diff --git a/weblogic-azure-aks/src/main/arm/scripts/buildWLSDockerImage.sh b/weblogic-azure-aks/src/main/arm/scripts/buildWLSDockerImage.sh
index 03dc722df..0a4b7e58c 100644
--- a/weblogic-azure-aks/src/main/arm/scripts/buildWLSDockerImage.sh
+++ b/weblogic-azure-aks/src/main/arm/scripts/buildWLSDockerImage.sh
@@ -8,14 +8,14 @@ function echo_stderr() {
     echo "$@" >&2
 }
 
-# read <azureACRPassword> and <ocrSSOPSW> from stdin
+# read <azureACRShibboleth> and <ocrSSOShibboleth> from stdin
 function read_sensitive_parameters_from_stdin() {
-    read azureACRPassword ocrSSOPSW
+    read azureACRShibboleth ocrSSOShibboleth
 }
 
 #Function to display usage message
 function usage() {
-    echo "<azureACRPassword> <ocrSSOPSW> | ./buildWLSDockerImage.sh <wlsImagePath> <azureACRServer> <azureACRUserName> <imageTag> <appPackageUrls> <ocrSSOUser> <wlsClusterSize> <enableSSL> <enableAdminT3Tunneling> <enableClusterT3Tunneling> <dbDriversUrls>"
+    echo "<azureACRShibboleth> <ocrSSOShibboleth> | ./buildWLSDockerImage.sh <wlsImagePath> <azureACRServer> <azureACRUserName> <imageTag> <appPackageUrls> <ocrSSOUser> <wlsClusterSize> <enableSSL> <enableAdminT3Tunneling> <enableClusterT3Tunneling> <dbDriversUrls>"
     if [ $1 -eq 1 ]; then
         exit 1
     fi
@@ -51,8 +51,8 @@ function validate_inputs() {
         usage 1
     fi
 
-    if [ -z "$azureACRPassword" ]; then
-        echo_stderr "azureACRPassword is required. "
+    if [ -z "$azureACRShibboleth" ]; then
+        echo_stderr "azureACRShibboleth is required. "
         usage 1
     fi
 
@@ -71,8 +71,8 @@ function validate_inputs() {
         usage 1
     fi
 
-    if [[ "${useOracleImage,,}" == "${constTrue}" ]] && [ -z "$ocrSSOPSW" ]; then
-        echo_stderr "ocrSSOPSW is required. "
+    if [[ "${useOracleImage,,}" == "${constTrue}" ]] && [ -z "$ocrSSOShibboleth" ]; then
+        echo_stderr "ocrSSOShibboleth is required. "
         usage 1
     fi
 
@@ -334,8 +334,8 @@ function install_db_drivers() {
 # Pull weblogic image
 function get_wls_image_from_ocr() {
     sudo docker logout
-    sudo docker login ${ocrLoginServer} -u ${ocrSSOUser} -p ${ocrSSOPSW}
-    echo "Start to pull oracle image ${wlsImagePath}  ${ocrLoginServer} ${ocrSSOUser} ${ocrSSOPSW}"
+    sudo docker login ${ocrLoginServer} -u ${ocrSSOUser} -p ${ocrSSOShibboleth}
+    echo "Start to pull oracle image ${wlsImagePath}  ${ocrLoginServer} ${ocrSSOUser} ${ocrSSOShibboleth}"
     sudo docker pull -q ${wlsImagePath}
     validate_status "Finish pulling image from OCR."
 }
@@ -343,8 +343,8 @@ function get_wls_image_from_ocr() {
 # Get user provided image
 function get_user_provided_wls_image_from_acr() {
     sudo docker logout
-    sudo docker login ${azureACRServer} -u ${azureACRUserName} -p ${azureACRPassword}
-    echo "Start to pull user provided image ${wlsImagePath} ${azureACRServer} ${azureACRUserName} ${azureACRPassword}"
+    sudo docker login ${azureACRServer} -u ${azureACRUserName} -p ${azureACRShibboleth}
+    echo "Start to pull user provided image ${wlsImagePath} ${azureACRServer} ${azureACRUserName} ${azureACRShibboleth}"
     sudo docker pull -q ${wlsImagePath}
     validate_status "Finish pulling image from OCR."
 }
@@ -426,7 +426,7 @@ function build_wls_image() {
 
     # Push image to ACR
     sudo docker logout
-    sudo docker login $azureACRServer -u ${azureACRUserName} -p ${azureACRPassword}
+    sudo docker login $azureACRServer -u ${azureACRUserName} -p ${azureACRShibboleth}
     echo "Start pushing image ${acrImagePath} to $azureACRServer."
     sudo docker push -q ${acrImagePath}
     validate_status "Check status of pushing WLS domain image."
diff --git a/weblogic-azure-aks/src/main/arm/scripts/createVMAndBuildImage.sh b/weblogic-azure-aks/src/main/arm/scripts/createVMAndBuildImage.sh
index d073f22a7..8f1820887 100644
--- a/weblogic-azure-aks/src/main/arm/scripts/createVMAndBuildImage.sh
+++ b/weblogic-azure-aks/src/main/arm/scripts/createVMAndBuildImage.sh
@@ -6,9 +6,9 @@
 
 echo "Script  ${0} starts"
 
-# read <acrPassword> from stdin
+# read <acrShibboleth> from stdin
 function read_sensitive_parameters_from_stdin() {
-    read acrPassword
+    read acrShibboleth
 }
 
 function cleanup_vm() {
@@ -53,11 +53,20 @@ function cleanup_vm() {
 | where resourceGroup  =~ '${CURRENT_RESOURCEGROUP_NAME}' \
 | project nsgId = id" --query "data[0].nsgId" -o tsv)
 
+    #query public ip id
+    publicIpId=$(az graph query -q "Resources \
+| where type =~ 'Microsoft.Network/publicIPAddresses' \
+| where name =~ '${vmName}PublicIP' \
+| where resourceGroup =~ '${CURRENT_RESOURCEGROUP_NAME}' \
+| project publicIpId = id" --query "data[0].publicIpId" -o tsv)
+
     # Delete VM NIC IP VNET NSG resoruces
     echo "deleting vm ${vmId}"
     az vm delete --ids $vmId --yes
     echo "deleting nic ${nicId}"
     az network nic delete --ids ${nicId}
+    echo "deleting public ip ${publicIpId}"
+    az network public-ip delete --ids $publicIpId
     echo "deleting disk ${osDiskId}"
     az disk delete --yes --ids ${osDiskId}
     echo "deleting vnet ${vnetId}"
@@ -119,6 +128,8 @@ function build_docker_image() {
     export TAG_VM=$(echo "${TAG_VM}" \
         | jq -r 'to_entries | map("\"" + .key + "\"=" + (if .value|type == "string" then "\"\(.value)\"" else "\(.value)" end)) | join(" ")')
 
