root@idp:~# chgrp -R $( getent group | grep ^tomcat | cut -d ":" -f1 ) /opt/shibboleth-idp/conf /opt/shibboleth-idp/credentials
root@idp:~# chmod -R g+r /opt/shibboleth-idp/conf /opt/shibboleth-idp/credentials