From fe2d88d0476ea4a63491b43580fbaeb3f02dd15f Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Fri, 20 Jan 2017 15:02:32 -0600
Subject: [PATCH] complete 3.3 test config

---
 .../account-locked/account-locked-flow.xml    |  16 --
 flows/authn/conditions/conditions-flow.xml    |  35 ---
 .../expired-password-flow.xml                 |  16 --
 .../expiring-password-flow.xml                |  32 ---
 flows/user/prefs/prefs-flow.xml               |  25 --
 messages/authn-messages.properties            |  73 ------
 messages/consent-messages.properties          |  77 ------
 messages/error-messages.properties            | 119 ---------
 messages/messages.properties                  | 240 ++++++++++++++++++
 views/client-storage/client-storage-read.vm   |  53 ++++
 views/client-storage/client-storage-write.vm  |  53 ++++
 views/duo.vm                                  |  83 ++++++
 views/error.vm                                |  13 +-
 views/intercept/attribute-release.vm          |  18 +-
 views/{ => intercept}/expiring-password.vm    |   1 +
 views/login.vm                                |  20 +-
 views/logout-complete.vm                      |   9 +-
 views/logout-propagate.vm                     |   7 +-
 views/logout.vm                               |  13 +-
 views/resolvertest.vm                         |  47 ----
 views/spnego-unavailable.vm                   |   1 +
 views/user-prefs.vm                           |   7 +-
 22 files changed, 482 insertions(+), 476 deletions(-)
 delete mode 100644 flows/authn/conditions/account-locked/account-locked-flow.xml
 delete mode 100644 flows/authn/conditions/conditions-flow.xml
 delete mode 100644 flows/authn/conditions/expired-password/expired-password-flow.xml
 delete mode 100644 flows/authn/conditions/expiring-password/expiring-password-flow.xml
 delete mode 100644 flows/user/prefs/prefs-flow.xml
 delete mode 100644 messages/authn-messages.properties
 delete mode 100644 messages/consent-messages.properties
 delete mode 100644 messages/error-messages.properties
 create mode 100644 messages/messages.properties
 create mode 100644 views/client-storage/client-storage-read.vm
 create mode 100644 views/client-storage/client-storage-write.vm
 create mode 100644 views/duo.vm
 rename views/{ => intercept}/expiring-password.vm (96%)
 delete mode 100644 views/resolvertest.vm

diff --git a/flows/authn/conditions/account-locked/account-locked-flow.xml b/flows/authn/conditions/account-locked/account-locked-flow.xml
deleted file mode 100644
index 5fe7523..0000000
--- a/flows/authn/conditions/account-locked/account-locked-flow.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<flow xmlns="http://www.springframework.org/schema/webflow"
-      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow.xsd">
-
-    <!-- This is a placeholder flow that does nothing out of the box but reserves a subflow ID. -->
-
-    <!-- Rudimentary impediment to direct execution of subflow. -->
-    <input name="calledAsSubflow" type="boolean" required="true" />
-
-    <on-start>
-        <evaluate expression="'proceed'" />
-    </on-start>    
-
-    <end-state id="proceed" />
-
-</flow>
diff --git a/flows/authn/conditions/conditions-flow.xml b/flows/authn/conditions/conditions-flow.xml
deleted file mode 100644
index caa0a13..0000000
--- a/flows/authn/conditions/conditions-flow.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<flow xmlns="http://www.springframework.org/schema/webflow"
-      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow.xsd"
-      abstract="true">
-
-    <!-- Rudimentary impediment to direct execution of subflow. -->
-    <input name="calledAsSubflow" type="boolean" required="true" />
-
-    <action-state id="ValidateUsernamePassword">
-        
-        <!-- Call outs for exceptional conditions. -->
-        <transition on="AccountWarning" to="CallExpiringPassword" />
-        <transition on="ExpiringPassword" to="CallExpiringPassword" />
-        <transition on="ExpiredPassword" to="CallExpiredPassword" />
-        <transition on="AccountLocked" to="CallAccountLocked" />
-        
-        <transition to="DisplayUsernamePasswordPage" />
-    </action-state>
-
-    <subflow-state id="CallExpiringPassword" subflow="authn/conditions/expiring-password">
-        <input name="calledAsSubflow" value="true" />
-        <transition on="proceed" to="proceed" />
-    </subflow-state>
-
-    <subflow-state id="CallExpiredPassword" subflow="authn/conditions/expired-password">
-        <input name="calledAsSubflow" value="true" />
-        <transition on="proceed" to="DisplayUsernamePasswordPage" />
-    </subflow-state>
-
-    <subflow-state id="CallAccountLocked" subflow="authn/conditions/account-locked">
-        <input name="calledAsSubflow" value="true" />
-        <transition on="proceed" to="DisplayUsernamePasswordPage" />
-    </subflow-state>
-
-</flow>
diff --git a/flows/authn/conditions/expired-password/expired-password-flow.xml b/flows/authn/conditions/expired-password/expired-password-flow.xml
deleted file mode 100644
index 5fe7523..0000000
--- a/flows/authn/conditions/expired-password/expired-password-flow.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<flow xmlns="http://www.springframework.org/schema/webflow"
-      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow.xsd">
-
-    <!-- This is a placeholder flow that does nothing out of the box but reserves a subflow ID. -->
-
-    <!-- Rudimentary impediment to direct execution of subflow. -->
-    <input name="calledAsSubflow" type="boolean" required="true" />
-
-    <on-start>
-        <evaluate expression="'proceed'" />
-    </on-start>    
-
-    <end-state id="proceed" />
-
-</flow>
diff --git a/flows/authn/conditions/expiring-password/expiring-password-flow.xml b/flows/authn/conditions/expiring-password/expiring-password-flow.xml
deleted file mode 100644
index f9f5ceb..0000000
--- a/flows/authn/conditions/expiring-password/expiring-password-flow.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<flow xmlns="http://www.springframework.org/schema/webflow"
-      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow.xsd">
-
-    <!--
-    This is an example flow that displays a view template in response to an expiring password.
-    The view might display a pointer to the password change portal while automatically continuing
-    after a few seconds.
