From 84d646e05bb6fa1af4b40edd36b0772d1cb970d2 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Mon, 12 Mar 2018 14:23:01 +0100
Subject: [PATCH 01/29] Remove SURFisms

---
 app/Resources/translations/messages.en_GB.xliff | 8 ++++----
 app/Resources/translations/messages.nl_NL.xliff | 8 ++++----
 app/Resources/views/base.html.twig              | 2 +-
 app/config/global_view_parameters.yml.dist      | 4 ++--
 app/config/parameters.yml.dist                  | 2 +-
 5 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/app/Resources/translations/messages.en_GB.xliff b/app/Resources/translations/messages.en_GB.xliff
index cff4e6a7e..4bd70e4f0 100644
--- a/app/Resources/translations/messages.en_GB.xliff
+++ b/app/Resources/translations/messages.en_GB.xliff
@@ -85,7 +85,7 @@
       </trans-unit>
       <trans-unit id="4c4fb9b24a25bdd45d83562a4d71ecde8d527a77" resname="ss.error.text.if_you_think_this_is_incorrect_report">
         <source>ss.error.text.if_you_think_this_is_incorrect_report</source>
-        <target>Please report this error, including the error code, to the helpdesk via help@surfconext.nl</target>
+        <target>Please report this error, including the error code, to the helpdesk via help@example.org</target>
         <jms:reference-file line="14">/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="da93d249a639d3abd2f513dbd2c07b9119d16694" resname="ss.error.text.page_not_found">
@@ -95,7 +95,7 @@
       </trans-unit>
       <trans-unit id="0e5b48b8a8746f624978afe69448cd9bdb31687c" resname="ss.error.text.what_were_you_doing_well_fix_it">
         <source>ss.error.text.what_were_you_doing_well_fix_it</source>
-        <target>Please report this error, including the error code, to the helpdesk via help@surfconext.nl</target>
+        <target>Please report this error, including the error code, to the helpdesk via help@example.org</target>
         <jms:reference-file line="14">/Resources/SurfnetStepupBundle/views/Exception/error.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="e0d3557591582d18755db2529a49f88400670167" resname="ss.error.text.your_art_code">
@@ -635,8 +635,8 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
       </trans-unit>
       <trans-unit id="7c0f4f14de1d3c98032305d9af18fad28ec67456" resname="ss.test_second_factor.verification_successful">
         <source>ss.test_second_factor.verification_successful</source>
-        <target>The test with your token was successful. You can login with Strong Authentication.</target>
-        <jms:reference-file line="51">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/translations.twig</jms:reference-file>
+        <target>The test with your token was successful. You can login with OpenConext Stepup.</target>
+        <jms:reference-file line="55">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/translations.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="dc4478bd45a81c1a45020aac9d22d73abc5f1455" resname="ss.verify_yubikey_command.otp.otp_invalid">
         <source>ss.verify_yubikey_command.otp.otp_invalid</source>
diff --git a/app/Resources/translations/messages.nl_NL.xliff b/app/Resources/translations/messages.nl_NL.xliff
index afea327e4..2f5aafe49 100644
--- a/app/Resources/translations/messages.nl_NL.xliff
+++ b/app/Resources/translations/messages.nl_NL.xliff
@@ -85,7 +85,7 @@
       </trans-unit>
       <trans-unit id="4c4fb9b24a25bdd45d83562a4d71ecde8d527a77" resname="ss.error.text.if_you_think_this_is_incorrect_report">
         <source>ss.error.text.if_you_think_this_is_incorrect_report</source>
