diff --git a/dist/conf/access-control.xml.dist b/dist/conf/access-control.xml.dist
deleted file mode 100644
index 9b23ad7..0000000
--- a/dist/conf/access-control.xml.dist
+++ /dev/null
@@ -1,32 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/attribute-filter.xml.dist b/dist/conf/attribute-filter.xml.dist
deleted file mode 100644
index f8c41ba..0000000
--- a/dist/conf/attribute-filter.xml.dist
+++ /dev/null
@@ -1,45 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/attribute-resolver-full.xml.dist b/dist/conf/attribute-resolver-full.xml.dist
deleted file mode 100644
index d09a1ea..0000000
--- a/dist/conf/attribute-resolver-full.xml.dist
+++ /dev/null
@@ -1,295 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/attribute-resolver-ldap.xml.dist b/dist/conf/attribute-resolver-ldap.xml.dist
deleted file mode 100644
index 9ac44d3..0000000
--- a/dist/conf/attribute-resolver-ldap.xml.dist
+++ /dev/null
@@ -1,97 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- %{idp.attribute.resolver.LDAP.returnAttributes}
-
- %{idp.attribute.resolver.LDAP.trustCertificates}
-
-
-
-
diff --git a/dist/conf/attribute-resolver.xml.dist b/dist/conf/attribute-resolver.xml.dist
deleted file mode 100644
index 52b475a..0000000
--- a/dist/conf/attribute-resolver.xml.dist
+++ /dev/null
@@ -1,95 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- uid
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- member
-
-
-
-
diff --git a/dist/conf/audit.xml.dist b/dist/conf/audit.xml.dist
deleted file mode 100644
index 9940cec..0000000
--- a/dist/conf/audit.xml.dist
+++ /dev/null
@@ -1,103 +0,0 @@
-
-
-
-
-
-
-
-
-
-
- http://shibboleth.net/ns/profiles/status
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/authn/authn-comparison.xml.dist b/dist/conf/authn/authn-comparison.xml.dist
deleted file mode 100644
index f167b7a..0000000
--- a/dist/conf/authn/authn-comparison.xml.dist
+++ /dev/null
@@ -1,77 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
-
-
-
diff --git a/dist/conf/authn/authn-events-flow.xml.dist b/dist/conf/authn/authn-events-flow.xml.dist
deleted file mode 100644
index 244e1db..0000000
--- a/dist/conf/authn/authn-events-flow.xml.dist
+++ /dev/null
@@ -1,18 +0,0 @@
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/authn/external-authn-config.xml.dist b/dist/conf/authn/external-authn-config.xml.dist
deleted file mode 100644
index 4ce8f26..0000000
--- a/dist/conf/authn/external-authn-config.xml.dist
+++ /dev/null
@@ -1,62 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- UnknownUsername
-
-
-
-
- InvalidPassword
-
-
-
-
- ExpiredPassword
-
-
-
-
- ExpiringPassword
-
-
-
-
-
diff --git a/dist/conf/authn/general-authn.xml.dist b/dist/conf/authn/general-authn.xml.dist
deleted file mode 100644
index f127a13..0000000
--- a/dist/conf/authn/general-authn.xml.dist
+++ /dev/null
@@ -1,114 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- 1
-
-
-
-
diff --git a/dist/conf/authn/ipaddress-authn-config.xml.dist b/dist/conf/authn/ipaddress-authn-config.xml.dist
deleted file mode 100644
index a3ee096..0000000
--- a/dist/conf/authn/ipaddress-authn-config.xml.dist
+++ /dev/null
@@ -1,37 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/authn/jaas-authn-config.xml.dist b/dist/conf/authn/jaas-authn-config.xml.dist
deleted file mode 100644
index daef4d2..0000000
--- a/dist/conf/authn/jaas-authn-config.xml.dist
+++ /dev/null
@@ -1,27 +0,0 @@
-
-
-
-
-
-
-
-
-
-
- ShibUserPassAuth
-
-
-
-
-
diff --git a/dist/conf/authn/jaas.config.dist b/dist/conf/authn/jaas.config.dist
deleted file mode 100644
index 232e93d..0000000
--- a/dist/conf/authn/jaas.config.dist
+++ /dev/null
@@ -1,11 +0,0 @@
-ShibUserPassAuth {
- /*
- com.sun.security.auth.module.Krb5LoginModule required;
- */
-
- org.ldaptive.jaas.LdapLoginModule required
- ldapUrl="ldap://localhost:10389"
- baseDn="ou=people,dc=example,dc=org"
- userFilter="uid={user}";
-
-};
\ No newline at end of file
diff --git a/dist/conf/authn/krb5-authn-config.xml.dist b/dist/conf/authn/krb5-authn-config.xml.dist
deleted file mode 100644
index d3590a2..0000000
--- a/dist/conf/authn/krb5-authn-config.xml.dist
+++ /dev/null
@@ -1,31 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/authn/ldap-authn-config.xml.dist b/dist/conf/authn/ldap-authn-config.xml.dist
deleted file mode 100644
index 5626629..0000000
--- a/dist/conf/authn/ldap-authn-config.xml.dist
+++ /dev/null
@@ -1,130 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/authn/password-authn-config.xml.dist b/dist/conf/authn/password-authn-config.xml.dist
deleted file mode 100644
index be8b06f..0000000
--- a/dist/conf/authn/password-authn-config.xml.dist
+++ /dev/null
@@ -1,109 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- NoCredentials
- CLIENT_NOT_FOUND
- Client not found
- DN_RESOLUTION_FAILURE
-
-
-
-
- InvalidCredentials
- PREAUTH_FAILED
- INVALID_CREDENTIALS
-
-
-
-
- Clients credentials have been revoked
-
-
-
-
- PASSWORD_EXPIRED
-
-
-
-
- ACCOUNT_WARNING
-
-
-
-
-
-
-
-
diff --git a/dist/conf/authn/remoteuser-authn-config.xml.dist b/dist/conf/authn/remoteuser-authn-config.xml.dist
deleted file mode 100644
index b5a923f..0000000
--- a/dist/conf/authn/remoteuser-authn-config.xml.dist
+++ /dev/null
@@ -1,67 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- NoCredentials
-
-
-
-
- UnknownUsername
-
-
-
-
- InvalidPassword
-
-
-
-
- ExpiredPassword
-
-
-
-
- ExpiringPassword
-
-
-
-
-
diff --git a/dist/conf/authn/remoteuser-internal-authn-config.xml.dist b/dist/conf/authn/remoteuser-internal-authn-config.xml.dist
deleted file mode 100644
index 9e68c85..0000000
--- a/dist/conf/authn/remoteuser-internal-authn-config.xml.dist
+++ /dev/null
@@ -1,63 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/authn/spnego-authn-config.xml.dist b/dist/conf/authn/spnego-authn-config.xml.dist
deleted file mode 100644
index 404d7e9..0000000
--- a/dist/conf/authn/spnego-authn-config.xml.dist
+++ /dev/null
@@ -1,69 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- SPNEGONotAvailable
-
-
-
-
- NTLMUnsupported
-
-
-
-
-
diff --git a/dist/conf/authn/x509-authn-config.xml.dist b/dist/conf/authn/x509-authn-config.xml.dist
deleted file mode 100644
index 0e54f45..0000000
--- a/dist/conf/authn/x509-authn-config.xml.dist
+++ /dev/null
@@ -1,41 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
- NoCredentials
- InvalidCredentials
-
-
-
-
-
diff --git a/dist/conf/authn/x509-internal-authn-config.xml.dist b/dist/conf/authn/x509-internal-authn-config.xml.dist
deleted file mode 100644
index bad3029..0000000
--- a/dist/conf/authn/x509-internal-authn-config.xml.dist
+++ /dev/null
@@ -1,21 +0,0 @@
-
-
-
-
-
-
diff --git a/dist/conf/c14n/attribute-sourced-subject-c14n-config.xml.dist b/dist/conf/c14n/attribute-sourced-subject-c14n-config.xml.dist
deleted file mode 100644
index 938b30f..0000000