-    -->
-
-    <!-- Rudimentary impediment to direct execution of subflow. -->
-    <input name="calledAsSubflow" type="boolean" required="true" />
-
-    <view-state id="ExpiringPassword" view="expiring-password">
-        <on-render>
-            <evaluate expression="environment" result="viewScope.environment" />
-            <evaluate expression="opensamlProfileRequestContext" result="viewScope.profileRequestContext" />
-            <evaluate expression="opensamlProfileRequestContext.getSubcontext(T(net.shibboleth.idp.authn.context.AuthenticationContext))" result="viewScope.authenticationContext" />
-            <evaluate expression="authenticationContext.getSubcontext(T(net.shibboleth.idp.authn.context.AuthenticationErrorContext))" result="viewScope.authenticationErrorContext" />
-            <evaluate expression="authenticationContext.getSubcontext(T(net.shibboleth.idp.authn.context.AuthenticationWarningContext))" result="viewScope.authenticationWarningContext" />
-            <evaluate expression="authenticationContext.getSubcontext(T(net.shibboleth.idp.authn.context.LDAPResponseContext))" result="viewScope.ldapResponseContext" />
-            <evaluate expression="T(net.shibboleth.utilities.java.support.codec.HTMLEncoder)" result="viewScope.encoder" />
-            <evaluate expression="flowRequestContext.getExternalContext().getNativeRequest()" result="viewScope.request" />
-            <evaluate expression="flowRequestContext.getExternalContext().getNativeResponse()" result="viewScope.response" />
-            <evaluate expression="flowRequestContext.getActiveFlow().getApplicationContext().containsBean('shibboleth.CustomViewContext') ? flowRequestContext.getActiveFlow().getApplicationContext().getBean('shibboleth.CustomViewContext') : null" result="viewScope.custom" />
-        </on-render>
-        <transition on="proceed" to="proceed" />
-    </view-state>
-
-    <end-state id="proceed" />
-
-</flow>
diff --git a/flows/user/prefs/prefs-flow.xml b/flows/user/prefs/prefs-flow.xml
deleted file mode 100644
index c79093b..0000000
--- a/flows/user/prefs/prefs-flow.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<flow xmlns="http://www.springframework.org/schema/webflow"
-      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow.xsd">
-
-    <!--
-    This flow allows a user to adjust various client-side preferences.
-    
-    It's partly example, partly a placeholder to allow adjustment of a few
-    existing cookie-based options used by some features of the IdP for the time
-    being while leaving the option of a more comprehensive UI down the road.
-    
-    As a flow, it's nothing much, just a view rendered to push some JS into
-    the browser to maintain things. Notably, it doesn't require a user login.
-    -->
-
-    <end-state id="RenderView" view="user-prefs">
-        <on-entry>
-            <evaluate expression="environment" result="requestScope.environment" />
-            <evaluate expression="T(net.shibboleth.utilities.java.support.codec.HTMLEncoder)" result="requestScope.encoder" />
-            <evaluate expression="flowRequestContext.getExternalContext().getNativeRequest()" result="requestScope.request" />
-            <evaluate expression="flowRequestContext.getExternalContext().getNativeResponse()" result="requestScope.response" />
-            <evaluate expression="flowRequestContext.getActiveFlow().getApplicationContext().containsBean('shibboleth.CustomViewContext') ? flowRequestContext.getActiveFlow().getApplicationContext().getBean('shibboleth.CustomViewContext') : null" result="requestScope.custom" />
-        </on-entry>
-    </end-state>
-</flow>
diff --git a/messages/authn-messages.properties b/messages/authn-messages.properties
deleted file mode 100644
index ed92747..0000000
--- a/messages/authn-messages.properties
+++ /dev/null
@@ -1,73 +0,0 @@
-# In addition to the Apache 2.0 license, this content is also licensed
-# under the Creative Commons Attribution-ShareAlike 3.0 Unported license
-# (see http://creativecommons.org/licenses/by-sa/3.0/). 
-
-# Login / Logout messages
-
-idp.login.loginTo = Login to
-
-idp.login.username = Username
-idp.login.password = Password
-
-idp.login.donotcache = Don't Remember Login
-
-idp.login.login = Login
-idp.login.pleasewait = Logging in, please wait...
-
-idp.login.forgotPassword = Forgot your password?
-idp.login.needHelp = Need Help?
-
-# Expiring password example messages
-
-idp.login.expiringSoon = Your password will be expiring soon!
-idp.login.changePassword = To create a new password now, go to
-idp.login.proceedBegin = Your login will proceed in 20 seconds or you may click
-idp.login.proceedHere = here
-idp.login.proceedEnd = to continue
-
-# Useful links
-
-idp.url.password.reset = #
-idp.url.helpdesk = #
-
-# User Preferences example messages
-
-idp.userprefs.title = Web Login Service
-idp.userprefs.title.suffice = Login Preferences
-idp.userprefs.info = This page allows you to configure your device to tell the Web Login Service that it \
-                        can use more advanced login approaches that are more convenient, but not always usable.
-idp.userprefs.options = The following options are available:
-idp.userprefs.spnego = Automatically try desktop login when available.
-idp.userprefs.no-js = This feature requires Javascript.
-
-# Classified Login Error messages
-
-UnknownUsername = bad-username
-InvalidPassword = bad-password
-ExpiredPassword = expired-password
-AccountLocked = account-locked
-SPNEGONotAvailable = spnego-unavailable
-NTLMUnsupported = ntlm
-
-bad-username.message = The username you entered cannot be identified.
-
-bad-password.message = The password you entered was incorrect.
-
-expired-password.message = Your password has expired.
-
-account-locked.message = Your account is locked.
-
-spnego-unavailable.message = Your web browser doesn't support authentication with your desktop login credentials.
-spnego-unavailable.return = Cancel the attempt.
-
-ntlm.message = Your web browser attempted to negotiate a weaker form of desktop authentication.
-
-# Logout-related messages
-
-idp.logout.ask = Would you like to attempt to log out of all services accessed during your session? \
-                    Please select <strong>Yes</strong> or <strong>No</strong> to ensure the logout \
-                    operation completes, or wait a few seconds for Yes.
-idp.logout.contactServices = If you proceed, the system will attempt to contact the following services:
-idp.logout.complete = The logout operation is complete, and no other services appear to have been accessed during this session.
-idp.logout.local = You elected not to log out of all the applications accessed during your session.
-idp.logout.attempt = Attempting to log out of the following services:
diff --git a/messages/consent-messages.properties b/messages/consent-messages.properties
deleted file mode 100644
index bed612e..0000000
--- a/messages/consent-messages.properties
+++ /dev/null
@@ -1,77 +0,0 @@
-# In addition to the Apache 2.0 license, this content is also licensed
-# under the Creative Commons Attribution-ShareAlike 3.0 Unported license
-# (see http://creativecommons.org/licenses/by-sa/3.0/). 
-
-# General messages related to terms of use consent.
-
-idp.terms-of-use.accept     = I accept the terms of use
-idp.terms-of-use.submit     = Submit
-idp.terms-of-use.reject     = Refuse
-idp.terms-of-use.required   = Please check this box if you want to proceed.
