diff --git a/modules/core/routing/routes/routes.yml b/modules/core/routing/routes/routes.yml
index 83e5e6ff300047432b9979050d13cb05d20f6afa..12884b024d2a3c05e82a3351498f0b5043b0c64a 100644
--- a/modules/core/routing/routes/routes.yml
+++ b/modules/core/routing/routes/routes.yml
@@ -22,15 +22,3 @@ core-warning-shortssointerval:
core-post-redirect:
path: /postredirect
defaults: { _controller: 'SimpleSAML\Module\core\Controller\Redirection:postredirect' }
-core-legacy-welcome:
- path: /frontpage_welcome.php
- defaults: { _controller: 'Symfony\Bundle\FrameworkBundle\Controller\RedirectController::urlRedirectAction', path: /admin/, permanent: true }
-core-legacy-config:
- path: /frontpage_config.php
- defaults: { _controller: 'Symfony\Bundle\FrameworkBundle\Controller\RedirectController::urlRedirectAction', path: /admin/, permanent: true }
-core-legacy-auth:
- path: /frontpage_auth.php
- defaults: { _controller: 'Symfony\Bundle\FrameworkBundle\Controller\RedirectController::urlRedirectAction', path: /admin/test, permanent: true }
-core-legacy-federation:
- path: /frontpage_federation.php
- defaults: { _controller: 'Symfony\Bundle\FrameworkBundle\Controller\RedirectController::urlRedirectAction', path: /admin/federation, permanent: true }
diff --git a/modules/core/www/as_login.php b/modules/core/www/as_login.php
deleted file mode 100644
index d73fa8ca0badc83638f3c4e887ff669536bd9ff0..0000000000000000000000000000000000000000
--- a/modules/core/www/as_login.php
+++ /dev/null
@@ -1,35 +0,0 @@
-<?php
-
-/**
- * Endpoint for logging in with an authentication source.
- *
- * @package SimpleSAMLphp
- */
-
-if (!isset($_REQUEST['ReturnTo'])) {
- throw new \SimpleSAML\Error\BadRequest('Missing ReturnTo parameter.');
-}
-
-if (!isset($_REQUEST['AuthId'])) {
- throw new \SimpleSAML\Error\BadRequest('Missing AuthId parameter.');
-}
-
-/*
- * Setting up the options for the requireAuth() call later..
- */
-$options = [
- 'ReturnTo' => \SimpleSAML\Utils\HTTP::checkURLAllowed($_REQUEST['ReturnTo']),
-];
-
-/*
- * Allows a saml:idp query string parameter specify the IdP entity ID to be used
- * as used by the DiscoJuice embedded client.
- */
-if (!empty($_REQUEST['saml:idp'])) {
- $options['saml:idp'] = $_REQUEST['saml:idp'];
-}
-
-$as = new \SimpleSAML\Auth\Simple($_REQUEST['AuthId']);
-$as->requireAuth($options);
-
-\SimpleSAML\Utils\HTTP::redirectTrustedURL($options['ReturnTo']);
diff --git a/modules/core/www/as_logout.php b/modules/core/www/as_logout.php
deleted file mode 100644
index 6fe7c95adad5ca27aa481781ffc329fa1bb97694..0000000000000000000000000000000000000000
--- a/modules/core/www/as_logout.php
+++ /dev/null
@@ -1,18 +0,0 @@
-<?php
-
-/**
- * Endpoint for logging out in with an authentication source.