+    publicIPName="${vmName}PublicIP"
+
     # MICROSOFT_INTERNAL
     # Specify tag 'SkipASMAzSecPack' to skip policy 'linuxazuresecuritypackautodeployiaas_1.6'
     # Specify tag 'SkipNRMS*' to skip Microsoft internal NRMS policy, which causes vm-redeployed issue
@@ -132,7 +143,7 @@ function build_docker_image() {
     --enable-agent true \
     --vnet-name ${vmName}VNET \
     --enable-auto-update false \
-    --public-ip-address "" \
+    --public-ip-address ${publicIPName} \
     --size ${vmSize} \
     --tags ${TAG_VM} SkipASMAzSecPack=true SkipNRMSCorp=true SkipNRMSDatabricks=true SkipNRMSDB=true SkipNRMSHigh=true SkipNRMSMedium=true SkipNRMSRDPSSH=true SkipNRMSSAW=true SkipNRMSMgmt=true --verbose
 
@@ -153,7 +164,7 @@ function build_docker_image() {
         --publisher Microsoft.Azure.Extensions \
         --version 2.0 \
         --settings "{ \"fileUris\": [\"${SCRIPT_LOCATION}model.properties\",\"${SCRIPT_LOCATION}genImageModel.sh\",\"${SCRIPT_LOCATION}buildWLSDockerImage.sh\",\"${SCRIPT_LOCATION}common.sh\"]}" \
-        --protected-settings "{\"commandToExecute\":\"echo ${acrPassword} ${ORACLE_ACCOUNT_PASSWORD} | bash buildWLSDockerImage.sh ${wlsImagePath} ${acrLoginServer} ${acrUser} ${newImageTag} ${WLS_APP_PACKAGE_URLS} ${ORACLE_ACCOUNT_NAME} ${WLS_CLUSTER_SIZE} ${ENABLE_CUSTOM_SSL} ${ENABLE_ADMIN_CUSTOM_T3} ${ENABLE_CLUSTER_CUSTOM_T3} ${USE_ORACLE_IMAGE} ${URL_3RD_DATASOURCE} ${ENABLE_PASSWORDLESS_DB_CONNECTION} ${DB_TYPE} ${CPU_PLATFORM} \"}"
+        --protected-settings "{\"commandToExecute\":\"echo ${acrShibboleth} ${ORACLE_ACCOUNT_SHIBBOLETH} | bash buildWLSDockerImage.sh ${wlsImagePath} ${acrLoginServer} ${acrUser} ${newImageTag} ${WLS_APP_PACKAGE_URLS} ${ORACLE_ACCOUNT_NAME} ${WLS_CLUSTER_SIZE} ${ENABLE_CUSTOM_SSL} ${ENABLE_ADMIN_CUSTOM_T3} ${ENABLE_CLUSTER_CUSTOM_T3} ${USE_ORACLE_IMAGE} ${URL_3RD_DATASOURCE} ${ENABLE_SHIBBOLETHLESS_DB_CONNECTION} ${DB_TYPE} ${CPU_PLATFORM} \"}"
 
     cleanup_vm
 }
diff --git a/weblogic-azure-aks/src/main/arm/scripts/dbUtility.sh b/weblogic-azure-aks/src/main/arm/scripts/dbUtility.sh
index dfa47c3a9..23a65d7b8 100644
--- a/weblogic-azure-aks/src/main/arm/scripts/dbUtility.sh
+++ b/weblogic-azure-aks/src/main/arm/scripts/dbUtility.sh
@@ -16,7 +16,7 @@ function generate_ds_model() {
         databaseDriver=${driverMySQL}
         databaseTestTableName=${testTableMySQL}
 
-        if [[ "${ENABLE_PASSWORDLESS_CONNECTION,,}" == "true" ]]; then
+        if [[ "${ENABLE_SHIBBOLETHLESS_CONNECTION,,}" == "true" ]]; then
             databaseDriver=${driverMySQLCj}
         fi
     elif [[ "${DATABASE_TYPE}" == "${dbTypeOthers}" ]]; then
@@ -101,7 +101,7 @@ function create_datasource_secret() {
     echo "create/update secret ${dbSecretName} for ${JDBC_DATASOURCE_NAME}"
     kubectl -n ${domainNamespace} create secret generic \
         ${dbSecretName} \
-        --from-literal=password="${DB_PASSWORD}" \
+        --from-literal=password="${DB_SHIBBOLETH}" \
         --from-literal=url="${DB_CONNECTION_STRING}" \
         --from-literal=user="${DB_USER}"
 
diff --git a/weblogic-azure-aks/src/main/arm/scripts/genDomainConfig.sh b/weblogic-azure-aks/src/main/arm/scripts/genDomainConfig.sh
index 59850674f..5636f9a05 100644
--- a/weblogic-azure-aks/src/main/arm/scripts/genDomainConfig.sh
+++ b/weblogic-azure-aks/src/main/arm/scripts/genDomainConfig.sh
@@ -19,7 +19,7 @@ if [[ "${DB_TYPE}" == "mysql" ]]; then
   preClassPath="/u01/domains/${WLS_DOMAIN_UID}/wlsdeploy/${constPreclassDirectoryName}/*:"
 fi
 
-if [[ "${ENABLE_PASSWORDLESS_DB_CONNECTION,,}" == "true" ]] && [[ "${DB_TYPE}" == "mysql" || "${DB_TYPE}" == "postgresql" ]]; then
+if [[ "${ENABLE_SHIBBOLETHLESS_DB_CONNECTION,,}" == "true" ]] && [[ "${DB_TYPE}" == "mysql" || "${DB_TYPE}" == "postgresql" ]]; then
   # append jackson libraries to pre-classpath to upgrade existing libs in GA images
   preClassPath="${preClassPath}/u01/domains/${WLS_DOMAIN_UID}/wlsdeploy/classpathLibraries/jackson/*"
   classPath="${classPath}:/u01/domains/${WLS_DOMAIN_UID}/wlsdeploy/classpathLibraries/azureLibraries/*"
@@ -182,7 +182,7 @@ cat <<EOF >>$filePath
 EOF
 
