Remove old SP interfaces in www/{saml2|shib13|wsfed}/sp.origin/feature/interface-cleanup

12 files changed, 0 insertions, 1190 deletions

diff --git a/www/saml2/sp/AssertionConsumerService.php b/www/saml2/sp/AssertionConsumerService.php
deleted file mode 100644
index 1f34126..0000000
--- a/www/saml2/sp/AssertionConsumerService.php
+++ /dev/null
@@ -1,184 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../../_include.php');
-
-/**
- * This SAML 2.0 endpoint is the endpoint at the SAML 2.0 SP that takes an Authentication Response
- * as HTTP-POST in, and parses and processes it before it redirects the use to the RelayState.
- *
- * @author Andreas Aakre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
- * @package simpleSAMLphp
- * @abstract
- */
-
-$config = SimpleSAML_Configuration::getInstance();
-
-SimpleSAML_Logger::warning('The file saml2/sp/AssertionConsumerService.php is deprecated and will be removed in future versions.');
-
-/* Get the session object for the user. Create a new session if no session
- * exists for this user.
- */
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-
-/**
- * Finish login operation.
- *
- * This helper function finishes a login operation and redirects the user back to the page which
- * requested the login.
- *
- * @param array $authProcState  The state of the authentication process.
- */
-function finishLogin($authProcState) {
-	assert('is_array($authProcState)');
-	assert('array_key_exists("Attributes", $authProcState)');
-	assert('array_key_exists("core:saml20-sp:NameID", $authProcState)');
-	assert('array_key_exists("core:saml20-sp:SessionIndex", $authProcState)');
-	assert('array_key_exists("core:saml20-sp:TargetURL", $authProcState)');
-	assert('array_key_exists("Source", $authProcState)');
-	assert('array_key_exists("entityid", $authProcState["Source"])');
-
-	$authData = array(
-		'Attributes' => $authProcState['Attributes'],
-		'saml:sp:NameID' => $authProcState['core:saml20-sp:NameID'],
-		'saml:sp:SessionIndex' => $authProcState['core:saml20-sp:SessionIndex'],
-		'saml:sp:IdP' => $authProcState['Source']['entityid'],
-	);
-
-	global $session;
-	$session->doLogin('saml2', $authData);
-
-	SimpleSAML_Utilities::redirectTrustedURL($authProcState['core:saml20-sp:TargetURL']);
-}
-
-SimpleSAML_Logger::info('SAML2.0 - SP.AssertionConsumerService: Accessing SAML 2.0 SP endpoint AssertionConsumerService');
-
-if (!$config->getBoolean('enable.saml20-sp', TRUE))
-	throw new SimpleSAML_Error_Error('NOACCESS');
-
-if (array_key_exists(SimpleSAML_Auth_ProcessingChain::AUTHPARAM, $_REQUEST)) {
-	/* We have returned from the authentication processing filters. */
-
-	$authProcId = $_REQUEST[SimpleSAML_Auth_ProcessingChain::AUTHPARAM];
-
-	// sanitize the input
-	$sid = SimpleSAML_Utilities::parseStateID($authProcId);
-	if (!is_null($sid['url'])) {
-		SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-	}
-
-	$authProcState = SimpleSAML_Auth_ProcessingChain::fetchProcessedState($authProcId);
-	finishLogin($authProcState);
-}
-
-
-try {
-	$metadataHandler = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-	$sp = $metadataHandler->getMetaDataCurrentEntityID();
-	$spMetadata = $metadataHandler->getMetaDataConfig($sp, 'saml20-sp-hosted');
-
-	$b = SAML2_Binding::getCurrentBinding();
-	if ($b instanceof SAML2_HTTPArtifact) {
-		$b->setSPMetadata($spMetadata);
-	}
-
-	$response = $b->receive();
-	if (!($response instanceof SAML2_Response)) {
-		throw new SimpleSAML_Error_BadRequest('Invalid message received to AssertionConsumerService endpoint.');
-	}
-
-	$idp = $response->getIssuer();
-	if ($idp === NULL) {
-		throw new Exception('Missing <saml:Issuer> in message delivered to AssertionConsumerService.');
-	}
-
-
-	$idpMetadata = $metadataHandler->getMetaDataConfig($idp, 'saml20-idp-remote');
-
-	/* Fetch the request information if it exists, fall back to RelayState if not. */
-	$requestId = $response->getInResponseTo();
-	$info = $session->getData('SAML2:SP:SSO:Info', $requestId);
-	if($info === NULL) {
-		/* Fall back to RelayState. */
-		$info = array();
-		$info['RelayState'] = SimpleSAML_Utilities::checkURLAllowed($response->getRelayState());
-		if(empty($info['RelayState'])) {
-			$info['RelayState'] = $spMetadata->getString('RelayState', NULL);
-		}
-		if(empty($info['RelayState'])) {
-			/* RelayState missing. */
-			throw new SimpleSAML_Error_Error('NORELAYSTATE');
-		}
-	}
-
-
-	try {
-		$assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response);
-		if (count($assertion) > 1) {
-			throw new SimpleSAML_Error_Exception('More than one assertion in received response.');
-		}
-		$assertion = $assertion[0];
-	} catch (sspmod_saml_Error $e) {
-		/* The status of the response wasn't "success". */
-
-		$status = $response->getStatus();
-		if(array_key_exists('OnError', $info)) {
-			/* We have an error handler. Return the error to it. */
-			SimpleSAML_Utilities::redirectTrustedURL($info['OnError'], array('StatusCode' => $status['Code']));
-		}
-
-		/* We don't have an error handler. Show an error page. */
-		throw new SimpleSAML_Error_Error('RESPONSESTATUSNOSUCCESS', $e);
-	}
-
-
-	SimpleSAML_Logger::info('SAML2.0 - SP.AssertionConsumerService: Successful response from IdP');
-
-	/*
-	 * Attribute handling
-	 */
-	$attributes = $assertion->getAttributes();
-
-	SimpleSAML_Logger::stats('saml20-sp-SSO ' . $metadataHandler->getMetaDataCurrentEntityID() . ' ' . $idp . ' NA');
-	
-
-	$nameId = $assertion->getNameId();
-
-	/* Begin module attribute processing */
-
-	$spMetadataArray = $spMetadata->toArray();
-	$idpMetadataArray = $idpMetadata->toArray();
-
-	$pc = new SimpleSAML_Auth_ProcessingChain($idpMetadataArray, $spMetadataArray, 'sp');
-
-	$authProcState = array(
-		'core:saml20-sp:NameID' => $nameId,
-		'core:saml20-sp:SessionIndex' => $assertion->getSessionIndex(),
-		'core:saml20-sp:TargetURL' => $info['RelayState'],
-		'ReturnURL' => SimpleSAML_Utilities::selfURLNoQuery(),
-		'Attributes' => $attributes,
-		'Destination' => $spMetadataArray,
-		'Source' => $idpMetadataArray,
-	);
-
-	$pc->processState($authProcState);
-	/* Since this function returns, processing has completed and attributes have
-	 * been updated.
