IdP
The IdP is built as a master directory including a master set of configuration files and a master WAR file. To modify the configuration, fiddle with /opt/shibboleth-idp/conf and copy changes when ready into /srv/salt/dev/opt/shibboleth-idp/conf. To replace the WAR file, rerun the build script at /opt/shibboleth-identityprovider-ver.si.on/install.sh. Don't overwrite the config. Copy the new WAR file to /srv/salt/dev/opt/shibboleth-idp/war.
We simplified this installation by creating a repository in Salt to handle all of the IdP installation. Salt then manages the IdP directories on all of the Jetty Servers, meaning that any change to the local copy on Salt will cause the minion to have the same change when the state is propigated.
Another interesting note is that IdP is configuring its portion of the Jetty xml file. This means that for each state enforcement, Jetty re-sets its configuration files to default, and then IdP re-writes its changes each time. There are many ways to solve this, however right now we are working on differentiating an installation and an update or enforcement state change through appropriate "unless" messages.