 # enable db pod identity, all of the selector of pod identities are "db-pod-idenity"
-if [[ "${ENABLE_PASSWORDLESS_DB_CONNECTION,,}" == "true" ]]; then
+if [[ "${ENABLE_SHIBBOLETHLESS_DB_CONNECTION,,}" == "true" ]]; then
     cat <<EOF >>$filePath
     labels:
       aadpodidbinding: "${constDbPodIdentitySelector}"
@@ -258,4 +258,4 @@ spec:
   # The number of managed servers to start for this cluster
   replicas: 2
 
-EOF
\ No newline at end of file
+EOF
diff --git a/weblogic-azure-aks/src/main/arm/scripts/inline-scripts/enablePrometheusMetrics.sh b/weblogic-azure-aks/src/main/arm/scripts/inline-scripts/enablePrometheusMetrics.sh
index 874ff613f..1d8917c8d 100644
--- a/weblogic-azure-aks/src/main/arm/scripts/inline-scripts/enablePrometheusMetrics.sh
+++ b/weblogic-azure-aks/src/main/arm/scripts/inline-scripts/enablePrometheusMetrics.sh
@@ -29,7 +29,7 @@ function enable_promethues_metrics(){
 # https://learn.microsoft.com/en-us/azure/azure-monitor/containers/prometheus-metrics-scrape-configuration
 function deploy_customize_scraping(){
     # https://learn.microsoft.com/en-us/azure/azure-monitor/containers/prometheus-metrics-scrape-configuration?tabs=CRDConfig%2CCRDScrapeConfig#basic-authentication
-    local wlsPswBase64=$(echo -n "${WLS_ADMIN_PASSWORD}" | base64)
+    local wlsShibbolethBase64=$(echo -n "${WLS_ADMIN_SHIBBOLETH}" | base64)
     cat <<EOF | kubectl apply -f -
 apiVersion: v1
 kind: Secret
@@ -38,7 +38,7 @@ metadata:
   namespace: kube-system
 type: Opaque
 data:
-  password1: ${wlsPswBase64}
+  password1: ${wlsShibbolethBase64}
 EOF
 
     #create scrape config file
diff --git a/weblogic-azure-aks/src/main/arm/scripts/inline-scripts/validateParameters.sh b/weblogic-azure-aks/src/main/arm/scripts/inline-scripts/validateParameters.sh
index 801019785..e4460b126 100644
--- a/weblogic-azure-aks/src/main/arm/scripts/inline-scripts/validateParameters.sh
+++ b/weblogic-azure-aks/src/main/arm/scripts/inline-scripts/validateParameters.sh
@@ -4,21 +4,21 @@
 #
 # env inputs:
 # ORACLE_ACCOUNT_NAME
-# ORACLE_ACCOUNT_PASSWORD
+# ORACLE_ACCOUNT_SHIBBOLETH
 # ACR_NAME
 # AKS_CLUSTER_NAME
 # AKS_CLUSTER_RESOURCEGROUP_NAME
 # BASE64_FOR_SERVICE_PRINCIPAL
 # WLS_SSL_IDENTITY_DATA
-# WLS_SSL_IDENTITY_PASSWORD
+# WLS_SSL_IDENTITY_SHIBBOLETH
 # WLS_SSL_IDENTITY_TYPE
 # WLS_SSL_TRUST_DATA
-# WLS_SSL_TRUST_PASSWORD
+# WLS_SSL_TRUST_SHIBBOLETH
 # WLS_SSL_TRUST_TYPE
 # WLS_SSL_PRIVATE_KEY_ALIAS
-# WLS_SSL_PRIVATE_KEY_PASSWORD
+# WLS_SSL_PRIVATE_KEY_SHIBBOLETH
 # APPLICATION_GATEWAY_SSL_FRONTEND_CERT_DATA
-# APPLICATION_GATEWAY_SSL_FRONTEND_CERT_PASSWORD
+# APPLICATION_GATEWAY_SSL_FRONTEND_CERT_SHIBBOLETH
 # DNS_ZONE_NAME
 # DNS_ZONE_RESOURCEGROUP_NAME
 # AKS_VERSION
@@ -137,9 +137,9 @@ function validate_memory_resources() {
 
 function validate_ocr_account() {
   # ORACLE_ACCOUNT_NAME
-  # ORACLE_ACCOUNT_PASSWORD
+  # ORACLE_ACCOUNT_SHIBBOLETH
   docker logout
-  echo "${ORACLE_ACCOUNT_PASSWORD}" | docker login ${ocrLoginServer} -u ${ORACLE_ACCOUNT_NAME} --password-stdin
+  echo "${ORACLE_ACCOUNT_SHIBBOLETH}" | docker login ${ocrLoginServer} -u ${ORACLE_ACCOUNT_NAME} --password-stdin
   validate_status "login OCR with user ${ORACLE_ACCOUNT_NAME}"
 
   echo_stdout "Check OCR account: passed!"
@@ -184,10 +184,10 @@ function obtain_image_architecture() {
       # Use the docker manifest inspect command to get the architecture.
       # https://learn.microsoft.com/en-us/azure/container-registry/push-multi-architecture-images
       local acrUserName=$(az acr credential show -n ${acrName} --query "username" | tr -d "\"")
-      local acrPassword=$(az acr credential show -n ${acrName} --query "passwords[0].value" | tr -d "\"")
+      local acrShibboleth=$(az acr credential show -n ${acrName} --query "passwords[0].value" | tr -d "\"")
       local acrServer="${acrName}.azurecr.io"
 
-      docker login ${acrServer} -u ${acrUserName} -p ${acrPassword}
+      docker login ${acrServer} -u ${acrUserName} -p ${acrShibboleth}
       local ret=$(docker manifest inspect ${imageUri} | jq '.manifests[] | .platform.architecture')
 
       if [[ $ret == *"${constX86Platform}"* && $ret == *"${constARM64Platform}"* ]]; then
@@ -239,7 +239,7 @@ function validate_ocr_image() {
     --resource-group ${ACR_RESOURCE_GROUP} \
     --source ${ocrImageFullPath} \
     -u ${ORACLE_ACCOUNT_NAME} \
-    -p ${ORACLE_ACCOUNT_PASSWORD} \
+    -p ${ORACLE_ACCOUNT_SHIBBOLETH} \
     --image ${tmpImagePath} \
     --only-show-errors
 