-        <target>Meld deze error code aan de helpdesk via support@surfconext.nl</target>
+        <target>Meld deze error code aan de helpdesk via support@example.org</target>
         <jms:reference-file line="14">/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="da93d249a639d3abd2f513dbd2c07b9119d16694" resname="ss.error.text.page_not_found">
@@ -95,7 +95,7 @@
       </trans-unit>
       <trans-unit id="0e5b48b8a8746f624978afe69448cd9bdb31687c" resname="ss.error.text.what_were_you_doing_well_fix_it">
         <source>ss.error.text.what_were_you_doing_well_fix_it</source>
-        <target>Meld deze error code aan de helpdesk via support@surfconext.nl</target>
+        <target>Meld deze error code aan de helpdesk via support@example.org</target>
         <jms:reference-file line="14">/Resources/SurfnetStepupBundle/views/Exception/error.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="e0d3557591582d18755db2529a49f88400670167" resname="ss.error.text.your_art_code">
@@ -633,8 +633,8 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       </trans-unit>
       <trans-unit id="7c0f4f14de1d3c98032305d9af18fad28ec67456" resname="ss.test_second_factor.verification_successful">
         <source>ss.test_second_factor.verification_successful</source>
-        <target>De test met je token is geslaagd. Je kunt inloggen met Sterke Authenticatie.</target>
-        <jms:reference-file line="51">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/translations.twig</jms:reference-file>
+        <target>De test met je token is geslaagd. Je kunt inloggen met OpenConext Stepup.</target>
+        <jms:reference-file line="55">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/translations.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="dc4478bd45a81c1a45020aac9d22d73abc5f1455" resname="ss.verify_yubikey_command.otp.otp_invalid">
         <source>ss.verify_yubikey_command.otp.otp_invalid</source>
diff --git a/app/Resources/views/base.html.twig b/app/Resources/views/base.html.twig
index a1845d8d2..95bf5af39 100644
--- a/app/Resources/views/base.html.twig
+++ b/app/Resources/views/base.html.twig
@@ -22,7 +22,7 @@
     {% endblock header %}
         {% block page_header %}
             <div class="page-header clearfix">
-                <img src="/images/SURFconext.png" class="pull-right logo" alt="SURFconext">
+                <img src="/images/SURFconext.png" class="pull-right logo" alt="OpenConext Stepup">
                 <h1>{{ 'app.name'|trans }}</h1>
                 <h2>{{ 'app.subname'|trans }}</h2>
             </div>
diff --git a/app/config/global_view_parameters.yml.dist b/app/config/global_view_parameters.yml.dist
index 126fa4e7f..225cf9ee5 100644
--- a/app/config/global_view_parameters.yml.dist
+++ b/app/config/global_view_parameters.yml.dist
@@ -3,5 +3,5 @@
 # Strings containing '%' should be escaped by prepending '%'
 parameters:
     support_url:
-        en_GB: "https://support.surfconext.nl/faq-strong-authentication"
-        nl_NL: "https://support.surfconext.nl/faq-sterke-authenticatie"
+        en_GB: "https://support.example.org/faq-strong-authentication"
+        nl_NL: "https://support.example.org/faq-sterke-authenticatie"
diff --git a/app/config/parameters.yml.dist b/app/config/parameters.yml.dist
index 4e119b8e4..d7ec31215 100644
--- a/app/config/parameters.yml.dist
+++ b/app/config/parameters.yml.dist
@@ -3,7 +3,7 @@ parameters:
 
     default_locale:         en_GB
     locales:                [nl_NL, en_GB]
-    locale_cookie_domain:   surfconext.nl
+    locale_cookie_domain:   example.org
     secret:                 NotSoSecretReplaceMe!