-	 */
-
-	finishLogin($authProcState);
-
-} catch(Exception $exception) {
-	throw new SimpleSAML_Error_Error('PROCESSASSERTION', $exception);
-}
-
-
-?>
\ No newline at end of file
diff --git a/www/saml2/sp/SingleLogoutService.php b/www/saml2/sp/SingleLogoutService.php
deleted file mode 100644
index e21b65c..0000000
--- a/www/saml2/sp/SingleLogoutService.php
+++ /dev/null
@@ -1,108 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-
-SimpleSAML_Logger::warning('The file saml2/sp/SingleLogoutService.php is deprecated and will be removed in future versions.');
-
-// Get the local session
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-
-SimpleSAML_Logger::info('SAML2.0 - SP.SingleLogoutService: Accessing SAML 2.0 SP endpoint SingleLogoutService');
-
-if (!$config->getBoolean('enable.saml20-sp', TRUE))
-	throw new SimpleSAML_Error_Error('NOACCESS');
-
-
-
-// Destroy local session if exists.
-$session->doLogout('saml2');
-
-$binding = SAML2_Binding::getCurrentBinding();
-$message = $binding->receive();
-
-$idpEntityId = $message->getIssuer();
-if ($idpEntityId === NULL) {
-	/* Without an issuer we have no way to respond to the message. */
-	throw new SimpleSAML_Error_BadRequest('Received message on logout endpoint without issuer.');
-}
-
-$spEntityId = $metadata->getMetaDataCurrentEntityId('saml20-sp-hosted');
-
-$idpMetadata = $metadata->getMetaDataConfig($idpEntityId, 'saml20-idp-remote');
-$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-hosted');
-
-sspmod_saml_Message::validateMessage($idpMetadata, $spMetadata, $message);
-
-if ($message instanceof SAML2_LogoutRequest) {
-
-	try {
-		// Extract some parameters from the logout request
-		$requestid = $message->getId();
-
-		SimpleSAML_Logger::info('SAML2.0 - SP.SingleLogoutService: IdP (' . $idpEntityId .
-			') is sending logout request to me SP (' . $spEntityId . ') requestid '.$requestid);
-		SimpleSAML_Logger::stats('saml20-idp-SLO idpinit ' . $spEntityId . ' ' . $idpEntityId);
-
-		/* Create response. */
-		$lr = sspmod_saml_Message::buildLogoutResponse($spMetadata, $idpMetadata);
-		$lr->setRelayState($message->getRelayState());
-		$lr->setInResponseTo($message->getId());
-
-		SimpleSAML_Logger::info('SAML2.0 - SP.SingleLogoutService: SP me (' . $spEntityId . ') is sending logout response to IdP (' . $idpEntityId . ')');
-
-		$dst = $idpMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array(
-			SAML2_Const::BINDING_HTTP_REDIRECT,
-			SAML2_Const::BINDING_HTTP_POST)
-		);
-   
-		if (!$binding instanceof SAML2_SOAP) {
-			$binding = SAML2_Binding::getBinding($dst['Binding']);
-			if (isset($dst['ResponseLocation'])) {
-				$dst = $dst['ResponseLocation'];
-			} else {
-				$dst = $dst['Location'];
-			}
-			$binding->setDestination($dst);
-		}
-
-		/* Send response. */
-		$binding->send($lr);
-	} catch (Exception $exception) {
-		throw new SimpleSAML_Error_Error('LOGOUTREQUEST', $exception);
-	}
-
-} elseif ($message instanceof SAML2_LogoutResponse) {
-
-	SimpleSAML_Logger::stats('saml20-sp-SLO spinit ' . $spEntityId . ' ' . $idpEntityId);
-
-	$id = $message->getRelayState();
-	if (empty($id)) {
-		/* For backwardscompatibility. */
-		$id = $message->getInResponseTo();
-	}
-
-	// 'spLogoutReturnTo' is checked before storing it in the
-	// session, so we trust it here.