@@ -354,7 +354,7 @@ function validate_wls_ssl_certificates() {
   #validate if identity keystore has entry
   ${JAVA_HOME}/bin/keytool -list -v \
       -keystore $wlsIdentityKeyStoreFileName \
-      -storepass $WLS_SSL_IDENTITY_PASSWORD \
+      -storepass $WLS_SSL_IDENTITY_SHIBBOLETH \
       -storetype $WLS_SSL_IDENTITY_TYPE |
       grep 'Entry type:' |
       grep 'PrivateKeyEntry'
@@ -364,7 +364,7 @@ function validate_wls_ssl_certificates() {
   #validate if trust keystore has entry
   ${JAVA_HOME}/bin/keytool -list -v \
       -keystore ${wlsTrustKeyStoreFileName} \
-      -storepass $WLS_SSL_TRUST_PASSWORD \
+      -storepass $WLS_SSL_TRUST_SHIBBOLETH \
       -storetype $WLS_SSL_TRUST_TYPE |
       grep 'Entry type:' |
       grep 'trustedCertEntry'
@@ -386,8 +386,8 @@ function validate_gateway_frontend_certificates() {
     -in $appgwFrontCertFileName \
     -nocerts \
     -out ${AZ_SCRIPTS_PATH_OUTPUT_DIRECTORY}/cert.key \
-    -passin pass:${APPLICATION_GATEWAY_SSL_FRONTEND_CERT_PASSWORD} \
-    -passout pass:${APPLICATION_GATEWAY_SSL_FRONTEND_CERT_PASSWORD}
+    -passin pass:${APPLICATION_GATEWAY_SSL_FRONTEND_CERT_SHIBBOLETH} \
+    -passout pass:${APPLICATION_GATEWAY_SSL_FRONTEND_CERT_SHIBBOLETH}
   
   validate_status "access application gateway frontend key." "Make sure the Application Gateway frontend certificate is correct."
 }
diff --git a/weblogic-azure-aks/src/main/arm/scripts/setupDBConnections.sh b/weblogic-azure-aks/src/main/arm/scripts/setupDBConnections.sh
index 3385b0387..446976b02 100644
--- a/weblogic-azure-aks/src/main/arm/scripts/setupDBConnections.sh
+++ b/weblogic-azure-aks/src/main/arm/scripts/setupDBConnections.sh
@@ -12,17 +12,17 @@ AKS_RESOURCE_GROUP_NAME: the name of resource group that runs the AKS cluster.
 AKS_NAME: the name of the AKS cluster.
 DATABASE_TYPE: one of the supported database types.
 DB_CONFIGURATION_TYPE: createOrUpdate: create a new data source connection, or update an existing data source connection. delete: delete an existing data source connection.
-DB_PASSWORD: password for Database.
+DB_SHIBBOLETH: password for Database.
 DB_USER: user id of Database.
 DB_CONNECTION_STRING: JDBC Connection String.
 DB_DRIVER_NAME: datasource driver name, must be specified if database type is otherdb.
-ENABLE_PASSWORDLESS_CONNECTION: true to enable passwordless connection
+ENABLE_SHIBBOLETHLESS_CONNECTION: true to enable passwordless connection
 GLOBAL_TRANSATION_PROTOCOL: Determines the transaction protocol (global transaction processing behavior) for the data source.
 JDBC_DATASOURCE_NAME: JNDI Name for JDBC Datasource.
 TEST_TABLE_NAME: the name of the database table to use when testing physical database connections. This name is required when you specify a Test Frequency and enable Test Reserved Connections.
 WLS_DOMAIN_UID: UID of WebLogic domain, used in WebLogic Operator.
 WLS_DOMAIN_USER: user name for WebLogic Administrator.
-WLS_DOMAIN_PASSWORD: passowrd for WebLogic Administrator.
+WLS_DOMAIN_SHIBBOLETH: passowrd for WebLogic Administrator.
 END
 )
 
@@ -45,8 +45,8 @@ function validate_input() {
         usage 1
     fi
 
-    if [[ -z "${DB_PASSWORD}" || -z "${DB_USER}" ]]; then
-        echo_stderr "DB_PASSWORD and DB_USER are required. "
+    if [[ -z "${DB_SHIBBOLETH}" || -z "${DB_USER}" ]]; then
+        echo_stderr "DB_SHIBBOLETH and DB_USER are required. "
         usage 1
     fi
 
@@ -65,14 +65,14 @@ function validate_input() {
         usage 1
     fi
 
-    if [[ -z "$WLS_DOMAIN_USER" || -z "${WLS_DOMAIN_PASSWORD}" ]]; then
-        echo_stderr "WLS_DOMAIN_USER and WLS_DOMAIN_PASSWORD are required. "
+    if [[ -z "$WLS_DOMAIN_USER" || -z "${WLS_DOMAIN_SHIBBOLETH}" ]]; then
+        echo_stderr "WLS_DOMAIN_USER and WLS_DOMAIN_SHIBBOLETH are required. "
         usage 1
     fi
 
-    # reset password
-    if [[ "${ENABLE_PASSWORDLESS_CONNECTION,,}" == "true" ]]; then
-        DB_PASSWORD=""
+    # reset shibboleth
+    if [[ "${ENABLE_SHIBBOLETHLESS_CONNECTION,,}" == "true" ]]; then
+        DB_SHIBBOLETH=""
 