--- a/dist/conf/c14n/attribute-sourced-subject-c14n-config.xml.dist
+++ /dev/null
@@ -1,44 +0,0 @@
-
-
-
-
-
- altuid
-
-
-
-
- altuid
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/c14n/simple-subject-c14n-config.xml.dist b/dist/conf/c14n/simple-subject-c14n-config.xml.dist
deleted file mode 100644
index 3cddfa6..0000000
--- a/dist/conf/c14n/simple-subject-c14n-config.xml.dist
+++ /dev/null
@@ -1,27 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/c14n/subject-c14n-events-flow.xml.dist b/dist/conf/c14n/subject-c14n-events-flow.xml.dist
deleted file mode 100644
index d7458cd..0000000
--- a/dist/conf/c14n/subject-c14n-events-flow.xml.dist
+++ /dev/null
@@ -1,18 +0,0 @@
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/c14n/subject-c14n.xml.dist b/dist/conf/c14n/subject-c14n.xml.dist
deleted file mode 100644
index 16fc6f1..0000000
--- a/dist/conf/c14n/subject-c14n.xml.dist
+++ /dev/null
@@ -1,109 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
- urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
- urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName
- urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/c14n/x500-subject-c14n-config.xml.dist b/dist/conf/c14n/x500-subject-c14n-config.xml.dist
deleted file mode 100644
index 1ae25e4..0000000
--- a/dist/conf/c14n/x500-subject-c14n-config.xml.dist
+++ /dev/null
@@ -1,37 +0,0 @@
-
-
-
-
-
-
-
-
-
-
- 2.5.4.3
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/cas-protocol.xml.dist b/dist/conf/cas-protocol.xml.dist
deleted file mode 100644
index 09a05ef..0000000
--- a/dist/conf/cas-protocol.xml.dist
+++ /dev/null
@@ -1,53 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/dist/conf/credentials.xml.dist b/dist/conf/credentials.xml.dist
deleted file mode 100644
index 7462879..0000000
--- a/dist/conf/credentials.xml.dist
+++ /dev/null
@@ -1,65 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/errors.xml.dist b/dist/conf/errors.xml.dist
deleted file mode 100644
index 5de522f..0000000
--- a/dist/conf/errors.xml.dist
+++ /dev/null
@@ -1,120 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/global.xml.dist b/dist/conf/global.xml.dist
deleted file mode 100644
index 60562e3..0000000
--- a/dist/conf/global.xml.dist
+++ /dev/null
@@ -1,53 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/idp.properties.dist b/dist/conf/idp.properties.dist
deleted file mode 100644
index a31bd7e..0000000
--- a/dist/conf/idp.properties.dist
+++ /dev/null
@@ -1,194 +0,0 @@
-# Load any additional property resources from a comma-delimited list
-idp.additionalProperties = /conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties
-
-# Set the entityID of the IdP
-idp.entityID = https://idp.example.org
-
-# Set the scope used in the attribute resolver for scoped attributes
-idp.scope = example.org
-
-# General cookie properties (maxAge only applies to persistent cookies)
-#idp.cookie.secure = false
-#idp.cookie.httpOnly = true
-#idp.cookie.domain =
-#idp.cookie.path =
-#idp.cookie.maxAge = 31536000
-
-# Set the location of user-supplied web flow definitions
-#idp.webflows = %{idp.home}/flows
-
-# Set the location of Velocity view templates
-#idp.views = %{idp.home}/views
-
-# Settings for internal AES encryption key
-#idp.sealer.storeType = JCEKS
-#idp.sealer.updateInterval = PT15M
-#idp.sealer.aliasBase = secret
-idp.sealer.storeResource = %{idp.home}/credentials/sealer.jks
-idp.sealer.versionResource = %{idp.home}/credentials/sealer.kver
-idp.sealer.storePassword = password
-idp.sealer.keyPassword = password
-
-# Settings for public/private signing and encryption key(s)
-# During decryption key rollover, point the ".2" properties at a second
-# keypair, uncomment in credentials.xml, then publish it in your metadata.
-idp.signing.key = %{idp.home}/credentials/idp-signing.key
-idp.signing.cert = %{idp.home}/credentials/idp-signing.crt
-idp.encryption.key = %{idp.home}/credentials/idp-encryption.key
-idp.encryption.cert = %{idp.home}/credentials/idp-encryption.crt
-#idp.encryption.key.2 = %{idp.home}/credentials/idp-encryption-old.key
-#idp.encryption.cert.2 = %{idp.home}/credentials/idp-encryption-old.crt
-
-# Sets the bean ID to use as a default security configuration set
-#idp.security.config = shibboleth.DefaultSecurityConfiguration
-
-# To default to SHA-1, set to shibboleth.SigningConfiguration.SHA1
-#idp.signing.config = shibboleth.SigningConfiguration.SHA256
-
-# Configures trust evaluation of keys used by services at runtime
-# Defaults to supporting both explicit key and PKIX using SAML metadata.
-#idp.trust.signatures = shibboleth.ChainingSignatureTrustEngine
-# To pick only one set to one of:
-# shibboleth.ExplicitKeySignatureTrustEngine, shibboleth.PKIXSignatureTrustEngine
-#idp.trust.certificates = shibboleth.ChainingX509TrustEngine
-# To pick only one set to one of:
-# shibboleth.ExplicitKeyX509TrustEngine, shibboleth.PKIXX509TrustEngine
-
-# If true, encryption will happen whenever a key to use can be located, but
-# failure to encrypt won't result in request failure.
-#idp.encryption.optional = false
-
-# Configuration of client- and server-side storage plugins
-#idp.storage.cleanupInterval = PT10M
-#idp.storage.htmlLocalStorage = false
-
-# Set to true to expose more detailed errors in responses to SPs
-#idp.errors.detailed = false
-# Set to false to skip signing of SAML response messages that signal errors
-#idp.errors.signed = true
-# Name of bean containing a list of Java exception classes to ignore
-#idp.errors.excludedExceptions = ExceptionClassListBean
-# Name of bean containing a property set mapping exception names to views
-#idp.errors.exceptionMappings = ExceptionToViewPropertyBean
-# Set if a different default view name for events and exceptions is needed
-#idp.errors.defaultView = error
-
-# Set to false to disable the IdP session layer
-#idp.session.enabled = true
-
-# Set to "shibboleth.StorageService" for server-side storage of user sessions
-#idp.session.StorageService = shibboleth.ClientSessionStorageService
-
-# Size of session IDs
-#idp.session.idSize = 32
-# Bind sessions to IP addresses
-#idp.session.consistentAddress = true
-# Inactivity timeout
-#idp.session.timeout = PT60M
-# Extra time to store sessions for logout
-#idp.session.slop = PT0S
-# Tolerate storage-related errors
-#idp.session.maskStorageFailure = false
-# Track information about SPs logged into
-#idp.session.trackSPSessions = false
-# Support lookup by SP for SAML logout
-#idp.session.secondaryServiceIndex = false
-# Length of time to track SP sessions
-#idp.session.defaultSPlifetime = PT2H
-
-# Regular expression matching login flows to enable, e.g. IPAddress|Password
-idp.authn.flows = Password
-
-# Regular expression of forced "initial" methods when no session exists,
-# usually in conjunction with the idp.authn.resolveAttribute property below.
