diff --git a/info.textgrid.middleware.tgauth.webauth/WebAuthN/TextGrid-WebAuth.php b/info.textgrid.middleware.tgauth.webauth/WebAuthN/TextGrid-WebAuth.php
deleted file mode 100644
index 3cff6cef04c6f6e122fadc53fe791c4ff71fdf6b..0000000000000000000000000000000000000000
--- a/info.textgrid.middleware.tgauth.webauth/WebAuthN/TextGrid-WebAuth.php
+++ /dev/null
@@ -1,163 +0,0 @@
-<?php
-// #######################################################
-// Author: Martin Haase / DAASI International GmbH / TextGrid
-// Creation date: 2010-09-23
-// Modification date: 2010-10-19
-// Version: 0.2
-// #######################################################
-
-include("../tglib/LDAP.class.php");
-include("../tglib/RBAC.class.php");
-include("../tglib/WebUtils.class.php");
-
-$configfile = "/etc/textgrid/tgauth/conf/config_tgwebauth.xml";
-
-$util = new WebUtils;
-
-$authZinstance = $_REQUEST["authZinstance"];
-
-if ( !(isset($authZinstance)) || strlen($authZinstance) <= 0 ) {
- $util->printAuthFailure("no_tgauth_instance_heading",
- "no_tgauth_instance_detail",
- null,
- null );
- exit;
-}
-
-$rbac = new RBAC ( $configfile, $authZinstance );
-
-// Variant 1: Authentication at Community LDAP
-if (isset ($_REQUEST["loginname"]) && strlen($_REQUEST["loginname"]) > 0
- && isset ($_REQUEST["password"]) && strlen($_REQUEST["password"]) > 0) {
- // now authenticating
- $ldap = new LDAP ( $configfile );
- $AuthNResult = $ldap->authenticate($_REQUEST["loginname"], $_REQUEST["password"]);
- if (! $AuthNResult["success"]) {
- $util->printAuthFailure("authn_failure_heading",
- $AuthNResult["detail"],
- $_REQUEST["loginname"],
- null );
- exit;
- }
- $ProvidedAttributes = $ldap->getUserAttributes();
- $_SERVER["REMOTE_USER"] = $AuthNResult["TGID"];
-}
-
-
-// Variant 2: Shibboleth gave us the right REMOTE_USER.
-// We create a Session here in RBAC, also for Variant1
-if (isset ($_SERVER["REMOTE_USER"])) { // this holds for both shib and ldap authN
-
- // now creating session, activating roles, etc, in RBAC
-
- $CSResult = $rbac->createSession( $_SERVER["REMOTE_USER"] );
- if (isset ($AuthNResult)) {
- $CSResult["rbachash"]["identity_provider"] = $AuthNResult["LDAPname"];
- } else {
- $CSResult["rbachash"]["identity_provider"] = $_SERVER["Shib-Identity-Provider"];
- }
-
- if (!$CSResult["success"]) {
- $util->printAuthFailure("sid_create_failure_heading",
- $CSResult["detail"],
- $_REQUEST["loginname"],
- $CSResult["rbachash"]
- );
- exit;
- }
- $Sid = $CSResult["rbachash"]["Sid"];
-
- $AttributeMap = Array ('surname' => 'sn',
- 'organisation' => 'o',
- 'givenname' => 'givenName',
- 'displayname' => 'cn',
- 'mail' => 'mail'
- );
- if (!isset ($ldap)) {
- $ProvidedAttributes = Array();
- // this is the list of attributes Shibboleth might give to us except from remote_user
- foreach (array ("o", "sn", "givenName", "cn", "mail") as $a) {
- if (isset($_SERVER[$a])) { $ProvidedAttributes[$a] = $_SERVER[$a];}
- }
- }
-}
-// This is Variant 3: No Session Creation, but just a desire to see (and update) User Attributes
-else if (isset ($_REQUEST["Sid"]) && strlen($_REQUEST["Sid"]) > 0 ) {
-// we might have come directly here using the sid and use an earlier session
- $Sid = $_REQUEST["Sid"];
-}
-// not enough information, exiting.
- else
- {
-
- // check if we came via Shibboleth, but without an eduPersonPrincipalName
- // (which would have been the REMOTE_USER)
- if (isset( $_SERVER['Shib-Session-ID'] )) {
- $util->printAuthFailure("shib_login_failure_heading",
- "shib_login_failure_detail",
- "(Shibboleth login, but no ePPN provided)",
- null );
- exit;
- }
- else
- {
- $missing = 0;
- if (!isset($_REQUEST["loginname"]) || strlen($_REQUEST["loginname"]) == 0) {
- $missing = 1;
- }
- if (!isset($_REQUEST["password"]) || strlen($_REQUEST["password"]) == 0) {
- $missing = $missing + 2;
- }
-
- if ($missing == 0) {
- $util->printAuthFailure("authn_failure_heading",
- "authn_failure_detail_nothing_to_do",
- $_REQUEST["loginname"],
- null );
- trigger_error("WebAuth does not know what to do (no login or password provided, no remote user, and no session Id), exiting.", E_USER_WARNING);
- } else if ($missing == 1) {
- $util->printAuthFailure("authn_failure_heading",
- "authn_failure_detail_id_missing",
- '(null)',
- null );
- } else if ($missing == 2) {
- $util->printAuthFailure("authn_failure_heading",
- "authn_failure_detail_password_missing",
- $_REQUEST["loginname"],
- null );
- } else if ($missing == 3) {
- $util->printAuthFailure("authn_failure_heading",
- "authn_failure_detail_both_missing",
- '(null)',
- null );
- }
- exit;
- }
- }
-
-// no matter where we came from we need to retrieve attributes from RBAC
-$attributes = $rbac->getUserAttributes( $Sid );
-
-// if we already have enough attributes and just created a session, possibly update
-// them if there came different ones, and then finally print welcome screen causing
-// the TextGridLab to take over the Sid
-if ($rbac->enoughUserAttributes( $Sid ) && isset ($_SERVER["REMOTE_USER"])) {
- $util->printAuthSuccess("authn_succeeded_heading",
- isset($_REQUEST["loginname"]) ? $_REQUEST["loginname"] : $_SERVER["REMOTE_USER"],
- $CSResult["rbachash"],
- $rbac->slcData()
- );
- $rbac->updateAttributes ( $ProvidedAttributes, $AttributeMap, $Sid ); // not vital and second-order
-} else {
- // now presenting the form, let JavaScript take care for the non-empty-check and the help
- // the form will return either displaying the Sid or just an ACK
- if (isset ($_SERVER["REMOTE_USER"])) {
- $util->printAttributeForm( $attributes, $ProvidedAttributes, $AttributeMap, $Sid, $authZinstance, $_SERVER["REMOTE_USER"], $rbac->ToUversion, $rbac->ToUtext);
- } else if (isset ($_REQUEST["ePPN"])) { // direct invocation of userdata modification dialogue
- $util->printAttributeForm( $attributes, null, null, $Sid, $authZinstance, $_REQUEST["ePPN"], $rbac->ToUversion, $rbac->ToUtext);
- } else {
- echo "Could not modify attributes, not enough information";
- }
-}
-
-?>