         if [[ "${DATABASE_TYPE}" == "${constDBTypeSqlServer}" ]]; then
             DB_USER=""
@@ -238,7 +238,7 @@ function validate_datasource() {
     clusterTargetPort=$(kubectl get svc ${wlsClusterSvcName} -n ${wlsDomainNS} -o json | jq '.spec.ports[] | select(.name=="default") | .port')
     t3ConnectionString="t3://${wlsClusterSvcName}.${wlsDomainNS}.svc.cluster.local:${clusterTargetPort}"
     cat <<EOF >${testDatasourceScript}
-connect('${WLS_DOMAIN_USER}', '${WLS_DOMAIN_PASSWORD}', '${t3ConnectionString}')
+connect('${WLS_DOMAIN_USER}', '${WLS_DOMAIN_SHIBBOLETH}', '${t3ConnectionString}')
 serverRuntime()
 print 'start to query data source jndi bean'
 dsMBeans = cmo.getJDBCServiceRuntime().getJDBCDataSourceRuntimeMBeans()
diff --git a/weblogic-azure-aks/src/main/arm/scripts/setupWLSDomain.sh b/weblogic-azure-aks/src/main/arm/scripts/setupWLSDomain.sh
index 56cb7594e..6022152b8 100644
--- a/weblogic-azure-aks/src/main/arm/scripts/setupWLSDomain.sh
+++ b/weblogic-azure-aks/src/main/arm/scripts/setupWLSDomain.sh
@@ -21,7 +21,7 @@ ENABLE_CLUSTER_CUSTOM_T3
 ENABLE_CUSTOM_SSL
 ENABLE_PV
 ORACLE_ACCOUNT_NAME
-ORACLE_ACCOUNT_PASSWORD
+ORACLE_ACCOUNT_SHIBBOLETH
 ORACLE_ACCOUNT_ENTITLED
 SCRIPT_LOCATION
 STORAGE_ACCOUNT_NAME
@@ -30,7 +30,7 @@ USE_ORACLE_IMAGE
 USER_PROVIDED_IMAGE_PATH
 WLS_DOMAIN_NAME
 WLS_DOMAIN_UID
-WLS_ADMIN_PASSWORD
+WLS_ADMIN_SHIBBOLETH
 WLS_ADMIN_USER_NAME
 WLS_APP_PACKAGE_URLS
 WLS_APP_REPLICAS
@@ -41,13 +41,13 @@ WLS_MANAGED_SERVER_PREFIX
 WLS_RESOURCE_REQUEST_CPU
 WLS_RESOURCE_REQUEST_MEMORY
 WLS_SSL_IDENTITY_DATA
-WLS_SSL_IDENTITY_PASSWORD
+WLS_SSL_IDENTITY_SHIBBOLETH
 WLS_SSL_IDENTITY_TYPE
 WLS_SSL_TRUST_DATA
-WLS_SSL_TRUST_PASSWORD
+WLS_SSL_TRUST_SHIBBOLETH
 WLS_SSL_TRUST_TYPE
 WLS_SSL_PRIVATE_KEY_ALIAS
-WLS_SSL_PRIVATE_KEY_PASSWORD
+WLS_SSL_PRIVATE_KEY_SHIBBOLETH
 WLS_T3_ADMIN_PORT
 WLS_T3_CLUSTER_PORT
 WLS_WDT_RUNTIME_PSW
@@ -67,7 +67,7 @@ function validate_input() {
         usage 1
     fi
 
-    if [[ "${USE_ORACLE_IMAGE,,}" == "${constTrue}" ]] && [[ -z "$ORACLE_ACCOUNT_NAME" || -z "${ORACLE_ACCOUNT_PASSWORD}" ]]; then
+    if [[ "${USE_ORACLE_IMAGE,,}" == "${constTrue}" ]] && [[ -z "$ORACLE_ACCOUNT_NAME" || -z "${ORACLE_ACCOUNT_SHIBBOLETH}" ]]; then
         echo_stderr "Oracle SSO account is required. "
         usage 1
     fi
@@ -102,8 +102,8 @@ function validate_input() {
         usage 1
     fi
 
-    if [ -z "$WLS_ADMIN_PASSWORD" ]; then
-        echo_stderr "WLS_ADMIN_PASSWORD is required. "
+    if [ -z "$WLS_ADMIN_SHIBBOLETH" ]; then
+        echo_stderr "WLS_ADMIN_SHIBBOLETH is required. "
         usage 1
     fi
 
@@ -162,8 +162,8 @@ function validate_input() {
         usage 1
     fi
 
-    if [[ -z "$WLS_SSL_IDENTITY_DATA" || -z "${WLS_SSL_IDENTITY_PASSWORD}" ]]; then
-        echo_stderr "WLS_SSL_IDENTITY_PASSWORD and WLS_SSL_IDENTITY_DATA are required. "
+    if [[ -z "$WLS_SSL_IDENTITY_DATA" || -z "${WLS_SSL_IDENTITY_SHIBBOLETH}" ]]; then
+        echo_stderr "WLS_SSL_IDENTITY_SHIBBOLETH and WLS_SSL_IDENTITY_DATA are required. "
         usage 1
     fi
 
@@ -172,13 +172,13 @@ function validate_input() {
         usage 1
     fi
 
-    if [[ -z "$WLS_SSL_PRIVATE_KEY_ALIAS" || -z "${WLS_SSL_PRIVATE_KEY_PASSWORD}" ]]; then
-        echo_stderr "WLS_SSL_PRIVATE_KEY_ALIAS and WLS_SSL_PRIVATE_KEY_PASSWORD are required. "
+    if [[ -z "$WLS_SSL_PRIVATE_KEY_ALIAS" || -z "${WLS_SSL_PRIVATE_KEY_SHIBBOLETH}" ]]; then
+        echo_stderr "WLS_SSL_PRIVATE_KEY_ALIAS and WLS_SSL_PRIVATE_KEY_SHIBBOLETH are required. "
         usage 1
     fi
 
-    if [[ -z "$WLS_SSL_TRUST_DATA" || -z "${WLS_SSL_TRUST_PASSWORD}" ]]; then
-        echo_stderr "WLS_SSL_TRUST_DATA and WLS_SSL_TRUST_PASSWORD are required. "
+    if [[ -z "$WLS_SSL_TRUST_DATA" || -z "${WLS_SSL_TRUST_SHIBBOLETH}" ]]; then
+        echo_stderr "WLS_SSL_TRUST_DATA and WLS_SSL_TRUST_SHIBBOLETH are required. "
         usage 1
     fi
 
@@ -384,7 +384,7 @@ function query_acr_credentials() {
     ACR_USER_NAME=$(az acr credential show -n $ACR_NAME -g ${ACR_RESOURCEGROUP_NAME} --query 'username' -o tsv)
     validate_status "Query ACR credentials."
 
-    ACR_PASSWORD=$(az acr credential show -n $ACR_NAME -g ${ACR_RESOURCEGROUP_NAME} --query 'passwords[0].value' -o tsv)
+    ACR_SHIBBOLETH=$(az acr credential show -n $ACR_NAME -g ${ACR_RESOURCEGROUP_NAME} --query 'passwords[0].value' -o tsv)
     validate_status "Query ACR credentials."
 }
 
@@ -396,7 +396,7 @@ function query_acr_credentials() {
 function build_docker_image() {
     echo "build a new image including the new applications"
     chmod ugo+x $scriptDir/createVMAndBuildImage.sh
-    echo ${ACR_PASSWORD} | bash $scriptDir/createVMAndBuildImage.sh $newImageTag ${ACR_LOGIN_SERVER} ${ACR_USER_NAME}
+    echo ${ACR_SHIBBOLETH} | bash $scriptDir/createVMAndBuildImage.sh $newImageTag ${ACR_LOGIN_SERVER} ${ACR_USER_NAME}
 