-#idp.authn.flows.initial = Password
-
-# Set to an attribute ID to resolve prior to selecting authentication flows;
-# its values are used to filter the flows to allow.
-#idp.authn.resolveAttribute = eduPersonAssurance
-
-# Default lifetime and timeout of various authentication methods
-#idp.authn.defaultLifetime = PT60M
-#idp.authn.defaultTimeout = PT30M
-
-# Whether to prioritize "active" results when an SP requests more than
-# one possible matching login method (V2 behavior was to favor them)
-#idp.authn.favorSSO = true
-
-# Whether to fail requests when a user identity after authentication
-# doesn't match the identity in a pre-existing session.
-#idp.authn.identitySwitchIsError = false
-
-# Set to "shibboleth.StorageService" or custom bean for alternate storage of consent
-#idp.consent.StorageService = shibboleth.ClientPersistentStorageService
-
-# Set to "shibboleth.consent.AttributeConsentStorageKey" to use an attribute
-# to key user consent storage records (and set the attribute name)
-#idp.consent.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey
-#idp.consent.userStorageKeyAttribute = uid
-
-# Flags controlling how built-in attribute consent feature operates
-#idp.consent.allowDoNotRemember = true
-#idp.consent.allowGlobal = true
-#idp.consent.allowPerAttribute = false
-
-# Whether attribute values and terms of use text are compared
-#idp.consent.compareValues = false
-# Maximum number of consent records for space-limited storage (e.g. cookies)
-#idp.consent.maxStoredRecords = 10
-# Maximum number of consent records for larger/server-side storage (0 = no limit)
-#idp.consent.expandedMaxStoredRecords = 0
-
-# Time in milliseconds to expire consent storage records.
-#idp.consent.storageRecordLifetime = P1Y
-
-# Whether to lookup metadata, etc. for every SP involved in a logout
-# for use by user interface logic; adds overhead so off by default.
-#idp.logout.elaboration = false
-
-# Whether to require logout requests be signed/authenticated.
-#idp.logout.authenticated = true
-
-# Message freshness and replay cache tuning
-#idp.policy.messageLifetime = PT3M
-#idp.policy.clockSkew = PT3M
-
-# Set to custom bean for alternate storage of replay cache
-#idp.replayCache.StorageService = shibboleth.StorageService
-
-# Toggles whether to allow outbound messages via SAML artifact
-#idp.artifact.enabled = true
-# Suppresses typical signing/encryption when artifact binding used
-#idp.artifact.secureChannel = true
-# May differ to direct SAML 2 artifact lookups to specific server nodes
-#idp.artifact.endpointIndex = 2
-# Set to custom bean for alternate storage of artifact map state
-#idp.artifact.StorageService = shibboleth.StorageService
-
-# Name of access control policy for various admin flows
-idp.status.accessPolicy = AccessByIPAddress
-idp.resolvertest.accessPolicy = AccessByIPAddress
-idp.reload.accessPolicy = AccessByIPAddress
-
-# Comma-delimited languages to use if not match can be found with the
-# browser-supported languages, defaults to an empty list.
-idp.ui.fallbackLanguages=en,fr,de
-
-# Storage service used by CAS protocol
-# Defaults to shibboleth.StorageService (in-memory)
-# MUST be server-side storage (e.g. in-memory, memcached, database)
-# NOTE that idp.session.StorageService requires server-side storage
-# when CAS protocol is enabled
-#idp.cas.StorageService=shibboleth.StorageService
-
-# CAS service registry implementation class
-#idp.cas.serviceRegistryClass=net.shibboleth.idp.cas.service.PatternServiceRegistry
-
-# Profile flows in which the ProfileRequestContext should be exposed
-# in servlet request under the key "opensamlProfileRequestContext"
-#idp.profile.exposeProfileRequestContextInServletRequest = SAML2/POST/SSO,SAML2/Redirect/SSO
-
-# F-TICKS auditing - set salt to include hashed username
-#idp.fticks.federation=MyFederation
-#idp.fticks.algorithm=SHA-256
-#idp.fticks.salt=somethingsecret
\ No newline at end of file
diff --git a/dist/conf/intercept/consent-intercept-config.xml.dist b/dist/conf/intercept/consent-intercept-config.xml.dist
deleted file mode 100644
index ca183a7..0000000
--- a/dist/conf/intercept/consent-intercept-config.xml.dist
+++ /dev/null
@@ -1,136 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- transientId
- persistentId
- eduPersonTargetedID
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/dist/conf/intercept/context-check-intercept-config.xml.dist b/dist/conf/intercept/context-check-intercept-config.xml.dist
deleted file mode 100644
index 809f1d4..0000000
--- a/dist/conf/intercept/context-check-intercept-config.xml.dist
+++ /dev/null
@@ -1,42 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/dist/conf/intercept/intercept-events-flow.xml.dist b/dist/conf/intercept/intercept-events-flow.xml.dist
deleted file mode 100644
index 5cb30d5..0000000
--- a/dist/conf/intercept/intercept-events-flow.xml.dist
+++ /dev/null
@@ -1,18 +0,0 @@
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/intercept/profile-intercept.xml.dist b/dist/conf/intercept/profile-intercept.xml.dist
deleted file mode 100644
index fedc2b2..0000000
--- a/dist/conf/intercept/profile-intercept.xml.dist
+++ /dev/null
@@ -1,36 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/ldap.properties.dist b/dist/conf/ldap.properties.dist
deleted file mode 100644
index 2d2aef2..0000000
--- a/dist/conf/ldap.properties.dist
+++ /dev/null
@@ -1,60 +0,0 @@
-# LDAP authentication configuration, see authn/ldap-authn-config.xml
-# Note, this doesn't apply to the use of JAAS
-
-## Authenticator strategy, either anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator
-#idp.authn.LDAP.authenticator = anonSearchAuthenticator
-
-## Connection properties ##
-idp.authn.LDAP.ldapURL = ldap://localhost:10389
-#idp.authn.LDAP.useStartTLS = true
-#idp.authn.LDAP.useSSL = false
-#idp.authn.LDAP.connectTimeout = 3000
-
-## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust
-#idp.authn.LDAP.sslConfig = certificateTrust
-## If using certificateTrust above, set to the trusted certificate's path
-idp.authn.LDAP.trustCertificates = %{idp.home}/credentials/ldap-server.crt
-## If using keyStoreTrust above, set to the truststore path
-idp.authn.LDAP.trustStore = %{idp.home}/credentials/ldap-server.truststore
-
-## Return attributes during authentication
