching based on keys.
-        final CacheService cacheService = pwmDomain.getCacheService();
+        final CacheService cacheService = pwmApplication.getCacheService();
         final CacheKey cacheKey = CacheKey.newKey( this.getClass(), this, "obfuscatedKey" );
         final String cachedValue = cacheService.get( cacheKey, String.class );
 
@@ -153,7 +154,7 @@ public class UserIdentity implements Serializable, Comparable<UserIdentity>
         try
         {
             final String jsonValue = JsonUtil.serialize( this );
-            final String localValue = CRYPO_HEADER + pwmDomain.getSecureService().encryptToString( jsonValue );
+            final String localValue = CRYPO_HEADER + pwmApplication.getSecureService().encryptToString( jsonValue );
             this.obfuscatedValue = localValue;
             cacheService.put( cacheKey, CachePolicy.makePolicyWithExpiration( TimeDuration.DAY ), localValue );
             return localValue;
@@ -166,7 +167,7 @@ public class UserIdentity implements Serializable, Comparable<UserIdentity>
 
     public String toDelimitedKey( )
     {
-        return this.getLdapProfileID() + DELIM_SEPARATOR + this.getUserDN();
+        return this.getLdapProfileID() + DELIM_SEPARATOR + this.getUserDN() + DELIM_SEPARATOR + this.getDomainID().toString();
     }
 
     public String toDisplayString( )
@@ -174,10 +175,10 @@ public class UserIdentity implements Serializable, Comparable<UserIdentity>
         return this.getUserDN() + ( ( this.getLdapProfileID() != null && !this.getLdapProfileID().isEmpty() ) ? " (" + this.getLdapProfileID() + ")" : "" );
     }
 
-    public static UserIdentity fromObfuscatedKey( final String key, final PwmDomain pwmDomain )
+    public static UserIdentity fromObfuscatedKey( final String key, final PwmApplication pwmApplication )
             throws PwmUnrecoverableException
     {
-        Objects.requireNonNull( pwmDomain );
+        Objects.requireNonNull( pwmApplication );
         JavaHelper.requireNonEmpty( key, "key can not be null or empty" );
 
         if ( !key.startsWith( CRYPO_HEADER ) )
@@ -188,7 +189,7 @@ public class UserIdentity implements Serializable, Comparable<UserIdentity>
         try
         {
             final String input = key.substring( CRYPO_HEADER.length() );
-            final String jsonValue = pwmDomain.getSecureService().decryptStringValue( input );
+            final String jsonValue = pwmApplication.getSecureService().decryptStringValue( input );
             return JsonUtil.deserialize( jsonValue, UserIdentity.class );
         }
         catch ( final Exception e )
@@ -203,33 +204,47 @@ public class UserIdentity implements Serializable, Comparable<UserIdentity>
         JavaHelper.requireNonEmpty( key );
 
         final StringTokenizer st = new StringTokenizer( key, DELIM_SEPARATOR );
+
+        final DomainID domainID;
         if ( st.countTokens() < 2 )
         {
             throw new PwmUnrecoverableException( new ErrorInformation( PwmError.ERROR_INTERNAL, "not enough tokens while parsing delimited identity key" ) );
         }
-        else if ( st.countTokens() > 2 )
+
+        if ( st.countTokens() > 2 )
+        {
+            final String domainStr = st.nextToken();
+            domainID = DomainID.create( domainStr );
+        }
+        else
+        {
+            domainID = PwmConstants.DOMAIN_ID_PLACEHOLDER;
+        }
+
+
+        if ( st.countTokens() > 3 )
         {
             throw new PwmUnrecoverableException( new ErrorInformation( PwmError.ERROR_INTERNAL, "too many string tokens while parsing delimited identity key" ) );
         }
         final String profileID = st.nextToken();
         final String userDN = st.nextToken();
-        return createUserIdentity( userDN, profileID );
+        return createUserIdentity( userDN, profileID, domainID );
     }
 
-    public static UserIdentity fromKey( final String key, final PwmDomain pwmDomain )
+    public static UserIdentity fromKey( final String key, final PwmApplication pwmApplication )
             throws PwmUnrecoverableException
     {
         JavaHelper.requireNonEmpty( key );
 
         if ( key.startsWith( CRYPO_HEADER ) )
         {
-            return fromObfuscatedKey( key, pwmDomain );
+            return fromObfuscatedKey( key, pwmApplication );
         }
 
         return fromDelimitedKey( key );
     }
 
-    public boolean canonicalEquals( final UserIdentity otherIdentity, final PwmDomain pwmDomain )
+    public boolean canonicalEquals( final UserIdentity otherIdentity, final PwmApplication pwmApplication )
             throws PwmUnrecoverableException
     {
         if ( otherIdentity == null )
@@ -237,8 +252,8 @@ public class UserIdentity implements Serializable, Comparable<UserIdentity>
             return false;
         }
 
-        final UserIdentity thisCanonicalIdentity = this.canonicalized( pwmDomain );
-        final UserIdentity otherCanonicalIdentity = otherIdentity.canonicalized( pwmDomain );
+        final UserIdentity thisCanonicalIdentity = this.canonicalized( pwmApplication );
+        final UserIdentity otherCanonicalIdentity = otherIdentity.canonicalized( pwmApplication );
         return thisCanonicalIdentity.equals( otherCanonicalIdentity );
     }
 
@@ -271,7 +286,7 @@ public class UserIdentity implements Serializable, Comparable<UserIdentity>
         return COMPARATOR.compare( this, otherIdentity );
     }
 
-    public UserIdentity canonicalized( final PwmDomain pwmDomain )
+    public UserIdentity canonicalized( final PwmApplication pwmApplication )
             throws PwmUnrecoverableException
     {
         if ( this.canonical )
@@ -279,7 +294,7 @@ public class UserIdentity implements Serializable, Comparable<UserIdentity>
             return this;
         }
 
-        final ChaiUser chaiUser = pwmDomain.getProxiedChaiUser( this );
+        final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser( this );
         final String userDN;
         try
         {
@@ -289,7 +304,7 @@ public class UserIdentity implements Serializable, Comparable<UserIdentity>
         {
             throw PwmUnrecoverableException.fromChaiException( e );
         }
-        final UserIdentity canonicalziedIdentity = createUserIdentity( userDN, this.getLdapProfileID() );
+        final UserIdentity canonicalziedIdentity = createUserIdentity( userDN, this.getLdapProfileID(), this.getDomainID() );
         canonicalziedIdentity.canonical = true;
         return canonicalziedIdentity;
     }

server/src/main/java/password/pwm/config/AppConfig.java

@@ -24,6 +24,8 @@ import password.pwm.AppProperty;
 import password.pwm.PwmConstants;
 import password.pwm.bean.DomainID;
 import password.pwm.bean.PrivateKeyCertificate;
+import password.pwm.config.profile.EmailServerProfile;
+import password.pwm.config.profile.ProfileDefinition;
 import password.pwm.config.stored.StoredConfiguration;
 import password.pwm.error.ErrorInformation;
 import password.pwm.error.PwmError;
@@ -32,6 +34,7 @@ import password.pwm.util.PasswordData;
 import password.pwm.util.i18n.LocaleHelper;
 import password.pwm.util.java.LazySupplier;
 import password.pwm.util.java.StringUtil;
+import password.pwm.util.logging.PwmLogLevel;
 import password.pwm.util.logging.PwmLogger;
 import password.pwm.util.secure.PwmRandom;
 import password.pwm.util.secure.PwmSecurityKey;
@@ -62,7 +65,7 @@ public class AppConfig
     public AppConfig( final StoredConfiguration storedConfiguration )
     {
         this.storedConfiguration = storedConfiguration;
-        this.settingReader = new SettingReader( storedConfiguration, null, null );
+        this.settingReader = new SettingReader( storedConfiguration, null, DomainID.systemId() );
         domainConfigMap = getDomainIDs().stream()
                 .collect( Collectors.toUnmodifiableMap(
                         ( domainID ) -> domainID,
@@ -135,6 +138,11 @@ public class AppConfig
         return settingReader.readSettingAsStringArray( pwmSetting );
     }
 
+    public PwmLogLevel getEventLogLocalDBLevel( )
+    {
+        return readSettingAsEnum( PwmSetting.EVENTS_LOCALDB_LOG_LEVEL, PwmLogLevel.class );
+    }
+
     public boolean isDevDebugMode( )
     {
         return Boolean.parseBoolean( readAppProperty( AppProperty.LOGGING_DEV_OUTPUT ) );
@@ -166,6 +174,11 @@ public class AppConfig
         return storedConfiguration.valueHash();
     }
 
+    public <E extends Enum<E>> E readSettingAsEnum( final PwmSetting setting, final Class<E> enumClass )
+    {
+        return settingReader.readSettingAsEnum( setting, enumClass );
+    }
+
     private class ConfigurationSuppliers
     {
         private final Supplier<Map<String, String>> appPropertyOverrides = new LazySupplier<>( () ->
@@ -255,4 +268,24 @@ public class AppConfig
             return Collections.unmodifiableMap( localeFlagMap );
         } );
     }
+
+    public Map<String, EmailServerProfile> getEmailServerProfiles( )
+    {
+        return settingReader.getProfileMap( ProfileDefinition.EmailServers );
+    }
+
+    public boolean hasDbConfigured( )
+    {
+        return !StringUtil.isEmpty( readSettingAsString( PwmSetting.DATABASE_CLASS ) )
+                && !StringUtil.isEmpty( readSettingAsString( PwmSetting.DATABASE_URL ) )
+                && !StringUtil.isEmpty( readSettingAsString( PwmSetting.DATABASE_USERNAME ) )
+                && readSettingAsPassword( PwmSetting.DATABASE_PASSWORD ) != null;
+    }
+
+    private PasswordData readSettingAsPassword( final PwmSetting setting )
+    {
+        return settingReader.readSettingAsPassword( setting );
+    }
+
+
 }

server/src/main/java/password/pwm/config/ConfigurationUtil.java

@@ -39,7 +39,7 @@ public class ConfigurationUtil
         if ( readPreferences.size() == 1 && readPreferences.iterator().next() == DataStorageMethod.AUTO )
         {
             readPreferences.clear();
-            if ( domainConfig.hasDbConfigured() )
+            if ( domainConfig.getAppConfig().hasDbConfigured() )
             {
                 readPreferences.add( DataStorageMethod.DB );
             }
@@ -64,7 +64,7 @@ public class ConfigurationUtil
         if ( writeMethods.size() == 1 && writeMethods.get( 0 ) == DataStorageMethod.AUTO )
         {
             writeMethods.clear();
-            if ( domainConfig.hasDbConfigured() )
+            if ( domainConfig.getAppConfig().hasDbConfigured() )
             {
                 writeMethods.add( DataStorageMethod.DB );
             }

server/src/main/java/password/pwm/config/DomainConfig.java

@@ -21,18 +21,15 @@
 package password.pwm.config;
 
 import password.pwm.AppProperty;
-import password.pwm.PwmConstants;
 import password.pwm.bean.DomainID;
 import password.pwm.bean.EmailItemBean;
 import password.pwm.bean.PrivateKeyCertificate;
 import password.pwm.config.option.CertificateMatchingMode;
 import password.pwm.config.option.DataStorageMethod;
-import password.pwm.config.option.MessageSendMethod;
 import password.pwm.config.option.TokenStorageMethod;
 import password.pwm.config.profile.ActivateUserProfile;
 import password.pwm.config.profile.ChallengeProfile;
 import password.pwm.config.profile.ChangePasswordProfile;
-import password.pwm.config.profile.EmailServerProfile;
 import password.pwm.config.profile.ForgottenPasswordProfile;
 import password.pwm.config.profile.HelpdeskProfile;
 import password.pwm.config.profile.LdapProfile;
@@ -40,7 +37,6 @@ import password.pwm.config.profile.NewUserProfile;
 import password.pwm.config.profile.PeopleSearchProfile;
 import password.pwm.config.profile.Profile;
 import password.pwm.config.profile.ProfileDefinition;
-import password.pwm.config.profile.ProfileUtility;
 import password.pwm.config.profile.PwmPasswordPolicy;
 import password.pwm.config.profile.SetupOtpProfile;
 import password.pwm.config.profile.UpdateProfileProfile;
@@ -61,20 +57,16 @@ import password.pwm.error.PwmUnrecoverableException;
 import password.pwm.i18n.PwmLocaleBundle;
 import password.pwm.util.PasswordData;
 import password.pwm.util.i18n.LocaleHelper;
+import password.pwm.util.java.JavaHelper;
 import password.pwm.util.java.LazySupplier;
-import password.pwm.util.java.StringUtil;
-import password.pwm.util.logging.PwmLogLevel;
 import password.pwm.util.logging.PwmLogger;
 import password.pwm.util.secure.PwmRandom;
 import password.pwm.util.secure.PwmSecurityKey;
 import password.pwm.util.secure.SecureService;
 
-import java.lang.reflect.InvocationTargetException;
 import java.security.cert.X509Certificate;
-import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
-import java.util.EnumMap;
-import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.LinkedHashSet;
 import java.util.List;
@@ -107,7 +99,7 @@ public class DomainConfig
         this.appConfig = Objects.requireNonNull( appConfig );
         this.storedConfiguration = appConfig.getStoredConfiguration();
         this.domainID = Objects.requireNonNull( domainID );
-        this.settingReader = new SettingReader( storedConfiguration, null, PwmConstants.DOMAIN_ID_PLACEHOLDER );
+        this.settingReader = new SettingReader( storedConfiguration, null, domainID );
     }
 
     public AppConfig getAppConfig()
@@ -115,15 +107,6 @@ public class DomainConfig
         return appConfig;
     }
 
-    public static void deprecatedSettingException( final PwmSetting pwmSetting, final String profile, final MessageSendMethod value )
-    {
-        if ( value != null && value.isDeprecated() )
-        {
-            final String msg = pwmSetting.toMenuLocationDebug( profile, PwmConstants.DEFAULT_LOCALE )
-                    + " setting is using a no longer functional setting value: " + value;
-            throw new IllegalStateException( msg );
-        }
-    }
 
     public List<FormConfiguration> readSettingAsForm( final PwmSetting setting )
     {
@@ -195,7 +178,6 @@ public class DomainConfig
             return dataCache.customText.get( key );
         }
 
-
         final Map<String, String> storedValue = storedConfiguration.readLocaleBundleMap( className, keyName );
         if ( storedValue == null || storedValue.isEmpty() )
         {
@@ -214,10 +196,7 @@ public class DomainConfig
         return localizedMap;
     }
 
-    public PwmLogLevel getEventLogLocalDBLevel( )
-    {
-        return readSettingAsEnum( PwmSetting.EVENTS_LOCALDB_LOG_LEVEL, PwmLogLevel.class );
-    }
+
 
     public List<String> getChallengeProfileIDs( )
     {
@@ -231,7 +210,6 @@ public class DomainConfig
             throw new IllegalArgumentException( "unknown challenge profileID specified: " + profile );
         }
 
-        // challengeProfile challengeSet's are mutable (question text) and can not be cached.
         return ChallengeProfile.readChallengeProfileFromConfig( profile, locale, storedConfiguration );
     }
 
@@ -240,11 +218,10 @@ public class DomainConfig
         return settingReader.readSettingAsLong( setting );
     }
 
-    public PwmPasswordPolicy getPasswordPolicy( final String profile, final Locale locale )
+    public PwmPasswordPolicy getPasswordPolicy( final String profile )
     {
         return dataCache.cachedPasswordPolicy
-                .computeIfAbsent( profile, s -> new HashMap<>() )
-                .computeIfAbsent( locale, s -> PwmPasswordPolicy.createPwmPasswordPolicy( this, profile, locale ) );
+                .computeIfAbsent( profile, s -> PwmPasswordPolicy.createPwmPasswordPolicy( this, profile ) );
     }
 
     public List<String> getPasswordProfileIDs( )
@@ -308,19 +285,11 @@ public class DomainConfig
     private List<DataStorageMethod> getGenericStorageLocations( final PwmSetting setting )
     {
         final String input = readSettingAsString( setting );
-        final List<DataStorageMethod> storageMethods = new ArrayList<>();
-        for ( final String rawValue : input.split( "-" ) )
-        {
-            try
-            {
-                storageMethods.add( DataStorageMethod.valueOf( rawValue ) );
-            }
-            catch ( final IllegalArgumentException e )
-            {
-                LOGGER.error( () -> "unknown STORAGE_METHOD found: " + rawValue );
-            }
-        }
-        return storageMethods;
+
+        return Arrays.stream( input.split( "-" ) )
+                .map( s ->  JavaHelper.readEnumFromString( DataStorageMethod.class, s ) )
+                .flatMap( Optional::stream )
+                .collect( Collectors.toUnmodifiableList() );
     }
 
     public LdapProfile getDefaultLdapProfile( ) throws PwmUnrecoverableException
@@ -340,19 +309,9 @@ public class DomainConfig
     }
 
 
-    public TokenStorageMethod getTokenStorageMethod( )
+    public Optional<TokenStorageMethod> getTokenStorageMethod( )
     {
-        try
-        {
-            return TokenStorageMethod.valueOf( readSettingAsString( PwmSetting.TOKEN_STORAGEMETHOD ) );
-        }
-        catch ( final Exception e )
-        {
-            final String errorMsg = "unknown storage method specified: " + readSettingAsString( PwmSetting.TOKEN_STORAGEMETHOD );
-            final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_INVALID_CONFIG, errorMsg );
-            LOGGER.warn( () -> errorInformation.toDebugStr() );
-            return null;
-        }
+        return JavaHelper.readEnumFromString( TokenStorageMethod.class, readSettingAsString( PwmSetting.TOKEN_STORAGEMETHOD ) );
     }
 
     public PwmSettingTemplateSet getTemplate( )
@@ -360,14 +319,6 @@ public class DomainConfig
         return storedConfiguration.getTemplateSet();
     }
 
-    public boolean hasDbConfigured( )
-    {
-        return !StringUtil.isEmpty( readSettingAsString( PwmSetting.DATABASE_CLASS ) )
-                && !StringUtil.isEmpty( readSettingAsString( PwmSetting.DATABASE_URL ) )
-                && !StringUtil.isEmpty( readSettingAsString( PwmSetting.DATABASE_USERNAME ) )
-                && readSettingAsPassword( PwmSetting.DATABASE_PASSWORD ) != null;
-    }
-
     public String readAppProperty( final AppProperty property )
     {
         return appConfig.readAppProperty( property );
@@ -393,7 +344,7 @@ public class DomainConfig
     {
         private final Supplier<Map<String, LdapProfile>> ldapProfilesSupplier = new LazySupplier<>( () ->
         {
-            final Map<String, LdapProfile> sourceMap = getProfileMap( ProfileDefinition.LdapProfile );
+            final Map<String, LdapProfile> sourceMap = settingReader.getProfileMap( ProfileDefinition.LdapProfile );
 
             return Collections.unmodifiableMap(
                     sourceMap.entrySet()
@@ -446,123 +397,54 @@ public class DomainConfig
 
     private static class DataCache
     {
-        private final Map<String, Map<Locale, PwmPasswordPolicy>> cachedPasswordPolicy = new LinkedHashMap<>();
+        private final Map<String, PwmPasswordPolicy> cachedPasswordPolicy = new LinkedHashMap<>();
         private final Map<String, Map<Locale, String>> customText = new LinkedHashMap<>();
-        private final Map<ProfileDefinition, Map> profileCache = new LinkedHashMap<>();
-    }
-
-    public Map<AppProperty, String> readAllNonDefaultAppProperties( )
-    {
-        final Map<AppProperty, String> nonDefaultProperties = new EnumMap<>( AppProperty.class );
-        for ( final AppProperty loopProperty : AppProperty.values() )
-        {
-            final String configuredValue = readAppProperty( loopProperty );
-            final String defaultValue = loopProperty.getDefaultValue();
-            if ( !Objects.equals(  configuredValue, defaultValue ) )
-            {
-                nonDefaultProperties.put( loopProperty, configuredValue );
-            }
-        }
-        return nonDefaultProperties;
     }
 
     /* generic profile stuff */
     public Map<String, NewUserProfile> getNewUserProfiles( )
     {
-        return getProfileMap( ProfileDefinition.NewUser );
+        return settingReader.getProfileMap( ProfileDefinition.NewUser );
     }
 
     public Map<String, ActivateUserProfile> getUserActivationProfiles( )
     {
-        return getProfileMap( ProfileDefinition.ActivateUser );
+        return settingReader.getProfileMap( ProfileDefinition.ActivateUser );
     }
 
     public Map<String, HelpdeskProfile> getHelpdeskProfiles( )
     {
-        return getProfileMap( ProfileDefinition.Helpdesk );
-    }
-
-    public Map<String, EmailServerProfile> getEmailServerProfiles( )
-    {
-        return getProfileMap( ProfileDefinition.EmailServers );
+        return settingReader.getProfileMap( ProfileDefinition.Helpdesk );
     }
 
     public Map<String, PeopleSearchProfile> getPeopleSearchProfiles( )
     {
-        return getProfileMap( ProfileDefinition.PeopleSearch );
+        return settingReader.getProfileMap( ProfileDefinition.PeopleSearch );
     }
 
     public Map<String, SetupOtpProfile> getSetupOTPProfiles( )
     {
-        return getProfileMap( ProfileDefinition.SetupOTPProfile );
+        return settingReader.getProfileMap( ProfileDefinition.SetupOTPProfile );
     }
 
     public Map<String, UpdateProfileProfile> getUpdateAttributesProfile( )
     {
-        return getProfileMap( ProfileDefinition.UpdateAttributes );
+        return settingReader.getProfileMap( ProfileDefinition.UpdateAttributes );
     }
 
     public Map<String, ChangePasswordProfile> getChangePasswordProfile( )
     {
-        return getProfileMap( ProfileDefinition.ChangePassword );
+        return settingReader.getProfileMap( ProfileDefinition.ChangePassword );
     }
 
     public Map<String, ForgottenPasswordProfile> getForgottenPasswordProfiles( )
     {
-        return getProfileMap( ProfileDefinition.ForgottenPassword );
+        return settingReader.getProfileMap( ProfileDefinition.ForgottenPassword );
     }
 
-    private <T extends Profile> Map<String, T> getProfileMap( final ProfileDefinition profileDefinition )
+    public <T extends Profile> Map<String, T> getProfileMap( final ProfileDefinition profileDefinition )
     {
-        if ( !dataCache.profileCache.containsKey( profileDefinition ) )
-        {
-            final Map<String, T> returnMap = new LinkedHashMap<>();
-            final Map<String, Profile> profileMap = profileMap( profileDefinition );
-            for ( final Map.Entry<String, Profile> entry : profileMap.entrySet() )
-            {
-                returnMap.put( entry.getKey(), ( T ) entry.getValue() );
-            }
-            dataCache.profileCache.put( profileDefinition, Collections.unmodifiableMap( returnMap ) );
-        }
-        return dataCache.profileCache.get( profileDefinition );
-    }
-
-    public Map<String, Profile> profileMap( final ProfileDefinition profileDefinition )
-    {
-        final Map<String, Profile> returnMap = new LinkedHashMap<>();
-        for ( final String profileID : ProfileUtility.profileIDsForCategory( this, profileDefinition.getCategory() ) )
-        {
-            if ( profileDefinition.getProfileFactoryClass().isPresent() )
-            {
-                final Profile newProfile = newProfileForID( profileDefinition, profileID );
-                returnMap.put( profileID, newProfile );
-            }
-        }
-        return Collections.unmodifiableMap( returnMap );
-    }
-
-    private Profile newProfileForID( final ProfileDefinition profileDefinition, final String profileID )
-    {
-        Objects.requireNonNull( profileDefinition );
-        Objects.requireNonNull( profileID );
-
-        final Optional<Class<? extends Profile.ProfileFactory>> optionalProfileFactoryClass = profileDefinition.getProfileFactoryClass();
-
-        if ( optionalProfileFactoryClass.isPresent() )
-        {
-            final Profile.ProfileFactory profileFactory;
-            try
-            {
-                profileFactory = optionalProfileFactoryClass.get().getDeclaredConstructor().newInstance();
-                return profileFactory.makeFromStoredConfiguration( storedConfiguration, profileID );
-            }
-            catch ( final InstantiationException | IllegalAccessException | InvocationTargetException | NoSuchMethodException e )
-            {
-                throw new IllegalStateException( "unable to create profile instance for " + profileDefinition );
-            }
-        }
-
-        throw new IllegalStateException( "unable to create profile instance for " + profileDefinition + " ( profile factory class not defined )" );
+        return settingReader.getProfileMap( profileDefinition );
     }
 
     public StoredConfiguration getStoredConfiguration( )
@@ -570,10 +452,6 @@ public class DomainConfig
         return this.storedConfiguration;
     }
 
-    public boolean isDevDebugMode( )
-    {
-        return appConfig.isDevDebugMode();
-    }
 
     public String configurationHash( final SecureService secureService )
             throws PwmUnrecoverableException
@@ -607,7 +485,7 @@ public class DomainConfig
         if ( readSettingAsBoolean( PwmSetting.PEOPLE_SEARCH_ENABLE_PUBLIC ) )
         {
             final String profileID = readSettingAsString( PwmSetting.PEOPLE_SEARCH_PUBLIC_PROFILE );
-            final Map<String, PeopleSearchProfile> profiles = this.getProfileMap( ProfileDefinition.PeopleSearchPublic );
+            final Map<String, PeopleSearchProfile> profiles = settingReader.getProfileMap( ProfileDefinition.PeopleSearchPublic );
             return Optional.ofNullable( profiles.get( profileID ) );
         }
         return Optional.empty();

server/src/main/java/password/pwm/config/PwmSetting.java

@@ -62,6 +62,10 @@ public enum PwmSetting
             "domain.list", PwmSettingSyntax.PROFILE, PwmSettingCategory.DOMAINS ),
 
     // application settings
+    APP_PROPERTY_OVERRIDES(
+            "pwm.appProperty.overrides", PwmSettingSyntax.STRING_ARRAY, PwmSettingCategory.APPLICATION ),
+
+    // domain settings
     PWM_SITE_URL(
             "pwm.selfURL", PwmSettingSyntax.STRING, PwmSettingCategory.GENERAL ),
     PUBLISH_STATS_ENABLE(
@@ -84,18 +88,16 @@ public enum PwmSetting
             "knownLocales", PwmSettingSyntax.STRING_ARRAY, PwmSettingCategory.LOCALIZATION ),
     LOCALE_COOKIE_MAX_AGE(
             "locale.cookie.age", PwmSettingSyntax.DURATION, PwmSettingCategory.LOCALIZATION ),
-    APP_PROPERTY_OVERRIDES(
-            "pwm.appProperty.overrides", PwmSettingSyntax.STRING_ARRAY, PwmSettingCategory.GENERAL ),
 
     // clustering
     CLUSTER_ENABLED(
-            "nodeService.enable", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.CLUSTERING ),
+            "nodeService.enable", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.NODES ),
     CLUSTER_STORAGE_MODE(
-            "nodeService.storageMode", PwmSettingSyntax.SELECT, PwmSettingCategory.CLUSTERING ),
+            "nodeService.storageMode", PwmSettingSyntax.SELECT, PwmSettingCategory.NODES ),
     SECURITY_LOGIN_SESSION_MODE(
-            "security.loginSession.mode", PwmSettingSyntax.SELECT, PwmSettingCategory.CLUSTERING ),
+            "security.loginSession.mode", PwmSettingSyntax.SELECT, PwmSettingCategory.NODES ),
     SECURITY_MODULE_SESSION_MODE(
-            "security.moduleSession.mode", PwmSettingSyntax.SELECT, PwmSettingCategory.CLUSTERING ),
+            "security.moduleSession.mode", PwmSettingSyntax.SELECT, PwmSettingCategory.NODES ),
 
     // user interface
     INTERFACE_THEME(

server/src/main/java/password/pwm/config/PwmSettingCategory.java

@@ -70,10 +70,12 @@ public enum PwmSettingCategory
     ORACLE_DS( LDAP_SETTINGS ),
 
     APPLICATION( SETTINGS ),
-    GENERAL( APPLICATION ),
-    CLUSTERING( APPLICATION ),
-    LOCALIZATION( APPLICATION ),
-    TELEMETRY( APPLICATION ),
+
+    DOMAIN( SETTINGS ),
+    GENERAL( DOMAIN ),
+    NODES( DOMAIN ),
+    LOCALIZATION( DOMAIN ),
+    TELEMETRY( DOMAIN ),
 
     AUDITING( SETTINGS ),
     AUDIT_CONFIG( AUDITING ),

server/src/main/java/password/pwm/config/SettingReader.java

@@ -22,6 +22,8 @@ package password.pwm.config;
 
 import password.pwm.bean.DomainID;
 import password.pwm.bean.PrivateKeyCertificate;
+import password.pwm.config.profile.Profile;
+import password.pwm.config.profile.ProfileDefinition;
 import password.pwm.config.stored.StoredConfigItemKey;
 import password.pwm.config.stored.StoredConfiguration;
 import password.pwm.config.stored.StoredConfigurationUtil;
@@ -36,17 +38,24 @@ import password.pwm.util.PasswordData;
 import password.pwm.util.java.StringUtil;
 import password.pwm.util.logging.PwmLogger;
 
+import java.lang.reflect.InvocationTargetException;
 import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Optional;
 import java.util.Set;
+import java.util.stream.Collectors;
 
 public class SettingReader
 {
     private static final PwmLogger LOGGER = PwmLogger.forClass( SettingReader.class );
 
+    private final ProfileReader profileReader = new ProfileReader();
+
     private final StoredConfiguration storedConfiguration;
     private final String profileID;
     private final DomainID domainID;
@@ -55,7 +64,7 @@ public class SettingReader
     {
         this.storedConfiguration = Objects.requireNonNull( storedConfiguration );
         this.profileID = profileID;
-        this.domainID = domainID;
+        this.domainID = Objects.requireNonNull( domainID );
     }
 
     public List<UserPermission> readSettingAsUserPermission( final PwmSetting setting )
@@ -146,15 +155,82 @@ public class SettingReader
         return ( PrivateKeyCertificate ) readSetting( setting ).toNativeObject();
     }
 
-    private StoredValue readSetting( final PwmSetting setting )
+    public <T extends Profile> Map<String, T> getProfileMap( final ProfileDefinition profileDefinition )
+    {
+        return profileReader.getProfileMap( profileDefinition );
+    }
+
+
+    private class ProfileReader
     {
+        private final Map<ProfileDefinition, Map> profileCache = new LinkedHashMap<>();
+
+        public <T extends Profile> Map<String, T> getProfileMap( final ProfileDefinition profileDefinition )
+        {
+            return profileCache.computeIfAbsent( profileDefinition, ( p ) ->
+            {
+                final Map<String, T> returnMap = new LinkedHashMap<>();
+                final Map<String, Profile> profileMap = profileMap( profileDefinition );
+                for ( final Map.Entry<String, Profile> entry : profileMap.entrySet() )
+                {
+                    returnMap.put( entry.getKey(), ( T ) entry.getValue() );
+                }
+                return Collections.unmodifiableMap( returnMap );
+            } );
+        }
+
+        private Map<String, Profile> profileMap( final ProfileDefinition profileDefinition )
+        {
+            if ( profileDefinition.getProfileFactoryClass().isEmpty() )
+            {
+                return Collections.emptyMap();
+            }
+
+            return profileIDsForCategory( profileDefinition.getCategory() ).stream()
+                    .collect( Collectors.toUnmodifiableMap(
+                        profileID -> profileID,
+                        profileID -> newProfileForID( profileDefinition, profileID )
+                    ) );
+        }
 