- *
- * @package SimpleSAMLphp
- */
-
-if (!isset($_REQUEST['ReturnTo']) || !is_string($_REQUEST['ReturnTo'])) {
- throw new \SimpleSAML\Error\BadRequest('Missing ReturnTo parameter.');
-}
-
-if (!isset($_REQUEST['AuthId']) || !is_string($_REQUEST['AuthId'])) {
- throw new \SimpleSAML\Error\BadRequest('Missing AuthId parameter.');
-}
-
-$as = new \SimpleSAML\Auth\Simple($_REQUEST['AuthId']);
-$as->logout(\SimpleSAML\Utils\HTTP::checkURLAllowed($_REQUEST['ReturnTo']));
diff --git a/modules/core/www/cardinality_error.php b/modules/core/www/cardinality_error.php
deleted file mode 100644
index cae3cbf4e0d17417c7202088b60cae31fc59eaf5..0000000000000000000000000000000000000000
--- a/modules/core/www/cardinality_error.php
+++ /dev/null
@@ -1,30 +0,0 @@
-<?php
-
-/**
- * Show a 403 Forbidden page when an attribute violates a cardinality rule
- *
- * @package SimpleSAMLphp
- */
-
-if (!array_key_exists('StateId', $_REQUEST)) {
- throw new \SimpleSAML\Error\BadRequest('Missing required StateId query parameter.');
-}
-$id = $_REQUEST['StateId'];
-/** @var array $state */
-$state = \SimpleSAML\Auth\State::loadState($id, 'core:cardinality');
-$session = \SimpleSAML\Session::getSessionFromRequest();
-
-\SimpleSAML\Logger::stats('core:cardinality:error ' . $state['Destination']['entityid']
- . ' ' . $state['saml:sp:IdP'] . ' ' . implode(',', array_keys($state['core:cardinality:errorAttributes'])));
-
-$globalConfig = \SimpleSAML\Configuration::getInstance();
-$t = new \SimpleSAML\XHTML\Template($globalConfig, 'core:cardinality_error.twig');
-$t->data['cardinalityErrorAttributes'] = $state['core:cardinality:errorAttributes'];
-if (isset($state['Source']['auth'])) {
- $t->data['LogoutURL'] = \SimpleSAML\Module::getModuleURL(
- 'core/authenticate.php',
- ['as' => $state['Source']['auth']]
- ) . "&logout";
-}
-header('HTTP/1.0 403 Forbidden');
-$t->send();
diff --git a/modules/core/www/cleardiscochoices.php b/modules/core/www/cleardiscochoices.php
deleted file mode 100644
index f997f1607fd7fc080c9caa1797f80220ae784bf3..0000000000000000000000000000000000000000
--- a/modules/core/www/cleardiscochoices.php
+++ /dev/null
@@ -1,35 +0,0 @@
-<?php
-
-require_once('_include.php');
-
-/**
- * This page clears the user's IdP discovery choices.
- */
-
-// The base path for cookies. This should be the installation directory for SimpleSAMLphp.
-$config = \SimpleSAML\Configuration::getInstance();
-$cookiePath = $config->getBasePath();
-
-// We delete all cookies which starts with 'idpdisco_'
-foreach ($_COOKIE as $cookieName => $value) {
- if (substr($cookieName, 0, 9) !== 'idpdisco_') {
- // Not a idpdisco cookie.
- continue;
- }
-
- /* Delete the cookie. We delete it once without the secure flag and once with the secure flag. This
- * ensures that the cookie will be deleted in any case.
- */
- \SimpleSAML\Utils\HTTP::setCookie($cookieName, null, ['path' => $cookiePath, 'httponly' => false], false);
-}
-
-// Find where we should go now.
-if (array_key_exists('ReturnTo', $_REQUEST)) {
- $returnTo = \SimpleSAML\Utils\HTTP::checkURLAllowed($_REQUEST['ReturnTo']);
-} else {
- // Return to the front page if no other destination is given. This is the same as the base cookie path.
- $returnTo = $cookiePath;
-}
-
-// Redirect to destination.
-\SimpleSAML\Utils\HTTP::redirectTrustedURL($returnTo);
diff --git a/modules/core/www/no_cookie.php b/modules/core/www/no_cookie.php
deleted file mode 100644
index b79aeefd966dc7233dbc234d9fcf587f4265f1ad..0000000000000000000000000000000000000000
--- a/modules/core/www/no_cookie.php
+++ /dev/null
@@ -1,13 +0,0 @@
-<?php
-
-if (isset($_REQUEST['retryURL'])) {
- $retryURL = strval($_REQUEST['retryURL']);
- $retryURL = \SimpleSAML\Utils\HTTP::checkURLAllowed($retryURL);
-} else {
- $retryURL = null;
-}
-
-$globalConfig = \SimpleSAML\Configuration::getInstance();
-$t = new \SimpleSAML\XHTML\Template($globalConfig, 'core:no_cookie.twig');
-$t->data['retryURL'] = $retryURL;
-$t->send();
diff --git a/modules/core/www/postredirect.php b/modules/core/www/postredirect.php
deleted file mode 100644
index 4fecbd9f220798dfb078ba5538c706a01a43e3e8..0000000000000000000000000000000000000000
--- a/modules/core/www/postredirect.php
+++ /dev/null
@@ -1,64 +0,0 @@
-<?php
-
-/**
- * This page provides a way to create a redirect to a POST request.