-	$returnTo = $session->getData('spLogoutReturnTo', $id);
-	if (empty($returnTo)) {
-		throw new SimpleSAML_Error_Error('LOGOUTINFOLOST');
-	}
-
-	SimpleSAML_Utilities::redirectTrustedURL($returnTo);
-
-} else {
-	throw new SimpleSAML_Error_Error('SLOSERVICEPARAMS');
-}
-
diff --git a/www/saml2/sp/idpdisco.php b/www/saml2/sp/idpdisco.php
deleted file mode 100644
index b7cdff3..0000000
--- a/www/saml2/sp/idpdisco.php
+++ /dev/null
@@ -1,29 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../../_include.php');
-
-SimpleSAML_Logger::warning('The file saml2/sp/idpdisco.php is deprecated and will be removed in future versions.');
-
-try {
-	$discoHandler = new SimpleSAML_XHTML_IdPDisco(array('saml20-idp-remote'), 'saml20');
-} catch (Exception $exception) {
-	/* An error here should be caused by invalid query parameters. */
-	throw new SimpleSAML_Error_Error('DISCOPARAMS', $exception);
-}
-
-try {
-	$discoHandler->handleRequest();
-} catch(Exception $exception) {
-	/* An error here should be caused by metadata. */
-	throw new SimpleSAML_Error_Error('METADATA', $exception);
-}
-
-?>
\ No newline at end of file
diff --git a/www/saml2/sp/initSLO.php b/www/saml2/sp/initSLO.php
deleted file mode 100644
index 50b2d03..0000000
--- a/www/saml2/sp/initSLO.php
+++ /dev/null
@@ -1,75 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-SimpleSAML_Logger::warning('The file saml2/sp/initSLO.php is deprecated and will be removed in future versions.');
-
-SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: Accessing SAML 2.0 SP initSLO script');
-
-if (!$config->getBoolean('enable.saml20-sp', TRUE))
-	throw new SimpleSAML_Error_Error('NOACCESS');
-
-
-if (isset($_REQUEST['RelayState'])) {
-	$returnTo = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['RelayState']);
-} else {
-	throw new SimpleSAML_Error_Error('NORELAYSTATE');
-}
-
-
-try {
-	$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-
-	$idpEntityId = $session->getAuthData('saml2', 'saml:sp:IdP');
-	if ($idpEntityId === NULL) {
-		SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: User not authenticated with an IdP.');
-		SimpleSAML_Utilities::redirectTrustedURL($returnTo);
-	}
-	$idpMetadata = $metadata->getMetaDataConfig($idpEntityId, 'saml20-idp-remote');
-	$SLOendpoint = $idpMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array(
-			SAML2_Const::BINDING_HTTP_REDIRECT,
-			SAML2_Const::BINDING_HTTP_POST),
-		NULL);
-	if ($SLOendpoint === NULL) {
-		$session->doLogout('saml2');
-		SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: No SingleLogoutService endpoint supported in the IdP.');
-		SimpleSAML_Utilities::redirectTrustedURL($returnTo);
-	}
-
-	$spEntityId = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
-	$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-hosted');
-
-	$nameId = $session->getAuthData('saml2', 'saml:sp:NameID');
-
-	$lr = sspmod_saml_Message::buildLogoutRequest($spMetadata, $idpMetadata);
-	$lr->setNameId($nameId);
-	$lr->setSessionIndex($session->getAuthData('saml2', 'saml:sp:SessionIndex'));
-	$lr->setDestination($SLOendpoint['Location']);
-
-	$session->doLogout('saml2');
-
-	/* Save the $returnTo URL until the user returns from the IdP. */
-	$session->setData('spLogoutReturnTo', $lr->getId(), $returnTo);
-
-	SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: SP (' . $spEntityId . ') is sending logout request to IdP (' . $idpEntityId . ')');
-
-	$b = SAML2_Binding::getBinding($SLOendpoint['Binding']);
-	$b->send($lr);
-
-
-} catch(Exception $exception) {
-	throw new SimpleSAML_Error_Error('CREATEREQUEST', $exception);
-}
-
diff --git a/www/saml2/sp/initSSO.php b/www/saml2/sp/initSSO.php
deleted file mode 100644
index ef1acc2..0000000
--- a/www/saml2/sp/initSSO.php
+++ /dev/null
@@ -1,189 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-SimpleSAML_Logger::warning('The file saml2/sp/initSSO.php is deprecated and will be removed in future versions.');
-
-SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: Accessing SAML 2.0 SP initSSO script');
-
-if (!$config->getBoolean('enable.saml20-sp', TRUE))
-	throw new SimpleSAML_Error_Error('NOACCESS');
-
-/*
- * Incomming URL parameters
- *
- * idpentityid 	optional	The entityid of the wanted IdP to authenticate with. If not provided will use default.
- * spentityid	optional	The entityid of the SP config to use. If not provided will use default to host.
- * RelayState	required	Where to send the user back to after authentication.
- */		
-
-if (empty($_GET['RelayState'])) {
-	throw new SimpleSAML_Error_Error('NORELAYSTATE');
-}
-$returnTo = SimpleSAML_Utilities::checkURLAllowed($_GET['RelayState']);
-
-$reachableIDPs = array();
-
-try {
-
-	$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $config->getString('default-saml20-idp', NULL) ;
-	$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
-
-	$isPassive  = isset($_GET['IsPassive']) && ($_GET['IsPassive'] === 'true' || $_GET['IsPassive'] === '1');
-	$forceAuthn = isset($_GET['ForceAuthn']) && ($_GET['ForceAuthn'] === 'true' || $_GET['ForceAuthn'] === '1');
-
-	/* We are going to need the SP metadata to determine which IdP discovery service we should use.