-        /*
-        if ( StringUtil.isEmpty( domainID ) )
+        private Profile newProfileForID( final ProfileDefinition profileDefinition, final String profileID )
+        {
+            Objects.requireNonNull( profileDefinition );
+            Objects.requireNonNull( profileID );
+
+            final Optional<Class<? extends Profile.ProfileFactory>> optionalProfileFactoryClass = profileDefinition.getProfileFactoryClass();
+
+            if ( optionalProfileFactoryClass.isPresent() )
+            {
+                final Profile.ProfileFactory profileFactory;
+                try
+                {
+                    profileFactory = optionalProfileFactoryClass.get().getDeclaredConstructor().newInstance();
+                    return profileFactory.makeFromStoredConfiguration( storedConfiguration, profileID );
+                }
+                catch ( final InstantiationException | IllegalAccessException | InvocationTargetException | NoSuchMethodException e )
+                {
+                    throw new IllegalStateException( "unable to create profile instance for " + profileDefinition );
+                }
+            }
+
+            throw new IllegalStateException( "unable to create profile instance for " + profileDefinition + " ( profile factory class not defined )" );
+        }
+
+        public List<String> profileIDsForCategory( final PwmSettingCategory pwmSettingCategory )
+        {
+            final PwmSetting profileSetting = pwmSettingCategory.getProfileSetting().orElseThrow( IllegalStateException::new );
+            return SettingReader.this.readSettingAsStringArray( profileSetting );
+        }
+    }
+
+    private StoredValue readSetting( final PwmSetting setting )
+    {
+        if ( DomainID.systemId().equals( domainID ) )
         {
             if ( setting.getCategory().getScope() == PwmSettingScope.DOMAIN )
             {
-                final String msg = "attempt to read DOMAIN scope setting '" + setting.getKey() + "' via system scope";
+                final String msg = "attempt to read DOMAIN scope setting '" + setting.toMenuLocationDebug( profileID, null ) + "' via system scope";
                 LOGGER.warn( () -> msg );
             }
         }
@@ -162,29 +238,32 @@ public class SettingReader
         {
             if ( setting.getCategory().getScope() == PwmSettingScope.SYSTEM )
             {
-                final String msg = "attempt to read SYSTEM scope setting '" + setting.getKey() + "' via domain scope";
+                final String msg = "attempt to read SYSTEM scope setting '" + setting.toMenuLocationDebug( profileID, null ) + "' via domain scope";
                 LOGGER.warn( () -> msg );
             }
         }
-        */
 
+        if ( setting.getFlags().contains( PwmSettingFlag.Deprecated ) )
+        {
+            LOGGER.warn( () -> "attempt to read deprecated config setting: " + setting.toMenuLocationDebug( profileID, null ) );
+        }
 
         if ( StringUtil.isEmpty( profileID ) )
         {
             if ( setting.getCategory().hasProfiles() )
             {
-                throw new IllegalStateException( "attempt to read profiled setting '" + setting.getKey() + "' via non-profile" );
+                throw new IllegalStateException( "attempt to read profiled setting '" + setting.toMenuLocationDebug( profileID, null ) + "' via non-profile" );
             }
         }
         else
         {
             if ( !setting.getCategory().hasProfiles() )
             {
-                throw new IllegalStateException( "attempt to read non-profiled setting '" + setting.getKey() + "' via profile" );
+                throw new IllegalStateException( "attempt to read non-profiled setting '" + setting.toMenuLocationDebug( profileID, null ) + "' via profile" );
             }
         }
 
-        final StoredConfigItemKey key = StoredConfigItemKey.fromSetting( setting, profileID );
+        final StoredConfigItemKey key = StoredConfigItemKey.fromSetting( setting, profileID, domainID );
         return StoredConfigurationUtil.getValueOrDefault( storedConfiguration, key );
     }
 }

server/src/main/java/password/pwm/config/function/LdapCertImportFunction.java

@@ -58,7 +58,7 @@ public class LdapCertImportFunction implements SettingUIFunction
         if ( ldapUrlsValue != null && ldapUrlsValue.toNativeObject() != null )
         {
             final List<String> ldapUrlStrings = ldapUrlsValue.toNativeObject();
-            resultCertificates.addAll( X509Utils.readCertsForListOfLdapUrls( ldapUrlStrings, pwmRequest.getConfig() ) );
+            resultCertificates.addAll( X509Utils.readCertsForListOfLdapUrls( ldapUrlStrings, pwmRequest.getDomainConfig() ) );
         }
 
         final UserIdentity userIdentity = pwmSession.isAuthenticated() ? pwmSession.getUserInfo().getUserIdentity() : null;

server/src/main/java/password/pwm/config/function/SmtpCertImportFunction.java

@@ -21,7 +21,6 @@
 package password.pwm.config.function;
 
 import password.pwm.bean.UserIdentity;
-import password.pwm.config.DomainConfig;
 import password.pwm.config.PwmSetting;
 import password.pwm.config.SettingUIFunction;
 import password.pwm.config.stored.StoredConfigurationModifier;
@@ -50,15 +49,14 @@ public class SmtpCertImportFunction implements SettingUIFunction
     {
         final PwmSession pwmSession = pwmRequest.getPwmSession();
 
-        final DomainConfig domainConfig = pwmRequest.getConfig();
-        final List<X509Certificate> certs = EmailServerUtil.readCertificates( domainConfig, profile );
+        final List<X509Certificate> certs = EmailServerUtil.readCertificates( pwmRequest.getAppConfig(), profile );
         if ( !JavaHelper.isEmpty( certs ) )
         {
             final UserIdentity userIdentity = pwmSession.isAuthenticated() ? pwmSession.getUserInfo().getUserIdentity() : null;
             modifier.writeSetting( PwmSetting.EMAIL_SERVER_CERTS, profile, X509CertificateValue.fromX509( certs ), userIdentity );
         }
 
-        return Message.getLocalizedMessage( pwmSession.getSessionStateBean().getLocale(), Message.Success_Unknown, pwmRequest.getConfig() );
+        return Message.getLocalizedMessage( pwmSession.getSessionStateBean().getLocale(), Message.Success_Unknown, pwmRequest.getDomainConfig() );
     }
 
 }

server/src/main/java/password/pwm/config/profile/LdapProfile.java

@@ -205,7 +205,7 @@ public class LdapProfile extends AbstractProfile implements Profile
 
         if ( !StringUtil.isEmpty( testUserDN ) )
         {
-            return UserIdentity.createUserIdentity( testUserDN, this.getIdentifier() ).canonicalized( pwmDomain );
+            return UserIdentity.createUserIdentity( testUserDN, this.getIdentifier(), pwmDomain.getDomainID() ).canonicalized( pwmDomain.getPwmApplication() );
         }
 
         return null;

server/src/main/java/password/pwm/config/profile/NewUserProfile.java

@@ -132,8 +132,8 @@ public class NewUserProfile extends AbstractProfile implements Profile
                 {
                     final ChaiProvider chaiProvider = pwmDomain.getProxyChaiProvider( ldapProfile.getIdentifier() );
                     final ChaiUser chaiUser = chaiProvider.getEntryFactory().newChaiUser( lookupDN );
-                    final UserIdentity userIdentity = UserIdentity.createUserIdentity( lookupDN, ldapProfile.getIdentifier() );
-                    thePolicy = PasswordUtility.readPasswordPolicyForUser( pwmDomain, null, userIdentity, chaiUser, userLocale );
+                    final UserIdentity userIdentity = UserIdentity.createUserIdentity( lookupDN, ldapProfile.getIdentifier(), pwmDomain.getDomainID() );
+                    thePolicy = PasswordUtility.readPasswordPolicyForUser( pwmDomain, null, userIdentity, chaiUser );
                 }
                 catch ( final ChaiUnavailableException e )
                 {

server/src/main/java/password/pwm/config/profile/ProfileUtility.java

@@ -64,7 +64,7 @@ public class ProfileUtility
         {
             throw PwmUnrecoverableException.newException( PwmError.ERROR_NO_PROFILE_ASSIGNED, "profile of type " + profileDefinition + " is required but not assigned" );
         }
-        final Profile profileImpl = pwmRequestContext.getConfig().profileMap( profileDefinition ).get( profileID.get() );
+        final Profile profileImpl = pwmRequestContext.getDomainConfig().getProfileMap( profileDefinition ).get( profileID.get() );
         return ( T ) profileImpl;
     }
 
@@ -77,7 +77,7 @@ public class ProfileUtility
     )
             throws PwmUnrecoverableException
     {
-        final Map<String, Profile> profileMap = pwmDomain.getConfig().profileMap( profileDefinition );
+        final Map<String, Profile> profileMap = pwmDomain.getConfig().getProfileMap( profileDefinition );
         for ( final Profile profile : profileMap.values() )
         {
             final List<UserPermission> queryMatches = profile.profilePermissions();

server/src/main/java/password/pwm/config/profile/PwmPasswordPolicy.java

@@ -34,6 +34,7 @@ import password.pwm.config.option.ADPolicyComplexity;
 import password.pwm.config.value.data.UserPermission;
 import password.pwm.health.HealthMessage;
 import password.pwm.health.HealthRecord;
+import password.pwm.util.i18n.LocaleHelper;
 import password.pwm.util.java.JavaHelper;
 import password.pwm.util.java.JsonUtil;
 import password.pwm.util.java.LazySupplier;
@@ -50,6 +51,8 @@ import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
+import java.util.Objects;
+import java.util.Optional;
 import java.util.Set;
 import java.util.TreeSet;
 import java.util.function.Supplier;
@@ -125,8 +128,7 @@ public class PwmPasswordPolicy implements Profile, Serializable
 
     public static PwmPasswordPolicy createPwmPasswordPolicy(
             final DomainConfig domainConfig,
-            final String profileID,
-            final Locale locale
+            final String profileID
     )
     {
         final SettingReader settingReader = new SettingReader( domainConfig.getStoredConfiguration(), profileID,  domainConfig.getDomainID() );
@@ -142,16 +144,16 @@ public class PwmPasswordPolicy implements Profile, Serializable
                     case DisallowedAttributes:
                     case DisallowedValues:
                     case CharGroupsValues:
-                        value = StringHelper.stringCollectionToString(
+                        value = StringUtil.collectionToString(
                                 settingReader.readSettingAsStringArray( pwmSetting ), "\n" );
                         break;
                     case RegExMatch:
                     case RegExNoMatch:
-                        value = StringHelper.stringCollectionToString(
+                        value = StringUtil.collectionToString(
                                 settingReader.readSettingAsStringArray( pwmSetting ), ";;;" );
                         break;
                     case ChangeMessage:
-                        value = settingReader.readSettingAsLocalizedString( pwmSetting, locale );
+                        value = settingReader.readSettingAsLocalizedString( pwmSetting, PwmConstants.DEFAULT_LOCALE );
                         break;
                     case ADComplexityLevel:
                         value = settingReader.readSettingAsEnum( pwmSetting, ADPolicyComplexity.class ).toString();
@@ -190,19 +192,38 @@ public class PwmPasswordPolicy implements Profile, Serializable
         }
 
         // set pwm-specific values
-        final List<UserPermission> queryMatch = settingReader.readSettingAsUserPermission( PwmSetting.PASSWORD_POLICY_QUERY_MATCH );
-        final String ruleText = settingReader.readSettingAsLocalizedString( PwmSetting.PASSWORD_POLICY_RULE_TEXT, locale );
-
         final PwmPasswordPolicy.PolicyMetaData policyMetaData = PwmPasswordPolicy.PolicyMetaData.builder()
                 .profileID( profileID )
-                .userPermissions( queryMatch )
-                .ruleText( ruleText )
+                .userPermissions( settingReader.readSettingAsUserPermission( PwmSetting.PASSWORD_POLICY_QUERY_MATCH ) )
+                .ruleText( readLocalizedSetting( PwmSetting.PASSWORD_POLICY_RULE_TEXT, domainConfig, settingReader ) )
+                .changePasswordText( readLocalizedSetting( PwmSetting.PASSWORD_POLICY_CHANGE_MESSAGE, domainConfig, settingReader ) )
                 .build();
 
         return PwmPasswordPolicy.createPwmPasswordPolicy( passwordPolicySettings, null, policyMetaData );
 
     }
 
+    private static Map<Locale, String> readLocalizedSetting(
+            final PwmSetting pwmSetting,
+            final DomainConfig domainConfig,
+            final SettingReader settingReader
+    )
+    {
+        final List<Locale> knownLocales = domainConfig.getKnownLocales();
+        final String defaultLocaleValue = settingReader.readSettingAsLocalizedString( pwmSetting, PwmConstants.DEFAULT_LOCALE );
+        final Map<Locale, String> returnMap = new HashMap<>();
+        returnMap.put( PwmConstants.DEFAULT_LOCALE, defaultLocaleValue );
+        for ( final Locale locale : knownLocales )
+        {
+            final String value = settingReader.readSettingAsLocalizedString( pwmSetting, locale );
+            if ( !Objects.equals( defaultLocaleValue, value ) )
+            {
+                returnMap.put( locale, value );
+            }
+        }
+        return Collections.unmodifiableMap( returnMap );
+    }
+
     @Override
     public String getIdentifier( )
     {
@@ -269,9 +290,26 @@ public class PwmPasswordPolicy implements Profile, Serializable
         return policyMetaData.getUserPermissions();
     }
 
-    public String getRuleText( )
+    public Optional<String> getChangeMessage( final Locale locale )
     {
-        return policyMetaData.getRuleText();
+        if ( JavaHelper.isEmpty( policyMetaData.getChangePasswordText() ) )
+        {
+            return Optional.ofNullable( getValue( PwmPasswordRule.ChangeMessage ) );
+        }
+
+        final Locale resolvedLocale = LocaleHelper.localeResolver( locale, policyMetaData.getChangePasswordText().keySet() );
+        return Optional.of( policyMetaData.getChangePasswordText().get( resolvedLocale ) );
+    }
+
+    public Optional<String> getRuleText( final Locale locale )
+    {
+        if ( JavaHelper.isEmpty( policyMetaData.getRuleText() ) )
+        {
+            return Optional.empty();
+        }
+
+        final Locale resolvedLocale = LocaleHelper.localeResolver( locale, policyMetaData.getRuleText().keySet() );
+        return Optional.of( policyMetaData.getRuleText().get( resolvedLocale ) );
     }
 
     public PwmPasswordPolicy merge( final PwmPasswordPolicy otherPolicy )
@@ -305,7 +343,7 @@ public class PwmPasswordPolicy implements Profile, Serializable
 
                     case ChangeMessage:
                         final String thisChangeMessage = getValue( PwmPasswordRule.ChangeMessage );
-                        if ( thisChangeMessage == null || thisChangeMessage.length() < 1 )
+                        if ( StringUtil.isEmpty( thisChangeMessage ) )
                         {
                             newPasswordPolicies.put( ruleKey, otherPolicy.getValue( PwmPasswordRule.ChangeMessage ) );
                         }
@@ -500,12 +538,16 @@ public class PwmPasswordPolicy implements Profile, Serializable
         @Builder.Default
         private final List<UserPermission> userPermissions = Collections.emptyList();
 
-        private final String ruleText;
+        private final Map<Locale, String> ruleText;
+
+        private final Map<Locale, String> changePasswordText;
+
 
         private PolicyMetaData merge( final PolicyMetaData otherPolicy )
         {
             return PolicyMetaData.builder()
-                    .ruleText( StringUtil.isEmpty( ruleText ) ? otherPolicy.ruleText : ruleText )
+                    .ruleText( JavaHelper.isEmpty( ruleText ) ? otherPolicy.ruleText : ruleText )
+                    .changePasswordText( JavaHelper.isEmpty( changePasswordText ) ? otherPolicy.changePasswordText : changePasswordText )
                     .userPermissions( JavaHelper.isEmpty( userPermissions ) ? otherPolicy.userPermissions : userPermissions )
                     .profileID( StringUtil.isEmpty( profileID ) ? otherPolicy.profileID : profileID )
                     .build();

server/src/main/java/password/pwm/config/stored/ConfigurationCleaner.java

@@ -23,6 +23,7 @@ package password.pwm.config.stored;
 import password.pwm.PwmConstants;
 import password.pwm.bean.UserIdentity;
 import password.pwm.config.AppConfig;
+import password.pwm.config.DomainConfig;
 import password.pwm.config.PwmSetting;
 import password.pwm.config.option.ADPolicyComplexity;
 import password.pwm.config.option.RecoveryMinLifetimeOption;
@@ -66,34 +67,63 @@ class ConfigurationCleaner
         public void accept( final StoredConfigurationModifier modifier )
                 throws PwmUnrecoverableException
         {
-            final StoredConfiguration oldConfig = modifier.newStoredConfiguration();
-            final AppConfig appConfig = new AppConfig( oldConfig );
-            for ( final String profileID : appConfig.getDefaultDomainConfig().getPasswordProfileIDs() )
+            final StoredConfiguration existingConfig = modifier.newStoredConfiguration();
+            final AppConfig appConfig = new AppConfig( existingConfig );
+
+            for ( final DomainConfig domainConfig : appConfig.getDomainConfigs().values() )
             {
-                if ( !oldConfig.isDefaultValue( PwmSetting.PASSWORD_POLICY_AD_COMPLEXITY, profileID ) )
+                for ( final String profileID : domainConfig.getPasswordProfileIDs() )
                 {
-                    final boolean ad2003Enabled = ValueTypeConverter.valueToBoolean( oldConfig.readSetting( PwmSetting.PASSWORD_POLICY_AD_COMPLEXITY, profileID ) );
-                    final StoredValue value;
-                    if ( ad2003Enabled )
-                    {
-                        value = new StringValue( ADPolicyComplexity.AD2003.toString() );
-                    }
-                    else
+                    final StoredConfigItemKey key = StoredConfigItemKey.fromSetting( PwmSetting.PASSWORD_POLICY_AD_COMPLEXITY, profileID, domainConfig.getDomainID() );
+
+                    existingConfig.readStoredValue( key ).ifPresent( ( storedValue ) ->
                     {
-                        value = new StringValue( ADPolicyComplexity.NONE.toString() );
-                    }
-                    LOGGER.info( () -> "converting deprecated non-default setting "
-                            + PwmSetting.PASSWORD_POLICY_AD_COMPLEXITY.getKey() + "/" + profileID
-                            + " to replacement setting "
-                            + PwmSetting.PASSWORD_POLICY_AD_COMPLEXITY_LEVEL + ", value="
-                            + ValueTypeConverter.valueToString( value ) );
-                    final Optional<ValueMetaData> valueMetaData = oldConfig.readMetaData(
-                            StoredConfigItemKey.fromSetting( PwmSetting.PASSWORD_POLICY_AD_COMPLEXITY, profileID ) );
-                    final UserIdentity userIdentity = valueMetaData.map( ValueMetaData::getUserIdentity ).orElse( null );
-                    modifier.writeSetting( PwmSetting.PASSWORD_POLICY_AD_COMPLEXITY_LEVEL, profileID, value, userIdentity );
+                        if ( !existingConfig.isDefaultValue( PwmSetting.PASSWORD_POLICY_AD_COMPLEXITY, profileID ) )
+                        {
+                            doConversion( existingConfig, key, storedValue, modifier );
+                        }
+                    } );
                 }
             }
         }
+
+        private static void doConversion(
+                final StoredConfiguration existingConfig,
+                final StoredConfigItemKey key,
+                final StoredValue storedValue,
+                final StoredConfigurationModifier modifier
+        )
+        {
+            final boolean ad2003Enabled = ValueTypeConverter.valueToBoolean( storedValue );
+            final StoredValue value;
+            if ( ad2003Enabled )
+            {
+                value = new StringValue( ADPolicyComplexity.AD2003.toString() );
+            }
+            else
+            {
+                value = new StringValue( ADPolicyComplexity.NONE.toString() );
+            }
+
+            final String profileID = key.getProfileID();
+
+            LOGGER.info( () -> "converting deprecated non-default setting "
+                    + PwmSetting.PASSWORD_POLICY_AD_COMPLEXITY.getKey() + "/" + profileID
+                    + " to replacement setting "
+                    + PwmSetting.PASSWORD_POLICY_AD_COMPLEXITY_LEVEL + ", value="
+                    + ValueTypeConverter.valueToString( value ) );
+            final Optional<ValueMetaData> valueMetaData = existingConfig.readMetaData(
+                    StoredConfigItemKey.fromSetting( PwmSetting.PASSWORD_POLICY_AD_COMPLEXITY, profileID ) );
+            final UserIdentity userIdentity = valueMetaData.map( ValueMetaData::getUserIdentity ).orElse( null );
+            try
+            {
+                modifier.writeSetting( PwmSetting.PASSWORD_POLICY_AD_COMPLEXITY_LEVEL, profileID, value, userIdentity );
+            }
+            catch ( final PwmUnrecoverableException e )
+            {
+                LOGGER.error( () -> "error converting deprecated AD password policy setting: " + key + ", error: " + e.getMessage() );
+            }
+        }
     }
 
     private static class UpdateDeprecatedMinPwdLifetimeSetting implements PwmExceptionLoggingConsumer<StoredConfigurationModifier>

server/src/main/java/password/pwm/config/stored/StoredConfigItemKey.java

@@ -254,7 +254,7 @@ public class StoredConfigItemKey implements Serializable, Comparable<StoredConfi
         }
         final StoredConfigItemKey that = ( StoredConfigItemKey ) o;
         return Objects.equals( recordType, that.recordType )
-                && Objects.equals( domainID, that.domainID )
+                //&& Objects.equals( domainID, that.domainID )
                 && Objects.equals( recordID, that.recordID )
                 && Objects.equals( profileID, that.profileID );
     }
@@ -262,7 +262,8 @@ public class StoredConfigItemKey implements Serializable, Comparable<StoredConfi
     @Override
     public int hashCode()
     {
-        return Objects.hash( recordType, domainID, recordID, profileID );
+        //return Objects.hash( recordType, domainID, recordID, profileID );
+        return Objects.hash( recordType, recordID, profileID );
     }
 
     @Override
@@ -321,9 +322,12 @@ public class StoredConfigItemKey implements Serializable, Comparable<StoredConfi
                 StoredConfigItemKey::getRecordType,
                 Comparator.nullsLast( Comparator.naturalOrder() ) );
 
+        /*
         final Comparator<StoredConfigItemKey> domainComparator = Comparator.comparing( StoredConfigItemKey::getDomainID,
                 Comparator.nullsLast( Comparator.naturalOrder() ) );
 
+         */
+
         final Comparator<StoredConfigItemKey> recordComparator = ( o1, o2 ) ->
         {
             if ( Objects.equals( o1.getRecordType(), o2.getRecordType() )
@@ -343,7 +347,7 @@ public class StoredConfigItemKey implements Serializable, Comparable<StoredConfi
                 Comparator.nullsLast( Comparator.naturalOrder() ) );
 
         return typeComparator
-                .thenComparing( domainComparator )
+              //  .thenComparing( domainComparator )
                 .thenComparing( recordComparator )
                 .thenComparing( profileComparator );
     }

server/src/main/java/password/pwm/config/stored/StoredConfigXmlSerializer.java

@@ -21,9 +21,11 @@
 package password.pwm.config.stored;
 
 import password.pwm.PwmConstants;
+import password.pwm.bean.DomainID;
 import password.pwm.bean.UserIdentity;
 import password.pwm.config.PwmSetting;
 import password.pwm.config.PwmSettingFlag;
+import password.pwm.config.PwmSettingScope;
 import password.pwm.config.PwmSettingTemplate;
 import password.pwm.config.value.LocalizedStringValue;
 import password.pwm.config.value.StoredValue;
@@ -143,7 +145,7 @@ public class StoredConfigXmlSerializer implements StoredConfigSerializer
 
             // execute the readers and put results in the queue
             final Queue<StoredConfigData.ValueAndMetaCarrier> values = new ConcurrentLinkedQueue<>();
-            suppliers.parallelStream().forEach( ( supplier ) -> values.addAll( supplier.get() ) );
+            suppliers.forEach( ( supplier ) -> values.addAll( supplier.get() ) );
 
             final Instant startStoredConfigDataBuild = Instant.now();
             final StoredConfigData storedConfigData = StoredConfigData.builder()
@@ -185,7 +187,7 @@ public class StoredConfigXmlSerializer implements StoredConfigSerializer
 
             final List<XmlElement> settingElements = xpathForAllSetting();
             final List<StoredConfigData.ValueAndMetaCarrier> results = settingElements
-                    .parallelStream()
+                    .stream()
                     .flatMap( readSettingForXmlElement )
                     .collect( Collectors.toList() );
             perfLog( "startReadSettings", startReadSettings );
@@ -213,7 +215,8 @@ public class StoredConfigXmlSerializer implements StoredConfigSerializer
                 {
                     final PwmSetting pwmSetting = optionalPwmSetting.get();
                     final boolean defaultValueSaved = settingElement.getChild( StoredConfigXmlConstants.XML_ELEMENT_DEFAULT ).isPresent();
-                    final StoredConfigItemKey key = StoredConfigItemKey.fromSetting( pwmSetting, profileID.orElse( null ) );
+                    final DomainID domainID = domainIdForSetting( settingElement, pwmSetting );
+                    final StoredConfigItemKey key = StoredConfigItemKey.fromSetting( pwmSetting, profileID.orElse( null ), domainID );
                     final ValueMetaData metaData = readMetaDataFromXmlElement( key, settingElement ).orElse( null );
 
                     final StoredValue storedValue = defaultValueSaved
@@ -227,6 +230,17 @@ public class StoredConfigXmlSerializer implements StoredConfigSerializer
             return Optional.empty();
         }
 
+        private static DomainID domainIdForSetting( final XmlElement xmlElement, final PwmSetting pwmSetting )
+        {
+            if ( pwmSetting.getCategory().getScope() == PwmSettingScope.SYSTEM )
+            {
+                return DomainID.systemId();
+            }
+
+            final String domainID = xmlElement.getAttributeValue( StoredConfigXmlConstants.XML_ATTRIBUTE_DOMAIN ).orElse( PwmConstants.DOMAIN_ID_DEFAULT );
+            return DomainID.create( domainID );
+        }
+
         public PwmSecurityKey getKey()
         {
             return this.pwmSecurityKey;
@@ -314,7 +328,7 @@ public class StoredConfigXmlSerializer implements StoredConfigSerializer
             };
 
             final List<StoredConfigData.ValueAndMetaCarrier> results = xpathForLocaleBundles()
-                    .parallelStream()
+                    .stream()
                     .flatMap( xmlToLocaleBundleReader )
                     .collect( Collectors.toList() );
             perfLog( "startReadLocaleBundles", startReadLocaleBundles );

server/src/main/java/password/pwm/health/ApplianceStatusChecker.java

@@ -66,18 +66,16 @@ public class ApplianceStatusChecker implements HealthChecker
             return Collections.emptyList();
         }
 
-        final List<HealthRecord> healthRecords = new ArrayList<>();
-
         try
         {
-            healthRecords.addAll( readApplianceHealthStatus( pwmDomain ) );
+            return List.copyOf( readApplianceHealthStatus( pwmDomain ) );
         }
         catch ( final Exception e )
         {
             LOGGER.error( SessionLabel.HEALTH_SESSION_LABEL, () -> "error communicating with client " + e.getMessage() );
         }
 
-        return healthRecords;
+        return Collections.emptyList();
     }
 
     private List<HealthRecord> readApplianceHealthStatus( final PwmDomain pwmDomain ) throws IOException, PwmUnrecoverableException, PwmOperationalException
@@ -123,7 +121,7 @@ public class ApplianceStatusChecker implements HealthChecker
             healthRecords.add( HealthRecord.forMessage( HealthMessage.Appliance_UpdateServiceNotConfigured ) );
         }
 
-        return healthRecords;
+        return Collections.unmodifiableList( healthRecords );
 
     }
 

server/src/main/java/password/pwm/health/CertificateChecker.java

@@ -96,6 +96,7 @@ public class CertificateChecker implements HealthChecker
 
         final List<HealthRecord> returnList = new ArrayList<>();
         final Set<StoredConfigItemKey> modifiedReferences = storedConfiguration.modifiedItems();
+
         for ( final StoredConfigItemKey storedConfigItemKey : modifiedReferences )
         {
             if ( storedConfigItemKey.getRecordType() == StoredConfigItemKey.RecordType.SETTING )

server/src/main/java/password/pwm/health/ConfigurationChecker.java

@@ -21,9 +21,9 @@
 package password.pwm.health;
 
 import password.pwm.AppProperty;
-import password.pwm.PwmDomain;
 import password.pwm.PwmApplicationMode;
 import password.pwm.PwmConstants;
+import password.pwm.PwmDomain;
 import password.pwm.config.DomainConfig;
 import password.pwm.config.PwmSetting;
 import password.pwm.config.PwmSettingSyntax;
@@ -326,16 +326,15 @@ public class ConfigurationChecker implements HealthChecker
         public List<HealthRecord> healthCheck( final DomainConfig config, final Locale locale )
         {
             final List<HealthRecord> records = new ArrayList<>();
-            if ( !config.hasDbConfigured() )
+            if ( !config.getAppConfig().hasDbConfigured() )
             {
                 final Set<PwmSetting> causalSettings = new LinkedHashSet<>();
                 {
-                    final PwmSetting[] settingsToCheck = new PwmSetting[] {
+                    final List<PwmSetting> settingsToCheck = List.of(
                             PwmSetting.FORGOTTEN_PASSWORD_READ_PREFERENCE,
                             PwmSetting.FORGOTTEN_PASSWORD_WRITE_PREFERENCE,
                             PwmSetting.INTRUDER_STORAGE_METHOD,
-                            PwmSetting.EVENTS_USER_STORAGE_METHOD,
-                            };
+                            PwmSetting.EVENTS_USER_STORAGE_METHOD );
 
                     for ( final PwmSetting loopSetting : settingsToCheck )
                     {
@@ -385,7 +384,7 @@ public class ConfigurationChecker implements HealthChecker
             {
                 try
                 {
-                    final PwmPasswordPolicy pwmPasswordPolicy = config.getPasswordPolicy( profileID, locale );
+                    final PwmPasswordPolicy pwmPasswordPolicy = config.getPasswordPolicy( profileID );
                     records.addAll( pwmPasswordPolicy.health( locale ) );
                 }
                 catch ( final Exception e )
@@ -440,7 +439,7 @@ public class ConfigurationChecker implements HealthChecker
                         for ( final String profile : profiles )
                         {
                             final StoredValue storedValue = config.getStoredConfiguration().readSetting( loopSetting, profile );
-                            final List<FormConfiguration> forms = (List<FormConfiguration>) storedValue.toNativeObject();
+                            final List<FormConfiguration> forms = ValueTypeConverter.valueToForm( storedValue );
                             for ( final FormConfiguration form : forms )
                             {
                                 if ( !StringUtil.isEmpty( form.getJavascript() ) )

server/src/main/java/password/pwm/health/DatabaseStatusChecker.java

@@ -49,7 +49,7 @@ public class DatabaseStatusChecker implements HealthChecker
 
     private static List<HealthRecord> checkDatabaseStatus( final PwmDomain pwmDomain, final DomainConfig config )
     {
-        if ( !config.hasDbConfigured() )
+        if ( !config.getAppConfig().hasDbConfigured() )
         {
             return Collections.singletonList( HealthRecord.forMessage( HealthMessage.Database_Error,
                             "Database not configured" ) );

server/src/main/java/password/pwm/health/HealthMonitor.java

@@ -22,7 +22,9 @@ package password.pwm.health;
 
 import lombok.Value;
 import password.pwm.AppProperty;
+import password.pwm.PwmApplication;
 import password.pwm.PwmDomain;
+import password.pwm.bean.DomainID;
 import password.pwm.bean.SessionLabel;
 import password.pwm.error.PwmException;
 import password.pwm.error.PwmUnrecoverableException;
@@ -100,9 +102,10 @@ public class HealthMonitor implements PwmService
     }
 