-## NOTE: there is a separate property used for attribute resolution
-idp.authn.LDAP.returnAttributes = passwordExpirationTime,loginGraceRemaining
-
-## DN resolution properties ##
-
-# Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator
-# for AD: CN=Users,DC=example,DC=org
-idp.authn.LDAP.baseDN = ou=people,dc=example,dc=org
-#idp.authn.LDAP.subtreeSearch = false
-idp.authn.LDAP.userFilter = (uid={user})
-# bind search configuration
-# for AD: idp.authn.LDAP.bindDN=adminuser@domain.com
-idp.authn.LDAP.bindDN = uid=myservice,ou=system
-idp.authn.LDAP.bindDNCredential = myServicePassword
-
-# Format DN resolution, used by directAuthenticator, adAuthenticator
-# for AD use idp.authn.LDAP.dnFormat=%s@domain.com
-idp.authn.LDAP.dnFormat = uid=%s,ou=people,dc=example,dc=org
-
-# LDAP attribute configuration, see attribute-resolver.xml
-# Note, this likely won't apply to the use of legacy V2 resolver configurations
-idp.attribute.resolver.LDAP.ldapURL = %{idp.authn.LDAP.ldapURL}
-idp.attribute.resolver.LDAP.baseDN = %{idp.authn.LDAP.baseDN:undefined}
-idp.attribute.resolver.LDAP.bindDN = %{idp.authn.LDAP.bindDN:undefined}
-idp.attribute.resolver.LDAP.bindDNCredential = %{idp.authn.LDAP.bindDNCredential:undefined}
-idp.attribute.resolver.LDAP.useStartTLS = %{idp.authn.LDAP.useStartTLS:true}
-idp.attribute.resolver.LDAP.trustCertificates = %{idp.authn.LDAP.trustCertificates:undefined}
-idp.attribute.resolver.LDAP.searchFilter = (uid=$resolutionContext.principal)
-idp.attribute.resolver.LDAP.returnAttributes = cn,homephone,mail
-
-# LDAP pool configuration, used for both authn and DN resolution
-#idp.pool.LDAP.minSize = 3
-#idp.pool.LDAP.maxSize = 10
-#idp.pool.LDAP.validateOnCheckout = false
-#idp.pool.LDAP.validatePeriodically = true
-#idp.pool.LDAP.validatePeriod = 300
-#idp.pool.LDAP.prunePeriod = 300
-#idp.pool.LDAP.idleTime = 600
-#idp.pool.LDAP.blockWaitTime = 3000
-#idp.pool.LDAP.failFastInitialize = false
diff --git a/dist/conf/logback.xml.dist b/dist/conf/logback.xml.dist
deleted file mode 100644
index 2582d1c..0000000
--- a/dist/conf/logback.xml.dist
+++ /dev/null
@@ -1,166 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- ${idp.logfiles}/idp-process.log
-
-
- ${idp.logfiles}/idp-process-%d{yyyy-MM-dd}.log.gz
- ${idp.loghistory:-180}
-
-
-
- UTF-8
- %date{ISO8601} - %level [%logger:%line] - %msg%n%ex{short}
-
-
-
-
-
- 0
-
-
-
-
-
- WARN
-
-
- ${idp.logfiles}/idp-warn.log
-
-
- ${idp.logfiles}/idp-warn-%d{yyyy-MM-dd}.log.gz
- ${idp.loghistory:-180}
-
-
-
- UTF-8
- %date{ISO8601} - %level [%logger:%line] - %msg%n%ex{short}
-
-
-
-
-
- ${idp.logfiles}/idp-audit.log
-
-
- ${idp.logfiles}/idp-audit-%d{yyyy-MM-dd}.log.gz
- ${idp.loghistory:-180}
-
-
-
- UTF-8
- %msg%n
-
-
-
-
-
- ${idp.logfiles}/idp-consent-audit.log
-
-
- ${idp.logfiles}/idp-consent-audit-%d{yyyy-MM-dd}.log.gz
- ${idp.loghistory:-180}
-
-
-
- UTF-8
- %msg%n
-
-
-
-
-
- ${idp.fticks.loghost:-localhost}
- ${idp.fticks.logport:-514}
- AUTH
- [%thread] %logger %msg
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/dist/conf/metadata-providers.xml.dist b/dist/conf/metadata-providers.xml.dist
deleted file mode 100644
index 49fd53c..0000000
--- a/dist/conf/metadata-providers.xml.dist
+++ /dev/null
@@ -1,72 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/mvc-beans.xml.dist b/dist/conf/mvc-beans.xml.dist
deleted file mode 100644
index 98d9bcd..0000000
--- a/dist/conf/mvc-beans.xml.dist
+++ /dev/null
@@ -1,23 +0,0 @@
-
-
-
-
-
-
diff --git a/dist/conf/relying-party.xml.dist b/dist/conf/relying-party.xml.dist
deleted file mode 100644
index 28c9193..0000000
--- a/dist/conf/relying-party.xml.dist
+++ /dev/null
@@ -1,70 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/saml-nameid.properties.dist b/dist/conf/saml-nameid.properties.dist
deleted file mode 100644
index 8530c4f..0000000
--- a/dist/conf/saml-nameid.properties.dist
+++ /dev/null
@@ -1,35 +0,0 @@
-# Properties involving SAML NameIdentifier/NameID generation/consumption
-
-# For the most part these settings only deal with "transient" and "persistent"
-# identifiers. See saml-nameid.xml and c14n/subject-c14n.xml for advanced
-# settings
-
-# Comment out to disable legacy NameID generation via Attribute Resolver
-#idp.nameid.saml2.legacyGenerator = shibboleth.LegacySAML2NameIDGenerator
-#idp.nameid.saml1.legacyGenerator = shibboleth.LegacySAML1NameIdentifierGenerator
-
-# Default NameID Formats to use when nothing else is called for.
-# Don't change these just to change the Format used for a single SP!
-#idp.nameid.saml2.default = urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-#idp.nameid.saml1.default = urn:mace:shibboleth:1.0:nameIdentifier
-
-# Set to shibboleth.StoredTransientIdGenerator for server-side transient ID storage
-#idp.transientId.generator = shibboleth.CryptoTransientIdGenerator
-
-# Persistent IDs can be computed on the fly with a hash, or managed in a database
-
-# For computed IDs, set a source attribute and a secret salt:
-#idp.persistentId.sourceAttribute = changethistosomethingreal
-#idp.persistentId.useUnfilteredAttributes = true
-# Do *NOT* share the salt with other people, it's like divulging your private key.
-#idp.persistentId.algorithm = SHA
-#idp.persistentId.salt = changethistosomethingrandom
-
-# To use a database, use shibboleth.StoredPersistentIdGenerator
-#idp.persistentId.generator = shibboleth.ComputedPersistentIdGenerator
-# For basic use, set this to a JDBC DataSource bean name:
-#idp.persistentId.dataSource = PersistentIdDataSource
-# For advanced use, set to a bean inherited from shibboleth.JDBCPersistentIdStore
-#idp.persistentId.store = MyPersistentIdStore
-# Set to an empty property to skip hash-based generation of first stored ID
-#idp.persistentId.computed = shibboleth.ComputedPersistentIdGenerator
diff --git a/dist/conf/saml-nameid.xml.dist b/dist/conf/saml-nameid.xml.dist
deleted file mode 100644
index ea97448..0000000
--- a/dist/conf/saml-nameid.xml.dist
+++ /dev/null
@@ -1,62 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/conf/services.properties.dist b/dist/conf/services.properties.dist
deleted file mode 100644
index 116625a..0000000
--- a/dist/conf/services.properties.dist
+++ /dev/null
@@ -1,61 +0,0 @@
-# Configure the resources to load for various services,
-# and the settings for failure handling and auto-reload.
