remove deprecated naaf client

src/main/java/password/pwm/AppProperty.java

@@ -135,9 +135,6 @@ public enum     AppProperty {
     LOCALDB_LOGWRITER_MAX_TRIM_SIZE                 ("localdb.logWriter.maxTrimSize"),
     MACRO_RANDOM_CHAR_MAX_LENGTH                    ("macro.randomChar.maxLength"),
     MACRO_LDAP_ATTR_CHAR_MAX_LENGTH                 ("macro.ldapAttr.maxLength"),
-    NAAF_ID                                         ("naaf.id"),
-    NAAF_SECRET                                     ("naaf.secret"),
-    NAAF_SALT_LENGTH                                ("naaf.salt.length"),
 
 
     /** Time intruder records exist in the intruder table before being deleted. */

src/main/java/password/pwm/PwmApplication.java

@@ -126,13 +126,15 @@ public class PwmApplication {
 
         ;
 
-        private String key;
+        private final String key;
 
-        AppAttribute(final String key) {
+        AppAttribute(final String key)
+        {
             this.key = key;
         }
 
-        public String getKey() {
+        public String getKey()
+        {
             return key;
         }
     }
@@ -264,19 +266,15 @@ public class PwmApplication {
             StatisticsManager.incrementStat(this, Statistic.PWM_STARTUPS);
             LOGGER.debug("buildTime=" + PwmConstants.BUILD_TIME + ", javaLocale=" + Locale.getDefault() + ", DefaultLocale=" + PwmConstants.DEFAULT_LOCALE);
 
-            final Thread postInitThread = new Thread() {
-                @Override
-                public void run() {
-                    postInitTasks();
-                }
-            };
+            final Thread postInitThread = new Thread(() -> postInitTasks());
             postInitThread.setDaemon(true);
             postInitThread.setName(JavaHelper.makeThreadName(this, PwmApplication.class));
             postInitThread.start();
         }
     }
 
-    private void postInitTasks() {
+    private void postInitTasks()
+    {
         final Instant startTime = Instant.now();
 
         LOGGER.debug("loaded configuration: " + pwmEnvironment.getConfig().toDebugString());
@@ -356,7 +354,8 @@ public class PwmApplication {
         LOGGER.trace("completed post init tasks in " + TimeDuration.fromCurrent(startTime).asCompactString());
     }
 
-    private static void outputKeystore(final PwmApplication pwmApplication) throws Exception {
+    private static void outputKeystore(final PwmApplication pwmApplication) throws Exception
+    {
         final Map<PwmEnvironment.ApplicationParameter, String> applicationParams = pwmApplication.getPwmEnvironment().getParameters();
         final String keystoreFileString = applicationParams.get(PwmEnvironment.ApplicationParameter.AutoExportHttpsKeyStoreFile);
         if (keystoreFileString != null && !keystoreFileString.isEmpty()) {
@@ -416,15 +415,18 @@ public class PwmApplication {
         }
     }
 
-    public String getInstanceID() {
+    public String getInstanceID()
+    {
         return instanceID;
     }
 
-    public SharedHistoryManager getSharedHistoryManager() {
+    public SharedHistoryManager getSharedHistoryManager()
+    {
         return (SharedHistoryManager)pwmServiceManager.getService(SharedHistoryManager.class);
     }
 
-    public IntruderManager getIntruderManager() {
+    public IntruderManager getIntruderManager()
+    {
         return (IntruderManager)pwmServiceManager.getService(IntruderManager.class);
     }
 
@@ -445,11 +447,13 @@ public class PwmApplication {
         return getLdapConnectionService().getProxyChaiProvider(identifier);
     }
 
-    public LocalDBLogger getLocalDBLogger() {
+    public LocalDBLogger getLocalDBLogger()
+    {
         return localDBLogger;
     }
 
-    public HealthMonitor getHealthMonitor() {
+    public HealthMonitor getHealthMonitor()
+    {
         return (HealthMonitor)pwmServiceManager.getService(HealthMonitor.class);
     }
 

src/main/java/password/pwm/config/PwmSetting.java

@@ -1103,16 +1103,6 @@ public enum PwmSetting {
             "external.remoteResponses.url", PwmSettingSyntax.STRING, PwmSettingCategory.REST_CLIENT),
 
 
-    // NAAF
-    NAAF_WS_URL(
-            "naaf.ws.url", PwmSettingSyntax.STRING, PwmSettingCategory.NAAF),
-    NAAF_WS_CERTIFICATE(
-            "naaf.ws.serverCerts", PwmSettingSyntax.X509CERT, PwmSettingCategory.NAAF),
-    NAAF_USER_IDENTIFIER(
-            "naaf.userIdentifier", PwmSettingSyntax.STRING, PwmSettingCategory.NAAF),
-    NAAF_METHODS(
-            "naaf.requiredMethods", PwmSettingSyntax.OPTIONLIST, PwmSettingCategory.NAAF),
-
     //appliance
     HTTPS_CERT(
             "https.server.cert", PwmSettingSyntax.PRIVATE_KEY, PwmSettingCategory.HTTPS_SERVER),

src/main/java/password/pwm/config/PwmSettingCategory.java

@@ -113,8 +113,7 @@ public enum PwmSettingCategory {
     DATABASE_ADV                (DATABASE),
 
     REPORTING                   (SETTINGS),
-    NAAF                        (SETTINGS),
-    
+
     SSO                         (SETTINGS),
     OAUTH                       (SSO),
     HTTP_SSO                    (SSO),

src/main/java/password/pwm/config/function/NAAFCertImportFunction.java

@@ -1,53 +0,0 @@
-/*
- * Password Management Servlets (PWM)
- * http://www.pwm-project.org
- *
- * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2016 The PWM Project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-package password.pwm.config.function;
-
-import password.pwm.config.PwmSetting;
-import password.pwm.config.stored.StoredConfigurationImpl;
-import password.pwm.error.ErrorInformation;
-import password.pwm.error.PwmError;
-import password.pwm.error.PwmOperationalException;
-
-import java.net.URI;
-
-public class NAAFCertImportFunction extends AbstractUriCertImportFunction {
-
-    static final PwmSetting URI_SOURCE_SETTING = PwmSetting.NAAF_WS_URL;
-
-    @Override
-    String getUri(final StoredConfigurationImpl storedConfiguration, final PwmSetting pwmSetting, final String profile, final String extraData) throws PwmOperationalException {
-        final String uriString = (String)storedConfiguration.readSetting(URI_SOURCE_SETTING).toNativeObject();
-        if (uriString == null || uriString.isEmpty()) {
-            final ErrorInformation errorInformation = new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR,"Setting " + URI_SOURCE_SETTING.toMenuLocationDebug(profile, null) + " must first be configured");
-            throw new PwmOperationalException(errorInformation);
-        }
-        try {
-            URI.create(uriString);
-        } catch (IllegalArgumentException e) {
-            final ErrorInformation errorInformation = new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR,"Setting " + URI_SOURCE_SETTING.toMenuLocationDebug(profile, null) + " has an invalid URL syntax");
-            throw new PwmOperationalException(errorInformation);
-        }
-        return uriString;
-    }
-
-}

src/main/java/password/pwm/config/option/IdentityVerificationMethod.java

@@ -37,7 +37,6 @@ public enum IdentityVerificationMethod implements ConfigurationOption {
     TOKEN(              true,   Display.Field_VerificationMethodToken,              Display.Description_VerificationMethodToken),
     OTP(                true,   Display.Field_VerificationMethodOTP,                Display.Description_VerificationMethodOTP),
     REMOTE_RESPONSES(   false,  Display.Field_VerificationMethodRemoteResponses,    Display.Description_VerificationMethodRemoteResponses),
-    NAAF(               true,   Display.Field_VerificationMethodNAAF,               Display.Description_VerificationMethodNAAF),
     OAUTH(              true,   Display.Field_VerificationMethodOAuth,              Display.Description_VerificationMethodOAuth),
 
