From 532f9e1f8f4cda01c1e196a63a390af1f374874b Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Thu, 19 Jan 2017 17:09:36 -0600
Subject: [PATCH] remove all files in conf

---
 conf/#metadata-providers.xml~                 |  33 --
 conf/access-control.xml                       |  32 --
 conf/attribute-filter.xml                     |  36 ---
 conf/attribute-resolver-full.xml              | 295 ------------------
 conf/attribute-resolver-ldap.xml              |  97 ------
 conf/attribute-resolver.xml                   |  67 ----
 conf/audit.xml                                | 103 ------
 conf/authn/authn-comparison.xml               |  77 -----
 conf/authn/authn-events-flow.xml              |  18 --
 conf/authn/external-authn-config.xml          |  62 ----
 conf/authn/general-authn.xml                  | 114 -------
 conf/authn/ipaddress-authn-config.xml         |  37 ---
 conf/authn/jaas-authn-config.xml              |  27 --
 conf/authn/jaas.config                        |  11 -
 conf/authn/krb5-authn-config.xml              |  24 --
 conf/authn/krb5-authn-config.xml.dist         |  31 --
 conf/authn/ldap-authn-config.xml              | 130 --------
 conf/authn/password-authn-config.xml          | 109 -------
 conf/authn/password-authn-config.xml.dist     | 109 -------
 conf/authn/remoteuser-authn-config.xml        |  67 ----
 .../remoteuser-internal-authn-config.xml      |  63 ----
 conf/authn/spnego-authn-config.xml            |  69 ----
 conf/authn/x509-authn-config.xml              |  41 ---
 conf/authn/x509-internal-authn-config.xml     |  21 --
 .../attribute-sourced-subject-c14n-config.xml |  44 ---
 conf/c14n/simple-subject-c14n-config.xml      |  27 --
 conf/c14n/subject-c14n-events-flow.xml        |  18 --
 conf/c14n/subject-c14n.xml                    | 109 -------
 conf/c14n/x500-subject-c14n-config.xml        |  37 ---
 conf/cas-protocol.xml                         |  53 ----
 conf/credentials.xml                          |  65 ----
 conf/errors.xml                               | 120 -------
 conf/global.xml                               |  53 ----
 conf/idp.properties                           | 194 ------------
 conf/intercept/consent-intercept-config.xml   | 136 --------
 .../context-check-intercept-config.xml        |  42 ---
 conf/intercept/intercept-events-flow.xml      |  18 --
 conf/intercept/profile-intercept.xml          |  36 ---
 conf/ldap.properties                          |  60 ----
 conf/logback.xml                              | 166 ----------
 conf/metadata-providers.xml                   |  34 --
 conf/mvc-beans.xml                            |  23 --
 conf/relying-party.xml                        |  70 -----
 conf/saml-nameid.properties                   |  35 ---
 conf/saml-nameid.xml                          |  62 ----
 conf/services.properties                      |  61 ----
 conf/services.xml                             | 145 ---------
 conf/session-manager.xml                      |  45 ---
 48 files changed, 3326 deletions(-)
 delete mode 100644 conf/#metadata-providers.xml~
 delete mode 100644 conf/access-control.xml
 delete mode 100644 conf/attribute-filter.xml
 delete mode 100644 conf/attribute-resolver-full.xml
 delete mode 100644 conf/attribute-resolver-ldap.xml
 delete mode 100644 conf/attribute-resolver.xml
 delete mode 100644 conf/audit.xml
 delete mode 100644 conf/authn/authn-comparison.xml
 delete mode 100644 conf/authn/authn-events-flow.xml
 delete mode 100644 conf/authn/external-authn-config.xml
 delete mode 100644 conf/authn/general-authn.xml
 delete mode 100644 conf/authn/ipaddress-authn-config.xml
 delete mode 100644 conf/authn/jaas-authn-config.xml
 delete mode 100644 conf/authn/jaas.config
 delete mode 100644 conf/authn/krb5-authn-config.xml
 delete mode 100644 conf/authn/krb5-authn-config.xml.dist
 delete mode 100644 conf/authn/ldap-authn-config.xml
 delete mode 100644 conf/authn/password-authn-config.xml
 delete mode 100644 conf/authn/password-authn-config.xml.dist
 delete mode 100644 conf/authn/remoteuser-authn-config.xml
 delete mode 100644 conf/authn/remoteuser-internal-authn-config.xml
 delete mode 100644 conf/authn/spnego-authn-config.xml
 delete mode 100644 conf/authn/x509-authn-config.xml
 delete mode 100644 conf/authn/x509-internal-authn-config.xml
 delete mode 100644 conf/c14n/attribute-sourced-subject-c14n-config.xml
 delete mode 100644 conf/c14n/simple-subject-c14n-config.xml
 delete mode 100644 conf/c14n/subject-c14n-events-flow.xml
 delete mode 100644 conf/c14n/subject-c14n.xml
 delete mode 100644 conf/c14n/x500-subject-c14n-config.xml
 delete mode 100644 conf/cas-protocol.xml
 delete mode 100644 conf/credentials.xml
 delete mode 100644 conf/errors.xml
 delete mode 100644 conf/global.xml
 delete mode 100644 conf/idp.properties
 delete mode 100644 conf/intercept/consent-intercept-config.xml
 delete mode 100644 conf/intercept/context-check-intercept-config.xml
 delete mode 100644 conf/intercept/intercept-events-flow.xml
 delete mode 100644 conf/intercept/profile-intercept.xml
 delete mode 100644 conf/ldap.properties
 delete mode 100644 conf/logback.xml
 delete mode 100644 conf/metadata-providers.xml
 delete mode 100644 conf/mvc-beans.xml
 delete mode 100644 conf/relying-party.xml
 delete mode 100644 conf/saml-nameid.properties
 delete mode 100644 conf/saml-nameid.xml
 delete mode 100644 conf/services.properties
 delete mode 100644 conf/services.xml
 delete mode 100644 conf/session-manager.xml

diff --git a/conf/#metadata-providers.xml~ b/conf/#metadata-providers.xml~
deleted file mode 100644
index 906556f..0000000
--- a/conf/#metadata-providers.xml~
+++ /dev/null
@@ -1,33 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- This file is an EXAMPLE metadata configuration file. -->
-<MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider"
-    xmlns="urn:mace:shibboleth:2.0:metadata"
-    xmlns:resource="urn:mace:shibboleth:2.0:resource"
-    xmlns:security="urn:mace:shibboleth:2.0:security"
-    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
-                        urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd 
-                        urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd
-                        urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd">
-
-    <MetadataProvider id="InCommonMetadata"
-                      xsi:type="FileBackedHTTPMetadataProvider"
-                      backingFile="%{idp.home}/metadata/localCopyFromInCommon.xml"
-                      metadataURL="http://md.incommon.org/InCommon/InCommon-metadata.xml"
-                      maxRefreshDelay="PT8H"> 
-
-        <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P14D" />
-        
-        <MetadataFilter xsi:type="SignatureValidation"
-            certificateFile="${idp.home}/credentials/inc-md-cert.pem" />
-
-        <MetadataFilter xsi:type="EntityRoleWhiteList">
-            <RetainedRole>md:SPSSODescriptor</RetainedRole>
-        </MetadataFilter>
-        
-    </MetadataProvider>
-
-    <MetadataProvider id="testbed.tier" xsi:type="FilesystemMetadataProvider" metadataFile="/opt/shibboleth-idp/metadata/testbed-tier-metadata.xml"/>
-                        
-</MetadataProvider>
diff --git a/conf/access-control.xml b/conf/access-control.xml
deleted file mode 100644
index 9b23ad7..0000000
--- a/conf/access-control.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!-- Map of access control policies used to limit access to administrative functions. -->
-
-    <!--
-    The only built-in implementation of the AccessControl interface is IP-based, as below.
-    The ranges provided MUST be CIDR network expressions. To specify a single address,
-    add "/32" or "/128" for IPv4 or IPv6 respectively.
-    -->
-
-    <util:map id="shibboleth.AccessControlPolicies">
-    
-        <entry key="AccessByIPAddress">
-            <bean parent="shibboleth.IPRangeAccessControl"
-                p:allowedRanges="#{ {'127.0.0.1/32', '::1/128'} }" />
-        </entry>
-    
-    </util:map>
-
-</beans>
diff --git a/conf/attribute-filter.xml b/conf/attribute-filter.xml
deleted file mode 100644
index 92af950..0000000
--- a/conf/attribute-filter.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
-        xmlns="urn:mace:shibboleth:2.0:afp"
-        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-        xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd">
-
-    <AttributeFilterPolicy id="releaseToAnyone">
-        <PolicyRequirementRule xsi:type="ANY" />
-
-        <AttributeRule attributeID="eduPersonPrincipalName">
-            <PermitValueRule xsi:type="ANY" />
-        </AttributeRule>
-
-        <AttributeRule attributeID="eduPersonScopedAffiliation">
-            <PermitValueRule xsi:type="ANY" />
-        </AttributeRule>
-
-        <AttributeRule attributeID="givenName">
-            <PermitValueRule xsi:type="ANY" />
-        </AttributeRule>
-
-        <AttributeRule attributeID="sn">
-            <PermitValueRule xsi:type="ANY" />
-        </AttributeRule>
-
-        <AttributeRule attributeID="displayName">
-            <PermitValueRule xsi:type="ANY" />
-        </AttributeRule>
-
-        <AttributeRule attributeID="mail">
-            <PermitValueRule xsi:type="ANY" />
-        </AttributeRule>
-
-    </AttributeFilterPolicy>
-
-</AttributeFilterPolicyGroup>
diff --git a/conf/attribute-resolver-full.xml b/conf/attribute-resolver-full.xml
deleted file mode 100644
index d09a1ea..0000000
--- a/conf/attribute-resolver-full.xml
+++ /dev/null
@@ -1,295 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- 
-    This file is an EXAMPLE configuration file containing lots of commented
-    example attributes, encoders, and a couple of example data connectors.
-    
-    Not all attribute definitions or data connectors are demonstrated, but
-    a variety of LDAP attributes, some common to Shibboleth deployments and
-    many not, are included.
-    
-    Deployers should refer to the Shibboleth 2 documentation for a complete
-    list of components  and their options.
--->
-<resolver:AttributeResolver
-        xmlns:resolver="urn:mace:shibboleth:2.0:resolver"
-        xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc"
-        xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad"
-        xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc"
-        xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder"
-        xmlns:sec="urn:mace:shibboleth:2.0:security"
-        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-        xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
-                            urn:mace:shibboleth:2.0:resolver:pc http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-pc.xsd
-                            urn:mace:shibboleth:2.0:resolver:ad http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-ad.xsd
-                            urn:mace:shibboleth:2.0:resolver:dc http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-dc.xsd
-                            urn:mace:shibboleth:2.0:attribute:encoder http://shibboleth.net/schema/idp/shibboleth-attribute-encoder.xsd
-                            urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd">
-
-    <!-- ========================================== -->
-    <!--      Attribute Definitions                 -->
-    <!-- ========================================== -->
-
-    <!-- Schema: Core schema attributes-->
-    <!--
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="uid" sourceAttributeID="uid">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:uid" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="mail" sourceAttributeID="mail">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="homePhone" sourceAttributeID="homePhone">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:homePhone" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.20" friendlyName="homePhone" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="homePostalAddress" sourceAttributeID="homePostalAddress">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:homePostalAddress" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.39" friendlyName="homePostalAddress" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="mobileNumber" sourceAttributeID="mobile">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:mobile" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.41" friendlyName="mobile" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="pagerNumber" sourceAttributeID="pager">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:pager" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.42" friendlyName="pager" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="surname" sourceAttributeID="sn">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:sn" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.4" friendlyName="sn" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="locality" sourceAttributeID="l">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:l" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.7" friendlyName="l" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="stateProvince" sourceAttributeID="st">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:st" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.8" friendlyName="st" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="street" sourceAttributeID="street">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:street" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.9" friendlyName="street" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="organizationName" sourceAttributeID="o">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:o" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.10" friendlyName="o" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="organizationalUnit" sourceAttributeID="ou">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:ou" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.11" friendlyName="ou" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="title" sourceAttributeID="title">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:title" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.12" friendlyName="title" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="postalAddress" sourceAttributeID="postalAddress">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:postalAddress" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.16" friendlyName="postalAddress" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="postalCode" sourceAttributeID="postalCode">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:postalCode" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.17" friendlyName="postalCode" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="postOfficeBox" sourceAttributeID="postOfficeBox">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:postOfficeBox" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.18" friendlyName="postOfficeBox" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="telephoneNumber" sourceAttributeID="telephoneNumber">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:telephoneNumber" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.20" friendlyName="telephoneNumber" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="givenName" sourceAttributeID="givenName">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:givenName" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.42" friendlyName="givenName" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="initials" sourceAttributeID="initials">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:initials" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.43" friendlyName="initials" encodeType="false" />
-    </resolver:AttributeDefinition>
-     -->
-
-    <!-- Schema: inetOrgPerson attributes-->
-    <!--
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="departmentNumber" sourceAttributeID="departmentNumber">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:departmentNumber" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.16.840.1.113730.3.1.2" friendlyName="departmentNumber" encodeType="false" />
-    </resolver:AttributeDefinition>
-    
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="displayName" sourceAttributeID="displayName">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:displayName" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.16.840.1.113730.3.1.241" friendlyName="displayName" encodeType="false" />
-    </resolver:AttributeDefinition> 
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="employeeNumber" sourceAttributeID="employeeNumber">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:employeeNumber" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.16.840.1.113730.3.1.3" friendlyName="employeeNumber" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="employeeType" sourceAttributeID="employeeType">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:employeeType" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.16.840.1.113730.3.1.4" friendlyName="employeeType" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="jpegPhoto" sourceAttributeID="jpegPhoto">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:jpegPhoto" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.60" friendlyName="jpegPhoto" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="preferredLanguage" sourceAttributeID="preferredLanguage">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:preferredLanguage" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.16.840.1.113730.3.1.39" friendlyName="preferredLanguage" encodeType="false" />
-    </resolver:AttributeDefinition>
-    -->
-
-    <!-- Schema: eduPerson attributes -->
-    <!--
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="eduPersonAffiliation" sourceAttributeID="eduPersonAffiliation">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:eduPersonAffiliation" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" friendlyName="eduPersonAffiliation" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="eduPersonEntitlement" sourceAttributeID="eduPersonEntitlement">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:eduPersonEntitlement" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="eduPersonNickname" sourceAttributeID="eduPersonNickname">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:eduPersonNickname" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" friendlyName="eduPersonNickname" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="eduPersonPrimaryAffiliation" sourceAttributeID="eduPersonPrimaryAffiliation">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" friendlyName="eduPersonPrimaryAffiliation" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Scoped" id="eduPersonUniqueId" scope="%{idp.scope}" sourceAttributeID="localUniqueId">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" friendlyName="eduPersonUniqueId" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Prescoped" id="eduPersonPrincipalName" sourceAttributeID="eduPersonPrincipalName">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Prescoped" id="eduPersonPrincipalNamePrior" sourceAttributeID="eduPersonPrincipalNamePrior">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.12" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.12" friendlyName="eduPersonPrincipalNamePrior" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Scoped" id="eduPersonScopedAffiliation" scope="%{idp.scope}" sourceAttributeID="eduPersonAffiliation">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" encodeType="false" />
-    </resolver:AttributeDefinition>
-    
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="eduPersonAssurance" sourceAttributeID="eduPersonAssurance">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:eduPersonAssurance" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" friendlyName="eduPersonAssurance" encodeType="false" />
-    </resolver:AttributeDefinition>
-    -->
-
-    <!-- ========================================== -->
-    <!--      Data Connectors                       -->
-    <!-- ========================================== -->
-
-    <!-- Example Static Connector -->
-    <!--
-    <resolver:DataConnector id="staticAttributes" xsi:type="dc:Static">
-        <dc:Attribute id="eduPersonAffiliation">
-            <dc:Value>member</dc:Value>
-        </dc:Attribute>
-    </resolver:DataConnector>
-    -->
-
-    <!-- Example Relational Database Connector -->
-    <!--
-    <resolver:DataConnector id="mySIS" xsi:type="dc:RelationalDatabase">
-        <dc:ApplicationManagedConnection jdbcDriver="oracle.jdbc.driver.OracleDriver"
-                                         jdbcURL="jdbc:oracle:thin:@db.example.org:1521:SomeDB" 
-                                         jdbcUserName="myid" 
-                                         jdbcPassword="mypassword" />
-        <dc:QueryTemplate>
-            <![CDATA[
-                SELECT * FROM student WHERE gzbtpid = '$resolutionContext.principal'
-            ]]>
-        </dc:QueryTemplate>
-
-        <dc:Column columnName="gzbtpid" attributeID="uid" />
-        <dc:Column columnName="fqlft" attributeID="gpa" />
-    </resolver:DataConnector>
-     -->
-
-    <!-- Example LDAP Connector -->
-    <!--
-    <resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory"
-        ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
-        baseDN="%{idp.attribute.resolver.LDAP.baseDN}" 
-        principal="%{idp.attribute.resolver.LDAP.bindDN}"
-        principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
-        useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}">
-        <dc:FilterTemplate>
-            <![CDATA[
-                %{idp.attribute.resolver.LDAP.searchFilter}
-            ]]>
-        </dc:FilterTemplate>
-        <dc:StartTLSTrustCredential id="LDAPtoIdPCredential" xsi:type="sec:X509ResourceBacked">
-            <sec:Certificate>%{idp.attribute.resolver.LDAP.trustCertificates}</sec:Certificate>
-        </dc:StartTLSTrustCredential>
-    </resolver:DataConnector>
-    -->
-
-</resolver:AttributeResolver>
diff --git a/conf/attribute-resolver-ldap.xml b/conf/attribute-resolver-ldap.xml
deleted file mode 100644
index 9ac44d3..0000000
--- a/conf/attribute-resolver-ldap.xml
+++ /dev/null
@@ -1,97 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- 
-    This file is an EXAMPLE configuration file. While the configuration
-    presented in this example file is semi-functional, it isn't very
-    interesting. It is here only as a starting point for your deployment
-    process.