-
-# failFast=true prevents IdP startup if a configuration is bad
-# checkInterval = PT0S means never reload (this is the default)
-
-# Global default for fail-fast behavior of most subsystems
-# with individual override possible below.
-#idp.service.failFast = false
-
-#idp.service.logging.resource = %{idp.home}/conf/logback.xml
-#idp.service.logging.failFast = true
-idp.service.logging.checkInterval = PT5M
-
-# Set to shibboleth.LegacyRelyingPartyResolverResources with legacy V2 relying-party.xml
-#idp.service.relyingparty.resources = shibboleth.RelyingPartyResolverResources
-#idp.service.relyingparty.failFast = false
-idp.service.relyingparty.checkInterval = PT15M
-
-#idp.service.metadata.resources = shibboleth.MetadataResolverResources
-#idp.service.metadata.failFast = false
-#idp.service.metadata.checkInterval = PT0S
-
-#idp.service.attribute.resolver.resources = shibboleth.AttributeResolverResources
-#idp.service.attribute.resolver.failFast = false
-idp.service.attribute.resolver.checkInterval = PT15M
-#idp.service.attribute.resolver.maskFailures = true
-
-#idp.service.attribute.filter.resources = shibboleth.AttributeFilterResources
-# NOTE: Failing the filter fast leaves no filters enabled.
-#idp.service.attribute.filter.failFast = false
-idp.service.attribute.filter.checkInterval = PT15M
-#idp.service.attribute.filter.maskFailures = true
-
-#idp.service.nameidGeneration.resources = shibboleth.NameIdentifierGenerationResources
-#idp.service.nameidGeneration.failFast = false
-idp.service.nameidGeneration.checkInterval = PT15M
-
-#idp.service.access.resources = shibboleth.AccessControlResources
-#idp.service.access.failFast = true
-idp.service.access.checkInterval = PT5M
-
-#idp.service.cas.registry.resources = shibboleth.CASServiceRegistryResources
-#idp.service.cas.registry.failFast = false
-idp.service.cas.registry.checkInterval = PT15M
-
-#idp.message.resources = shibboleth.MessageSourceResources
-#idp.message.cacheSeconds = 300
-
-# Parameters for pre-defined HttpClient instances which perform in-memory and filesystem caching.
-# These are used with components such as remote configuration resources that are explicitly wired
-# with these client instances, *not* by default with HTTP metadata resolvers.
-#idp.httpclient.useTrustEngineTLSSocketFactory = false
-#idp.httpclient.useSecurityEnhancedTLSSocketFactory = false
-#idp.httpclient.connectionDisregardTLSCertificate = false
-#idp.httpclient.connectionTimeout = -1
-#idp.httpclient.memorycaching.maxCacheEntries = 50
-#idp.httpclient.memorycaching.maxCacheEntrySize = 1048576
-#idp.httpclient.filecaching.maxCacheEntries = 100
-#idp.httpclient.filecaching.maxCacheEntrySize = 10485760
-idp.httpclient.filecaching.cacheDirectory = %{idp.home}/tmp/httpClientCache
\ No newline at end of file
diff --git a/dist/conf/services.xml.dist b/dist/conf/services.xml.dist
deleted file mode 100644
index d22fff9..0000000
--- a/dist/conf/services.xml.dist
+++ /dev/null
@@ -1,145 +0,0 @@
-
-
-
-
-
-
-
-
-
-
- %{idp.home}/conf/relying-party.xml
- %{idp.home}/conf/credentials.xml
- %{idp.home}/system/conf/relying-party-system.xml
-
-
-
-
- %{idp.home}/conf/relying-party.xml
- %{idp.home}/system/conf/legacy-relying-party-defaults.xml
-
-
-
- %{idp.home}/conf/metadata-providers.xml
- %{idp.home}/system/conf/metadata-providers-system.xml
-
-
-
- %{idp.home}/conf/attribute-resolver.xml
-
-
-
- %{idp.home}/conf/attribute-filter.xml
-
-
-
- %{idp.home}/conf/saml-nameid.xml
- %{idp.home}/system/conf/saml-nameid-system.xml
-
-
-
- %{idp.home}/conf/access-control.xml
- %{idp.home}/system/conf/access-control-system.xml
-
-
-
- %{idp.home}/conf/cas-protocol.xml
-
-
-
-
- %{idp.home}/messages/authn-messages
- %{idp.home}/messages/consent-messages
- %{idp.home}/messages/error-messages
-
-
-
diff --git a/dist/conf/session-manager.xml.dist b/dist/conf/session-manager.xml.dist
deleted file mode 100644
index f195014..0000000
--- a/dist/conf/session-manager.xml.dist
+++ /dev/null
@@ -1,45 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/flows/authn/conditions/account-locked/account-locked-flow.xml.dist b/dist/flows/authn/conditions/account-locked/account-locked-flow.xml.dist
deleted file mode 100644
index 5fe7523..0000000
--- a/dist/flows/authn/conditions/account-locked/account-locked-flow.xml.dist
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/flows/authn/conditions/conditions-flow.xml.dist b/dist/flows/authn/conditions/conditions-flow.xml.dist
deleted file mode 100644
index caa0a13..0000000
--- a/dist/flows/authn/conditions/conditions-flow.xml.dist
+++ /dev/null
@@ -1,35 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/flows/authn/conditions/expired-password/expired-password-flow.xml.dist b/dist/flows/authn/conditions/expired-password/expired-password-flow.xml.dist
deleted file mode 100644
index 5fe7523..0000000
--- a/dist/flows/authn/conditions/expired-password/expired-password-flow.xml.dist
+++ /dev/null
@@ -1,16 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/flows/authn/conditions/expiring-password/expiring-password-flow.xml.dist b/dist/flows/authn/conditions/expiring-password/expiring-password-flow.xml.dist
deleted file mode 100644
index f9f5ceb..0000000
--- a/dist/flows/authn/conditions/expiring-password/expiring-password-flow.xml.dist
+++ /dev/null
@@ -1,32 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/flows/user/prefs/prefs-flow.xml.dist b/dist/flows/user/prefs/prefs-flow.xml.dist
deleted file mode 100644
index c79093b..0000000
--- a/dist/flows/user/prefs/prefs-flow.xml.dist
+++ /dev/null
@@ -1,25 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/messages/authn-messages.properties.dist b/dist/messages/authn-messages.properties.dist
deleted file mode 100644
index ed92747..0000000
--- a/dist/messages/authn-messages.properties.dist
+++ /dev/null
@@ -1,73 +0,0 @@
-# In addition to the Apache 2.0 license, this content is also licensed
-# under the Creative Commons Attribution-ShareAlike 3.0 Unported license
-# (see http://creativecommons.org/licenses/by-sa/3.0/).
-
-# Login / Logout messages
-
-idp.login.loginTo = Login to
-
-idp.login.username = Username
-idp.login.password = Password
-
-idp.login.donotcache = Don't Remember Login
-
-idp.login.login = Login
-idp.login.pleasewait = Logging in, please wait...
