diff --git a/docs/simplesamlphp-changelog.txt b/docs/simplesamlphp-changelog.txt
index 6ece741960f1ea50823fea78388d1a4e15966819..f5532b53b705e74ba8ff43f252e96a49dc718782 100644
--- a/docs/simplesamlphp-changelog.txt
+++ b/docs/simplesamlphp-changelog.txt
@@ -31,6 +31,7 @@ See the upgrade notes for specific information about upgrading.
* Removed bin/test.php and www/admin/test.php.
* Removed metashare.
* Removed www/auth/login-auto.php.
+ * Removed www/auth/login-feide.php.
### SAML 2 IdP
diff --git a/lib/SimpleSAML/IdP.php b/lib/SimpleSAML/IdP.php
index 3239426b097cd3da2f1927b050ebfdb2bcaee423..e44f924b7229c240ea2b59a95ff22f70c0f0b8bb 100644
--- a/lib/SimpleSAML/IdP.php
+++ b/lib/SimpleSAML/IdP.php
@@ -243,7 +243,6 @@ class SimpleSAML_IdP {
$candidates = array(
'auth/login-admin.php' => 'login-admin',
'auth/login-cas-ldap.php' => 'login-cas-ldap',
- 'auth/login-feide.php' => 'login-feide',
'auth/login-ldapmulti.php' => 'login-ldapmulti',
'auth/login-radius.php' => 'login-radius',
'auth/login-tlsclient.php' => 'tlsclient',
diff --git a/www/auth/login-feide.php b/www/auth/login-feide.php
deleted file mode 100644
index 1680ee149ab01fdd16a53c270478d7ef5bb6ec7c..0000000000000000000000000000000000000000
--- a/www/auth/login-feide.php
+++ /dev/null
@@ -1,317 +0,0 @@
-<?php
-/**
- * This file is part of SimpleSAMLphp. See the file COPYING in the
- * root of the distribution for licence information.
- *
- * This file implements authentication of users using LDAP. Which LDAP
- * server to do bind against is decided based on the users home
- * organization.
- *
- * First a search is done on the users eduPersonPrincipalName (ePPN). Only
- * one user with the ePPN should exist. After the DN of the user is found
- * a LDAP bind is used to authenticate the user and fetch the attributes.
- *
- * @author Andreas Ă…kre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
- * @author Anders Lund, UNINETT AS. <anders.lund@uninett.no>
- * @package simpleSAMLphp
- * @version $Id$
- */
-
-
-require_once('../../www/_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-$ldapconfig = SimpleSAML_Configuration::getConfig('config-login-feide.php');
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-$session = SimpleSAML_Session::getInstance();
-
-
-SimpleSAML_Logger::info('AUTH - ldap-feide: Accessing auth endpoint login-feide');
-
-$ldaporgconfig = $ldapconfig->getValue('orgldapconfig');
-
-
-/*
- * Load the RelayState argument. The RelayState argument contains the address
- * we should redirect the user to after a successful authentication.
- */
-if (!array_key_exists('RelayState', $_REQUEST)) {
- SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
-}
-
-/*
- * Fetch information about the service the user is coming from.
- */
-if (!array_key_exists('AuthId', $_REQUEST)) {
- SimpleSAML_Utilities::fatalError($session->getTrackID(), null, new Exception('This login module does not support local login without reference to a Login request'));
-}
-if (!array_key_exists('protocol', $_REQUEST)) {
- SimpleSAML_Utilities::fatalError($session->getTrackID(), null, new Exception('Protocol URL parameter was not set'));
-}
-if ($_REQUEST['protocol'] != 'saml2') {
- SimpleSAML_Utilities::fatalError($session->getTrackID(), null, new Exception('This login module only works with SAML 2.0'));
-}
-
-try {
- $protocol = $_REQUEST['protocol'];
- $authid = $_REQUEST['AuthId'];
- $authrequestcache = $session->getAuthnRequest($protocol, $authid);
-} catch (Exception $e) {
- SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOSESSION', $e);
-}
-
-$spentityid = $authrequestcache['Issuer'];
-$spmetadata = $metadata->getMetadata($spentityid, 'saml20-sp-remote');
-
-/*
- * Find the list of allowed organizations.
- */
-$allowedOrgs = array_keys($ldaporgconfig);
-if(array_key_exists('feide.allowedorgs', $spmetadata)) {
- assert('is_array($spmetadata["feide.allowedorgs"])');
- $allowedOrgs = array_intersect($spmetadata['feide.allowedorgs'], $allowedOrgs);
-}
-
-
-$error = null;
-$attributes = array();
-
-$selectorg = true;
-$org = null;
-
-/**
- * Check if user has selected organization in this request.