-
-# Triples consisting of a TOU key, and a title and text for each set of terms.
-# The default implementation uses the SP name as the key, but this can be overriden.
-
-https\://sp.example.org = example-tou-1
-example-tou-1.title = Example Terms of Use
-example-tou-1.text	= <em>*** This is an example ToU - tailor due to your needs ***</em> \
-                        <p>Example organization AAI services: Terms of Use (ToU)</p> \
-                        <strong>A. Data Protection Sample Clause</strong> \
-                        <p> \
-                        "The End User notes that personal data about the End User is compiled from generally \
-                        available sources and from communications received from the End User and other \
-                        Universities as well as from off-site sources. The policy relating to the use and procession \
-                        of such data is posted on the University website at [...]. Such data will be used, inter alia, \
-                        to authenticate and authorize the access to and use of various resources within \
-                        the University and on other sites ("Approved Uses"). The End User hereby consents to \
-                        the collection, processing, use and release of such data to the extent reasonably necessary \
-                        for the Approved Uses. Such consent includes, but is not limited to, the release \
-                        of personal data to other institutions by employing cookies and electronically exchanging, \
-                        caching and storing personal authorization attributes." \
-                        </p> \
-                        <strong>B. Limitation of Liability</strong> \
-                        <p> \
-                        "To the extent permitted by the applicable law, the End User hereby waives all and any \
-                        claims for cost and damages, whether direct or indirect, incidental, or consequential(including, \
-                        inter alia, loss of use and lost profits), both in contract and in tort, arising from \
-                        the use or in any way related to the inter-organizational authentication and authorization \
-                        services which allow the End User to access certain resources of other organizations. \
-                        This waiver of claims shall be valid and effective in relation to all participants of \
-                        the inter-organizational authentication and authorization services including the AAI \
-                        Service Provider and its affiliates, officers, employees and agents." \
-                        </p>
-
-# Messages related to attribute release consent.
-
-idp.attribute-release.revoke					   = Clear prior granting of permission for release of your information to this service.
-
-idp.attribute-release.title                        = Information Release
-
-idp.attribute-release.attributesHeader             = Information to be Provided to Service
-
-idp.attribute-release.serviceNameLabel             = You are about to access the service:
-idp.attribute-release.of                           = of
-idp.attribute-release.serviceDescriptionLabel      = Description as provided by this service:
-
-idp.attribute-release.informationURLLabel          = Additional information about the service
-idp.attribute-release.privacyStatementURLLabel     = Data privacy information of the service
-
-idp.attribute-release.showDetails                  = show details
-
-idp.attribute-release.accept                       = Accept
-idp.attribute-release.reject                       = Reject
-
-idp.attribute-release.confirmationQuestion         = The information above would be shared with the service if you proceed. \
-                                                     Do you agree to release this information to the service every time you access it?
-
-idp.attribute-release.consentMethod                = Select an information release consent duration:
-idp.attribute-release.consentMethodRevoke          = This setting can be revoked at any time with the checkbox on the login page.
-
-idp.attribute-release.doNotRememberConsent         = Ask me again at next login
-idp.attribute-release.doNotRememberConsentItem     = I agree to send my information this time.
-
-idp.attribute-release.rememberConsent              = Ask me again if information to be provided to this service changes
-idp.attribute-release.rememberConsentItem          = I agree that the same information will be sent automatically to this service in the future.
-
-idp.attribute-release.globalConsent                = Do not ask me again
-idp.attribute-release.globalConsentItem            = I agree that <strong>all</strong> of my information will be released to <strong>any</strong> service.
diff --git a/messages/error-messages.properties b/messages/error-messages.properties
deleted file mode 100644
index 4f93680..0000000
--- a/messages/error-messages.properties
+++ /dev/null
@@ -1,119 +0,0 @@
-# In addition to the Apache 2.0 license, this content is also licensed
-# under the Creative Commons Attribution-ShareAlike 3.0 Unported license
-# (see http://creativecommons.org/licenses/by-sa/3.0/). 
-
-# Title / Message mappings for error view
-
-# General strings
-idp.title = Web Login Service
-idp.title.suffix = Error
-idp.logo = /images/dummylogo.png
-idp.logo.alt-text = Replace or remove this logo
-idp.message = An unidentified error occurred.
-idp.footer = Insert your footer text here.
-
-idp.client-storage-read.title = Loading Session State...
-idp.client-storage-write.title = Saving Session State...
-idp.client-storage.no-js = Since your browser does not support JavaScript, \
-                            you must press the Continue button once to proceed.
-
-# Event to error key mappings
-
-AccessDenied = access
-ContextCheckDenied = context-check-denied
-EndpointResolutionFailed = endpoint
-InvalidProfileConfiguration = relying-party
-InvalidSecurityConfiguration = security-cfg
-MessageAuthenticationError = security-msg
-MessageReplay = stale
-MessageExpired = stale
-UnableToDecode = stale
-AccountError = authn
-AuthenticationException = authn
-InvalidCredentials = authn
-NoCredentials = authn
-NoPotentialFlow = authn
-RequestUnsupported = authn
-SubjectCanonicalizationError = authn
-InvalidAttributeContext = unexpected
-InvalidAuthenticationContext = unexpected
-InvalidSubjectContext = unexpected
-InvalidSubjectCanonicalizationContext = unexpected
-InvalidMessageContext = unexpected
-InvalidMessageVersion = unexpected
-InvalidProfileContext = unexpected
-InvalidRelyingPartyContext = unexpected
-InvalidRelyingPartyConfiguration = unexpected
-MessageProcessingError = unexpected
-UnableToEncode = unexpected
-UnableToSign = unexpected
-UnableToEncrypt = unexpected
-AttributeReleaseRejected = no-release
-TermsRejected = no-terms
-RuntimeException = runtime-error
-
-# Exception to error key mappings
-
-FlowExecutionRestorationFailureException = stale
-
-# Error key to title and message mappings
-
-access.title = Access Denied
-access.message = You do not have access to the requested resource.
-
-context-check-denied.title = Access Denied
-context-check-denied.message = You are not eligible for the service requested.
-
-no-release.title = Release of Information Prevented
-no-release.message = At your request, the release of your information has been blocked. If you wish to \
-                      change your decision, you may access the service again and approve the release in the \
-                      future.
-
-no-terms.title = Terms of Use Refused
-no-terms.message = Having refused the mandatory Terms of Use, access to the service is not permitted. \
-                    If you wish to change your decision, you may access the service again and approve  \
-                    the terms in the future. 