-
-idp.login.forgotPassword = Forgot your password?
-idp.login.needHelp = Need Help?
-
-# Expiring password example messages
-
-idp.login.expiringSoon = Your password will be expiring soon!
-idp.login.changePassword = To create a new password now, go to
-idp.login.proceedBegin = Your login will proceed in 20 seconds or you may click
-idp.login.proceedHere = here
-idp.login.proceedEnd = to continue
-
-# Useful links
-
-idp.url.password.reset = #
-idp.url.helpdesk = #
-
-# User Preferences example messages
-
-idp.userprefs.title = Web Login Service
-idp.userprefs.title.suffice = Login Preferences
-idp.userprefs.info = This page allows you to configure your device to tell the Web Login Service that it \
- can use more advanced login approaches that are more convenient, but not always usable.
-idp.userprefs.options = The following options are available:
-idp.userprefs.spnego = Automatically try desktop login when available.
-idp.userprefs.no-js = This feature requires Javascript.
-
-# Classified Login Error messages
-
-UnknownUsername = bad-username
-InvalidPassword = bad-password
-ExpiredPassword = expired-password
-AccountLocked = account-locked
-SPNEGONotAvailable = spnego-unavailable
-NTLMUnsupported = ntlm
-
-bad-username.message = The username you entered cannot be identified.
-
-bad-password.message = The password you entered was incorrect.
-
-expired-password.message = Your password has expired.
-
-account-locked.message = Your account is locked.
-
-spnego-unavailable.message = Your web browser doesn't support authentication with your desktop login credentials.
-spnego-unavailable.return = Cancel the attempt.
-
-ntlm.message = Your web browser attempted to negotiate a weaker form of desktop authentication.
-
-# Logout-related messages
-
-idp.logout.ask = Would you like to attempt to log out of all services accessed during your session? \
- Please select Yes or No to ensure the logout \
- operation completes, or wait a few seconds for Yes.
-idp.logout.contactServices = If you proceed, the system will attempt to contact the following services:
-idp.logout.complete = The logout operation is complete, and no other services appear to have been accessed during this session.
-idp.logout.local = You elected not to log out of all the applications accessed during your session.
-idp.logout.attempt = Attempting to log out of the following services:
diff --git a/dist/messages/consent-messages.properties.dist b/dist/messages/consent-messages.properties.dist
deleted file mode 100644
index bed612e..0000000
--- a/dist/messages/consent-messages.properties.dist
+++ /dev/null
@@ -1,77 +0,0 @@
-# In addition to the Apache 2.0 license, this content is also licensed
-# under the Creative Commons Attribution-ShareAlike 3.0 Unported license
-# (see http://creativecommons.org/licenses/by-sa/3.0/).
-
-# General messages related to terms of use consent.
-
-idp.terms-of-use.accept = I accept the terms of use
-idp.terms-of-use.submit = Submit
-idp.terms-of-use.reject = Refuse
-idp.terms-of-use.required = Please check this box if you want to proceed.
-
-# Triples consisting of a TOU key, and a title and text for each set of terms.
-# The default implementation uses the SP name as the key, but this can be overriden.
-
-https\://sp.example.org = example-tou-1
-example-tou-1.title = Example Terms of Use
-example-tou-1.text = *** This is an example ToU - tailor due to your needs *** \
-
Example organization AAI services: Terms of Use (ToU)
\
- A. Data Protection Sample Clause \
-
\
- "The End User notes that personal data about the End User is compiled from generally \
- available sources and from communications received from the End User and other \
- Universities as well as from off-site sources. The policy relating to the use and procession \
- of such data is posted on the University website at [...]. Such data will be used, inter alia, \
- to authenticate and authorize the access to and use of various resources within \
- the University and on other sites ("Approved Uses"). The End User hereby consents to \
- the collection, processing, use and release of such data to the extent reasonably necessary \
- for the Approved Uses. Such consent includes, but is not limited to, the release \
- of personal data to other institutions by employing cookies and electronically exchanging, \
- caching and storing personal authorization attributes." \
-
\
- B. Limitation of Liability \
-
\
- "To the extent permitted by the applicable law, the End User hereby waives all and any \
- claims for cost and damages, whether direct or indirect, incidental, or consequential(including, \
- inter alia, loss of use and lost profits), both in contract and in tort, arising from \
- the use or in any way related to the inter-organizational authentication and authorization \
- services which allow the End User to access certain resources of other organizations. \
- This waiver of claims shall be valid and effective in relation to all participants of \
- the inter-organizational authentication and authorization services including the AAI \
- Service Provider and its affiliates, officers, employees and agents." \
-
-
-# Messages related to attribute release consent.
-
-idp.attribute-release.revoke = Clear prior granting of permission for release of your information to this service.
-
-idp.attribute-release.title = Information Release
-
-idp.attribute-release.attributesHeader = Information to be Provided to Service
-
-idp.attribute-release.serviceNameLabel = You are about to access the service:
-idp.attribute-release.of = of
-idp.attribute-release.serviceDescriptionLabel = Description as provided by this service:
-
-idp.attribute-release.informationURLLabel = Additional information about the service
-idp.attribute-release.privacyStatementURLLabel = Data privacy information of the service
-
-idp.attribute-release.showDetails = show details
-
-idp.attribute-release.accept = Accept
-idp.attribute-release.reject = Reject
-
-idp.attribute-release.confirmationQuestion = The information above would be shared with the service if you proceed. \
- Do you agree to release this information to the service every time you access it?
-
-idp.attribute-release.consentMethod = Select an information release consent duration:
-idp.attribute-release.consentMethodRevoke = This setting can be revoked at any time with the checkbox on the login page.
-
-idp.attribute-release.doNotRememberConsent = Ask me again at next login
-idp.attribute-release.doNotRememberConsentItem = I agree to send my information this time.
-
-idp.attribute-release.rememberConsent = Ask me again if information to be provided to this service changes
-idp.attribute-release.rememberConsentItem = I agree that the same information will be sent automatically to this service in the future.
-
-idp.attribute-release.globalConsent = Do not ask me again
-idp.attribute-release.globalConsentItem = I agree that all of my information will be released to any service.
diff --git a/dist/messages/error-messages.properties.dist b/dist/messages/error-messages.properties.dist
deleted file mode 100644
index 4f93680..0000000
--- a/dist/messages/error-messages.properties.dist
+++ /dev/null
@@ -1,119 +0,0 @@
-# In addition to the Apache 2.0 license, this content is also licensed
-# under the Creative Commons Attribution-ShareAlike 3.0 Unported license
-# (see http://creativecommons.org/licenses/by-sa/3.0/).
-
-# Title / Message mappings for error view
-
-# General strings
-idp.title = Web Login Service
-idp.title.suffix = Error
-idp.logo = /images/dummylogo.png
-idp.logo.alt-text = Replace or remove this logo
-idp.message = An unidentified error occurred.
-idp.footer = Insert your footer text here.
-
-idp.client-storage-read.title = Loading Session State...
-idp.client-storage-write.title = Saving Session State...
-idp.client-storage.no-js = Since your browser does not support JavaScript, \
- you must press the Continue button once to proceed.