     ;

src/main/java/password/pwm/http/JspUrl.java

@@ -57,7 +57,6 @@ public enum JspUrl {
     RECOVER_PASSWORD_TOKEN_CHOICE("forgottenpassword-tokenchoice.jsp"),
     RECOVER_PASSWORD_ENTER_TOKEN("forgottenpassword-entertoken.jsp"),
     RECOVER_PASSWORD_ENTER_OTP("forgottenpassword-enterotp.jsp"),
-    RECOVER_PASSWORD_NAAF("forgottenpassword-naaf.jsp"),
     RECOVER_PASSWORD_REMOTE("forgottenpassword-remote.jsp"),
     SELF_DELETE_AGREE("deleteaccount-agreement.jsp"),
     SELF_DELETE_CONFIRM("deleteaccount-confirm.jsp"),

src/main/java/password/pwm/http/bean/ForgottenPasswordBean.java

@@ -143,7 +143,6 @@ public class ForgottenPasswordBean extends PwmSessionBean {
         @SerializedName("i")
         private IdentityVerificationMethod inProgressVerificationMethod;
 
-        private transient VerificationMethodSystem naafRecoveryMethod;
         private transient VerificationMethodSystem remoteRecoveryMethod;
 
         public Set<IdentityVerificationMethod> getSatisfiedMethods() {
@@ -198,14 +197,6 @@ public class ForgottenPasswordBean extends PwmSessionBean {
             this.inProgressVerificationMethod = inProgressVerificationMethod;
         }
 
-        public void setNaafRecoveryMethod(final VerificationMethodSystem naafRecoveryMethod) {
-            this.naafRecoveryMethod = naafRecoveryMethod;
-        }
-
-        public VerificationMethodSystem getNaafRecoveryMethod() {
-            return naafRecoveryMethod;
-        }
-
         public VerificationMethodSystem getRemoteRecoveryMethod() {
             return remoteRecoveryMethod;
         }

src/main/java/password/pwm/http/servlet/forgottenpw/ForgottenPasswordServlet.java

@@ -100,7 +100,6 @@ import password.pwm.util.operations.PasswordUtility;
 import password.pwm.util.operations.cr.NMASCrOperator;
 import password.pwm.util.operations.otp.OTPUserRecord;
 import password.pwm.ws.client.rest.RestTokenDataClient;
-import password.pwm.ws.client.rest.naaf.PwmNAAFVerificationMethod;
 
 import javax.servlet.ServletException;
 import javax.servlet.annotation.WebServlet;
@@ -150,7 +149,6 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet {
         actionChoice(HttpMethod.POST),
         tokenChoice(HttpMethod.POST),
         verificationChoice(HttpMethod.POST),
-        enterNaafResponse(HttpMethod.POST),
         enterRemoteResponse(HttpMethod.POST),
         oauthReturn(HttpMethod.GET),
 
@@ -212,106 +210,6 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet {
         return ProcessStatus.Continue;
     }
 
-    /*
-    @Override
-    public void processAction(final PwmRequest pwmRequest)
-            throws ServletException, IOException, ChaiUnavailableException, PwmUnrecoverableException
-    {
-        final PwmSession pwmSession = pwmRequest.getPwmSession();
-        final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
-
-        final Configuration config = pwmApplication.getConfig();
-        final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
-
-        if (!config.readSettingAsBoolean(PwmSetting.FORGOTTEN_PASSWORD_ENABLE)) {
-            pwmRequest.respondWithError(PwmError.ERROR_SERVICE_NOT_AVAILABLE.toInfo());
-            return;
-        }
-
-        if (pwmSession.isAuthenticated()) {
-            pwmRequest.respondWithError(PwmError.ERROR_USERAUTHENTICATED.toInfo());
-            return;
-        }
-
-        if (forgottenPasswordBean.getUserIdentity() != null) {
-            pwmApplication.getIntruderManager().convenience().checkUserIdentity(forgottenPasswordBean.getUserIdentity());
-        }
-
-        checkForLocaleSwitch(pwmRequest, forgottenPasswordBean);
-
-        final ForgottenPasswordAction processAction = readProcessAction(pwmRequest);
-
-        // convert a url command like /pwm/public/ForgottenPassword/12321321 to redirect with a process action.
-        if (processAction == null) {
-            if (pwmRequest.convertURLtokenCommand()) {
-                return;
-            }
-        }
-
-        if (processAction != null) {
-
-            switch (processAction) {
-                case search:
-                    this.processSearch(pwmRequest);
-                    break;
-
-                case checkResponses:
-                    this.processCheckResponses(pwmRequest);
-                    break;
-
-                case checkAttributes:
-                    this.processCheckAttributes(pwmRequest);
-                    break;
-
-                case enterCode:
-                    this.processEnterToken(pwmRequest);
-                    break;
-
-                case enterOtp:
-                    this.processEnterOtpToken(pwmRequest);
-                    break;
-
-                case reset:
-                    this.processReset(pwmRequest);
-                    break;
-
-                case actionChoice:
-                    this.processActionChoice(pwmRequest);
-                    break;
-
-                case tokenChoice:
-                    this.processTokenChoice(pwmRequest);
-                    break;
-
-                case verificationChoice:
-                    this.processVerificationChoice(pwmRequest);
-                    break;
-
-                case enterNaafResponse:
-                    this.processEnterNaaf(pwmRequest);
-                    break;
-
-                case enterRemoteResponse:
-                    this.processEnterRemote(pwmRequest);
-                    break;
-
-                case oauthReturn:
-                    this.processOAuthReturn(pwmRequest);
-                    break;
-
-                default:
-                    JavaHelper.unhandledSwitchStatement(processAction);
-            }
-        } else {
-            pwmApplication.getSessionStateService().clearBean(pwmRequest, ForgottenPasswordBean.class);
-        }
-
-        if (!pwmRequest.getPwmResponse().isCommitted()) {
-            this.nextStep(pwmRequest);
-        }
-    }
-    */
-
     private static ForgottenPasswordBean forgottenPasswordBean(final PwmRequest pwmRequest) throws PwmUnrecoverableException {
         return pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, ForgottenPasswordBean.class);
     }
@@ -561,48 +459,6 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet {
         return ProcessStatus.Continue;
     }
 
-    @ActionHandler(action = "enterNaafResponse")
-    private ProcessStatus processEnterNaaf(final PwmRequest pwmRequest)
-            throws PwmUnrecoverableException, IOException, ServletException
-    {
-        final String PREFIX = "naaf-";
-        final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
-        final VerificationMethodSystem naafMethod = forgottenPasswordBean.getProgress().getNaafRecoveryMethod();
-
-        final Map<String,String> naafResponses = new LinkedHashMap<>();
-        {
-            final Map<String,String> inputMap = pwmRequest.readParametersAsMap();
-            for (final String name : inputMap.keySet()) {
-                if (name != null && name.startsWith(PREFIX)) {
-                    final String strippedName = name.substring(PREFIX.length(), name.length());
-                    final String value = inputMap.get(name);
-                    naafResponses.put(strippedName,value);
-                }
-            }
-        }
-
-        final ErrorInformation errorInformation = naafMethod.respondToPrompts(naafResponses);
-
-        if (naafMethod.getVerificationState() == VerificationMethodSystem.VerificationState.COMPLETE) {
-            forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.NAAF);
-        }
-
-        if (naafMethod.getVerificationState() == VerificationMethodSystem.VerificationState.FAILED) {
-            forgottenPasswordBean.getProgress().setNaafRecoveryMethod(null);
-            pwmRequest.respondWithError(errorInformation,true);
-            handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
-            LOGGER.debug(pwmRequest, "unsuccessful NAAF verification input: " + errorInformation.toDebugStr());
-            return ProcessStatus.Continue;
-        }
-
-        if (errorInformation != null) {
-            setLastError(pwmRequest, errorInformation);
-            handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
-        }
-
-        return ProcessStatus.Continue;
-    }
-
     @ActionHandler(action = "enterRemoteResponse")
     private ProcessStatus processEnterRemote(final PwmRequest pwmRequest)
             throws PwmUnrecoverableException, IOException, ServletException
@@ -630,7 +486,7 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet {
         }
 
         if (remoteRecoveryMethod.getVerificationState() == VerificationMethodSystem.VerificationState.FAILED) {
-            forgottenPasswordBean.getProgress().setNaafRecoveryMethod(null);
+            forgottenPasswordBean.getProgress().setRemoteRecoveryMethod(null);
             pwmRequest.respondWithError(errorInformation,true);
             handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
             LOGGER.debug(pwmRequest, "unsuccessful remote response verification input: " + errorInformation.toDebugStr());
@@ -1739,32 +1595,6 @@ public class ForgottenPasswordServlet extends ControlledPwmServlet {
             }
             break;
 