-	   And for checking for scoping parameters. */
-	$spmetadata = $metadata->getMetaDataCurrent('saml20-sp-hosted');
-
-	$IDPList = array();
-
-	/* Configured idp overrides one given by Scope */
-	if($idpentityid === NULL && array_key_exists('idpentityid', $spmetadata)) {
-		$idpentityid = $spmetadata['idpentityid'];
-	}
-
-	/* AuthId is set if we are on the sp side on a proxy/bridge */
-	$authid = isset($_GET['AuthId']) ? $_GET['AuthId'] : FALSE;
-	if ($authid) {
-		$authrequestcache = $session->getAuthnRequest('saml2', $authid);
-		$isPassive  = $isPassive || $authrequestcache['IsPassive'];
-		$forceAuthn = $forceAuthn || $authrequestcache['ForceAuthn'];
-
-		/* keep the IDPList, it MUST be sent it to the next idp,
-		   we are only allowed to add idps */
-		if (isset($authrequestcache['IDPList']) && is_array($authrequestcache['IDPList'])) {
-			$IDPList = $authrequestcache['IDPList'];
-		}
-		if ($idpentityid === NULL) {
-			/* only consider ProviderIDs we know ... */
-	
-			$reachableIDPs = array_intersect($IDPList, array_keys($metadata->getList()));
-
-			if (sizeof($reachableIDPs) === 1) {
-				$idpentityid = array_shift($reachableIDPs);
-			}
-		}
-	}
-	
-
-} catch (Exception $exception) {
-	throw new SimpleSAML_Error_Error('METADATA', $exception);
-}
-
-/*
- * If no IdP can be resolved, send the user to the SAML 2.0 Discovery Service
- */
-if ($idpentityid === NULL) {
-
-	SimpleSAML_Logger::info('SAML2.0 - SP.initSSO: No chosen or default IdP, go to SAML2disco');
-
-	/* Which IdP discovery service should we use? Can be set in SP metadata or in global configuration.
-	 * Falling back to builtin discovery service.
-	 */
-
-	if(array_key_exists('idpdisco.url', $spmetadata)) {
-		$discourl = $spmetadata['idpdisco.url'];
-	} elseif($config->getString('idpdisco.url.saml20', NULL) !== NULL) {
-		$discourl = $config->getString('idpdisco.url.saml20');
-	} else {
-		$discourl = SimpleSAML_Utilities::getBaseURL() . 'saml2/sp/idpdisco.php';
-	}
-
-	$extDiscoveryStorage = $config->getString('idpdisco.extDiscoveryStorage', NULL);
-	if ($extDiscoveryStorage !== NULL) {
-		SimpleSAML_Utilities::redirectTrustedURL($extDiscoveryStorage, array(
-			'entityID' => $spentityid,
-			'return' => SimpleSAML_Utilities::addURLparameter($discourl, array(
-				'return' => SimpleSAML_Utilities::selfURL(),
-				'remember' => 'true',
-				'entityID' => $spentityid,
-				'returnIDParam' => 'idpentityid',
-			)),
-			'returnIDParam' => 'idpentityid',
-			'isPassive' => 'true')
-		);
-	}
-
-	$discoparameters = array(
-		'entityID' => $spentityid,
-		'return' => SimpleSAML_Utilities::selfURL(),
-		'returnIDParam' => 'idpentityid');
-		
-	$discoparameters['isPassive'] = $isPassive;
-	
-	if (sizeof($reachableIDPs) > 0) {
-		$discoparameters['IDPList'] = $reachableIDPs;
-	}
-
-	SimpleSAML_Utilities::redirectTrustedURL($discourl, $discoparameters);
-}
-
-
-/*
- * Create and send authentication request to the IdP.
- */
-try {
-
-	$spMetadata = $metadata->getMetaDataConfig($spentityid, 'saml20-sp-hosted');
-	$idpMetadata = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-remote');
-
-	$ar = sspmod_saml_Message::buildAuthnRequest($spMetadata, $idpMetadata);
-
-	$assertionConsumerServiceURL = $metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted');
-	$ar->setAssertionConsumerServiceURL($assertionConsumerServiceURL);
-	$ar->setRelayState($returnTo);
-
-	if ($isPassive) {
-		$ar->setIsPassive(TRUE);
-	}
-	if ($forceAuthn) {
-		$ar->setForceAuthn(TRUE);
-	}
-
-	if(array_key_exists('IDPList', $spmetadata)) {
-		$IDPList = array_unique(array_merge($IDPList, $spmetadata['IDPList']));
-	}
-	
-	if (isset($_GET['IDPList']) && !empty($_GET['IDPList'])) {
-		$providers = $_GET['IDPList'];
-		if (!is_array($providers)) $providers = array($providers);
-		$IDPList = array_merge($IDPList, $providers);
-	};
-	$ar->setIDPList($IDPList);
-
-	/* Save request information. */
-	$info = array();
-	$info['RelayState'] = $returnTo;
-	if(array_key_exists('OnError', $_REQUEST)) {
-		$info['OnError'] = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['OnError']);
-	}
-	$session->setData('SAML2:SP:SSO:Info', $ar->getId(), $info);
-
-	/* Select appropriate SSO endpoint */
-	if ($ar->getProtocolBinding() === SAML2_Const::BINDING_HOK_SSO) {
-		$dst = $idpMetadata->getDefaultEndpoint('SingleSignOnService', array(SAML2_Const::BINDING_HOK_SSO));
-	} else {
-		$dst = $idpMetadata->getDefaultEndpoint('SingleSignOnService', array(SAML2_Const::BINDING_HTTP_REDIRECT, SAML2_Const::BINDING_HTTP_POST));
-	}
-	$ar->setDestination($dst['Location']);
-
-	$b = SAML2_Binding::getBinding($dst['Binding']);
-	$b->send($ar);
-
-} catch(Exception $exception) {
-	throw new SimpleSAML_Error_Error('CREATEREQUEST', $exception);
-}
-
diff --git a/www/shib13/sp/AssertionConsumerService.php b/www/shib13/sp/AssertionConsumerService.php
deleted file mode 100644
index ab1fd68..0000000
--- a/www/shib13/sp/AssertionConsumerService.php
+++ /dev/null
@@ -1,125 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-
-SimpleSAML_Logger::warning('The file shib13/sp/AssertionConsumerService.php is deprecated and will be removed in future versions.');
-
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-
-/**
- * Finish login operation.