-
-# Event to error key mappings
-
-AccessDenied = access
-ContextCheckDenied = context-check-denied
-EndpointResolutionFailed = endpoint
-InvalidProfileConfiguration = relying-party
-InvalidSecurityConfiguration = security-cfg
-MessageAuthenticationError = security-msg
-MessageReplay = stale
-MessageExpired = stale
-UnableToDecode = stale
-AccountError = authn
-AuthenticationException = authn
-InvalidCredentials = authn
-NoCredentials = authn
-NoPotentialFlow = authn
-RequestUnsupported = authn
-SubjectCanonicalizationError = authn
-InvalidAttributeContext = unexpected
-InvalidAuthenticationContext = unexpected
-InvalidSubjectContext = unexpected
-InvalidSubjectCanonicalizationContext = unexpected
-InvalidMessageContext = unexpected
-InvalidMessageVersion = unexpected
-InvalidProfileContext = unexpected
-InvalidRelyingPartyContext = unexpected
-InvalidRelyingPartyConfiguration = unexpected
-MessageProcessingError = unexpected
-UnableToEncode = unexpected
-UnableToSign = unexpected
-UnableToEncrypt = unexpected
-AttributeReleaseRejected = no-release
-TermsRejected = no-terms
-RuntimeException = runtime-error
-
-# Exception to error key mappings
-
-FlowExecutionRestorationFailureException = stale
-
-# Error key to title and message mappings
-
-access.title = Access Denied
-access.message = You do not have access to the requested resource.
-
-context-check-denied.title = Access Denied
-context-check-denied.message = You are not eligible for the service requested.
-
-no-release.title = Release of Information Prevented
-no-release.message = At your request, the release of your information has been blocked. If you wish to \
- change your decision, you may access the service again and approve the release in the \
- future.
-
-no-terms.title = Terms of Use Refused
-no-terms.message = Having refused the mandatory Terms of Use, access to the service is not permitted. \
- If you wish to change your decision, you may access the service again and approve \
- the terms in the future.
-
-authn.title = Login Failed
-authn.message = User login was not successful or could not meet the requirements of the requesting application.
-
-endpoint.title = Unable to Respond
-endpoint.message = The login service was unable to identify a compatible way to respond to the requested \
- application. This is generally to due to a misconfiguration on the part of the application \
- and should be reported to the application's support team or owner.
-
-relying-party.title = Unsupported Request
-relying-party.message = The application you have accessed is not registered for use with this service.
-
-security-cfg.title = Security Configuration Error
-security-cfg.message = The login service and the requested application do not share a compatible \
- security configuration, and the request cannot be fulfilled.
-
-security-msg.title = Message Security Error
-security-msg.message = The request cannot be fulfilled because the message received does not meet the \
- security requirements of the login service.
-
-stale.title = Stale Request
-stale.message =
You may be seeing this page because you used the Back button while browsing a \
- secure web site or application. Alternatively, you may have mistakenly bookmarked \
- the web login form instead of the actual web site you wanted to bookmark or used a \
- link created by somebody else who made the same mistake.
\
- \
-
Left unchecked, this can cause errors on some browsers or result in you returning to \
- the web site you tried to leave, so this page is presented instead.
-
-unexpected.title = Unexpected Error
-unexpected.message = An unexpected error was encountered, usually reflecting a configuration or software error.
-
-runtime-error.title = Uncaught Exception
-runtime-error.message =
A software error was encountered that prevents normal operation:
Please report this problem to your Help Desk or administrative staff. It has \
- also been logged for an administrator to review.
-
-error.title = Error
-error.message = An error occurred: $eventId
-
-root.title = Shibboleth IdP
-root.message = No services are available at this location.
-root.footer = Insert your footer text here.
diff --git a/dist/views/error.vm.dist b/dist/views/error.vm.dist
deleted file mode 100644
index fb08a82..0000000
--- a/dist/views/error.vm.dist
+++ /dev/null
@@ -1,71 +0,0 @@
-##
-## Velocity Template for error end-state
-##
-## Velocity context will contain the following properties
-## flowRequestContext - the Spring Web Flow RequestContext
-## encoder - HTMLEncoder class
-## request - HttpServletRequest
-## response - HttpServletResponse
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-#set ($title = $springMacroRequestContext.getMessage("idp.title", "Web Login Service"))
-#set ($defaultTitleSuffix = $springMacroRequestContext.getMessage("idp.title.suffix", "Error"))
-##
-#if ($flowRequestContext)
- ## This handles flow events, the most common case.
- #set ($eventId = $flowRequestContext.getCurrentEvent().getId())
- #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "error"))
- #set ($titleSuffix = $springMacroRequestContext.getMessage("${eventKey}.title", "$defaultTitleSuffix"))
- #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "$defaultTitleSuffix: $eventId"))
- #if ($eventId == "AccessDenied" or $eventId == "ContextCheckDenied")
- $response.setStatus(403)
- #elseif ($eventId == "AttributeReleaseRejected" || $eventId == "TermsRejected")
- $response.setStatus(200)
- #elseif ($eventKey == "unexpected" || $eventKey == "runtime-error" || $eventKey == "error")
- $response.setStatus(500)
- #else
- $response.setStatus(400)
- #end
-#elseif ($exception)
- ## This handles exceptions that reach the Spring-MVC exception handler.
- #set ($eventId = $exception.getClass().getSimpleName())
- #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "error"))
- #set ($titleSuffix = $springMacroRequestContext.getMessage("${eventKey}.title", "$defaultTitleSuffix"))
- #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "$defaultTitleSuffix: $eventId"))
-#else
- ## This is a catch-all that theoretically shouldn't happen?
- #set ($titleSuffix = $defaultTitleSuffix)
- #set ($message = $springMacroRequestContext.getMessage("idp.message", "An unidentified error occurred."))
-#end
-##
-
-
-
-
- $title - $titleSuffix
-
-
-
-
-
-
-
-
-
$title - $titleSuffix
-
-
-
- #evaluate($message)
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/dist/views/expiring-password.vm.dist b/dist/views/expiring-password.vm.dist
deleted file mode 100644
index 0cb9d90..0000000
--- a/dist/views/expiring-password.vm.dist
+++ /dev/null
@@ -1,53 +0,0 @@
-##
-## Velocity Template for expiring password view
-##
-## Velocity context will contain the following properties
-## flowExecutionUrl - the form action location
-## flowRequestContext - the Spring Web Flow RequestContext
-## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl)
-## profileRequestContext - root of context tree
-## authenticationContext - context with authentication request information
-## authenticationErrorContext - context with login error state
-## authenticationWarningContext - context with login warning state
-## ldapResponseContext - context with LDAP state (if using native LDAP)
-## encoder - HTMLEncoder class
-## request - HttpServletRequest
-## response - HttpServletResponse
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-
-
-
-
- #springMessageText("idp.title", "Web Login Service")
-
-
-
-
-
-
-
-
-
-
#springMessageText("idp.login.expiringSoon", "Your password will be expiring soon!")
-
-
-
-
#springMessageText("idp.login.changePassword", "To create a new password now, go to")
- #.
-
#springMessageText("idp.login.proceedBegin", "Your login will proceed in 20 seconds or you may click")
- #springMessageText("idp.login.proceedHere", "here")
- #springMessageText("idp.login.proceedEnd", "to continue").