 
     debug_toolbar:          true

From 2f1b9b2fac40b685bf7cadaa527efc915f05c552 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Mon, 12 Mar 2018 14:23:16 +0100
Subject: [PATCH 02/29] Replace the logo

---
 app/Resources/views/base.html.twig |   2 +-
 web/images/SURFconext.png          | Bin 7200 -> 0 bytes
 web/images/header-logo.png         | Bin 0 -> 15143 bytes
 3 files changed, 1 insertion(+), 1 deletion(-)
 delete mode 100644 web/images/SURFconext.png
 create mode 100644 web/images/header-logo.png

diff --git a/app/Resources/views/base.html.twig b/app/Resources/views/base.html.twig
index 95bf5af39..93597688b 100644
--- a/app/Resources/views/base.html.twig
+++ b/app/Resources/views/base.html.twig
@@ -22,7 +22,7 @@
     {% endblock header %}
         {% block page_header %}
             <div class="page-header clearfix">
-                <img src="/images/SURFconext.png" class="pull-right logo" alt="OpenConext Stepup">
+                <img src="/images/header-logo.png" class="pull-right logo" alt="OpenConext Stepup">
                 <h1>{{ 'app.name'|trans }}</h1>
                 <h2>{{ 'app.subname'|trans }}</h2>
             </div>
diff --git a/web/images/SURFconext.png b/web/images/SURFconext.png
deleted file mode 100644
index 5252e47531bdd8e85becf790309d174ad871176a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 7200
zcmV+*9N*)KP)<h;3K|Lk000e1NJLTq00Arj003MF1^@s6)F_Am00009a7bBm000XU
z000XU0RWnu7ytkYPiaF#P*7-ZbZ>KLZ*U+<Lqi~Na&Km7Y-Iodc-oy)XH-+^7Crag
z^g>IBfRsybQWXdwQbLP>6p<z>Aqfylh#{fb6;Z(vMMVS~$e@S=j*ftg6;Uh<iVD~V
z<RPMtgQJLw%KPDaqifc@_vX$1wbwr9tn;0-&j-K=43<bUQ8j=JsX`tR;Dg7+#^K~H
zK!FM*Z~zbpvt%K2{UZSY_<lS*D<Z%Lz5oGu(+dayz)hRLFdT>f59&ghTmgWD0l;*T
zI7<kC6aYYajzXpYKt=(8otP$50H6c_V9R4-;{Z@C0AMG7=F<Rxo%or10RUT+Ar%3j
zkpLhQWr#!oXgdI`&sK^>09Y^p6lP1rIRMx#05C~cW=H_Aw*bJ-5DT&Z2n+x)QHX^p
z00esgV8|mQcmRZ%02D^@S3L16t`O%c004NIvOKvYIYoh62rY33S640`D9%Y2D-<?i
z0%4j!F2Z@488U%158(66005wo6%pWr^Zj_v4zAA5HjcIqUoGmt2LB>rV&neh&#Q1i
z007~1e$oCcFS8neI|hJl{-P!B1ZZ9hpmq0)X0i`JwE&>$+E?>%_<lS*MWK+n+1cgf
z<k(8YLR(?VSAG6x!e78w{cQPuJpA|d;J)G{fihizM+Erb!p!tcr5w+a34~(Y=8s4G
zw+sLL9n&JjNn*KJDiq^U5^;`1nvC-@r6P$!k}1U{(*I=Q-z@tBKHoI}uxdU5dyy@u
zU1J0GOD7Ombim^G008p4Z^6_k2m^p<gW=D2|L;HjN1!DDfM!XOaR2~bL?kX$%CkSm
z2mk;?pn)o|K^yeJ7%adB9Ki+L!3+FgHiSYX#KJ-lLJDMn9CBbOtb#%)hRv`YDqt_v
zKpix|QD}yfa1JiQRk#j4a1Z)n2%f<xynzV>LC6RbVIkUx0b+_+BaR3cnT7Zv!AJxW
zizFb)h!jyGOOZ85F;a?DAXP{m@;!0_Ifq<Ex{*7`05XF7hP+2Hl!3BQJ=6@fL%FCo
z8iYoo3(#bAF`ADSpqtQgv>H8(HlgRxt7s3}k3K`kFu>>-2Q$QMFfPW!La{h336o>X
zu_CMttHv6zR;&ZNiS=X8v3CR#fknUxHUxJ<AYmRsNLWl*PS{AOARHt#5!wki2?K;t
z!Y3k=s7tgax)J%r7-BLphge7~Bi0g+6E6^Zh(p9TBoc{3GAFr^0!gu?RMHaCM$&Fl
zBk3%un>0uoBa_M6WNWeqIg~6QE69c9o#eyhGvpiOA@W-aonk<7r1(?fC{oI5N*U!4
z<uv66WtcKSRim0x-Ke2d5jBrmLam{;Qm;{ms1r1GnmNsb7D-E`t)i9F8fX`2_i3-_
zbh;7Ul^#x)&{xvS=|||7=mYe33=M`AgU5(xC>fg=2N-7=cNnjjOr{yriy6mMFgG#l
znCF=fnQv8CDz++o6_Lscl}eQ+l^ZHARH>?_s@|##Rr6KLRFA1%Q+=*RRWnoLsR`7U
zt5vF<Q0r40Q)j6=sE4X&sBct1q<&fbi3VB2Ov6t@q*0);U*o*SAPZv|vv@2aYYnT0
zb%8a+Cb7-ge0D0knEf5Qi#@8Tp*ce{N;6lpQuCB%KL_KOarm5cP6_8Ir<e17iry6O
zDdH&`rZh~sF=bq9s+O0QSgS~@QL9Jmy*94xr=6y~MY~!1fet~(N+(<=M`w@D1)b+p
z*;C!83a1uLJv#NSE~;y#8=<>IcfW3@?wFpwUVxrVZ>QdQz32KIeJ}k~{cZZE^+ya?