- */
-if (isset($_REQUEST['org'])) {
- $org = $_REQUEST['org'];
- // OrgCookie is set to expire in 30 days. If set to 0, or omitted, the cookie will expire at the end of the session (when the browser closes).
- setcookie("OrgCookie", $_REQUEST['org'], time()+60*60*24*30);
- $selectorg = false;
-
-/**
- * If user has not selected organization in this request, then check if the user
- * has stored the selected organization as a cookie.
- */
-} elseif (isset($_COOKIE["OrgCookie"])) {
- $org = $_COOKIE["OrgCookie"];
- $selectorg = false;
-}
-
-/**
- * If the user has excplicitly selected to change the preselected organization.
- */
-if (isset($_REQUEST['action']) && $_REQUEST['action'] === 'change_org') {
-// setcookie("OrgCookie", "", time() - 3600);
- $selectorg = true;
-}
-
-/*
- * The user may have previously selected an organization which the SP doesn't allow. Correct this.
- */
-if ($selectorg === FALSE && !in_array($org, $allowedOrgs, TRUE)) {
- $selectorg = TRUE;
-}
-
-
-if (isset($_REQUEST['username'])) {
- try {
- $requestedOrg = null;
- $requestedUser = strtolower($_REQUEST['username']);
-
- /*
- * Checking username parameter for illegal characters.
- */
- if (!preg_match('/^[a-z0-9._]+(@[a-z0-9._]+)?$/D', $requestedUser) )
- throw new Exception('Illegal characters in (or empty) username.');
-
- /*
- * Split username and organization if user input includes @.
- */
- if (strstr($requestedUser, '@')) {
- $decomposed = explode('@', $requestedUser);
- $requestedUser = $decomposed[0];
- $requestedOrg = $decomposed[1];
- }
-
- /*
- * Checking organization parameter.
- */
- if (empty($requestedOrg) ) {
- if (empty($_REQUEST['org']))
- throw new Exception('Organization parameter is not set.');
-
- $requestedOrg = strtolower($_REQUEST['org']);
- }
-
- if (!preg_match('/^[a-z0-9.]*$/D', $requestedOrg) )
- throw new Exception('Illegal characters in organization.');
-
- if (!array_key_exists($requestedOrg, $ldaporgconfig))
- throw new Exception('Organization ' . $requestedOrg . ' does not exist in configuration.');
-
- $orgconfig = $ldaporgconfig[$requestedOrg];
-
- /*
- * Checking password parameter.
- */
- if (empty($_REQUEST['password']))
- throw new Exception('The password field was left empty. Please fill in a valid password.');
-
- $password = $_REQUEST['password'];
-
- if (!preg_match('/^[a-zA-Z0-9.]+$/D', $password) )
- throw new Exception('Illegal characters in password.');
-
- /*
- * Connecting to LDAP.
- */
- $ldap = new SimpleSAML_Auth_LDAP($orgconfig['hostname'], $orgconfig['enable_tls']);
-
- /*
- * Search for eduPersonPrincipalName.
- */
- if (isset($orgconfig['adminUser'])) {
- $ldap->bind($orgconfig['adminUser'], $orgconfig['adminPassword']);
- }
-
- $eppn = $requestedUser."@".$requestedOrg;
- $dn = $ldap->searchfordn($orgconfig['searchbase'], 'eduPersonPrincipalName', $eppn);
-
- /*
- * Do LDAP bind using DN found from the search on ePPN.
- */
- if (!$ldap->bind($dn, $password)) {
- SimpleSAML_Logger::info('AUTH - ldap-feide: '. $requestedUser . ' failed to authenticate. DN=' . $dn);
- throw new Exception('Wrong username or password');
- }
-
- /*
- * Retrieve attributes from LDAP
- */
- $attributes = $ldap->getAttributes($dn, $orgconfig['attributes']);
-
-
- /**
- * Retrieve organizational attributes, if the eduPersonOrgDN attribute is set.
