diff --git a/bin/build-release.sh b/bin/build-release.sh
index e486a4c19de967ea0e2feae8a7c65d1f21ce60d6..547d56c1b414cf68ebf9612bcdd603803f5a7b6b 100755
--- a/bin/build-release.sh
+++ b/bin/build-release.sh
@@ -48,6 +48,7 @@ php "$TARGET/composer.phar" install --no-dev --prefer-dist -o -d "$TARGET"
# Install external modules
php "$TARGET/composer.phar" require --update-no-dev simplesamlphp/simplesamlphp-module-adfs
+php "$TARGET/composer.phar" require --update-no-dev simplesamlphp/simplesamlphp-module-authcrypt
php "$TARGET/composer.phar" require --update-no-dev simplesamlphp/simplesamlphp-module-authfacebook
php "$TARGET/composer.phar" require --update-no-dev simplesamlphp/simplesamlphp-module-authtwitter
php "$TARGET/composer.phar" require --update-no-dev simplesamlphp/simplesamlphp-module-authx509
diff --git a/composer.json b/composer.json
index 29cc06ca885e6c8d2120001e4aa70e2975b0d9c5..5d6d9da664f2e03235172bfdcb50bc985f86d0cd 100644
--- a/composer.json
+++ b/composer.json
@@ -48,6 +48,7 @@
"robrichards/xmlseclibs": "^3.0",
"simplesamlphp/saml2": "^3.3",
"simplesamlphp/simplesamlphp-module-adfs": "^1.0",
+ "simplesamlphp/simplesamlphp-module-authcrypt": "^1.0",
"simplesamlphp/simplesamlphp-module-authfacebook": "^1.0",
"simplesamlphp/simplesamlphp-module-authtwitter": "^1.0",
"simplesamlphp/simplesamlphp-module-authwindowslive": "^1.0",
diff --git a/modules/authcrypt/default-disable b/modules/authcrypt/default-disable
deleted file mode 100644
index fa0bd82e2df7bd79d57593d35bc53c1f9d3ef71f..0000000000000000000000000000000000000000
--- a/modules/authcrypt/default-disable
+++ /dev/null
@@ -1,3 +0,0 @@
-This file indicates that the default state of this module
-is disabled. To enable, create a file named enable in the
-same directory as this file.
diff --git a/modules/authcrypt/docs/authcrypt.md b/modules/authcrypt/docs/authcrypt.md
deleted file mode 100644
index 148b9ebed0088456755cb360bde29bc9a9a9b428..0000000000000000000000000000000000000000
--- a/modules/authcrypt/docs/authcrypt.md
+++ /dev/null
@@ -1,73 +0,0 @@
-AuthCrypt
-=========
-
-This module provides two methods for authentication:
-
-`authcrypt:Hash`
-: Username & password authentication with hashed passwords.
-
-`authcrypt:Htpasswd`
-: Username & password authentication against an `.htpasswd` file.
-
-
-`authcrypt:Hash`
-----------------
-
-This is based on `exampleAuth:UserPass`, and adds support for hashed passwords.
-Hashes can be generated with the included command line tool `bin/pwgen.sh`.
-This tool will interactively ask for a password, a hashing algorithm , and whether or not you want to use a salt:
-
- [user@server simplesamlphp]$ bin/pwgen.php
- Enter password: hackme
- The following hashing algorithms are available:
- md2 md4 md5 sha1 sha224 sha256
- sha384 sha512 ripemd128 ripemd160 ripemd256 ripemd320
- whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4
- tiger192,4 snefru snefru256 gost adler32 crc32
- crc32b salsa10 salsa20 haval128,3 haval160,3 haval192,3
- haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4
- haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5
-
- Which one do you want? [sha256]
- Do you want to use a salt? (yes/no) [yes]
-
- {SSHA256}y1mj3xsZ4/+LoQyPNVJzXUFfBcLHfwcHx1xxltxeQ1C5MeyEX/RxWA==
-
-Now create an authentication source in `config/authsources.php` and use the resulting string as the password:
-
- 'example-hashed' => array(
- 'authCrypt:Hash',
- 'student:{SSHA256}y1mj3xsZ4/+LoQyPNVJzXUFfBcLHfwcHx1xxltxeQ1C5MeyEX/RxWA==' => array(
- 'uid' => array('student'),
- 'eduPersonAffiliation' => array('member', 'student'),
- ),
- ),
-
-This example creates a user `student` with password `hackme`, and some attributes.