z2D1z#2HOnI7(B%_ac?{wFUQ;QQA1tBKtrWrm0_3Rgps+?Jfqb{jYbcQX~taRB;#$y
zZN{S}1|}gUOHJxc?wV3fxuz+mJ4`!F$IZ;mqRrNsHJd##*D~ju=bP7?-?v~|cv>vB
zsJ6IeNwVZxrdjT`yl#bBIa#GxRa#xMMy;K#CDyyGyQdMSxlWT#tDe?p!?5wT$+oGt
z8L;Kp2HUQ-ZMJ=3XJQv;x5ci*?vuTfeY$;({XGW_huIFR9a<fJbF^|4I#xQ~n$Dc=
zKYhjYmgz5NSkDm8*fZm{6U!;YX`NG>(?@3)XSs8O^N5RyOM=TTmp(3=8^+zpz2r)C
z^>JO{deZfso3oq3?Wo(Y?l$ge?uXo;%ru`Vo>?<<(8I_>;8Eq#KMS9gFl*neeosSB
zfoHYnBQIkwkyowPu(zdms`p{<7e4kra-ZWq<2*OsGTvEV%s0Td$hXT+!*8Bnh2KMe
zBmZRodjHV?r+_5^X9J0WL4jKW`}lf%A-|44I@@LTvf1rHjG(ze6+w@Jt%Bvjts!X0
z?2xS?_ve_-k<Mujg;0Lz*3buG=3$G&ehepthlN*$KaOySSQ^nWmo<0M+(UEUMEXRQ
zMBbZcF;6+KElM>iKB_KiJlZ$9G`c^=E@oNG)mWWaNo-3TIW8)$Hg0Ub-~8?KhvJ>$
z3*&nim@mj(aCxE5!t{lw7O5^0EIO7zOo&c6l<+|iDySBWCGrz@C5{St!X3hAA}`T4
z(TLbXTq+(;@<=L8dXnssyft|w#WSTW<++3>sgS%(4NTpeI-VAqb|7ssJvzNHgOZVu
zaYCvgO_R1~>SyL=cFU|~g|hy|Zi}}s9+d~lYqOB71z9Z$wnC=pR9Yz4DhIM>Wmjgu
z&56o6maCpC&F##y%G;1PobR9i?GnNg;gYtchD%p19a!eQtZF&3JaKv33gZ<8D~47E
ztUS1iwkmDaPpj=$m#%)jCVEY4fnLGNg2A-`YwHVD3gv};>)hAvT~AmqS>Lr``i7kw
zJ{5_It`yrBmlc25DBO7E8;5VoznR>Ww5hAaxn$2~(q`%A-YuS64wkBy=9dm`4cXeX
z4c}I@?e+FW+b@^RDBHV(wnMq2zdX3SWv9u`%{xC-q*U}&`cyXV(%rRT*Z6MH?i+i&
z_B8C(+grT%{XWUQ+f@NoP1R=AW&26{v-dx)iK^-Nmiuj8txj!m?Z*Ss1N{dh4z}01
z)YTo*JycSU)+_5r4#yw9{+;i4Ee$peRgIj+;v;ZGdF1K$3E%e~4LaI(jC-u%2h$&R
z9cLXcYC@Xwnns&bn)_Q~Te?roKGD|d-g^8;+aC{{G(1^(O7m37Y1-+6)01cN&y1aw
zoqc{T`P^XJqPBbIW6s}d4{z_f5Om?vMgNQEJG?v2T=KYd^0M3I6IZxbny)%vZR&LD
zJpPl@Psh8QyPB@KTx+@RdcC!KX7}kEo;S|j^u2lU7XQ}Oo;f|;z4Ll+_r>@1-xl3|
zawq-H%e&ckC+@AhPrP6BK<z=<L*0kfKU@CX*zeqbYQT4(^U>T#_XdT7&;F71j}Joy