-
-            case NAAF: {
-                final UserInfoBean userInfoBean = readUserInfoBean(pwmRequest, forgottenPasswordBean);
-                final VerificationMethodSystem naafMethod;
-                if (forgottenPasswordBean.getProgress().getNaafRecoveryMethod() == null) {
-                    naafMethod = new PwmNAAFVerificationMethod();
-                    naafMethod.init(
-                            pwmRequest.getPwmApplication(),
-                            userInfoBean,
-                            pwmRequest.getSessionLabel(),
-                            pwmRequest.getLocale()
-                    );
-                    forgottenPasswordBean.getProgress().setNaafRecoveryMethod(naafMethod);
-                } else {
-                    naafMethod = forgottenPasswordBean.getProgress().getNaafRecoveryMethod();
-                }
-
-                final List<VerificationMethodSystem.UserPrompt> prompts = naafMethod.getCurrentPrompts();
-                final String displayInstructions = naafMethod.getCurrentDisplayInstructions();
-
-                pwmRequest.setAttribute(PwmRequest.Attribute.ForgottenPasswordPrompts, new ArrayList<>(prompts));
-                pwmRequest.setAttribute(PwmRequest.Attribute.ForgottenPasswordInstructions, displayInstructions);
-                pwmRequest.forwardToJsp(JspUrl.RECOVER_PASSWORD_NAAF);
-            }
-            break;
-
             case OAUTH:
                 forgottenPasswordBean.getProgress().setInProgressVerificationMethod(IdentityVerificationMethod.OAUTH);
                 final ForgottenPasswordProfile forgottenPasswordProfile = pwmRequest.getConfig().getForgottenPasswordProfiles().get(forgottenPasswordBean.getForgottenPasswordProfileID());

src/main/java/password/pwm/i18n/Display.java

@@ -228,7 +228,6 @@ public enum Display implements PwmDisplayBundle {
     Field_VerificationMethodChallengeResponses,
     Field_VerificationMethodAttributes,
     Field_VerificationMethodRemoteResponses,
-    Field_VerificationMethodNAAF,
     Field_VerificationMethodOAuth,
     Field_VerificationMethod,
     Description_VerificationMethodPreviousAuth,
@@ -237,7 +236,6 @@ public enum Display implements PwmDisplayBundle {
     Description_VerificationMethodChallengeResponses,
     Description_VerificationMethodAttributes,
     Description_VerificationMethodRemoteResponses,
-    Description_VerificationMethodNAAF,
     Description_VerificationMethodOAuth,
     Description_VerificationMethod,
     Long_Title_ActivateUser,

src/main/java/password/pwm/ws/client/rest/naaf/NAAFChainBean.java

@@ -1,65 +0,0 @@
-/*
- * Password Management Servlets (PWM)
- * http://www.pwm-project.org
- *
- * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2016 The PWM Project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-package password.pwm.ws.client.rest.naaf;
-
-import java.io.Serializable;
-import java.util.List;
-
-class NAAFChainBean implements Serializable {
-    private String name;
-    private boolean is_trusted;
-    private String short_name;
-    private List<String> methods;
-
-    public String getName() {
-        return name;
-    }
-
-    public void setName(final String name) {
-        this.name = name;
-    }
-
-    public boolean is_trusted() {
-        return is_trusted;
-    }
-
-    public void setIs_trusted(final boolean is_trusted) {
-        this.is_trusted = is_trusted;
-    }
-
-    public String getShort_name() {
-        return short_name;
-    }
-
-    public void setShort_name(final String short_name) {
-        this.short_name = short_name;
-    }
-
-    public List<String> getMethods() {
-        return methods;
-    }
-
-    public void setMethods(final List<String> methods) {
-        this.methods = methods;
-    }
-}

src/main/java/password/pwm/ws/client/rest/naaf/NAAFChainInformationResponseBean.java

@@ -1,38 +0,0 @@
-/*
- * Password Management Servlets (PWM)
- * http://www.pwm-project.org
- *
- * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2016 The PWM Project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-package password.pwm.ws.client.rest.naaf;
-
-import java.io.Serializable;
-import java.util.List;
-
-class NAAFChainInformationResponseBean implements Serializable {
-    private List<NAAFChainBean> chains;
-
-    public List<NAAFChainBean> getChains() {
-        return chains;
-    }
-
-    public void setChains(final List<NAAFChainBean> chains) {
-        this.chains = chains;
-    }
-}

src/main/java/password/pwm/ws/client/rest/naaf/NAAFEndPoint.java

@@ -1,171 +0,0 @@
-/*
- * Password Management Servlets (PWM)
- * http://www.pwm-project.org
- *
- * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2016 The PWM Project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-package password.pwm.ws.client.rest.naaf;
-
-import password.pwm.AppProperty;
-import password.pwm.PwmApplication;
-import password.pwm.config.Configuration;
-import password.pwm.config.PwmSetting;
-import password.pwm.error.PwmUnrecoverableException;
-import password.pwm.http.HttpHeader;
-import password.pwm.http.HttpMethod;
-import password.pwm.http.PwmURL;
-import password.pwm.http.client.PwmHttpClient;
-import password.pwm.http.client.PwmHttpClientConfiguration;
-import password.pwm.http.client.PwmHttpClientRequest;
-import password.pwm.http.client.PwmHttpClientResponse;
-import password.pwm.util.java.JsonUtil;
-import password.pwm.util.logging.PwmLogger;
-import password.pwm.util.secure.PwmHashAlgorithm;
-import password.pwm.util.secure.PwmRandom;
-import password.pwm.util.secure.SecureEngine;
-
-import java.io.Serializable;
-import java.security.cert.X509Certificate;
-import java.util.HashMap;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-
-public class NAAFEndPoint {
-    private static final PwmLogger LOGGER = PwmLogger.forClass(NAAFEndPoint.class);
-
-    private final String id;
-    private final String salt;
-    private final String secret;
-    private final String endpointURL;
-
-    private String endpoint_session_id;
-    private PwmHttpClient pwmHttpClient;
-
-    private Locale locale;
-
-    public NAAFEndPoint(
-            final PwmApplication pwmApplication,
-            final String url,
-            final Locale locale
-    )
-            throws PwmUnrecoverableException
-    {
-        this.locale = locale;
-
-        final Configuration config = pwmApplication.getConfig();
-        this.endpointURL = url;
-        this.id = config.readAppProperty(AppProperty.NAAF_ID);
-        this.secret = config.readAppProperty(AppProperty.NAAF_SECRET);
-        final int saltLength = Integer.parseInt(config.readAppProperty(AppProperty.NAAF_SALT_LENGTH));
-        this.salt = PwmRandom.getInstance().alphaNumericString(saltLength);
-
-        final X509Certificate[] naafWsCerts = config.readSettingAsCertificate(PwmSetting.NAAF_WS_CERTIFICATE);
-        final PwmHttpClientConfiguration pwmHttpClientConfiguration = new PwmHttpClientConfiguration.Builder().setCertificate(naafWsCerts).create();
-        this.pwmHttpClient = new PwmHttpClient(pwmApplication, null, pwmHttpClientConfiguration);
-        establishEndpointSession();
-    }
-
-    public void establishEndpointSession()
-            throws PwmUnrecoverableException
-    {
-        LOGGER.debug("establishing endpoint connection to " + endpointURL);
-        final String m1 = id + salt;
-        final String m1Hash = SecureEngine.hash(m1, PwmHashAlgorithm.SHA256).toLowerCase();
-        final String m2 = secret + m1Hash;
-        final String m2Hash = SecureEngine.hash(m2, PwmHashAlgorithm.SHA256).toLowerCase();
-
-        final HashMap<String, Object> initConnectMap = new HashMap<>();
-        initConnectMap.put("salt", salt);
-        initConnectMap.put("endpoint_secret_hash", m2Hash);
-        initConnectMap.put("session_data", new HashMap<String, String>());
-
-        final PwmHttpClientResponse response = makeApiRequest(
-                HttpMethod.POST,
-                "/endpoints/" + id + "/sessions",
-                initConnectMap
-        );
-
-        final String body = response.getBody();
-        final Map<String, String> responseValues = JsonUtil.deserializeStringMap(body);
-
-        endpoint_session_id = responseValues.get("endpoint_session_id");
-        LOGGER.debug("endpoint connection established to " + endpointURL + ", endpoint_session_id=" + endpoint_session_id);
-    }
-
-    String getEndpoint_session_id() {
-        return endpoint_session_id;
-    }
-
-    String getEndpointURL() {
-        return endpointURL;
-    }
-
-    PwmHttpClient getPwmHttpClient() {
-        return pwmHttpClient;
-    }
-
-    public List<NAAFChainBean> readChains(final String username) throws PwmUnrecoverableException {
-        final Map<String, String> urlParams = new LinkedHashMap<>();
-        urlParams.put("username", username);
-        urlParams.put("application", "NAM");
-        urlParams.put("is_trusted", "true");
-        urlParams.put("endpoint_session_id", this.getEndpoint_session_id());
-
-        final String url = PwmURL.appendAndEncodeUrlParameters("/logon/chains", urlParams);
-
-        final PwmHttpClientResponse response = makeApiRequest(
-                HttpMethod.POST,
-                url,
-                null
-        );
-
-        final NAAFChainInformationResponseBean naafChainInformationResponseBean = JsonUtil.deserialize(
-                response.getBody(),
-                NAAFChainInformationResponseBean.class
-        );
-
-        return naafChainInformationResponseBean.getChains();
-    }
-
-
-    PwmHttpClientResponse makeApiRequest(
-            final HttpMethod method,
-            final String urlPart,
-            final Serializable body
-    )
-            throws PwmUnrecoverableException
-    {
-        final Map<String,String> headers = new HashMap<>();
-        headers.put(HttpHeader.Content_Type.getHttpName(), "application/json");
-        if (locale != null) {
-            headers.put(HttpHeader.Accept_Language.getHttpName(), locale.toLanguageTag());
-        }
-
-        final PwmHttpClientRequest pwmHttpClientRequest = new PwmHttpClientRequest(
-                method,
-                getEndpointURL() + urlPart,
-                JsonUtil.serialize(body),
-                headers
-        );
-        return pwmHttpClient.makeRequest(pwmHttpClientRequest);
-
-    }
-}