-    
-    Very few attribute definitions and data connectors are demonstrated,
-    and use of LDAP is assumed, with the LDAP configuration primarily
-    supplied from the ldap.properties file.
-
-    Attribute-resolver-full.xml contains more examples of attributes,
-    encoders, and data connectors. Deployers should refer to the Shibboleth
-    documentation for a complete list of components and their options.
--->
-<resolver:AttributeResolver
-        xmlns:resolver="urn:mace:shibboleth:2.0:resolver" 
-        xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc"
-        xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad" 
-        xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc"
-        xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder" 
-        xmlns:sec="urn:mace:shibboleth:2.0:security"
-        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
-        xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
-                            urn:mace:shibboleth:2.0:resolver:pc http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-pc.xsd
-                            urn:mace:shibboleth:2.0:resolver:ad http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-ad.xsd
-                            urn:mace:shibboleth:2.0:resolver:dc http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-dc.xsd
-                            urn:mace:shibboleth:2.0:attribute:encoder http://shibboleth.net/schema/idp/shibboleth-attribute-encoder.xsd
-                            urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd">
-
-    <!-- ========================================== -->
-    <!--      Attribute Definitions                 -->
-    <!-- ========================================== -->
-
-    <!--
-    The EPPN is the "standard" federated username in higher ed.
-    For guidelines on the implementation of this attribute, refer
-    to the Shibboleth and eduPerson documentation. Above all, do
-    not expose a value for this attribute without considering the
-    long term implications. 
-    -->
-    <resolver:AttributeDefinition id="eduPersonPrincipalName" xsi:type="ad:Prescoped" sourceAttributeID="eduPersonPrincipalName">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <!--
-    The uid is the closest thing to a "standard" LDAP attribute
-    representing a local username, but you should generally *never*
-    expose uid to federated services, as it is rarely globally unique.
-    -->
-    <resolver:AttributeDefinition id="uid" xsi:type="ad:Simple" sourceAttributeID="uid">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:uid" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <!--
-    In the rest of the world, the email address is the standard identifier,
-    despite the problems with that practice. Consider making the EPPN value
-    the same as your official email addresses whenever possible.
-    -->
-    <resolver:AttributeDefinition id="mail" xsi:type="ad:Simple" sourceAttributeID="mail">
-        <resolver:Dependency ref="myLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
-    </resolver:AttributeDefinition>
-        
-    <!-- ========================================== -->
-    <!--      Data Connectors                       -->
-    <!-- ========================================== -->
-    
-    <!--
-    Example LDAP Connector
-    
-    The connectivity details can be specified in ldap.properties to
-    share them with your authentication settings if desired.
-    -->
-    <resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory"
-        ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
-        baseDN="%{idp.attribute.resolver.LDAP.baseDN}" 
-        principal="%{idp.attribute.resolver.LDAP.bindDN}"
-        principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
-        useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}">
-        <dc:FilterTemplate>
-            <![CDATA[
-                %{idp.attribute.resolver.LDAP.searchFilter}
-            ]]>
-        </dc:FilterTemplate>
-        <dc:ReturnAttributes>%{idp.attribute.resolver.LDAP.returnAttributes}</dc:ReturnAttributes>
-        <dc:StartTLSTrustCredential id="LDAPtoIdPCredential" xsi:type="sec:X509ResourceBacked">
-            <sec:Certificate>%{idp.attribute.resolver.LDAP.trustCertificates}</sec:Certificate>
-        </dc:StartTLSTrustCredential>
-    </resolver:DataConnector>
-
-</resolver:AttributeResolver>
diff --git a/conf/attribute-resolver.xml b/conf/attribute-resolver.xml
deleted file mode 100644
index a10d1c8..0000000
--- a/conf/attribute-resolver.xml
+++ /dev/null
@@ -1,67 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<resolver:AttributeResolver
-        xmlns:resolver="urn:mace:shibboleth:2.0:resolver" 
-        xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc"
-        xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad" 
-        xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc"
-        xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder" 
-        xmlns:sec="urn:mace:shibboleth:2.0:security"
-        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
-        xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
-                            urn:mace:shibboleth:2.0:resolver:pc http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-pc.xsd
-                            urn:mace:shibboleth:2.0:resolver:ad http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-ad.xsd
-                            urn:mace:shibboleth:2.0:resolver:dc http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-dc.xsd
-                            urn:mace:shibboleth:2.0:attribute:encoder http://shibboleth.net/schema/idp/shibboleth-attribute-encoder.xsd
-                            urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd">
-
-    <resolver:AttributeDefinition id="eduPersonPrincipalName" xsi:type="ad:Scoped" scope="%{idp.scope}" sourceAttributeID="uid">
-        <resolver:Dependency ref="OpenLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="givenName" sourceAttributeID="givenName">
-        <resolver:Dependency ref="OpenLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.42" friendlyName="givenName" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="sn" sourceAttributeID="sn">
-        <resolver:Dependency ref="OpenLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.4" friendlyName="sn" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="displayName" sourceAttributeID="displayName">
-        <resolver:Dependency ref="OpenLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.16.840.1.113730.3.1.241" friendlyName="displayName" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <resolver:AttributeDefinition xsi:type="ad:Simple" id="mail" sourceAttributeID="mail">
-        <resolver:Dependency ref="OpenLDAP" />
-        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
-    </resolver:AttributeDefinition>
-
-    <!-- ========================================== -->
-    <!--      Data Connectors                       -->
-    <!-- ========================================== -->
-
-    <resolver:DataConnector id="staticAttributes" xsi:type="dc:Static">
-        <dc:Attribute id="affiliation">
-            <dc:Value>member</dc:Value>
-        </dc:Attribute>
-    </resolver:DataConnector>
-
-    <resolver:DataConnector id="OpenLDAP" xsi:type="dc:LDAPDirectory"
-        ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
-        baseDN="%{idp.attribute.resolver.LDAP.baseDN}" 
-        principal="%{idp.attribute.resolver.LDAP.bindDN}"
-        principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
-        useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:false}">
-        <dc:FilterTemplate>
-            <![CDATA[
-                %{idp.attribute.resolver.LDAP.searchFilter}
-            ]]>
-        </dc:FilterTemplate>
-        <dc:ReturnAttributes>givenName sn displayName mail uid</dc:ReturnAttributes>
-    </resolver:DataConnector>
-
-</resolver:AttributeResolver>
diff --git a/conf/audit.xml b/conf/audit.xml
deleted file mode 100644
index 9940cec..0000000
--- a/conf/audit.xml
+++ /dev/null
@@ -1,103 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:context="http://www.springframework.org/schema/context"
-    xmlns:util="http://www.springframework.org/schema/util" xmlns:p="http://www.springframework.org/schema/p"
-    xmlns:c="http://www.springframework.org/schema/c" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
-    default-init-method="initialize"
-    default-destroy-method="destroy">
-
-    <!--
-    This bean defines a mapping between audit log categories and formatting strings. The default entry is
-    for compatibility with V2 audit logging.
-    -->
-    <util:map id="shibboleth.AuditFormattingMap">
-        <entry key="Shibboleth-Audit" value="%T|%b|%I|%SP|%P|%IDP|%bb|%III|%u|%ac|%attr|%n|%i|" />
-    </util:map>
-
-    <!-- Allows auditing to be disabled selectively for particular profiles/flows. -->
-    <util:list id="shibboleth.AuditSuppressedProfiles">
-        <value>http://shibboleth.net/ns/profiles/status</value>
-    </util:list>
-
-    <!--
-    The beans below need to be defined, even if left empty. They can be ignored in most cases.
-    
-    If you write your own function to extract a new piece of data for auditing, you can install it into one or more
-    of the maps below to add it to the auditing framework, keyed by an audit field label to be used in formatting.
-    -->
-
-    <bean id="shibboleth.PostDecodeAuditExtractors" parent="shibboleth.DefaultPostDecodeAuditExtractors" lazy-init="true">
-        <property name="sourceMap">
-            <map merge="true">
-            </map>
-        </property>
-    </bean>
-
-    <bean id="shibboleth.PostLookupAuditExtractors" parent="shibboleth.DefaultPostLookupAuditExtractors" lazy-init="true">
-        <property name="sourceMap">
-            <map merge="true">
-            </map>
-        </property>
-    </bean>
-
-    <bean id="shibboleth.PostAssertionAuditExtractors" parent="shibboleth.DefaultPostAssertionAuditExtractors" lazy-init="true">
-        <property name="sourceMap">
-            <map merge="true">
-            </map>
-        </property>
-    </bean>
-
-    <bean id="shibboleth.PostResponseAuditExtractors" parent="shibboleth.DefaultPostResponseAuditExtractors" lazy-init="true">
-        <property name="sourceMap">
-            <map merge="true">
-            </map>
-        </property>
-    </bean>
-
-    <bean id="shibboleth.LogoutRequestAuditExtractors" parent="shibboleth.DefaultLogoutRequestAuditExtractors" lazy-init="true">
-        <property name="sourceMap">
-            <map merge="true">
-            </map>
-        </property>
-    </bean>
-    
-    <bean id="shibboleth.LogoutAuditExtractors" parent="shibboleth.DefaultLogoutAuditExtractors" lazy-init="true">
-        <property name="sourceMap">
-            <map merge="true">
-            </map>
-        </property>
-    </bean>
-
-    <bean id="shibboleth.ErrorViewAuditExtractors" parent="shibboleth.DefaultErrorViewAuditExtractors" lazy-init="true">
-        <property name="sourceMap">
-            <map merge="true">
-            </map>
-        </property>
-    </bean>
-
-    <bean id="shibboleth.CASLoginAuditExtractors" parent="shibboleth.DefaultCASLoginAuditExtractors" lazy-init="true">
-        <property name="sourceMap">
-            <map merge="true">
-            </map>
-        </property>
-    </bean>
-
-    <bean id="shibboleth.CASValidationAuditExtractors" parent="shibboleth.DefaultCASValidationAuditExtractors" lazy-init="true">
-        <property name="sourceMap">
-            <map merge="true">
-            </map>
-        </property>
-    </bean>
-
-    <bean id="shibboleth.CASProxyAuditExtractors" parent="shibboleth.DefaultCASProxyAuditExtractors" lazy-init="true">
-        <property name="sourceMap">
-            <map merge="true">
-            </map>
-        </property>
-    </bean>
-    
-</beans>
diff --git a/conf/authn/authn-comparison.xml b/conf/authn/authn-comparison.xml
deleted file mode 100644
index f167b7a..0000000
--- a/conf/authn/authn-comparison.xml
+++ /dev/null
@@ -1,77 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!--
-    These beans can be used in the AuthnComparisonRules map below instead of the defaults to
-    support more advanced matching rules. The top example shows how to configure a matching rule,
-    in this case a rule that the two listed classes are "better" than the password class.
-    
-    To use these beans, configure the matchingRules map as desired, and then reference the bean id in the
-    desired value-ref slot in the AuthnComparisonRules map.
-    -->
-    
-    <bean id="shibboleth.BetterClassRefMatchFactory" parent="shibboleth.InexactMatchFactory">
-        <!--
-        <property name="matchingRules">
-            <map>
-                <entry key="urn:oasis:names:tc:SAML:2.0:ac:classes:Password">
-                    <list>
-                        <value>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</value>
-                        <value>urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken</value>
-                    </list>
-                </entry>
-            </map>
-        </property>
-        -->
-    </bean>
-
-    <bean id="shibboleth.MinimumClassRefMatchFactory" parent="shibboleth.InexactMatchFactory" />
-
-    <bean id="shibboleth.MaximumClassRefMatchFactory" parent="shibboleth.InexactMatchFactory" />
-
-    <!-- DeclRefs are rarely used in SAML, so you likely won't bother with these. -->
-    <bean id="shibboleth.BetterDeclRefMatchFactory" parent="shibboleth.InexactMatchFactory" />
-    <bean id="shibboleth.MinimumDeclRefMatchFactory" parent="shibboleth.InexactMatchFactory" />
-    <bean id="shibboleth.MaximumDeclRefMatchFactory" parent="shibboleth.InexactMatchFactory" />
-    
-    
-    <!-- Registry of matching rules. -->
-    
-    <util:map id="shibboleth.AuthnComparisonRules">
-    
-        <!-- Exact matching, should be left alone to avoid tricking the IdP into behaving incorrectly. -->
-        <entry key-ref="shibboleth.SAMLAuthnMethodExact" value-ref="shibboleth.ExactMatchFactory"/>
-        <entry key-ref="shibboleth.SAMLACClassRefExact" value-ref="shibboleth.ExactMatchFactory"/>
-        <entry key-ref="shibboleth.SAMLACDeclRefExact" value-ref="shibboleth.ExactMatchFactory"/>
-
-        <!-- Minimum matching, leave to allow degeneration into exact, or replace with custom rules. -->
-        <entry key-ref="shibboleth.SAMLACClassRefMinimum" value-ref="shibboleth.ExactMatchFactory"/>
-        <entry key-ref="shibboleth.SAMLACDeclRefMinimum" value-ref="shibboleth.ExactMatchFactory"/>
-
-        <!-- Maximum matching, leave to allow degeneration into exact, or replace with custom rules. -->
-        <entry key-ref="shibboleth.SAMLACClassRefMaximum" value-ref="shibboleth.ExactMatchFactory"/>
-        <entry key-ref="shibboleth.SAMLACDeclRefMaximum" value-ref="shibboleth.ExactMatchFactory"/>
-
-        <!-- Better matching, refers to empty ruleset that has to be populated to work. -->
-        <entry key-ref="shibboleth.SAMLACClassRefBetter" value-ref="shibboleth.BetterClassRefMatchFactory"/>
-        <entry key-ref="shibboleth.SAMLACDeclRefBetter" value-ref="shibboleth.BetterDeclRefMatchFactory"/>
-        
-    </util:map>
-    
-    <!-- List of context classes or declarations to ignore if an SP requests them. -->
-
-    <util:list id="shibboleth.IgnoredContexts">
-        <value>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</value>
-    </util:list>
-    
-</beans>
diff --git a/conf/authn/authn-events-flow.xml b/conf/authn/authn-events-flow.xml
deleted file mode 100644
index 244e1db..0000000
--- a/conf/authn/authn-events-flow.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<flow xmlns="http://www.springframework.org/schema/webflow"
-      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow.xsd"
-      abstract="true">
-
-    <!-- ADVANCED USE ONLY -->
-    
-    <!--
-    You can ignore this file unless you are creating your own custom login subflows that want to
-    report custom events in response to unusual error or warning conditions.
-    -->
-
-    <!-- Custom error events to reflect back from user-supplied login subflows. -->
-    <!--
-    <end-state id="MyCustomEvent" />
-    -->
-
-</flow>
diff --git a/conf/authn/external-authn-config.xml b/conf/authn/external-authn-config.xml
deleted file mode 100644
index 4ce8f26..0000000
--- a/conf/authn/external-authn-config.xml
+++ /dev/null
@@ -1,62 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!-- Servlet context-relative path to wherever your implementation lives. -->
-    <bean id="shibboleth.authn.External.externalAuthnPath" class="java.lang.String"
-        c:_0="contextRelative:Authn/External" />
-
-    <!-- Populate RP UI info from metadata? -->
-    <util:constant id="shibboleth.authn.External.populateUIInfo" static-field="java.lang.Boolean.FALSE" />
-
-    <!--
-    Add authentication flow descriptor's supportedPrincipals collection to the resulting Subject?
-    You would normally only unset this if you plan to return a fully decorated Java Subject from your
-    external authentication source.
-    -->
-    <util:constant id="shibboleth.authn.External.addDefaultPrincipals" static-field="java.lang.Boolean.TRUE" />
-
-    <!--
-    Define entries here to map error messages returned by external modules and classify them as particular
-    kinds of errors for use in your templates and as events in flows.
-
-    Keys are events to signal, values are error codes.
-
-    The examples here just allow external signaling of the exact type of condition to record.
-    
-    If you want to "fall-through" to other login flows, include a mapping to "ReselectFlow".
-    -->
-    <util:map id="shibboleth.authn.External.ClassifiedMessageMap">
-        <entry key="UnknownUsername">
-            <list>
-                <value>UnknownUsername</value>
-            </list>
-        </entry>
-        <entry key="InvalidPassword">
-            <list>
-                <value>InvalidPassword</value>
-            </list>
-        </entry>
-        <entry key="ExpiredPassword">
-            <list>
-                <value>ExpiredPassword</value>
-            </list>
-        </entry>
-        <entry key="ExpiringPassword">
-            <list>
-                <value>ExpiringPassword</value>
-            </list>
-        </entry>
-    </util:map>
-    
-</beans>
diff --git a/conf/authn/general-authn.xml b/conf/authn/general-authn.xml
deleted file mode 100644
index f127a13..0000000
--- a/conf/authn/general-authn.xml
+++ /dev/null
@@ -1,114 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!--
-    This file provisions the IdP with information about the configured login mechanisms available for use.
-    The actual beans and subflows that make up those mechanisms are in their own files, but this pulls them
-    together with deployer-supplied metadata to describe them to the system.
-    
-    You can turn on and off individual mechanisms by adding and remove them here. Nothing left out will
-    be used, regardless any other files loaded by the Spring container.