zkC~6lh7E@6o;W@^IpRNZ{ptLtL(gQ-CY~4mqW;US7Zxvm_|@yz&e53Bp_lTPlfP|z
zrTyx_>lv@x#=^!PzR7qqF<$gm`|ZJZ+;<)Cqu&ot<a{81DF0~rvGr5Xr~8u`lav1h
z1DNytV>2z=0000WV@Og>004R=004l4008;_004mL004C`008P>0026e000+nl3&F}
z000q7Nkl<Zc-ripd$bi*9mhZSf+4WTD_xPoy9^(wc&+ee*OE*nBcdgQWIoGRYL=Rs
z_A<>}YW6UDsXZt{&_v6(XhIT;q?8Z?!3a>q$5ozTNQB(mAHUzp!?5?9nK?7uGiQFE
zwPtZSXJ((7y=Q;tw}1P$f78&_)rDagMjq%H{Gg$sA#NFcfx*B*!2ZBMpvkJX+t>=c
z0c--+1OEj61}p_$v+6PONXfA3Sw$Hi06q+i01me*t$AhvGl7SJ$E-SxJkk&x5=OAF
zT7ffxk!n#H`QjNBty|RcGK}0<SafxDZL?M2EMOkcWn1pI`M?F%6^y(HR##V7EWx@S
zc*Qz;U2QJ|*I9Qk>P@h&HnFPPZ4Gd_bqS+h1nVr|1?$*#y=?%_v2J1HU9j4Lr>#R5
zVq325Z5X)~tb42@7i#;Hbq%AI1*<V+pYgzvR#k=KUBHD_4MwdJ7Kb$-c(+wi;aG^Q
zS}=^7vakTJh1CWOv1%$L1A$|#8jM=RCs-!|y{&o*Ni#6os=>&UU=6pbDKutX8#PH!
zkBAM(==c5rtOPde|9b=P#GL!JMn9lM+bRp1fJ1cn*{t_mCz4@eE$}SxL>1+?BI{h6
zkZd9V8@23Zz*7m!9SsZuUIiY}GUL!6I6|*^H84%D*+-l9#hntI>sDX|;*)fp$7t<;
zk7#`-X~XgQ_Y6lFhm?)d8WWV?sby|^4?4mcT1ao2{6D~K;4_FLx5-m^2Lc}hzDKkm
z)hT*Y_5*eY&PGzHL_M!f$O7)&fnAW<v3o=Ie+~E{5~p;4S|GvgfU@miWO4XKz>_iS
z>_#N}MH}#*1ltJU_7vK#Ed!w%iYx{C1C`e~-VU4_v;5<LiNIe%%AN~M0#1op_EkuV
zo>DoJfIVXz-y8U8;9PD9+5bwdhicmJFOKVM0q$qpP?oq!44MOFOb3RQeg6w!K??Wa
zbYN_`PPqhYDCsTv_(Fo4dXP5cze391&vD$3W1QP0$MJnCR9rP2U*UR6+dV0Y!-^`~
z@930W4_5(;W1hn*;MNG`?+^Trcq=kq(9RkqSaygCU9gOaL{HH)+;RM3kNc%nuRV=^
zc$XRlB_=xdnHSin(x~h~M;Vj#`%%EU6pfzSfxcma)tbVOJg*j0HC!K3ejmsFr^h%y
zUzUR9p8bEALZ|J6B-0B!uQX$z9<H(tN2WOZyQ9hn--Q*1X^X2U{}p8U85M?RzT=~=
z!#u`w{CLN{hm&qVaJeNoKg1e~!UWIpkLvfAl72w*z$k&E)o`<_a5X$sVSF28OU&_o