- *
- * This helper function finishes a login operation and redirects the user back to the page which
- * requested the login.
- *
- * @param array $authProcState  The state of the authentication process.
- */
-function finishLogin($authProcState) {
-	assert('is_array($authProcState)');
-	assert('array_key_exists("Attributes", $authProcState)');
-	assert('array_key_exists("core:shib13-sp:NameID", $authProcState)');
-	assert('array_key_exists("core:shib13-sp:SessionIndex", $authProcState)');
-	assert('array_key_exists("core:shib13-sp:TargetURL", $authProcState)');
-	assert('array_key_exists("Source", $authProcState)');
-	assert('array_key_exists("entityid", $authProcState["Source"])');
-
-	$authData = array(
-		'Attributes' => $authProcState['Attributes'],
-		'saml:sp:NameID' => $authProcState['core:shib13-sp:NameID'],
-		'saml:sp:SessionIndex' => $authProcState['core:shib13-sp:SessionIndex'],
-		'saml:sp:IdP' => $authProcState['Source']['entityid'],
-	);
-
-	global $session;
-	$session->doLogin('shib13', $authData);
-
-	SimpleSAML_Utilities::redirectTrustedURL($authProcState['core:shib13-sp:TargetURL']);
-}
-
-
-SimpleSAML_Logger::info('Shib1.3 - SP.AssertionConsumerService: Accessing Shibboleth 1.3 SP endpoint AssertionConsumerService');
-
-if (!$config->getBoolean('enable.shib13-sp', false))
-	throw new SimpleSAML_Error_Error('NOACCESS');
-
-if (array_key_exists(SimpleSAML_Auth_ProcessingChain::AUTHPARAM, $_REQUEST)) {
-	/* We have returned from the authentication processing filters. */
-
-	$authProcId = $_REQUEST[SimpleSAML_Auth_ProcessingChain::AUTHPARAM];
-
-	// sanitize the input
-	$sid = SimpleSAML_Utilities::parseStateID($authProcId);
-	if (!is_null($sid['url'])) {
-		SimpleSAML_Utilities::checkURLAllowed($sid['url']);
-	}
-
-	$authProcState = SimpleSAML_Auth_ProcessingChain::fetchProcessedState($authProcId);
-	finishLogin($authProcState);
-}
-
-if (empty($_POST['SAMLResponse'])) 
-	throw new SimpleSAML_Error_Error('ACSPARAMS', $exception);
-
-try {
-
-	$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-
-	$binding = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata);
-	$authnResponse = $binding->decodeResponse($_POST);
-
-	$authnResponse->validate();
-
-	/* Successfully authenticated. */
-
-	$idpmetadata = $metadata->getMetadata($authnResponse->getIssuer(), 'shib13-idp-remote');
-
-	SimpleSAML_Logger::info('Shib1.3 - SP.AssertionConsumerService: Successful authentication to IdP ' . $idpmetadata['entityid']);
-
-
-	SimpleSAML_Logger::stats('shib13-sp-SSO ' . $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted') . ' ' . $idpmetadata['entityid'] . ' NA');
-
-
-	$relayState = $authnResponse->getRelayState();
-	if (!isset($relayState)) {
-		throw new SimpleSAML_Error_Error('NORELAYSTATE');
-	}
-
-	$spmetadata = $metadata->getMetaData(NULL, 'shib13-sp-hosted');
-
-	/* Begin module attribute processing */
-	$pc = new SimpleSAML_Auth_ProcessingChain($idpmetadata, $spmetadata, 'sp');
-
-	$authProcState = array(
-		'core:shib13-sp:NameID' => $authnResponse->getNameID(),
-		'core:shib13-sp:SessionIndex' => $authnResponse->getSessionIndex(),
-		'core:shib13-sp:TargetURL' => SimpleSAML_Utilities::checkURLAllowed($relayState),
-		'ReturnURL' => SimpleSAML_Utilities::selfURLNoQuery(),
-		'Attributes' => $authnResponse->getAttributes(),
-		'Destination' => $spmetadata,
-		'Source' => $idpmetadata,
-		);
-
-	$pc->processState($authProcState);
-	/* Since this function returns, processing has completed and attributes have
-	 * been updated.