-    
-    Flow defaults include: no support for IsPassive/ForceAuthn, support for non-browser clients enabled,
-    and default timeout and lifetime values set via properties. We also default to supporting the SAML 1/2
-    expressions for password-based authentication over a secure channel, so anything more exotic requires
-    customization, as the examples below for IP address and SPNEGO authentication illustrate.
-    -->
-
-    <util:list id="shibboleth.AvailableAuthenticationFlows">
-        
-        <bean id="authn/IPAddress" parent="shibboleth.AuthenticationFlow"
-                p:passiveAuthenticationSupported="true"
-                p:lifetime="PT60S" p:inactivityTimeout="PT60S">
-            <property name="supportedPrincipals">
-                <list>
-                    <bean parent="shibboleth.SAML2AuthnContextClassRef"
-                        c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol" />
-                </list>
-            </property>
-        </bean>
-
-        <bean id="authn/SPNEGO" parent="shibboleth.AuthenticationFlow"
-                p:nonBrowserSupported="false">
-            <property name="supportedPrincipals">
-                <list>
-                    <bean parent="shibboleth.SAML2AuthnContextClassRef"
-                        c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos" />
-                    <bean parent="shibboleth.SAML1AuthenticationMethod"
-                        c:method="urn:ietf:rfc:1510" />
-                </list>
-            </property>
-        </bean>
-        
-        <bean id="authn/External" parent="shibboleth.AuthenticationFlow"
-            p:nonBrowserSupported="false" />
-
-        <bean id="authn/RemoteUser" parent="shibboleth.AuthenticationFlow"
-            p:nonBrowserSupported="false" />
-
-        <bean id="authn/RemoteUserInternal" parent="shibboleth.AuthenticationFlow" />
-
-        <bean id="authn/X509" parent="shibboleth.AuthenticationFlow"
-                p:nonBrowserSupported="false">
-            <property name="supportedPrincipals">
-                <list>
-                    <bean parent="shibboleth.SAML2AuthnContextClassRef"
-                        c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:X509" />
-                    <bean parent="shibboleth.SAML2AuthnContextClassRef"
-                        c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient" />
-                    <bean parent="shibboleth.SAML1AuthenticationMethod"
-                        c:method="urn:ietf:rfc:2246" />
-                </list>
-            </property>
-        </bean>
-
-        <bean id="authn/X509Internal" parent="shibboleth.AuthenticationFlow">
-            <property name="supportedPrincipals">
-                <list>
-                    <bean parent="shibboleth.SAML2AuthnContextClassRef"
-                        c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:X509" />
-                    <bean parent="shibboleth.SAML2AuthnContextClassRef"
-                        c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient" />
-                    <bean parent="shibboleth.SAML1AuthenticationMethod"
-                        c:method="urn:ietf:rfc:2246" />
-                </list>
-            </property>
-        </bean>
-
-        <bean id="authn/Password" parent="shibboleth.AuthenticationFlow"
-                p:passiveAuthenticationSupported="true"
-                p:forcedAuthenticationSupported="true" />
-
-    </util:list>
-
-    <!--
-    This is a map used to "weight" particular methods above others if the IdP has to randomly select one
-    to insert into a SAML authentication statement. The typical use shown below is to bias the IdP in favor
-    of expressing the SAML 2 PasswordProtectedTransport class over the more vanilla Password class on the
-    assumption that the IdP doesn't accept passwords via an insecure channel. This map never causes the IdP
-    to violate its matching rules if an RP requests a particular value; it only matters when nothing specific
-    is chosen. Anything not in the map has a weight of zero.
-    -->
-    
-    <util:map id="shibboleth.AuthenticationPrincipalWeightMap">
-        <entry>
-            <key>
-                <bean parent="shibboleth.SAML2AuthnContextClassRef"
-                    c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />
-            </key>
-            <value>1</value>
-        </entry>
-    </util:map>
-
-</beans>
diff --git a/conf/authn/ipaddress-authn-config.xml b/conf/authn/ipaddress-authn-config.xml
deleted file mode 100644
index a3ee096..0000000
--- a/conf/authn/ipaddress-authn-config.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-
-    <!-- Apply any regular expression replacement pairs to address before validation. -->
-    <util:list id="shibboleth.authn.IPAddress.Transforms" />
-
-    <!--
-    Configure the address range(s) and principal name(s) for IP-based login here.
-    The ranges provided MUST be CIDR network expressions. To specify a single address,
-    add "/32" or "/128" for IPv4 or IPv6 respectively.
-    -->
-
-
-    <util:map id="shibboleth.authn.IPAddress.Mappings">
-        <!--
-        <entry key="jdoe">
-            <list>
-                <value>127.0.0.1/32</value>
-                <value>::1/128</value>
-            </list>
-        </entry>
-        -->
-    </util:map>
-
-</beans>
diff --git a/conf/authn/jaas-authn-config.xml b/conf/authn/jaas-authn-config.xml
deleted file mode 100644
index daef4d2..0000000
--- a/conf/authn/jaas-authn-config.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-    
-    <!-- Specify your JAAS config. -->
-    <bean id="JAASConfig" class="org.springframework.core.io.FileSystemResource" c:path="%{idp.home}/conf/authn/jaas.config" />
-    
-    <util:property-path id="shibboleth.authn.JAAS.JAASConfigURI" path="JAASConfig.URI" />
-    
-    <!-- Specify the application name(s) in the JAAS config. -->
-    <util:list id="shibboleth.authn.JAAS.LoginConfigNames">
-        <value>ShibUserPassAuth</value>
-    </util:list>
-
-    <alias name="ValidateUsernamePasswordAgainstJAAS" alias="ValidateUsernamePassword"/>
-
-</beans>
diff --git a/conf/authn/jaas.config b/conf/authn/jaas.config
deleted file mode 100644
index 232e93d..0000000
--- a/conf/authn/jaas.config
+++ /dev/null
@@ -1,11 +0,0 @@
-ShibUserPassAuth {
-    /*
-	com.sun.security.auth.module.Krb5LoginModule required;
-	*/
-
-    org.ldaptive.jaas.LdapLoginModule required
-      ldapUrl="ldap://localhost:10389"
-      baseDn="ou=people,dc=example,dc=org"
-      userFilter="uid={user}";
-
-};
\ No newline at end of file
diff --git a/conf/authn/krb5-authn-config.xml b/conf/authn/krb5-authn-config.xml
deleted file mode 100644
index f34bc58..0000000
--- a/conf/authn/krb5-authn-config.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-    
-    <util:constant id="shibboleth.authn.Krb5.RefreshConfig" static-field="java.lang.Boolean.FALSE" />
-
-    <util:constant id="shibboleth.authn.Krb5.PreserveTicket" static-field="java.lang.Boolean.FALSE" />
-
-    <bean id="shibboleth.authn.Krb5.ServicePrincipal" class="java.lang.String" c:_0="HTTP/idp.testbed.tier.internet2.edu@TESTBED.TIER.INTERNET2.EDU" />
-    <bean id="shibboleth.authn.Krb5.Keytab" class="java.lang.String" c:_0="/opt/shibboleth-idp/credentials/http.keytab" />
-    
-    <alias name="ValidateUsernamePasswordAgainstKerberos" alias="ValidateUsernamePassword"/>
-
-</beans>
diff --git a/conf/authn/krb5-authn-config.xml.dist b/conf/authn/krb5-authn-config.xml.dist
deleted file mode 100644
index d3590a2..0000000
--- a/conf/authn/krb5-authn-config.xml.dist
+++ /dev/null
@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-    
-    <util:constant id="shibboleth.authn.Krb5.RefreshConfig" static-field="java.lang.Boolean.FALSE" />
-
-    <util:constant id="shibboleth.authn.Krb5.PreserveTicket" static-field="java.lang.Boolean.FALSE" />
-
-    <!--
-    Uncomment these beans to perform KDC verification using a service principal and keytab.
-    The keytab bean must be an absolute file pathname and not a reference to a classpath resource,
-    so if idp.home is not a path, don't use it in the value.
-    -->
-    <!--
-    <bean id="shibboleth.authn.Krb5.ServicePrincipal" class="java.lang.String" c:_0="SERVICE/principal" />
-    <bean id="shibboleth.authn.Krb5.Keytab" class="java.lang.String" c:_0="%{idp.home}/credentials/keytab" />
-    -->
-    
-    <alias name="ValidateUsernamePasswordAgainstKerberos" alias="ValidateUsernamePassword"/>
-
-</beans>
diff --git a/conf/authn/ldap-authn-config.xml b/conf/authn/ldap-authn-config.xml
deleted file mode 100644
index 5626629..0000000
--- a/conf/authn/ldap-authn-config.xml
+++ /dev/null
@@ -1,130 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util" xmlns:p="http://www.springframework.org/schema/p" xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
-       default-init-method="initialize"
-       default-destroy-method="destroy"
-       default-lazy-init="true">
-
-    <alias name="%{idp.authn.LDAP.authenticator:anonSearchAuthenticator}" alias="shibboleth.authn.LDAP.authenticator" />
-    <bean id="shibboleth.authn.LDAP.returnAttributes" parent="shibboleth.CommaDelimStringArray">
-        <constructor-arg type="java.lang.String" value="%{idp.authn.LDAP.returnAttributes:1.1}" />
-    </bean>
-
-    <alias name="ValidateUsernamePasswordAgainstLDAP" alias="ValidateUsernamePassword" />
-
-    <!-- Connection Configuration -->
-    <bean id="connectionConfig" class="org.ldaptive.ConnectionConfig" abstract="true" p:ldapUrl="%{idp.authn.LDAP.ldapURL}"
-        p:useStartTLS="%{idp.authn.LDAP.useStartTLS:true}"
-        p:useSSL="%{idp.authn.LDAP.useSSL:false}"
-        p:connectTimeout="%{idp.authn.LDAP.connectTimeout:3000}"
-        p:sslConfig-ref="sslConfig" />
-
-    <alias name="%{idp.authn.LDAP.sslConfig:certificateTrust}" alias="sslConfig" />
-
-    <bean id="jvmTrust" class="org.ldaptive.ssl.SslConfig" />
-    <bean id="certificateTrust" class="org.ldaptive.ssl.SslConfig">
-        <property name="credentialConfig">
-            <bean parent="shibboleth.X509ResourceCredentialConfig" p:trustCertificates="%{idp.authn.LDAP.trustCertificates:undefined}" /> 
-        </property>
-    </bean>
-    <bean id="keyStoreTrust" class="org.ldaptive.ssl.SslConfig">
-        <property name="credentialConfig">
-            <bean parent="shibboleth.KeystoreResourceCredentialConfig" p:truststore="%{idp.authn.LDAP.trustStore:undefined}" /> 
-        </property>
-    </bean>
-
-    <!-- Authentication handler -->
-    <bean id="authHandler" class="org.ldaptive.auth.PooledBindAuthenticationHandler" p:connectionFactory-ref="bindPooledConnectionFactory" />
-    <bean id="bindPooledConnectionFactory" class="org.ldaptive.pool.PooledConnectionFactory" p:connectionPool-ref="bindConnectionPool" />
-    <bean id="bindConnectionPool" class="org.ldaptive.pool.BlockingConnectionPool" parent="connectionPool"
-        p:connectionFactory-ref="bindConnectionFactory" p:name="bind-pool" />
-    <bean id="bindConnectionFactory" class="org.ldaptive.DefaultConnectionFactory" p:connectionConfig-ref="bindConnectionConfig" />
-    <bean id="bindConnectionConfig" parent="connectionConfig" />
-
-    <!-- Format DN resolution -->
-    <bean id="formatDnResolver" class="org.ldaptive.auth.FormatDnResolver" p:format="%{idp.authn.LDAP.dnFormat:undefined}" />
-
-    <!-- Pool Configuration -->
-    <bean id="connectionPool" class="org.ldaptive.pool.BlockingConnectionPool" abstract="true"
-        p:blockWaitTime="%{idp.pool.LDAP.blockWaitTime:3000}"
-        p:poolConfig-ref="poolConfig"
-        p:pruneStrategy-ref="pruneStrategy"
-        p:validator-ref="searchValidator"
-        p:failFastInitialize="%{idp.pool.LDAP.failFastInitialize:false}" />
-    <bean id="poolConfig" class="org.ldaptive.pool.PoolConfig"
-        p:minPoolSize="%{idp.pool.LDAP.minSize:3}"
-        p:maxPoolSize="%{idp.pool.LDAP.maxSize:10}"
-        p:validateOnCheckOut="%{idp.pool.LDAP.validateOnCheckout:false}"
-        p:validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
-        p:validatePeriod="%{idp.pool.LDAP.validatePeriod:300}" />
-    <bean id="pruneStrategy" class="org.ldaptive.pool.IdlePruneStrategy"
-        p:prunePeriod="%{idp.pool.LDAP.prunePeriod:300}"
-        p:idleTime="%{idp.pool.LDAP.idleTime:600}" />
-    <bean id="searchValidator" class="org.ldaptive.pool.SearchValidator" />
-
-    <!-- Anonymous Search Configuration -->
-    <bean name="anonSearchAuthenticator" class="org.ldaptive.auth.Authenticator" p:resolveEntryOnFailure="%{idp.authn.LDAP.resolveEntryOnFailure:false}">
-        <constructor-arg index="0" ref="anonSearchDnResolver" />
-        <constructor-arg index="1" ref="authHandler" />
-    </bean>
-    <bean id="anonSearchDnResolver" class="org.ldaptive.auth.PooledSearchDnResolver"
-        p:baseDn="#{'%{idp.authn.LDAP.baseDN:undefined}'.trim()}"
-        p:subtreeSearch="%{idp.authn.LDAP.subtreeSearch:false}"
-        p:userFilter="#{'%{idp.authn.LDAP.userFilter:undefined}'.trim()}"
-        p:connectionFactory-ref="anonSearchPooledConnectionFactory" />
-    <bean id="anonSearchPooledConnectionFactory" class="org.ldaptive.pool.PooledConnectionFactory"
-        p:connectionPool-ref="anonSearchConnectionPool" />
-    <bean id="anonSearchConnectionPool" class="org.ldaptive.pool.BlockingConnectionPool" parent="connectionPool"
-        p:connectionFactory-ref="anonSearchConnectionFactory" p:name="search-pool" />
-    <bean id="anonSearchConnectionFactory" class="org.ldaptive.DefaultConnectionFactory" p:connectionConfig-ref="anonSearchConnectionConfig" />
-    <bean id="anonSearchConnectionConfig" parent="connectionConfig" />
-
-    <!-- Bind Search Configuration -->
-    <bean name="bindSearchAuthenticator" class="org.ldaptive.auth.Authenticator" p:resolveEntryOnFailure="%{idp.authn.LDAP.resolveEntryOnFailure:false}">
-        <constructor-arg index="0" ref="bindSearchDnResolver" />
-        <constructor-arg index="1" ref="authHandler" />
-    </bean>
-    <bean id="bindSearchDnResolver" class="org.ldaptive.auth.PooledSearchDnResolver"
-        p:baseDn="#{'%{idp.authn.LDAP.baseDN:undefined}'.trim()}"
-        p:subtreeSearch="%{idp.authn.LDAP.subtreeSearch:false}"
-        p:userFilter="#{'%{idp.authn.LDAP.userFilter:undefined}'.trim()}"
-        p:connectionFactory-ref="bindSearchPooledConnectionFactory" />
-    <bean id="bindSearchPooledConnectionFactory" class="org.ldaptive.pool.PooledConnectionFactory"
-        p:connectionPool-ref="bindSearchConnectionPool" />
-    <bean id="bindSearchConnectionPool" class="org.ldaptive.pool.BlockingConnectionPool" parent="connectionPool"
-        p:connectionFactory-ref="bindSearchConnectionFactory" p:name="search-pool" />
-    <bean id="bindSearchConnectionFactory" class="org.ldaptive.DefaultConnectionFactory" p:connectionConfig-ref="bindSearchConnectionConfig" />
-    <bean id="bindSearchConnectionConfig" parent="connectionConfig" p:connectionInitializer-ref="bindConnectionInitializer" />
-    <bean id="bindConnectionInitializer" class="org.ldaptive.BindConnectionInitializer"
-            p:bindDn="#{'%{idp.authn.LDAP.bindDN:undefined}'.trim()}">
-        <property name="bindCredential">
-            <bean class="org.ldaptive.Credential">
-                <constructor-arg value="%{idp.authn.LDAP.bindDNCredential:undefined}" />
-            </bean>
-        </property>
-    </bean>
-
-    <!-- Direct Search Configuration -->
-    <bean name="directAuthenticator" class="org.ldaptive.auth.Authenticator" p:resolveEntryOnFailure="%{idp.authn.LDAP.resolveEntryOnFailure:false}">
-        <constructor-arg index="0" ref="formatDnResolver" />
-        <constructor-arg index="1" ref="authHandler" />
-    </bean>
-
-    <!-- Want to use ppolicy? Configure support by adding <bean id="authenticationResponseHandler" class="org.ldaptive.auth.ext.PasswordPolicyAuthenticationResponseHandler" 
-        /> add p:authenticationResponseHandlers-ref="authenticationResponseHandler" to the authenticator <bean id="authenticationControl" 
-        class="org.ldaptive.control.PasswordPolicyControl" /> add p:authenticationControls-ref="authenticationControl" to the authHandler -->
-
-    <!-- Active Directory Configuration -->
-    <bean id="adAuthenticator" class="org.ldaptive.auth.Authenticator" p:authenticationResponseHandlers-ref="authenticationResponseHandler"
-        p:resolveEntryOnFailure="%{idp.authn.LDAP.resolveEntryOnFailure:false}">
-        <constructor-arg index="0" ref="formatDnResolver" />
-        <constructor-arg index="1" ref="authHandler" />
-    </bean>
-    <bean id="authenticationResponseHandler" class="org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler" />
-
-</beans>
diff --git a/conf/authn/password-authn-config.xml b/conf/authn/password-authn-config.xml
deleted file mode 100644
index 5c02196..0000000
--- a/conf/authn/password-authn-config.xml
+++ /dev/null
@@ -1,109 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-    
-    <!-- Choose an import based on the back-end you want to use. -->
-    <!-- <import resource="jaas-authn-config.xml" /> -->
-    <import resource="krb5-authn-config.xml" /> 
-    <!--<import resource="ldap-authn-config.xml" /> -->
-    
-    
-    <!-- Names of form fields to pull username and password from. -->
-    <bean id="shibboleth.authn.Password.UsernameFieldName" class="java.lang.String" c:_0="j_username" />
-    <bean id="shibboleth.authn.Password.PasswordFieldName" class="java.lang.String" c:_0="j_password" />
-    <bean id="shibboleth.authn.Password.SSOBypassFieldName" class="java.lang.String" c:_0="donotcache" />
-
-    <!-- Simple transforms to apply to username before validation. -->
-    <util:constant id="shibboleth.authn.Password.Lowercase" static-field="java.lang.Boolean.FALSE"/>
-    <util:constant id="shibboleth.authn.Password.Uppercase" static-field="java.lang.Boolean.FALSE"/>
-    <util:constant id="shibboleth.authn.Password.Trim" static-field="java.lang.Boolean.TRUE"/>
-
-    <!-- Set to TRUE if you want the password kept in the resulting Subject as a private credential. -->
-    <util:constant id="shibboleth.authn.Password.RetainAsPrivateCredential" static-field="java.lang.Boolean.FALSE"/>
-
-    <!-- Apply any regular expression replacement pairs before validation. -->
-    <util:list id="shibboleth.authn.Password.Transforms">
-        <!--
-        <bean parent="shibboleth.Pair" p:first="^(.+)@example\.edu$" p:second="$1" />
-        -->
-    </util:list>
-
-    <!--
-    Define entries here to map error messages detected by validation actions and classify them as particular
-    kinds of errors for use in your templates and as events in flows.