-
-authn.title = Login Failed
-authn.message = User login was not successful or could not meet the requirements of the requesting application.
-
-endpoint.title = Unable to Respond
-endpoint.message = The login service was unable to identify a compatible way to respond to the requested \
-                    application. This is generally to due to a misconfiguration on the part of the application \
-                    and should be reported to the application's support team or owner.
-
-relying-party.title = Unsupported Request
-relying-party.message = The application you have accessed is not registered for use with this service.
-
-security-cfg.title = Security Configuration Error
-security-cfg.message = The login service and the requested application do not share a compatible \
-                        security configuration, and the request cannot be fulfilled.
-
-security-msg.title = Message Security Error
-security-msg.message = The request cannot be fulfilled because the message received does not meet the \
-                        security requirements of the login service.
-
-stale.title = Stale Request
-stale.message = <p>You may be seeing this page because you used the Back button while browsing a \
-                 secure web site or application. Alternatively, you may have mistakenly bookmarked \
-                 the web login form instead of the actual web site you wanted to bookmark or used a \
-                 link created by somebody else who made the same mistake.</p> \
-                 <br/> \
-                 <p>Left unchecked, this can cause errors on some browsers or result in you returning to \
-                 the web site you tried to leave, so this page is presented instead.</p>
-
-unexpected.title = Unexpected Error
-unexpected.message = An unexpected error was encountered, usually reflecting a configuration or software error.
-
-runtime-error.title = Uncaught Exception
-runtime-error.message = <p>A software error was encountered that prevents normal operation:</p><br/> \
-                         <p><strong>#if($exception)$encoder.encodeForHTML($exception.toString())#else$encoder.encodeForHTML($flowExecutionException.getCause().toString())#end</strong></p><br/> \
-                         <p>Please report this problem to your Help Desk or administrative staff. It has \
-                         also been logged for an administrator to review.</p>
-
-error.title = Error
-error.message = An error occurred: $eventId
-
-root.title = Shibboleth IdP
-root.message = No services are available at this location.
-root.footer = Insert your footer text here.
diff --git a/messages/messages.properties b/messages/messages.properties
new file mode 100644
index 0000000..c37a53c
--- /dev/null
+++ b/messages/messages.properties
@@ -0,0 +1,240 @@
+# You can define message properties here to override messages defined in
+# system/messages/ or to add your own messages.
+
+
+# Login / Logout messages
+idp.login.loginTo = Login to
+
+idp.login.username = Username
+idp.login.password = Password
+
+idp.login.donotcache = Don't Remember Login
+idp.login.login = Login
+idp.login.pleasewait = Logging in, please wait...
+idp.login.forgotPassword = Forgot your password?
+idp.login.needHelp = Need Help?
+# Expiring password example messages
+idp.login.expiringSoon = Your password will be expiring soon!
+idp.login.changePassword = To create a new password now, go to
+idp.login.proceedBegin = Your login will proceed in 20 seconds or you may click
+idp.login.proceedHere = here
+idp.login.proceedEnd = to continue
+# Useful links
+idp.url.password.reset = #
+idp.url.helpdesk = #
+# User Preferences example messages
+idp.userprefs.title = Web Login Service
+idp.userprefs.title.suffice = Login Preferences
+idp.userprefs.info = This page allows you to configure your device to tell the Web Login Service that it \
+                        can use more advanced login approaches that are more convenient, but not always usable.
+idp.userprefs.options = The following options are available:
+idp.userprefs.spnego = Automatically try desktop login when available.
+idp.userprefs.no-js = This feature requires Javascript.
+# Classified Login Error messages
+UnknownUsername = bad-username
+InvalidPassword = bad-password
+ExpiredPassword = expired-password
+AccountLocked = account-locked
+SPNEGONotAvailable = spnego-unavailable
+NTLMUnsupported = ntlm
+bad-username.message = The username you entered cannot be identified.
+bad-password.message = The password you entered was incorrect.
+expired-password.message = Your password has expired.
+account-locked.message = Your account is locked.
+spnego-unavailable.message = Your web browser doesn't support authentication with your desktop login credentials.
+spnego-unavailable.return = Cancel the attempt.
+ntlm.message = Your web browser attempted to negotiate a weaker form of desktop authentication.
+
+# Logout-related messages
+idp.logout.ask = Would you like to attempt to log out of all services accessed during your session? \
+                    Please select <strong>Yes</strong> or <strong>No</strong> to ensure the logout \
+                    operation completes, or wait a few seconds for Yes.
+idp.logout.contactServices = If you proceed, the system will attempt to contact the following services:
+idp.logout.complete = The logout operation is complete, and no other services appear to have been accessed during this session.
+idp.logout.local = You elected not to log out of all the applications accessed during your session.
+idp.logout.attempt = Attempting to log out of the following services:
+
+
+# General messages related to terms of use consent.
+
+idp.terms-of-use.accept     = I accept the terms of use
+idp.terms-of-use.submit     = Submit
+idp.terms-of-use.reject     = Refuse
+idp.terms-of-use.required   = Please check this box if you want to proceed.
+
+# Triples consisting of a TOU key, and a title and text for each set of terms.
+# The default implementation uses the SP name as the key, but this can be overriden.
+
+https\://sp.example.org = example-tou-1
+example-tou-1.title = Example Terms of Use
+example-tou-1.text	= <em>*** This is an example ToU - tailor due to your needs ***</em> \
+                        <p>Example organization AAI services: Terms of Use (ToU)</p> \
+                        <strong>A. Data Protection Sample Clause</strong> \
+                        <p> \
+                        "The End User notes that personal data about the End User is compiled from generally \
+                        available sources and from communications received from the End User and other \
+                        Universities as well as from off-site sources. The policy relating to the use and procession \
+                        of such data is posted on the University website at [...]. Such data will be used, inter alia, \
+                        to authenticate and authorize the access to and use of various resources within \
+                        the University and on other sites ("Approved Uses"). The End User hereby consents to \
+                        the collection, processing, use and release of such data to the extent reasonably necessary \
+                        for the Approved Uses. Such consent includes, but is not limited to, the release \
+                        of personal data to other institutions by employing cookies and electronically exchanging, \
+                        caching and storing personal authorization attributes." \
+                        </p> \
+                        <strong>B. Limitation of Liability</strong> \
+                        <p> \
+                        "To the extent permitted by the applicable law, the End User hereby waives all and any \
+                        claims for cost and damages, whether direct or indirect, incidental, or consequential(including, \
+                        inter alia, loss of use and lost profits), both in contract and in tort, arising from \
+                        the use or in any way related to the inter-organizational authentication and authorization \
+                        services which allow the End User to access certain resources of other organizations. \
+                        This waiver of claims shall be valid and effective in relation to all participants of \
+                        the inter-organizational authentication and authorization services including the AAI \
+                        Service Provider and its affiliates, officers, employees and agents." \
+                        </p>
+
+# Messages related to attribute release consent.