-	 */
-
-	finishLogin($authProcState);
-
-} catch(Exception $exception) {
-	throw new SimpleSAML_Error_Error('GENERATEAUTHNRESPONSE', $exception);
-}
-
-
-?>
\ No newline at end of file
diff --git a/www/shib13/sp/idpdisco.php b/www/shib13/sp/idpdisco.php
deleted file mode 100644
index 85822ed..0000000
--- a/www/shib13/sp/idpdisco.php
+++ /dev/null
@@ -1,29 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../../_include.php');
-
-SimpleSAML_Logger::warning('The file shib13/sp/idpdisco.php is deprecated and will be removed in future versions.');
-
-try {
-	$discoHandler = new SimpleSAML_XHTML_IdPDisco(array('shib13-idp-remote'), 'shib13');
-} catch (Exception $exception) {
-	/* An error here should be caused by invalid query parameters. */
-	throw new SimpleSAML_Error_Error('DISCOPARAMS', $exception);
-}
-
-try {
-	$discoHandler->handleRequest();
-} catch(Exception $exception) {
-	/* An error here should be caused by metadata. */
-	throw new SimpleSAML_Error_Error('METADATA', $exception);
-}
-
-?>
\ No newline at end of file
diff --git a/www/shib13/sp/initSSO.php b/www/shib13/sp/initSSO.php
deleted file mode 100644
index 2cceb21..0000000
--- a/www/shib13/sp/initSSO.php
+++ /dev/null
@@ -1,110 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-
-SimpleSAML_Logger::warning('The file shib13/sp/initSSO.php is deprecated and will be removed in future versions.');
-
-$session = SimpleSAML_Session::getSessionFromRequest();
-		
-
-/*
- * Incomming URL parameters
- *
- * idpentityid 	optional	The entityid of the wanted IdP to authenticate with. If not provided will use default.
- * spentityid	optional	The entityid of the SP config to use. If not provided will use default to host.
- * RelayState	required	Where to send the user back to after authentication.
- *  
- */
-
-SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: Accessing Shib 1.3 SP initSSO script');
-
-if (!$config->getBoolean('enable.shib13-sp', false))
-	throw new SimpleSAML_Error_Error('NOACCESS');
-
-
-try {
-
-	$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $config->getString('default-shib13-idp', NULL) ;
-	$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID('shib13-sp-hosted');
-
-	if($idpentityid === NULL) {
-		/* We are going to need the SP metadata to determine which IdP discovery service we should use. */
-		$spmetadata = $metadata->getMetaDataCurrent('shib13-sp-hosted');
-	}
-
-
-} catch (Exception $exception) {
-	throw new SimpleSAML_Error_Error('METADATA', $exception);
-}
-
-
-
-if (!isset($session) || !$session->isValid('shib13') ) {
-	
-	if ($idpentityid == null) {
-	
-		SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: No chosen or default IdP, go to Shib13disco');
-
-		/* Which IdP discovery service should we use? Can be set in SP metadata or in global configuration.
-		 * Falling back to builtin discovery service.
-		 */
-		if(array_key_exists('idpdisco.url', $spmetadata)) {
-			$discservice = $spmetadata['idpdisco.url'];
-		} elseif($config->getString('idpdisco.url.shib13', NULL) !== NULL) {
-			$discservice = $config->getString('idpdisco.url.shib13');
-		} else {
-			$discservice = '/' . $config->getBaseURL() . 'shib13/sp/idpdisco.php';
-		}
-
-		SimpleSAML_Utilities::redirectTrustedURL($discservice, array(
-			'entityID' => $spentityid,
-			'return' => SimpleSAML_Utilities::selfURL(),
-			'returnIDParam' => 'idpentityid',
-			));
-	}
-	
-	
-	try {
-		$ar = new SimpleSAML_XML_Shib13_AuthnRequest();
-		$ar->setIssuer($spentityid);	
-		if(isset($_GET['RelayState'])) 
-			$ar->setRelayState(SimpleSAML_Utilities::checkURLAllowed($_GET['RelayState']));
-
-		SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: SP (' . $spentityid . ') is sending AuthNRequest to IdP (' . $idpentityid . ')');
-
-		$url = $ar->createRedirect($idpentityid);
-		SimpleSAML_Utilities::redirectTrustedURL($url);
-	
-	} catch(Exception $exception) {		
-		throw new SimpleSAML_Error_Error('CREATEREQUEST', $exception);
-	}
-
-} else {
-
-	
-	$relaystate = $_GET['RelayState'];
-	
-	if (isset($relaystate) && !empty($relaystate)) {
-		SimpleSAML_Logger::info('Shib1.3 - SP.initSSO: Already Authenticated, Go back to RelayState');
-		SimpleSAML_Utilities::redirectUntrustedURL($relaystate);
-	} else {
-		throw new SimpleSAML_Error_Error('NORELAYSTATE');
-	}
-
-}
-
-
-
-
-?>
\ No newline at end of file
diff --git a/www/wsfed/sp/idpdisco.php b/www/wsfed/sp/idpdisco.php
deleted file mode 100644
index f48f9c9..0000000
--- a/www/wsfed/sp/idpdisco.php
+++ /dev/null
@@ -1,29 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../../_include.php');
-
-SimpleSAML_Logger::warning('The file wsfed/sp/idpdisco.php is deprecated and will be removed in future versions.');
-
-try {
-	$discoHandler = new SimpleSAML_XHTML_IdPDisco(array('wsfed-idp-remote'), 'wsfed');
-} catch (Exception $exception) {
-	/* An error here should be caused by invalid query parameters. */