-
-    Keys are events to signal, values are error codes.
-    -->
-    <util:map id="shibboleth.authn.Password.ClassifiedMessageMap">
-        <entry key="UnknownUsername">
-            <list>
-                <value>NoCredentials</value>
-                <value>CLIENT_NOT_FOUND</value>
-                <value>Client not found</value>
-                <value>DN_RESOLUTION_FAILURE</value>
-            </list>
-        </entry>
-        <entry key="InvalidPassword">
-            <list>
-                <value>InvalidCredentials</value>
-                <value>PREAUTH_FAILED</value>
-                <value>INVALID_CREDENTIALS</value>
-            </list>
-        </entry>
-        <entry key="AccountLocked">
-            <list>
-                <value>Clients credentials have been revoked</value>
-            </list>
-        </entry>
-        <entry key="ExpiredPassword">
-            <list>
-                <value>PASSWORD_EXPIRED</value>
-            </list>
-        </entry>
-        <entry key="ExpiringPassword">
-            <list>
-                <value>ACCOUNT_WARNING</value>
-            </list>
-        </entry>
-    </util:map>
-
-    <!--
-    Configuration of "extended" login methods to offer in the password login form.
-    
-    The String bean is a regular expression identifying the flows to offer. These flows
-    must also be enabled at the "top" level to be available for use.
-    
-    The ExtendedFlowParameters bean can be used to transfer custom parameters from the
-    login form into the context tree for use later by other flows.
-    
-    The last bean provides the set of custom Principals to use for results produced by the
-    Password flow itself. You would use this if you need the Password flow to run as a shell
-    to run the "extended" login methods, but want to limit its own results more narrowly.
-    -->
-    <!--
-    <bean id="shibboleth.authn.Password.ExtendedFlows" class="java.lang.String" c:_0="" />
-
-    <util:list id="shibboleth.authn.Password.ExtendedFlowParameters">
-    </util:list>
-
-    <util:list id="shibboleth.authn.Password.PrincipalOverride">
-        <bean parent="shibboleth.SAML2AuthnContextClassRef"
-            c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />
-        <bean parent="shibboleth.SAML2AuthnContextClassRef"
-            c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:Password" />
-        <bean parent="shibboleth.SAML1AuthenticationMethod"
-            c:method="urn:oasis:names:tc:SAML:1.0:am:password" />
-    </util:list>
-    -->
-    
-</beans>
diff --git a/conf/authn/password-authn-config.xml.dist b/conf/authn/password-authn-config.xml.dist
deleted file mode 100644
index be8b06f..0000000
--- a/conf/authn/password-authn-config.xml.dist
+++ /dev/null
@@ -1,109 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-    
-    <!-- Choose an import based on the back-end you want to use. -->
-    <!-- <import resource="jaas-authn-config.xml" /> -->
-    <!-- <import resource="krb5-authn-config.xml" /> -->
-    <import resource="ldap-authn-config.xml" />
-    
-    
-    <!-- Names of form fields to pull username and password from. -->
-    <bean id="shibboleth.authn.Password.UsernameFieldName" class="java.lang.String" c:_0="j_username" />
-    <bean id="shibboleth.authn.Password.PasswordFieldName" class="java.lang.String" c:_0="j_password" />
-    <bean id="shibboleth.authn.Password.SSOBypassFieldName" class="java.lang.String" c:_0="donotcache" />
-
-    <!-- Simple transforms to apply to username before validation. -->
-    <util:constant id="shibboleth.authn.Password.Lowercase" static-field="java.lang.Boolean.FALSE"/>
-    <util:constant id="shibboleth.authn.Password.Uppercase" static-field="java.lang.Boolean.FALSE"/>
-    <util:constant id="shibboleth.authn.Password.Trim" static-field="java.lang.Boolean.TRUE"/>
-
-    <!-- Set to TRUE if you want the password kept in the resulting Subject as a private credential. -->
-    <util:constant id="shibboleth.authn.Password.RetainAsPrivateCredential" static-field="java.lang.Boolean.FALSE"/>
-
-    <!-- Apply any regular expression replacement pairs before validation. -->
-    <util:list id="shibboleth.authn.Password.Transforms">
-        <!--
-        <bean parent="shibboleth.Pair" p:first="^(.+)@example\.edu$" p:second="$1" />
-        -->
-    </util:list>
-
-    <!--
-    Define entries here to map error messages detected by validation actions and classify them as particular
-    kinds of errors for use in your templates and as events in flows.
-
-    Keys are events to signal, values are error codes.
-    -->
-    <util:map id="shibboleth.authn.Password.ClassifiedMessageMap">
-        <entry key="UnknownUsername">
-            <list>
-                <value>NoCredentials</value>
-                <value>CLIENT_NOT_FOUND</value>
-                <value>Client not found</value>
-                <value>DN_RESOLUTION_FAILURE</value>
-            </list>
-        </entry>
-        <entry key="InvalidPassword">
-            <list>
-                <value>InvalidCredentials</value>
-                <value>PREAUTH_FAILED</value>
-                <value>INVALID_CREDENTIALS</value>
-            </list>
-        </entry>
-        <entry key="AccountLocked">
-            <list>
-                <value>Clients credentials have been revoked</value>
-            </list>
-        </entry>
-        <entry key="ExpiredPassword">
-            <list>
-                <value>PASSWORD_EXPIRED</value>
-            </list>
-        </entry>
-        <entry key="ExpiringPassword">
-            <list>
-                <value>ACCOUNT_WARNING</value>
-            </list>
-        </entry>
-    </util:map>
-
-    <!--
-    Configuration of "extended" login methods to offer in the password login form.
-    
-    The String bean is a regular expression identifying the flows to offer. These flows
-    must also be enabled at the "top" level to be available for use.
-    
-    The ExtendedFlowParameters bean can be used to transfer custom parameters from the
-    login form into the context tree for use later by other flows.
-    
-    The last bean provides the set of custom Principals to use for results produced by the
-    Password flow itself. You would use this if you need the Password flow to run as a shell
-    to run the "extended" login methods, but want to limit its own results more narrowly.
-    -->
-    <!--
-    <bean id="shibboleth.authn.Password.ExtendedFlows" class="java.lang.String" c:_0="" />
-
-    <util:list id="shibboleth.authn.Password.ExtendedFlowParameters">
-    </util:list>
-
-    <util:list id="shibboleth.authn.Password.PrincipalOverride">
-        <bean parent="shibboleth.SAML2AuthnContextClassRef"
-            c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />
-        <bean parent="shibboleth.SAML2AuthnContextClassRef"
-            c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:Password" />
-        <bean parent="shibboleth.SAML1AuthenticationMethod"
-            c:method="urn:oasis:names:tc:SAML:1.0:am:password" />
-    </util:list>
-    -->
-    
-</beans>
diff --git a/conf/authn/remoteuser-authn-config.xml b/conf/authn/remoteuser-authn-config.xml
deleted file mode 100644
index b5a923f..0000000
--- a/conf/authn/remoteuser-authn-config.xml
+++ /dev/null
@@ -1,67 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!-- Servlet context-relative path to wherever your implementation lives. -->
-    <bean id="shibboleth.authn.RemoteUser.externalAuthnPath" class="java.lang.String"
-        c:_0="contextRelative:Authn/RemoteUser" />
-
-    <!-- Populate RP UI info from metadata? -->
-    <util:constant id="shibboleth.authn.RemoteUser.populateUIInfo" static-field="java.lang.Boolean.FALSE" />
-
-    <!--
-    Add authentication flow descriptor's supportedPrincipals collection to the resulting Subject?
-    You would normally only unset this if you plan to use the authnMethodHeader servlet parameter to
-    supply authentication method string(s) from the external authentication system.
-    -->
-    <util:constant id="shibboleth.authn.RemoteUser.addDefaultPrincipals" static-field="java.lang.Boolean.TRUE" />
-
-    <!--
-    Define entries here to map error messages returned by external modules and classify them as particular
-    kinds of errors for use in your templates and as events in flows.
-
-    Keys are events to signal, values are error codes.
-
-    The examples here just allow external signaling of an exact condition.
-    
-    If you want to "fall-through" to other login flows, include a mapping to "ReselectFlow".
-    -->
-    <util:map id="shibboleth.authn.RemoteUser.ClassifiedMessageMap">
-        <entry key="ReselectFlow">
-            <list>
-                <value>NoCredentials</value>
-            </list>
-        </entry>
-        <entry key="UnknownUsername">
-            <list>
-                <value>UnknownUsername</value>
-            </list>
-        </entry>
-        <entry key="InvalidPassword">
-            <list>
-                <value>InvalidPassword</value>
-            </list>
-        </entry>
-        <entry key="ExpiredPassword">
-            <list>
-                <value>ExpiredPassword</value>
-            </list>
-        </entry>
-        <entry key="ExpiringPassword">
-            <list>
-                <value>ExpiringPassword</value>
-            </list>
-        </entry>
-    </util:map>
-    
-</beans>
diff --git a/conf/authn/remoteuser-internal-authn-config.xml b/conf/authn/remoteuser-internal-authn-config.xml
deleted file mode 100644
index 9e68c85..0000000
--- a/conf/authn/remoteuser-internal-authn-config.xml
+++ /dev/null
@@ -1,63 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!-- Check getRemoteUser() for identity (the typical case). -->
-    <util:constant id="shibboleth.authn.RemoteUser.checkRemoteUser" static-field="java.lang.Boolean.TRUE"/>
-
-    <!-- Populate one or both of the lists below to define HTTP headers or Servlet Attributes to check. -->
-    
-    <util:list id="shibboleth.authn.RemoteUser.checkHeaders">
-        <!--
-        <value>User-Identity</value>
-        -->
-    </util:list>
-
-    <util:list id="shibboleth.authn.RemoteUser.checkAttributes">
-        <!--
-        <value>User-Identity</value>
-        -->
-    </util:list>
-    
-    <!-- Simple transforms to apply to username before validation. -->
-    <util:constant id="shibboleth.authn.RemoteUser.Lowercase" static-field="java.lang.Boolean.FALSE"/>
-    <util:constant id="shibboleth.authn.RemoteUser.Uppercase" static-field="java.lang.Boolean.FALSE"/>
-    <util:constant id="shibboleth.authn.RemoteUser.Trim" static-field="java.lang.Boolean.TRUE"/>
-
-    <!-- Apply any regular expression replacement pairs before validation. -->
-    <util:list id="shibboleth.authn.RemoteUser.Transforms">
-        <!--
-        <bean parent="shibboleth.Pair" p:first="^(.+)@example\.edu$" p:second="$1" />
-        -->
-    </util:list>
-    
-    <!-- Uncomment/configure to install username whitelist, blacklist, and/or match expressions. -->
-    
-    <util:list id="shibboleth.authn.RemoteUser.whitelistedUsernames">
-        <!--
-        <value>goodguy</value>
-        -->
-    </util:list>
-
-    <util:list id="shibboleth.authn.RemoteUser.blacklistedUsernames">
-        <!--
-        <value>badguy</value>
-        -->
-    </util:list>
-    
-    <!--
-    <bean id="shibboleth.authn.RemoteUser.matchExpression" class="java.util.regex.Pattern" factory-method="compile"
-        c:_0="^(.+)@example\.edu]$" />
-    -->
-    
-</beans>
diff --git a/conf/authn/spnego-authn-config.xml b/conf/authn/spnego-authn-config.xml
deleted file mode 100644
index 404d7e9..0000000
--- a/conf/authn/spnego-authn-config.xml
+++ /dev/null
@@ -1,69 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!--  General Configuration -->
-
-    <!--
-    Enforce running SPNEGO for all users, independent of user's autologin state.
-    TRUE means that SPNEGO login is always tried (if available).
-    FALSE means that SPNEGO login is run only if the user has enabled autologin.
-    -->
-    <util:constant id="shibboleth.authn.SPNEGO.EnforceRun" static-field="java.lang.Boolean.FALSE" />
-   
-    <!-- Kerberos Configuration-->
-
-    <!-- General Kerberos Settings -->
-    
-    <util:constant id="shibboleth.authn.SPNEGO.Krb5.RefreshConfig" static-field="java.lang.Boolean.FALSE" />
-
-    <!--  Kerberos Service Principal(s) -->
-    
-    <!--
-    For each service principal/realm, a "RealmSettings" bean must be created.
-    For each "RealmSettings" bean, the following settings are supported:
-      p:servicePrincipal: - kerberos service principal (required)
-      p:keytab:           - path to the keytab file containing the kerberos service principal's credentials
-                            (optional; either "p:keytab" or "p:password" is required)
-      p:password:         - kerberos service principal's password
-                            (optional; either "p:keytab" or "p:password" is required)
-    -->
-    <util:list id="shibboleth.authn.SPNEGO.Krb5.Realms">
-
-        <bean parent="shibboleth.KerberosRealmSettings"
-            p:servicePrincipal="HTTP/aai-logon.domain_a.com@DOMAIN_A.COM"
-            p:keytab="%{idp.home}/credentials/http_domainA.keytab" />
-
-    </util:list>
-
-    <!--
-    Define entries here to map events or error messages returned by the SPNEGO module
-    and classify them as particular kinds of errors for use in your templates and as
-    events in flows.
-
-    Keys are events to signal, values are error codes.
-    -->
-    <util:map id="shibboleth.authn.SPNEGO.ClassifiedMessageMap">
-        <entry key="SPNEGONotAvailable">
-            <list>
-                <value>SPNEGONotAvailable</value>
-            </list>
-        </entry>
-        <entry key="NTLMUnsupported">
-            <list>
-                <value>NTLMUnsupported</value>
-            </list>
-        </entry>
-    </util:map>
- 
-</beans>
diff --git a/conf/authn/x509-authn-config.xml b/conf/authn/x509-authn-config.xml
deleted file mode 100644
index 0e54f45..0000000
--- a/conf/authn/x509-authn-config.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!-- Servlet context-relative path to wherever your implementation lives. -->
-    <bean id="shibboleth.authn.X509.externalAuthnPath" class="java.lang.String"
-        c:_0="contextRelative:x509-prompt.jsp" />
-
-    <!-- Populate RP UI info from metadata? -->
-    <util:constant id="shibboleth.authn.X509.populateUIInfo" static-field="java.lang.Boolean.TRUE" />
-
-    <!--
-    Define entries here to map error messages returned by external modules and classify them as particular
-    kinds of errors for use in your templates and as events in flows.
-
-    Keys are events to signal, values are error codes.
-    
-    The examples here just allow external signaling of an exact condition.
-    
-    If you want to "fall-through" to other login flows, include a mapping to "ReselectFlow".
-    -->
-    <util:map id="shibboleth.authn.X509.ClassifiedMessageMap">
-        <entry key="ReselectFlow">
-            <list>
-                <value>NoCredentials</value>
-                <value>InvalidCredentials</value>
-            </list>
-        </entry>
-    </util:map>
-    
-</beans>
diff --git a/conf/authn/x509-internal-authn-config.xml b/conf/authn/x509-internal-authn-config.xml
deleted file mode 100644
index bad3029..0000000
--- a/conf/authn/x509-internal-authn-config.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!--
-    You can define a TrustEngine to apply to any candidate certificates by defining a bean named
-    "shibboleth.authn.X509.TrustEngine". You could also define that in conf/global.xml if you need
-    to share one between the internal and external versions of this flow.