     # to mitigate error in https://learn.microsoft.com/en-us/answers/questions/1188413/the-resource-with-name-name-and-type-microsoft-con
     az provider register -n Microsoft.ContainerRegistry
@@ -429,7 +429,7 @@ function validate_ssl_keystores() {
     #validate if trust keystore has entry
     ${JAVA_HOME}/bin/keytool -list -v \
         -keystore ${mntPath}/${wlsTrustKeyStoreJKSFileName} \
-        -storepass $WLS_SSL_TRUST_PASSWORD \
+        -storepass $WLS_SSL_TRUST_SHIBBOLETH \
         -storetype jks |
         grep 'Entry type:' |
         grep 'trustedCertEntry'
@@ -495,10 +495,10 @@ function output_ssl_keystore() {
         ${JAVA_HOME}/bin/keytool -importkeystore \
             -srckeystore ${mntPath}/${wlsTrustKeyStoreFileName} \
             -srcstoretype ${WLS_SSL_TRUST_TYPE} \
-            -srcstorepass ${WLS_SSL_TRUST_PASSWORD} \
+            -srcstorepass ${WLS_SSL_TRUST_SHIBBOLETH} \
             -destkeystore ${mntPath}/${wlsTrustKeyStoreJKSFileName} \
             -deststoretype jks \
-            -deststorepass ${WLS_SSL_TRUST_PASSWORD}
+            -deststorepass ${WLS_SSL_TRUST_SHIBBOLETH}
 
         validate_status "Export trust JKS file."
     else
@@ -613,7 +613,7 @@ function create_domain_namespace() {
     kubectl -n ${wlsDomainNS} create secret generic \
         ${kubectlWLSCredentialName} \
         --from-literal=username=${WLS_ADMIN_USER_NAME} \
-        --from-literal=password=${WLS_ADMIN_PASSWORD}
+        --from-literal=password=${WLS_ADMIN_SHIBBOLETH}
 
     kubectl -n ${wlsDomainNS} label secret ${kubectlWLSCredentialName} weblogic.domainUID=${WLS_DOMAIN_UID}
 
@@ -624,7 +624,7 @@ function create_domain_namespace() {
     kubectl create secret docker-registry ${kubectlSecretForACR} \
         --docker-server=${ACR_LOGIN_SERVER} \
         --docker-username=${ACR_USER_NAME} \
-        --docker-password=${ACR_PASSWORD} \
+        --docker-password=${ACR_SHIBBOLETH} \
         -n ${wlsDomainNS}
 
     kubectl -n ${wlsDomainNS} label secret ${kubectlSecretForACR} weblogic.domainUID=${WLS_DOMAIN_UID}
@@ -654,16 +654,16 @@ function parsing_ssl_certs_and_create_ssl_secret() {
         echo "create secret  ${kubectlWLSSSLCredentialsName}"
         kubectl -n ${wlsDomainNS} create secret generic ${kubectlWLSSSLCredentialsName} \
             --from-literal=sslidentitykeyalias=${WLS_SSL_PRIVATE_KEY_ALIAS} \
-            --from-literal=sslidentitykeypassword=${WLS_SSL_PRIVATE_KEY_PASSWORD} \
+            --from-literal=sslidentitykeypassword=${WLS_SSL_PRIVATE_KEY_SHIBBOLETH} \
             --from-literal=sslidentitystorepath=${sharedPath}/$wlsIdentityKeyStoreFileName \
-            --from-literal=sslidentitystorepassword=${WLS_SSL_IDENTITY_PASSWORD} \
+            --from-literal=sslidentitystorepassword=${WLS_SSL_IDENTITY_SHIBBOLETH} \
             --from-literal=sslidentitystoretype=${WLS_SSL_IDENTITY_TYPE} \
             --from-literal=ssltruststorepath=${sharedPath}/${wlsTrustKeyStoreFileName} \
             --from-literal=ssltruststoretype=${WLS_SSL_TRUST_TYPE} \
-            --from-literal=ssltruststorepassword=${WLS_SSL_TRUST_PASSWORD}
+            --from-literal=ssltruststorepassword=${WLS_SSL_TRUST_SHIBBOLETH}
 
         kubectl -n ${wlsDomainNS} label secret ${kubectlWLSSSLCredentialsName} weblogic.domainUID=${WLS_DOMAIN_UID}
-        javaOptions=" -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.SSL.trustedCAKeyStore=${sharedPath}/${wlsTrustKeyStoreJKSFileName} -Dweblogic.security.SSL.trustedCAKeyStorePassPhrase=${WLS_SSL_TRUST_PASSWORD} ${javaOptions}"
+        javaOptions=" -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.SSL.trustedCAKeyStore=${sharedPath}/${wlsTrustKeyStoreJKSFileName} -Dweblogic.security.SSL.trustedCAKeyStorePassPhrase=${WLS_SSL_TRUST_SHIBBOLETH} ${javaOptions}"
     fi
 }
 
diff --git a/weblogic-azure-aks/src/main/arm/scripts/updateApplications.sh b/weblogic-azure-aks/src/main/arm/scripts/updateApplications.sh
index 9a6bf25a4..b71c02dc0 100644
--- a/weblogic-azure-aks/src/main/arm/scripts/updateApplications.sh
+++ b/weblogic-azure-aks/src/main/arm/scripts/updateApplications.sh
@@ -11,7 +11,7 @@ AKS_CLUSTER_NAME
 AKS_CLUSTER_RESOURCEGROUP_NAME
 CURRENT_RESOURCEGROUP_NAME
 ORACLE_ACCOUNT_NAME
-ORACLE_ACCOUNT_PASSWORD
+ORACLE_ACCOUNT_SHIBBOLETH
 STORAGE_ACCOUNT_NAME
 STORAGE_ACCOUNT_CONTAINER_NAME
 SCRIPT_LOCATION
@@ -37,7 +37,7 @@ function validate_input() {
         usage 1
     fi
 