-	throw new SimpleSAML_Error_Error('DISCOPARAMS', $exception);
-}
-
-try {
-	$discoHandler->handleRequest();
-} catch(Exception $exception) {
-	/* An error here should be caused by metadata. */
-	throw new SimpleSAML_Error_Error('METADATA', $exception);
-}
-
-?>
\ No newline at end of file
diff --git a/www/wsfed/sp/initSLO.php b/www/wsfed/sp/initSLO.php
deleted file mode 100644
index a30e294..0000000
--- a/www/wsfed/sp/initSLO.php
+++ /dev/null
@@ -1,71 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-
-SimpleSAML_Logger::warning('The file wsfed/sp/initSLO.php is deprecated and will be removed in future versions.');
-
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-SimpleSAML_Logger::info('WS-Fed - SP.initSLO: Accessing WS-Fed SP initSLO script');
-
-if (!$config->getBoolean('enable.wsfed-sp', false))
-	throw new SimpleSAML_Error_Error('NOACCESS');
-
-
-if (isset($_REQUEST['RelayState'])) {
-	$returnTo = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['RelayState']);
-} else {
-	throw new SimpleSAML_Error_Error('NORELAYSTATE');
-}
-
-	
-if (isset($session) ) {
-	
-	try {
-	
-		$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-	
-		$idpentityid = $session->getAuthData('wsfed', 'saml:sp:IdP');
-		$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
-	
-		/**
-		 * Create a logout request
-		 */		
-		
-		$session->doLogout('wsfed');
-		
-		SimpleSAML_Logger::info('WS-Fed - SP.initSLO: SP (' . $spentityid . ') is sending logout request to IdP (' . $idpentityid . ')');
-			
-		$idpmeta = $metadata->getMetaData($idpentityid, 'wsfed-idp-remote');
-		
-		SimpleSAML_Utilities::redirectTrustedURL($idpmeta['prp'], array(
-			'wa' => 'wsignout1.0',
-			'wct' =>  gmdate('Y-m-d\TH:i:s\Z', time()),
-			'wtrealm' => $spentityid,
-			'wctx' => $returnTo
-		));
-		
-
-	} catch(Exception $exception) {
-		throw new SimpleSAML_Error_Error('CREATEREQUEST', $exception);
-	}
-
-} else {
-
-	SimpleSAML_Logger::info('WS-Fed - SP.initSLO: User is already logged out. Go back to relaystate');
-	SimpleSAML_Utilities::redirectTrustedURL($returnTo);
-	
-}
-
-
-?>
\ No newline at end of file
diff --git a/www/wsfed/sp/initSSO.php b/www/wsfed/sp/initSSO.php
deleted file mode 100644
index 0b95bf2..0000000
--- a/www/wsfed/sp/initSSO.php
+++ /dev/null
@@ -1,75 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-/**
- * WS-Federation/ADFS PRP protocol support for simpleSAMLphp.
- *
- * The initSSO handler relays an internal request from a simpleSAMLphp
- * Service Provider as a WS-Federation Resource Partner using the Passive
- * Requestor Profile (PRP) to an Account Partner.
- *
- * @author Hans Zandbelt, SURFnet BV. <hans.zandbelt@surfnet.nl>
- * @package simpleSAMLphp
- */
-
-require_once('../../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-
-SimpleSAML_Logger::warning('The file wsfed/sp/initSSO.php is deprecated and will be removed in future versions.');
-
-SimpleSAML_Logger::info('WS-Fed - SP.initSSO: Accessing WS-Fed SP initSSO script');
-
-if (!$config->getBoolean('enable.wsfed-sp', false))
-	throw new SimpleSAML_Error_Error('NOACCESS');
-
-if (empty($_GET['RelayState'])) {
-	throw new SimpleSAML_Error_Error('NORELAYSTATE');
-}
-
-try {
-
-	$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $config->getString('default-wsfed-idp', NULL);
-	$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID('wsfed-sp-hosted');
-
-} catch (Exception $exception) {
-	throw new SimpleSAML_Error_Error('METADATA', $exception);
-}
-
-if ($idpentityid == null) {
-
-	SimpleSAML_Logger::info('WS-Fed - SP.initSSO: No chosen or default IdP, go to WSFeddisco');
-
-	SimpleSAML_Utilities::redirectTrustedURL('/' . $config->getBaseURL() . 'wsfed/sp/idpdisco.php', array(
-		'entityID' => $spentityid,
-		'return' => SimpleSAML_Utilities::selfURL(),
-		'returnIDParam' => 'idpentityid')
-	);
-}
-
-try {
-	$relaystate = SimpleSAML_Utilities::checkURLAllowed($_GET['RelayState']);
-	
-	$idpmeta = $metadata->getMetaData($idpentityid, 'wsfed-idp-remote');
-	$spmeta = $metadata->getMetaData($spentityid, 'wsfed-sp-hosted');
-
-	SimpleSAML_Utilities::redirectTrustedURL($idpmeta['prp'], array(
-		'wa' => 'wsignin1.0',
-		'wct' =>  gmdate('Y-m-d\TH:i:s\Z', time()),
-		'wtrealm' => $spentityid,
-		'wctx' => $relaystate
-		));
-	
-} catch (Exception $exception) {
-	throw new SimpleSAML_Error_Error('CREATEREQUEST', $exception);
-}
-
-?>
\ No newline at end of file
diff --git a/www/wsfed/sp/prp.php b/www/wsfed/sp/prp.php
deleted file mode 100644
index 57e5f23..0000000
--- a/www/wsfed/sp/prp.php
+++ /dev/null
@@ -1,166 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-/**
- * WS-Federation/ADFS PRP protocol support for simpleSAMLphp.
- *
- * The AssertionConsumerService handler accepts responses from a WS-Federation
- * Account Partner using the Passive Requestor Profile (PRP) and handles it as
- * a Resource Partner.  It receives a response, parses it and passes on the
- * authentication+attributes.