-    -->
-    
-</beans>
diff --git a/conf/c14n/attribute-sourced-subject-c14n-config.xml b/conf/c14n/attribute-sourced-subject-c14n-config.xml
deleted file mode 100644
index 938b30f..0000000
--- a/conf/c14n/attribute-sourced-subject-c14n-config.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!--
-    A list of attributes to resolve for normalizing the subject. For example, you might
-    intend to lookup a uid in a directory based on what the user entered. You can make this
-    an empty list if you just want to resolve everything you normally would.
-    -->
-    <util:list id="shibboleth.c14n.attribute.AttributesToResolve">
-        <value>altuid</value>
-    </util:list>
-    
-    <!--
-    A list of attributes to search for a value to produce as the normalized subject name.
-    This will normally be something you resolve above.
-    -->
-    <util:list id="shibboleth.c14n.attribute.AttributeSourceIds">
-        <value>altuid</value>
-    </util:list>
-
-    <!-- Simple transforms to apply to attribute value used for canonicalization result. -->
-    <util:constant id="shibboleth.c14n.attribute.Lowercase" static-field="java.lang.Boolean.FALSE"/>
-    <util:constant id="shibboleth.c14n.attribute.Uppercase" static-field="java.lang.Boolean.FALSE"/>
-    <util:constant id="shibboleth.c14n.attribute.Trim" static-field="java.lang.Boolean.TRUE"/>
-
-    <!-- Apply any regular expression replacement pairs. -->
-    <util:list id="shibboleth.c14n.attribute.Transforms">
-        <!--
-        <bean parent="shibboleth.Pair" p:first="^(.+)@example\.edu$" p:second="$1" />
-        -->
-    </util:list>
-        
-</beans>
diff --git a/conf/c14n/simple-subject-c14n-config.xml b/conf/c14n/simple-subject-c14n-config.xml
deleted file mode 100644
index 3cddfa6..0000000
--- a/conf/c14n/simple-subject-c14n-config.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!-- Simple transforms to apply to username after authentication. -->
-    <util:constant id="shibboleth.c14n.simple.Lowercase" static-field="java.lang.Boolean.FALSE"/>
-    <util:constant id="shibboleth.c14n.simple.Uppercase" static-field="java.lang.Boolean.FALSE"/>
-    <util:constant id="shibboleth.c14n.simple.Trim" static-field="java.lang.Boolean.TRUE"/>
-
-    <!-- Apply any regular expression replacement pairs after authentication. -->
-    <util:list id="shibboleth.c14n.simple.Transforms">
-        <!--
-        <bean parent="shibboleth.Pair" p:first="^(.+)@example\.edu$" p:second="$1" />
-        -->
-    </util:list>
-        
-</beans>
diff --git a/conf/c14n/subject-c14n-events-flow.xml b/conf/c14n/subject-c14n-events-flow.xml
deleted file mode 100644
index d7458cd..0000000
--- a/conf/c14n/subject-c14n-events-flow.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<flow xmlns="http://www.springframework.org/schema/webflow"
-      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow.xsd"
-      abstract="true">
-
-    <!-- ADVANCED USE ONLY -->
-    
-    <!--
-    You can ignore this file unless you are creating your own custom c14n subflows that want to
-    report custom events in response to unusual error or warning conditions.
-    -->
-
-    <!-- Custom error events to reflect back from user-supplied c14n subflows. -->
-    <!--
-    <end-state id="MyCustomEvent" />
-    -->
-
-</flow>
diff --git a/conf/c14n/subject-c14n.xml b/conf/c14n/subject-c14n.xml
deleted file mode 100644
index 16fc6f1..0000000
--- a/conf/c14n/subject-c14n.xml
+++ /dev/null
@@ -1,109 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-    
-    <!-- ========================= Java Subject -> Principal Mapping ========================= -->
-
-    <!--
-    These are lists of Subject Canonicalization flows that turn complex Subject data into a string-based
-    principal name that the rest of the IdP can operate on. They're used both after authentication and
-    during operations like SAML attribute queries, to map the SAML Subject into a principal name. 
-    Flows are identified with an ID that corresponds to a Spring Web Flow subflow name.
-    -->
-
-    <!-- Flows used after authentication to produce canonical principal name. -->
-    <util:list id="shibboleth.PostLoginSubjectCanonicalizationFlows">
-        <!--
-        This is an advanced post-login step that performs attribute resolution and then produces a username
-        from an attribute value. Most of this configuration is handled by attribute-sourced-c14n-config.xml.
-        To enable universally, just uncomment, but if you want it to run under more specific conditions,
-        set an activationCondition property to a condition function to use to control when it should run. 
-        -->
-        <!-- <bean id="c14n/attribute" parent="shibboleth.PostLoginSubjectCanonicalizationFlow" /> -->
-
-        <!--
-        This is an alternative that handles Subjects containing an X500Principal object and
-        allows extraction from the DN.
-        -->
-        <ref bean="c14n/x500" />
-
-        <!--
-        This is the standard post-login step that returns a username derived from the login process. If you
-        have more complex needs such as mapping a certificate DN into a principal name, an alternative may
-        be required such as that above, but you can configure simple transforms in simple-subject-c14n-config.xml
-        -->
-        <ref bean="c14n/simple" />
-    </util:list>
-    
-    <!--
-    Flows used during SAML requests to reverse-map NameIdentifiers/NameIDs. The actual beans defining these
-    flows are in a system file. Below the list are some settings that might be useful to adjust.
-    -->
-    <util:list id="shibboleth.SAMLSubjectCanonicalizationFlows">
-
-        <!--
-        This is installed to support the old mechanism of using PrincipalConnectors in the attribute resolver
-        to map SAML Subjects back into principals. If you don't use those (or this is a new install) you can
-        remove this.
-        -->
-        <ref bean="c14n/LegacyPrincipalConnector" />
-        
-        <!-- The next four are for handling transient IDs (in-storage and stateless variants). -->
-        <ref bean="c14n/SAML2Transient" />
-        <ref bean="c14n/SAML2CryptoTransient" />
-        <ref bean="c14n/SAML1Transient" /> 
-        <ref bean="c14n/SAML1CryptoTransient" /> 
-        
-        <!-- Handle a SAML 2 persistent ID, provided a stored strategy is in use. -->
-        <!-- <ref bean="c14n/SAML2Persistent" /> -->
-        
-        <!--
-        Finally we have beans for decoding arbitrary SAML formats directly. By default, these are turned off,
-        having *no* circumstances for which they apply (see shibboleth.TransformNamePredicate below).
-        -->
-        <ref bean="c14n/SAML2Transform" />
-        <ref bean="c14n/SAML1Transform" />
-    </util:list>
-    
-    <!-- What SAML NameID formats do you want to support direct transformations for? -->
-    <util:list id="shibboleth.NameTransformFormats">
-        <value>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</value>
-        <value>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</value>
-        <value>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</value>
-        <value>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</value>
-        <value>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</value>
-    </util:list>
-
-    <!--
-    Under what conditions should direct NameID mapping be allowed? By default, never.
-    Any condition can be used here; the example is suitable for enumerating a number of SPs to allow.
-    -->
-    <bean id="shibboleth.NameTransformPredicate" parent="shibboleth.Conditions.RelyingPartyId">
-        <constructor-arg>
-            <list>
-                <!-- <value>https://sp.example.org</value> -->
-            </list>
-        </constructor-arg>
-    </bean>
-    
-    <!--
-    Regular expression transforms to apply to incoming subject names. The default empty list just
-    echoes the name through unmodified.
-    -->
-    <util:list id="shibboleth.NameTransforms">
-        <!--
-        <bean parent="shibboleth.Pair" p:first="^(.+)@example\.edu$" p:second="$1" />
-        -->
-    </util:list>
-    
-</beans>
diff --git a/conf/c14n/x500-subject-c14n-config.xml b/conf/c14n/x500-subject-c14n-config.xml
deleted file mode 100644
index 1ae25e4..0000000
--- a/conf/c14n/x500-subject-c14n-config.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!-- First priority is given to any subjectAltNames specified (emailAddress is 1) -->
-    <util:list id="shibboleth.c14n.x500.SubjectAltNameTypes">
-        <!-- <value>1</value> -->
-    </util:list>
-
-    <!-- Second priority is a list of Certificate Subject RDN OIDs to look for. -->
-    <util:list id="shibboleth.c14n.x500.ObjectIDs">
-        <value>2.5.4.3</value>
-    </util:list>
-
-    <!-- Simple transforms to apply to username after authentication. -->
-    <util:constant id="shibboleth.c14n.x500.Lowercase" static-field="java.lang.Boolean.FALSE"/>
-    <util:constant id="shibboleth.c14n.x500.Uppercase" static-field="java.lang.Boolean.FALSE"/>
-    <util:constant id="shibboleth.c14n.x500.Trim" static-field="java.lang.Boolean.TRUE"/>
-
-    <!-- Apply any regular expression replacement pairs after authentication. -->
-    <util:list id="shibboleth.c14n.x500.Transforms">
-        <!--
-        <bean parent="shibboleth.Pair" p:first="^(.+)@example\.edu$" p:second="$1" />
-        -->
-    </util:list>
-        
-</beans>
diff --git a/conf/cas-protocol.xml b/conf/cas-protocol.xml
deleted file mode 100644
index 09a05ef..0000000
--- a/conf/cas-protocol.xml
+++ /dev/null
@@ -1,53 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!--
-       | The CAS service registry defines verified relying parties by endpoint URI.
-       | The default implementation treats the ID of each entry as a regular expression defining a logical group of
-       | services whose URIs match the expression.
-       |
-       | This bean is reloaded periodically according to %{idp.home}/conf/services.properties.
-       -->
-    <bean id="reloadableServiceRegistry"
-          class="%{idp.cas.serviceRegistryClass:net.shibboleth.idp.cas.service.PatternServiceRegistry}">
-        <property name="definitions">
-            <list>
-                <!--
-                <bean class="net.shibboleth.idp.cas.service.ServiceDefinition"
-                      c:regex="https://([A-Za-z0-9_-]+\.)*example\.org(:\d+)?/.*"
-                      p:group="proxying-services"
-                      p:authorizedToProxy="true"
-                      p:singleLogoutParticipant="true" />
-                <bean class="net.shibboleth.idp.cas.service.ServiceDefinition"
-                      c:regex="http://([A-Za-z0-9_-]+\.)*example\.org(:\d+)?/.*"
-                      p:group="non-proxying-services"
-                      p:authorizedToProxy="false" /
-                -->
-            </list>
-        </property>
-    </bean>
-
-    <!--
-       | Advanced CAS configuration.
-       |
-       | Override default CAS components by creating aliases to custom components where the alias
-       | is the same as the default component bean ID.
-       -->
-    <!--
-    <bean id="cas.CustomTicketService"
-          class="org.example.idp.cas.CustomTicketService" />
-    <alias name="cas.CustomTicketService" alias="cas.TicketService" />
-
-    <bean id="cas.CustomProxyAuthenticator"
-          class="org.example.idp.cas.CustomProxyAuthenticator" />
-    <alias name="cas.CustomProxyAuthenticator" alias="cas.ProxyAuthenticator" />
-    -->
-</beans>
\ No newline at end of file
diff --git a/conf/credentials.xml b/conf/credentials.xml
deleted file mode 100644
index 7462879..0000000
--- a/conf/credentials.xml
+++ /dev/null
@@ -1,65 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!--
-    NOTE: if you're using a legacy relying-party.xml file from a V2 configuration, this file is ignored.
-
-    This defines the signing and encryption key and certificate pairs referenced by your relying-party.xml
-    configuration. You don't normally need to touch this, unless you have advanced requirements such as
-    supporting multiple sets of keys for different relying parties, in which case you may want to define
-    all your credentials here for convenience.
-    -->
-
-    <!--
-    The list of ALL of your IdP's signing credentials. If you define additional signing credentials,
-    for example for specific relying parties or different key types, make sure to include them within this list.
-    -->
-    <util:list id="shibboleth.SigningCredentials">
-        <ref bean="shibboleth.DefaultSigningCredential" />
-    </util:list>
-    
-    <!-- Your IdP's default signing key, set via property file. -->
-    <bean id="shibboleth.DefaultSigningCredential"
-        class="net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean"
-        p:privateKeyResource="%{idp.signing.key}"
-        p:certificateResource="%{idp.signing.cert}"
-        p:entityId-ref="entityID" />
-        
-    <!--
-    The list of ALL of your IdP's encryption credentials. By default this is just an alias
-    for 'shibboleth.DefaultEncryptionCredentials'. It could be re-defined as
-    a list with additional credentials if needed.
-    -->
-    <alias alias="shibboleth.EncryptionCredentials" name="shibboleth.DefaultEncryptionCredentials" />
-        
-    <!-- Your IdP's default encryption (really decryption) keys, set via property file. -->
-    <util:list id="shibboleth.DefaultEncryptionCredentials">
-        <bean class="net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean"
-            p:privateKeyResource="%{idp.encryption.key}"
-            p:certificateResource="%{idp.encryption.cert}"
-            p:entityId-ref="entityID" />
-
-        <!--
-        For key rollover, uncomment and point to your original keypair, and use the one above
-        to point to your new keypair. Once metadata has propagated, comment this one out again.
-        -->
-        <!--
-        <bean class="net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean"
-            p:privateKeyResource="%{idp.encryption.key.2}"
-            p:certificateResource="%{idp.encryption.cert.2}"
-            p:entityId-ref="entityID" />
-        -->
-    </util:list>
-
-</beans>
diff --git a/conf/errors.xml b/conf/errors.xml
deleted file mode 100644
index 5de522f..0000000
--- a/conf/errors.xml
+++ /dev/null
@@ -1,120 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:context="http://www.springframework.org/schema/context"
-    xmlns:util="http://www.springframework.org/schema/util" xmlns:p="http://www.springframework.org/schema/p"
-    xmlns:c="http://www.springframework.org/schema/c" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
-    default-init-method="initialize"
-    default-destroy-method="destroy">
-
-    <bean id="shibboleth.DefaultErrorView" class="java.lang.String" c:_0="%{idp.errors.defaultView:error}" />
-
-    <!-- Map local events to alternate view templates. -->
-    <util:map id="shibboleth.EventViewMap">
-        <!-- <entry key="EventToChange" value="viewname" /> -->
-    </util:map>
-
-    <!--
-    Map of events to trap and handle with local views, without returning to SPs.
-    The map values are flags indicating whether to write an audit log record.
-    -->
-    <util:map id="shibboleth.LocalEventMap">
-        <entry key="ContextCheckDenied" value="true" />
-        <entry key="AttributeReleaseRejected" value="true" />
-        <entry key="TermsRejected" value="true" />
-        <entry key="RuntimeException" value="false" />
-        <!--
-        <entry key="IdentitySwitch" value="false" />
-        <entry key="NoPotentialFlow" value="false" />
-        -->
-    </util:map>
-    
-    <!-- Mappings of error events during requests to SAML status codes and SOAP fault codes. -->
-
-    <util:map id="shibboleth.SAML1StatusMappings">
-        <entry key="InvalidMessageVersion" value-ref="shibboleth.SAML1Status.VersionMismatch" />
-        
-        <entry key="UnableToDecode" value-ref="shibboleth.SAML1Status.Requester" />
-        
-        <entry key="UnableToEncode" value-ref="shibboleth.SAML1Status.Requester" />
-
-        <entry key="MessageReplay" value-ref="shibboleth.SAML1Status.Requester" />
-        <entry key="MessageExpired" value-ref="shibboleth.SAML1Status.Requester" />
-        <entry key="MessageAuthenticationError" value-ref="shibboleth.SAML1Status.Requester" />
-
-        <entry key="RequestUnsupported" value-ref="shibboleth.SAML1Status.Requester" />
-        
-        <entry key="NoPassive" value-ref="shibboleth.SAML1Status.Requester" />
-        <entry key="NoPotentialFlow" value-ref="shibboleth.SAML1Status.Requester" />
-        <entry key="NoCredentials" value-ref="shibboleth.SAML1Status.Requester" />
-        <entry key="InvalidCredentials" value-ref="shibboleth.SAML1Status.Requester" />
-        <entry key="AccountError" value-ref="shibboleth.SAML1Status.Requester" />
-        <entry key="IdentitySwitch" value-ref="shibboleth.SAML1Status.Requester" />
-        <entry key="AuthenticationException" value-ref="shibboleth.SAML1Status.Requester" />
-        
-        <entry key="InvalidSubject" value-ref="shibboleth.SAML1Status.Requester" />
-        <entry key="SubjectCanonicalizationError" value-ref="shibboleth.SAML1Status.Requester" />
-    </util:map>
-    
-    <util:map id="shibboleth.SAML2StatusMappings">
-        <entry key="InvalidMessageVersion" value-ref="shibboleth.SAML2Status.VersionMismatch" />
-        
-        <entry key="UnableToDecode" value-ref="shibboleth.SAML2Status.RequestUnsupported" />
-        
-        <entry key="UnableToEncode" value-ref="shibboleth.SAML2Status.UnsupportedBinding" />
-
-        <entry key="MessageReplay" value-ref="shibboleth.SAML2Status.RequestDenied" />
-        <entry key="MessageExpired" value-ref="shibboleth.SAML2Status.RequestDenied" />
-        <entry key="MessageAuthenticationError" value-ref="shibboleth.SAML2Status.RequestDenied" />
-        
-        <entry key="RequestUnsupported" value-ref="shibboleth.SAML2Status.NoAuthnContext" />
-        
-        <entry key="NoPassive" value-ref="shibboleth.SAML2Status.NoPassive" />
-        
-        <entry key="NoPotentialFlow" value-ref="shibboleth.SAML2Status.AuthnFailed" />
-        <entry key="NoCredentials" value-ref="shibboleth.SAML2Status.AuthnFailed" />
-        <entry key="InvalidCredentials" value-ref="shibboleth.SAML2Status.AuthnFailed" />
-        <entry key="AccountError" value-ref="shibboleth.SAML2Status.AuthnFailed" />
-        <entry key="IdentitySwitch" value-ref="shibboleth.SAML2Status.AuthnFailed" />
-        <entry key="AuthenticationException" value-ref="shibboleth.SAML2Status.AuthnFailed" />
-        
-        <entry key="InvalidSubject" value-ref="shibboleth.SAML2Status.UnknownPrincipal" />
-        <entry key="SubjectCanonicalizationError" value-ref="shibboleth.SAML2Status.UnknownPrincipal" />
-        <entry key="SessionNotFound" value-ref="shibboleth.SAML2Status.UnknownPrincipal" />
-        
-        <entry key="InvalidNameIDPolicy" value-ref="shibboleth.SAML2Status.InvalidNameIDPolicy" />
-        
-        <entry key="ChannelBindingsError" value-ref="shibboleth.SAML2Status.ChannelBindingsError" />
-    </util:map>
-
-    <util:map id="shibboleth.SOAPFaultCodeMappings">
-        <entry key="InvalidMessageVersion" value-ref="shibboleth.SOAP.VersionMismatch" />
-        
-        <entry key="UnableToDecode" value-ref="shibboleth.SOAP.Client" />
-
-        <entry key="MessageReplay" value-ref="shibboleth.SOAP.Client" />
-        <entry key="MessageExpired" value-ref="shibboleth.SOAP.Client" />
-        <entry key="MessageAuthenticationError" value-ref="shibboleth.SOAP.Client" />
-        
-        <entry key="RequestUnsupported" value-ref="shibboleth.SOAP.Client" />
-    
-        <entry key="NoPassive" value-ref="shibboleth.SOAP.Client" />
-        
-        <entry key="NoPotentialFlow" value-ref="shibboleth.SOAP.Client" />
-        <entry key="NoCredentials" value-ref="shibboleth.SOAP.Client" />
-        <entry key="InvalidCredentials" value-ref="shibboleth.SOAP.Client" />
-        <entry key="AccountError" value-ref="shibboleth.SOAP.Client" />
-        <entry key="AuthenticationException" value-ref="shibboleth.SOAP.Client" />
-
-        <entry key="InvalidSubject" value-ref="shibboleth.SOAP.Client" />
-        <entry key="SubjectCanonicalizationError" value-ref="shibboleth.SOAP.Client" />
-        
-        <entry key="InvalidNameIDPolicy" value-ref="shibboleth.SOAP.Client" />
-        
-        <entry key="ChannelBindingsError" value-ref="shibboleth.SOAP.Client" />
-    </util:map>
-    
-</beans>
diff --git a/conf/global.xml b/conf/global.xml
deleted file mode 100644
index 60562e3..0000000
--- a/conf/global.xml
+++ /dev/null
@@ -1,53 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!-- Use this file to define any custom beans needed globally. -->
-
-    <!--
-    Algorithm whitelists and blacklists that override or merge with library defaults. Normally you can leave
-    these empty or commented and use the system defaults, but you can override those defaults using these lists.