src/main/java/password/pwm/ws/client/rest/naaf/NAAFErrorResponseBean.java

@@ -1,77 +0,0 @@
-/*
- * Password Management Servlets (PWM)
- * http://www.pwm-project.org
- *
- * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2016 The PWM Project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-package password.pwm.ws.client.rest.naaf;
-
-import java.io.Serializable;
-import java.util.List;
-
-public class NAAFErrorResponseBean implements Serializable {
-    private String status;
-    private List<ErrorData> errors;
-
-    public String getStatus() {
-        return status;
-    }
-
-    public void setStatus(final String status) {
-        this.status = status;
-    }
-
-    public List<ErrorData> getErrors() {
-        return errors;
-    }
-
-    public void setErrors(final List<ErrorData> errors) {
-        this.errors = errors;
-    }
-
-    public static class ErrorData {
-        private String description;
-        private String name;
-        private String location;
-
-        public String getDescription() {
-            return description;
-        }
-
-        public void setDescription(final String description) {
-            this.description = description;
-        }
-
-        public String getName() {
-            return name;
-        }
-
-        public void setName(final String name) {
-            this.name = name;
-        }
-
-        public String getLocation() {
-            return location;
-        }
-
-        public void setLocation(final String location) {
-            this.location = location;
-        }
-    }
-}

src/main/java/password/pwm/ws/client/rest/naaf/NAAFLoginMethod.java

@@ -1,54 +0,0 @@
-/*
- * Password Management Servlets (PWM)
- * http://www.pwm-project.org
- *
- * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2016 The PWM Project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-package password.pwm.ws.client.rest.naaf;
-
-public enum NAAFLoginMethod {
-    PASSWORD("PASSWORD:1",NAAFMethods.NAAFPasswordMethodHandler.class),
-    LDAP_PASSWORD("LDAP_PASSWORD:1",NAAFMethods.NAAFLdapPasswordMethodHandler.class),
-    SECURITY_QUESTIONS("SECQUEST:1",NAAFMethods.NAAFSecurityQuestionsMethodHandler.class),
-    EMAIL_OTP("EMAIL_OTP:1",NAAFMethods.NAAFEmailOTPMethodHandler.class),
-    SMS_OTP("SMS_OTP:1",NAAFMethods.NAAFSMSOTPMethodHandler.class),
-    SMARTPHONE("SMARTPHONE:1",NAAFMethods.NAAFSmartphoneMethodHandler.class),
-    RADIUS("RADIUS:1",NAAFMethods.NAAFRadiusMethodHandler.class),
-    TOTP("TOTP:1",NAAFMethods.NAAFTOTPMethodHandler.class),
-    HOTP("HOTP:1",NAAFMethods.NAAFHOTPMethodHandler.class),
-
-    ;
-
-    private final String naafName;
-    private final Class<? extends NAAFMethodHandler> naafMethodHandler;
-
-    NAAFLoginMethod(final String naafName, final Class<? extends NAAFMethodHandler> naafMethodHandler) {
-        this.naafName = naafName;
-        this.naafMethodHandler = naafMethodHandler;
-    }
-
-    public String getNaafName() {
-        return naafName;
-    }
-
-    public Class<? extends NAAFMethodHandler> getNaafMethodHandler() {
-        return naafMethodHandler;
-    }
-
-}

src/main/java/password/pwm/ws/client/rest/naaf/NAAFLoginResponseBean.java

@@ -1,109 +0,0 @@
-/*
- * Password Management Servlets (PWM)
- * http://www.pwm-project.org
- *
- * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2016 The PWM Project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-package password.pwm.ws.client.rest.naaf;
-
-import java.io.Serializable;
-import java.util.List;
-import java.util.Map;
-
-class NAAFLoginResponseBean implements Serializable {
-    private String msg;
-    private String current_method;
-    private String logon_process_id;
-    private List<String> completed_methods;
-    private List<String> plugins;
-    private STATUS status;
-    private List<NAAFChainBean> chains;
-    private Map<String,String> questions;
-
-    enum STATUS {
-        OK,
-        MORE_DATA,
-        NEXT,
-        FAILED,
-    }
-
-    public String getMsg() {
-        return msg;
-    }
-
-    public void setMsg(final String msg) {
-        this.msg = msg;
-    }
-
-    public String getCurrent_method() {
-        return current_method;
-    }
-
-    public void setCurrent_method(final String current_method) {
-        this.current_method = current_method;
-    }
-
-    public String getLogon_process_id() {
-        return logon_process_id;
-    }
-
-    public void setLogon_process_id(final String logon_process_id) {
-        this.logon_process_id = logon_process_id;
-    }
-
-    public List<String> getCompleted_methods() {
-        return completed_methods;
-    }
-
-    public void setCompleted_methods(final List<String> completed_methods) {
-        this.completed_methods = completed_methods;
-    }
-
-    public List<String> getPlugins() {
-        return plugins;
-    }
-
-    public void setPlugins(final List<String> plugins) {
-        this.plugins = plugins;
-    }
-
-    public STATUS getStatus() {
-        return status;
-    }
-
-    public void setStatus(final STATUS status) {
-        this.status = status;
-    }
-
-    public List<NAAFChainBean> getChains() {
-        return chains;
-    }
-
-    public void setChains(final List<NAAFChainBean> chains) {
-        this.chains = chains;
-    }
-
-    public Map<String, String> getQuestions() {
-        return questions;
-    }
-
-    public void setQuestions(final Map<String, String> questions) {
-        this.questions = questions;
-    }
-}