     @Override
-    public void init( final PwmDomain pwmDomain ) throws PwmException
+    public void init( final PwmApplication pwmApplication, final DomainID domainID )
+            throws PwmException
     {
-        this.pwmDomain = pwmDomain;
+        this.pwmDomain = pwmApplication.getDefaultDomain();
         this.healthData = emptyHealthData();
         settings = HealthMonitorSettings.fromConfiguration( pwmDomain.getConfig() );
 

server/src/main/java/password/pwm/health/LDAPHealthChecker.java

@@ -288,10 +288,10 @@ public class LDAPHealthChecker implements HealthChecker
                 else
                 {
                     final Locale locale = PwmConstants.DEFAULT_LOCALE;
-                    final UserIdentity userIdentity = UserIdentity.createUserIdentity( testUserDN, ldapProfile.getIdentifier() );
+                    final UserIdentity userIdentity = UserIdentity.createUserIdentity( testUserDN, ldapProfile.getIdentifier(), pwmDomain.getDomainID() );
 
                     final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(
-                            pwmDomain, null, userIdentity, theUser, locale );
+                            pwmDomain, null, userIdentity, theUser );
 
                     boolean doPasswordChange = true;
                     final int minLifetimeSeconds = passwordPolicy.getRuleHelper().readIntValue( PwmPasswordRule.MinimumLifetime );
@@ -364,7 +364,7 @@ public class LDAPHealthChecker implements HealthChecker
 
             try
             {
-                final UserIdentity userIdentity = UserIdentity.createUserIdentity( theUser.getEntryDN(), ldapProfile.getIdentifier() );
+                final UserIdentity userIdentity = UserIdentity.createUserIdentity( theUser.getEntryDN(), ldapProfile.getIdentifier(), pwmDomain.getDomainID() );
                 final UserInfo userInfo = UserInfoFactory.newUserInfo(
                         pwmDomain,
                         SessionLabel.HEALTH_SESSION_LABEL,
@@ -931,7 +931,7 @@ public class LDAPHealthChecker implements HealthChecker
                     }
                 }
 
-                final UserIdentity newUserTemplateIdentity = UserIdentity.createUserIdentity( policyUserStr, ldapProfile.getIdentifier() );
+                final UserIdentity newUserTemplateIdentity = UserIdentity.createUserIdentity( policyUserStr, ldapProfile.getIdentifier(), pwmDomain.getDomainID() );
 
                 final ChaiUser chaiUser = pwmDomain.getProxiedChaiUser( newUserTemplateIdentity );
 

server/src/main/java/password/pwm/http/HttpEventManager.java

@@ -65,7 +65,7 @@ public class HttpEventManager implements
         {
             final ContextManager contextManager = ContextManager.getContextManager( httpSession );
             final PwmDomain pwmDomain = contextManager.getPwmApplication().getDomains().get( PwmConstants.DOMAIN_ID_PLACEHOLDER );
-            httpSession.setAttribute( PwmConstants.SESSION_ATTR_PWM_APP_NONCE, pwmDomain.getRuntimeNonce() );
+            httpSession.setAttribute( PwmConstants.SESSION_ATTR_PWM_APP_NONCE, pwmDomain.getPwmApplication().getRuntimeNonce() );
 
             if ( pwmDomain.getStatisticsManager() != null )
             {

server/src/main/java/password/pwm/http/JspUtility.java

@@ -131,7 +131,7 @@ public abstract class JspUtility
         {
             try
             {
-                return pwmRequest.getConfig().readSettingAsLong( pwmSetting );
+                return pwmRequest.getDomainConfig().readSettingAsLong( pwmSetting );
             }
             catch ( final Exception e )
             {
@@ -206,7 +206,7 @@ public abstract class JspUtility
     public static String localizedString( final PageContext pageContext, final String key, final Class<? extends PwmDisplayBundle> bundleClass, final String... values )
     {
         final PwmRequest pwmRequest = forRequest( pageContext.getRequest() );
-        return LocaleHelper.getLocalizedMessage( pwmRequest.getLocale(), key, pwmRequest.getConfig(), bundleClass, values );
+        return LocaleHelper.getLocalizedMessage( pwmRequest.getLocale(), key, pwmRequest.getDomainConfig(), bundleClass, values );
     }
 }
 

server/src/main/java/password/pwm/http/PwmHttpRequestWrapper.java

@@ -412,7 +412,7 @@ public class PwmHttpRequestWrapper
                 .orElseThrow( () -> new IllegalStateException( "http method not registered" ) );
     }
 
-    public DomainConfig getConfig( )
+    public DomainConfig getDomainConfig( )
     {
         return domainConfig;
     }

server/src/main/java/password/pwm/http/PwmRequest.java

@@ -35,6 +35,7 @@ import password.pwm.bean.LocalSessionStateBean;
 import password.pwm.bean.LoginInfoBean;
 import password.pwm.bean.SessionLabel;
 import password.pwm.bean.UserIdentity;
+import password.pwm.config.AppConfig;
 import password.pwm.config.PwmSetting;
 import password.pwm.config.value.data.FormConfiguration;
 import password.pwm.error.ErrorInformation;
@@ -301,6 +302,11 @@ public class PwmRequest extends PwmHttpRequestWrapper
         return Collections.unmodifiableMap( returnObj );
     }
 
+    public AppConfig getAppConfig()
+    {
+        return pwmApplication.getConfig();
+    }
+
     @Value
     public static class FileUploadItem
     {
@@ -468,7 +474,7 @@ public class PwmRequest extends PwmHttpRequestWrapper
     {
         final LocalSessionStateBean ssBean = this.getPwmSession().getSessionStateBean();
         final String redirectURL = ssBean.getForwardURL();
-        return !( ( redirectURL == null || redirectURL.isEmpty() ) && this.getConfig().isDefaultValue( PwmSetting.URL_FORWARD ) );
+        return !( ( redirectURL == null || redirectURL.isEmpty() ) && this.getDomainConfig().isDefaultValue( PwmSetting.URL_FORWARD ) );
     }
 
     public String getForwardUrl( )
@@ -477,7 +483,7 @@ public class PwmRequest extends PwmHttpRequestWrapper
         String redirectURL = ssBean.getForwardURL();
         if ( StringUtil.isEmpty( redirectURL ) )
         {
-            redirectURL = this.getConfig().readSettingAsString( PwmSetting.URL_FORWARD );
+            redirectURL = this.getDomainConfig().readSettingAsString( PwmSetting.URL_FORWARD );
         }
 
         if ( StringUtil.isEmpty( redirectURL ) )
@@ -507,7 +513,7 @@ public class PwmRequest extends PwmHttpRequestWrapper
         {
             if ( getAttribute( PwmRequestAttribute.CspNonce ) == null )
             {
-                final int nonceLength = Integer.parseInt( getConfig().readAppProperty( AppProperty.HTTP_HEADER_CSP_NONCE_BYTES ) );
+                final int nonceLength = Integer.parseInt( getDomainConfig().readAppProperty( AppProperty.HTTP_HEADER_CSP_NONCE_BYTES ) );
                 final byte[] cspNonce = getPwmDomain().getSecureService().pwmRandom().newBytes( nonceLength );
                 final String cspString = StringUtil.base64Encode( cspNonce );
                 setAttribute( PwmRequestAttribute.CspNonce, cspString );
@@ -549,7 +555,7 @@ public class PwmRequest extends PwmHttpRequestWrapper
             final boolean showPasswordFields
     )
     {
-        final ArrayList<FormConfiguration> formConfiguration = new ArrayList<>( this.getConfig().readSettingAsForm( formSetting ) );
+        final ArrayList<FormConfiguration> formConfiguration = new ArrayList<>( this.getDomainConfig().readSettingAsForm( formSetting ) );
         addFormInfoToRequestAttr( formConfiguration, null, readOnly, showPasswordFields );
 
     }
@@ -602,7 +608,7 @@ public class PwmRequest extends PwmHttpRequestWrapper
 
     public PwmRequestContext getPwmRequestContext()
     {
-        return new PwmRequestContext( getPwmDomain(), this.getLabel(), this.getLocale(), pwmRequestID );
+        return new PwmRequestContext( pwmApplication, this.getDomainID(), this.getLabel(), this.getLocale(), pwmRequestID );
     }
 
     public String getPwmRequestID()

server/src/main/java/password/pwm/http/PwmRequestContext.java

@@ -21,8 +21,11 @@
 package password.pwm.http;
 
 import lombok.Value;
+import password.pwm.PwmApplication;
 import password.pwm.PwmDomain;
+import password.pwm.bean.DomainID;
 import password.pwm.bean.SessionLabel;
+import password.pwm.config.AppConfig;
 import password.pwm.config.DomainConfig;
 import password.pwm.http.servlet.PwmRequestID;
 
@@ -31,13 +34,25 @@ import java.util.Locale;
 @Value
 public class PwmRequestContext
 {
-    private final PwmDomain pwmDomain;
+    private final PwmApplication pwmApplication;
+
+    private final DomainID domainID;
     private final SessionLabel sessionLabel;
     private final Locale locale;
     private final PwmRequestID requestID;
 
-    public DomainConfig getConfig()
+    public PwmDomain getPwmDomain()
+    {
+        return getPwmApplication().getDomains().get( domainID );
+    }
+
+    public DomainConfig getDomainConfig()
+    {
+        return getPwmDomain().getConfig();
+    }
+
+    public AppConfig getAppConfig()
     {
-        return pwmDomain.getConfig();
+        return getPwmApplication().getConfig();
     }
 }

server/src/main/java/password/pwm/http/PwmResponse.java

@@ -120,7 +120,7 @@ public class PwmResponse extends PwmHttpResponseWrapper
             throws ServletException, PwmUnrecoverableException, IOException
 
     {
-        final String messageStr = Message.getLocalizedMessage( pwmRequest.getLocale(), message, pwmRequest.getConfig(), field );
+        final String messageStr = Message.getLocalizedMessage( pwmRequest.getLocale(), message, pwmRequest.getDomainConfig(), field );
         forwardToSuccessPage( messageStr );
     }
 

server/src/main/java/password/pwm/http/PwmSession.java

@@ -267,7 +267,7 @@ public class PwmSession implements Serializable
         if ( pwmRequest != null )
         {
 
-            final String nonceCookieName = pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_COOKIE_NONCE_NAME );
+            final String nonceCookieName = pwmRequest.getDomainConfig().readAppProperty( AppProperty.HTTP_COOKIE_NONCE_NAME );
             pwmRequest.setAttribute( PwmRequestAttribute.CookieNonce, null );
             pwmRequest.getPwmResponse().removeCookie( nonceCookieName, PwmHttpResponseWrapper.CookiePath.Application );
 
@@ -372,8 +372,8 @@ public class PwmSession implements Serializable
         securityKeyLock.lock();
         try
         {
-            final int length = Integer.parseInt( pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_COOKIE_NONCE_LENGTH ) );
-            final String cookieName = pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_COOKIE_NONCE_NAME );
+            final int length = Integer.parseInt( pwmRequest.getDomainConfig().readAppProperty( AppProperty.HTTP_COOKIE_NONCE_LENGTH ) );
+            final String cookieName = pwmRequest.getDomainConfig().readAppProperty( AppProperty.HTTP_COOKIE_NONCE_NAME );
 
             String nonce = ( String ) pwmRequest.getAttribute( PwmRequestAttribute.CookieNonce );
             if ( nonce == null || nonce.length() < length )
@@ -394,7 +394,7 @@ public class PwmSession implements Serializable
                 newNonce = true;
             }
 
-            final PwmSecurityKey securityKey = pwmRequest.getConfig().getSecurityKey();
+            final PwmSecurityKey securityKey = pwmRequest.getDomainConfig().getSecurityKey();
             final String concatValue = securityKey.keyHash( pwmRequest.getPwmDomain().getSecureService() ) + nonce;
             final String hashValue = pwmRequest.getPwmDomain().getSecureService().hash( concatValue );
             final PwmSecurityKey pwmSecurityKey = new PwmSecurityKey( hashValue );

server/src/main/java/password/pwm/http/SessionManager.java

@@ -109,7 +109,7 @@ public class SessionManager
             this.chaiProvider = LdapOperationsHelper.createChaiProvider(
                     pwmDomain,
                     pwmSession.getLabel(),
-                    userIdentity.getLdapProfile( pwmDomain.getConfig() ),
+                    userIdentity.getLdapProfile( pwmDomain.getPwmApplication().getConfig() ),
                     pwmDomain.getConfig(),
                     userIdentity.getUserDN(),
                     userPassword
@@ -200,7 +200,7 @@ public class SessionManager
     public boolean checkPermission( final PwmDomain pwmDomain, final Permission permission )
             throws PwmUnrecoverableException
     {
-        final boolean devDebugMode = pwmDomain.getConfig().isDevDebugMode();
+        final boolean devDebugMode = pwmDomain.getConfig().getAppConfig().isDevDebugMode();
         if ( devDebugMode )
         {
             LOGGER.trace( pwmSession.getLabel(), () -> String.format( "entering checkPermission(%s, %s, %s)", permission, pwmSession, pwmDomain ) );
@@ -263,7 +263,7 @@ public class SessionManager
         final String profileID = pwmSession.getUserInfo().getProfileIDs().get( profileDefinition );
         if ( profileID != null )
         {
-            return pwmDomain.getConfig().profileMap( profileDefinition ).get( profileID );
+            return pwmDomain.getConfig().getProfileMap( profileDefinition ).get( profileID );
         }
         throw new PwmUnrecoverableException( PwmError.ERROR_NO_PROFILE_ASSIGNED );
     }

server/src/main/java/password/pwm/http/auth/BasicFilterAuthenticationProvider.java

@@ -46,7 +46,7 @@ public class BasicFilterAuthenticationProvider implements PwmHttpFilterAuthentic
     )
             throws PwmUnrecoverableException
     {
-        if ( !pwmRequest.getConfig().readSettingAsBoolean( PwmSetting.BASIC_AUTH_ENABLED ) )
+        if ( !pwmRequest.getDomainConfig().readSettingAsBoolean( PwmSetting.BASIC_AUTH_ENABLED ) )
         {
             return;
         }

server/src/main/java/password/pwm/http/auth/CASFilterAuthenticationProvider.java

@@ -69,15 +69,15 @@ public class CASFilterAuthenticationProvider implements PwmHttpFilterAuthenticat
 
     public static boolean isFilterEnabled( final PwmRequest pwmRequest )
     {
-        final String clearPassUrl = pwmRequest.getConfig().readSettingAsString( PwmSetting.CAS_CLEAR_PASS_URL );
+        final String clearPassUrl = pwmRequest.getDomainConfig().readSettingAsString( PwmSetting.CAS_CLEAR_PASS_URL );
 
         if ( !( clearPassUrl == null || clearPassUrl.trim().isEmpty() ) )
         {
             return true;
         }
 
-        final String alg = pwmRequest.getConfig().readSettingAsString( PwmSetting.CAS_CLEARPASS_ALGORITHM );
-        final Map<FileInformation, FileContent> privatekey = pwmRequest.getConfig().readSettingAsFile( PwmSetting.CAS_CLEARPASS_KEY );
+        final String alg = pwmRequest.getDomainConfig().readSettingAsString( PwmSetting.CAS_CLEARPASS_ALGORITHM );
+        final Map<FileInformation, FileContent> privatekey = pwmRequest.getDomainConfig().readSettingAsFile( PwmSetting.CAS_CLEARPASS_KEY );
 
         if ( !privatekey.isEmpty() && ( !( alg == null || alg.trim().isEmpty() ) ) )
         {
@@ -159,14 +159,14 @@ public class CASFilterAuthenticationProvider implements PwmHttpFilterAuthenticat
         }
         else
         {
-            final Map<FileInformation, FileContent> privatekey = pwmRequest.getConfig().readSettingAsFile( PwmSetting.CAS_CLEARPASS_KEY );
-            final String alg = pwmRequest.getConfig().readSettingAsString( PwmSetting.CAS_CLEARPASS_ALGORITHM );
+            final Map<FileInformation, FileContent> privatekey = pwmRequest.getDomainConfig().readSettingAsFile( PwmSetting.CAS_CLEARPASS_KEY );
+            final String alg = pwmRequest.getDomainConfig().readSettingAsString( PwmSetting.CAS_CLEARPASS_ALGORITHM );
 
             password = decryptPassword( alg, privatekey, encodedPsw );
         }
 
         // If using the old method
-        final String clearPassUrl = pwmRequest.getConfig().readSettingAsString( PwmSetting.CAS_CLEAR_PASS_URL );
+        final String clearPassUrl = pwmRequest.getDomainConfig().readSettingAsString( PwmSetting.CAS_CLEAR_PASS_URL );
         if ( ( clearPassUrl != null && clearPassUrl.length() > 0 ) && ( password == null || password.getStringValue().length() < 1 ) )
         {
             LOGGER.trace( pwmRequest, () -> "using CAS clearpass via proxy" );

server/src/main/java/password/pwm/http/auth/HttpAuthenticationUtilities.java

@@ -131,14 +131,14 @@ public abstract class HttpAuthenticationUtilities
 
         pwmRequest.getPwmSession().getLoginInfoBean().setFlag( LoginInfoBean.LoginFlag.authRecordSet );
 
-        final String cookieName = pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_COOKIE_AUTHRECORD_NAME );
+        final String cookieName = pwmRequest.getDomainConfig().readAppProperty( AppProperty.HTTP_COOKIE_AUTHRECORD_NAME );
         if ( cookieName == null || cookieName.isEmpty() )
         {
             LOGGER.debug( pwmRequest, () -> "skipping auth record cookie set, cookie name parameter is blank" );
             return;
         }
 
-        final int cookieAgeSeconds = Integer.parseInt( pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_COOKIE_AUTHRECORD_AGE ) );
+        final int cookieAgeSeconds = Integer.parseInt( pwmRequest.getDomainConfig().readAppProperty( AppProperty.HTTP_COOKIE_AUTHRECORD_AGE ) );
         if ( cookieAgeSeconds < 1 )
         {
             LOGGER.debug( pwmRequest, () -> "skipping auth record cookie set, cookie age parameter is less than 1" );

server/src/main/java/password/pwm/http/auth/OAuthFilterAuthenticationProvider.java

@@ -38,7 +38,7 @@ public class OAuthFilterAuthenticationProvider implements PwmHttpFilterAuthentic
     )
             throws PwmUnrecoverableException, IOException
     {
-        final OAuthSettings oauthSettings = OAuthSettings.forSSOAuthentication( pwmRequest.getConfig() );
+        final OAuthSettings oauthSettings = OAuthSettings.forSSOAuthentication( pwmRequest.getDomainConfig() );
         if ( !oauthSettings.oAuthIsConfigured() )
         {
             return;

server/src/main/java/password/pwm/http/filter/AuthenticationFilter.java

@@ -135,7 +135,7 @@ public class AuthenticationFilter extends AbstractPwmFilter
         final PwmSession pwmSession = pwmRequest.getPwmSession();
 
         // read the basic auth info out of the header (if it exists);
-        if ( pwmRequest.getConfig().readSettingAsBoolean( PwmSetting.BASIC_AUTH_ENABLED ) )
+        if ( pwmRequest.getDomainConfig().readSettingAsBoolean( PwmSetting.BASIC_AUTH_ENABLED ) )
         {
             final BasicAuthInfo basicAuthInfo = BasicAuthInfo.parseAuthHeader( pwmDomain, pwmRequest );
 
@@ -171,7 +171,7 @@ public class AuthenticationFilter extends AbstractPwmFilter
         // check status of oauth expiration
         if ( pwmSession.getLoginInfoBean().getOauthExp() != null )
         {
-            final OAuthSettings oauthSettings = OAuthSettings.forSSOAuthentication( pwmRequest.getConfig() );
+            final OAuthSettings oauthSettings = OAuthSettings.forSSOAuthentication( pwmRequest.getDomainConfig() );
             final OAuthMachine oAuthMachine = new OAuthMachine( pwmRequest.getLabel(), oauthSettings );
             if ( oAuthMachine.checkOAuthExpiration( pwmRequest ) )
             {

server/src/main/java/password/pwm/http/filter/RequestInitializationFilter.java

@@ -516,13 +516,13 @@ public class RequestInitializationFilter implements Filter
         // mark session ip address
         if ( ssBean.getSrcAddress() == null )
         {
-            ssBean.setSrcAddress( readUserNetworkAddress( pwmRequest.getHttpServletRequest(), pwmRequest.getConfig() ) );
+            ssBean.setSrcAddress( readUserNetworkAddress( pwmRequest.getHttpServletRequest(), pwmRequest.getDomainConfig() ) );
         }
 
         // mark the user's hostname in the session bean
         if ( ssBean.getSrcHostname() == null )
         {
-            ssBean.setSrcHostname( readUserHostname( pwmRequest.getHttpServletRequest(), pwmRequest.getConfig() ) );
+            ssBean.setSrcHostname( readUserHostname( pwmRequest.getHttpServletRequest(), pwmRequest.getDomainConfig() ) );
         }
 
         // update the privateUrlAccessed flag
@@ -546,7 +546,7 @@ public class RequestInitializationFilter implements Filter
     )
             throws PwmUnrecoverableException
     {
-        final String localeCookieName = pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_COOKIE_LOCALE_NAME );
+        final String localeCookieName = pwmRequest.getDomainConfig().readAppProperty( AppProperty.HTTP_COOKIE_LOCALE_NAME );
         final String localeCookie = pwmRequest.readCookie( localeCookieName );
         if ( localeCookieName.length() > 0 && localeCookie != null )
         {
@@ -555,13 +555,13 @@ public class RequestInitializationFilter implements Filter
         }
         else
         {
-            final List<Locale> knownLocales = pwmRequest.getConfig().getKnownLocales();
+            final List<Locale> knownLocales = pwmRequest.getDomainConfig().getKnownLocales();
             final Locale userLocale = LocaleHelper.localeResolver( pwmRequest.getHttpServletRequest().getLocale(), knownLocales );
             pwmRequest.getPwmSession().getSessionStateBean().setLocale( userLocale == null ? PwmConstants.DEFAULT_LOCALE : userLocale );
             LOGGER.trace( pwmRequest, () -> "user locale set to '" + pwmRequest.getLocale() + "'" );
         }
 
-        final String themeCookieName = pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_COOKIE_THEME_NAME );
+        final String themeCookieName = pwmRequest.getDomainConfig().readAppProperty( AppProperty.HTTP_COOKIE_THEME_NAME );
         final String themeCookie = pwmRequest.readCookie( themeCookieName );
         if ( localeCookieName.length() > 0 && themeCookie != null && themeCookie.length() > 0 )
         {
@@ -601,9 +601,9 @@ public class RequestInitializationFilter implements Filter
     private static void checkIfSourceAddressChanged( final PwmRequest pwmRequest )
             throws PwmUnrecoverableException
     {
-        if ( !pwmRequest.getConfig().readSettingAsBoolean( PwmSetting.MULTI_IP_SESSION_ALLOWED ) )
+        if ( !pwmRequest.getDomainConfig().readSettingAsBoolean( PwmSetting.MULTI_IP_SESSION_ALLOWED ) )
         {
-            final String remoteAddress = readUserNetworkAddress( pwmRequest.getHttpServletRequest(), pwmRequest.getConfig() );
+            final String remoteAddress = readUserNetworkAddress( pwmRequest.getHttpServletRequest(), pwmRequest.getDomainConfig() );
             final LocalSessionStateBean ssBean = pwmRequest.getPwmSession().getSessionStateBean();
 
             if ( !ssBean.getSrcAddress().equals( remoteAddress ) )
@@ -622,7 +622,7 @@ public class RequestInitializationFilter implements Filter
 
         if ( ssBean.getSessionCreationTime() != null )
         {
-            final long maxSessionSeconds = pwmRequest.getConfig().readSettingAsLong( PwmSetting.SESSION_MAX_SECONDS );
+            final long maxSessionSeconds = pwmRequest.getDomainConfig().readSettingAsLong( PwmSetting.SESSION_MAX_SECONDS );
             final TimeDuration sessionAge = TimeDuration.fromCurrent( ssBean.getSessionCreationTime() );
             final int sessionSecondAge = (int) sessionAge.as( TimeDuration.Unit.SECONDS );
             if ( sessionSecondAge > maxSessionSeconds )
@@ -637,7 +637,7 @@ public class RequestInitializationFilter implements Filter
     private static void checkRequiredHeaders( final PwmRequest pwmRequest )
             throws PwmUnrecoverableException
     {
-        final List<String> requiredHeaders = pwmRequest.getConfig().readSettingAsStringArray( PwmSetting.REQUIRED_HEADERS );
+        final List<String> requiredHeaders = pwmRequest.getDomainConfig().readSettingAsStringArray( PwmSetting.REQUIRED_HEADERS );
         if ( requiredHeaders != null && !requiredHeaders.isEmpty() )
         {
             final Map<String, String> configuredValues = StringUtil.convertStringListToNameValuePair( requiredHeaders, "=" );
@@ -675,7 +675,7 @@ public class RequestInitializationFilter implements Filter
     private static void checkSourceNetworkAddress( final PwmRequest pwmRequest )
             throws PwmUnrecoverableException
     {
-        final List<String> requiredHeaders = pwmRequest.getConfig().readSettingAsStringArray( PwmSetting.IP_PERMITTED_RANGE );
+        final List<String> requiredHeaders = pwmRequest.getDomainConfig().readSettingAsStringArray( PwmSetting.IP_PERMITTED_RANGE );
         if ( requiredHeaders != null && !requiredHeaders.isEmpty() )
         {
             boolean match = false;
@@ -716,7 +716,7 @@ public class RequestInitializationFilter implements Filter
     private static void checkCsrfHeader( final PwmRequest pwmRequest )
             throws PwmUnrecoverableException
     {
-        final boolean performCsrfHeaderChecks = Boolean.parseBoolean( pwmRequest.getConfig().readAppProperty( AppProperty.SECURITY_HTTP_PERFORM_CSRF_HEADER_CHECKS ) );
+        final boolean performCsrfHeaderChecks = Boolean.parseBoolean( pwmRequest.getDomainConfig().readAppProperty( AppProperty.SECURITY_HTTP_PERFORM_CSRF_HEADER_CHECKS ) );
         if (
                 performCsrfHeaderChecks
                         && !pwmRequest.getMethod().isIdempotent()

server/src/main/java/password/pwm/http/filter/SessionFilter.java

@@ -148,7 +148,7 @@ public class SessionFilter extends AbstractPwmFilter
             throws PwmUnrecoverableException, IOException, ServletException
     {
         final PwmDomain pwmDomain = pwmRequest.getPwmDomain();
-        final DomainConfig config = pwmRequest.getConfig();
+        final DomainConfig config = pwmRequest.getDomainConfig();
 
         final PwmSession pwmSession = pwmRequest.getPwmSession();
         final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
@@ -258,7 +258,7 @@ public class SessionFilter extends AbstractPwmFilter
         }
 
         {
-            final String expireParamName = pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_PARAM_NAME_PASSWORD_EXPIRED );
+            final String expireParamName = pwmRequest.getDomainConfig().readAppProperty( AppProperty.HTTP_PARAM_NAME_PASSWORD_EXPIRED );
             if ( "true".equalsIgnoreCase( pwmRequest.readParameterAsString( expireParamName ) ) )
             {
                 LOGGER.debug( pwmRequest, () -> "detected param '" + expireParamName + "'=true in request, will force pw change" );
@@ -322,7 +322,7 @@ public class SessionFilter extends AbstractPwmFilter
         }
 
         final LocalSessionStateBean ssBean = pwmRequest.getPwmSession().getSessionStateBean();
-        final String verificationParamName = pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_PARAM_SESSION_VERIFICATION );
+        final String verificationParamName = pwmRequest.getDomainConfig().readAppProperty( AppProperty.HTTP_PARAM_SESSION_VERIFICATION );
         final String keyFromRequest = pwmRequest.readParameterAsString( verificationParamName, PwmHttpRequestWrapper.Flag.BypassValidation );
 
         // request doesn't have key, so make a new one, store it in the session, and redirect back here with the new key.
@@ -384,7 +384,7 @@ public class SessionFilter extends AbstractPwmFilter
 
         String redirectURL = req.getRequestURI();
 
-        final String verificationParamName = pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_PARAM_SESSION_VERIFICATION );
+        final String verificationParamName = pwmRequest.getDomainConfig().readAppProperty( AppProperty.HTTP_PARAM_SESSION_VERIFICATION );
 
         for ( final Enumeration paramEnum = req.getParameterNames(); paramEnum.hasMoreElements(); )
         {
@@ -444,11 +444,11 @@ public class SessionFilter extends AbstractPwmFilter
     )
             throws PwmUnrecoverableException
     {
-        final DomainConfig config = pwmRequest.getConfig();
+        final DomainConfig config = pwmRequest.getDomainConfig();
         final String localeParamName = config.readAppProperty( AppProperty.HTTP_PARAM_NAME_LOCALE );
         final String localeCookieName = config.readAppProperty( AppProperty.HTTP_COOKIE_LOCALE_NAME );
         final String requestedLocale = pwmRequest.readParameterAsString( localeParamName );
-        final int cookieAgeSeconds = ( int ) pwmRequest.getConfig().readSettingAsLong( PwmSetting.LOCALE_COOKIE_MAX_AGE );
+        final int cookieAgeSeconds = ( int ) pwmRequest.getDomainConfig().readSettingAsLong( PwmSetting.LOCALE_COOKIE_MAX_AGE );
         if ( requestedLocale != null && requestedLocale.length() > 0 )
         {
             LOGGER.debug( pwmRequest, () -> "detected locale request parameter " + localeParamName + " with value " + requestedLocale );
@@ -472,7 +472,7 @@ public class SessionFilter extends AbstractPwmFilter
     )
             throws PwmUnrecoverableException
     {
-        final DomainConfig config = pwmRequest.getConfig();
+        final DomainConfig config = pwmRequest.getDomainConfig();
         final String themeParameterName = config.readAppProperty( AppProperty.HTTP_PARAM_NAME_THEME );
         final String themeReqParameter = pwmRequest.readParameterAsString( themeParameterName );
 
@@ -506,7 +506,7 @@ public class SessionFilter extends AbstractPwmFilter
             throws PwmUnrecoverableException
     {
 