+
+idp.attribute-release.revoke					   = Clear prior granting of permission for release of your information to this service.
+
+idp.attribute-release.title                        = Information Release
+
+idp.attribute-release.attributesHeader             = Information to be Provided to Service
+
+idp.attribute-release.serviceNameLabel             = You are about to access the service:
+idp.attribute-release.of                           = of
+idp.attribute-release.serviceDescriptionLabel      = Description as provided by this service:
+
+idp.attribute-release.informationURLLabel          = Additional information about the service
+idp.attribute-release.privacyStatementURLLabel     = Data privacy information of the service
+
+idp.attribute-release.showDetails                  = show details
+
+idp.attribute-release.accept                       = Accept
+idp.attribute-release.reject                       = Reject
+
+idp.attribute-release.confirmationQuestion         = The information above would be shared with the service if you proceed. \
+                                                     Do you agree to release this information to the service every time you access it?
+
+idp.attribute-release.consentMethod                = Select an information release consent duration:
+idp.attribute-release.consentMethodRevoke          = This setting can be revoked at any time with the checkbox on the login page.
+
+idp.attribute-release.doNotRememberConsent         = Ask me again at next login
+idp.attribute-release.doNotRememberConsentItem     = I agree to send my information this time.
+
+idp.attribute-release.rememberConsent              = Ask me again if information to be provided to this service changes
+idp.attribute-release.rememberConsentItem          = I agree that the same information will be sent automatically to this service in the future.
+
+idp.attribute-release.globalConsent                = Do not ask me again
+idp.attribute-release.globalConsentItem            = I agree that <strong>all</strong> of my information will be released to <strong>any</strong> service.
+
+
+# Title / Message mappings for error view
+
+# General strings
+idp.title = Web Login Service
+idp.title.suffix = Error
+idp.logo = /images/dummylogo.png
+idp.logo.alt-text = Replace or remove this logo
+idp.message = An unidentified error occurred.
+idp.footer = Insert your footer text here.
+
+idp.client-storage-read.title = Loading Session State...
+idp.client-storage-write.title = Saving Session State...
+idp.client-storage.no-js = Since your browser does not support JavaScript, \
+                            you must press the Continue button once to proceed.
+
+# Event to error key mappings
+
+AccessDenied = access
+ContextCheckDenied = context-check-denied
+EndpointResolutionFailed = endpoint
+InvalidProfileConfiguration = relying-party
+InvalidSecurityConfiguration = security-cfg
+MessageAuthenticationError = security-msg
+MessageReplay = stale
+MessageExpired = stale
+UnableToDecode = stale
+AccountError = authn
+AuthenticationException = authn
+InvalidCredentials = authn
+NoCredentials = authn
+NoPotentialFlow = authn
+RequestUnsupported = authn
+SubjectCanonicalizationError = authn
+InvalidAttributeContext = unexpected
+InvalidAuthenticationContext = unexpected
+InvalidSubjectContext = unexpected
+InvalidSubjectCanonicalizationContext = unexpected
+InvalidMessageContext = unexpected
+InvalidMessageVersion = unexpected
+InvalidProfileContext = unexpected
+InvalidRelyingPartyContext = unexpected
+InvalidRelyingPartyConfiguration = unexpected
+MessageProcessingError = unexpected
+UnableToEncode = unexpected
+UnableToSign = unexpected
+UnableToEncrypt = unexpected
+AttributeReleaseRejected = no-release
+TermsRejected = no-terms
+RuntimeException = runtime-error
+
+# Exception to error key mappings
+
+FlowExecutionRestorationFailureException = stale
+
+# Error key to title and message mappings
+
+access.title = Access Denied
+access.message = You do not have access to the requested resource.
+
+context-check-denied.title = Access Denied
+context-check-denied.message = You are not eligible for the service requested.
+
+no-release.title = Release of Information Prevented
+no-release.message = At your request, the release of your information has been blocked. If you wish to \
+                      change your decision, you may access the service again and approve the release in the \
+                      future.
+
+no-terms.title = Terms of Use Refused
+no-terms.message = Having refused the mandatory Terms of Use, access to the service is not permitted. \
+                    If you wish to change your decision, you may access the service again and approve  \
+                    the terms in the future. 
+
+authn.title = Login Failed
+authn.message = User login was not successful or could not meet the requirements of the requesting application.
+
+endpoint.title = Unable to Respond
+endpoint.message = The login service was unable to identify a compatible way to respond to the requested \
+                    application. This is generally to due to a misconfiguration on the part of the application \
+                    and should be reported to the application's support team or owner.
+relying-party.title = Unsupported Request
+relying-party.message = The application you have accessed is not registered for use with this service.
+security-cfg.title = Security Configuration Error
+security-cfg.message = The login service and the requested application do not share a compatible \
+                        security configuration, and the request cannot be fulfilled.
+security-msg.title = Message Security Error
+security-msg.message = The request cannot be fulfilled because the message received does not meet the \
+                        security requirements of the login service.
+stale.title = Stale Request
+stale.message = <p>You may be seeing this page because you used the Back button while browsing a \
+                 secure web site or application. Alternatively, you may have mistakenly bookmarked \
+                 the web login form instead of the actual web site you wanted to bookmark or used a \
+                 link created by somebody else who made the same mistake.</p> \
+                 <br/> \
+                 <p>Left unchecked, this can cause errors on some browsers or result in you returning to \
+                 the web site you tried to leave, so this page is presented instead.</p>
+unexpected.title = Unexpected Error
+unexpected.message = An unexpected error was encountered, usually reflecting a configuration or software error.
+runtime-error.title = Uncaught Exception
+runtime-error.message = <p>A software error was encountered that prevents normal operation:</p><br/> \
+                         <p><strong>#if($exception)$encoder.encodeForHTML($exception.toString())#else$encoder.encodeForHTML($flowExecutionException.getCause().toString())#end</strong></p><br/> \
+                         <p>Please report this problem to your Help Desk or administrative staff. It has \
+                         also been logged for an administrator to review.</p>
+error.title = Error
+error.message = An error occurred: $eventId
+root.title = Shibboleth IdP
+root.message = No services are available at this location.
+root.footer = Insert your footer text here.
+
diff --git a/views/client-storage/client-storage-read.vm b/views/client-storage/client-storage-read.vm
new file mode 100644
index 0000000..1993c14
--- /dev/null
+++ b/views/client-storage/client-storage-read.vm
@@ -0,0 +1,53 @@
+##
+## Velocity template to read from local storage.