src/main/java/password/pwm/ws/client/rest/naaf/NAAFLoginSequence.java

@@ -1,238 +0,0 @@
-/*
- * Password Management Servlets (PWM)
- * http://www.pwm-project.org
- *
- * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2016 The PWM Project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-package password.pwm.ws.client.rest.naaf;
-
-import password.pwm.VerificationMethodSystem;
-import password.pwm.error.ErrorInformation;
-import password.pwm.error.PwmError;
-import password.pwm.error.PwmUnrecoverableException;
-import password.pwm.http.HttpMethod;
-import password.pwm.http.client.PwmHttpClientResponse;
-import password.pwm.util.java.JsonUtil;
-import password.pwm.util.logging.PwmLogger;
-
-import java.io.Serializable;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-
-public class NAAFLoginSequence {
-    private static final PwmLogger LOGGER = PwmLogger.forClass(NAAFLoginSequence.class);
-    private static int instanceCounter = 0;
-
-    private final NAAFEndPoint naafEndPoint;
-    private int instanceID = instanceCounter++;
-
-    private NAAFLoginResponseBean lastResponseBean;
-    private ErrorInformation lastError;
-
-    private final List<NAAFLoginMethod> requiredMethods;
-    private final List<NAAFLoginMethod> completedMethods = new ArrayList<>();
-    private final String username;
-    private final Locale locale;
-
-    private CurrentState currentState;
-
-    static class CurrentState {
-        private NAAFLoginMethod currentMethod;
-        private NAAFMethodHandler currentMethodHandler;
-    }
-
-    public NAAFLoginSequence(
-            final NAAFEndPoint naafEndPoint,
-            final Collection<NAAFLoginMethod> requiredMethods,
-            final String username,
-            final Locale locale
-    )
-            throws PwmUnrecoverableException
-    {
-        logDebug("new instance");
-        this.naafEndPoint = naafEndPoint;
-        this.requiredMethods = new ArrayList<>(requiredMethods);
-        this.username = username;
-        this.locale = locale;
-        cycleMethods();
-    }
-
-    private void cycleMethods()
-            throws PwmUnrecoverableException
-    {
-        if (currentState != null) {
-            return;
-        }
-        for (final NAAFLoginMethod loginMethod : requiredMethods) {
-            if (currentState == null) {
-                if (!completedMethods.contains(loginMethod)) {
-                    try {
-                        final CurrentState newState = new CurrentState();
-                        newState.currentMethod = loginMethod;
-                        newState.currentMethodHandler = loginMethod.getNaafMethodHandler().newInstance();
-                        newState.currentMethodHandler.init(this);
-                        currentState = newState;
-                        beginLogin();
-                        logDebug("currentMethod is now: " + loginMethod);
-                    } catch (IllegalAccessException | InstantiationException e) {
-                        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN,e.getMessage());
-                        LOGGER.error(errorInformation.toDebugStr(),e);
-                        throw new PwmUnrecoverableException(errorInformation);
-                    }
-                }
-            }
-        }
-    }
-
-    private void beginLogin()
-            throws PwmUnrecoverableException
-    {
-        cycleMethods();
-
-        // initial login session establishment;
-        final HashMap<String, String> beginLoginParamters = new HashMap<>();
-        beginLoginParamters.put("user_name", username);
-        beginLoginParamters.put("method_id", currentState.currentMethod.getNaafName());
-        beginLoginParamters.put("endpoint_session_id", naafEndPoint.getEndpoint_session_id());
-        final PwmHttpClientResponse response = naafEndPoint.makeApiRequest(
-                HttpMethod.POST,
-                "/logon",
-                beginLoginParamters
-        );
-
-        checkResponseForError(response.getBody());
-        lastResponseBean = JsonUtil.deserialize(response.getBody(), NAAFLoginResponseBean.class);
-    }
-
-    public Map<String,String> nextPrompt(final Locale locale) throws PwmUnrecoverableException {
-        return currentState.currentMethodHandler.getPrompts(locale);
-    }
-
-    public String answerPrompts(final Map<String, String> promptAnswers) throws PwmUnrecoverableException {
-        return currentState.currentMethodHandler.answerPrompts(promptAnswers);
-    }
-
-
-    String sendResponse(final Serializable responseData) throws PwmUnrecoverableException {
-        final HashMap<String, Object> loginParams = new HashMap<>();
-        loginParams.put("login_process_id", lastResponseBean.getLogon_process_id());
-        loginParams.put("endpoint_session_id", naafEndPoint.getEndpoint_session_id());
-        loginParams.put("response", responseData);
-
-        final PwmHttpClientResponse response = naafEndPoint.makeApiRequest(
-                HttpMethod.POST,
-                "/logon/" + lastResponseBean.getLogon_process_id() + "/do_logon",
-                loginParams
-        );
-
-        checkResponseForError(response.getBody());
-        lastResponseBean = JsonUtil.deserialize(response.getBody(), NAAFLoginResponseBean.class);
-        final String lastMsg = lastResponseBean.getMsg();
-        logDebug("response from NAAF for last submit: " + lastMsg);
-
-        if (responsesContainsCompletedMethod(lastResponseBean,currentState.currentMethod)) {
-            completedMethods.add(currentState.currentMethod);
-            currentState = null;
-            cycleMethods();
-            return null;
-        }
-
-        switch (lastResponseBean.getStatus()) {
-            case FAILED:
-            case OK:
-                currentState = null;
-                break;
-
-            default:
-                // unknown status so continue process
-                break;
-
-        }
-        if (currentState == null) {
-            cycleMethods();
-        }
-
-        return lastMsg;
-    }
-
-    private void checkResponseForError(final String body) throws PwmUnrecoverableException {
-        final NAAFErrorResponseBean errorResponseBean = JsonUtil.deserialize(body, NAAFErrorResponseBean.class);
-        if (errorResponseBean != null) {
-            if ("error".equalsIgnoreCase(errorResponseBean.getStatus())) {
-                String errorMsg = "unknown";
-                if (errorResponseBean.getErrors() != null && !errorResponseBean.getErrors().isEmpty()) {
-                    errorMsg = errorResponseBean.getErrors().iterator().next().getDescription();
-                }
-                lastError = new ErrorInformation(PwmError.ERROR_REMOTE_ERROR_VALUE, errorMsg);
-                throw new PwmUnrecoverableException(lastError);
-            }
-        }
-    }
-
-    public VerificationMethodSystem.VerificationState status() {
-        if (lastError != null) {
-            return VerificationMethodSystem.VerificationState.FAILED;
-        }
-        if (completedMethods.containsAll(requiredMethods)) {
-            return VerificationMethodSystem.VerificationState.COMPLETE;
-        }
-        return VerificationMethodSystem.VerificationState.INPROGRESS;
-    }
-
-
-    public NAAFLoginResponseBean getLastResponseBean() {
-        return lastResponseBean;
-    }
-
-    boolean responsesContainsCompletedMethod(final NAAFLoginResponseBean naafLoginResponseBean, final NAAFLoginMethod naafLoginMethod) {
-        if (naafLoginMethod == null || naafLoginResponseBean == null) {
-            return false;
-        }
-
-        if (naafLoginResponseBean.getCompleted_methods() == null) {
-            return false;
-        }
-
-        if (naafLoginResponseBean.getCompleted_methods().contains(naafLoginMethod.getNaafName())) {
-            return true;
-        }
-
-        return false;
-    }
-
-    private void logDebug(final String message) {
-        LOGGER.debug("id="+instanceID + " " + message);
-    }
-
-    public Locale getLocale() {
-        return locale;
-    }
-
-    public NAAFLoginMethod currentMethod() {
-        if (currentState != null) {
-            return currentState.currentMethod;
-        }
-
-        return null;
-    }
-}

src/main/java/password/pwm/ws/client/rest/naaf/NAAFMethodHandler.java

@@ -1,36 +0,0 @@
-/*
- * Password Management Servlets (PWM)
- * http://www.pwm-project.org
- *
- * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2016 The PWM Project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-package password.pwm.ws.client.rest.naaf;
-
-import password.pwm.error.PwmUnrecoverableException;
-
-import java.util.Locale;
-import java.util.Map;
-
-public interface NAAFMethodHandler {
-    void init(NAAFLoginSequence naafLoginSequence);
-
-    Map<String,String> getPrompts(Locale locale) throws PwmUnrecoverableException;
-
-    String answerPrompts( Map<String,String> answers) throws PwmUnrecoverableException;
-}