-    Each <value> element is an algorithm URI, or you can use <util:constant> elements in place of literal values.
-    -->
-    
-    <!--
-    <util:list id="shibboleth.SignatureWhitelist">
-    </util:list>
-
-    <util:list id="shibboleth.SignatureBlacklist">
-    </util:list>
-
-    <util:list id="shibboleth.EncryptionWhitelist">
-    </util:list>
-
-    <util:list id="shibboleth.EncryptionBlacklist">
-    </util:list>
-    -->
-
-    <!--
-    If you need to define and inject custom Java object(s) into the various views used throughout the
-    system (errors, login, logout, etc.), you can uncomment and define the bean below to be of any
-    type required. It will appear in the view scope as a variable named "custom".
-    
-    The example below defines the bean as a map, which allows you to inject multiple objects under
-    named keys to expand the feature to support multiple injected objects.
-    -->
-    
-    <!--
-    <util:map id="shibboleth.CustomViewContext">
-        <entry key="foo" value="bar"/>
-    </util:map>
-    -->
-    
-    
-</beans>
diff --git a/conf/idp.properties b/conf/idp.properties
deleted file mode 100644
index 5e2df04..0000000
--- a/conf/idp.properties
+++ /dev/null
@@ -1,194 +0,0 @@
-# Load any additional property resources from a comma-delimited list
-idp.additionalProperties= /conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties
-
-# Set the entityID of the IdP
-idp.entityID= https://idp.testbed.tier.internet2.edu/idp/shibboleth
-
-# Set the scope used in the attribute resolver for scoped attributes
-idp.scope= testbed.tier.internet2.edu
-
-# General cookie properties (maxAge only applies to persistent cookies)
-#idp.cookie.secure = false
-#idp.cookie.httpOnly = true
-#idp.cookie.domain =
-#idp.cookie.path =
-#idp.cookie.maxAge = 31536000
-
-# Set the location of user-supplied web flow definitions
-#idp.webflows = %{idp.home}/flows
-
-# Set the location of Velocity view templates
-#idp.views = %{idp.home}/views
-
-# Settings for internal AES encryption key
-#idp.sealer.storeType = JCEKS
-#idp.sealer.updateInterval = PT15M
-#idp.sealer.aliasBase = secret
-idp.sealer.storeResource= %{idp.home}/credentials/sealer.jks
-idp.sealer.versionResource= %{idp.home}/credentials/sealer.kver
-idp.sealer.storePassword= changeit
-idp.sealer.keyPassword= changeit
-
-# Settings for public/private signing and encryption key(s)
-# During decryption key rollover, point the ".2" properties at a second
-# keypair, uncomment in credentials.xml, then publish it in your metadata.
-idp.signing.key= %{idp.home}/credentials/idp-signing.key
-idp.signing.cert= %{idp.home}/credentials/idp-signing.crt
-idp.encryption.key= %{idp.home}/credentials/idp-encryption.key
-idp.encryption.cert= %{idp.home}/credentials/idp-encryption.crt
-#idp.encryption.key.2 = %{idp.home}/credentials/idp-encryption-old.key
-#idp.encryption.cert.2 = %{idp.home}/credentials/idp-encryption-old.crt
-
-# Sets the bean ID to use as a default security configuration set
-#idp.security.config = shibboleth.DefaultSecurityConfiguration
-
-# To default to SHA-1, set to shibboleth.SigningConfiguration.SHA1
-#idp.signing.config = shibboleth.SigningConfiguration.SHA256
-
-# Configures trust evaluation of keys used by services at runtime
-# Defaults to supporting both explicit key and PKIX using SAML metadata.
-#idp.trust.signatures = shibboleth.ChainingSignatureTrustEngine
-# To pick only one set to one of:
-#   shibboleth.ExplicitKeySignatureTrustEngine, shibboleth.PKIXSignatureTrustEngine
-#idp.trust.certificates = shibboleth.ChainingX509TrustEngine
-# To pick only one set to one of:
-#   shibboleth.ExplicitKeyX509TrustEngine, shibboleth.PKIXX509TrustEngine
-
-# If true, encryption will happen whenever a key to use can be located, but
-# failure to encrypt won't result in request failure.
-#idp.encryption.optional = false
-
-# Configuration of client- and server-side storage plugins
-#idp.storage.cleanupInterval = PT10M
-#idp.storage.htmlLocalStorage = false
-
-# Set to true to expose more detailed errors in responses to SPs
-#idp.errors.detailed = false
-# Set to false to skip signing of SAML response messages that signal errors
-#idp.errors.signed = true
-# Name of bean containing a list of Java exception classes to ignore
-#idp.errors.excludedExceptions = ExceptionClassListBean
-# Name of bean containing a property set mapping exception names to views
-#idp.errors.exceptionMappings = ExceptionToViewPropertyBean
-# Set if a different default view name for events and exceptions is needed
-#idp.errors.defaultView = error
-
-# Set to false to disable the IdP session layer
-#idp.session.enabled = true
-
-# Set to "shibboleth.StorageService" for server-side storage of user sessions
-#idp.session.StorageService = shibboleth.ClientSessionStorageService
-
-# Size of session IDs
-#idp.session.idSize = 32
-# Bind sessions to IP addresses
-#idp.session.consistentAddress = true
-# Inactivity timeout
-#idp.session.timeout = PT60M
-# Extra time to store sessions for logout
-#idp.session.slop = PT0S
-# Tolerate storage-related errors
-#idp.session.maskStorageFailure = false
-# Track information about SPs logged into
-#idp.session.trackSPSessions = false
-# Support lookup by SP for SAML logout
-#idp.session.secondaryServiceIndex = false
-# Length of time to track SP sessions
-#idp.session.defaultSPlifetime = PT2H
-
-# Regular expression matching login flows to enable, e.g. IPAddress|Password
-idp.authn.flows= Password
-
-# Regular expression of forced "initial" methods when no session exists,
-# usually in conjunction with the idp.authn.resolveAttribute property below.
-#idp.authn.flows.initial = Password
-
-# Set to an attribute ID to resolve prior to selecting authentication flows;
-# its values are used to filter the flows to allow.
-#idp.authn.resolveAttribute = eduPersonAssurance
-
-# Default lifetime and timeout of various authentication methods
-#idp.authn.defaultLifetime = PT60M
-#idp.authn.defaultTimeout = PT30M
-
-# Whether to prioritize "active" results when an SP requests more than
-# one possible matching login method (V2 behavior was to favor them)
-#idp.authn.favorSSO = true
-
-# Whether to fail requests when a user identity after authentication
-# doesn't match the identity in a pre-existing session.
-#idp.authn.identitySwitchIsError = false
-
-# Set to "shibboleth.StorageService" or custom bean for alternate storage of consent
-#idp.consent.StorageService = shibboleth.ClientPersistentStorageService
-
-# Set to "shibboleth.consent.AttributeConsentStorageKey" to use an attribute
-# to key user consent storage records (and set the attribute name)
-#idp.consent.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey
-#idp.consent.userStorageKeyAttribute = uid
-
-# Flags controlling how built-in attribute consent feature operates
-#idp.consent.allowDoNotRemember = true
-#idp.consent.allowGlobal = true
-#idp.consent.allowPerAttribute = false
-
-# Whether attribute values and terms of use text are compared
-#idp.consent.compareValues = false
-# Maximum number of consent records for space-limited storage (e.g. cookies)
-#idp.consent.maxStoredRecords = 10
-# Maximum number of consent records for larger/server-side storage (0 = no limit)
-#idp.consent.expandedMaxStoredRecords = 0
-
-# Time in milliseconds to expire consent storage records.
-#idp.consent.storageRecordLifetime = P1Y
-
-# Whether to lookup metadata, etc. for every SP involved in a logout
-# for use by user interface logic; adds overhead so off by default.
-#idp.logout.elaboration = false
-
-# Whether to require logout requests be signed/authenticated.
-#idp.logout.authenticated = true
-
-# Message freshness and replay cache tuning
-#idp.policy.messageLifetime = PT3M
-#idp.policy.clockSkew = PT3M
-
-# Set to custom bean for alternate storage of replay cache
-#idp.replayCache.StorageService = shibboleth.StorageService
-
-# Toggles whether to allow outbound messages via SAML artifact
-#idp.artifact.enabled = true
-# Suppresses typical signing/encryption when artifact binding used
-#idp.artifact.secureChannel = true
-# May differ to direct SAML 2 artifact lookups to specific server nodes
-#idp.artifact.endpointIndex = 2
-# Set to custom bean for alternate storage of artifact map state
-#idp.artifact.StorageService = shibboleth.StorageService
-
-# Name of access control policy for various admin flows
-idp.status.accessPolicy= AccessByIPAddress
-idp.resolvertest.accessPolicy= AccessByIPAddress
-idp.reload.accessPolicy= AccessByIPAddress
-
-# Comma-delimited languages to use if not match can be found with the
-# browser-supported languages, defaults to an empty list.
-idp.ui.fallbackLanguages= en,fr,de
-
-# Storage service used by CAS protocol
-# Defaults to shibboleth.StorageService (in-memory)
-# MUST be server-side storage (e.g. in-memory, memcached, database)
-# NOTE that idp.session.StorageService requires server-side storage
-# when CAS protocol is enabled
-#idp.cas.StorageService=shibboleth.StorageService
-
-# CAS service registry implementation class
-#idp.cas.serviceRegistryClass=net.shibboleth.idp.cas.service.PatternServiceRegistry
-
-# Profile flows in which the ProfileRequestContext should be exposed
-# in servlet request under the key "opensamlProfileRequestContext"
-#idp.profile.exposeProfileRequestContextInServletRequest = SAML2/POST/SSO,SAML2/Redirect/SSO
-
-# F-TICKS auditing - set salt to include hashed username
-#idp.fticks.federation=MyFederation
-#idp.fticks.algorithm=SHA-256
-#idp.fticks.salt=somethingsecret
diff --git a/conf/intercept/consent-intercept-config.xml b/conf/intercept/consent-intercept-config.xml
deleted file mode 100644
index ca183a7..0000000
--- a/conf/intercept/consent-intercept-config.xml
+++ /dev/null
@@ -1,136 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!-- Terms of Use configuration -->
-    
-    <!--
-    Terms of use is driven by a lookup function returning a key into messages/consent-messages.properties
-    
-    The default mapping returns the relying party / SP name as the key. The second example below
-    demonstrates use of a custom mapping table from the relying party name to the key to use. 
-    -->
-    
-    <alias alias="shibboleth.consent.terms-of-use.Key" name="shibboleth.RelyingPartyIdLookup.Simple" />
-    
-    <!--
-    <bean id="shibboleth.consent.terms-of-use.Key"
-            class="com.google.common.base.Functions" factory-method="compose">
-        <constructor-arg name="g">
-            <bean class="com.google.common.base.Functions" factory-method="forMap" c:defaultValue="terms-of-use">
-                <constructor-arg name="map">
-                    <map>
-                        <entry key="https://sp.example.org/shibboleth" value="example-terms" />
-                    </map>
-                </constructor-arg>
-            </bean>
-        </constructor-arg>
-        <constructor-arg name="f">
-            <ref bean="shibboleth.RelyingPartyIdLookup.Simple" />
-        </constructor-arg>
-    </bean>
-    -->
-
-    <!-- Attribute Release configuration -->
-
-    <!--
-    Attribute release whitelist, blacklist, and match expressions to determine 
-    whether consent should be obtained for an attribute based on the attribute ID.
-    -->
-    
-    <util:list id="shibboleth.consent.attribute-release.WhitelistedAttributeIDs">
-        <!--
-        <value>mail</value>
-        -->
-    </util:list>
-
-    <util:list id="shibboleth.consent.attribute-release.BlacklistedAttributeIDs">
-        <value>transientId</value>
-        <value>persistentId</value>
-        <value>eduPersonTargetedID</value>
-    </util:list>
-
-    <!-- 
-    <bean id="shibboleth.consent.attribute-release.MatchExpression" class="java.util.regex.Pattern" factory-method="compile" 
-        c:_0="^exampleAttribute.*$" />
-    -->
-
-    <!--
-    Customize the order in which attributes are displayed.
-    Attribute IDs not present in this list will be sorted according to their
-    natural order and displayed subsequent to any attribute IDs specified here.
-    -->
-    <!--
-    <util:list id="shibboleth.consent.attribute-release.AttributeDisplayOrder">
-        <value>mail</value>
-    </util:list>
-    -->
-
-    <!--
-    These beans define mappings between audit log categories and formatting strings.
-    -->
-
-    <!--
-    For terms-of-use acceptance, the default entry is :
-     'YYYYMMDDTHHMMSSZ|TermsAccepted|jdoe|example-tou-1|rHo...rrw=|true'
-
-    For terms-of-use refusal, the default entry is :
-     'YYYYMMDDTHHMMSSZ|TermsRejected|jdoe|example-tou-1|rHo...rrw=|false'
-    -->
-    <util:map id="shibboleth.consent.terms-of-use.AuditFormattingMap">
-        <entry key="Shibboleth-Consent-Audit" value="%T|%SP|%e|%u|%CCI|%CCV|%CCA" />
-    </util:map>
-
-    <!--
-    For attribute-release consent, the default entry is :
-     'YYYYMMDDTHHMMSSZ|https://sp.example.org|AttributeReleaseConsent|jdoe|email,eduPersonAffiliation|rHo...rrw=,rHo...rrw=|false,false'
-    -->
-    <util:map id="shibboleth.consent.attribute-release.AuditFormattingMap">
-        <entry key="Shibboleth-Consent-Audit" value="%T|%SP|%e|%u|%CCI|%CCV|%CCA" />
-    </util:map>
-
-    <!--
-    The beans below need to be defined, even if left empty. They can be ignored in most cases.
-    
-    If you write your own function to extract a new piece of data for auditing, you can install it into one or more
-    of the maps below to add it to the auditing framework, keyed by an audit field label to be used in formatting.
-    -->
-    <bean id="shibboleth.consent.PreConsentAuditExtractors" parent="shibboleth.consent.DefaultPreConsentAuditExtractors" lazy-init="true">
-        <property name="sourceMap">
-            <map merge="true">
-            </map>
-        </property>
-    </bean>
-
-    <bean id="shibboleth.consent.ConsentAuditExtractors" parent="shibboleth.consent.DefaultConsentAuditExtractors" lazy-init="true">
-        <property name="sourceMap">
-            <map merge="true">
-            </map>
-        </property>
-    </bean>
-
-    <!--
-    Specify custom symbolic replacements for attribute names to shrink the size of results saved to client-side storage 
-    such as cookies.