-        final String ssoOverrideParameterName = pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_PARAM_NAME_SSO_OVERRIDE );
+        final String ssoOverrideParameterName = pwmRequest.getDomainConfig().readAppProperty( AppProperty.HTTP_PARAM_NAME_SSO_OVERRIDE );
         if ( pwmRequest.hasParameter( ssoOverrideParameterName ) )
         {
             final String ssoParamValue = pwmRequest.readParameterAsString( ssoOverrideParameterName );

server/src/main/java/password/pwm/http/servlet/ClientApiServlet.java

@@ -243,7 +243,7 @@ public class ClientApiServlet extends ControlledPwmServlet
     {
         final PingResponse pingResponse = new PingResponse();
         pingResponse.setTime( Instant.now() );
-        pingResponse.setRuntimeNonce( pwmRequest.getPwmDomain().getRuntimeNonce() );
+        pingResponse.setRuntimeNonce( pwmRequest.getPwmApplication().getRuntimeNonce() );
         pwmRequest.outputJsonResult( RestResultBean.withData( pingResponse ) );
         return ProcessStatus.Halt;
     }
@@ -263,9 +263,9 @@ public class ClientApiServlet extends ControlledPwmServlet
     {
         final StringBuilder inputString = new StringBuilder();
         inputString.append( PwmConstants.BUILD_NUMBER );
-        inputString.append( pwmDomain.getStartupTime().toEpochMilli() );
+        inputString.append( pwmDomain.getPwmApplication().getStartupTime().toEpochMilli() );
         inputString.append( httpServletRequest.getSession().getMaxInactiveInterval() );
-        inputString.append( pwmDomain.getRuntimeNonce() );
+        inputString.append( pwmDomain.getPwmApplication().getRuntimeNonce() );
 
         if ( pwmSession.getSessionStateBean().getLocale() != null )
         {
@@ -350,7 +350,7 @@ public class ClientApiServlet extends ControlledPwmServlet
             settingMap.put( "MaxInactiveInterval", idleSeconds );
         }
         settingMap.put( "paramName.locale", config.readAppProperty( AppProperty.HTTP_PARAM_NAME_LOCALE ) );
-        settingMap.put( "runtimeNonce", pwmDomain.getRuntimeNonce() );
+        settingMap.put( "runtimeNonce", pwmDomain.getPwmApplication().getRuntimeNonce() );
         settingMap.put( "applicationMode", pwmDomain.getApplicationMode() );
 
         final String contextPath = request.getContextPath();
@@ -365,7 +365,7 @@ public class ClientApiServlet extends ControlledPwmServlet
             final String profileID = pwmSession.getUserInfo().getProfileIDs().get( ProfileDefinition.ChangePassword );
             if ( !StringUtil.isEmpty( profileID ) )
             {
-                final ChangePasswordProfile changePasswordProfile = pwmRequest.getConfig().getChangePasswordProfile().get( profileID );
+                final ChangePasswordProfile changePasswordProfile = pwmRequest.getDomainConfig().getChangePasswordProfile().get( profileID );
                 final String configuredGuideText = changePasswordProfile.readSettingAsLocalizedString(
                         PwmSetting.DISPLAY_PASSWORD_GUIDE_TEXT,
                         pwmSession.getSessionStateBean().getLocale()
@@ -498,7 +498,7 @@ public class ClientApiServlet extends ControlledPwmServlet
     private ProcessStatus restCspReportHandler( final PwmRequest pwmRequest )
             throws PwmUnrecoverableException, IOException
     {
-        if ( !Boolean.parseBoolean( pwmRequest.getConfig().readAppProperty( AppProperty.LOGGING_LOG_CSP_REPORT ) ) )
+        if ( !Boolean.parseBoolean( pwmRequest.getDomainConfig().readAppProperty( AppProperty.LOGGING_LOG_CSP_REPORT ) ) )
         {
             return ProcessStatus.Halt;
         }
@@ -522,7 +522,7 @@ public class ClientApiServlet extends ControlledPwmServlet
             throw new PwmUnrecoverableException( errorInformation );
         }
 
-        if ( !pwmRequest.getConfig().readSettingAsBoolean( PwmSetting.PUBLIC_HEALTH_STATS_WEBSERVICES ) )
+        if ( !pwmRequest.getDomainConfig().readSettingAsBoolean( PwmSetting.PUBLIC_HEALTH_STATS_WEBSERVICES ) )
         {
             if ( !pwmRequest.isAuthenticated() )
             {

server/src/main/java/password/pwm/http/servlet/ControlledPwmServlet.java

@@ -165,7 +165,7 @@ public abstract class ControlledPwmServlet extends AbstractPwmServlet implements
             {
                 if ( !pwmRequest.getPwmResponse().isCommitted() )
                 {
-                    if ( pwmRequest.getConfig().isDevDebugMode() )
+                    if ( pwmRequest.getAppConfig().isDevDebugMode() )
                     {
                         final String msg = "processing complete, handler returned halt but response is not committed";
                         LOGGER.error( pwmRequest, () -> msg, new IllegalStateException( msg ) );
@@ -174,7 +174,7 @@ public abstract class ControlledPwmServlet extends AbstractPwmServlet implements
                 return;
             }
 
-            final boolean enablePostRedirectGet = Boolean.parseBoolean( pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_SERVLET_ENABLE_POST_REDIRECT_GET ) );
+            final boolean enablePostRedirectGet = Boolean.parseBoolean( pwmRequest.getDomainConfig().readAppProperty( AppProperty.HTTP_SERVLET_ENABLE_POST_REDIRECT_GET ) );
             if ( enablePostRedirectGet )
             {
                 final String servletUrl = pwmRequest.getURL().determinePwmServletPath();

server/src/main/java/password/pwm/http/servlet/DeleteAccountServlet.java

@@ -271,7 +271,7 @@ public class DeleteAccountServlet extends ControlledPwmServlet
     )
             throws PwmUnrecoverableException, ChaiUnavailableException
     {
-        final DomainConfig config = pwmRequest.getConfig();
+        final DomainConfig config = pwmRequest.getDomainConfig();
         final Locale locale = pwmRequest.getLocale();
         final EmailItemBean configuredEmailSetting = config.readSettingAsEmail( PwmSetting.EMAIL_DELETEACCOUNT, locale );
 
@@ -281,7 +281,7 @@ public class DeleteAccountServlet extends ControlledPwmServlet
             return;
         }
 
-        pwmRequest.getPwmDomain().getEmailQueue().submitEmail(
+        pwmRequest.getPwmApplication().getEmailQueue().submitEmail(
                 configuredEmailSetting,
                 pwmRequest.getPwmSession().getUserInfo(),
                 pwmRequest.getPwmSession().getSessionManager().getMacroMachine( )

server/src/main/java/password/pwm/http/servlet/ForgottenUsernameServlet.java

@@ -101,7 +101,7 @@ public class ForgottenUsernameServlet extends AbstractPwmServlet
     protected void processAction( final PwmRequest pwmRequest )
             throws ServletException, IOException, PwmUnrecoverableException
     {
-        final DomainConfig config = pwmRequest.getConfig();
+        final DomainConfig config = pwmRequest.getDomainConfig();
 
         if ( !config.readSettingAsBoolean( PwmSetting.FORGOTTEN_USERNAME_ENABLE ) )
         {
@@ -165,7 +165,7 @@ public class ForgottenUsernameServlet extends AbstractPwmServlet
             pwmDomain.getIntruderManager().convenience().checkAttributes( formValues );
 
             // see if the values meet the configured form requirements.
-            FormUtility.validateFormValues( pwmRequest.getConfig(), formValues, ssBean.getLocale() );
+            FormUtility.validateFormValues( pwmRequest.getDomainConfig(), formValues, ssBean.getLocale() );
 
             final String searchFilter;
             {
@@ -349,7 +349,7 @@ public class ForgottenUsernameServlet extends AbstractPwmServlet
 
         final MacroRequest macroRequest = MacroRequest.forUser( pwmDomain, sessionLabel, userInfo, null );
 
-        pwmDomain.getEmailQueue().submitEmail( emailItemBean, userInfo, macroRequest );
+        pwmDomain.getPwmApplication().getEmailQueue().submitEmail( emailItemBean, userInfo, macroRequest );
 
         return null;
     }
@@ -365,7 +365,7 @@ public class ForgottenUsernameServlet extends AbstractPwmServlet
             throws PwmUnrecoverableException, ServletException, IOException
     {
         final Locale locale = pwmRequest.getLocale();
-        final String completeMessage = pwmRequest.getConfig().readSettingAsLocalizedString( PwmSetting.FORGOTTEN_USERNAME_MESSAGE, locale );
+        final String completeMessage = pwmRequest.getDomainConfig().readSettingAsLocalizedString( PwmSetting.FORGOTTEN_USERNAME_MESSAGE, locale );
         final MacroRequest macroRequest = MacroRequest.forUser( pwmRequest.getPwmDomain(), pwmRequest.getLocale(), pwmRequest.getLabel(), userIdentity );
         final String expandedText = macroRequest.expandMacros( completeMessage );
         pwmRequest.setAttribute( PwmRequestAttribute.CompleteText, expandedText );

server/src/main/java/password/pwm/http/servlet/FullPageHealthServlet.java

@@ -92,7 +92,7 @@ public class FullPageHealthServlet extends ControlledPwmServlet
     public ProcessStatus preProcessCheck( final PwmRequest pwmRequest )
             throws PwmUnrecoverableException, IOException, ServletException
     {
-        if ( !pwmRequest.getConfig().readSettingAsBoolean( PwmSetting.PUBLIC_HEALTH_STATS_WEBSERVICES ) )
+        if ( !pwmRequest.getDomainConfig().readSettingAsBoolean( PwmSetting.PUBLIC_HEALTH_STATS_WEBSERVICES ) )
         {
             final Locale locale = pwmRequest.getLocale();
             final String errorMsg = "configuration setting "

server/src/main/java/password/pwm/http/servlet/GuestRegistrationServlet.java

@@ -290,7 +290,7 @@ public class GuestRegistrationServlet extends AbstractPwmServlet
     )
             throws PwmUnrecoverableException
     {
-        final DomainConfig config = pwmRequest.getConfig();
+        final DomainConfig config = pwmRequest.getDomainConfig();
         final Locale locale = pwmRequest.getLocale();
         final EmailItemBean configuredEmailSetting = config.readSettingAsEmail( PwmSetting.EMAIL_UPDATEGUEST, locale );
 
@@ -300,7 +300,7 @@ public class GuestRegistrationServlet extends AbstractPwmServlet
             return;
         }
 
-        pwmRequest.getPwmDomain().getEmailQueue().submitEmail( configuredEmailSetting, guestUserInfo, null );
+        pwmRequest.getPwmApplication().getEmailQueue().submitEmail( configuredEmailSetting, guestUserInfo, null );
     }
 
     protected void handleSearchRequest(
@@ -465,7 +465,10 @@ public class GuestRegistrationServlet extends AbstractPwmServlet
             LOGGER.info( pwmRequest, () -> "created user object: " + guestUserDN );
 
             final ChaiUser theUser = provider.getEntryFactory().newChaiUser( guestUserDN );
-            final UserIdentity userIdentity = UserIdentity.createUserIdentity( guestUserDN, pwmSession.getUserInfo().getUserIdentity().getLdapProfileID() );
+            final UserIdentity userIdentity = UserIdentity.createUserIdentity(
+                    guestUserDN,
+                    pwmSession.getUserInfo().getUserIdentity().getLdapProfileID(),
+                    pwmRequest.getDomainID() );
 
             // write the expiration date:
             if ( expirationDate != null )
@@ -478,9 +481,7 @@ public class GuestRegistrationServlet extends AbstractPwmServlet
                     pwmDomain,
                     pwmRequest.getLabel(),
                     userIdentity,
-                    theUser,
-                    locale
-            );
+                    theUser );
 
             final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword( pwmRequest.getLabel(), passwordPolicy, pwmDomain );
             theUser.setPassword( newPassword.getStringValue() );
@@ -617,7 +618,7 @@ public class GuestRegistrationServlet extends AbstractPwmServlet
 
         final MacroRequest macroRequest = MacroRequest.forUser( pwmRequest, userIdentity );
 
-        pwmDomain.getEmailQueue().submitEmail( configuredEmailSetting, null, macroRequest );
+        pwmDomain.getPwmApplication().getEmailQueue().submitEmail( configuredEmailSetting, null, macroRequest );
     }
 
     private void forwardToJSP(
@@ -646,7 +647,7 @@ public class GuestRegistrationServlet extends AbstractPwmServlet
             throws IOException, ServletException, PwmUnrecoverableException
     {
         calculateFutureDateFlags( pwmRequest, guestRegistrationBean );
-        final List<FormConfiguration> guestUpdateForm = pwmRequest.getConfig().readSettingAsForm( PwmSetting.GUEST_UPDATE_FORM );
+        final List<FormConfiguration> guestUpdateForm = pwmRequest.getDomainConfig().readSettingAsForm( PwmSetting.GUEST_UPDATE_FORM );
         final Map<FormConfiguration, String> formValueMap = new LinkedHashMap<>();
         for ( final FormConfiguration formConfiguration : guestUpdateForm )
         {
@@ -686,7 +687,7 @@ public class GuestRegistrationServlet extends AbstractPwmServlet
     {
         final PwmDateFormat dateFormat = PwmDateFormat.newPwmDateFormat( "yyyy-MM-dd" );
 
-        final long maxValidDays = pwmRequest.getConfig().readSettingAsLong( PwmSetting.GUEST_MAX_VALID_DAYS );
+        final long maxValidDays = pwmRequest.getDomainConfig().readSettingAsLong( PwmSetting.GUEST_MAX_VALID_DAYS );
         pwmRequest.setAttribute( PwmRequestAttribute.GuestMaximumValidDays, String.valueOf( maxValidDays ) );
 
 

server/src/main/java/password/pwm/http/servlet/LoginServlet.java

@@ -117,7 +117,7 @@ public class LoginServlet extends ControlledPwmServlet
         if ( pwmRequest.isAuthenticated() && !passwordOnly( pwmRequest ) )
         {
             final String redirectURL = pwmRequest.getContextPath()
-                    + pwmRequest.getConfig().readSettingAsString( PwmSetting.URL_INTRO );
+                    + pwmRequest.getDomainConfig().readSettingAsString( PwmSetting.URL_INTRO );
             LOGGER.debug( pwmRequest, () -> "user is already authenticated, so redirecting user to intro url: " + redirectURL );
             pwmRequest.sendRedirect( redirectURL );
             return ProcessStatus.Halt;

server/src/main/java/password/pwm/http/servlet/SetupOtpServlet.java

@@ -361,7 +361,7 @@ public class SetupOtpServlet extends ControlledPwmServlet
         {
             try
             {
-                if ( pwmRequest.getConfig().isDevDebugMode() )
+                if ( pwmRequest.getAppConfig().isDevDebugMode() )
                 {
                     LOGGER.trace( pwmRequest, () -> "testing against otp record: " + JsonUtil.serialize( otpBean.getOtpUserRecord() ) );
                 }
@@ -453,7 +453,7 @@ public class SetupOtpServlet extends ControlledPwmServlet
                 otpBean.setOtpUserRecord( otpUserRecord );
                 otpBean.setRecoveryCodes( rawRecoveryCodes );
                 LOGGER.trace( pwmRequest, () -> "generated new otp record" );
-                if ( config.isDevDebugMode() )
+                if ( config.getAppConfig().isDevDebugMode() )
                 {
                     LOGGER.trace( pwmRequest, () -> "newly generated otp record: " + JsonUtil.serialize( otpUserRecord ) );
                 }
@@ -495,8 +495,8 @@ public class SetupOtpServlet extends ControlledPwmServlet
                 + "/" + identifier
                 + "?secret=" + secret;
 
-        final int height = Integer.parseInt( pwmRequest.getConfig().readAppProperty( AppProperty.OTP_QR_IMAGE_HEIGHT ) );
-        final int width = Integer.parseInt( pwmRequest.getConfig().readAppProperty( AppProperty.OTP_QR_IMAGE_WIDTH ) );
+        final int height = Integer.parseInt( pwmRequest.getDomainConfig().readAppProperty( AppProperty.OTP_QR_IMAGE_HEIGHT ) );
+        final int width = Integer.parseInt( pwmRequest.getDomainConfig().readAppProperty( AppProperty.OTP_QR_IMAGE_WIDTH ) );
 
         final byte[] imageBytes;
         try
@@ -535,7 +535,7 @@ public class SetupOtpServlet extends ControlledPwmServlet
             final boolean admin = pwmRequest.getPwmSession().getSessionManager().checkPermission( pwmRequest.getPwmDomain(), Permission.PWMADMIN );
             if ( admin )
             {
-                if ( pwmRequest.getConfig().readSettingAsBoolean( PwmSetting.ADMIN_ALLOW_SKIP_FORCED_ACTIVITIES ) )
+                if ( pwmRequest.getDomainConfig().readSettingAsBoolean( PwmSetting.ADMIN_ALLOW_SKIP_FORCED_ACTIVITIES ) )
                 {
                     LOGGER.trace( pwmRequest, () -> "allowing OTP setup skipping due to user being admin and setting "
                             + PwmSetting.ADMIN_ALLOW_SKIP_FORCED_ACTIVITIES.toMenuLocationDebug( null, pwmRequest.getLocale() ) );

server/src/main/java/password/pwm/http/servlet/SetupResponsesServlet.java

@@ -352,7 +352,7 @@ public class SetupResponsesServlet extends ControlledPwmServlet
             }
         }
 
-        if ( pwmRequest.getConfig().readSettingAsBoolean( PwmSetting.CHALLENGE_SHOW_CONFIRMATION ) )
+        if ( pwmRequest.getDomainConfig().readSettingAsBoolean( PwmSetting.CHALLENGE_SHOW_CONFIRMATION ) )
         {
             if ( !setupResponsesBean.isConfirmed() )
             {
@@ -735,7 +735,7 @@ public class SetupResponsesServlet extends ControlledPwmServlet
             final boolean admin = pwmRequest.getPwmSession().getSessionManager().checkPermission( pwmRequest.getPwmDomain(), Permission.PWMADMIN );
             if ( admin )
             {
-                if ( pwmRequest.getConfig().readSettingAsBoolean( PwmSetting.ADMIN_ALLOW_SKIP_FORCED_ACTIVITIES ) )
+                if ( pwmRequest.getDomainConfig().readSettingAsBoolean( PwmSetting.ADMIN_ALLOW_SKIP_FORCED_ACTIVITIES ) )
                 {
                     LOGGER.trace( pwmRequest, () -> "allowing c/r answer setup skipping due to user being admin and setting "
                             + PwmSetting.ADMIN_ALLOW_SKIP_FORCED_ACTIVITIES.toMenuLocationDebug( null, pwmRequest.getLocale() ) );

server/src/main/java/password/pwm/http/servlet/ShortcutServlet.java

@@ -149,12 +149,12 @@ public class ShortcutServlet extends AbstractPwmServlet
     )
             throws PwmUnrecoverableException
     {
-        final Collection<String> configValues = pwmRequest.getConfig().readSettingAsLocalizedStringArray( PwmSetting.SHORTCUT_ITEMS, pwmRequest.getLocale() );
+        final Collection<String> configValues = pwmRequest.getDomainConfig().readSettingAsLocalizedStringArray( PwmSetting.SHORTCUT_ITEMS, pwmRequest.getLocale() );
 
         final Set<String> labelsFromHeader = new HashSet<>();
         {
             final Map<String, List<String>> headerValueMap = pwmRequest.readHeaderValuesMap();
-            final List<String> interestedHeaderNames = pwmRequest.getConfig().readSettingAsStringArray( PwmSetting.SHORTCUT_HEADER_NAMES );
+            final List<String> interestedHeaderNames = pwmRequest.getDomainConfig().readSettingAsStringArray( PwmSetting.SHORTCUT_HEADER_NAMES );
 
             for ( final Map.Entry<String, List<String>> entry : headerValueMap.entrySet() )
             {

server/src/main/java/password/pwm/http/servlet/accountinfo/AccountInformationBean.java

@@ -82,7 +82,7 @@ public class AccountInformationBean implements Serializable
 
         builder.accountInfo( ViewableUserInfoDisplayReader.makeDisplayData(
                 accountInformationProfile.readSettingAsOptionList( PwmSetting.ACCOUNT_INFORMATION_VIEW_STATUS_VALUES, ViewStatusFields.class ),
-                pwmRequest.getConfig(),
+                pwmRequest.getDomainConfig(),
                 userInfo,
                 pwmRequest.getPwmSession().getSessionStateBean(),
                 locale
@@ -107,7 +107,7 @@ public class AccountInformationBean implements Serializable
     {
         final PwmPasswordPolicy pwmPasswordPolicy = pwmRequest.getPwmSession().getUserInfo().getPasswordPolicy();
         final MacroRequest macroRequest = pwmRequest.getPwmSession().getSessionManager().getMacroMachine();
-        final List<String> rules = PasswordRequirementsTag.getPasswordRequirementsStrings( pwmPasswordPolicy, pwmRequest.getConfig(), pwmRequest.getLocale(), macroRequest );
+        final List<String> rules = PasswordRequirementsTag.getPasswordRequirementsStrings( pwmPasswordPolicy, pwmRequest.getDomainConfig(), pwmRequest.getLocale(), macroRequest );
         return Collections.unmodifiableList( rules );
     }
 

server/src/main/java/password/pwm/http/servlet/accountinfo/AccountInformationServlet.java

@@ -121,7 +121,7 @@ public class AccountInformationServlet extends ControlledPwmServlet
     @Override
     public ProcessStatus preProcessCheck( final PwmRequest pwmRequest ) throws PwmUnrecoverableException, IOException, ServletException
     {
-        if ( !pwmRequest.getConfig().readSettingAsBoolean( PwmSetting.ACCOUNT_INFORMATION_ENABLED ) )
+        if ( !pwmRequest.getDomainConfig().readSettingAsBoolean( PwmSetting.ACCOUNT_INFORMATION_ENABLED ) )
         {
             pwmRequest.respondWithError( new ErrorInformation( PwmError.ERROR_SERVICE_NOT_AVAILABLE ) );
             return ProcessStatus.Halt;

server/src/main/java/password/pwm/http/servlet/activation/ActivateUserServlet.java

@@ -130,7 +130,7 @@ public class ActivateUserServlet extends ControlledPwmServlet
     @Override
     public ProcessStatus preProcessCheck( final PwmRequest pwmRequest ) throws PwmUnrecoverableException, IOException, ServletException
     {
-        final DomainConfig config = pwmRequest.getConfig();
+        final DomainConfig config = pwmRequest.getDomainConfig();
 
         if ( !config.readSettingAsBoolean( PwmSetting.ACTIVATE_USER_ENABLE ) )
         {
@@ -180,7 +180,7 @@ public class ActivateUserServlet extends ControlledPwmServlet
     {
         final ActivateUserBean activateUserBean = activateUserBean( pwmRequest );
         final String profileID = activateUserBean.getProfileID();
-        final ActivateUserProfile activateUserProfile = pwmRequest.getConfig().getUserActivationProfiles().get( profileID );
+        final ActivateUserProfile activateUserProfile = pwmRequest.getDomainConfig().getUserActivationProfiles().get( profileID );
         if ( activateUserProfile == null )
         {
             throw  PwmUnrecoverableException.newException( PwmError.ERROR_NO_PROFILE_ASSIGNED, "unable to load activate user profile" );
@@ -343,7 +343,7 @@ public class ActivateUserServlet extends ControlledPwmServlet
             activateUserBean.setTokenDestination( tokenPayload.getDestination() );
             activateUserBean.setTokenSent( true );
 
-            if ( pwmRequest.getConfig().readSettingAsBoolean( PwmSetting.DISPLAY_TOKEN_SUCCESS_BUTTON ) )
+            if ( pwmRequest.getDomainConfig().readSettingAsBoolean( PwmSetting.DISPLAY_TOKEN_SUCCESS_BUTTON ) )
             {
                 pwmRequest.setAttribute( PwmRequestAttribute.TokenDestItems, tokenPayload.getDestination() );
                 pwmRequest.forwardToJsp( JspUrl.ACTIVATE_USER_TOKEN_SUCCESS );
@@ -424,7 +424,7 @@ public class ActivateUserServlet extends ControlledPwmServlet
 
             if ( activateUserBean.getTokenDestination() == null )
             {
-                final boolean autoSelect = Boolean.parseBoolean( pwmRequest.getConfig().readAppProperty( AppProperty.ACTIVATE_USER_TOKEN_AUTO_SELECT_DEST ) );
+                final boolean autoSelect = Boolean.parseBoolean( pwmRequest.getDomainConfig().readAppProperty( AppProperty.ACTIVATE_USER_TOKEN_AUTO_SELECT_DEST ) );
                 if ( tokenDestinationItems.size() == 1 && autoSelect )
                 {
                     activateUserBean.setTokenDestination( tokenDestinationItems.iterator().next() );
@@ -485,7 +485,7 @@ public class ActivateUserServlet extends ControlledPwmServlet
     private static void forwardToEnterCodeJsp( final PwmRequest pwmRequest, final List<TokenDestinationItem> tokenDestinationItems )
             throws ServletException, PwmUnrecoverableException, IOException
     {
-        final boolean autoSelect = Boolean.parseBoolean( pwmRequest.getConfig().readAppProperty( AppProperty.ACTIVATE_USER_TOKEN_AUTO_SELECT_DEST ) );
+        final boolean autoSelect = Boolean.parseBoolean( pwmRequest.getDomainConfig().readAppProperty( AppProperty.ACTIVATE_USER_TOKEN_AUTO_SELECT_DEST ) );
         final ResetType goBackAction = tokenDestinationItems.size() > 1 || !autoSelect
                 ? ResetType.clearTokenDestination
                 : null;

server/src/main/java/password/pwm/http/servlet/activation/ActivateUserUtils.java

@@ -247,7 +247,7 @@ class ActivateUserUtils
             return false;
         }
 
-        pwmDomain.getEmailQueue().submitEmail(
+        pwmDomain.getPwmApplication().getEmailQueue().submitEmail(
                 configuredEmailSetting,
                 pwmSession.getUserInfo(),
                 pwmSession.getSessionManager().getMacroMachine( )
@@ -256,14 +256,14 @@ class ActivateUserUtils
     }
 
     static boolean sendPostActivationSms( final PwmRequest pwmRequest )
-            throws PwmUnrecoverableException, ChaiUnavailableException
+            throws PwmUnrecoverableException
     {
         final PwmDomain pwmDomain = pwmRequest.getPwmDomain();
         final PwmSession pwmSession = pwmRequest.getPwmSession();
         final DomainConfig config = pwmDomain.getConfig();
         final UserInfo userInfo = pwmSession.getUserInfo();
         final Locale locale = pwmSession.getSessionStateBean().getLocale();
-        final LdapProfile ldapProfile = userInfo.getUserIdentity().getLdapProfile( config );
+        final LdapProfile ldapProfile = userInfo.getUserIdentity().getLdapProfile( pwmRequest.getAppConfig() );
 
         final String message = config.readSettingAsLocalizedString( PwmSetting.SMS_ACTIVATION_TEXT, locale );
 

server/src/main/java/password/pwm/http/servlet/admin/AdminServlet.java

@@ -324,7 +324,7 @@ public class AdminServlet extends ControlledPwmServlet
         final OutputStream outputStream = pwmRequest.getPwmResponse().getOutputStream();
         try
         {
-            pwmDomain.getSessionTrackService().outputToCsv( pwmRequest.getLocale(), pwmRequest.getConfig(), outputStream );
+            pwmDomain.getSessionTrackService().outputToCsv( pwmRequest.getLocale(), pwmRequest.getDomainConfig(), outputStream );
         }
         catch ( final Exception e )
         {
@@ -683,7 +683,7 @@ public class AdminServlet extends ControlledPwmServlet
     public ProcessStatus restreadPwNotifyStatus( final PwmRequest pwmRequest ) throws IOException, PwmUnrecoverableException
     {
         int key = 0;
-        if ( !pwmRequest.getConfig().readSettingAsBoolean( PwmSetting.PW_EXPY_NOTIFY_ENABLE ) )
+        if ( !pwmRequest.getDomainConfig().readSettingAsBoolean( PwmSetting.PW_EXPY_NOTIFY_ENABLE ) )
         {
             final DisplayElement displayElement = new DisplayElement( String.valueOf( key++ ), DisplayElement.Type.string, "Status",
                     "Password Notification Feature is not enabled.  See setting: "
@@ -693,7 +693,7 @@ public class AdminServlet extends ControlledPwmServlet
         }
 
         final List<DisplayElement> statusData = new ArrayList<>( );
-        final DomainConfig config = pwmRequest.getConfig();
+        final DomainConfig config = pwmRequest.getDomainConfig();
         final Locale locale = pwmRequest.getLocale();
         final PwNotifyService pwNotifyService = pwmRequest.getPwmDomain().getPwNotifyService();
         final PwNotifyStoredJobState pwNotifyStoredJobState = pwNotifyService.getJobState();

server/src/main/java/password/pwm/http/servlet/admin/AppDashboardData.java

@@ -205,17 +205,17 @@ public class AppDashboardData implements Serializable
                 "startupTime",
                 DisplayElement.Type.timestamp,
                 l.forKey( "Field_StartTime" ),
-                JavaHelper.toIsoDate( pwmDomain.getStartupTime() )
+                JavaHelper.toIsoDate( pwmDomain.getPwmApplication().getStartupTime() )
         ), new DisplayElement(
                 "runningDuration",
                 DisplayElement.Type.string,
                 l.forKey( "Field_UpTime" ),
-                TimeDuration.fromCurrent( pwmDomain.getStartupTime() ).asLongString( locale )
+                TimeDuration.fromCurrent( pwmDomain.getPwmApplication().getStartupTime() ).asLongString( locale )
         ), new DisplayElement(
                 "installTime",
                 DisplayElement.Type.timestamp,
                 l.forKey( "Field_InstallTime" ),
-                JavaHelper.toIsoDate( pwmDomain.getInstallTime() )
+                JavaHelper.toIsoDate( pwmDomain.getPwmApplication().getInstallTime() )
         ), new DisplayElement(
                 "siteURL",
                 DisplayElement.Type.string,
@@ -312,7 +312,7 @@ public class AppDashboardData implements Serializable
                 "emailQueueSize",
                 DisplayElement.Type.number,
                 "Email Queue Size",
-                numberFormat.format( pwmDomain.getEmailQueue().queueSize() )
+                numberFormat.format( pwmDomain.getPwmApplication().getEmailQueue().queueSize() )
         ) );
         localDbInfo.add( new DisplayElement(
                 "smsQueueSize",
@@ -420,7 +420,7 @@ public class AppDashboardData implements Serializable
             final Locale locale
     )
     {
-        final Map<PwmAboutProperty, String> aboutMap = PwmAboutProperty.makeInfoBean( pwmDomain );
+        final Map<PwmAboutProperty, String> aboutMap = PwmAboutProperty.makeInfoBean( pwmDomain.getPwmApplication() );
         final List<DisplayElement> javaInfo = new ArrayList<>();
         final String notApplicable = Display.getLocalizedMessage( locale, Display.Value_NotApplicable, pwmDomain.getConfig() );
 

server/src/main/java/password/pwm/http/servlet/admin/UserDebugDataReader.java

@@ -75,8 +75,7 @@ public class UserDebugDataReader
         final PwmPasswordPolicy configPasswordPolicy = PasswordUtility.determineConfiguredPolicyProfileForUser(
                 pwmDomain,
                 sessionLabel,
-                userIdentity,
-                locale
+                userIdentity
         );
 
         boolean readablePassword = false;

server/src/main/java/password/pwm/http/servlet/changepw/ChangePasswordServlet.java