z95$p-C$H;GyE5b7DbcqEd|^#G#2sHn8U1w_<6@*f*s96PHURjVKJen)ZzV27X4RAU
zivfDY{JpqLRexEDTX1Kd9janfX;?hg^W7Bv_es*tY&%sgw#3e`O8hyZ8DEJlG53!n
zLOo)Zkybq|)}d?M^NPz5^$T`4Uj<G`p&VDD!9CR{l*Wwap1{TG|4Smu*HWA7Fz;3C
zwtRBn`|9iu(oY|#S9!`hQ-#?zbi5JxmHz#R{$?7<AxmX#uB7_aumE_@^W7NWFm>8(
zL1tT?Ll#&EP12(>Y{;!KMRK#}^Y;UL1q5viGQ06t&oOrbCn65=sOL38t%x2KuBiv`
zHsDygKd=5M;8f3d&uV9yr8oBKGGA0Xvch5*;;6nKxXn?<O~Brs@*mJn`IHXxx2WH<
z4VjT1<FPQ#2OdvgA+)G?o{D=`j+oY)?*aJ@;Exp^&YgPvfAQz>zd-x`xWMPlh?D+B
z9VL|*r<UYkM_IoCt_WPm8Csux1J^PHxBvKFWHM%J;5t?U9oy`gfe-6zo{Bs!#E0{D
zH7TzGF44vh^Y`rRDF4J5=jfXZSQOJwF%f^}gDXRBs!5*X&hQNFX0ziLLRag<`g4eX
zb8JMb$7emA4*VN;Lc$x7a0wrK0N)L{ZrAMLFrquSn?1if&U4HOF??7fQ+%MbB9jiT
z-&tJNM#J&X_)RC?Olh;HoSP~gSkk8~EG(au(l4Yj4<euI*WT*+d@yhxGW+71`CAq9
zcMi*0y|jDUb3Jex61P){6(Qe!!Q-R5kIJDCF92Ug!dX7+5yM*&UiVle&g)AV)oYr*
zt%bnXRV-Qq-|dei?QB6NBw8KEcW7O&*pW9@7Cx-qJ)chiKCkM%iTWVy2HG`5gkR0b
zH&-j1qz|YdQzMF17>DByY<`;PIqEyrzqZ)%U7Kg<6P44*Pcp>Wz_+&>cD*@7{*gzl
z)&n00mh5OD&cedlN1uMKDBxRlYgQ-T7<J;+>rxQktX~}GdJkkO`aL<iZdcIhTHre=
zlzk`?s~6-~F&~6$bO?8VV<a#F_+`TL>koWI{d5nfT(1|XZ!p+z-$4AV(-S-prsxCU
zGNQ#|b!gx1mNzbCAy{LO*qEsy`>a-F|F(+Pc)bx1rhZbJ%tK~5;#i?BHX=^R^&X4(
zEh-Q@)zGyM@(l5orBL=z&*w?R;kUr&)EX}5kSYWV_3K=YIK7vpSg)fAUzmQ14tJ--
zEcXY<B+WU5FUxxoxCWWj=oWfrRPMRjSo0$6yBe91xLF13G!?y;9Ej2^6_HQq|L;P4
zcpdt;Ysk?Hccgw8S5)|Z1l335r$ukief4Zg<?k9|F~wy;48e7AHu7@X32Yy+{sF{4
zbSyGc*SG`fevn#VQxY6|g&Gg%RuK3byYuGCsuDk><KN>FSS9Ca<*lUl`4R9bwQ_b=
zOYu``y3h0+Gn{m1d(dIP%o?f}mrr7IN@d55q06#gG^!uxY~%&CL5?QE4A>5+`>5<(
z>m4pj)jtf0LY_waMXbLDex8$|-xl3AN4QxUk+6*{SXLwTu}OU@LH0_qd>8#vwANmY