-    -->
-    <bean id="shibboleth.consent.AttributeSymbolics" parent="shibboleth.consent.DefaultAttributeSymbolics" lazy-init="true">
-        <property name="sourceMap">
-            <map merge="true">
-                <!--
-                <entry key="myAttribute" value="900" />
-                -->
-            </map>
-        </property>
-    </bean>
-
-</beans>
\ No newline at end of file
diff --git a/conf/intercept/context-check-intercept-config.xml b/conf/intercept/context-check-intercept-config.xml
deleted file mode 100644
index 809f1d4..0000000
--- a/conf/intercept/context-check-intercept-config.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!--
-    Condition to evaluate to interrupt SSO flows to check the state of the transaction before allowing.
-    
-    Typically the flow itself will be activated based on configuration in relying-party.xml, and this controls
-    whether to proceed if the flow is activated. The most common use for this flow is to check the set of
-    resolved/filtered attributes and values to see if the user is authorized or provisioned into a service.
-    -->
-    <bean id="shibboleth.context-check.Condition" parent="shibboleth.Conditions.AND">
-        <constructor-arg>
-            <list>
-                <bean parent="shibboleth.Conditions.RelyingPartyId" c:candidates="#{ 'https://sp.example.org' }" />
-                <bean class="net.shibboleth.idp.profile.logic.SimpleAttributePredicate"
-                        p:useUnfilteredAttributes="true">
-                    <property name="attributeValueMap">
-                        <map>
-                            <entry key="eppn">
-                                <list>
-                                    <value>*</value>
-                                </list>
-                            </entry>
-                        </map>
-                    </property>
-                </bean>
-            </list>
-        </constructor-arg>
-    </bean>
-
-</beans>
\ No newline at end of file
diff --git a/conf/intercept/intercept-events-flow.xml b/conf/intercept/intercept-events-flow.xml
deleted file mode 100644
index 5cb30d5..0000000
--- a/conf/intercept/intercept-events-flow.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<flow xmlns="http://www.springframework.org/schema/webflow"
-      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow.xsd"
-      abstract="true">
-
-    <!-- ADVANCED USE ONLY -->
-    
-    <!--
-    You can ignore this file unless you are creating your own custom intercept subflows that want to
-    report custom events in response to unusual conditions.
-    -->
-
-    <!-- Custom error events to reflect back from user-supplied intercept subflows. -->
-    <!--
-    <end-state id="MyCustomEvent" />
-    -->
-
-</flow>
diff --git a/conf/intercept/profile-intercept.xml b/conf/intercept/profile-intercept.xml
deleted file mode 100644
index fedc2b2..0000000
--- a/conf/intercept/profile-intercept.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!--
-    Intercept flows are used at various injection points to modify processing. This is the master list
-    of flows available that provide interesting features to deployers, but flows are actually enabled by
-    specifying them in various profile configuration beans via relying-party.xml 
-    
-    This list of flows is merged with a built-in set defined in a system configuration file, and may be
-    empty, but should not be removed. You must add your own custom flows to this list if you create any.
-    -->
-    
-    <bean id="shibboleth.AvailableInterceptFlows" parent="shibboleth.DefaultInterceptFlows" lazy-init="true">
-        <property name="sourceList">
-            <list merge="true">
-                <bean id="intercept/context-check" parent="shibboleth.InterceptFlow" />
-        
-                <bean id="intercept/terms-of-use" parent="shibboleth.consent.TermsOfUseFlow" />
-        
-                <bean id="intercept/attribute-release" parent="shibboleth.consent.AttributeReleaseFlow" />
-            </list>
-        </property>
-    </bean>
-
-</beans>
diff --git a/conf/ldap.properties b/conf/ldap.properties
deleted file mode 100644
index 07cf10b..0000000
--- a/conf/ldap.properties
+++ /dev/null
@@ -1,60 +0,0 @@
-# LDAP authentication configuration, see authn/ldap-authn-config.xml
-# Note, this doesn't apply to the use of JAAS
-
-## Authenticator strategy, either anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator
-#idp.authn.LDAP.authenticator                   = anonSearchAuthenticator
-
-## Connection properties ##
-idp.authn.LDAP.ldapURL                          = ldap://ldap.testbed.tier.internet2.edu
-idp.authn.LDAP.useStartTLS                     = false
-idp.authn.LDAP.useSSL                          = false
-#idp.authn.LDAP.connectTimeout                  = 3000
-
-## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust
-#idp.authn.LDAP.sslConfig                       = certificateTrust
-## If using certificateTrust above, set to the trusted certificate's path
-idp.authn.LDAP.trustCertificates                = %{idp.home}/credentials/ldap-server.crt
-## If using keyStoreTrust above, set to the truststore path
-idp.authn.LDAP.trustStore                       = %{idp.home}/credentials/ldap-server.truststore
-
-## Return attributes during authentication
-## NOTE: there is a separate property used for attribute resolution
-idp.authn.LDAP.returnAttributes                 = passwordExpirationTime,loginGraceRemaining
-
-## DN resolution properties ##
-
-# Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator
-# for AD: CN=Users,DC=example,DC=org
-idp.authn.LDAP.baseDN                           = ou=People,dc=testbed,dc=tier,dc=internet2,dc=edu
-#idp.authn.LDAP.subtreeSearch                   = false
-idp.authn.LDAP.userFilter                       = (uid={user})
-# bind search configuration
-# for AD: idp.authn.LDAP.bindDN=adminuser@domain.com
-idp.authn.LDAP.bindDN                           = 
-idp.authn.LDAP.bindDNCredential                 = 
-
-# Format DN resolution, used by directAuthenticator, adAuthenticator
-# for AD use idp.authn.LDAP.dnFormat=%s@domain.com
-idp.authn.LDAP.dnFormat                         = uid=%s,ou=people,dc=example,dc=org
-
-# LDAP attribute configuration, see attribute-resolver.xml
-# Note, this likely won't apply to the use of legacy V2 resolver configurations
-idp.attribute.resolver.LDAP.ldapURL             = %{idp.authn.LDAP.ldapURL}
-idp.attribute.resolver.LDAP.baseDN              = %{idp.authn.LDAP.baseDN:undefined}
-idp.attribute.resolver.LDAP.bindDN              = %{idp.authn.LDAP.bindDN:undefined}
-idp.attribute.resolver.LDAP.bindDNCredential    = %{idp.authn.LDAP.bindDNCredential:undefined}
-idp.attribute.resolver.LDAP.useStartTLS         = %{idp.authn.LDAP.useStartTLS:true}
-idp.attribute.resolver.LDAP.trustCertificates   = %{idp.authn.LDAP.trustCertificates:undefined}
-idp.attribute.resolver.LDAP.searchFilter        = (uid=$resolutionContext.principal)
-idp.attribute.resolver.LDAP.returnAttributes    = cn,homephone,mail
-
-# LDAP pool configuration, used for both authn and DN resolution
-#idp.pool.LDAP.minSize                          = 3
-#idp.pool.LDAP.maxSize                          = 10
-#idp.pool.LDAP.validateOnCheckout               = false
-#idp.pool.LDAP.validatePeriodically             = true
-#idp.pool.LDAP.validatePeriod                   = 300
-#idp.pool.LDAP.prunePeriod                      = 300
-#idp.pool.LDAP.idleTime                         = 600
-#idp.pool.LDAP.blockWaitTime                    = 3000
-#idp.pool.LDAP.failFastInitialize               = false
diff --git a/conf/logback.xml b/conf/logback.xml
deleted file mode 100644
index 2582d1c..0000000
--- a/conf/logback.xml
+++ /dev/null
@@ -1,166 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
-    <!--
-    Variables for simplifying logging configuration.
-    http://logback.qos.ch/manual/configuration.html#variableSubstitution
-    -->
-    
-    <variable name="idp.logfiles" value="${idp.home}/logs" />
-    <variable name="idp.loghistory" value="180" />
-    
-    <!-- Much higher performance if you operate on DEBUG. -->
-    <!-- <variable name="idp.process.appender" value="ASYNC_PROCESS" /> -->
-    
-    <!-- Logging level shortcuts. -->
-    <variable name="idp.loglevel.idp" value="INFO" />
-    <variable name="idp.loglevel.ldap" value="WARN" />
-    <variable name="idp.loglevel.messages" value="INFO" />
-    <variable name="idp.loglevel.encryption" value="INFO" />
-    <variable name="idp.loglevel.opensaml" value="INFO" />
-    <variable name="idp.loglevel.props" value="INFO" />
-    
-    <!-- Don't turn these up unless you want a *lot* of noise. -->
-    <variable name="idp.loglevel.spring" value="ERROR" />
-    <variable name="idp.loglevel.container" value="ERROR" />
-    <variable name="idp.loglevel.xmlsec" value="INFO" />
-    
-    <!-- Syslog address for F-TICKS (see FTICKSLoggingConfiguration). -->
-    <variable name="idp.fticks.loghost" value="localhost" />
-    <variable name="idp.fticks.logport" value="514" />
-
-    <!--
-    If you want to use custom properties in this config file,
-    we load the main property file for you.
-    -->
-    <variable file="${idp.home}/conf/idp.properties" />
-    
-    <!-- =========================================================== -->
-    <!-- ============== Logging Categories and Levels ============== -->
-    <!-- =========================================================== -->
-
-    <!-- Logs IdP, but not OpenSAML, messages -->
-    <logger name="net.shibboleth.idp" level="${idp.loglevel.idp:-INFO}"/>
-
-    <!-- Logs OpenSAML, but not IdP, messages -->
-    <logger name="org.opensaml.saml" level="${idp.loglevel.opensaml:-INFO}"/>
-    
-    <!-- Logs LDAP related messages -->
-    <logger name="org.ldaptive" level="${idp.loglevel.ldap:-WARN}"/>
-    
-    <!-- Logs inbound and outbound protocols messages at DEBUG level -->
-    <logger name="PROTOCOL_MESSAGE" level="${idp.loglevel.messages:-INFO}" />
-
-    <!-- Logs unencrypted SAML at DEBUG level -->
-    <logger name="org.opensaml.saml.saml2.encryption.Encrypter" level="${idp.loglevel.encryption:-INFO}" />
-
-    <!-- Logs system properties during startup at DEBUG level -->
-    <logger name="net.shibboleth.idp.log.LogbackLoggingService" level="${idp.loglevel.props:-INFO}" />
-
-    <!-- Especially chatty. -->
-    <logger name="net.shibboleth.idp.saml.attribute.mapping" level="INFO" />
-    <logger name="org.apache.xml.security" level="${idp.loglevel.xmlsec:-INFO}" />
-    <logger name="org.springframework" level="${idp.loglevel.spring:-ERROR}"/>
-    <logger name="org.apache.catalina" level="${idp.loglevel.container:-ERROR}"/>
-    <logger name="org.eclipse.jetty" level="${idp.loglevel.container:-ERROR}"/>
-
-
-    <!-- =========================================================== -->
-    <!-- ============== Low Level Details or Changes =============== -->
-    <!-- =========================================================== -->
-    
-    <!-- Process log. -->
-    <appender name="IDP_PROCESS" class="ch.qos.logback.core.rolling.RollingFileAppender">
-        <File>${idp.logfiles}/idp-process.log</File>
-        
-        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-            <fileNamePattern>${idp.logfiles}/idp-process-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
-            <maxHistory>${idp.loghistory:-180}</maxHistory>
-        </rollingPolicy>
-
-        <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
-            <charset>UTF-8</charset>
-            <Pattern>%date{ISO8601} - %level [%logger:%line] - %msg%n%ex{short}</Pattern>
-        </encoder>
-    </appender>
-
-    <appender name="ASYNC_PROCESS" class="ch.qos.logback.classic.AsyncAppender">
-        <appender-ref ref="IDP_PROCESS" />
-        <discardingThreshold>0</discardingThreshold>
-    </appender>
-
-    <appender name="IDP_WARN" class="ch.qos.logback.core.rolling.RollingFileAppender">
-        <!-- Suppress anything below WARN. -->
-        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
-            <level>WARN</level>
-        </filter>
-        
-        <File>${idp.logfiles}/idp-warn.log</File>
-        
-        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-            <fileNamePattern>${idp.logfiles}/idp-warn-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
-            <maxHistory>${idp.loghistory:-180}</maxHistory>
-        </rollingPolicy>
-        
-        <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
-            <charset>UTF-8</charset>
-            <Pattern>%date{ISO8601} - %level [%logger:%line] - %msg%n%ex{short}</Pattern>
-        </encoder>
-    </appender>
-    
-    <!-- Audit log. -->
-    <appender name="IDP_AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
-        <File>${idp.logfiles}/idp-audit.log</File>
-
-        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-            <fileNamePattern>${idp.logfiles}/idp-audit-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
-            <maxHistory>${idp.loghistory:-180}</maxHistory>
-        </rollingPolicy>
-
-        <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
-            <charset>UTF-8</charset>
-            <Pattern>%msg%n</Pattern>
-        </encoder>
-    </appender>
-    
-    <!-- Consent audit log. -->
-    <appender name="IDP_CONSENT_AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
-        <File>${idp.logfiles}/idp-consent-audit.log</File>
-
-        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-            <fileNamePattern>${idp.logfiles}/idp-consent-audit-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
-            <maxHistory>${idp.loghistory:-180}</maxHistory>
-        </rollingPolicy>
-
-        <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
-            <charset>UTF-8</charset>
-            <Pattern>%msg%n</Pattern>
-        </encoder>
-    </appender>
-
-    <!-- F-TICKS syslog destination. -->
-    <appender name="IDP_FTICKS" class="ch.qos.logback.classic.net.SyslogAppender">
-        <syslogHost>${idp.fticks.loghost:-localhost}</syslogHost>
-        <port>${idp.fticks.logport:-514}</port>
-        <facility>AUTH</facility>
-        <suffixPattern>[%thread] %logger %msg</suffixPattern>
-    </appender>
-
-    <logger name="Shibboleth-Audit" level="ALL">
-        <appender-ref ref="${idp.audit.appender:-IDP_AUDIT}"/>
-    </logger>
-
-    <logger name="Shibboleth-FTICKS" level="ALL" additivity="false">
-        <appender-ref ref="${idp.fticks.appender:-IDP_FTICKS}"/>
-    </logger>
-
-    <logger name="Shibboleth-Consent-Audit" level="ALL">
-        <appender-ref ref="${idp.consent.appender:-IDP_CONSENT_AUDIT}"/>
-    </logger>
-    
-    <root level="${idp.loglevel.root:-INFO}">
-        <appender-ref ref="${idp.process.appender:-IDP_PROCESS}"/>
-        <appender-ref ref="${idp.warn.appender:-IDP_WARN}" />
-    </root>
-
-</configuration>
\ No newline at end of file
diff --git a/conf/metadata-providers.xml b/conf/metadata-providers.xml
deleted file mode 100644
index e10c8b8..0000000
--- a/conf/metadata-providers.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- This file is an EXAMPLE metadata configuration file. -->
-<MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider"
-    xmlns="urn:mace:shibboleth:2.0:metadata"
-    xmlns:resource="urn:mace:shibboleth:2.0:resource"
-    xmlns:security="urn:mace:shibboleth:2.0:security"
-    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
-                        urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd 
-                        urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd
-                        urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd">
-
-    <MetadataProvider id="InCommonMetadata"
-                      xsi:type="FileBackedHTTPMetadataProvider"
-                      backingFile="%{idp.home}/metadata/localCopyFromInCommon.xml"
-                      metadataURL="http://md.incommon.org/InCommon/InCommon-metadata.xml"
-                      maxRefreshDelay="PT8H"> 
-
-        <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P14D" />
-        
-        <MetadataFilter xsi:type="SignatureValidation"
-            certificateFile="${idp.home}/credentials/inc-md-cert.pem" />
-
-        <MetadataFilter xsi:type="EntityRoleWhiteList">
-            <RetainedRole>md:SPSSODescriptor</RetainedRole>
-        </MetadataFilter>
-        
-    </MetadataProvider>
-
-    <MetadataProvider id="testbed.tier" xsi:type="FilesystemMetadataProvider" metadataFile="/opt/shibboleth-idp/metadata/testbed-tier-metadata.xml"/>
-    <MetadataProvider id="sp.testbed.tier" xsi:type="FilesystemMetadataProvider" metadataFile="/opt/shibboleth-idp/metadata/sp-testbed-tier-metadata.xml"/>
-                        
-</MetadataProvider>
diff --git a/conf/mvc-beans.xml b/conf/mvc-beans.xml
deleted file mode 100644
index 98d9bcd..0000000
--- a/conf/mvc-beans.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:mvc="http://www.springframework.org/schema/mvc"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!--
-    Use this file to define any custom MVC beans needed. Its contents are imported
-    by system/conf/mvc-beans.xml, which configures a lot of the low-level Spring Web
-    behavior of the IdP. You can ignore this file otherwise.
-    -->
-    
-</beans>
diff --git a/conf/relying-party.xml b/conf/relying-party.xml
deleted file mode 100644
index 28c9193..0000000
--- a/conf/relying-party.xml
+++ /dev/null
@@ -1,70 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!--
-    Unverified RP configuration, defaults to no support for any profiles. Add <ref> elements to the list
-    to enable specific default profile settings (as below), or create new beans inline to override defaults.
-    
-    "Unverified" typically means the IdP has no metadata, or equivalent way of assuring the identity and
-    legitimacy of a requesting system. To run an "open" IdP, you can enable profiles here.
-    -->
-    <bean id="shibboleth.UnverifiedRelyingParty" parent="RelyingParty">
-        <property name="profileConfigurations">
-            <list>
-            <!-- <bean parent="SAML2.SSO" p:encryptAssertions="false" /> -->
-            </list>
-        </property>
-    </bean>
-
-    <!--
-    Default configuration, with default settings applied for all profiles, and enables
-    the attribute-release consent flow.