@@ -75,6 +75,7 @@ import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
+import java.util.Optional;
 
 /**
  * User interaction servlet for changing (self) passwords.
@@ -518,7 +519,7 @@ public abstract class ChangePasswordServlet extends ControlledPwmServlet
 
         pwmRequest.setAttribute(
                 PwmRequestAttribute.ChangePassword_CheckIntervalSeconds,
-                Long.parseLong( pwmRequest.getConfig().readAppProperty( AppProperty.CLIENT_AJAX_PW_WAIT_CHECK_SECONDS ) )
+                Long.parseLong( pwmRequest.getDomainConfig().readAppProperty( AppProperty.CLIENT_AJAX_PW_WAIT_CHECK_SECONDS ) )
         );
 
         pwmRequest.forwardToJsp( JspUrl.PASSWORD_CHANGE_WAIT );
@@ -568,12 +569,12 @@ public abstract class ChangePasswordServlet extends ControlledPwmServlet
 
     private void forwardToChangePage( final PwmRequest pwmRequest ) throws ServletException, PwmUnrecoverableException, IOException
     {
-        final String passwordPolicyChangeMessage = pwmRequest.getPwmSession().getUserInfo().getPasswordPolicy().getRuleHelper().getChangeMessage();
-        if ( passwordPolicyChangeMessage.length() > 1 )
+        final Optional<String> passwordPolicyChangeMessage = pwmRequest.getPwmSession().getUserInfo().getPasswordPolicy().getChangeMessage( pwmRequest.getLocale() );
+        if ( passwordPolicyChangeMessage.isPresent() )
         {
             final MacroRequest macroRequest = pwmRequest.getPwmSession().getSessionManager().getMacroMachine( );
-            macroRequest.expandMacros( passwordPolicyChangeMessage );
-            pwmRequest.setAttribute( PwmRequestAttribute.ChangePassword_PasswordPolicyChangeMessage, passwordPolicyChangeMessage );
+            final String expandedMessage = macroRequest.expandMacros( passwordPolicyChangeMessage.get() );
+            pwmRequest.setAttribute( PwmRequestAttribute.ChangePassword_PasswordPolicyChangeMessage, expandedMessage );
         }
 
         pwmRequest.forwardToJsp( JspUrl.PASSWORD_CHANGE );

server/src/main/java/password/pwm/http/servlet/changepw/ChangePasswordServletUtil.java

@@ -148,7 +148,7 @@ public class ChangePasswordServletUtil
     )
             throws PwmUnrecoverableException
     {
-        final DomainConfig config = pwmRequest.getConfig();
+        final DomainConfig config = pwmRequest.getDomainConfig();
         final Locale locale = pwmRequest.getLocale();
         final EmailItemBean configuredEmailSetting = config.readSettingAsEmail( PwmSetting.EMAIL_CHANGEPASSWORD, locale );
 
@@ -159,7 +159,7 @@ public class ChangePasswordServletUtil
         }
 
         final PwmDomain pwmDomain = pwmRequest.getPwmDomain();
-        pwmDomain.getEmailQueue().submitEmail(
+        pwmDomain.getPwmApplication().getEmailQueue().submitEmail(
                 configuredEmailSetting,
                 pwmRequest.getPwmSession().getUserInfo(),
 

server/src/main/java/password/pwm/http/servlet/configeditor/ConfigEditorServlet.java

@@ -663,7 +663,7 @@ public class ConfigEditorServlet extends ControlledPwmServlet
         final StringBuilder output = new StringBuilder();
         output.append( "beginning EMail send process:\n" );
 
-        final DomainConfig testDomainConfig = new AppConfig( configManagerBean.getStoredConfiguration() ).getDefaultDomainConfig();
+        final AppConfig testDomainConfig = new AppConfig( configManagerBean.getStoredConfiguration() );
 
         final EmailServerProfile emailServerProfile = testDomainConfig.getEmailServerProfiles().get( profileID );
         if ( emailServerProfile != null )
@@ -706,7 +706,7 @@ public class ConfigEditorServlet extends ControlledPwmServlet
         final String key = pwmRequest.readParameterAsString( "key" );
         final PwmSetting setting = PwmSetting.forKey( key )
                 .orElseThrow( () -> new IllegalStateException( "invalid setting parameter value" ) );
-        final int maxFileSize = Integer.parseInt( pwmRequest.getConfig().readAppProperty( AppProperty.CONFIG_MAX_JDBC_JAR_SIZE ) );
+        final int maxFileSize = Integer.parseInt( pwmRequest.getDomainConfig().readAppProperty( AppProperty.CONFIG_MAX_JDBC_JAR_SIZE ) );
 
         if ( setting == PwmSetting.HTTPS_CERT )
         {

server/src/main/java/password/pwm/http/servlet/configeditor/ConfigEditorServletUtils.java

@@ -203,7 +203,7 @@ public class ConfigEditorServletUtils
         {
             final Map<String, String> defaultValueMap = new LinkedHashMap<>();
             final String defaultLocaleValue = ResourceBundle.getBundle( pwmLocaleBundle.getTheClass().getName(), PwmConstants.DEFAULT_LOCALE ).getString( keyName );
-            for ( final Locale locale : pwmRequest.getConfig().getKnownLocales() )
+            for ( final Locale locale : pwmRequest.getDomainConfig().getKnownLocales() )
             {
                 final ResourceBundle localeBundle = ResourceBundle.getBundle( pwmLocaleBundle.getTheClass().getName(), locale );
                 if ( locale.toString().equalsIgnoreCase( PwmConstants.DEFAULT_LOCALE.toString() ) )
@@ -326,7 +326,7 @@ public class ConfigEditorServletUtils
                 ) );
             }
 
-            final int maxFileSize = Integer.parseInt( pwmRequest.getConfig().readAppProperty( AppProperty.CONFIG_MAX_JDBC_JAR_SIZE ) );
+            final int maxFileSize = Integer.parseInt( pwmRequest.getDomainConfig().readAppProperty( AppProperty.CONFIG_MAX_JDBC_JAR_SIZE ) );
             final Map<String, PwmRequest.FileUploadItem> fileUploads = pwmRequest.readFileUploads( maxFileSize, 1 );
             final InputStream fileIs = fileUploads.get( PwmConstants.PARAM_FILE_UPLOAD ).getContent().newByteArrayInputStream();
 

server/src/main/java/password/pwm/http/servlet/configguide/ConfigGuideServlet.java

@@ -506,7 +506,7 @@ public class ConfigGuideServlet extends ControlledPwmServlet
         try
         {
             final ConfigGuideBean configGuideBean = getBean( pwmRequest );
-            final int maxFileSize = Integer.parseInt( pwmRequest.getConfig().readAppProperty( AppProperty.CONFIG_MAX_JDBC_JAR_SIZE ) );
+            final int maxFileSize = Integer.parseInt( pwmRequest.getDomainConfig().readAppProperty( AppProperty.CONFIG_MAX_JDBC_JAR_SIZE ) );
             final FileValue fileValue = ConfigEditorServletUtils.readFileUploadToSettingValue( pwmRequest, maxFileSize );
             configGuideBean.setDatabaseDriver( fileValue );
             final RestResultBean restResultBean = RestResultBean.forSuccessMessage( pwmRequest, Message.Success_Unknown );

server/src/main/java/password/pwm/http/servlet/configguide/ConfigGuideUtils.java

@@ -287,7 +287,7 @@ public class ConfigGuideUtils
                     pwmRequest.getPwmDomain().getPwmEnvironment().makeRuntimeInstance( new AppConfig( storedConfiguration ) ) );
 
             final String adminDN = form.get( ConfigGuideFormField.PARAM_LDAP_ADMIN_USER );
-            final UserIdentity adminIdentity = UserIdentity.createUserIdentity( adminDN, PwmConstants.PROFILE_ID_DEFAULT );
+            final UserIdentity adminIdentity = UserIdentity.createUserIdentity( adminDN, PwmConstants.PROFILE_ID_DEFAULT, PwmConstants.DOMAIN_ID_PLACEHOLDER );
 
             final UserMatchViewerFunction userMatchViewerFunction = new UserMatchViewerFunction();
             final Collection<UserIdentity> results = userMatchViewerFunction.discoverMatchingUsers(
@@ -301,7 +301,7 @@ public class ConfigGuideUtils
             if ( !results.isEmpty() )
             {
                 final UserIdentity foundIdentity = results.iterator().next();
-                if ( foundIdentity.canonicalEquals( adminIdentity, tempApplication.getDefaultDomain() ) )
+                if ( foundIdentity.canonicalEquals( adminIdentity, tempApplication ) )
                 {
                     records.add( HealthRecord.forMessage( HealthMessage.LDAP_AdminUserOk ) );
                 }

server/src/main/java/password/pwm/http/servlet/configmanager/ConfigManagerCertificatesServlet.java

@@ -104,7 +104,7 @@ public class ConfigManagerCertificatesServlet extends AbstractPwmServlet
         ConfigManagerServlet.verifyConfigAccess( pwmRequest );
 
         final ConfigManagerCertificateAction action = readProcessAction( pwmRequest );
-        final ArrayList<CertificateDebugDataItem> certificateDebugDataItems = new ArrayList<>( makeCertificateDebugData( pwmRequest.getConfig() ) );
+        final ArrayList<CertificateDebugDataItem> certificateDebugDataItems = new ArrayList<>( makeCertificateDebugData( pwmRequest.getDomainConfig() ) );
 
         if ( action == ConfigManagerCertificateAction.certificateData )
         {

server/src/main/java/password/pwm/http/servlet/configmanager/ConfigManagerLocalDBServlet.java

@@ -144,7 +144,7 @@ public class ConfigManagerLocalDBServlet extends AbstractPwmServlet
         final LocalDBUtility localDBUtility = new LocalDBUtility( pwmRequest.getPwmDomain().getLocalDB() );
         try
         {
-            final int bufferSize = Integer.parseInt( pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_DOWNLOAD_BUFFER_SIZE ) );
+            final int bufferSize = Integer.parseInt( pwmRequest.getDomainConfig().readAppProperty( AppProperty.HTTP_DOWNLOAD_BUFFER_SIZE ) );
             final OutputStream bos = new BufferedOutputStream( resp.getOutputStream(), bufferSize );
             localDBUtility.exportLocalDB( bos, LOGGER.asAppendable( PwmLogLevel.DEBUG, pwmRequest.getLabel() ) );
             LOGGER.debug( pwmRequest, () -> "completed localDBExport process in " + TimeDuration.fromCurrent( startTime ).asCompactString() );

server/src/main/java/password/pwm/http/servlet/configmanager/ConfigManagerLoginServlet.java

@@ -302,7 +302,7 @@ public class ConfigManagerLoginServlet extends AbstractPwmServlet
 
         if ( persistentSeconds > 0 )
         {
-            final StoredConfiguration storedConfig = pwmRequest.getConfig().getStoredConfiguration();
+            final StoredConfiguration storedConfig = pwmRequest.getDomainConfig().getStoredConfiguration();
             final String persistentLoginValue = makePersistentLoginPassword( pwmRequest, storedConfig );
             final PersistentLoginInfo persistentLoginInfo = new PersistentLoginInfo( Instant.now(), persistentLoginValue );
             final String cookieValue = pwmRequest.getPwmDomain().getSecureService().encryptObjectToString( persistentLoginInfo );
@@ -393,7 +393,7 @@ public class ConfigManagerLoginServlet extends AbstractPwmServlet
     public static int figureMaxLoginSeconds( final PwmRequest pwmRequest )
     {
         return JavaHelper.silentParseInt(
-                pwmRequest.getConfig().readAppProperty( AppProperty.CONFIG_MAX_PERSISTENT_LOGIN_SECONDS ),
+                pwmRequest.getDomainConfig().readAppProperty( AppProperty.CONFIG_MAX_PERSISTENT_LOGIN_SECONDS ),
                 (int) TimeDuration.HOUR.as( TimeDuration.Unit.SECONDS )
         );
     }
@@ -433,13 +433,13 @@ public class ConfigManagerLoginServlet extends AbstractPwmServlet
             return false;
         }
 
-        if ( pwmRequest.getConfig().isDefaultValue( PwmSetting.PWM_SECURITY_KEY ) )
+        if ( pwmRequest.getDomainConfig().isDefaultValue( PwmSetting.PWM_SECURITY_KEY ) )
         {
             LOGGER.debug( pwmRequest, () -> "security key not available, persistent login not possible." );
             return false;
         }
 
-        final Optional<String> configPasswordHash = pwmRequest.getConfig().getStoredConfiguration().readConfigProperty( ConfigurationProperty.PASSWORD_HASH );
+        final Optional<String> configPasswordHash = pwmRequest.getDomainConfig().getStoredConfiguration().readConfigProperty( ConfigurationProperty.PASSWORD_HASH );
         if ( !configPasswordHash.isPresent() )
         {
             LOGGER.debug( pwmRequest, () -> "config password is not present, persistent login not possible." );

server/src/main/java/password/pwm/http/servlet/configmanager/ConfigManagerServlet.java

@@ -210,7 +210,7 @@ public class ConfigManagerServlet extends AbstractPwmServlet
                 LocaleHelper.booleanString(
                         StoredConfigurationUtil.hasPassword( configurationReader.getStoredConfiguration() ),
                         pwmRequest.getLocale(),
-                        pwmRequest.getConfig()
+                        pwmRequest.getDomainConfig()
                 )
         );
     }
@@ -385,7 +385,7 @@ public class ConfigManagerServlet extends AbstractPwmServlet
     public static StoredConfiguration readCurrentConfiguration( final PwmRequest pwmRequest )
             throws PwmUnrecoverableException
     {
-        return pwmRequest.getConfig().getStoredConfiguration();
+        return pwmRequest.getDomainConfig().getStoredConfiguration();
     }
 
     private void showSummary( final PwmRequest pwmRequest )
@@ -414,7 +414,7 @@ public class ConfigManagerServlet extends AbstractPwmServlet
     {
         pwmRequest.getPwmResponse().markAsDownload(
                 HttpContentType.csv,
-                pwmRequest.getConfig().readAppProperty( AppProperty.DOWNLOAD_FILENAME_LDAP_PERMISSION_CSV )
+                pwmRequest.getDomainConfig().readAppProperty( AppProperty.DOWNLOAD_FILENAME_LDAP_PERMISSION_CSV )
         );
 
         final CSVPrinter csvPrinter = JavaHelper.makeCsvPrinter( pwmRequest.getPwmResponse().getOutputStream() );
@@ -430,7 +430,7 @@ public class ConfigManagerServlet extends AbstractPwmServlet
                         ? LocaleHelper.getLocalizedMessage( Display.Value_NotApplicable, pwmRequest )
                         : permissionRecord.getPwmSetting().toMenuLocationDebug( permissionRecord.getProfile(), pwmRequest.getLocale() );
                 csvPrinter.printRecord(
-                        permissionRecord.getActor().getLabel( pwmRequest.getLocale(), pwmRequest.getConfig() ),
+                        permissionRecord.getActor().getLabel( pwmRequest.getLocale(), pwmRequest.getDomainConfig() ),
                         permissionRecord.getAttribute(),
                         permissionRecord.getAccess().toString(),
                         settingTxt

server/src/main/java/password/pwm/http/servlet/configmanager/DebugItemGenerator.java

@@ -314,7 +314,7 @@ public class DebugItemGenerator
         public void outputItem( final DebugItemInput debugItemInput, final OutputStream outputStream ) throws Exception
         {
             final Properties outputProps = new JavaHelper.SortedProperties();
-            final Map<PwmAboutProperty, String> infoBean = PwmAboutProperty.makeInfoBean( debugItemInput.getPwmDomain() );
+            final Map<PwmAboutProperty, String> infoBean = PwmAboutProperty.makeInfoBean( debugItemInput.getPwmDomain().getPwmApplication() );
             outputProps.putAll( PwmAboutProperty.toStringMap( infoBean ) );
             outputProps.store( outputStream, JavaHelper.toIsoDate( Instant.now() ) );
         }

server/src/main/java/password/pwm/http/servlet/forgottenpw/ForgottenPasswordServlet.java

@@ -396,7 +396,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
         final String contextParam = pwmRequest.readParameterAsString( PwmConstants.PARAM_CONTEXT );
         final String ldapProfile = pwmRequest.readParameterAsString( PwmConstants.PARAM_LDAP_PROFILE );
 
-        final boolean bogusUserModeEnabled = pwmRequest.getConfig().readSettingAsBoolean( PwmSetting.RECOVERY_BOGUS_USER_ENABLE );
+        final boolean bogusUserModeEnabled = pwmRequest.getDomainConfig().readSettingAsBoolean( PwmSetting.RECOVERY_BOGUS_USER_ENABLE );
 
         // clear the bean
         clearForgottenPasswordBean( pwmRequest );
@@ -426,7 +426,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
             pwmDomain.getIntruderManager().convenience().checkAttributes( formValues );
 
             // see if the values meet the configured form requirements.
-            FormUtility.validateFormValues( pwmRequest.getConfig(), formValues, userLocale );
+            FormUtility.validateFormValues( pwmRequest.getDomainConfig(), formValues, userLocale );
 
             final String searchFilter;
             {
@@ -531,7 +531,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
             forgottenPasswordBean.getProgress().getSatisfiedMethods().add( IdentityVerificationMethod.TOKEN );
             StatisticsManager.incrementStat( pwmRequest.getPwmDomain(), Statistic.RECOVERY_TOKENS_PASSED );
 
-            if ( pwmRequest.getConfig().readSettingAsBoolean( PwmSetting.DISPLAY_TOKEN_SUCCESS_BUTTON ) )
+            if ( pwmRequest.getDomainConfig().readSettingAsBoolean( PwmSetting.DISPLAY_TOKEN_SUCCESS_BUTTON ) )
             {
                 pwmRequest.setAttribute( PwmRequestAttribute.TokenDestItems, tokenPayload.getDestination() );
                 pwmRequest.forwardToJsp( JspUrl.RECOVER_PASSWORD_TOKEN_SUCCESS );
@@ -814,7 +814,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
 
         {
             LOGGER.trace( pwmRequest, () -> "preparing to send a new token to user" );
-            final long delayTimeMs = Long.parseLong( pwmRequest.getConfig().readAppProperty( AppProperty.TOKEN_RESEND_DELAY_MS ) );
+            final long delayTimeMs = Long.parseLong( pwmRequest.getDomainConfig().readAppProperty( AppProperty.TOKEN_RESEND_DELAY_MS ) );
             TimeDuration.of( delayTimeMs, TimeDuration.Unit.MILLISECONDS ).pause();
         }
 
@@ -843,7 +843,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
 
             if ( forgottenPasswordBean.getUserSearchValues() != null )
             {
-                final List<FormConfiguration> formConfigurations = pwmRequest.getConfig().readSettingAsForm( PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FORM );
+                final List<FormConfiguration> formConfigurations = pwmRequest.getDomainConfig().readSettingAsForm( PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FORM );
                 final Map<FormConfiguration, String> formMap = FormUtility.asFormConfigurationMap( formConfigurations, forgottenPasswordBean.getUserSearchValues() );
                 pwmRequest.getPwmDomain().getIntruderManager().convenience().markAttributes( formMap, pwmRequest.getLabel() );
             }
@@ -951,7 +951,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
             throws IOException, ServletException, PwmUnrecoverableException, ChaiUnavailableException
     {
         final PwmDomain pwmDomain = pwmRequest.getPwmDomain();
-        final DomainConfig config = pwmRequest.getConfig();
+        final DomainConfig config = pwmRequest.getDomainConfig();
         final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean( pwmRequest );
 
         final ForgottenPasswordBean.RecoveryFlags recoveryFlags = forgottenPasswordBean.getRecoveryFlags();
@@ -967,7 +967,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
 
         final ForgottenPasswordProfile forgottenPasswordProfile = ForgottenPasswordUtil.forgottenPasswordProfile( pwmRequest.getPwmDomain(), forgottenPasswordBean );
         {
-            final Map<String, ForgottenPasswordProfile> profileIDList = pwmRequest.getConfig().getForgottenPasswordProfiles();
+            final Map<String, ForgottenPasswordProfile> profileIDList = pwmRequest.getDomainConfig().getForgottenPasswordProfiles();
             final String profileDebugMsg = forgottenPasswordProfile != null && profileIDList != null && profileIDList.size() > 1
                     ? " profile=" + forgottenPasswordProfile.getIdentifier() + ", "
                     : "";
@@ -1375,7 +1375,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
 
                 if ( progress.getTokenDestination() == null )
                 {
-                    final boolean autoSelect = Boolean.parseBoolean( pwmRequest.getConfig().readAppProperty( AppProperty.FORGOTTEN_PASSWORD_TOKEN_AUTO_SELECT_DEST ) );
+                    final boolean autoSelect = Boolean.parseBoolean( pwmRequest.getDomainConfig().readAppProperty( AppProperty.FORGOTTEN_PASSWORD_TOKEN_AUTO_SELECT_DEST ) );
                     if ( autoSelect && tokenDestinations.size() == 1 )
                     {
                         final TokenDestinationItem singleItem = tokenDestinations.iterator().next();
@@ -1478,7 +1478,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet
 
         ResetAction goBackAction = null;
 
-        final boolean autoSelect = Boolean.parseBoolean( pwmRequest.getConfig().readAppProperty( AppProperty.FORGOTTEN_PASSWORD_TOKEN_AUTO_SELECT_DEST ) );
+        final boolean autoSelect = Boolean.parseBoolean( pwmRequest.getDomainConfig().readAppProperty( AppProperty.FORGOTTEN_PASSWORD_TOKEN_AUTO_SELECT_DEST ) );
         if ( destItems.size() > 1 || !autoSelect )
         {
             goBackAction = ResetAction.clearTokenDestination;

server/src/main/java/password/pwm/http/servlet/forgottenpw/ForgottenPasswordStageProcessor.java

@@ -88,7 +88,7 @@ class ForgottenPasswordStageProcessor
         @Override
         public Optional<ForgottenPasswordStage> nextStage( final ForgottenPasswordStateMachine stateMachine )
         {
-            final PwmRequestContext pwmRequestContext = stateMachine.getCommonValues();
+            final PwmRequestContext pwmRequestContext = stateMachine.getRequestContext();
 
             final ForgottenPasswordBean forgottenPasswordBean = stateMachine.getForgottenPasswordBean();
             stateMachine.getRequestFlags().clear();
@@ -130,7 +130,7 @@ class ForgottenPasswordStageProcessor
                 throws PwmUnrecoverableException
         {
             final ForgottenPasswordBean forgottenPasswordBean = stateMachine.getForgottenPasswordBean();
-            final PwmRequestContext pwmRequestContext = stateMachine.getCommonValues();
+            final PwmRequestContext pwmRequestContext = stateMachine.getRequestContext();
             final PwmDomain pwmDomain = pwmRequestContext.getPwmDomain();
             final SessionLabel sessionLabel = pwmRequestContext.getSessionLabel();
             final DomainConfig config = pwmDomain.getConfig();
@@ -214,7 +214,7 @@ class ForgottenPasswordStageProcessor
                 throws PwmUnrecoverableException
         {
             final ForgottenPasswordBean forgottenPasswordBean = stateMachine.getForgottenPasswordBean();
-            final PwmRequestContext pwmRequestContext = stateMachine.getCommonValues();
+            final PwmRequestContext pwmRequestContext = stateMachine.getRequestContext();
             final SessionLabel sessionLabel = pwmRequestContext.getSessionLabel();
 
             final ForgottenPasswordBean.RecoveryFlags recoveryFlags = forgottenPasswordBean.getRecoveryFlags();
@@ -276,7 +276,7 @@ class ForgottenPasswordStageProcessor
                 throws PwmUnrecoverableException
         {
             final ForgottenPasswordBean forgottenPasswordBean = stateMachine.getForgottenPasswordBean();
-            final PwmRequestContext pwmRequestContext = stateMachine.getCommonValues();
+            final PwmRequestContext pwmRequestContext = stateMachine.getRequestContext();
             final SessionLabel sessionLabel = pwmRequestContext.getSessionLabel();
 
             final ForgottenPasswordBean.RecoveryFlags recoveryFlags = forgottenPasswordBean.getRecoveryFlags();
@@ -316,7 +316,7 @@ class ForgottenPasswordStageProcessor
                 throws PwmUnrecoverableException
         {
             final ForgottenPasswordBean forgottenPasswordBean = stateMachine.getForgottenPasswordBean();
-            final PwmRequestContext pwmRequestContext = stateMachine.getCommonValues();
+            final PwmRequestContext pwmRequestContext = stateMachine.getRequestContext();
             final PwmDomain pwmDomain = pwmRequestContext.getPwmDomain();
             final SessionLabel sessionLabel = pwmRequestContext.getSessionLabel();
 
@@ -361,7 +361,7 @@ class ForgottenPasswordStageProcessor
                 throws PwmUnrecoverableException
         {
             final ForgottenPasswordBean forgottenPasswordBean = stateMachine.getForgottenPasswordBean();
-            final PwmRequestContext pwmRequestContext = stateMachine.getCommonValues();
+            final PwmRequestContext pwmRequestContext = stateMachine.getRequestContext();
             final PwmDomain pwmDomain = pwmRequestContext.getPwmDomain();
             final SessionLabel sessionLabel = pwmRequestContext.getSessionLabel();
             final DomainConfig config = pwmDomain.getConfig();

server/src/main/java/password/pwm/http/servlet/forgottenpw/ForgottenPasswordStateMachine.java

@@ -142,7 +142,7 @@ public class ForgottenPasswordStateMachine
         return forgottenPasswordBean;
     }
 
-    PwmRequestContext getCommonValues()
+    PwmRequestContext getRequestContext()
     {
         return pwmRequestContext;
     }
@@ -217,10 +217,10 @@ public class ForgottenPasswordStateMachine
         @Override
         public PresentableForm generateForm( final ForgottenPasswordStateMachine forgottenPasswordStateMachine )
         {
-            final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getCommonValues();
+            final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getRequestContext();
             return PresentableForm.builder()
-                    .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Title_ChangePassword, pwmRequestContext.getConfig() ) )
-                    .message( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Message.Success_PasswordChange, pwmRequestContext.getConfig() ) )
+                    .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Title_ChangePassword, pwmRequestContext.getDomainConfig() ) )
+                    .message( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Message.Success_PasswordChange, pwmRequestContext.getDomainConfig() ) )
                     .build();
         }
     }
@@ -233,7 +233,7 @@ public class ForgottenPasswordStateMachine
         public void applyForm( final ForgottenPasswordStateMachine forgottenPasswordStateMachine, final Map<String, String> formValues )
                 throws PwmUnrecoverableException
         {
-            final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getCommonValues();
+            final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getRequestContext();
             final PasswordData password1 = PasswordData.forStringValue( formValues.get( PARAM_PASSWORD ) );
             final PasswordData password2 = PasswordData.forStringValue( formValues.get( PARAM_PASSWORD_CONFIRM ) );
 
@@ -271,9 +271,9 @@ public class ForgottenPasswordStateMachine
                 else
                 {
                     PasswordUtility.setPassword(
-                            forgottenPasswordStateMachine.getCommonValues().getPwmDomain(),
-                            forgottenPasswordStateMachine.getCommonValues().getSessionLabel(),
-                            forgottenPasswordStateMachine.getCommonValues().getPwmDomain().getProxyChaiProvider( userInfo.getUserIdentity().getLdapProfileID() ),
+                            forgottenPasswordStateMachine.getRequestContext().getPwmDomain(),
+                            forgottenPasswordStateMachine.getRequestContext().getSessionLabel(),
+                            forgottenPasswordStateMachine.getRequestContext().getPwmDomain().getProxyChaiProvider( userInfo.getUserIdentity().getLdapProfileID() ),
                             userInfo,
                             null,
                             password1 );
@@ -295,15 +295,15 @@ public class ForgottenPasswordStateMachine
         public PresentableForm generateForm( final ForgottenPasswordStateMachine forgottenPasswordStateMachine )
                 throws PwmUnrecoverableException
         {
-            final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getCommonValues();
-            final DomainConfig config = forgottenPasswordStateMachine.getCommonValues().getConfig();
-            final Locale locale = forgottenPasswordStateMachine.getCommonValues().getLocale();
+            final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getRequestContext();
+            final DomainConfig config = forgottenPasswordStateMachine.getRequestContext().getDomainConfig();
+            final Locale locale = forgottenPasswordStateMachine.getRequestContext().getLocale();
             final UserIdentity userIdentity = forgottenPasswordStateMachine.getForgottenPasswordBean().getUserIdentity();
             final UserInfo userInfo = UserInfoFactory.newUserInfoUsingProxy( pwmRequestContext, userIdentity );
             final MacroRequest macroRequest = MacroRequest.forUser( pwmRequestContext, userIdentity );
             final PwmPasswordPolicy pwmPasswordPolicy = userInfo.getPasswordPolicy();
 
-            final boolean valueMasking = pwmRequestContext.getConfig().readSettingAsBoolean( PwmSetting.DISPLAY_MASK_PASSWORD_FIELDS );
+            final boolean valueMasking = pwmRequestContext.getDomainConfig().readSettingAsBoolean( PwmSetting.DISPLAY_MASK_PASSWORD_FIELDS );
             final FormConfiguration.Type formType = valueMasking
                     ? FormConfiguration.Type.password
                     : FormConfiguration.Type.text;
@@ -324,16 +324,16 @@ public class ForgottenPasswordStateMachine
 
             final List<String> passwordRequirementsList = PasswordRequirementsTag.getPasswordRequirementsStrings(
                     pwmPasswordPolicy,
-                    pwmRequestContext.getConfig(),
+                    pwmRequestContext.getDomainConfig(),
                     pwmRequestContext.getLocale(),
                     macroRequest );
 