src/main/java/password/pwm/ws/client/rest/naaf/NAAFMethods.java

@@ -1,263 +0,0 @@
-/*
- * Password Management Servlets (PWM)
- * http://www.pwm-project.org
- *
- * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2016 The PWM Project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-package password.pwm.ws.client.rest.naaf;
-
-import password.pwm.error.PwmUnrecoverableException;
-import password.pwm.i18n.Display;
-import password.pwm.util.LocaleHelper;
-
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.LinkedHashMap;
-import java.util.Locale;
-import java.util.Map;
-
-public class NAAFMethods {
-    public static class NAAFPasswordMethodHandler implements NAAFMethodHandler {
-        private static final String PASSWORD_FIELD_NAME = "answer";
-        private NAAFLoginSequence naafLoginSequence;
-
-        @Override
-        public void init(final NAAFLoginSequence naafLoginSequence) {
-            this.naafLoginSequence = naafLoginSequence;
-        }
-
-        @Override
-        public Map<String, String> getPrompts(final Locale locale) {
-            final String prompt = LocaleHelper.getLocalizedMessage(locale, Display.Field_CurrentPassword, null);
-            return Collections.singletonMap(PASSWORD_FIELD_NAME, prompt);
-        }
-
-        @Override
-        public String answerPrompts(final Map<String, String> answers) throws PwmUnrecoverableException {
-            return naafLoginSequence.sendResponse(new HashMap<>(answers));
-        }
-    }
-
-    public static class NAAFLdapPasswordMethodHandler implements NAAFMethodHandler {
-        private static final String PASSWORD_FIELD_NAME = "answer";
-        private NAAFLoginSequence naafLoginSequence;
-
-        @Override
-        public void init(final NAAFLoginSequence naafLoginSequence) {
-            this.naafLoginSequence = naafLoginSequence;
-        }
-
-        @Override
-        public Map<String, String> getPrompts(final Locale locale) {
-            final String prompt = LocaleHelper.getLocalizedMessage(locale, Display.Field_CurrentPassword, null);
-            return Collections.singletonMap(PASSWORD_FIELD_NAME, prompt);
-        }
-
-        @Override
-        public String answerPrompts(final Map<String, String> answers) throws PwmUnrecoverableException {
-            return naafLoginSequence.sendResponse(new HashMap<>(answers));
-        }
-    }
-
-    public static class NAAFRadiusMethodHandler implements NAAFMethodHandler {
-        private static final String PASSWORD_FIELD_NAME = "answer";
-        private NAAFLoginSequence naafLoginSequence;
-
-        @Override
-        public void init(final NAAFLoginSequence naafLoginSequence) {
-            this.naafLoginSequence = naafLoginSequence;
-        }
-
-        @Override
-        public Map<String, String> getPrompts(final Locale locale) {
-            final String prompt = LocaleHelper.getLocalizedMessage(locale, Display.Field_CurrentPassword, null);
-            return Collections.singletonMap(PASSWORD_FIELD_NAME, prompt);
-        }
-
-        @Override
-        public String answerPrompts(final Map<String, String> answers) throws PwmUnrecoverableException {
-            return naafLoginSequence.sendResponse(new HashMap<>(answers));
-        }
-    }
-
-    public static class NAAFSecurityQuestionsMethodHandler implements NAAFMethodHandler {
-        private NAAFLoginSequence naafLoginSequence;
-
-        @Override
-        public void init(final NAAFLoginSequence naafLoginSequence) {
-            this.naafLoginSequence = naafLoginSequence;
-        }
-
-        @Override
-        public Map<String, String> getPrompts(final Locale locale) throws PwmUnrecoverableException {
-            naafLoginSequence.sendResponse(null);
-            return naafLoginSequence.getLastResponseBean().getQuestions();
-        }
-
-        @Override
-        public String answerPrompts(final Map<String, String> answers) throws PwmUnrecoverableException {
-            final HashMap<String,Object> responseData = new HashMap<>();
-            responseData.put("answers",answers);
-            return naafLoginSequence.sendResponse(responseData);
-        }
-   }
-
-    public static class NAAFEmailOTPMethodHandler implements NAAFMethodHandler {
-        private NAAFLoginSequence naafLoginSequence;
-        private boolean otpSent;
-
-        @Override
-        public void init(final NAAFLoginSequence naafLoginSequence) {
-            this.naafLoginSequence = naafLoginSequence;
-        }
-
-        @Override
-        public Map<String, String> getPrompts(final Locale locale) throws PwmUnrecoverableException {
-            if (!otpSent) {
-                naafLoginSequence.sendResponse(null); // triggers sms send
-                otpSent = true;
-            }
-            final Map<String,String> prompts = new LinkedHashMap<>();
-            prompts.put("answer","Password");
-            return prompts;
-        }
-
-        @Override
-        public String answerPrompts(final Map<String, String> answers) throws PwmUnrecoverableException {
-            return naafLoginSequence.sendResponse(new HashMap<>(answers));
-        }
-    }
-
-    public static class NAAFSMSOTPMethodHandler implements NAAFMethodHandler {
-        private NAAFLoginSequence naafLoginSequence;
-        private boolean otpSent;
-
-        @Override
-        public void init(final NAAFLoginSequence naafLoginSequence) {
-            this.naafLoginSequence = naafLoginSequence;
-        }
-
-        @Override
-        public Map<String, String> getPrompts(final Locale locale) throws PwmUnrecoverableException {
-            if (!otpSent) {
-                naafLoginSequence.sendResponse(null); // triggers sms send
-                otpSent = true;
-            }
-            final Map<String,String> prompts = new LinkedHashMap<>();
-            prompts.put("answer","Password");
-            return prompts;
-        }
-
-        @Override
-        public String answerPrompts(final Map<String, String> answers) throws PwmUnrecoverableException {
-            return naafLoginSequence.sendResponse(new HashMap<>(answers));
-        }
-    }
-
-    public static class NAAFSmartphoneMethodHandler implements NAAFMethodHandler {
-        private NAAFLoginSequence naafLoginSequence;
-        private boolean initialized;
-
-
-        @Override
-        public void init(final NAAFLoginSequence naafLoginSequence) {
-            this.naafLoginSequence = naafLoginSequence;
-        }
-
-        @Override
-        public Map<String, String> getPrompts(final Locale locale) throws PwmUnrecoverableException {
-            if (!initialized) {
-                naafLoginSequence.sendResponse(null); // triggers sms send
-                initialized= true;
-            }
-            return Collections.emptyMap();
-        }
-
-        @Override
-        public String answerPrompts(final Map<String, String> answers) throws PwmUnrecoverableException {
-            return naafLoginSequence.sendResponse(new HashMap<>(answers));
-        }
-    }
-
-    public static class NAAFTOTPMethodHandler implements NAAFMethodHandler {
-        private NAAFLoginSequence naafLoginSequence;
-
-        @Override
-        public void init(final NAAFLoginSequence naafLoginSequence) {
-            this.naafLoginSequence = naafLoginSequence;
-        }
-
-        @Override
-        public Map<String, String> getPrompts(final Locale locale) throws PwmUnrecoverableException {
-            final Map<String,String> prompts = new LinkedHashMap<>();
-            prompts.put("answer","Password");
-            return prompts;
-        }
-
-        @Override
-        public String answerPrompts(final Map<String, String> answers) throws PwmUnrecoverableException {
-            return naafLoginSequence.sendResponse(new HashMap<>(answers));
-        }
-    }
-
-    public static class NAAFHOTPMethodHandler implements NAAFMethodHandler {
-        private NAAFLoginSequence naafLoginSequence;
-
-        @Override
-        public void init(final NAAFLoginSequence naafLoginSequence) {
-            this.naafLoginSequence = naafLoginSequence;
-        }
-
-        @Override
-        public Map<String, String> getPrompts(final Locale locale) throws PwmUnrecoverableException {
-            final Map<String,String> prompts = new LinkedHashMap<>();
-            prompts.put("answer","Password");
-            return prompts;
-        }
-
-        @Override
-        public String answerPrompts(final Map<String, String> answers) throws PwmUnrecoverableException {
-            return naafLoginSequence.sendResponse(new HashMap<>(answers));
-        }
-    }
-
-    public static class NAAFVoiceMethodHandler implements NAAFMethodHandler {
-        private NAAFLoginSequence naafLoginSequence;
-        private boolean initialized;
-
-        @Override
-        public void init(final NAAFLoginSequence naafLoginSequence) {
-            this.naafLoginSequence = naafLoginSequence;
-        }
-
-        @Override
-        public Map<String, String> getPrompts(final Locale locale) throws PwmUnrecoverableException {
-            if (!initialized) {
-                naafLoginSequence.sendResponse(null); // triggers sms send
-                initialized= true;
-            }
-            return Collections.emptyMap();
-        }
-
-        @Override
-        public String answerPrompts(final Map<String, String> answers) throws PwmUnrecoverableException {
-            return naafLoginSequence.sendResponse(new HashMap<>(answers));
-        }
-    }
-}