+##
+## Velocity context will contain the following properties
+## flowExecutionUrl - the form action location
+## flowRequestContext - the Spring Web Flow RequestContext
+## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl)
+## profileRequestContext - root of context tree
+## loadContext - context with details about the storage keys to load
+## encoder - HTMLEncoder class
+## request - HttpServletRequest
+## response - HttpServletResponse
+## environment - Spring Environment object for property resolution
+#set ($title = $springMacroRequestContext.getMessage("idp.title", "Web Login Service"))
+#set ($titleSuffix = $springMacroRequestContext.getMessage("idp.client-storage-read.suffix", "Loading Session Information"))
+##
+<!DOCTYPE html>
+<html>
+    <head>
+        <meta charset="utf-8" />
+        <meta name="viewport" content="width=device-width,initial-scale=1.0">
+        <title>$title - $titleSuffix</title>
+        <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
+        <script>
+        <!--
+        #include( "client-storage/local-storage-read.js" )
+        // -->
+        </script>
+    </head>
+    <body onload="doLoad()">
+        <div class="wrapper">
+            <div class="container">
+                <header>
+                    <h3>$title - $titleSuffix</h3>
+                </header>
+                <div class="content">
+                $springMacroRequestContext.getMessage("idp.client-storage-read.text", "Loading login session information from the browser...")
+                </div>
+                <noscript>
+                    <div class="content">
+                    $springMacroRequestContext.getMessage("idp.client-storage.no-js", "Since your browser does not support JavaScript, you must press the Continue button once to proceed.")
+                    </div>
+                </noscript>
+                #parse( "client-storage/read.vm" )
+            </div>
+            <footer>
+                <div class="container container-footer">
+                    <p class="footer-text">#springMessageText("idp.footer", "Insert your footer text here.")</p>
+                </div>
+            </footer>
+        </div>
+    </body>
+</html>
diff --git a/views/client-storage/client-storage-write.vm b/views/client-storage/client-storage-write.vm
new file mode 100644
index 0000000..4b92d6b
--- /dev/null
+++ b/views/client-storage/client-storage-write.vm
@@ -0,0 +1,53 @@
+##
+## Velocity template to write to local storage.
+##
+## Velocity context will contain the following properties
+## flowExecutionUrl - the form action location
+## flowRequestContext - the Spring Web Flow RequestContext
+## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl)
+## profileRequestContext - root of context tree
+## saveContext - context with details about the storage data to save
+## encoder - HTMLEncoder class
+## request - HttpServletRequest
+## response - HttpServletResponse
+## environment - Spring Environment object for property resolution
+#set ($title = $springMacroRequestContext.getMessage("idp.title", "Web Login Service"))
+#set ($titleSuffix = $springMacroRequestContext.getMessage("idp.client-storage-write.suffix", "Saving Session Information..."))
+##
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+    <head>
+        <meta charset="utf-8" />
+        <meta name="viewport" content="width=device-width,initial-scale=1.0">
+        <title>$title - $titleSuffix</title>
+        <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
+        <script>
+        <!--
+        #include( "client-storage/local-storage-write.js" )
+        // -->
+        </script>
+    </head>
+    <body onload="doSave()">
+        <div class="wrapper">
+            <div class="container">
+                <header>
+                    <h3>$title - $titleSuffix</h3>
+                </header>
+                <div class="content">
+                $springMacroRequestContext.getMessage("idp.client-storage-write.text", "Saving login session information to the browser...")
+                </div>
+                <noscript>
+                    <div class="content">
+                    $springMacroRequestContext.getMessage("idp.client-storage.no-js", "Since your browser does not support JavaScript, you must press the Continue button once to proceed.")
+                    </div>
+                </noscript>
+                #parse( "client-storage/write.vm" )
+            </div>
+            <footer>
+                <div class="container container-footer">
+                    <p class="footer-text">#springMessageText("idp.footer", "Insert your footer text here.")</p>
+                </div>
+            </footer>
+        </div>
+    </body>
+</html>
\ No newline at end of file
diff --git a/views/duo.vm b/views/duo.vm
new file mode 100644
index 0000000..cf4f96a
--- /dev/null
+++ b/views/duo.vm
@@ -0,0 +1,83 @@
+##
+## Velocity Template for Duo login view-state
+##
+## Velocity context will contain the following properties
+## flowExecutionUrl - the form action location
+## flowRequestContext - the Spring Web Flow RequestContext
+## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl)
+## profileRequestContext - root of context tree
+## authenticationContext - context with authentication request information
+## rpUIContext - the context with SP UI information from the metadata
+## canonicalUsername - name of user passed to Duo
+## duoHost - API hostname for Duo frame
+## duoRequest - signed Duo request message
+## duoScriptPath - path to Duo JavaScript source
+## encoder - HTMLEncoder class
+## request - HttpServletRequest
+## response - HttpServletResponse
+## environment - Spring Environment object for property resolution
+## custom - arbitrary object injected by deployer
+##
+<!DOCTYPE html>
+<html>
+<head>
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>#springMessageText("idp.title", "Web Login Service")</title>
+    <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
+    <style>
+      #duo_iframe {
+        width: 100%;
+        min-width: 304px;
+        max-width: 620px;
+        height: 330px;
+      }
+    </style>
+</head>
+<body>
+    <div class="wrapper">
+      <div class="container">
+        <header>
+          <img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")">
+        </header>
+
+        <div class="content">
+          <div class="column one">
+          
+            <h3>#springMessageText("idp.login.duoRequired", "Authentication with Duo is required for the requested service.")</h3>
+
+            <noscript>#springMessageText("idp.login.duoNoScript", "The Duo service requires JavaScript.")</noscript>          
+            <script src="$request.getContextPath()$duoScriptPath"></script>
+            <iframe id="duo_iframe"
+                data-host="$duoHost"
+                data-sig-request="$duoRequest"
+                data-post-action="$flowExecutionUrl"
+                frameborder="0"
+            >
+            </iframe>
+            <form id="duo_form" method="post">
+                <input type="hidden" name="_eventId" value="proceed" />
+
+            </form>
+            
+            <h3 style="text-align: center">
+                <a href="$flowExecutionUrl&_eventId=cancel">#springMessageText("idp.login.duoCancel", "Cancel this Request")</a>
+            </h3>
+          </div>
+          <div class="column two">
+            <ul class="list list-help">
+              <li class="list-help-item"><a href="#springMessageText("idp.url.helpdesk", "#")"><span class="item-marker">&rsaquo;</span> #springMessageText("idp.login.needHelp", "Need Help?")</a></li>