- *
- * @author Hans Zandbelt, SURFnet BV. <hans.zandbelt@surfnet.nl>
- * @package simpleSAMLphp
- */
-
-require_once('../../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-$session = SimpleSAML_Session::getSessionFromRequest();
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-
-SimpleSAML_Logger::warning('The file wsfed/sp/prp.php is deprecated and will be removed in future versions.');
-
-SimpleSAML_Logger::info('WS-Fed - SP.AssertionConsumerService: Accessing WS-Fed SP endpoint AssertionConsumerService');
-
-if (!$config->getBoolean('enable.wsfed-sp', false))
-	throw new SimpleSAML_Error_Error('NOACCESS');
-
-if (!empty($_GET['wa']) and ($_GET['wa'] == 'wsignoutcleanup1.0')) {
-	if (isset($session) && $session->isValid('wsfed')) {
-		$session->doLogout('wsfed');
-	}
-	if (!empty($_GET['wreply'])) {
-		SimpleSAML_Utilities::redirectUntrustedURL(urldecode($_GET['wreply']));
-	}
-	exit;
-}
-
-/* Make sure that the correct query parameters are passed to this script. */
-try {
-	if (empty($_POST['wresult'])) {
-		throw new Exception('Missing wresult parameter');
-	}
-	if (empty($_POST['wa'])) {
-		throw new Exception('Missing wa parameter');
-	}
-	if (empty($_POST['wctx'])) {
-		throw new Exception('Missing wctx parameter');
-	}
-} catch(Exception $exception) {
-	throw new SimpleSAML_Error_Error('ACSPARAMS', $exception);
-}
-
-
-try {
-
-	$wa = $_POST['wa'];
-	$wresult = $_POST['wresult'];
-	$wctx = $_POST['wctx'];
-
-	/* Load and parse the XML. */
-	$dom = new DOMDocument();
-	/* Accommodate for MS-ADFS escaped quotes */
-	$wresult = str_replace('\"', '"', $wresult);
-	$dom->loadXML(str_replace ("\r", "", $wresult));	
-
-	$xpath = new DOMXpath($dom);
-	$xpath->registerNamespace('wst', 'http://schemas.xmlsoap.org/ws/2005/02/trust');
-	$xpath->registerNamespace('saml', 'urn:oasis:names:tc:SAML:1.0:assertion');
-
-	/* Find the saml:Assertion element in the response. */
-	$assertions = $xpath->query('/wst:RequestSecurityTokenResponse/wst:RequestedSecurityToken/saml:Assertion');
-	if ($assertions->length === 0) {
-		throw new Exception('Received a response without an assertion on the WS-Fed PRP handler.');
-	}
-	if ($assertions->length > 1) {
-		throw new Exception('The WS-Fed PRP handler currently only supports a single assertion in a response.');
-	}
-	$assertion = $assertions->item(0);
-
-	/* Find the entity id of the issuer. */
-	$idpEntityId = $assertion->getAttribute('Issuer');
-
-	/* Load the IdP metadata. */
-	$idpMetadata = $metadata->getMetaData($idpEntityId, 'wsfed-idp-remote');
-
-	/* Find the certificate used by the IdP. */
-	if(array_key_exists('certificate', $idpMetadata)) {
-		$certFile = SimpleSAML_Utilities::resolveCert($idpMetadata['certificate']);
-	} else {
-		throw new Exception('Missing \'certificate\' metadata option in the \'wsfed-idp-remote\' metadata' .
-			' for the IdP \'' .  $idpEntityId . '\'.');
-	}
-
-	/* Load the certificate. */
-	$certData = file_get_contents($certFile);
-	if($certData === FALSE) {
-		throw new Exception('Unable to load certificate file \'' . $certFile . '\' for wsfed-idp \'' .
-			$idpEntityId . '\'.');
-	}
-
-	/* Verify that the assertion is signed by the issuer. */
-	$validator = new SimpleSAML_XML_Validator($assertion, 'AssertionID', $certData);
-	if(!$validator->isNodeValidated($assertion)) {
-		throw new Exception('The assertion was not correctly signed by the WS-Fed IdP \'' .
-			$idpEntityId . '\'.');
-	}
-
-	/* Check time constraints of contitions (if present). */
-	foreach($xpath->query('./saml:Conditions', $assertion) as $condition) {
-		$notBefore = $condition->getAttribute('NotBefore');
-		$notOnOrAfter = $condition->getAttribute('NotOnOrAfter');
-		if(!SimpleSAML_Utilities::checkDateConditions($notBefore, $notOnOrAfter)) {
-			throw new Exception('The response has expired.');
-		}
-	}
-
-
-	/* Extract the name identifier from the response. */
-	$nameid = $xpath->query('./saml:AuthenticationStatement/saml:Subject/saml:NameIdentifier', $assertion);
-	if ($nameid->length === 0) {
-		throw new Exception('Could not find the name identifier in the response from the WS-Fed IdP \'' .
-			$idpEntityId . '\'.');
-	}
-	$nameid = array(
-		'Format' => $nameid->item(0)->getAttribute('Format'),
-		'Value' => $nameid->item(0)->textContent,
-		);
-
-
-	/* Extract the attributes from the response. */
-	$attributes = array();
-	$attributeValues = $xpath->query('./saml:AttributeStatement/saml:Attribute/saml:AttributeValue', $assertion);
-	foreach($attributeValues as $attribute) {
-		$name = $attribute->parentNode->getAttribute('AttributeName');
-		$value = $attribute->textContent;
-		if(!array_key_exists($name, $attributes)) {
-			$attributes[$name] = array();
-		}
-		$attributes[$name][] = $value;
-	}
-
-
-	/* Mark the user as logged in. */
-	$authData = array(
-		'Attributes' => $attributes,
-		'saml:sp:NameID' => $nameid,
-		'saml:sp:IdP' => $idpEntityId,
-	);
-	$session->doLogin('wsfed', $authData);
-
-	/* Redirect the user back to the page which requested the login. */
-	SimpleSAML_Utilities::redirectUntrustedURL($wctx);
-
-} catch(Exception $exception) {		
-	throw new SimpleSAML_Error_Error('PROCESSASSERTION', $exception);
-}
-
-?>
\ No newline at end of file