src/main/java/password/pwm/ws/client/rest/naaf/PwmNAAFVerificationMethod.java

@@ -1,123 +0,0 @@
-/*
- * Password Management Servlets (PWM)
- * http://www.pwm-project.org
- *
- * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2016 The PWM Project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-package password.pwm.ws.client.rest.naaf;
-
-import password.pwm.PwmApplication;
-import password.pwm.PwmConstants;
-import password.pwm.VerificationMethodSystem;
-import password.pwm.bean.SessionLabel;
-import password.pwm.bean.UserInfoBean;
-import password.pwm.config.PwmSetting;
-import password.pwm.error.ErrorInformation;
-import password.pwm.error.PwmError;
-import password.pwm.error.PwmUnrecoverableException;
-import password.pwm.i18n.Display;
-import password.pwm.util.LocaleHelper;
-import password.pwm.util.macro.MacroMachine;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-import java.util.Set;
-
-public class PwmNAAFVerificationMethod implements VerificationMethodSystem {
-    private PwmApplication pwmApplication;
-    private NAAFLoginSequence naafLoginSequence;
-    private Locale locale;
-
-    private static class UserPromptImpl implements UserPrompt {
-
-        private final String identifier;
-        private final String displayPrompt;
-
-        UserPromptImpl(final String identifier, final String displayPrompt) {
-            this.identifier = identifier;
-            this.displayPrompt = displayPrompt;
-        }
-
-        @Override
-        public String getDisplayPrompt() {
-            return displayPrompt;
-        }
-
-        @Override
-        public String getIdentifier() {
-            return identifier;
-        }
-    }
-
-    @Override
-    public List<UserPrompt> getCurrentPrompts() throws PwmUnrecoverableException {
-        final Map<String,String> nextPrompts = naafLoginSequence.nextPrompt(locale);
-        final List<UserPrompt> returnObj= new ArrayList<>();
-        for (final String key : nextPrompts.keySet()) {
-            returnObj.add(new UserPromptImpl(key,nextPrompts.get(key)));
-        }
-        return returnObj;
-    }
-
-    @Override
-    public String getCurrentDisplayInstructions() {
-        final String key = "Display_NAAF_" + naafLoginSequence.currentMethod();
-        return LocaleHelper.getLocalizedMessage(locale, key, pwmApplication.getConfig(), Display.class);
-    }
-
-    @Override
-    public ErrorInformation respondToPrompts(final Map<String, String> answers) throws PwmUnrecoverableException {
-
-        final String errorMsg = naafLoginSequence.answerPrompts(answers);
-        if (errorMsg == null) {
-            return null;
-        }
-
-        return new ErrorInformation(PwmError.ERROR_REMOTE_ERROR_VALUE,errorMsg);
-
-    }
-
-    @Override
-    public VerificationState getVerificationState() {
-        return naafLoginSequence.status();
-    }
-
-    @Override
-    public void init(final PwmApplication pwmApplication, final UserInfoBean userInfoBean, final SessionLabel sessionLabel, final Locale locale)
-            throws PwmUnrecoverableException
-    {
-        this.pwmApplication = pwmApplication;
-        this.locale = locale;
-
-        String serverUrl = pwmApplication.getConfig().readSettingAsString(PwmSetting.NAAF_WS_URL);
-        String naafUsername = pwmApplication.getConfig().readSettingAsString(PwmSetting.NAAF_USER_IDENTIFIER);
-
-        final MacroMachine macroMachine = MacroMachine.forUser(pwmApplication, PwmConstants.DEFAULT_LOCALE, sessionLabel, userInfoBean.getUserIdentity());
-        serverUrl = macroMachine.expandMacros(serverUrl);
-        naafUsername = macroMachine.expandMacros(naafUsername);
-
-        final NAAFEndPoint naafEndPoint = new NAAFEndPoint(pwmApplication, serverUrl, locale);
-        naafEndPoint.establishEndpointSession();
-
-        final Set<NAAFLoginMethod> loginMethods = pwmApplication.getConfig().readSettingAsOptionList(PwmSetting.NAAF_METHODS, NAAFLoginMethod.class);
-        naafLoginSequence = new NAAFLoginSequence(naafEndPoint, loginMethods, naafUsername, locale);
-    }
-}

src/main/resources/password/pwm/AppProperty.properties

@@ -159,9 +159,6 @@ localdb.logWriter.maxBufferWaitMs=60000
 localdb.logWriter.maxTrimSize=5001
 macro.randomChar.maxLength=100
 macro.ldapAttr.maxLength=100
-naaf.id=41414141414141414141414141414141
-naaf.secret=876543210
-naaf.salt.length=30
 logging.devOutput.enable=false
 logging.pattern=%d{yyyy-MM-dd'T'HH:mm:ss'Z'}, %-5p, %c{2}, %m%n
 logging.file.maxSize=10MB

src/main/resources/password/pwm/config/PwmSetting.xml

@@ -3605,37 +3605,6 @@
     <setting hidden="false" key="oauth.idserver.dnAttributeName" level="2">
         <default/>
     </setting>
-    <setting hidden="false" key="naaf.ws.url" level="2">
-        <example>https://www.example.com/api/v1</example>
-        <regex>^(http|https)://.+</regex>
-        <default/>
-    </setting>
-    <setting hidden="false" key="naaf.ws.serverCerts" level="2">
-        <default/>
-        <properties>
-            <property key="Cert_ImportHandler">password.pwm.config.function.NAAFCertImportFunction</property>
-        </properties>
-    </setting>
-    <setting hidden="false" key="naaf.userIdentifier" level="2">
-        <default>
-            <value/>
-        </default>
-    </setting>
-    <setting hidden="false" key="naaf.requiredMethods" level="2">
-        <default/>
-        <options>
-            <option value="PASSWORD">Password</option>
-            <option value="LDAP_PASSWORD">LDAP Password</option>
-            <option value="SECURITY_QUESTIONS">Security Questions</option>
-            <option value="EMAIL_OTP">EMail OTP</option>
-            <option value="SMS_OTP">SMS OTP</option>
-            <option value="SMARTPHONE">Smartphone</option>
-            <option value="RADIUS">Radius</option>
-            <option value="TOTP">TOTP</option>
-            <option value="HOTP">HOTP</option>
-            <option value="VOICE">Voice</option>
-        </options>
-    </setting>
     <setting hidden="false" key="https.server.cert" level="1">
         <default/>
     </setting>
@@ -3877,8 +3846,6 @@
     </category>
     <category hidden="false" key="HELPDESK_SETTINGS">
     </category>
-    <category hidden="true" key="NAAF">
-    </category>
     <category hidden="false" key="MODULES_PUBLIC">
     </category>
     <category hidden="false" key="MODULES_PRIVATE">