-            final String ruleDelimiter = pwmRequestContext.getConfig().readAppProperty( AppProperty.REST_SERVER_FORGOTTEN_PW_RULE_DELIMITER );
+            final String ruleDelimiter = pwmRequestContext.getDomainConfig().readAppProperty( AppProperty.REST_SERVER_FORGOTTEN_PW_RULE_DELIMITER );
             final String ruleText = StringUtil.collectionToString( passwordRequirementsList, ruleDelimiter );
 
             return PresentableForm.builder()
-                    .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Title_ChangePassword, pwmRequestContext.getConfig() ) )
-                    .message( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Display_ChangePassword, pwmRequestContext.getConfig() ) )
+                    .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Title_ChangePassword, pwmRequestContext.getDomainConfig() ) )
+                    .message( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Display_ChangePassword, pwmRequestContext.getDomainConfig() ) )
                     .messageDetail( ruleText )
                     .formRows( formRows )
                     .build();
@@ -364,7 +364,7 @@ public class ForgottenPasswordStateMachine
                 throws PwmUnrecoverableException
         {
             final List<TokenDestinationItem> tokenDestinationItems = ForgottenPasswordUtil.figureAvailableTokenDestinations(
-                    forgottenPasswordStateMachine.getCommonValues(),
+                    forgottenPasswordStateMachine.getRequestContext(),
                     forgottenPasswordStateMachine.getForgottenPasswordBean() );
 
             final Optional<TokenDestinationItem> selectedItem = TokenDestinationItem.tokenDestinationItemForID( tokenDestinationItems, formValues.get( PwmConstants.PARAM_TOKEN ) );
@@ -373,9 +373,9 @@ public class ForgottenPasswordStateMachine
                 forgottenPasswordStateMachine.getForgottenPasswordBean().getProgress().setTokenDestination( selectedItem.get() );
 
                 final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(
-                        forgottenPasswordStateMachine.getCommonValues(),
+                        forgottenPasswordStateMachine.getRequestContext(),
                         forgottenPasswordStateMachine.getForgottenPasswordBean() );
-                ForgottenPasswordUtil.initializeAndSendToken( forgottenPasswordStateMachine.getCommonValues(), userInfo, selectedItem.get() );
+                ForgottenPasswordUtil.initializeAndSendToken( forgottenPasswordStateMachine.getRequestContext(), userInfo, selectedItem.get() );
                 forgottenPasswordStateMachine.getForgottenPasswordBean().getProgress().setTokenSent( true );
             }
 
@@ -385,29 +385,29 @@ public class ForgottenPasswordStateMachine
         public PresentableForm generateForm( final ForgottenPasswordStateMachine forgottenPasswordStateMachine )
                 throws PwmUnrecoverableException
         {
-            final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getCommonValues();
+            final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getRequestContext();
             final List<TokenDestinationItem> tokenDestinationItems = ForgottenPasswordUtil.figureAvailableTokenDestinations(
-                    forgottenPasswordStateMachine.getCommonValues(),
+                    forgottenPasswordStateMachine.getRequestContext(),
                     forgottenPasswordStateMachine.getForgottenPasswordBean() );
 
             final Map<String, String> selectOptions = new LinkedHashMap<>();
 
             for ( final TokenDestinationItem item : tokenDestinationItems )
             {
-                selectOptions.put( item.getId(), item.longDisplay( pwmRequestContext.getLocale(), pwmRequestContext.getConfig() ) );
+                selectOptions.put( item.getId(), item.longDisplay( pwmRequestContext.getLocale(), pwmRequestContext.getDomainConfig() ) );
             }
 
             final PresentableFormRow formRow = PresentableFormRow.builder()
                     .name( PwmConstants.PARAM_TOKEN )
                     .type( FormConfiguration.Type.select )
-                    .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Button_Select, pwmRequestContext.getConfig() ) )
+                    .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Button_Select, pwmRequestContext.getDomainConfig() ) )
                     .selectOptions( selectOptions )
                     .required( true )
                     .build();
 
             return PresentableForm.builder()
-                    .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Title_ForgottenPassword, pwmRequestContext.getConfig() ) )
-                    .message( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Display_RecoverTokenSendChoices, pwmRequestContext.getConfig() ) )
+                    .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Title_ForgottenPassword, pwmRequestContext.getDomainConfig() ) )
+                    .message( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Display_RecoverTokenSendChoices, pwmRequestContext.getDomainConfig() ) )
                     .formRow( formRow )
                     .build();
         }
@@ -463,7 +463,7 @@ public class ForgottenPasswordStateMachine
             public void applyForm( final ForgottenPasswordStateMachine forgottenPasswordStateMachine, final Map<String, String> formValues )
                     throws PwmUnrecoverableException
             {
-                final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getCommonValues();
+                final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getRequestContext();
                 final String userEnteredCode = formValues.get( PwmConstants.PARAM_OTP_TOKEN );
 
                 final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo( pwmRequestContext, forgottenPasswordStateMachine.getForgottenPasswordBean() );
@@ -515,10 +515,10 @@ public class ForgottenPasswordStateMachine
             @Override
             public PresentableForm generateForm( final ForgottenPasswordStateMachine forgottenPasswordStateMachine ) throws PwmUnrecoverableException
             {
-                final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getCommonValues();
+                final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getRequestContext();
 
                 final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(
-                        forgottenPasswordStateMachine.getCommonValues(),
+                        forgottenPasswordStateMachine.getRequestContext(),
                         forgottenPasswordStateMachine.getForgottenPasswordBean() );
 
                 final OTPUserRecord otpUserRecord = userInfo == null ? null : userInfo.getOtpUserRecord();
@@ -530,11 +530,15 @@ public class ForgottenPasswordStateMachine
                 final String message;
                 if ( StringUtil.isEmpty( identifier ) )
                 {
-                    message = LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Display_RecoverOTP, pwmRequestContext.getConfig() );
+                    message = LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Display_RecoverOTP, pwmRequestContext.getDomainConfig() );
                 }
                 else
                 {
-                    message = LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Display_RecoverOTPIdentified, pwmRequestContext.getConfig(), new String[]
+                    message = LocaleHelper.getLocalizedMessage(
+                            pwmRequestContext.getLocale(),
+                            Display.Display_RecoverOTPIdentified,
+                            pwmRequestContext.getDomainConfig(),
+                            new String[]
                             {
                                     identifier,
                                     }
@@ -544,12 +548,12 @@ public class ForgottenPasswordStateMachine
                 final PresentableFormRow formRow = PresentableFormRow.builder()
                         .name( PwmConstants.PARAM_OTP_TOKEN )
                         .type( FormConfiguration.Type.text )
-                        .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Field_Code, pwmRequestContext.getConfig() ) )
+                        .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Field_Code, pwmRequestContext.getDomainConfig() ) )
                         .required( true )
                         .build();
 
                 return PresentableForm.builder()
-                        .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Title_ForgottenPassword, pwmRequestContext.getConfig() ) )
+                        .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Title_ForgottenPassword, pwmRequestContext.getDomainConfig() ) )
                         .message( message )
                         .formRow( formRow )
                         .build();
@@ -561,7 +565,7 @@ public class ForgottenPasswordStateMachine
             @Override
             public void applyForm( final ForgottenPasswordStateMachine forgottenPasswordStateMachine, final Map<String, String> formValues ) throws PwmUnrecoverableException
             {
-                final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getCommonValues();
+                final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getRequestContext();
                 final TokenDestinationItem tokenDestinationItem = forgottenPasswordStateMachine.getForgottenPasswordBean().getProgress().getTokenDestination();
                 final String userEnteredCode = formValues.get( PwmConstants.PARAM_TOKEN );
 
@@ -585,7 +589,7 @@ public class ForgottenPasswordStateMachine
                     forgottenPasswordStateMachine.getForgottenPasswordBean().getProgress().getSatisfiedMethods().add( IdentityVerificationMethod.TOKEN );
                     StatisticsManager.incrementStat( pwmRequestContext.getPwmDomain(), Statistic.RECOVERY_TOKENS_PASSED );
 
-                    if ( pwmRequestContext.getConfig().readSettingAsBoolean( PwmSetting.DISPLAY_TOKEN_SUCCESS_BUTTON ) )
+                    if ( pwmRequestContext.getDomainConfig().readSettingAsBoolean( PwmSetting.DISPLAY_TOKEN_SUCCESS_BUTTON ) )
                     {
                         return;
                     }
@@ -614,8 +618,8 @@ public class ForgottenPasswordStateMachine
             @Override
             public PresentableForm generateForm( final ForgottenPasswordStateMachine forgottenPasswordStateMachine )
             {
-                final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getCommonValues();
-                final boolean valueMasking = pwmRequestContext.getConfig().readSettingAsBoolean( PwmSetting.TOKEN_ENABLE_VALUE_MASKING );
+                final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getRequestContext();
+                final boolean valueMasking = pwmRequestContext.getDomainConfig().readSettingAsBoolean( PwmSetting.TOKEN_ENABLE_VALUE_MASKING );
                 final FormConfiguration.Type formType = valueMasking
                         ? FormConfiguration.Type.password
                         : FormConfiguration.Type.text;
@@ -624,7 +628,7 @@ public class ForgottenPasswordStateMachine
                 final String message = LocaleHelper.getLocalizedMessage(
                         pwmRequestContext.getLocale(),
                         Display.Display_RecoverEnterCode,
-                        pwmRequestContext.getConfig(),
+                        pwmRequestContext.getDomainConfig(),
                         new String[]
                                 {
                                         tokenDisplay,
@@ -634,12 +638,12 @@ public class ForgottenPasswordStateMachine
                 final PresentableFormRow formRow = PresentableFormRow.builder()
                         .name( PwmConstants.PARAM_TOKEN )
                         .type( formType )
-                        .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Field_VerificationMethodToken, pwmRequestContext.getConfig() ) )
+                        .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Field_VerificationMethodToken, pwmRequestContext.getDomainConfig() ) )
                         .required( true )
                         .build();
 
                 return PresentableForm.builder()
-                        .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Title_ForgottenPassword, pwmRequestContext.getConfig() ) )
+                        .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Title_ForgottenPassword, pwmRequestContext.getDomainConfig() ) )
                         .message( message )
                         .formRow( formRow )
                         .build();
@@ -653,7 +657,7 @@ public class ForgottenPasswordStateMachine
             public void applyForm( final ForgottenPasswordStateMachine forgottenPasswordStateMachine, final Map<String, String> formValues )
                     throws PwmUnrecoverableException
             {
-                final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getCommonValues();
+                final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getRequestContext();
                 final ResponseSet responseSet = ForgottenPasswordUtil.readResponseSet( pwmRequestContext, forgottenPasswordStateMachine.getForgottenPasswordBean() );
                 if ( responseSet == null )
                 {
@@ -696,7 +700,7 @@ public class ForgottenPasswordStateMachine
             @Override
             public PresentableForm generateForm( final ForgottenPasswordStateMachine forgottenPasswordStateMachine )
             {
-                final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getCommonValues();
+                final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getRequestContext();
                 final ChallengeSetBean challengeSetBean = forgottenPasswordStateMachine.getForgottenPasswordBean().getPresentableChallengeSet();
                 final List<PresentableFormRow> formRows = new ArrayList<>();
 
@@ -713,8 +717,8 @@ public class ForgottenPasswordStateMachine
                     );
                 }
                 return PresentableForm.builder()
-                        .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Title_ForgottenPassword, pwmRequestContext.getConfig() ) )
-                        .message( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Display_RecoverPassword, pwmRequestContext.getConfig() ) )
+                        .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Title_ForgottenPassword, pwmRequestContext.getDomainConfig() ) )
+                        .message( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Display_RecoverPassword, pwmRequestContext.getDomainConfig() ) )
                         .formRows( formRows )
                         .build();
             }
@@ -727,9 +731,9 @@ public class ForgottenPasswordStateMachine
             public void applyForm( final ForgottenPasswordStateMachine forgottenPasswordStateMachine, final Map<String, String> formData )
                     throws PwmUnrecoverableException
             {
-                final PwmDomain pwmDomain = forgottenPasswordStateMachine.getCommonValues().getPwmDomain();
-                final Locale locale = forgottenPasswordStateMachine.getCommonValues().getLocale();
-                final SessionLabel sessionLabel = forgottenPasswordStateMachine.getCommonValues().getSessionLabel();
+                final PwmDomain pwmDomain = forgottenPasswordStateMachine.getRequestContext().getPwmDomain();
+                final Locale locale = forgottenPasswordStateMachine.getRequestContext().getLocale();
+                final SessionLabel sessionLabel = forgottenPasswordStateMachine.getRequestContext().getSessionLabel();
                 final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordStateMachine.getForgottenPasswordBean();
 
                 if ( forgottenPasswordBean.isBogusUser() )
@@ -740,7 +744,7 @@ public class ForgottenPasswordStateMachine
                     {
                         final List<FormConfiguration> formConfigurations = pwmDomain.getConfig().readSettingAsForm( PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FORM );
                         final Map<FormConfiguration, String> formMap = FormUtility.asFormConfigurationMap( formConfigurations, forgottenPasswordBean.getUserSearchValues() );
-                        pwmDomain.getIntruderManager().convenience().markAttributes( formMap, forgottenPasswordStateMachine.getCommonValues().getSessionLabel() );
+                        pwmDomain.getIntruderManager().convenience().markAttributes( formMap, forgottenPasswordStateMachine.getRequestContext().getSessionLabel() );
                     }
 
                     final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_INCORRECT_RESPONSE,
@@ -816,7 +820,7 @@ public class ForgottenPasswordStateMachine
                 catch ( final PwmDataValidationException e )
                 {
                     handleUserVerificationBadAttempt(
-                            forgottenPasswordStateMachine.getCommonValues(),
+                            forgottenPasswordStateMachine.getRequestContext(),
                             forgottenPasswordBean,
                             new ErrorInformation( PwmError.ERROR_INCORRECT_RESPONSE, e.getErrorInformation().toDebugStr() ) );
                 }
@@ -825,12 +829,12 @@ public class ForgottenPasswordStateMachine
             @Override
             public PresentableForm generateForm( final ForgottenPasswordStateMachine forgottenPasswordStateMachine )
             {
-                final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getCommonValues();
+                final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getRequestContext();
                 final List<FormConfiguration> formConfigurations = forgottenPasswordStateMachine.getForgottenPasswordBean().getAttributeForm();
                 return PresentableForm.builder()
-                        .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Title_ForgottenPassword, pwmRequestContext.getConfig() ) )
-                        .message( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Display_RecoverPassword, pwmRequestContext.getConfig() ) )
-                        .formRows( PresentableFormRow.fromFormConfigurations( formConfigurations, forgottenPasswordStateMachine.getCommonValues().getLocale() ) )
+                        .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Title_ForgottenPassword, pwmRequestContext.getDomainConfig() ) )
+                        .message( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Display_RecoverPassword, pwmRequestContext.getDomainConfig() ) )
+                        .formRows( PresentableFormRow.fromFormConfigurations( formConfigurations, forgottenPasswordStateMachine.getRequestContext().getLocale() ) )
                         .build();
             }
         }
@@ -844,7 +848,7 @@ public class ForgottenPasswordStateMachine
         public void applyForm( final ForgottenPasswordStateMachine forgottenPasswordStateMachine, final Map<String, String> formValues )
                 throws PwmUnrecoverableException
         {
-            final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getCommonValues();
+            final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getRequestContext();
             final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordStateMachine.getForgottenPasswordBean();
             final LinkedHashSet<IdentityVerificationMethod> remainingAvailableOptionalMethods = new LinkedHashSet<>(
                     ForgottenPasswordUtil.figureRemainingAvailableOptionalAuthMethods( pwmRequestContext, forgottenPasswordBean )
@@ -870,7 +874,7 @@ public class ForgottenPasswordStateMachine
         @Override
         public PresentableForm generateForm( final ForgottenPasswordStateMachine forgottenPasswordStateMachine )
         {
-            final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getCommonValues();
+            final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getRequestContext();
             final LinkedHashSet<IdentityVerificationMethod> remainingAvailableOptionalMethods = new LinkedHashSet<>(
                     ForgottenPasswordUtil.figureRemainingAvailableOptionalAuthMethods( pwmRequestContext, forgottenPasswordStateMachine.getForgottenPasswordBean() )
             );
@@ -880,13 +884,13 @@ public class ForgottenPasswordStateMachine
             {
                 if ( method.isUserSelectable() )
                 {
-                    selectOptions.put( method.name(), method.getLabel( pwmRequestContext.getConfig(), pwmRequestContext.getLocale() ) );
+                    selectOptions.put( method.name(), method.getLabel( pwmRequestContext.getDomainConfig(), pwmRequestContext.getLocale() ) );
                 }
             }
 
             final Map<String, String> locales = Collections.singletonMap(
                     "",
-                    LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Button_Select, pwmRequestContext.getConfig() ) );
+                    LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Button_Select, pwmRequestContext.getDomainConfig() ) );
 
             final FormConfiguration formConfiguration = FormConfiguration.builder()
                     .type( FormConfiguration.Type.select )
@@ -897,8 +901,8 @@ public class ForgottenPasswordStateMachine
                     .build();
 
             return PresentableForm.builder()
-                    .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Title_ForgottenPassword, pwmRequestContext.getConfig() ) )
-                    .message( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Display_RecoverVerificationChoice, pwmRequestContext.getConfig() ) )
+                    .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Title_ForgottenPassword, pwmRequestContext.getDomainConfig() ) )
+                    .message( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Display_RecoverVerificationChoice, pwmRequestContext.getDomainConfig() ) )
                     .formRow( PresentableFormRow.fromFormConfiguration( formConfiguration, pwmRequestContext.getLocale() ) )
                     .build();
         }
@@ -910,14 +914,14 @@ public class ForgottenPasswordStateMachine
         public PresentableForm generateForm( final ForgottenPasswordStateMachine forgottenPasswordStateMachine )
                 throws PwmUnrecoverableException
         {
-            final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getCommonValues();
+            final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getRequestContext();
             final String profile = forgottenPasswordStateMachine.getForgottenPasswordBean().getProfile();
             final List<FormConfiguration> formFields = new ArrayList<>( makeSelectableContextValues( pwmRequestContext, profile ) );
-            formFields.addAll( pwmRequestContext.getConfig().readSettingAsForm( PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FORM ) );
+            formFields.addAll( pwmRequestContext.getDomainConfig().readSettingAsForm( PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FORM ) );
 
             return PresentableForm.builder()
-                    .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Title_ForgottenPassword, pwmRequestContext.getConfig() ) )
-                    .message( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Display_ForgottenPassword, pwmRequestContext.getConfig() ) )
+                    .label( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Title_ForgottenPassword, pwmRequestContext.getDomainConfig() ) )
+                    .message( LocaleHelper.getLocalizedMessage( pwmRequestContext.getLocale(), Display.Display_ForgottenPassword, pwmRequestContext.getDomainConfig() ) )
                     .formRows( PresentableFormRow.fromFormConfigurations( formFields, pwmRequestContext.getLocale() ) )
                     .build();
         }
@@ -926,7 +930,7 @@ public class ForgottenPasswordStateMachine
         public void applyForm( final ForgottenPasswordStateMachine forgottenPasswordStateMachine, final Map<String, String> values )
                 throws PwmUnrecoverableException
         {
-            final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getCommonValues();
+            final PwmRequestContext pwmRequestContext = forgottenPasswordStateMachine.getRequestContext();
 
             if ( forgottenPasswordStateMachine.nextStage() != ForgottenPasswordStage.IDENTIFICATION )
             {
@@ -941,21 +945,21 @@ public class ForgottenPasswordStateMachine
             // process input profile
             {
                 final String inputProfile = values.get( PwmConstants.PARAM_LDAP_PROFILE );
-                if ( !StringUtil.isEmpty( inputProfile ) && pwmRequestContext.getConfig().getLdapProfiles().containsKey( inputProfile ) )
+                if ( !StringUtil.isEmpty( inputProfile ) && pwmRequestContext.getDomainConfig().getLdapProfiles().containsKey( inputProfile ) )
                 {
                     forgottenPasswordStateMachine.getForgottenPasswordBean().setProfile( inputProfile );
                 }
             }
 
-            final LdapProfile ldapProfile = pwmRequestContext.getConfig().getLdapProfiles().getOrDefault(
+            final LdapProfile ldapProfile = pwmRequestContext.getDomainConfig().getLdapProfiles().getOrDefault(
                     forgottenPasswordStateMachine.getForgottenPasswordBean().getProfile(),
-                    pwmRequestContext.getConfig().getDefaultLdapProfile() );
+                    pwmRequestContext.getDomainConfig().getDefaultLdapProfile() );
 
             final String contextParam = values.get( PwmConstants.PARAM_CONTEXT );
 
-            final List<FormConfiguration> forgottenPasswordForm = pwmRequestContext.getConfig().readSettingAsForm( PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FORM );
+            final List<FormConfiguration> forgottenPasswordForm = pwmRequestContext.getDomainConfig().readSettingAsForm( PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FORM );
 
-            final boolean bogusUserModeEnabled = pwmRequestContext.getConfig().readSettingAsBoolean( PwmSetting.RECOVERY_BOGUS_USER_ENABLE );
+            final boolean bogusUserModeEnabled = pwmRequestContext.getDomainConfig().readSettingAsBoolean( PwmSetting.RECOVERY_BOGUS_USER_ENABLE );
 
             Map<FormConfiguration, String> formValues = new LinkedHashMap<>();
 
@@ -968,11 +972,11 @@ public class ForgottenPasswordStateMachine
                 pwmRequestContext.getPwmDomain().getIntruderManager().convenience().checkAttributes( formValues );
 
                 // see if the values meet the configured form requirements.
-                FormUtility.validateFormValues( pwmRequestContext.getConfig(), formValues, pwmRequestContext.getLocale() );
+                FormUtility.validateFormValues( pwmRequestContext.getDomainConfig(), formValues, pwmRequestContext.getLocale() );
 
                 final String searchFilter;
                 {
-                    final String configuredSearchFilter = pwmRequestContext.getConfig().readSettingAsString( PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FILTER );
+                    final String configuredSearchFilter = pwmRequestContext.getDomainConfig().readSettingAsString( PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FILTER );
                     if ( configuredSearchFilter == null || configuredSearchFilter.isEmpty() )
                     {
                         searchFilter = FormUtility.ldapSearchFilterForForm( pwmRequestContext.getPwmDomain(), forgottenPasswordForm );
@@ -1038,7 +1042,7 @@ public class ForgottenPasswordStateMachine
         private List<FormConfiguration> makeSelectableContextValues( final PwmRequestContext pwmRequestContext, final String profile )
                 throws PwmUnrecoverableException
         {
-            final SelectableContextMode selectableContextMode = pwmRequestContext.getConfig().readSettingAsEnum(
+            final SelectableContextMode selectableContextMode = pwmRequestContext.getDomainConfig().readSettingAsEnum(
                     PwmSetting.LDAP_SELECTABLE_CONTEXT_MODE,
                     SelectableContextMode.class );
 
@@ -1049,15 +1053,15 @@ public class ForgottenPasswordStateMachine
 
             final List<FormConfiguration> returnList = new ArrayList<>();
 
-            if ( selectableContextMode == SelectableContextMode.SHOW_PROFILE && pwmRequestContext.getConfig().getLdapProfiles().size() > 1 )
+            if ( selectableContextMode == SelectableContextMode.SHOW_PROFILE && pwmRequestContext.getDomainConfig().getLdapProfiles().size() > 1 )
             {
                 final Map<String, String> profileSelectValues = new LinkedHashMap<>();
-                for ( final LdapProfile ldapProfile : pwmRequestContext.getConfig().getLdapProfiles().values() )
+                for ( final LdapProfile ldapProfile : pwmRequestContext.getDomainConfig().getLdapProfiles().values() )
                 {
                     profileSelectValues.put( ldapProfile.getIdentifier(), ldapProfile.getDisplayName( pwmRequestContext.getLocale() ) );
                 }
                 final Map<String, String> labelLocaleMap = LocaleHelper.localeMapToStringMap(
-                        LocaleHelper.getUniqueLocalizations( pwmRequestContext.getConfig(), Display.class, "Field_Profile", pwmRequestContext.getLocale() ) );
+                        LocaleHelper.getUniqueLocalizations( pwmRequestContext.getDomainConfig(), Display.class, "Field_Profile", pwmRequestContext.getLocale() ) );
                 final FormConfiguration formConfiguration = FormConfiguration.builder()
                         .name( PwmConstants.PARAM_LDAP_PROFILE )
                         .labels( labelLocaleMap )
@@ -1068,12 +1072,14 @@ public class ForgottenPasswordStateMachine
                 returnList.add( formConfiguration );
             }
 
-            final LdapProfile selectedProfile = pwmRequestContext.getConfig().getLdapProfiles().getOrDefault( profile, pwmRequestContext.getConfig().getDefaultLdapProfile() );
+            final LdapProfile selectedProfile = pwmRequestContext.getDomainConfig().getLdapProfiles().getOrDefault(
+                    profile,
+                    pwmRequestContext.getDomainConfig().getDefaultLdapProfile() );
             final Map<String, String> selectableContexts = selectedProfile.getSelectableContexts( pwmRequestContext.getPwmDomain() );
             if ( selectableContexts != null && selectableContexts.size() > 1 )
             {
                 final Map<String, String> labelLocaleMap = LocaleHelper.localeMapToStringMap(
-                        LocaleHelper.getUniqueLocalizations( pwmRequestContext.getConfig(), Display.class, "Field_Context", pwmRequestContext.getLocale() ) );
+                        LocaleHelper.getUniqueLocalizations( pwmRequestContext.getDomainConfig(), Display.class, "Field_Context", pwmRequestContext.getLocale() ) );
                 final FormConfiguration formConfiguration = FormConfiguration.builder()
                         .name( PwmConstants.PARAM_CONTEXT )
                         .labels( labelLocaleMap )

server/src/main/java/password/pwm/http/servlet/forgottenpw/ForgottenPasswordUtil.java

@@ -192,7 +192,7 @@ public class ForgottenPasswordUtil
             throws PwmUnrecoverableException
     {
         final PwmDomain pwmDomain = pwmRequestContext.getPwmDomain();
-        final DomainConfig config = pwmRequestContext.getConfig();
+        final DomainConfig config = pwmRequestContext.getDomainConfig();
         final Locale locale = pwmRequestContext.getLocale();
         final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
         final EmailItemBean configuredEmailSetting = config.readSettingAsEmail( PwmSetting.EMAIL_UNLOCK, locale );
@@ -211,7 +211,7 @@ public class ForgottenPasswordUtil
                 null
         );
 
-        pwmDomain.getEmailQueue().submitEmail(
+        pwmDomain.getPwmApplication().getEmailQueue().submitEmail(
                 configuredEmailSetting,
                 userInfo,
                 macroRequest
@@ -227,7 +227,7 @@ public class ForgottenPasswordUtil
 
         try
         {
-            final String cookieName = pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_COOKIE_AUTHRECORD_NAME );
+            final String cookieName = pwmRequest.getDomainConfig().readAppProperty( AppProperty.HTTP_COOKIE_AUTHRECORD_NAME );
             if ( cookieName == null || cookieName.isEmpty() )
             {
                 LOGGER.trace( pwmRequest, () -> "skipping auth record cookie read, cookie name parameter is blank" );
@@ -258,7 +258,7 @@ public class ForgottenPasswordUtil
             throws PwmUnrecoverableException
     {
         final String profileID = forgottenPasswordBean.getForgottenPasswordProfileID();
-        final ForgottenPasswordProfile forgottenPasswordProfile = pwmRequestContext.getConfig().getForgottenPasswordProfiles().get( profileID );
+        final ForgottenPasswordProfile forgottenPasswordProfile = pwmRequestContext.getDomainConfig().getForgottenPasswordProfiles().get( profileID );
         final MessageSendMethod tokenSendMethod = forgottenPasswordProfile.readSettingAsEnum( PwmSetting.RECOVERY_TOKEN_SEND_METHOD, MessageSendMethod.class );
         final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo( pwmRequestContext, forgottenPasswordBean );
 
@@ -547,8 +547,8 @@ public class ForgottenPasswordUtil
 
         final List<Challenge> challengeList;
         {
-            final String firstProfile = pwmRequestContext.getConfig().getChallengeProfileIDs().iterator().next();
-            final ChallengeSet challengeSet = pwmRequestContext.getConfig().getChallengeProfile( firstProfile, PwmConstants.DEFAULT_LOCALE ).getChallengeSet();
+            final String firstProfile = pwmRequestContext.getDomainConfig().getChallengeProfileIDs().iterator().next();
+            final ChallengeSet challengeSet = pwmRequestContext.getDomainConfig().getChallengeProfile( firstProfile, PwmConstants.DEFAULT_LOCALE ).getChallengeSet();
             challengeList = new ArrayList<>( challengeSet.getRequiredChallenges() );
             for ( int i = 0; i < challengeSet.getMinRandomRequired(); i++ )
             {
@@ -575,7 +575,7 @@ public class ForgottenPasswordUtil
         forgottenPasswordBean.setAttributeForm( formData );
         forgottenPasswordBean.setBogusUser( true );
         {
-            final String profileID = pwmRequestContext.getConfig().getForgottenPasswordProfiles().keySet().iterator().next();
+            final String profileID = pwmRequestContext.getDomainConfig().getForgottenPasswordProfiles().keySet().iterator().next();
             forgottenPasswordBean.setForgottenPasswordProfileID( profileID  );
         }
 

server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskCardInfoBean.java

@@ -81,7 +81,7 @@ public class HelpdeskCardInfoBean implements Serializable
                 theUser.getChaiProvider()
         );
 
-        builder.userKey( userIdentity.toObfuscatedKey( pwmRequest.getPwmDomain() ) );
+        builder.userKey( userIdentity.toObfuscatedKey( pwmRequest.getPwmApplication() ) );
 
         final PhotoDataReader photoDataReader = HelpdeskServlet.photoDataReader( pwmRequest, helpdeskProfile, userIdentity );
         builder.photoURL( photoDataReader.figurePhotoURL( ) );
@@ -91,7 +91,7 @@ public class HelpdeskCardInfoBean implements Serializable
         final TimeDuration timeDuration = TimeDuration.fromCurrent( startTime );
         final HelpdeskCardInfoBean helpdeskCardInfoBean = builder.build();
 
-        if ( pwmRequest.getConfig().isDevDebugMode() )
+        if ( pwmRequest.getAppConfig().isDevDebugMode() )
         {
             LOGGER.trace( pwmRequest, () -> "completed assembly of card data report for user " + userIdentity
                     + " in " + timeDuration.asCompactString() + ", contents: " + JsonUtil.serialize( helpdeskCardInfoBean ) );

server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskDetailInfoBean.java

@@ -148,16 +148,16 @@ public class HelpdeskDetailInfoBean implements Serializable
             LOGGER.error( pwmRequest, () -> "unexpected error reading userHistory for user '" + userIdentity + "', " + e.getMessage() );
         }
 
-        builder.userKey( userIdentity.toObfuscatedKey( pwmRequest.getPwmDomain() ) );
+        builder.userKey( userIdentity.toObfuscatedKey( pwmRequest.getPwmApplication() ) );
 
         builder.profileData( getProfileData( helpdeskProfile, userInfo, pwmRequest.getLabel(), pwmRequest.getLocale() ) );
 
-        builder.passwordPolicyRules( makePasswordPolicyRules( userInfo, pwmRequest.getLocale(), pwmRequest.getConfig() ) );
+        builder.passwordPolicyRules( makePasswordPolicyRules( userInfo, pwmRequest.getLocale(), pwmRequest.getDomainConfig() ) );
 
         {
             final List<String> requirementLines = PasswordRequirementsTag.getPasswordRequirementsStrings(
                     userInfo.getPasswordPolicy(),
-                    pwmRequest.getConfig(),
+                    pwmRequest.getDomainConfig(),
                     pwmRequest.getLocale(),
                     macroRequest
             );
@@ -215,7 +215,7 @@ public class HelpdeskDetailInfoBean implements Serializable
             final Set<ViewStatusFields> viewStatusFields = helpdeskProfile.readSettingAsOptionList( PwmSetting.HELPDESK_VIEW_STATUS_VALUES, ViewStatusFields.class );
             builder.statusData( ViewableUserInfoDisplayReader.makeDisplayData(
                     viewStatusFields,
-                    pwmRequest.getConfig(),
+                    pwmRequest.getDomainConfig(),
                     userInfo,
                     null,
                     pwmRequest.getLocale()
@@ -232,7 +232,7 @@ public class HelpdeskDetailInfoBean implements Serializable
 
         final HelpdeskDetailInfoBean helpdeskDetailInfoBean = builder.build();
 