- *
- * @package SimpleSAMLphp
- */
-
-use Exception;
-use SimpleSAML\Assert\Assert;
-use SimpleSAML\Configuration;
-use SimpleSAML\Error;
-use SimpleSAML\Session;
-use SimpleSAML\Utils;
-use SimpleSAML\XHTML\Template;
-
-if (array_key_exists('RedirId', $_REQUEST)) {
- $postId = $_REQUEST['RedirId'];
- $session = Session::getSessionFromRequest();
-} elseif (array_key_exists('RedirInfo', $_REQUEST)) {
- $encData = base64_decode($_REQUEST['RedirInfo']);
-
- if (empty($encData)) {
- throw new Error\BadRequest('Invalid RedirInfo data.');
- }
-
- list($sessionId, $postId) = explode(':', Utils\Crypto::aesDecrypt($encData));
-
- if (empty($sessionId) || empty($postId)) {
- throw new Error\BadRequest('Invalid session info data.');
- }
-
- $session = Session::getSession($sessionId);
-} else {
- throw new Error\BadRequest('Missing redirection info parameter.');
-}
-
-if ($session === null) {
- throw new Exception('Unable to load session.');
-}
-
-$postData = $session->getData('core_postdatalink', $postId);
-
-if ($postData === null) {
- // The post data is missing, probably because it timed out
- throw new Exception('The POST data we should restore was lost.');
-}
-
-$session->deleteData('core_postdatalink', $postId);
-
-Assert::isArray($postData);
-Assert::keyExists($postData, 'url');
-Assert::keyExists($postData, 'post');
-
-if (!Utils\HTTP::isValidURL($postData['url'])) {
- throw new Error\Exception('Invalid destination URL.');
-}
-
-$config = Configuration::getInstance();
-$template = new Template($config, 'post.php');
-$template->data['destination'] = $postData['url'];
-$template->data['post'] = $postData['post'];
-$template->send();
-exit(0);
diff --git a/modules/core/www/short_sso_interval.php b/modules/core/www/short_sso_interval.php
deleted file mode 100644
index 79c499a25a653cfd8840fb41fe8eeef78b703700..0000000000000000000000000000000000000000
--- a/modules/core/www/short_sso_interval.php
+++ /dev/null
@@ -1,31 +0,0 @@
-<?php
-
-/**
- * Show a warning to an user about the SP requesting SSO a short time after
- * doing it previously.
- *
- * @package SimpleSAMLphp
- */
-
-if (!array_key_exists('StateId', $_REQUEST)) {
- throw new \SimpleSAML\Error\BadRequest('Missing required StateId query parameter.');
-}
-$id = $_REQUEST['StateId'];
-
-/** @var array $state */
-$state = \SimpleSAML\Auth\State::loadState($id, 'core:short_sso_interval');
-
-$session = \SimpleSAML\Session::getSessionFromRequest();
-
-if (array_key_exists('continue', $_REQUEST)) {
- // The user has pressed the continue/retry-button
- \SimpleSAML\Auth\ProcessingChain::resumeProcessing($state);
-}
-
-$globalConfig = \SimpleSAML\Configuration::getInstance();
-$t = new \SimpleSAML\XHTML\Template($globalConfig, 'core:short_sso_interval.twig');
-$t->data['target'] = \SimpleSAML\Module::getModuleURL('core/short_sso_interval.php');
-$t->data['params'] = ['StateId' => $id];
-$t->data['trackId'] = $session->getTrackID();
-$t->data['autofocus'] = 'contbutton';
-$t->send();