-
-### Compatibility ###
-The generated hashes can also be used in `config.php` for the administrative password:
-
- 'auth.adminpassword' => '{SSHA256}y1mj3xsZ4/+LoQyPNVJzXUFfBcLHfwcHx1xxltxeQ1C5MeyEX/RxWA==',
-
-Instead of generating hashes, you can also use existing ones from OpenLDAP, provided that the `userPassword` attribute is stored as MD5, SMD5, SHA, or SSHA.
-
-
-`authCrypt:Htpasswd`
---------------------
-
-Authenticate users against an [`.htpasswd`](http://httpd.apache.org/docs/2.2/programs/htpasswd.html) file. It can be used for example when you migrate a web site from basic HTTP authentication to SimpleSAMLphp.
-
-The simple structure of the `.htpasswd` file does not allow for per-user attributes, but you can define some static attributes for all users.
-
-An example authentication source in `config/authsources.php` could look like this:
-
- 'htpasswd' => array(
- 'authcrypt:Htpasswd',
- 'htpasswd_file' => '/var/www/foo.edu/legacy_app/.htpasswd',
- 'static_attributes' => array(
- 'eduPersonAffiliation' => array('member', 'employee'),
- 'Organization' => array('University of Foo'),
- ),
- ),
-
diff --git a/modules/authcrypt/lib/Auth/Source/Hash.php b/modules/authcrypt/lib/Auth/Source/Hash.php
deleted file mode 100644
index aa17adcf68849033f114df0bf76b02e24295d6b0..0000000000000000000000000000000000000000
--- a/modules/authcrypt/lib/Auth/Source/Hash.php
+++ /dev/null
@@ -1,103 +0,0 @@
-<?php
-
-namespace SimpleSAML\Module\authcrypt\Auth\Source;
-
-/**
- * Authentication source for username & hashed password.
- *
- * This class is an authentication source which stores all username/hashes in an array,
- * and authenticates users against this array.
- *
- * @author Dyonisius Visser, TERENA.
- * @package SimpleSAMLphp
- */
-
-class Hash extends \SimpleSAML\Module\core\Auth\UserPassBase
-{
- /**
- * Our users, stored in an associative array. The key of the array is "<username>:<passwordhash>",
- * while the value of each element is a new array with the attributes for each user.
- */
- private $users;
-
-
- /**
- * Constructor for this authentication source.
- *
- * @param array $info Information about this authentication source.
- * @param array $config Configuration.
- *
- * @throws Exception in case of a configuration error.
- */
- public function __construct($info, $config)
- {
- assert(is_array($info));
- assert(is_array($config));
-
- // Call the parent constructor first, as required by the interface
- parent::__construct($info, $config);
-
- $this->users = [];
-
- // Validate and parse our configuration
- foreach ($config as $userpass => $attributes) {
- if (!is_string($userpass)) {
- throw new \Exception('Invalid <username>:<passwordhash> for authentication source '.
- $this->authId.': '.$userpass);
- }
-
- $userpass = explode(':', $userpass, 2);
- if (count($userpass) !== 2) {
- throw new \Exception('Invalid <username>:<passwordhash> for authentication source '.
- $this->authId.': '.$userpass[0]);
- }
- $username = $userpass[0];
- $passwordhash = $userpass[1];
-
- try {
- $attributes = \SimpleSAML\Utils\Attributes::normalizeAttributesArray($attributes);
- } catch (\Exception $e) {
- throw new \Exception('Invalid attributes for user '.$username.
- ' in authentication source '.$this->authId.': '.
- $e->getMessage());
- }
-
- $this->users[$username.':'.$passwordhash] = $attributes;
- }
- }
-
-
- /**
- * Attempt to log in using the given username and password.
- *
- * On a successful login, this function should return the users attributes. On failure,
- * it should throw an exception. If the error was caused by the user entering the wrong
- * username OR password, a \SimpleSAML\Error\Error('WRONGUSERPASS') should be thrown.
- *
- * The username is UTF-8 encoded, and the hash is base64 encoded.
- *
- * @param string $username The username the user wrote.
- * @param string $password The password the user wrote.
- *
- * @return array Associative array with the users attributes.
- *
- * @throws \SimpleSAML\Error\Error if authentication fails.