+            </ul>
+          </div>
+        </div>
+      </div>
+
+      <footer>
+        <div class="container container-footer">
+          <p class="footer-text">#springMessageText("idp.footer", "Insert your footer text here.")</p>
+        </div>
+      </footer>
+    </div>
+</body>
+</html>
diff --git a/views/error.vm b/views/error.vm
index fb08a82..c595175 100644
--- a/views/error.vm
+++ b/views/error.vm
@@ -41,13 +41,14 @@
 ##
 <!DOCTYPE html>
 <html>
-  	<head>
-    	<meta charset="utf-8">
-    	<title>$title - $titleSuffix</title>
-    	<link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
-  	</head>
+    <head>
+        <meta charset="utf-8">
+        <meta name="viewport" content="width=device-width,initial-scale=1.0">
+        <title>$title - $titleSuffix</title>
+        <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
+    </head>
   	
-  	<body>
+    <body>
     <div class="wrapper">
     	<div class="container">
         	<header>
diff --git a/views/intercept/attribute-release.vm b/views/intercept/attribute-release.vm
index 9c8b614..0b74551 100644
--- a/views/intercept/attribute-release.vm
+++ b/views/intercept/attribute-release.vm
@@ -22,6 +22,7 @@
 #set ($privacyStatementURL = $rpUIContext.privacyStatementURL)
 #set ($rpOrganizationLogo = $rpUIContext.getLogo())
 #set ($rpOrganizationName = $rpUIContext.organizationName)
+#set ($replaceDollarWithNewline = true)
 ##
 <!DOCTYPE html>
 <html>
@@ -76,7 +77,16 @@
                                     <td>$encoder.encodeForHTML($attributeDisplayNameFunction.apply($attribute))</td>
                                     <td>
                                         #foreach ($value in $attribute.values)
-                                            <strong>$encoder.encodeForHTML($value.getDisplayValue())</strong>
+                                            #if ($replaceDollarWithNewline)
+                                                #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue()).replaceAll($encoder.encodeForHTML("$"),"<br>"))
+                                            #else
+                                                #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue()))
+                                            #end
+                                            #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled)
+                                                <label for="$attribute.id"><strong>$encodedValue</strong></label>
+                                            #else
+                                                <strong>$encodedValue</strong>
+                                            #end
                                             <br>
                                         #end
                                     </td>
@@ -109,7 +119,7 @@
                     #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed)
                         <p>
                             <input id="_shib_idp_doNotRememberConsent" type="radio" name="_shib_idp_consentOptions" value="_shib_idp_doNotRememberConsent">
-                            #springMessageText("idp.attribute-release.doNotRememberConsent", "Ask me again at next login")
+                            <label for="_shib_idp_doNotRememberConsent">#springMessageText("idp.attribute-release.doNotRememberConsent", "Ask me again at next login")</label>
                             <ul>
                                 <li>#springMessageText("idp.attribute-release.doNotRememberConsentItem", "I agree to send my information this time.")</li>
                             </ul>
@@ -118,7 +128,7 @@
                     #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed)
                         <p>
                             <input id="_shib_idp_rememberConsent" type="radio" name="_shib_idp_consentOptions" value="_shib_idp_rememberConsent" checked>
-                            #springMessageText("idp.attribute-release.rememberConsent", "Ask me again if information changes")
+                            <label for="_shib_idp_rememberConsent">#springMessageText("idp.attribute-release.rememberConsent", "Ask me again if information changes")</label>
                             <ul>
                                 <li>#springMessageText("idp.attribute-release.rememberConsentItem", "I agree that the same information will be sent automatically to this service in the future.")</li>
                             </ul>
@@ -127,7 +137,7 @@
                     #if ($attributeReleaseFlowDescriptor.globalConsentAllowed)
                         <p>
                             <input id="_shib_idp_globalConsent" type="radio" name="_shib_idp_consentOptions" value="_shib_idp_globalConsent">
-                            #springMessageText("idp.attribute-release.globalConsent", "Do not ask me again")
+                            <label for="_shib_idp_globalConsent">#springMessageText("idp.attribute-release.globalConsent", "Do not ask me again")</label>
                             <ul>
                                 <li>#springMessageText("idp.attribute-release.globalConsentItem", "I agree that <strong>all</strong> of my information will be released to <strong>any</strong> service.")</li>
                             </ul>
diff --git a/views/expiring-password.vm b/views/intercept/expiring-password.vm
similarity index 96%
rename from views/expiring-password.vm
rename to views/intercept/expiring-password.vm
index 0cb9d90..4395844 100644
--- a/views/expiring-password.vm
+++ b/views/intercept/expiring-password.vm
@@ -20,6 +20,7 @@
 <html>
     <head>
         <meta charset="utf-8">
+        <meta name="viewport" content="width=device-width,initial-scale=1.0">
         <title>#springMessageText("idp.title", "Web Login Service")</title>
         <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
         <meta http-equiv="refresh" content="20;url=$flowExecutionUrl&_eventId_proceed=1">
diff --git a/views/login.vm b/views/login.vm
index a623db5..c421a99 100644
--- a/views/login.vm
+++ b/views/login.vm
@@ -28,12 +28,13 @@
 ##
 <!DOCTYPE html>
 <html>
-  	<head>
-    	<meta charset="utf-8">
-    	<title>#springMessageText("idp.title", "Web Login Service")</title>
-    	<link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
-  	</head>
-  	<body>
+    <head>
+        <meta charset="utf-8">
+        <meta name="viewport" content="width=device-width,initial-scale=1.0">
+        <title>#springMessageText("idp.title", "Web Login Service")</title>
+        <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
+    </head>
+    <body>
     <div class="wrapper">
       <div class="container">
         <header>
@@ -66,13 +67,14 @@
               </div>
 
               <div class="form-element-wrapper">
-                <input type="checkbox" name="donotcache" value="1"> #springMessageText("idp.login.donotcache", "Don't Remember Login")
-              </div>
+                <input type="checkbox" name="donotcache" value="1" id="donotcache">
+                <label for="donotcache">#springMessageText("idp.login.donotcache", "Don't Remember Login")</label>
+               </div>
             #end
 
               <div class="form-element-wrapper">
                 <input id="_shib_idp_revokeConsent" type="checkbox" name="_shib_idp_revokeConsent" value="true">
-                #springMessageText("idp.attribute-release.revoke", "Clear prior granting of permission for release of your information to this service.")