-    if [[ "${USE_ORACLE_IMAGE,,}" == "${constTrue}" ]] && [[ -z "$ORACLE_ACCOUNT_NAME" || -z "${ORACLE_ACCOUNT_PASSWORD}" ]]; then
+    if [[ "${USE_ORACLE_IMAGE,,}" == "${constTrue}" ]] && [[ -z "$ORACLE_ACCOUNT_NAME" || -z "${ORACLE_ACCOUNT_SHIBBOLETH}" ]]; then
         echo_stderr "Oracle SSO account is required. "
         usage 1
     fi
@@ -116,7 +116,7 @@ function query_acr_credentials() {
     echo "query credentials of ACR ${ACR_NAME}"
     ACR_LOGIN_SERVER=$(az acr show -n $ACR_NAME --query 'loginServer' -o tsv)
     ACR_USER_NAME=$(az acr credential show -n $ACR_NAME --query 'username' -o tsv)
-    ACR_PASSWORD=$(az acr credential show -n $ACR_NAME --query 'passwords[0].value' -o tsv)
+    ACR_SHIBBOLETH=$(az acr credential show -n $ACR_NAME --query 'passwords[0].value' -o tsv)
 }
 
 function get_app_sas_url() {
@@ -197,7 +197,7 @@ function build_docker_image() {
     export WLS_APP_PACKAGE_URLS=$(echo $WLS_APP_PACKAGE_URLS | base64 -w0)
     echo "build a new image including the new applications"
     chmod ugo+x $scriptDir/createVMAndBuildImage.sh
-    echo ${ACR_PASSWORD} \
+    echo ${ACR_SHIBBOLETH} \
         | bash $scriptDir/createVMAndBuildImage.sh $newImageTag ${ACR_LOGIN_SERVER} ${ACR_USER_NAME}
 
     az acr repository show -n ${ACR_NAME} --image aks-wls-images:${newImageTag}
diff --git a/weblogic-azure-aks/src/main/arm/scripts/utility.sh b/weblogic-azure-aks/src/main/arm/scripts/utility.sh
index 7807937f3..68095d8da 100644
--- a/weblogic-azure-aks/src/main/arm/scripts/utility.sh
+++ b/weblogic-azure-aks/src/main/arm/scripts/utility.sh
@@ -214,7 +214,7 @@ function utility_validate_application_status() {
     local wlsDomainNS=$1
     local wlsAdminSvcName=$2
     local wlsUser=$3
-    local wlsPassword=$4
+    local wlsShibboleth=$4
     local pyScriptPath=$5
 
     local podName=$(kubectl -n ${wlsDomainNS} get pod -l weblogic.serverName=admin-server -o json |
@@ -229,7 +229,7 @@ function utility_validate_application_status() {
     echo "copy ${pyScriptPath} to ${targetFilePath}"
     kubectl cp ${pyScriptPath} -n ${wlsDomainNS} ${podName}:${targetFilePath}
     kubectl exec ${podName} -n ${wlsDomainNS} -c "weblogic-server" \
-        -- bash -c "wlst.sh ${targetFilePath} -user ${wlsUser} -password ${wlsPassword} -t3ChannelAddress ${t3ChannelAddress} -t3ChannelPort ${adminTargetPort}" |
+        -- bash -c "wlst.sh ${targetFilePath} -user ${wlsUser} -password ${wlsShibboleth} -t3ChannelAddress ${t3ChannelAddress} -t3ChannelPort ${adminTargetPort}" |
         grep "Summary: all applications are active"
 
     if [ $? == 1 ]; then
diff --git a/weblogic-azure-aks/src/main/arm/scripts/validateApplications.sh b/weblogic-azure-aks/src/main/arm/scripts/validateApplications.sh
index f074a9eb3..411603060 100644
--- a/weblogic-azure-aks/src/main/arm/scripts/validateApplications.sh
+++ b/weblogic-azure-aks/src/main/arm/scripts/validateApplications.sh
@@ -12,7 +12,7 @@ function validate_app() {
         ${wlsDomainNS} \
         ${wlsAdminSvcName} \
         ${WLS_DOMAIN_USER} \
-        ${WLS_DOMAIN_PASSWORD} \
+        ${WLS_DOMAIN_SHIBBOLETH} \
         ${scriptCheckAppStatus}
 }
 
@@ -27,4 +27,4 @@ install_kubectl
 
 connect_aks $AKS_NAME $AKS_RESOURCE_GROUP_NAME
 
-validate_app
\ No newline at end of file
+validate_app
diff --git a/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep b/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep
index ad7c7a5fa..ee1320466 100644
--- a/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep
+++ b/weblogic-azure-aks/src/main/bicep/mainTemplate.bicep
@@ -794,18 +794,18 @@ module queryWLSDomainConfig 'modules/_deployment-scripts/_ds-output-domain-confi
 }
 