- */
- protected function login($username, $password)
- {
- assert(is_string($username));
- assert(is_string($password));
-
- foreach ($this->users as $userpass => $attrs) {
- $matches = explode(':', $userpass, 2);
- if ($matches[0] === $username) {
- if (\SimpleSAML\Utils\Crypto::pwValid($matches[1], $password)) {
- return $attrs;
- } else {
- \SimpleSAML\Logger::debug('Incorrect password "'.$password.'" for user '.$username);
- }
- }
- }
- throw new \SimpleSAML\Error\Error('WRONGUSERPASS');
- }
-}
diff --git a/modules/authcrypt/lib/Auth/Source/Htpasswd.php b/modules/authcrypt/lib/Auth/Source/Htpasswd.php
deleted file mode 100644
index 72a1fce7289c5dbadf94d74baf75c2c195dc988c..0000000000000000000000000000000000000000
--- a/modules/authcrypt/lib/Auth/Source/Htpasswd.php
+++ /dev/null
@@ -1,118 +0,0 @@
-<?php
-
-namespace SimpleSAML\Module\authcrypt\Auth\Source;
-
-/**
- * Authentication source for Apache 'htpasswd' files.
- *
- * @author Dyonisius (Dick) Visser, TERENA.
- * @package SimpleSAMLphp
- */
-
-use WhiteHat101\Crypt\APR1_MD5;
-
-class Htpasswd extends \SimpleSAML\Module\core\Auth\UserPassBase
-{
- /**
- * Our users, stored in an array, where each value is "<username>:<passwordhash>".
- *
- * @var array
- */
- private $users;
-
- /**
- * An array containing static attributes for our users.
- *
- * @var array
- */
- private $attributes = [];
-
-
- /**
- * Constructor for this authentication source.
- *
- * @param array $info Information about this authentication source.
- * @param array $config Configuration.
- *
- * @throws Exception if the htpasswd file is not readable or the static_attributes array is invalid.
- */
- public function __construct($info, $config)
- {
- assert(is_array($info));
- assert(is_array($config));
-
- // Call the parent constructor first, as required by the interface
- parent::__construct($info, $config);
-
- $this->users = [];
-
- if (!$htpasswd = file_get_contents($config['htpasswd_file'])) {
- throw new \Exception('Could not read '.$config['htpasswd_file']);
- }
-
- $this->users = explode("\n", trim($htpasswd));
-
- try {
- $this->attributes = \SimpleSAML\Utils\Attributes::normalizeAttributesArray($config['static_attributes']);
- } catch (\Exception $e) {
- throw new \Exception('Invalid static_attributes in authentication source '.
- $this->authId.': '.$e->getMessage());
- }
- }
-
-
- /**
- * Attempt to log in using the given username and password.
- *
- * On a successful login, this function should return the username as 'uid' attribute,
- * and merged attributes from the configuration file.
- * On failure, it should throw an exception. A \SimpleSAML\Error\Error('WRONGUSERPASS')
- * should be thrown in case of a wrong username OR a wrong password, to prevent the
- * enumeration of usernames.
- *
- * @param string $username The username the user wrote.
- * @param string $password The password the user wrote.
- *
- * @return array Associative array with the users attributes.
- *
- * @throws \SimpleSAML\Error\Error if authentication fails.
- */
- protected function login($username, $password)
- {
- assert(is_string($username));
- assert(is_string($password));
-
- foreach ($this->users as $userpass) {
- $matches = explode(':', $userpass, 2);
- if ($matches[0] == $username) {
- $crypted = $matches[1];
-
- // This is about the only attribute we can add
- $attributes = array_merge(['uid' => [$username]], $this->attributes);
-
- // Traditional crypt(3)
- if (\SimpleSAML\Utils\Crypto::secureCompare($crypted, crypt($password, $crypted))) {
- \SimpleSAML\Logger::debug('User '.$username.' authenticated successfully');
- \SimpleSAML\Logger::warning(
- 'CRYPT authentication is insecure. Please consider using something else.'
- );
- return $attributes;
- }
-
- // Apache's custom MD5
- if (APR1_MD5::check($password, $crypted)) {
- \SimpleSAML\Logger::debug('User '.$username.' authenticated successfully');
- return $attributes;
- }
-
- // PASSWORD_BCRYPT
- if (\SimpleSAML\Utils\Crypto::pwValid($crypted, $password)) {
- \SimpleSAML\Logger::debug('User '.$username.' authenticated successfully');
- return $attributes;
- }
- throw new \SimpleSAML\Error\Error('WRONGUSERPASS');
- }
- }
- throw new \SimpleSAML\Error\Error('WRONGUSERPASS');
- }
-}