diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index d201f83c..8d32e9ff 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -468,6 +468,9 @@ md-eu1.qa.komreg.net:
    eidas_sp:
       version: 1.0.0
       hostname: qa.test.swedenconnect.se
+   swedenconnect_refidp:
+      version: 1.0.3
+      hostname: qa.test.swedenconnect.se
    sunet::frontend::register_sites:
      sites:
        'qa.test.swedenconnect.se':
diff --git a/global/overlay/etc/puppet/manifests/.cosmos-site.pp.swp b/global/overlay/etc/puppet/manifests/.cosmos-site.pp.swp
new file mode 100644
index 00000000..426126bf
Binary files /dev/null and b/global/overlay/etc/puppet/manifests/.cosmos-site.pp.swp differ
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 50533227..74536112 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -273,6 +273,31 @@ class eidas_sp($version="1.0.0",$hostname='localhost') {
    class {'https_server': }
 }
 
+class swedenconnect_refidp($version="1.0.3",$hostname='localhost') {
+  $_version = safe_hiera('swedenconnect_refidp_version',$version)
+  $_hostname = safe_hiera('swedenconnect_refidp_hostname',$hostname)
+  $idp_persistent_id_salt = safe_hiera('idp_persistent_id_salt',NOT_SET);
+  $idp_fticks_salt = safe_hiera('idp_fticks_salt',NOT_SET);
+  $proxy_header_secret = safe_hiera('proxy_header_secret',NOT_SET);
+  sunet::docker_run {'swedenconnect-idp':
+      image    => 'docker.sunet.se/swedenconnect-idp',
+      imagetag => $_version,
+      hostname => "${::fqdn}",
+      ports    => ['443:8443'],
+      volumes  => ['/var/log/swedenconnect-idp:/var/log/swedenconnect-idp',
+                   '/etc/swedenconnect-idp:/etc/swedenconnect-idp',
+                   '/dev/log:/dev/log',
+                   '/etc/ssl:/etc/ssl'],
+      env      => ["IDP_SERVER_HOSTNAME=$_hostname",
+                   "TOMCAT_HOSTNAME=$_hostname",
+                   "TOMCAT_PROXY_SHARED_SECRET=$proxy_header_secret",
+                   "IDP_PERSISTENT_ID_SALT=$idp_persistent_id_salt",
+                   "IDP_FTICKS_SALT=$idp_fticks_salt"]
+   } ->
+   class {'webserver': } ->
+   class {'https_server': }  
+}
+
 class eidas_connector($version="1.0.6",$hostname='localhost') {
    $_version = safe_hiera('eidas_connector_version',$version)
    $_hostname = safe_hiera('eidas_connector_hostname',$hostname)
diff --git a/test-1.qa.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc b/test-1.qa.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc
new file mode 100644
index 00000000..15550f28
--- /dev/null
+++ b/test-1.qa.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc
@@ -0,0 +1,24 @@
+STATUS=UPDATED
+
+-----BEGIN PGP MESSAGE-----
+Version: GnuPG v2
+
+hQEMA/veFI9QCM0HAQf+KGNndhZ21jix5bYG3z0D9FWuBeVVBjBf00Y+uF3EqdQB
+xlZWzUWPULl3EpwVXzaItzjUoO8VeZf24QvYDqJEdm9rAL9FhJ56p9l8YJhBJQBR
+SW5xgZMFcXI9nK9SIkKqeqUnszM1/zmIB5tS4cQ9JEFQAhwFgnHFH7EpZO9GQEIa
+D5LG0/f9i0M40Jm+COh++hR4FD22X2tmrtRlH+oksUifEJqegx6/ga4nZEUPVFvH
+4Y/otWurT/EzwhioHvJ8YpzwW0Z/gxwWL7dBArUMBmDWb9kMn1wgDaKbtZUsI3zk
+cxA6UOFlbhe3XMB4Hul8B1LRn7i/LUu1blMFngPEcNLpATcapryPnuiKzns1HWhz
+0EkZPRqyYxo5kruSGIeuvVtJN/aWOxpJeCc5DNEzoAwTzhMR7KIOXsRZG0myzw+f
+XJOH7XuyrhYxwSr9vTt2fkufZ3neDodGuioVUyyYOIPNoOKx/OZmgTqy27ly/Elu
+UAmOCXmxLwR4gIm1jn2DIP9fbZt+w2HeHlD6/0bLUfvu7v8asDZbEp93swlDnR3F
+uMe+NsZ+5u+6ZYWdisoD3jOVP+oi2SJkPTEzmKmaLALyrjxMoNj4EawMAoaqFlrz
+wsN9hrZxJnngEpBV0eN3mIVpnVdFLfp0QRVYhkzn24qYHYRIb+0d1QsYsXzuJXsV
+XDYJiJy56H9nB+C2Uzw4D4ePSbRq4RWq+URxKYpZLvjdKAowKFso9eirSll8BK8r
+6uw11t0ygQ8Eh/rwd1hQFQbQ44BNmLO6T2vw6waW9AWIC4uRRQ+E1IGC474yTcai
+jLlbbJYsSOa1lFG7LQTxSnBI1DGEnDi+1UwUHX4j97xSHYkMjEgvowCAHr8rPBOg
+LRSj9EG4EspulHCXEwpeZK4ZmWeq1sg4ZvMf5JnGHwBmQcJ+lvxXVN/qvsbS5XhD
+6E6kXkqm8JyOZh1M2xdTPf5XeF3soxggUrbJhuaiDQaxHoSwTO4Gds11PZL2aaeg
+VPt/HTuhwUoBxJ02rT8hWDMUS0fdYPMT6YLmyBu9kDJdpb6vsiw=
+=zvfD
+-----END PGP MESSAGE-----