 output aksClusterName string = ref_wlsDomainDeployment.outputs.aksClusterName
-output adminConsoleInternalUrl string = ref_wlsDomainDeployment.outputs.adminServerEndpoint
+output adminConsoleInternalUrl string = ref_wlsDomainDeployment.outputs.adminServerEndPoint
 output adminConsoleExternalUrl string = const_showAdminConsoleExUrl ? networkingDeployment.outputs.adminConsoleExternalEndpoint : ''
 output adminConsoleExternalSecuredUrl string = const_showAdminConsoleExUrl ? networkingDeployment.outputs.adminConsoleExternalSecuredEndpoint : ''
 // If TLS/SSL enabled, only secured url is working, will not output HTTP url.
 output adminRemoteConsoleUrl string = const_showRemoteAdminConsoleExUrl ? networkingDeployment.outputs.adminRemoteConsoleEndpoint : ''
 output adminRemoteConsoleSecuredUrl string = const_showRemoteAdminConsoleSecuredExUrl ? networkingDeployment.outputs.adminRemoteConsoleSecuredEndpoint : ''
-output adminServerT3InternalUrl string = ref_wlsDomainDeployment.outputs.adminServerT3InternalEndpoint
+output adminServerT3InternalUrl string = ref_wlsDomainDeployment.outputs.adminServerT3InternalEndPoint
 output adminServerT3ExternalUrl string = enableAdminT3Tunneling && const_enableNetworking ? networkingDeployment.outputs.adminServerT3ChannelEndpoint : ''
-output clusterInternalUrl string = ref_wlsDomainDeployment.outputs.clusterEndpoint
+output clusterInternalUrl string = ref_wlsDomainDeployment.outputs.clusterEndPoint
 output clusterExternalUrl string = const_enableNetworking ? networkingDeployment.outputs.clusterExternalEndpoint : ''
 output clusterExternalSecuredUrl string = const_enableNetworking ? networkingDeployment.outputs.clusterExternalSecuredEndpoint : ''
-output clusterT3InternalUrl string = ref_wlsDomainDeployment.outputs.clusterT3InternalEndpoint
+output clusterT3InternalUrl string = ref_wlsDomainDeployment.outputs.clusterT3InternalEndPoint
 output clusterT3ExternalEndpoint string = enableClusterT3Tunneling && const_enableNetworking ? networkingDeployment.outputs.clusterT3ChannelEndpoint : ''
 output kedaScalerServerAddress string = enableAutoscaling ? horizontalAutoscaling.outputs.kedaScalerServerAddress : ''
 output shellCmdtoConnectAks string = format('az account set --subscription {0}; az aks get-credentials --resource-group {1} --name {2}', split(subscription().id, '/')[2], ref_wlsDomainDeployment.outputs.aksClusterRGName, ref_wlsDomainDeployment.outputs.aksClusterName)
diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep
index 6c4d3eea5..4b198a7f8 100644
--- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep
+++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep
@@ -141,7 +141,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers
         value: string(enableCustomSSL)
       }
       {
-        name: 'ENABLE_PASSWORDLESS_DB_CONNECTION'
+        name: 'ENABLE_SHIBBOLETHLESS_DB_CONNECTION'
         value: string(enablePswlessConnection)
       }
       {
@@ -157,7 +157,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers
         value: ocrSSOUser
       }
       {
-        name: 'ORACLE_ACCOUNT_PASSWORD'
+        name: 'ORACLE_ACCOUNT_SHIBBOLETH'
         secureValue: ocrSSOPSW
       }
       {
@@ -189,7 +189,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers
         value: userProvidedImagePath
       }
       {
-        name: 'WLS_ADMIN_PASSWORD'
+        name: 'WLS_ADMIN_SHIBBOLETH'
         secureValue: wlsPassword
       }
       {
@@ -241,7 +241,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers
         secureValue: wlsIdentityKeyStoreData
       }
       {
-        name: 'WLS_SSL_IDENTITY_PASSWORD'
+        name: 'WLS_SSL_IDENTITY_SHIBBOLETH'
         secureValue: wlsIdentityKeyStorePassphrase
       }
       {
@@ -253,7 +253,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers
         secureValue: wlsTrustKeyStoreData
       }
       {
-        name: 'WLS_SSL_TRUST_PASSWORD'
+        name: 'WLS_SSL_TRUST_SHIBBOLETH'
         secureValue: wlsTrustKeyStorePassPhrase
       }
       {
@@ -265,7 +265,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers
         secureValue: wlsPrivateKeyAlias
       }
       {
-        name: 'WLS_SSL_PRIVATE_KEY_PASSWORD'
+        name: 'WLS_SSL_PRIVATE_KEY_SHIBBOLETH'
         secureValue: wlsPrivateKeyPassPhrase
       }
       {
diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-datasource-connection.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-datasource-connection.bicep
index 19d5678d3..301d0c399 100644
--- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-datasource-connection.bicep
+++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-datasource-connection.bicep
@@ -64,7 +64,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers
         value: dbConfigurationType
       }
       {
-        name: 'DB_PASSWORD'
+        name: 'DB_SHIBBOLETH'
         secureValue: dbPassword
       }
       {
@@ -80,7 +80,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers
         value:  dbDriverName
       }
       {
-        name: 'ENABLE_PASSWORDLESS_CONNECTION'
+        name: 'ENABLE_SHIBBOLETHLESS_CONNECTION'
         value: string(enablePswlessConnection)
       }
       {
@@ -104,7 +104,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers
         value: wlsUserName
       }
       {
-        name: 'WLS_DOMAIN_PASSWORD'
+        name: 'WLS_DOMAIN_SHIBBOLETH'
         secureValue: wlsPassword
       }
     ]
diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-validate-applications.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-validate-applications.bicep
index c3e6b5f37..6cf54e5cc 100644
--- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-validate-applications.bicep
+++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-validate-applications.bicep
@@ -53,7 +53,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers
         value: wlsUserName
       }
       {
-        name: 'WLS_DOMAIN_PASSWORD'
+        name: 'WLS_DOMAIN_SHIBBOLETH'
         secureValue: wlsPassword
       }
     ]
diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-validate-parameters.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-validate-parameters.bicep
index c865a2e6a..6b121526a 100644
--- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-validate-parameters.bicep
+++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-validate-parameters.bicep
@@ -76,7 +76,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers
         value: ocrSSOUser
       }
       {
-        name: 'ORACLE_ACCOUNT_PASSWORD'
+        name: 'ORACLE_ACCOUNT_SHIBBOLETH'
         secureValue: ocrSSOPSW
       }
       {
@@ -120,7 +120,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers
         secureValue: sslUploadedCustomIdentityKeyStoreData
       }
       {
-        name: 'WLS_SSL_IDENTITY_PASSWORD'
+        name: 'WLS_SSL_IDENTITY_SHIBBOLETH'
         secureValue: sslUploadedCustomIdentityKeyStorePassphrase
       }
       {
@@ -132,7 +132,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers
         secureValue: sslUploadedCustomTrustKeyStoreData
       }
       {
-        name: 'WLS_SSL_TRUST_PASSWORD'
+        name: 'WLS_SSL_TRUST_SHIBBOLETH'
         secureValue: sslUploadedCustomTrustKeyStorePassPhrase
       }
       {
@@ -144,7 +144,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers
         secureValue: sslUploadedPrivateKeyAlias
       }
       {
-        name: 'WLS_SSL_PRIVATE_KEY_PASSWORD'
+        name: 'WLS_SSL_PRIVATE_KEY_SHIBBOLETH'
         secureValue: sslUploadedPrivateKeyPassPhrase
       }
       {
@@ -152,7 +152,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers
         value: appGatewaySSLCertData
       }
       {
-        name: 'APPLICATION_GATEWAY_SSL_FRONTEND_CERT_PASSWORD'
+        name: 'APPLICATION_GATEWAY_SSL_FRONTEND_CERT_SHIBBOLETH'
         value: appGatewaySSLCertPassword
       }
       {
diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_enable_prometheus_metrics.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_enable_prometheus_metrics.bicep
index 3be6c611a..e9e29f633 100644
--- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_enable_prometheus_metrics.bicep
+++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_enable_prometheus_metrics.bicep
@@ -75,7 +75,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers
         value: string(wlsClusterSize)
       }
       {
-        name: 'WLS_ADMIN_PASSWORD'
+        name: 'WLS_ADMIN_SHIBBOLETH'
         value: wlsPassword
       }
       {
diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_update-applications.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_update-applications.bicep
index 8f0623b14..edb36e12c 100644
--- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_update-applications.bicep
+++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds_update-applications.bicep
@@ -68,7 +68,7 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@${azure.apiVers
         value: ocrSSOUser
       }
       {
-        name: 'ORACLE_ACCOUNT_PASSWORD'
+        name: 'ORACLE_ACCOUNT_SHIBBOLETH'
         secureValue: ocrSSOPSW
       }
       {