-        if ( pwmRequest.getConfig().isDevDebugMode() )
+        if ( pwmRequest.getAppConfig().isDevDebugMode() )
         {
             LOGGER.trace( pwmRequest, () -> "completed assembly of detail data report for user " + userIdentity
                     + " in " + timeDuration.asCompactString() + ", contents: " + JsonUtil.serialize( helpdeskDetailInfoBean ) );

server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskServlet.java

@@ -248,7 +248,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
             pwmRequest.respondWithError( errorInformation, false );
             return ProcessStatus.Halt;
         }
-        final UserIdentity targetUserIdentity = UserIdentity.fromKey( userKey, pwmRequest.getPwmDomain() );
+        final UserIdentity targetUserIdentity = UserIdentity.fromKey( userKey, pwmRequest.getPwmApplication() );
         LOGGER.debug( pwmRequest, () -> "received executeAction request for user " + targetUserIdentity.toString() );
 
         final List<ActionConfiguration> actionConfigurations = helpdeskProfile.readSettingAsAction( PwmSetting.HELPDESK_ACTIONS );
@@ -300,7 +300,11 @@ public class HelpdeskServlet extends ControlledPwmServlet
                 );
                 pwmRequest.getPwmDomain().getAuditManager().submit( pwmRequest.getLabel(), auditRecord );
             }
-            final RestResultBean restResultBean = RestResultBean.forSuccessMessage( pwmRequest.getLocale(), pwmRequest.getConfig(), Message.Success_Action, action.getName() );
+            final RestResultBean restResultBean = RestResultBean.forSuccessMessage(
+                    pwmRequest.getLocale(),
+                    pwmRequest.getDomainConfig(),
+                    Message.Success_Action,
+                    action.getName() );
 
             pwmRequest.outputJsonResult( restResultBean );
             return ProcessStatus.Halt;
@@ -334,7 +338,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
             return ProcessStatus.Halt;
         }
 
-        final UserIdentity userIdentity = UserIdentity.fromKey( userKey, pwmDomain );
+        final UserIdentity userIdentity = UserIdentity.fromKey( userKey, pwmRequest.getPwmApplication() );
         LOGGER.info( pwmRequest, () -> "received deleteUser request by " + pwmSession.getUserInfo().getUserIdentity().toString() + " for user " + userIdentity.toString() );
 
         // check if user should be seen by actor
@@ -528,7 +532,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
                 case simple:
                 {
                     builder.username( searchRequest.getUsername() );
-                    builder.filter( HelpdeskServletUtil.makeAdvancedSearchFilter( pwmRequest.getConfig(), helpdeskProfile ) );
+                    builder.filter( HelpdeskServletUtil.makeAdvancedSearchFilter( pwmRequest.getDomainConfig(), helpdeskProfile ) );
                 }
                 break;
 
@@ -547,7 +551,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
                     }
 
                     builder.formValues( formValues );
-                    builder.filter( HelpdeskServletUtil.makeAdvancedSearchFilter( pwmRequest.getConfig(), helpdeskProfile, requestSearchValues ) );
+                    builder.filter( HelpdeskServletUtil.makeAdvancedSearchFilter( pwmRequest.getDomainConfig(), helpdeskProfile, requestSearchValues ) );
 
                 }
                 break;
@@ -590,7 +594,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
             pwmRequest.respondWithError( errorInformation, false );
             return ProcessStatus.Halt;
         }
-        final UserIdentity userIdentity = UserIdentity.fromKey( userKey, pwmRequest.getPwmDomain() );
+        final UserIdentity userIdentity = UserIdentity.fromKey( userKey, pwmRequest.getPwmApplication() );
 
         if ( !helpdeskProfile.readSettingAsBoolean( PwmSetting.HELPDESK_ENABLE_UNLOCK ) )
         {
@@ -670,7 +674,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
             pwmRequest.respondWithError( errorInformation, false );
             return ProcessStatus.Halt;
         }
-        final UserIdentity userIdentity = UserIdentity.fromKey( userKey, pwmRequest.getPwmDomain() );
+        final UserIdentity userIdentity = UserIdentity.fromKey( userKey, pwmRequest.getPwmApplication() );
 
         if ( !helpdeskProfile.readOptionalVerificationMethods().contains( IdentityVerificationMethod.OTP ) )
         {
@@ -746,10 +750,10 @@ public class HelpdeskServlet extends ControlledPwmServlet
         final HelpdeskProfile helpdeskProfile = getHelpdeskProfile( pwmRequest );
 
         final Instant startTime = Instant.now();
-        final DomainConfig config = pwmRequest.getConfig();
+        final DomainConfig config = pwmRequest.getDomainConfig();
         final Map<String, String> bodyParams = pwmRequest.readBodyAsJsonStringMap();
 
-        final UserIdentity targetUserIdentity = UserIdentity.fromKey( bodyParams.get( PwmConstants.PARAM_USERKEY ), pwmRequest.getPwmDomain() );
+        final UserIdentity targetUserIdentity = UserIdentity.fromKey( bodyParams.get( PwmConstants.PARAM_USERKEY ), pwmRequest.getPwmApplication() );
         final UserInfo targetUserInfo = HelpdeskServletUtil.getTargetUserInfo( pwmRequest, helpdeskProfile, targetUserIdentity );
 
         final String requestedTokenID = bodyParams.get( "id" );
@@ -857,7 +861,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
                 HelpdeskVerificationRequestBean.TokenData.class
         );
 
-        final UserIdentity userIdentity = UserIdentity.fromKey( helpdeskVerificationRequestBean.getUserKey(), pwmRequest.getPwmDomain() );
+        final UserIdentity userIdentity = UserIdentity.fromKey( helpdeskVerificationRequestBean.getUserKey(), pwmRequest.getPwmApplication() );
 
         if ( tokenData == null || tokenData.getIssueDate() == null || tokenData.getToken() == null || tokenData.getToken().isEmpty() )
         {
@@ -866,7 +870,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
         }
 
         final TimeDuration maxTokenAge = TimeDuration.of(
-                Long.parseLong( pwmRequest.getConfig().readAppProperty( AppProperty.HELPDESK_TOKEN_MAX_AGE ) ),
+                Long.parseLong( pwmRequest.getDomainConfig().readAppProperty( AppProperty.HELPDESK_TOKEN_MAX_AGE ) ),
                 TimeDuration.Unit.SECONDS
         );
         final Instant maxTokenAgeTimestamp = Instant.ofEpochMilli( System.currentTimeMillis() - maxTokenAge.asMillis() );
@@ -1031,7 +1035,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
                 HelpdeskVerificationRequestBean.class
         );
 
-        final UserIdentity userIdentity = UserIdentity.fromKey( helpdeskVerificationRequestBean.getUserKey(), pwmRequest.getPwmDomain() );
+        final UserIdentity userIdentity = UserIdentity.fromKey( helpdeskVerificationRequestBean.getUserKey(), pwmRequest.getPwmApplication() );
 
         boolean passed = false;
         {
@@ -1115,7 +1119,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
             throws IOException, PwmUnrecoverableException
     {
         // add a delay to prevent continuous checks
-        final long delayMs = JavaHelper.silentParseLong( pwmRequest.getConfig().readAppProperty( AppProperty.HELPDESK_VERIFICATION_INVALID_DELAY_MS ), 500 );
+        final long delayMs = JavaHelper.silentParseLong( pwmRequest.getDomainConfig().readAppProperty( AppProperty.HELPDESK_VERIFICATION_INVALID_DELAY_MS ), 500 );
         TimeDuration.of( delayMs, TimeDuration.Unit.MILLISECONDS ).jitterPause( pwmRequest.getPwmDomain().getSecureService(), 0.3f );
 
         final HelpdeskVerificationResponseBean responseBean = new HelpdeskVerificationResponseBean(
@@ -1199,7 +1203,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
                 RestCheckPasswordServer.JsonInput.class
         );
 
-        final UserIdentity userIdentity = UserIdentity.fromKey( jsonInput.getUsername(), pwmRequest.getPwmDomain() );
+        final UserIdentity userIdentity = UserIdentity.fromKey( jsonInput.getUsername(), pwmRequest.getPwmApplication() );
         final HelpdeskProfile helpdeskProfile = getHelpdeskProfile( pwmRequest );
 
         HelpdeskServletUtil.checkIfUserIdentityViewable( pwmRequest, helpdeskProfile, userIdentity );
@@ -1251,7 +1255,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
                 RestSetPasswordServer.JsonInputData.class
         );
 
-        final UserIdentity userIdentity = UserIdentity.fromKey( jsonInput.getUsername(), pwmRequest.getPwmDomain() );
+        final UserIdentity userIdentity = UserIdentity.fromKey( jsonInput.getUsername(), pwmRequest.getPwmApplication() );
         final ChaiUser chaiUser = HelpdeskServletUtil.getChaiUser( pwmRequest, helpdeskProfile, userIdentity );
         final UserInfo userInfo = UserInfoFactory.newUserInfo(
                 pwmRequest.getPwmDomain(),
@@ -1285,9 +1289,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
                     pwmRequest.getPwmDomain(),
                     pwmRequest.getLabel(),
                     userIdentity,
-                    chaiUser,
-                    pwmRequest.getLocale()
-            );
+                    chaiUser );
             newPassword = RandomPasswordGenerator.createRandomPassword(
                     pwmRequest.getLabel(),
                     passwordPolicy,
@@ -1332,7 +1334,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
     private ProcessStatus processRandomPasswordAction( final PwmRequest pwmRequest ) throws IOException, PwmUnrecoverableException, ChaiUnavailableException
     {
         final RestRandomPasswordServer.JsonInput input = JsonUtil.deserialize( pwmRequest.readRequestBodyAsString(), RestRandomPasswordServer.JsonInput.class );
-        final UserIdentity userIdentity = UserIdentity.fromKey( input.getUsername(), pwmRequest.getPwmDomain() );
+        final UserIdentity userIdentity = UserIdentity.fromKey( input.getUsername(), pwmRequest.getPwmApplication() );
 
         final HelpdeskProfile helpdeskProfile = getHelpdeskProfile( pwmRequest );
 
@@ -1388,7 +1390,7 @@ public class HelpdeskServlet extends ControlledPwmServlet
             final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_MISSING_PARAMETER, "userKey parameter is missing" );
             throw new PwmUnrecoverableException( errorInformation );
         }
-        return UserIdentity.fromKey( userKey, pwmRequest.getPwmDomain() );
+        return UserIdentity.fromKey( userKey, pwmRequest.getPwmApplication() );
     }
 
     static PhotoDataReader photoDataReader( final PwmRequest pwmRequest, final HelpdeskProfile helpdeskProfile, final UserIdentity userIdentity )

server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskServletUtil.java

@@ -175,7 +175,7 @@ public class HelpdeskServletUtil
     )
             throws PwmUnrecoverableException
     {
-        final String filterSetting = makeAdvancedSearchFilter( pwmRequest.getConfig(), helpdeskProfile );
+        final String filterSetting = makeAdvancedSearchFilter( pwmRequest.getDomainConfig(), helpdeskProfile );
         String filterString = filterSetting.replace( PwmConstants.VALUE_REPLACEMENT_USERNAME, "*" );
         while ( filterString.contains( "**" ) )
         {
@@ -210,9 +210,9 @@ public class HelpdeskServletUtil
     )
             throws ChaiUnavailableException, PwmUnrecoverableException
     {
-        final UserIdentity actorUserIdentity = pwmRequest.getUserInfoIfLoggedIn().canonicalized( pwmRequest.getPwmDomain() );
+        final UserIdentity actorUserIdentity = pwmRequest.getUserInfoIfLoggedIn().canonicalized( pwmRequest.getPwmApplication() );
 
-        if ( actorUserIdentity.canonicalEquals( userIdentity, pwmRequest.getPwmDomain() ) )
+        if ( actorUserIdentity.canonicalEquals( userIdentity, pwmRequest.getPwmApplication() ) )
         {
             final String errorMsg = "cannot select self";
             final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_UNAUTHORIZED, errorMsg );
@@ -256,7 +256,7 @@ public class HelpdeskServletUtil
             throw new PwmUnrecoverableException( errorInformation );
         }
 
-        return UserIdentity.fromObfuscatedKey( userKey, pwmRequest.getPwmDomain() );
+        return UserIdentity.fromObfuscatedKey( userKey, pwmRequest.getPwmApplication() );
     }
 
 
@@ -293,7 +293,7 @@ public class HelpdeskServletUtil
             throws PwmUnrecoverableException
     {
         final PwmDomain pwmDomain = pwmRequest.getPwmDomain();
-        final DomainConfig config = pwmRequest.getConfig();
+        final DomainConfig config = pwmRequest.getDomainConfig();
         final Locale locale = pwmRequest.getLocale();
         final EmailItemBean configuredEmailSetting = config.readSettingAsEmail( PwmSetting.EMAIL_HELPDESK_UNLOCK, locale );
 
@@ -313,7 +313,7 @@ public class HelpdeskServletUtil
 
         final MacroRequest macroRequest = getTargetUserMacroRequest( pwmRequest, helpdeskProfile, userIdentity );
 
-        pwmDomain.getEmailQueue().submitEmail(
+        pwmDomain.getPwmApplication().getEmailQueue().submitEmail(
                 configuredEmailSetting,
                 userInfo,
                 macroRequest

server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskVerificationStateBean.java

@@ -166,7 +166,7 @@ class HelpdeskVerificationStateBean implements Serializable
     )
             throws PwmUnrecoverableException
     {
-        final int maxAgeSeconds = Integer.parseInt( pwmRequest.getConfig().readAppProperty( AppProperty.HELPDESK_VERIFICATION_TIMEOUT_SECONDS ) );
+        final int maxAgeSeconds = Integer.parseInt( pwmRequest.getDomainConfig().readAppProperty( AppProperty.HELPDESK_VERIFICATION_TIMEOUT_SECONDS ) );
         final TimeDuration maxAge = TimeDuration.of( maxAgeSeconds, TimeDuration.Unit.SECONDS );
         final UserIdentity actor = pwmRequest.getUserInfoIfLoggedIn();
 

server/src/main/java/password/pwm/http/servlet/newuser/NewUserServlet.java

@@ -351,7 +351,7 @@ public class NewUserServlet extends ControlledPwmServlet
             if ( urlSegments.size() == 2 && profileUrlSegment.equals( urlSegments.get( 0 ) ) )
             {
                 final String requestedProfile = urlSegments.get( 1 );
-                final Collection<String> profileIDs = pwmRequest.getConfig().getNewUserProfiles().keySet();
+                final Collection<String> profileIDs = pwmRequest.getDomainConfig().getNewUserProfiles().keySet();
                 if ( profileIDs.contains( requestedProfile ) )
                 {
                     LOGGER.debug( pwmRequest, () -> "detected profile on request uri: " + requestedProfile );
@@ -563,7 +563,7 @@ public class NewUserServlet extends ControlledPwmServlet
         newUserBean.setTokenSent( false );
         newUserBean.setCurrentTokenField( null );
 
-        if ( pwmRequest.getConfig().readSettingAsBoolean( PwmSetting.DISPLAY_TOKEN_SUCCESS_BUTTON ) )
+        if ( pwmRequest.getDomainConfig().readSettingAsBoolean( PwmSetting.DISPLAY_TOKEN_SUCCESS_BUTTON ) )
         {
             pwmRequest.setAttribute( PwmRequestAttribute.TokenDestItems, tokenPayload.getDestination() );
             pwmRequest.forwardToJsp( JspUrl.NEW_USER_TOKEN_SUCCESS );
@@ -611,7 +611,7 @@ public class NewUserServlet extends ControlledPwmServlet
     private ProcessStatus handleProfileChoiceRequest( final PwmRequest pwmRequest )
             throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException
     {
-        final Set<String> profileIDs = pwmRequest.getConfig().getNewUserProfiles().keySet();
+        final Set<String> profileIDs = pwmRequest.getDomainConfig().getNewUserProfiles().keySet();
         final String requestedProfileID = pwmRequest.readParameterAsString( "profile" );
 
         final NewUserBean newUserBean = getNewUserBean( pwmRequest );
@@ -812,7 +812,7 @@ public class NewUserServlet extends ControlledPwmServlet
         {
             throw new IllegalStateException( "can not read new user profile until profile is selected" );
         }
-        return pwmRequest.getConfig().getNewUserProfiles().get( profileID );
+        return pwmRequest.getDomainConfig().getNewUserProfiles().get( profileID );
     }
 
     private void forwardToWait( final PwmRequest pwmRequest, final NewUserProfile newUserProfile )
@@ -869,7 +869,7 @@ public class NewUserServlet extends ControlledPwmServlet
 
         {
             final boolean showBack = !newUserBean.isUrlSpecifiedProfile()
-                    && pwmRequest.getConfig().getNewUserProfiles().keySet().size() > 1;
+                    && pwmRequest.getDomainConfig().getNewUserProfiles().keySet().size() > 1;
             pwmRequest.setAttribute( PwmRequestAttribute.NewUser_FormShowBackButton, showBack );
         }
 

server/src/main/java/password/pwm/http/servlet/newuser/NewUserUtils.java

@@ -72,8 +72,8 @@ import password.pwm.util.java.JsonUtil;
 import password.pwm.util.java.StringUtil;
 import password.pwm.util.java.TimeDuration;
 import password.pwm.util.logging.PwmLogger;
-import password.pwm.util.macro.MacroRequest;
 import password.pwm.util.macro.MacroReplacer;
+import password.pwm.util.macro.MacroRequest;
 import password.pwm.util.operations.ActionExecutor;
 import password.pwm.util.password.PasswordUtility;
 import password.pwm.util.password.RandomPasswordGenerator;
@@ -93,6 +93,7 @@ import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
+import java.util.Optional;
 import java.util.Set;
 
 class NewUserUtils
@@ -308,7 +309,7 @@ class NewUserUtils
         remoteWriteFormData( pwmRequest, newUserForm );
 
         // authenticate the user to pwm
-        final UserIdentity userIdentity = UserIdentity.createUserIdentity( newUserDN, newUserProfile.getLdapProfile().getIdentifier() );
+        final UserIdentity userIdentity = UserIdentity.createUserIdentity( newUserDN, newUserProfile.getLdapProfile().getIdentifier(), pwmRequest.getDomainID() );
         final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator( pwmDomain, pwmRequest, PwmAuthenticationSource.NEW_USER_REGISTRATION );
         sessionAuthenticator.authenticateUser( userIdentity, userPassword );
 
@@ -471,7 +472,7 @@ class NewUserUtils
     {
         final PwmSession pwmSession = pwmRequest.getPwmSession();
         final UserInfo userInfo = pwmSession.getUserInfo();
-        final DomainConfig config = pwmRequest.getConfig();
+        final DomainConfig config = pwmRequest.getDomainConfig();
         final Locale locale = pwmSession.getSessionStateBean().getLocale();
         final EmailItemBean configuredEmailSetting = config.readSettingAsEmail( PwmSetting.EMAIL_NEWUSER, locale );
 
@@ -482,7 +483,7 @@ class NewUserUtils
             return;
         }
 
-        pwmRequest.getPwmDomain().getEmailQueue().submitEmail(
+        pwmRequest.getPwmDomain().getPwmApplication().getEmailQueue().submitEmail(
                 configuredEmailSetting,
                 pwmSession.getUserInfo(),
                 pwmSession.getSessionManager().getMacroMachine( )
@@ -535,7 +536,7 @@ class NewUserUtils
     static Map<String, String> figureDisplayableProfiles( final PwmRequest pwmRequest )
     {
         final Map<String, String> returnMap = new LinkedHashMap<>();
-        for ( final NewUserProfile newUserProfile : pwmRequest.getConfig().getNewUserProfiles().values() )
+        for ( final NewUserProfile newUserProfile : pwmRequest.getDomainConfig().getNewUserProfiles().values() )
         {
             final boolean visible = newUserProfile.readSettingAsBoolean( PwmSetting.NEWUSER_PROFILE_DISPLAY_VISIBLE );
             if ( visible )
@@ -752,7 +753,8 @@ class NewUserUtils
                 {
                     final TokenDestinationItem tokenDestinationItem = tokenDestinationItemForCurrentValidation( pwmRequest, newUserBean, newUserProfile );
 
-                    if ( pwmRequest.getConfig().getTokenStorageMethod() == TokenStorageMethod.STORE_LDAP )
+                    final Optional<TokenStorageMethod> configuredMethod = pwmRequest.getDomainConfig().getTokenStorageMethod();
+                    if ( configuredMethod.isPresent() && configuredMethod.get() == TokenStorageMethod.STORE_LDAP )
                     {
                         throw new PwmUnrecoverableException( new ErrorInformation( PwmError.CONFIG_FORMAT_ERROR, null, new String[] {
                                 "cannot generate new user tokens when storage type is configured as STORE_LDAP.",
@@ -767,7 +769,7 @@ class NewUserUtils
                             newUserBean.getNewUserForm(),
                             tokenDestinationItem );
 
-                    final TimeDuration tokenLifetime = figureTokenLifetime( pwmRequest.getConfig(), newUserProfile, tokenDestinationItem );
+                    final TimeDuration tokenLifetime = figureTokenLifetime( pwmRequest.getDomainConfig(), newUserProfile, tokenDestinationItem );
 
 
                     TokenUtil.initializeAndSendToken(

server/src/main/java/password/pwm/http/servlet/oauth/OAuthConsumerServlet.java

@@ -76,7 +76,7 @@ public class OAuthConsumerServlet extends AbstractPwmServlet
             throws ServletException, IOException, PwmUnrecoverableException
     {
         final PwmDomain pwmDomain = pwmRequest.getPwmDomain();
-        final DomainConfig config = pwmRequest.getConfig();
+        final DomainConfig config = pwmRequest.getDomainConfig();
         final PwmSession pwmSession = pwmRequest.getPwmSession();
 
         final boolean userIsAuthenticated = pwmSession.isAuthenticated();
@@ -255,7 +255,7 @@ public class OAuthConsumerServlet extends AbstractPwmServlet
                         null,
                         pwmRequest.getLabel()
                 );
-                if ( resolvedIdentity != null && resolvedIdentity.canonicalEquals( pwmSession.getUserInfo().getUserIdentity(), pwmDomain ) )
+                if ( resolvedIdentity != null && resolvedIdentity.canonicalEquals( pwmSession.getUserInfo().getUserIdentity(), pwmDomain.getPwmApplication() ) )
                 {
                     LOGGER.debug( pwmRequest, () -> "verified incoming oauth code for already authenticated session does resolve to same as logged in user" );
                 }
@@ -312,11 +312,11 @@ public class OAuthConsumerServlet extends AbstractPwmServlet
         switch ( oAuthUseCase )
         {
             case Authentication:
-                return OAuthSettings.forSSOAuthentication( pwmRequest.getConfig() );
+                return OAuthSettings.forSSOAuthentication( pwmRequest.getDomainConfig() );
 
             case ForgottenPassword:
                 final String profileId = oAuthState.getForgottenProfileId();
-                final ForgottenPasswordProfile profile = pwmRequest.getConfig().getForgottenPasswordProfiles().get( profileId );
+                final ForgottenPasswordProfile profile = pwmRequest.getDomainConfig().getForgottenPasswordProfiles().get( profileId );
                 return OAuthSettings.forForgottenPassword( profile );
 
             default:

server/src/main/java/password/pwm/http/servlet/oauth/OAuthMachine.java

@@ -82,7 +82,7 @@ public class OAuthMachine
     )
             throws PwmUnrecoverableException
     {
-        final String requestStateStr = pwmRequest.readParameterAsString( pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_PARAM_OAUTH_STATE ) );
+        final String requestStateStr = pwmRequest.readParameterAsString( pwmRequest.getDomainConfig().readAppProperty( AppProperty.HTTP_PARAM_OAUTH_STATE ) );
         if ( requestStateStr != null )
         {
             final String stateJson = pwmRequest.getPwmDomain().getSecureService().decryptStringValue( requestStateStr );
@@ -111,7 +111,7 @@ public class OAuthMachine
         LOGGER.trace( sessionLabel, () -> "preparing to redirect user to oauth authentication service, setting nextUrl to " + nextUrl );
         pwmRequest.getPwmSession().getSessionStateBean().setOauthInProgress( true );
 
-        final DomainConfig config = pwmRequest.getConfig();
+        final DomainConfig config = pwmRequest.getDomainConfig();
         final String state = makeStateStringForRequest( pwmRequest, nextUrl, forgottenPasswordProfile );
         final String redirectUri = figureOauthSelfEndPointUrl( pwmRequest );
         final String code = config.readAppProperty( AppProperty.OAUTH_ID_REQUEST_TYPE );
@@ -158,7 +158,7 @@ public class OAuthMachine
     )
             throws PwmUnrecoverableException
     {
-        final DomainConfig config = pwmRequest.getConfig();
+        final DomainConfig config = pwmRequest.getDomainConfig();
         final String requestUrl = settings.getCodeResolveUrl();
         final String grantType = config.readAppProperty( AppProperty.OAUTH_ID_ACCESS_GRANT_TYPE );
         final String redirectUri = figureOauthSelfEndPointUrl( pwmRequest );
@@ -185,7 +185,7 @@ public class OAuthMachine
             final String resolveResponseBodyStr
     )
     {
-        final DomainConfig config = pwmRequest.getConfig();
+        final DomainConfig config = pwmRequest.getDomainConfig();
         final String oauthExpiresParam = config.readAppProperty( AppProperty.HTTP_PARAM_OAUTH_EXPIRES );
         final String oauthAccessTokenParam = config.readAppProperty( AppProperty.HTTP_PARAM_OAUTH_ACCESS_TOKEN );
         final String refreshTokenParam = config.readAppProperty( AppProperty.HTTP_PARAM_OAUTH_REFRESH_TOKEN );
@@ -207,7 +207,7 @@ public class OAuthMachine
     )
             throws PwmUnrecoverableException
     {
-        final DomainConfig config = pwmRequest.getConfig();
+        final DomainConfig config = pwmRequest.getDomainConfig();
         final String requestUrl = settings.getCodeResolveUrl();
         final String grantType = config.readAppProperty( AppProperty.OAUTH_ID_REFRESH_GRANT_TYPE );
 
@@ -228,7 +228,7 @@ public class OAuthMachine
     {
         final PwmHttpClientResponse restResults;
         {
-            final DomainConfig config = pwmRequest.getConfig();
+            final DomainConfig config = pwmRequest.getDomainConfig();
             final String requestUrl = settings.getAttributesUrl();
             final Map<String, String> requestParams = new HashMap<>();
             requestParams.put( config.readAppProperty( AppProperty.HTTP_PARAM_OAUTH_ACCESS_TOKEN ), accessToken );
@@ -326,8 +326,8 @@ public class OAuthMachine
         final String redirectUri;
 
         {
-            final String returnUrlOverride = pwmRequest.getConfig().readAppProperty( AppProperty.OAUTH_RETURN_URL_OVERRIDE );
-            final String siteURL = pwmRequest.getConfig().readSettingAsString( PwmSetting.PWM_SITE_URL );
+            final String returnUrlOverride = pwmRequest.getDomainConfig().readAppProperty( AppProperty.OAUTH_RETURN_URL_OVERRIDE );
+            final String siteURL = pwmRequest.getDomainConfig().readSettingAsString( PwmSetting.PWM_SITE_URL );
             if ( returnUrlOverride != null && !returnUrlOverride.trim().isEmpty() )
             {
                 debugSource = "AppProperty(\"" + AppProperty.OAUTH_RETURN_URL_OVERRIDE.getKey() + "\")";
@@ -368,7 +368,7 @@ public class OAuthMachine
             final PwmRequest pwmRequest
     )
     {
-        if ( !Boolean.parseBoolean( pwmRequest.getConfig().readAppProperty( AppProperty.OAUTH_ENABLE_TOKEN_REFRESH ) ) )
+        if ( !Boolean.parseBoolean( pwmRequest.getDomainConfig().readAppProperty( AppProperty.OAUTH_ENABLE_TOKEN_REFRESH ) ) )
         {
             return false;
         }

server/src/main/java/password/pwm/http/servlet/peoplesearch/PeopleSearchConfiguration.java

@@ -50,7 +50,7 @@ public class PeopleSearchConfiguration
 
     String getEmailAttribute( final UserIdentity userIdentity )
     {
-        final LdapProfile ldapProfile = userIdentity.getLdapProfile( domainConfig );
+        final LdapProfile ldapProfile = userIdentity.getLdapProfile( domainConfig.getAppConfig() );
         return ldapProfile.readSettingAsString( PwmSetting.EMAIL_USER_MAIL_ATTRIBUTE );
     }
 
@@ -66,25 +66,25 @@ public class PeopleSearchConfiguration
 
     String getOrgChartParentAttr( final UserIdentity userIdentity )
     {
-        final LdapProfile ldapProfile = userIdentity.getLdapProfile( domainConfig );
+        final LdapProfile ldapProfile = userIdentity.getLdapProfile( domainConfig.getAppConfig() );
         return ldapProfile.readSettingAsString( PwmSetting.LDAP_ATTRIBUTE_ORGCHART_PARENT );
     }
 
     String getOrgChartChildAttr( final UserIdentity userIdentity  )
     {
-        final LdapProfile ldapProfile = userIdentity.getLdapProfile( domainConfig );
+        final LdapProfile ldapProfile = userIdentity.getLdapProfile( domainConfig.getAppConfig() );
         return ldapProfile.readSettingAsString( PwmSetting.LDAP_ATTRIBUTE_ORGCHART_CHILD );
     }
 
     String getOrgChartAssistantAttr( final UserIdentity userIdentity  )
     {
-        final LdapProfile ldapProfile = userIdentity.getLdapProfile( domainConfig );
+        final LdapProfile ldapProfile = userIdentity.getLdapProfile( domainConfig.getAppConfig() );
         return ldapProfile.readSettingAsString( PwmSetting.LDAP_ATTRIBUTE_ORGCHART_ASSISTANT );
     }
 
     String getOrgChartWorkforceIDAttr( final UserIdentity userIdentity  )
     {
-        final LdapProfile ldapProfile = userIdentity.getLdapProfile( domainConfig );
+        final LdapProfile ldapProfile = userIdentity.getLdapProfile( domainConfig.getAppConfig() );
         return ldapProfile.readSettingAsString( PwmSetting.LDAP_ATTRIBUTE_ORGCHART_WORKFORCEID );
     }
 

server/src/main/java/password/pwm/http/servlet/peoplesearch/PeopleSearchDataReader.java

@@ -106,7 +106,7 @@ class PeopleSearchDataReader
             throws PwmUnrecoverableException
     {
         this.pwmRequest = pwmRequest;
-        this.peopleSearchConfiguration = new PeopleSearchConfiguration( pwmRequest.getConfig(), peopleSearchProfile );
+        this.peopleSearchConfiguration = new PeopleSearchConfiguration( pwmRequest.getDomainConfig(), peopleSearchProfile );
     }
 