-    -->
-    <bean id="shibboleth.DefaultRelyingParty" parent="RelyingParty">
-        <property name="profileConfigurations">
-            <list>
-                <bean parent="Shibboleth.SSO" p:postAuthenticationFlows="attribute-release" />
-                <ref bean="SAML1.AttributeQuery" />
-                <ref bean="SAML1.ArtifactResolution" />
-                <bean parent="SAML2.SSO" p:postAuthenticationFlows="attribute-release" />
-                <ref bean="SAML2.ECP" />
-                <ref bean="SAML2.Logout" />
-                <ref bean="SAML2.AttributeQuery" />
-                <ref bean="SAML2.ArtifactResolution" />
-                <ref bean="Liberty.SSOS" />
-            </list>
-        </property>
-    </bean>
-
-    <!-- Container for any overrides you want to add. -->
-
-    <util:list id="shibboleth.RelyingPartyOverrides">
-    
-        <!--
-        Override example that identifies a single RP by name and configures it
-        for SAML 2 SSO without encryption. This is a common "vendor" scenario.
-        -->
-        <!--
-        <bean parent="RelyingPartyByName" c:relyingPartyIds="https://sp.example.org">
-            <property name="profileConfigurations">
-                <list>
-                    <bean parent="SAML2.SSO" p:encryptAssertions="false" />
-                </list>
-            </property>
-        </bean>
-        -->
-        
-    </util:list>
-
-</beans>
diff --git a/conf/saml-nameid.properties b/conf/saml-nameid.properties
deleted file mode 100644
index 8530c4f..0000000
--- a/conf/saml-nameid.properties
+++ /dev/null
@@ -1,35 +0,0 @@
-# Properties involving SAML NameIdentifier/NameID generation/consumption
-
-# For the most part these settings only deal with "transient" and "persistent"
-# identifiers. See saml-nameid.xml and c14n/subject-c14n.xml for advanced
-# settings
-
-# Comment out to disable legacy NameID generation via Attribute Resolver
-#idp.nameid.saml2.legacyGenerator = shibboleth.LegacySAML2NameIDGenerator
-#idp.nameid.saml1.legacyGenerator = shibboleth.LegacySAML1NameIdentifierGenerator
-
-# Default NameID Formats to use when nothing else is called for.
-# Don't change these just to change the Format used for a single SP!
-#idp.nameid.saml2.default = urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-#idp.nameid.saml1.default = urn:mace:shibboleth:1.0:nameIdentifier
-
-# Set to shibboleth.StoredTransientIdGenerator for server-side transient ID storage
-#idp.transientId.generator = shibboleth.CryptoTransientIdGenerator
-
-# Persistent IDs can be computed on the fly with a hash, or managed in a database
-
-# For computed IDs, set a source attribute and a secret salt:
-#idp.persistentId.sourceAttribute = changethistosomethingreal
-#idp.persistentId.useUnfilteredAttributes = true
-# Do *NOT* share the salt with other people, it's like divulging your private key.
-#idp.persistentId.algorithm = SHA
-#idp.persistentId.salt = changethistosomethingrandom
-
-# To use a database, use shibboleth.StoredPersistentIdGenerator
-#idp.persistentId.generator = shibboleth.ComputedPersistentIdGenerator
-# For basic use, set this to a JDBC DataSource bean name:
-#idp.persistentId.dataSource = PersistentIdDataSource
-# For advanced use, set to a bean inherited from shibboleth.JDBCPersistentIdStore
-#idp.persistentId.store = MyPersistentIdStore
-# Set to an empty property to skip hash-based generation of first stored ID
-#idp.persistentId.computed = shibboleth.ComputedPersistentIdGenerator
diff --git a/conf/saml-nameid.xml b/conf/saml-nameid.xml
deleted file mode 100644
index ea97448..0000000
--- a/conf/saml-nameid.xml
+++ /dev/null
@@ -1,62 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:util="http://www.springframework.org/schema/util"
-       xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:c="http://www.springframework.org/schema/c"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-                           
-       default-init-method="initialize"
-       default-destroy-method="destroy">
-
-    <!-- ========================= SAML NameID Generation ========================= -->
-
-    <!--
-    These generator lists handle NameID/Nameidentifier generation going forward. By default,
-    transient IDs for both SAML versions are enabled. The commented examples are for persistent IDs
-    and generating more one-off formats based on resolved attributes. The suggested approach is to
-    control their use via release of the underlying source attribute in the filter policy rather
-    than here, but you can set a property on any generator called "activationCondition" to limit
-    use in the most generic way.
-    
-    Most of the relevant configuration settings are controlled using properties; an exception is
-    the generation of arbitrary/custom formats based on attribute information, examples of which
-    are shown below.
-    
-    -->
-    
-    <!-- SAML 2 NameID Generation -->
-    <util:list id="shibboleth.SAML2NameIDGenerators">
-    
-        <ref bean="shibboleth.SAML2TransientGenerator" />
-        
-        <!-- Uncommenting this bean requires configuration in saml-nameid.properties. -->
-        <!--
-        <ref bean="shibboleth.SAML2PersistentGenerator" />
-        -->
-
-        <!--
-        <bean parent="shibboleth.SAML2AttributeSourcedGenerator"
-            p:format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
-            p:attributeSourceIds="#{ {'mail'} }" />
-        -->
-                
-    </util:list>
-
-    <!-- SAML 1 NameIdentifier Generation -->
-    <util:list id="shibboleth.SAML1NameIdentifierGenerators">
-
-        <ref bean="shibboleth.SAML1TransientGenerator" />
-
-        <!--
-        <bean parent="shibboleth.SAML1AttributeSourcedGenerator"
-            p:format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
-            p:attributeSourceIds="#{ {'mail'} }" />
-        -->
-                
-    </util:list>
-    
-</beans>
diff --git a/conf/services.properties b/conf/services.properties
deleted file mode 100644
index 116625a..0000000
--- a/conf/services.properties
+++ /dev/null
@@ -1,61 +0,0 @@
-# Configure the resources to load for various services,
-# and the settings for failure handling and auto-reload.
-
-# failFast=true prevents IdP startup if a configuration is bad
-# checkInterval = PT0S means never reload (this is the default)
-
-# Global default for fail-fast behavior of most subsystems
-# with individual override possible below.
-#idp.service.failFast = false
-
-#idp.service.logging.resource = %{idp.home}/conf/logback.xml
-#idp.service.logging.failFast = true
-idp.service.logging.checkInterval = PT5M
-
-# Set to shibboleth.LegacyRelyingPartyResolverResources with legacy V2 relying-party.xml
-#idp.service.relyingparty.resources = shibboleth.RelyingPartyResolverResources
-#idp.service.relyingparty.failFast = false
-idp.service.relyingparty.checkInterval = PT15M
-
-#idp.service.metadata.resources = shibboleth.MetadataResolverResources
-#idp.service.metadata.failFast = false
-#idp.service.metadata.checkInterval = PT0S
-
-#idp.service.attribute.resolver.resources = shibboleth.AttributeResolverResources
-#idp.service.attribute.resolver.failFast = false
-idp.service.attribute.resolver.checkInterval = PT15M
-#idp.service.attribute.resolver.maskFailures = true
-
-#idp.service.attribute.filter.resources = shibboleth.AttributeFilterResources
-# NOTE: Failing the filter fast leaves no filters enabled.
-#idp.service.attribute.filter.failFast = false
-idp.service.attribute.filter.checkInterval = PT15M
-#idp.service.attribute.filter.maskFailures = true
-
-#idp.service.nameidGeneration.resources = shibboleth.NameIdentifierGenerationResources
-#idp.service.nameidGeneration.failFast = false
-idp.service.nameidGeneration.checkInterval = PT15M
-
-#idp.service.access.resources = shibboleth.AccessControlResources
-#idp.service.access.failFast = true
-idp.service.access.checkInterval = PT5M
-
-#idp.service.cas.registry.resources = shibboleth.CASServiceRegistryResources
-#idp.service.cas.registry.failFast = false
-idp.service.cas.registry.checkInterval = PT15M
-
-#idp.message.resources = shibboleth.MessageSourceResources
-#idp.message.cacheSeconds = 300
-
-# Parameters for pre-defined HttpClient instances which perform in-memory and filesystem caching.
-# These are used with components such as remote configuration resources that are explicitly wired
-# with these client instances, *not* by default with HTTP metadata resolvers.
-#idp.httpclient.useTrustEngineTLSSocketFactory = false
-#idp.httpclient.useSecurityEnhancedTLSSocketFactory = false
-#idp.httpclient.connectionDisregardTLSCertificate = false
-#idp.httpclient.connectionTimeout = -1
-#idp.httpclient.memorycaching.maxCacheEntries = 50
-#idp.httpclient.memorycaching.maxCacheEntrySize = 1048576
-#idp.httpclient.filecaching.maxCacheEntries = 100
-#idp.httpclient.filecaching.maxCacheEntrySize = 10485760
-idp.httpclient.filecaching.cacheDirectory = %{idp.home}/tmp/httpClientCache
\ No newline at end of file
diff --git a/conf/services.xml b/conf/services.xml
deleted file mode 100644
index d22fff9..0000000
--- a/conf/services.xml
+++ /dev/null
@@ -1,145 +0,0 @@
-<beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:context="http://www.springframework.org/schema/context"
-    xmlns:util="http://www.springframework.org/schema/util" xmlns:p="http://www.springframework.org/schema/p"
-    xmlns:c="http://www.springframework.org/schema/c" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
-                           
-    <!-- Advanced configuration of services from SVN.
-       
-       To use an SVN resource you need to construct it and then inject it into 
-       The appropriate bean. To use property replacement you will need a separate 
-       resource pointing to the replacement phrase. 
-        
-       For example: 
-        
-    <bean id="AuthnMgr" class="org.tmatesoft.svn.core.auth.BasicAuthenticationManager">
-        <constructor-arg>
-            <null />
-        </constructor-arg>
-    </bean>
-    <bean id="ClientMgr" factory-method="newInstance"
-        class="org.tmatesoft.svn.core.wc.SVNClientManager"
-        p:authenticationManager-ref="AuthnMgr" />
-    <bean id="TheSVNURL" factory-method="create"
-        class="org.tmatesoft.svn.core.SVNURL">
-        <constructor-arg value="https" />
-        <constructor-arg>
-            <null />
-        </constructor-arg>
-        <constructor-arg value="svn.shibboleth.net" />
-        <constructor-arg value="-1" />
-        <constructor-arg
-            value="/utilities/spring-extensions/trunk/src/test/resources/data/" />
-        <constructor-arg value="false" />
-    </bean>
-    <bean id="TheSVNResource" class="net.shibboleth.ext.spring.resource.SVNResource">
-        <constructor-arg ref="ClientMgr" />
-        <constructor-arg ref="TheSVNURL" />
-        <constructor-arg value="D:/testdir/dir" />
-        <constructor-arg value="-1" />
-        <constructor-arg value="TestResource.txt" />
-    </bean>
-    
-    <util:list id="shibboleth.AttributeResolverResources">
-       <ref bean="TheSVNResource"/>
-       <value>path_to_properties_specifyingBean_file</value>
-    </util:list>
-    
-     see also https://wiki.shibboleth.net/confluence/display/IDP30/SVNResource
-              http://svnkit.com/javadoc/org/tmatesoft/svn/core/auth/BasicAuthenticationManager.html#constructor_detail 
-              http://svnkit.com/javadoc/org/tmatesoft/svn/core/SVNURL.html
-              
-    -->
-    
-    <!-- Advanced configuration of services from HTTP.
-    
-      To use an HTTP resource you first need to configure the Apache HttpClient which will be used
-      to communicate with the web server.  Any HttpClient can be used, but two Factory Beans allow simple
-      configuration of in-memory or file-based caching clients.
-      
-      Examples are:
-      
-        A resource which will be supplied from an in-memory cache for as long as the file on the webserver does not change.  
-        If the webserver becomes unavailable the resource will be unavailable.
-         
-        <bean id="inMemoryResource" class="net.shibboleth.ext.spring.resource.HTTPResource"
-              c:client-ref="shibboleth.MemoryCachingHttpClient" 
-              c:url="http://example.org/path/to/file.xml" />
-              
-        Two resources which will be supplied from an on disk cache (suitable for multiple or large files) for as long 
-        as the file on the webserver does not change.  If the webserver becomes unavailable the last used contents
-        of the file will be returned (even if that was in a previous IdP lifetime).
-        
-        <bean id="fileResource" class="net.shibboleth.ext.spring.resource.FileBackedHTTPResource"
-              c:client-ref="shibboleth.FileCachingHttpClient" 
-              c:url="http://example.org/path/to/file.xml"
-              c:backingFile="/var/shibboleth/caches/resourcecache/file.xml"/>
-       
-        <bean id="otherFileResource" class="net.shibboleth.ext.spring.resource.FileBackedHTTPResource"
-              c:client-ref="shibboleth.FileCachingHttpClient" 
-              c:url="http://another.server.example.org/path/to/different/file.xml"
-              c:backingFile="/var/shibboleth/caches/resourcecache/differentFile.xml"/>
-              
-        In all cases you should review the "idp.httpclient.*" properties defined in services.properties
-    -->
-    
-    <!--
-    Otherwise by default we look at resources whose names are derived from %{idp.home}. Services not configured
-    using native Spring syntax also need to load the property-placeholder file in order to pull settings from
-    property sources.
-    -->
-
-    <!-- This set of resources supports a native Spring relying-party.xml file. -->
-    <util:list id="shibboleth.RelyingPartyResolverResources">
-        <value>%{idp.home}/conf/relying-party.xml</value>
-        <value>%{idp.home}/conf/credentials.xml</value>
-        <value>%{idp.home}/system/conf/relying-party-system.xml</value>
-    </util:list>
-
-    <!-- This set of resources supports a legacy 2.x relying-party.xml file. -->
-    <util:list id="shibboleth.LegacyRelyingPartyResolverResources">
-        <value>%{idp.home}/conf/relying-party.xml</value>
-        <value>%{idp.home}/system/conf/legacy-relying-party-defaults.xml</value>
-    </util:list>
-
-    <util:list id="shibboleth.MetadataResolverResources">
-        <value>%{idp.home}/conf/metadata-providers.xml</value>
-        <value>%{idp.home}/system/conf/metadata-providers-system.xml</value>
-    </util:list>
-
-    <util:list id ="shibboleth.AttributeResolverResources">
-        <value>%{idp.home}/conf/attribute-resolver.xml</value>
-    </util:list>
-
-    <util:list id ="shibboleth.AttributeFilterResources">
-        <value>%{idp.home}/conf/attribute-filter.xml</value>
-    </util:list>
-
-    <util:list id ="shibboleth.NameIdentifierGenerationResources">
-        <value>%{idp.home}/conf/saml-nameid.xml</value>
-        <value>%{idp.home}/system/conf/saml-nameid-system.xml</value>
-    </util:list>
-    
-    <util:list id="shibboleth.AccessControlResources">
-        <value>%{idp.home}/conf/access-control.xml</value>
-        <value>%{idp.home}/system/conf/access-control-system.xml</value>
-    </util:list>
-
-    <util:list id="shibboleth.CASServiceRegistryResources">
-        <value>%{idp.home}/conf/cas-protocol.xml</value>
-    </util:list>
-
-    <!--
-    This collection of resources differs slightly in that it should not include the file extension.
-    Message sources are internationalized, and Spring will search for a compatible language extension
-    and fall back to one with a .properties extension.
-    -->
-    <util:list id="shibboleth.MessageSourceResources">
-        <value>%{idp.home}/messages/authn-messages</value>
-        <value>%{idp.home}/messages/consent-messages</value>
-        <value>%{idp.home}/messages/error-messages</value>
-    </util:list>
-    
-</beans>
diff --git a/conf/session-manager.xml b/conf/session-manager.xml
deleted file mode 100644
index f195014..0000000
--- a/conf/session-manager.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-    xmlns:context="http://www.springframework.org/schema/context"
-    xmlns:util="http://www.springframework.org/schema/util" xmlns:p="http://www.springframework.org/schema/p"
-    xmlns:c="http://www.springframework.org/schema/c" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-                        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
-                        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
-    default-init-method="initialize"
-    default-destroy-method="destroy">
-
-    <!-- Flows that propagate logout to additional services using supported protocols. -->
-    <util:list id="shibboleth.LogoutPropagationFlows">
-        <ref bean="logoutprop/cas" />
-        <ref bean="logoutprop/saml2" />
-    </util:list>
-
-    <!-- Modify only to add extension types associated with non-built-in SSO protocols. -->
-    <bean id="shibboleth.SPSessionSerializerRegistry" parent="shibboleth.DefaultSPSessionSerializerRegistry">
-        <property name="mappings">
-            <map merge="true">
-            </map>
-        </property>
-    </bean>
-    
-    <!-- Modify only to add extension types associated with non-built-in SSO protocols. -->
-    <bean id="shibboleth.SessionTypeProtocolMap" parent="shibboleth.DefaultSessionTypeProtocolMap">
-        <property name="sourceMap">
-            <map merge="true">
-            </map>
-        </property>
-    </bean>
-        
-    <!--
-    List of client-side storage service plugins. If you use server-side storage and don't need these
-    services, you can remove or comment out the <ref> elements, but don't remove the list bean or
-    a default list will be substituted for backward compatibility.
-    -->
-    <util:list id="shibboleth.ClientStorageServices">
-        <ref bean="shibboleth.ClientSessionStorageService" />
-        <ref bean="shibboleth.ClientPersistentStorageService" />
-    </util:list>
-    
-</beans>