+                <label for="_shib_idp_revokeConsent">#springMessageText("idp.attribute-release.revoke", "Clear prior granting of permission for release of your information to this service.")</label>
               </div>
 
             #if ($passwordEnabled)
diff --git a/views/logout-complete.vm b/views/logout-complete.vm
index 4bf0a62..d780252 100644
--- a/views/logout-complete.vm
+++ b/views/logout-complete.vm
@@ -16,13 +16,14 @@
 ##
 <!DOCTYPE html>
 <html>
-  	<head>
+    <head>
         <meta charset="utf-8">
+        <meta name="viewport" content="width=device-width,initial-scale=1.0">
         <title>#springMessageText("idp.title", "Web Login Service")</title>
         <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
-  	</head>
+    </head>
 
-  	<body>
+    <body>
     <div class="wrapper">
       <div class="container">
         <header>
@@ -44,7 +45,7 @@
 
       <!-- If SAML logout, complete the flow by adding a hidden iframe. -->
       #if ( $profileRequestContext.getProfileId().contains("saml2/logout") )
-          <iframe style="display:none" src="$flowExecutionUrl&_eventId=proceed">
+          <iframe style="display:none" src="$flowExecutionUrl&_eventId=proceed"></iframe>
       #end
 
       <footer>
diff --git a/views/logout-propagate.vm b/views/logout-propagate.vm
index d9931cf..86b3fa1 100644
--- a/views/logout-propagate.vm
+++ b/views/logout-propagate.vm
@@ -18,14 +18,15 @@
 ##
 <!DOCTYPE html>
 <html>
-  	<head>
+    <head>
         <meta charset="utf-8">
+        <meta name="viewport" content="width=device-width,initial-scale=1.0">
         <title>#springMessageText("idp.title", "Web Login Service")</title>
         <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
         <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/logout.css">
-  	</head>
+    </head>
 
-  	<body>
+    <body>
     <div class="wrapper">
       <div class="container">
         <header>
diff --git a/views/logout.vm b/views/logout.vm
index 50eb283..2342855 100644
--- a/views/logout.vm
+++ b/views/logout.vm
@@ -16,16 +16,17 @@
 ##
 <!DOCTYPE html>
 <html>
-  	<head>
+    <head>
         <meta charset="utf-8">
+        <meta name="viewport" content="width=device-width,initial-scale=1.0">
         #if ( $logoutContext and !$logoutContext.getSessionMap().isEmpty() )
             <meta http-equiv="refresh" content="10;url=$flowExecutionUrl&_eventId=propagate">
         #end
         <title>#springMessageText("idp.title", "Web Login Service")</title>
         <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
-  	</head>
+    </head>
 
-  	<body>
+    <body>
     <div class="wrapper">
       <div class="container">
         <header>
@@ -65,10 +66,8 @@
                 </ol>
             #else
                 <p><strong>#springMessageText("idp.logout.complete", "The logout operation is complete, and no other services appear to have been accessed during this session.")</strong></p>
-                <!-- If SAML logout with no extra work to do, complete the flow by adding a hidden iframe. -->
-                #if ( $profileRequestContext.getProfileId().contains("saml2/logout") )
-                    <iframe style="display:none" src="$flowExecutionUrl&_eventId=proceed">
-                #end
+                <!-- Complete the flow by adding a hidden iframe. -->
+                <iframe style="display:none" src="$flowExecutionUrl&_eventId=proceed"></iframe>
             #end
 
           </div>
diff --git a/views/resolvertest.vm b/views/resolvertest.vm
deleted file mode 100644
index bcd994a..0000000
--- a/views/resolvertest.vm
+++ /dev/null
@@ -1,47 +0,0 @@
-##
-## Velocity Template for Status Reporting flow
-##
-## Velocity context will contain the following properties
-## flowRequestContext - the Spring Web Flow RequestContext
-## request - HttpServletRequest
-## response - HttpServletResponse
-## profileRequestContext
-## attributeContext
-## XMLObjectSupport
-## SerializeSupport
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-#if ($flowRequestContext.getCurrentEvent() and !$flowRequestContext.getCurrentEvent().getId().equals("proceed"))
-    { "error": "$flowRequestContext.getCurrentEvent().getId()" }
-    $response.setContentType("application/json")
-    #stop
-#end
-#if ($profileRequestContext.getOutboundMessageContext() and $profileRequestContext.getOutboundMessageContext().getMessage())
-$SerializeSupport.prettyPrintXML($XMLObjectSupport.marshall($profileRequestContext.getOutboundMessageContext().getMessage()))
-    $response.setContentType("text/xml")
-    #stop
-#end 
-
-{
-"requester": "$profileRequestContext.getInboundMessageContext().getMessage().getRequesterId()",
-"principal": "$profileRequestContext.getInboundMessageContext().getMessage().getPrincipal()",
-"attributes": [
-
-#foreach ($attribute in $attributeContext.getIdPAttributes())
-
-  {
-    "name": "$attribute.getId()",
-    "values": [
-      #foreach ($value in $attribute.getValues())
-        "$value.toString().replace('"','\"')"#if( $foreach.hasNext ),#end
-      #end
-    ]
-  }#if( $foreach.hasNext ),#end
-  
-#end
-
-]
-}
-
-$response.setContentType("application/json")
diff --git a/views/spnego-unavailable.vm b/views/spnego-unavailable.vm
index a1d479d..3673f02 100644
--- a/views/spnego-unavailable.vm
+++ b/views/spnego-unavailable.vm
@@ -16,6 +16,7 @@
 <html>
   <head>
     <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width,initial-scale=1.0">
     <title>#springMessageText("idp.title", "Web Login Sevice") - #springMessageText("${eventKey}.title", "Error")</title>
     <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
   </head>
diff --git a/views/user-prefs.vm b/views/user-prefs.vm
index 1eb74cf..8de0503 100644
--- a/views/user-prefs.vm
+++ b/views/user-prefs.vm
@@ -9,8 +9,9 @@
 ##
 <!DOCTYPE html>
 <html>
-  	<head>
+    <head>
     	<meta charset="utf-8">
+    	<meta name="viewport" content="width=device-width,initial-scale=1.0">
     	<title>#springMessageText("idp.userprefs.title", "Web Login Service") - #springMessageText("idp.userprefs.title.suffix", "Login Preferences")</title>
     	<link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
     	<script language="Javascript">
@@ -18,8 +19,8 @@
     	#parse( "user-prefs.js" )
     	// -->
     	</script>
-  	</head>
-  	<body onLoad="document.getElementById('content').style.display='block'; load('spnego')">
+    </head>
+    <body onLoad="document.getElementById('content').style.display='block'; load('spnego')">
     <div class="wrapper">
       <div class="container">
         <header>