     SearchResultBean makeSearchResultBean(
@@ -264,7 +264,7 @@ class PeopleSearchDataReader
         final Map<String, String> searchResults = detailResults.getResults().get( userIdentity );
 
         final UserDetailBean userDetailBean = new UserDetailBean();
-        userDetailBean.setUserKey( userIdentity.toObfuscatedKey( pwmRequest.getPwmDomain() ) );
+        userDetailBean.setUserKey( userIdentity.toObfuscatedKey( pwmRequest.getPwmApplication() ) );
         final List<FormConfiguration> detailFormConfig = this.peopleSearchConfiguration.getSearchDetailForm();
         final Map<String, AttributeDetailBean> attributeBeans = convertResultMapToBeans( userIdentity, detailFormConfig, searchResults );
 
@@ -292,7 +292,7 @@ class PeopleSearchDataReader
 
     private List<LinkReferenceBean> makeUserDetailLinks( final UserIdentity actorIdentity ) throws PwmUnrecoverableException
     {
-        final String userLinksStr = pwmRequest.getConfig().readAppProperty( AppProperty.PEOPLESEARCH_VIEW_DETAIL_LINKS );
+        final String userLinksStr = pwmRequest.getDomainConfig().readAppProperty( AppProperty.PEOPLESEARCH_VIEW_DETAIL_LINKS );
         if ( StringUtil.isEmpty( userLinksStr ) )
         {
             return Collections.emptyList();
@@ -332,7 +332,7 @@ class PeopleSearchDataReader
 
         final List<String> returnObj = new ArrayList<>();
 
-        final int maxValues = Integer.parseInt( pwmRequest.getConfig().readAppProperty( AppProperty.PEOPLESEARCH_VALUE_MAXCOUNT ) );
+        final int maxValues = Integer.parseInt( pwmRequest.getDomainConfig().readAppProperty( AppProperty.PEOPLESEARCH_VALUE_MAXCOUNT ) );
         final ChaiUser chaiUser = getChaiUser( userIdentity );
         try
         {
@@ -389,7 +389,7 @@ class PeopleSearchDataReader
             throws PwmUnrecoverableException
     {
         final OrgChartReferenceBean orgChartReferenceBean = new OrgChartReferenceBean();
-        orgChartReferenceBean.setUserKey( userIdentity.toObfuscatedKey( pwmRequest.getPwmDomain() ) );
+        orgChartReferenceBean.setUserKey( userIdentity.toObfuscatedKey( pwmRequest.getPwmApplication() ) );
         final PhotoDataReader photoDataReader = photoDataReader( userIdentity );
         orgChartReferenceBean.setPhotoURL( photoDataReader.figurePhotoURL( ) );
 
@@ -408,7 +408,7 @@ class PeopleSearchDataReader
 
         final List<UserIdentity> returnObj = new ArrayList<>();
 
-        final int maxValues = Integer.parseInt( pwmRequest.getConfig().readAppProperty( AppProperty.PEOPLESEARCH_VALUE_MAXCOUNT ) );
+        final int maxValues = Integer.parseInt( pwmRequest.getDomainConfig().readAppProperty( AppProperty.PEOPLESEARCH_VALUE_MAXCOUNT ) );
         final ChaiUser chaiUser = getChaiUser( userIdentity );
         final Set<String> ldapValues;
         try
@@ -428,10 +428,10 @@ class PeopleSearchDataReader
         }
 
 
-        final boolean checkUserDNValues = Boolean.parseBoolean( pwmRequest.getConfig().readAppProperty( AppProperty.PEOPLESEARCH_MAX_VALUE_VERIFYUSERDN ) );
+        final boolean checkUserDNValues = Boolean.parseBoolean( pwmRequest.getDomainConfig().readAppProperty( AppProperty.PEOPLESEARCH_MAX_VALUE_VERIFYUSERDN ) );
         for ( final String userDN : ldapValues )
         {
-            final UserIdentity loopIdentity = UserIdentity.createUserIdentity( userDN, userIdentity.getLdapProfileID() );
+            final UserIdentity loopIdentity = UserIdentity.createUserIdentity( userDN, userIdentity.getLdapProfileID(), pwmRequest.getDomainID() );
             if ( returnObj.size() < maxValues )
             {
                 if ( checkUserDNValues )
@@ -552,7 +552,7 @@ class PeopleSearchDataReader
                         {
                             final String displayValue = figureDisplaynameValue( pwmRequest, loopIdentity );
                             final UserReferenceBean userReference = new UserReferenceBean();
-                            userReference.setUserKey( loopIdentity.toObfuscatedKey( pwmRequest.getPwmDomain() ) );
+                            userReference.setUserKey( loopIdentity.toObfuscatedKey( pwmRequest.getPwmApplication() ) );
                             userReference.setDisplayName( displayValue );
                             userReferences.put( displayValue, userReference );
                         }
@@ -650,7 +650,7 @@ class PeopleSearchDataReader
             return configuredFilter;
         }
 
-        final List<String> defaultObjectClasses = pwmRequest.getConfig().readSettingAsStringArray( PwmSetting.DEFAULT_OBJECT_CLASSES );
+        final List<String> defaultObjectClasses = pwmRequest.getDomainConfig().readSettingAsStringArray( PwmSetting.DEFAULT_OBJECT_CLASSES );
         final Set<String> searchAttributes = peopleSearchConfiguration.getSearchAttributes();
         final StringBuilder filter = new StringBuilder();
 
@@ -679,7 +679,7 @@ class PeopleSearchDataReader
 
     private String makeAdvancedFilter( final Map<String, String> attributesInSearchRequest )
     {
-        final List<String> defaultObjectClasses = pwmRequest.getConfig().readSettingAsStringArray( PwmSetting.DEFAULT_OBJECT_CLASSES );
+        final List<String> defaultObjectClasses = pwmRequest.getDomainConfig().readSettingAsStringArray( PwmSetting.DEFAULT_OBJECT_CLASSES );
         final List<FormConfiguration> searchAttributes = peopleSearchConfiguration.getSearchForm();
 
         return HelpdeskServletUtil.makeAdvancedSearchFilter( defaultObjectClasses, searchAttributes, attributesInSearchRequest );
@@ -843,7 +843,7 @@ class PeopleSearchDataReader
                 final String userKey = ( String ) map.get( "userKey" );
                 if ( userKey != null )
                 {
-                    final UserIdentity userIdentity = UserIdentity.fromKey( userKey, pwmRequest.getPwmDomain() );
+                    final UserIdentity userIdentity = UserIdentity.fromKey( userKey, pwmRequest.getPwmApplication() );
                     final String displayValue = figureDisplaynameValue( pwmRequest, userIdentity );
                     map.put( "_displayName", displayValue );
                 }
@@ -858,7 +858,7 @@ class PeopleSearchDataReader
         final String aboutMessage = LocaleHelper.getLocalizedMessage(
                 pwmRequest.getLocale(),
                 Display.Display_SearchResultsInfo.getKey(),
-                pwmRequest.getConfig(),
+                pwmRequest.getDomainConfig(),
                 Display.class,
                 new String[]
                         {

server/src/main/java/password/pwm/http/servlet/peoplesearch/PeopleSearchService.java

@@ -20,7 +20,9 @@
 
 package password.pwm.http.servlet.peoplesearch;
 
+import password.pwm.PwmApplication;
 import password.pwm.PwmDomain;
+import password.pwm.bean.DomainID;
 import password.pwm.error.PwmException;
 import password.pwm.health.HealthRecord;
 import password.pwm.svc.PwmService;
@@ -45,9 +47,10 @@ public class PeopleSearchService implements PwmService
     }
 
     @Override
-    public void init( final PwmDomain pwmDomain ) throws PwmException
+    public void init( final PwmApplication pwmApplication, final DomainID domainID )
+            throws PwmException
     {
-        this.pwmDomain = pwmDomain;
+        this.pwmDomain = pwmApplication.getDefaultDomain();
 
         final int maxThreadCount = 5;
 

server/src/main/java/password/pwm/http/servlet/peoplesearch/PeopleSearchServlet.java

@@ -119,7 +119,7 @@ public abstract class PeopleSearchServlet extends ControlledPwmServlet
     )
             throws PwmUnrecoverableException, IOException
     {
-        final PeopleSearchConfiguration peopleSearchConfiguration = new PeopleSearchConfiguration( pwmRequest.getConfig(), peopleSearchProfile( pwmRequest ) );
+        final PeopleSearchConfiguration peopleSearchConfiguration = new PeopleSearchConfiguration( pwmRequest.getDomainConfig(), peopleSearchProfile( pwmRequest ) );
 
         final PeopleSearchClientConfigBean peopleSearchClientConfigBean = PeopleSearchClientConfigBean.fromConfig(
                 pwmRequest,
@@ -161,7 +161,7 @@ public abstract class PeopleSearchServlet extends ControlledPwmServlet
             throws IOException, PwmUnrecoverableException, ServletException
     {
         final PeopleSearchProfile peopleSearchProfile = peopleSearchProfile( pwmRequest );
-        final PeopleSearchConfiguration peopleSearchConfiguration = new PeopleSearchConfiguration( pwmRequest.getConfig(), peopleSearchProfile );
+        final PeopleSearchConfiguration peopleSearchConfiguration = new PeopleSearchConfiguration( pwmRequest.getDomainConfig(), peopleSearchProfile );
 
         final UserIdentity userIdentity;
         {
@@ -176,7 +176,7 @@ public abstract class PeopleSearchServlet extends ControlledPwmServlet
             }
             else
             {
-                userIdentity = UserIdentity.fromObfuscatedKey( userKey, pwmRequest.getPwmDomain() );
+                userIdentity = UserIdentity.fromObfuscatedKey( userKey, pwmRequest.getPwmApplication() );
             }
         }
 
@@ -253,7 +253,7 @@ public abstract class PeopleSearchServlet extends ControlledPwmServlet
     private void addExpiresHeadersToResponse( final PwmRequest pwmRequest )
             throws PwmUnrecoverableException
     {
-        final PeopleSearchConfiguration peopleSearchConfiguration = new PeopleSearchConfiguration( pwmRequest.getConfig(), peopleSearchProfile( pwmRequest ) );
+        final PeopleSearchConfiguration peopleSearchConfiguration = new PeopleSearchConfiguration( pwmRequest.getDomainConfig(), peopleSearchProfile( pwmRequest ) );
         final TimeDuration maxCacheTime = peopleSearchConfiguration.getMaxCacheTime();
         pwmRequest.getPwmResponse().getHttpServletResponse().setDateHeader( HttpHeader.Expires.getHttpName(), System.currentTimeMillis() + ( maxCacheTime.asMillis() ) );
         pwmRequest.getPwmResponse().setHeader( HttpHeader.CacheControl,  "private, max-age=" + maxCacheTime.as( TimeDuration.Unit.SECONDS ) );
@@ -269,7 +269,7 @@ public abstract class PeopleSearchServlet extends ControlledPwmServlet
         final PeopleSearchProfile peopleSearchProfile = peopleSearchProfile( pwmRequest );
         final PeopleSearchDataReader peopleSearchDataReader = new PeopleSearchDataReader( pwmRequest, peopleSearchProfile );
 
-        final PeopleSearchConfiguration peopleSearchConfiguration = new PeopleSearchConfiguration( pwmRequest.getConfig(), peopleSearchProfile( pwmRequest ) );
+        final PeopleSearchConfiguration peopleSearchConfiguration = new PeopleSearchConfiguration( pwmRequest.getDomainConfig(), peopleSearchProfile( pwmRequest ) );
         final PeopleSearchClientConfigBean peopleSearchClientConfigBean = PeopleSearchClientConfigBean.fromConfig( pwmRequest, peopleSearchConfiguration, userIdentity );
 
         if ( !peopleSearchClientConfigBean.isEnableExport() )
@@ -301,7 +301,7 @@ public abstract class PeopleSearchServlet extends ControlledPwmServlet
 
         final PeopleSearchProfile peopleSearchProfile = peopleSearchProfile( pwmRequest );
         final PeopleSearchDataReader peopleSearchDataReader = new PeopleSearchDataReader( pwmRequest, peopleSearchProfile );
-        final PeopleSearchConfiguration peopleSearchConfiguration = new PeopleSearchConfiguration( pwmRequest.getConfig(), peopleSearchProfile );
+        final PeopleSearchConfiguration peopleSearchConfiguration = new PeopleSearchConfiguration( pwmRequest.getDomainConfig(), peopleSearchProfile );
 
         if ( !peopleSearchConfiguration.isEnableMailtoLinks() )
         {
@@ -322,7 +322,7 @@ public abstract class PeopleSearchServlet extends ControlledPwmServlet
     {
         if ( pwmRequest.getURL().isPublicUrl() )
         {
-            final Optional<PeopleSearchProfile> profile = pwmRequest.getConfig().getPublicPeopleSearchProfile();
+            final Optional<PeopleSearchProfile> profile = pwmRequest.getDomainConfig().getPublicPeopleSearchProfile();
             if ( !profile.isPresent() )
             {
                 throw PwmUnrecoverableException.newException( PwmError.ERROR_NO_PROFILE_ASSIGNED, "public peoplesearch profile not assigned" );
@@ -351,7 +351,7 @@ public abstract class PeopleSearchServlet extends ControlledPwmServlet
 
         final PeopleSearchProfile peopleSearchProfile = peopleSearchProfile( pwmRequest );
         final PeopleSearchDataReader peopleSearchDataReader = new PeopleSearchDataReader( pwmRequest, peopleSearchProfile );
-        final UserIdentity userIdentity = UserIdentity.fromKey( userKey, pwmRequest.getPwmDomain() );
+        final UserIdentity userIdentity = UserIdentity.fromKey( userKey, pwmRequest.getPwmApplication() );
         peopleSearchDataReader.checkIfUserIdentityViewable( userIdentity );
         return userIdentity;
     }

server/src/main/java/password/pwm/http/servlet/peoplesearch/PhotoDataReader.java

@@ -98,7 +98,7 @@ public class PhotoDataReader
             return PhotoReaderMethod.Ldap;
         }
 
-        final boolean enableInternalHttpProxy = Boolean.parseBoolean( pwmRequest.getConfig().readAppProperty( AppProperty.PHOTO_INTERNAL_HTTP_PROXY_ENABLE ) );
+        final boolean enableInternalHttpProxy = Boolean.parseBoolean( pwmRequest.getDomainConfig().readAppProperty( AppProperty.PHOTO_INTERNAL_HTTP_PROXY_ENABLE ) );
         if ( enableInternalHttpProxy )
         {
             return PhotoReaderMethod.ServerHttp;
@@ -152,7 +152,7 @@ public class PhotoDataReader
             case ServerHttp:
                 String returnUrl = pwmRequest.getURLwithoutQueryString();
                 returnUrl = PwmURL.appendAndEncodeUrlParameters( returnUrl, PwmConstants.PARAM_ACTION_REQUEST, PeopleSearchServlet.PeopleSearchActions.photo.name() );
-                returnUrl = PwmURL.appendAndEncodeUrlParameters( returnUrl, PwmConstants.PARAM_USERKEY,  userIdentity.toObfuscatedKey( pwmRequest.getPwmDomain() ) );
+                returnUrl = PwmURL.appendAndEncodeUrlParameters( returnUrl, PwmConstants.PARAM_USERKEY,  userIdentity.toObfuscatedKey( pwmRequest.getPwmApplication() ) );
                 return returnUrl;
 
             default:
@@ -215,7 +215,7 @@ public class PhotoDataReader
             throws PwmUnrecoverableException, PwmOperationalException
     {
         return LdapOperationsHelper.readPhotoDataFromLdap(
-                pwmRequest.getConfig(),
+                pwmRequest.getDomainConfig(),
                 pwmRequest.getPwmDomain().getProxiedChaiUser( userIdentity ).getChaiProvider(),
                 userIdentity
         );
@@ -262,7 +262,7 @@ public class PhotoDataReader
     private Optional<String> getPhotoUrlOverride( final UserIdentity userIdentity )
             throws PwmUnrecoverableException
     {
-        final LdapProfile ldapProfile = userIdentity.getLdapProfile( pwmRequest.getConfig() );
+        final LdapProfile ldapProfile = userIdentity.getLdapProfile( pwmRequest.getAppConfig() );
         final String configuredUrl = ldapProfile.readSettingAsString( PwmSetting.LDAP_ATTRIBUTE_PHOTO_URL_OVERRIDE );
 
         if ( !StringUtil.isEmpty( configuredUrl ) )
@@ -280,7 +280,7 @@ public class PhotoDataReader
             final Callable<Optional<PhotoDataBean>> photoReader
     )
     {
-        final long cacheSeconds = JavaHelper.silentParseLong( pwmRequest.getConfig().readAppProperty( AppProperty.PHOTO_CLIENT_CACHE_SECONDS ), 3600 );
+        final long cacheSeconds = JavaHelper.silentParseLong( pwmRequest.getDomainConfig().readAppProperty( AppProperty.PHOTO_CLIENT_CACHE_SECONDS ), 3600 );
         final TimeDuration maxCacheTime = TimeDuration.of( cacheSeconds, TimeDuration.Unit.SECONDS );
         pwmRequest.getPwmResponse().getHttpServletResponse().setDateHeader( HttpHeader.Expires.getHttpName(), System.currentTimeMillis() + ( maxCacheTime.asMillis() ) );
         pwmRequest.getPwmResponse().setHeader( HttpHeader.CacheControl,  "private, max-age=" + maxCacheTime.as( TimeDuration.Unit.SECONDS ) );

server/src/main/java/password/pwm/http/servlet/resource/ResourceServletConfiguration.java

@@ -76,7 +76,7 @@ class ResourceServletConfiguration
 
         final String noncePrefix = domainConfig.readAppProperty( AppProperty.HTTP_RESOURCES_NONCE_PATH_PREFIX );
         noncePattern = Pattern.compile( noncePrefix + "[^/]*?/" );
-        nonceValue = pwmDomain.getRuntimeNonce();
+        nonceValue = pwmDomain.getPwmApplication().getRuntimeNonce();
 
         final String zipFileResourceParam = domainConfig.readAppProperty( AppProperty.HTTP_RESOURCES_ZIP_FILES );
         if ( zipFileResourceParam != null && !zipFileResourceParam.isEmpty() )

server/src/main/java/password/pwm/http/servlet/resource/ResourceServletService.java

@@ -24,8 +24,10 @@ import com.github.benmanes.caffeine.cache.Cache;
 import com.github.benmanes.caffeine.cache.Caffeine;
 import org.apache.commons.io.output.NullOutputStream;
 import password.pwm.AppProperty;
+import password.pwm.PwmApplication;
 import password.pwm.PwmDomain;
 import password.pwm.PwmConstants;
+import password.pwm.bean.DomainID;
 import password.pwm.error.PwmException;
 import password.pwm.error.PwmUnrecoverableException;
 import password.pwm.health.HealthRecord;
@@ -115,9 +117,10 @@ public class ResourceServletService implements PwmService
     }
 
     @Override
-    public void init( final PwmDomain pwmDomain ) throws PwmException
+    public void init( final PwmApplication pwmApplication, final DomainID domainID )
+            throws PwmException
     {
-        this.pwmDomain = pwmDomain;
+        this.pwmDomain = pwmApplication.getDefaultDomain();
         try
         {
             this.resourceServletConfiguration = ResourceServletConfiguration.createResourceServletConfiguration( pwmDomain );
@@ -199,7 +202,7 @@ public class ResourceServletService implements PwmService
             return true;
         }
 
-        if ( !themeName.matches( pwmRequest.getConfig().readAppProperty( AppProperty.SECURITY_INPUT_THEME_MATCH_REGEX ) ) )
+        if ( !themeName.matches( pwmRequest.getDomainConfig().readAppProperty( AppProperty.SECURITY_INPUT_THEME_MATCH_REGEX ) ) )
         {
             LOGGER.warn( pwmRequest, () -> "discarding suspicious theme name in request: " + themeName );
             return false;
@@ -217,7 +220,7 @@ public class ResourceServletService implements PwmService
         {
             final String themePathUrl = ResourceFileServlet.RESOURCE_PATH + testUrl.replace( ResourceFileServlet.TOKEN_THEME, themeName );
             final FileResource resolvedFile = ResourceFileRequest.resolveRequestedResource(
-                    pwmRequest.getConfig(),
+                    pwmRequest.getDomainConfig(),
                     servletContext,
                     themePathUrl,
                     getResourceServletConfiguration() );

server/src/main/java/password/pwm/http/servlet/updateprofile/UpdateProfileServlet.java

@@ -198,7 +198,7 @@ public class UpdateProfileServlet extends ControlledPwmServlet
         updateProfileBean.setTokenSent( false );
         updateProfileBean.setCurrentTokenField( null );
 
-        if ( pwmRequest.getConfig().readSettingAsBoolean( PwmSetting.DISPLAY_TOKEN_SUCCESS_BUTTON ) )
+        if ( pwmRequest.getDomainConfig().readSettingAsBoolean( PwmSetting.DISPLAY_TOKEN_SUCCESS_BUTTON ) )
         {
             pwmRequest.setAttribute( PwmRequestAttribute.TokenDestItems, tokenDestinationItem );
             pwmRequest.forwardToJsp( JspUrl.UPDATE_ATTRIBUTES_TOKEN_SUCCESS );
@@ -218,7 +218,7 @@ public class UpdateProfileServlet extends ControlledPwmServlet
         final UpdateProfileProfile updateProfileProfile = getProfile( pwmRequest );
 
         boolean success = true;
-        String userMessage = Message.getLocalizedMessage( pwmRequest.getLocale(), Message.Success_UpdateForm, pwmRequest.getConfig() );
+        String userMessage = Message.getLocalizedMessage( pwmRequest.getLocale(), Message.Success_UpdateForm, pwmRequest.getDomainConfig() );
 
         try
         {

server/src/main/java/password/pwm/http/servlet/updateprofile/UpdateProfileUtil.java

@@ -158,7 +158,7 @@ public class UpdateProfileUtil
         final DomainConfig config = pwmDomain.getConfig();
 
         final EmailItemBean configuredEmailSetting = config.readSettingAsEmail( PwmSetting.EMAIL_UPDATEPROFILE, locale );
-        pwmDomain.getEmailQueue().submitEmail(
+        pwmDomain.getPwmApplication().getEmailQueue().submitEmail(
                 configuredEmailSetting,
                 userInfo,
                 macroRequest
@@ -238,7 +238,7 @@ public class UpdateProfileUtil
             throws PwmUnrecoverableException
     {
         final List<FormConfiguration> formFields = updateProfileProfile.readSettingAsForm( PwmSetting.UPDATE_PROFILE_FORM );
-        final LdapProfile ldapProfile = pwmRequest.getUserInfoIfLoggedIn().getLdapProfile( pwmRequest.getConfig() );
+        final LdapProfile ldapProfile = pwmRequest.getUserInfoIfLoggedIn().getLdapProfile( pwmRequest.getAppConfig() );
         final Map<String, TokenDestinationItem.Type> workingMap = new LinkedHashMap<>( FormUtility.identifyFormItemsNeedingPotentialTokenValidation(
                 ldapProfile,
                 formFields
@@ -315,8 +315,8 @@ public class UpdateProfileUtil
                 {
                     final TokenDestinationItem tokenDestinationItem = tokenDestinationItemForCurrentValidation( pwmRequest, updateProfileBean, updateProfileProfile );
                     final TimeDuration tokenLifetime = tokenDestinationItem.getType() == TokenDestinationItem.Type.email
-                            ? updateProfileProfile.getTokenDurationEmail( pwmRequest.getConfig() )
-                            : updateProfileProfile.getTokenDurationSMS( pwmRequest.getConfig() );
+                            ? updateProfileProfile.getTokenDurationEmail( pwmRequest.getDomainConfig() )
+                            : updateProfileProfile.getTokenDurationSMS( pwmRequest.getDomainConfig() );
 
                     TokenUtil.initializeAndSendToken(
                             pwmRequest.getPwmRequestContext(),
@@ -415,7 +415,7 @@ public class UpdateProfileUtil
     )
     {
         final List<FormConfiguration> formFields = updateProfileProfile.readSettingAsForm( PwmSetting.UPDATE_PROFILE_FORM );
-        final LdapProfile ldapProfile = pwmRequest.getUserInfoIfLoggedIn().getLdapProfile( pwmRequest.getConfig() );
+        final LdapProfile ldapProfile = pwmRequest.getUserInfoIfLoggedIn().getLdapProfile( pwmRequest.getAppConfig() );
         final Map<String, TokenDestinationItem.Type> tokenTypeMap = FormUtility.identifyFormItemsNeedingPotentialTokenValidation(
                 ldapProfile,
                 formFields

server/src/main/java/password/pwm/http/state/CryptoCookieBeanImpl.java

@@ -110,7 +110,7 @@ class CryptoCookieBeanImpl implements SessionBeanProvider
             }
 
             final TimeDuration cookieLifeDuration = TimeDuration.fromCurrent( cookieBean.getTimestamp() );
-            final long maxIdleSeconds = pwmRequest.getConfig().readSettingAsLong( PwmSetting.IDLE_TIMEOUT_SECONDS );
+            final long maxIdleSeconds = pwmRequest.getDomainConfig().readSettingAsLong( PwmSetting.IDLE_TIMEOUT_SECONDS );
             if ( cookieLifeDuration.isLongerThan( maxIdleSeconds, TimeDuration.Unit.SECONDS ) )
             {
                 LOGGER.trace( pwmRequest, () -> "disregarded existing " + cookieName + " cookie bean due to outdated timestamp (" + cookieLifeDuration.asCompactString() + ")" );
@@ -196,7 +196,7 @@ class CryptoCookieBeanImpl implements SessionBeanProvider
     private PwmSecurityKey keyForSession( final PwmRequest pwmRequest )
             throws PwmUnrecoverableException
     {
-        final PwmSecurityKey pwmSecurityKey = pwmRequest.getConfig().getSecurityKey();
+        final PwmSecurityKey pwmSecurityKey = pwmRequest.getDomainConfig().getSecurityKey();
         final String keyHash = pwmSecurityKey.keyHash( pwmRequest.getPwmDomain().getSecureService() );
         final String userGuid = pwmRequest.getPwmSession().getLoginInfoBean().getGuid();
         return new PwmSecurityKey( keyHash + userGuid );

server/src/main/java/password/pwm/http/state/CryptoCookieLoginImpl.java

@@ -212,7 +212,7 @@ class CryptoCookieLoginImpl implements SessionLoginProvider
             }
         }
 
-        if ( pwmRequest.getConfig().isDevDebugMode() && LOGGER.isEnabled( PwmLogLevel.TRACE ) )
+        if ( pwmRequest.getAppConfig().isDevDebugMode() && LOGGER.isEnabled( PwmLogLevel.TRACE ) )
         {
             final String debugTxt = remoteLoginCookie.toDebugString();
             LOGGER.trace( pwmRequest, () -> "imported LoginInfoBean=" + debugTxt );
@@ -235,7 +235,7 @@ class CryptoCookieLoginImpl implements SessionLoginProvider
 
         if ( loginInfoBean.getAuthTime() != null )
         {
-            final long sessionMaxSeconds = pwmRequest.getConfig().readSettingAsLong( PwmSetting.SESSION_MAX_SECONDS );
+            final long sessionMaxSeconds = pwmRequest.getDomainConfig().readSettingAsLong( PwmSetting.SESSION_MAX_SECONDS );
             final TimeDuration sessionTotalAge = TimeDuration.fromCurrent( loginInfoBean.getAuthTime() );
             final TimeDuration sessionMaxAge = TimeDuration.of( sessionMaxSeconds, TimeDuration.Unit.SECONDS );
             if ( sessionTotalAge.isLongerThan( sessionMaxAge ) )

server/src/main/java/password/pwm/http/state/SessionStateService.java

@@ -20,7 +20,9 @@
 
 package password.pwm.http.state;
 
+import password.pwm.PwmApplication;
 import password.pwm.PwmDomain;
+import password.pwm.bean.DomainID;
 import password.pwm.config.PwmSetting;
 import password.pwm.config.option.SessionBeanMode;
 import password.pwm.error.PwmError;
@@ -57,8 +59,10 @@ public class SessionStateService implements PwmService
     }
 
     @Override
-    public void init( final PwmDomain pwmDomain ) throws PwmException
+    public void init( final PwmApplication pwmApplication, final DomainID domainID )
+            throws PwmException
     {
+        final PwmDomain pwmDomain = pwmApplication.getDefaultDomain();
         {
             final SessionBeanMode sessionBeanMode = pwmDomain.getConfig().readSettingAsEnum( PwmSetting.SECURITY_MODULE_SESSION_MODE, SessionBeanMode.class );
             if ( sessionBeanMode != null )
@@ -189,9 +193,9 @@ public class SessionStateService implements PwmService
         }
         try
         {
-            return theClass.newInstance().supportedModes().contains( mode );
+            return theClass.getDeclaredConstructor().newInstance().supportedModes().contains( mode );
         }
-        catch ( final InstantiationException | IllegalAccessException e )
+        catch ( final ReflectiveOperationException e )
         {
             e.printStackTrace();
         }
@@ -202,7 +206,7 @@ public class SessionStateService implements PwmService
     {
         try
         {
-            final E newBean = theClass.newInstance();
+            final E newBean = theClass.getDeclaredConstructor().newInstance();
             newBean.setGuid( sessionGuid );
             newBean.setTimestamp( Instant.now() );
             return newBean;

server/src/main/java/password/pwm/http/tag/DisplayTag.java

@@ -129,7 +129,7 @@ public class DisplayTag extends PwmAbstractTag
             final Locale locale = pwmRequest == null ? PwmConstants.DEFAULT_LOCALE : pwmRequest.getLocale();
 
             final Class bundle = readBundle();
-            String displayMessage = figureDisplayMessage( locale, pwmRequest == null ? null : pwmRequest.getConfig(), bundle );
+            String displayMessage = figureDisplayMessage( locale, pwmRequest == null ? null : pwmRequest.getDomainConfig(), bundle );
 
             if ( pwmRequest != null )
             {

server/src/main/java/password/pwm/http/tag/ErrorMessageTag.java

@@ -70,7 +70,7 @@ public class ErrorMessageTag extends PwmAbstractTag
 
             if ( error != null )
             {
-                final boolean allowHtml = Boolean.parseBoolean( pwmRequest.getConfig().readAppProperty( AppProperty.HTTP_ERRORS_ALLOW_HTML ) );
+                final boolean allowHtml = Boolean.parseBoolean( pwmRequest.getDomainConfig().readAppProperty( AppProperty.HTTP_ERRORS_ALLOW_HTML ) );
                 final boolean showErrorDetail = pwmApplication.getDefaultDomain().determineIfDetailErrorMsgShown();
 
                 String outputMsg = error.toUserStr( pwmRequest.getPwmSession(), pwmApplication.getDefaultDomain() );

server/src/main/java/password/pwm/http/tag/JspThrowableHandlerTag.java

@@ -84,7 +84,7 @@ public class JspThrowableHandlerTag extends TagSupport
         {
             final PwmRequest pwmRequest = PwmRequest.forRequest( ( HttpServletRequest ) pageContext.getRequest(), ( HttpServletResponse ) pageContext.getResponse() );
             userLocale = pwmRequest.getLocale();
-            domainConfig = pwmRequest.getConfig();
+            domainConfig = pwmRequest.getDomainConfig();
         }
         catch ( final Exception e )
         {