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/dist/views/intercept/attribute-release.vm.dist b/dist/views/intercept/attribute-release.vm.dist
deleted file mode 100644
index 9c8b614..0000000
--- a/dist/views/intercept/attribute-release.vm.dist
+++ /dev/null
@@ -1,148 +0,0 @@
-##
-## Velocity Template for DisplayAttributeReleasePage view-state
-##
-## Velocity context will contain the following properties :
-##
-## attributeReleaseContext - context holding consentable attributes
-## attributeReleaseFlowDescriptor - attribute consent flow descriptor
-## attributeDisplayNameFunction - function to display attribute name
-## consentContext - context representing the state of a consent flow
-## encoder - HTMLEncoder class
-## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl)
-## flowExecutionUrl - form action location
-## flowRequestContext - Spring Web Flow RequestContext
-## profileRequestContext - OpenSAML profile request context
-## request - HttpServletRequest
-## response - HttpServletResponse
-## rpUIContext - context with SP UI information from the metadata
-## environment - Spring Environment object for property resolution
-#set ($serviceName = $rpUIContext.serviceName)
-#set ($serviceDescription = $rpUIContext.serviceDescription)
-#set ($informationURL = $rpUIContext.informationURL)
-#set ($privacyStatementURL = $rpUIContext.privacyStatementURL)
-#set ($rpOrganizationLogo = $rpUIContext.getLogo())
-#set ($rpOrganizationName = $rpUIContext.organizationName)
-##
-
-
-
-
-
-
- #springMessageText("idp.attribute-release.title", "Information Release")
-
-
-
-
-
diff --git a/dist/views/intercept/terms-of-use.vm.dist b/dist/views/intercept/terms-of-use.vm.dist
deleted file mode 100644
index 1bf12c7..0000000
--- a/dist/views/intercept/terms-of-use.vm.dist
+++ /dev/null
@@ -1,67 +0,0 @@
-##
-## Velocity Template for DisplayTermsOfUsePage view-state
-##
-## Velocity context will contain the following properties :
-##
-## encoder - HTMLEncoder class
-## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl)
-## flowExecutionUrl - form action location
-## flowRequestContext - Spring Web Flow RequestContext
-## request - HttpServletRequest
-## response - HttpServletResponse
-## rpUIContext - context with SP UI information from the metadata
-## termsOfUseId - terms of use ID to lookup message strings
-## environment - Spring Environment object for property resolution
-#set ($serviceName = $rpUIContext.serviceName)
-#set ($rpOrganizationLogo = $rpUIContext.getLogo())
-##
-
-
-
-
-
-
- #springMessageText("${termsOfUseId}.title", "Terms of Use")
-
-
-
#springMessageText("${termsOfUseId}.title", "Terms of Use")
-
- #end
-
- #springMessageText("${termsOfUseId}.text", "Terms of Use Text...")
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dist/views/login-error.vm.dist b/dist/views/login-error.vm.dist
deleted file mode 100644
index 44676b3..0000000
--- a/dist/views/login-error.vm.dist
+++ /dev/null
@@ -1,24 +0,0 @@
-## Velocity Template for login error message production, included by login.vm
-##
-## authenticationErrorContext - context containing error data, if available
-##
-#if ($authenticationErrorContext && $authenticationErrorContext.getClassifiedErrors().size() > 0 && $authenticationErrorContext.getClassifiedErrors().iterator().next() != "ReselectFlow")
- ## This handles errors that are classified by the message maps in the authentication config.
- #set ($eventId = $authenticationErrorContext.getClassifiedErrors().iterator().next())
- #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "login"))
- #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "Login Failure: $eventId"))
-#elseif ($authenticationErrorContext && $authenticationErrorContext.getExceptions().size() > 0)
- ## This handles login exceptions that are left unclassified.
- #set ($loginException = $authenticationErrorContext.getExceptions().get(0))
- #if ($loginException.getMessage())
- #set ($message = "Login Failure: $loginException.getMessage()")
- #else
- #set ($message = $loginException.toString())
- #end
-#end
-
-#if ($message)
-
-
$encoder.encodeForHTML($message)
-
-#end
diff --git a/dist/views/login.vm.dist b/dist/views/login.vm.dist
deleted file mode 100644
index a623db5..0000000
--- a/dist/views/login.vm.dist
+++ /dev/null
@@ -1,138 +0,0 @@
-##
-## Velocity Template for DisplayUsernamePasswordPage view-state
-##
-## Velocity context will contain the following properties
-## flowExecutionUrl - the form action location
-## flowRequestContext - the Spring Web Flow RequestContext
-## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl)
-## profileRequestContext - root of context tree
-## authenticationContext - context with authentication request information
-## authenticationErrorContext - context with login error state
-## authenticationWarningContext - context with login warning state
-## ldapResponseContext - context with LDAP state (if using native LDAP)
-## rpUIContext - the context with SP UI information from the metadata
-## extendedAuthenticationFlows - collection of "extended" AuthenticationFlowDescriptor objects
-## passwordPrincipals - contents of the shibboleth.authn.Password.PrincipalOverride bean
-## encoder - HTMLEncoder class
-## request - HttpServletRequest
-## response - HttpServletResponse
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-#set ($rpContext = $profileRequestContext.getSubcontext('net.shibboleth.idp.profile.context.RelyingPartyContext'))
-#set ($username = $authenticationContext.getSubcontext('net.shibboleth.idp.authn.context.UsernamePasswordContext', true).getUsername())
-#set ($passwordEnabled = false)
-#if (!$passwordPrincipals or $passwordPrincipals.isEmpty() or $authenticationContext.isAcceptable($passwordPrincipals))
- #set ($passwordEnabled = true)
-#end
-##
-
-
-
-
- #springMessageText("idp.title", "Web Login Service")
-
-
-
-
-
-
-
-
-
-
-
- #parse("login-error.vm")
-
-
-
- #*
- //
- // SP Description & Logo (optional)
- // These idpui lines will display added information (if available
- // in the metadata) about the Service Provider (SP) that requested
- // authentication. These idpui lines are "active" in this example
- // (not commented out) - this extra SP info will be displayed.
- // Remove or comment out these lines to stop the display of the
- // added SP information.
- //
- *#
- #set ($logo = $rpUIContext.getLogo())
- #if ($logo)
-
- #end
- #set ($desc = $rpUIContext.getServiceDescription())
- #if ($desc)
- $encoder.encodeForHTML($desc)
- #end
-
-
-
-
-
\ No newline at end of file
diff --git a/dist/views/logout-complete.vm.dist b/dist/views/logout-complete.vm.dist
deleted file mode 100644
index 4bf0a62..0000000
--- a/dist/views/logout-complete.vm.dist
+++ /dev/null
@@ -1,58 +0,0 @@
-##
-## Velocity Template for logout flow's concluding view-state (no propagation)
-##
-## Velocity context will contain the following properties
-## flowExecutionUrl - the form action location
-## flowRequestContext - the Spring Web Flow RequestContext
-## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl)
-## profileRequestContext - root of context tree
-## logoutContext - context with SPSession details for logout operation
-## multiRPContext - context with RelyingPartyContexts and possibly SP UI information from the metadata
-## encoder - HTMLEncoder class
-## request - HttpServletRequest
-## response - HttpServletResponse
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-
-
-
-
- #springMessageText("idp.title", "Web Login Service")
-
-
-
-
-
-
-
-
-
-
-
-
-
#springMessageText("idp.logout.local", "You elected not to log out of all the applications accessed during your session.")
#springMessage()
-