src/main/resources/password/pwm/i18n/PwmSetting.properties

@@ -75,7 +75,6 @@ Category_Description_LOGGING=Setting high debug levels can cause undesired overh
 Category_Description_MODULES=Modules
 Category_Description_MODULES_PRIVATE=Authenticated
 Category_Description_MODULES_PUBLIC=Public
-Category_Description_NAAF=NAAF (Deprecated)
 Category_Description_NEWUSER=New user self-registration settings.  The new user registration module requires that the proxy user has sufficient permissions to create users and, if so configured, to check for duplicate values.  @PwmAppName@ creates the new users in the default LDAP directory profile.
 Category_Description_NEWUSER_PROFILE=New user self-registration settings.  The new user registration module requires that the proxy user has sufficient permissions to create users and, if so configured, to check for duplicate values.  @PwmAppName@ creates new users in the default LDAP directory profile.
 Category_Description_NEWUSER_SETTINGS=New user self-registration settings.  The new user registration module requires that the proxy user has sufficient permissions to create users and, if so configured, to check for duplicate values.  @PwmAppName@ creates new users in the default LDAP directory profile.
@@ -170,7 +169,6 @@ Category_Label_LOGGING=Logging
 Category_Label_MODULES=Modules
 Category_Label_MODULES_PRIVATE=Authenticated
 Category_Label_MODULES_PUBLIC=Public
-Category_Label_NAAF=NAAF (Deprecated)
 Category_Label_NEWUSER=New User Registration
 Category_Label_NEWUSER_PROFILE=New User Profiles
 Category_Label_NEWUSER_SETTINGS=New User Settings
@@ -457,10 +455,6 @@ Setting_Description_ldap.usernameSearchFilter=Specify an LDAP search filter @Pwm
 Setting_Description_ldap.wireTrace.enable=Enable this option to have @PwmAppName@ output all LDAP traffic to the TRACE logging level.<br/><br/><b>WARNING\:</b> enabling this option might allow @PwmAppName@ to write user passwords and other sensitive data to the log files.
 Setting_Description_locale.cookie.age=Specify the duration of time to remember a user's locale preferences.  Anytime @PwmAppName@ overrides a browser's default locale setting, it stores a cookie in the browser remembering that setting for the duration of this setting.
 Setting_Description_logoutAfterPasswordChange=Enable this option to force users to log out (and send them to the logoutURL) after a password change.<br/><br/>In most cases, leave this option enabled (default), especially if you are using some type of single sign-on service.
-Setting_Description_naaf.requiredMethods=<p><b>This setting is deprecated and will be removed from a future version.  Use OAuth2 integration instead.</b></p>  Please use OAuth2 Select the required Advanced Authentication Login Methods.  @PwmAppName@ requires the users to complete each method during the Advanced Authennication forgotten password verification sequence.  The user must have previously completed any Advanced Authentication enrollment required for the method to be successful.
-Setting_Description_naaf.userIdentifier=<p><b>This setting is deprecated and will be removed from a future version.  Use OAuth2 integration instead.</b></p>Specify the user identifier to present to the Advanced Authenticaiton web service.  Advanced Authetnication identifiers are typically in the format of <code>repository\\username</code>.  You can use user macros for this setting.<br/><br/>For example, using a value of <code>IDV\\@&zwnj;LDAP\:cn@</code> would present the user name using the <code>cn</code> attribute to login to an Advanced Authetnication repository named <i>IDV</i>.
-Setting_Description_naaf.ws.serverCerts=<p><b>This setting is deprecated and will be removed from a future version.  Use OAuth2 integration instead.</b></p>Import the certificate for the Advanced Authenticaiton web service server.
-Setting_Description_naaf.ws.url=<p><b>This setting is deprecated and will be removed from a future version.  Use OAuth2 integration instead.</b></p>Specify the URL for the Advanced Authentication appliance REST web service.  @PwmAppName@ requries version 1 (v1) of the Advanced Authetnication REST webservice.<br/><br/> Examples:<ul><li>https://naaf.example.com/api/v1</li><li>https://172.17.2.2/api/v1</li></ul>
 Setting_Description_network.allowMultiIPSession=Enable this option to allow @PwmAppName@ to access a single HTTP session from different source IP addresses.  Some load balancing or proxy network infrastructures might require this, but in most cases disable it.  Especially since typical sessions are very short, there is not a practical reason for a user to access the same session from multiple client addresses.
 Setting_Description_network.ip.permittedRange=Enable this option to have @PwmAppName@ only permit connections originating from the specified IP address ranges.  If disabled (default), @PwmAppName@ permits any source IP address. <p>Supported range specifications are\:<p><ul><li>Full IPv4 address, such as <b>12.34.56.78</b></li><li>Full IPv6 address, such as <b>2001\:18e8\:3\:171\:218\:8bff\:fe2a\:56a4</b></li><li>Partial IPv4 address, such as <b>12.34</b> (which matches any IP addres starting <b>12.34</b></li><li>IPv4 network/netmask, such as <b>18.25.0.0/255.255.0.0</b></li><li>IPv4 or IPv6 CIDR slash notation, such as <b>18.25.0.0/16</b> or <b>2001\:18e8\:3\:171\:\:/64</b></li></ul>
 Setting_Description_network.requiredHttpHeaders=<p>Add any required HTTP header name and value pairs.  If specified, any HTTP request sent to the server must honor these headers.  This feature is useful if you have a security gateway and wish to only allow sessions from the gateway.</p><p>The settings must be in "name\=value" format.</p>
@@ -931,10 +925,6 @@ Setting_Label_ldap.usernameSearchFilter=User Name Search Filter
 Setting_Label_ldap.wireTrace.enable=Enable LDAP Wire Trace
 Setting_Label_locale.cookie.age=Locale Cookie Age
 Setting_Label_logoutAfterPasswordChange=Logout After Password Change
-Setting_Label_naaf.requiredMethods=NAAF Login Methods (Deprecated)
-Setting_Label_naaf.userIdentifier=NAAF User Identifier (Deprecated)
-Setting_Label_naaf.ws.serverCerts=NAAF Web Service Server Certificate (Deprecated)
-Setting_Label_naaf.ws.url=NAAF Web Service URL (Deprecated)
 Setting_Label_network.allowMultiIPSession=Allow Roaming Source Network Address
 Setting_Label_network.ip.permittedRange=Permitted IP Network Addresses
 Setting_Label_network.requiredHttpHeaders=Required HTTP Headers

src/main/webapp/WEB-INF/jsp/forgottenpassword-naaf.jsp

@@ -1,84 +0,0 @@
-<%--
-  ~ Password Management Servlets (PWM)
-  ~ http://www.pwm-project.org
-  ~
-  ~ Copyright (c) 2006-2009 Novell, Inc.
-  ~ Copyright (c) 2009-2016 The PWM Project
-  ~
-  ~ This program is free software; you can redistribute it and/or modify
-  ~ it under the terms of the GNU General Public License as published by
-  ~ the Free Software Foundation; either version 2 of the License, or
-  ~ (at your option) any later version.
-  ~
-  ~ This program is distributed in the hope that it will be useful,
-  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
-  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-  ~ GNU General Public License for more details.
-  ~
-  ~ You should have received a copy of the GNU General Public License
-  ~ along with this program; if not, write to the Free Software
-  ~ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-  --%>
-
-<!DOCTYPE html>
-<%@ page language="java" session="true" isThreadSafe="true" contentType="text/html" %>
-<%@ page import="password.pwm.VerificationMethodSystem" %>
-<%@ page import="java.util.List" %>
-<%@ page import="password.pwm.http.tag.conditional.PwmIfTest" %>
-<%@ taglib uri="pwm" prefix="pwm" %>
-<%@ include file="fragment/header.jsp" %>
-<html lang="<pwm:value name="<%=PwmValue.localeCode%>"/>" dir="<pwm:value name="<%=PwmValue.localeDir%>"/>">
-<body class="nihilo">
-<div id="wrapper">
-    <jsp:include page="fragment/header-body.jsp">
-        <jsp:param name="pwm.PageName" value="Title_ForgottenPassword"/>
-    </jsp:include>
-    <div id="centerbody">
-        <div id="page-content-title"><pwm:display key="Title_ForgottenPassword" displayIfMissing="true"/></div>
-        <%
-            final List<VerificationMethodSystem.UserPrompt> prompts = (List<VerificationMethodSystem.UserPrompt>)JspUtility.getAttribute(pageContext, PwmRequest.Attribute.ForgottenPasswordPrompts);
-            final String instructions = (String)JspUtility.getAttribute(pageContext, PwmRequest.Attribute.ForgottenPasswordInstructions);
-        %>
-        <p><%=instructions%></p>
-        <form action="<pwm:current-url/>" method="post" enctype="application/x-www-form-urlencoded" name="search" class="pwm-form" autocomplete="off">
-            <%@ include file="/WEB-INF/jsp/fragment/message.jsp" %>
-            <br/>
-            <% for (final VerificationMethodSystem.UserPrompt userPrompt : prompts) { %>
-            <div class="formFieldLabel">
-                <%= userPrompt.getDisplayPrompt() %>
-            </div>
-
-            <input type="password" id="naaf-<%=userPrompt.getIdentifier()%>" name="naaf-<%=userPrompt.getIdentifier()%>" class="inputfield passwordfield" required="required" autofocus/>
-            <% } %>
-            <div class="buttonbar">
-                <button type="submit" class="btn" name="submitBtn" id="submitBtn">
-                    <pwm:if test="<%=PwmIfTest.showIcons%>"><span class="btn-icon pwm-icon pwm-icon-forward"></span></pwm:if>
-                    <pwm:display key="Button_Continue"/>
-                </button>
-                <% if ("true".equals(JspUtility.getAttribute(pageContext, PwmRequest.Attribute.ForgottenPasswordOptionalPageView))) { %>
-                <button type="button" id="button-goBack" name="button-goBack" class="btn" >
-                    <pwm:if test="<%=PwmIfTest.showIcons%>"><span class="btn-icon pwm-icon pwm-icon-backward"></span></pwm:if>
-                    <pwm:display key="Button_GoBack"/>
-                </button>
-                <% } %>
-                <%@ include file="/WEB-INF/jsp/fragment/forgottenpassword-cancel.jsp" %>
-                <input type="hidden" id="processAction" name="processAction" value="enterNaafResponse"/>
-                <input type="hidden" id="pwmFormID" name="pwmFormID" value="<pwm:FormID/>"/>
-            </div>
-        </form>
-    </div>
-    <div class="push"></div>
-</div>
-<pwm:script>
-    <script>
-        PWM_GLOBAL['startupFunctions'].push(function(){
-            PWM_MAIN.addEventHandler('button-goBack','click',function() {
-                PWM_MAIN.submitPostAction('<%=PwmServletDefinition.ForgottenPassword.servletUrlName()%>', '<%=ForgottenPasswordServlet.ForgottenPasswordAction.verificationChoice%>');
-            });
-        });
-    </script>
-</pwm:script>
-<%@ include file="fragment/footer.jsp" %>
-</body>
-</html>
-