- */
- if (isset($attributes['eduPersonOrgDN'])) {
- $orgdn = $attributes['eduPersonOrgDN'][0];
- $orgattributes = $ldap->getAttributes($orgdn);
-
- $orgattr = array_keys($orgattributes);
- foreach($orgattr as $value){
- $orgattributename = ('eduPersonOrgDN:' . $value);
- //SimpleSAML_Logger::debug('AUTH - ldap-feide: Orgattributename: '. $orgattributename);
- $attributes[$orgattributename] = $orgattributes[$value];
- //SimpleSAML_Logger::debug('AUTH - ldap-feide: Attribute added: '. $attributes[$orgattributename]);
- }
-
- }
- /*
-
- TODO: We need to figure out how to map the orgunit attributes into SAML attributes.
-
- if(isset($attributes['edupersonprimaryorgunitdn'][0])){
- $orgunitdn = $attributes['edupersonprimaryorgunitdn'][0];
- }
- elseif(isset($attributes['edupersonorgunitdn'][0])){
- $orgunitdn = $attributes['edupersonorgunitdn'][0];
- }
-
- $orgunitattributes = $ldap->getAttributes($orgunitdn);
-
-
-
- $orgunitattr = array_keys($orgunitattributes);
- foreach($orgunitattr as $value){
- $orgunitattributename = ('edupersonorgunit: ' . $value);
- // SimpleSAML_Logger::debug('AUTH - ldap-feide: Orgunitattributename: '. $orgunitattributename);
- $attributes[$orgunitattributename] = $orgunitattributes[$value];
- }
- */
-
-
-
- //SimpleSAML_Logger::debug('AUTH - ldap-feide: '. $orgattributes . ' successfully authenticated');
- SimpleSAML_Logger::info('AUTH - ldap-feide: '. $requestedUser . ' successfully authenticated');
-
- $session->doLogin('login-feide');
-
-
- $session->setAttributes($attributes);
-
- $session->setNameID(array(
- 'value' => SimpleSAML_Utilities::generateID(),
- 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
-
-
- /**
- * Create a statistics log entry for every successfull login attempt.
- * Also log a specific attribute as set in the config: statistics.authlogattr
- */
- $authlogattr = $config->getValue('statistics.authlogattr', null);
- if ($authlogattr && array_key_exists($authlogattr, $attributes))
- SimpleSAML_Logger::stats('AUTH-login-feide OK ' . $attributes[$authlogattr][0]);
- else
- SimpleSAML_Logger::stats('AUTH-login-feide OK');
-
-
- $returnto = $_REQUEST['RelayState'];
- SimpleSAML_Utilities::redirect($returnto);
-
-
- } catch (Exception $e) {
- SimpleSAML_Logger::error('AUTH - ldap-feide: User: '.(isset($requestedUser) ? $requestedUser : 'na'). ':'. $e->getMessage());
- SimpleSAML_Logger::stats('AUTH-login-feide Failed');
- $error = $e->getMessage();
- }
-}
-
-
-$t = new SimpleSAML_XHTML_Template($config, 'login-feide.php', 'login');
-
-$t->data['header'] = 'simpleSAMLphp: Enter username and password';
-$t->data['relaystate'] = $_REQUEST['RelayState'];
-$t->data['ldapconfig'] = $ldaporgconfig;
-$t->data['protocol'] = $protocol;
-$t->data['authid'] = $authid;
-
-if(array_key_exists('logo', $spmetadata)) {
- $t->data['splogo'] = $spmetadata['logo'];
-} else {
- $t->data['splogo'] = NULL;
-}
-if(array_key_exists('description', $spmetadata)) {
- $t->data['spdesc'] = $spmetadata['description'];
-} else {
- $t->data['spdesc'] = NULL;
-}
-if(array_key_exists('name', $spmetadata)) {
- $t->data['spname'] = $spmetadata['name'];
-} elseif(array_key_exists('OrganizationDisplayName', $spmetadata)) {
- $t->data['spname'] = $spmetadata['OrganizationDisplayName'];
-} else {
- $t->data['spname'] = NULL;
-}
-if(array_key_exists('contact', $spmetadata)) {
- $t->data['contact'] = $spmetadata['contact'];
-} else {
- $t->data['contact'] = NULL;
-}
-if(array_key_exists('attributes', $spmetadata)) {
- $t->data['attrib'] = $spmetadata['attributes'];
-} else {
- $t->data['attrib'] = NULL;
-}
-
-$t->data['selectorg'] = $selectorg;
-$t->data['org'] = $org;
-$t->data['allowedorgs'] = $allowedOrgs;
-$t->data['error'] = $error;
-if (isset($error)) {
- $t->data['username'] = $_POST['username'];
-}
-
-$t->show();
-
-?>