zS<WJ4#<9aQjJq2DjB=W6BzcyL?@>A2<oE=AIX8k;GEqN@I9oe_IYgg9nN0NcO>v(r
zYrCnwCuLw=m8gZt_ApV|FQu|y_I$o~g0e<>L@SAPKU+rz!O5m3BsOtEO7-g6UPFRp
zFC}~>g^vr67{LA!`t#L9i=)e>V3p{LIGPXT%}fllwUT;yj(HA$wD>NL&z5SrQHM}2
z4#=<$77}gESrSgrx~&yvIX>%^($m>@Pn?;ctWzDIy@r3Xq!K^Rcw}%avWPyoy%m{7
zPU2r0i_8!<Mclthhq-Otabq=h!*BM|3O)>(iFpk8U`*58HN2Qhv?<*g$O`=+dt`jw
z9SM)?0sNlu2<uy^E$($#S-p|z{%S*5X5fzhITHU;AQ$K1o{@ghBe+qy23dZU2Sy;P
zOPW3P{B^C5AOm%@&{_n+3UV<1NbdEX&wV%jb-+s@zqKmlrv7AtbN@V&uV-@E<{R>T
z3CY+Hmz{ZY7BVkP!#yk5f+TmV=0@-ESXsMi2RlAO8RONue~06{sa0P4YGhf~V>RAJ
zt!i1ddaT$>RD7?&A6R+=)dktcCxf+w(~x+Ok7`FdLp!xEsn-J`0(6PznBRq5())2|
z54}yl^YIMva~|DEyu3n{GJ*Qm5_ZQ+Rjc*2oudNn%e{0i?wFr;^~L-QS*v-v=Yi!*
z*7uAGhHJ=jAd*>OKK@Lnu2eO?wS-~**rV00QK_EetR)<mQnw#~|0T)ukkE*7F2<iw
za5DZScR_q>34a<@r?QB{y3)~UC#b`2cQq$>LuS^V)*H+><-L#R^KmLZa~$8zLDFRG
zp}(^gak9S<a?ayO&nbKm63*dzQh!%(<Xx$MZdTD7>k*}P6{8N`oMGKn?~`)TI09Kr
zKC|qzC0dtPv;CUF{qzAdMg?P&jwE{NJ<%58e)tLQ@Ps5hf@D|t8R@-&>T+alpKoN;
z$+nYEFCsyqivs)o8278(RwBtNgXw3!uVV8R$1x{q|2jXf7FMqmhl-0re&>l4t6@!r
zYl>rGbs;&+eM~Hfg#|Kmmqu>yYdz)Pn$opyAUwZ%5(}$bWL{6n!b-AD3<%r=z24w{
z>+ok<Dfu9M^}SB5u*@y2EPPmLJxxAI_^jP~kvOkv3Ff>`%gXX~_=hMC%Mj=G!i>uQ
zEbd%caagM^gfC`vj^84D)-mhF?Vl+ddbc8h&HWs8aHsmKd~8CN{kX2BN!vLok?SA}
z!K&6Y+)0%_%G2vYWVRwn(BLk}5{9u6_I;b@bDuRiFvQ;ww&u?jT-Yb)qBRpZ8A<f^
zYQp1vp#mF$Ppc>-37lPsgaVvgVZY5t>R;FIN8xPzYaLy6l4gqGX=TI2w|n~h1GrP|
zxQ2`u;a>RM89`4vaZi}6t7b@8?OSu!s2Mtj_<6-YLb6v>Jwd!+wo{0g6z@@wxGWDj
zW;xrZ-0c%GjO@aly7nX8G$b6Afq0#z=KpgMe*bY~);H=b)F>U+{Ubuz^VK?!6H63)
zk;YskGip@Y+5XKt4|%NnzH0fW(T<k|$_~Eq=Jo_`oOZUKxVS9hvB6iJEmc2dB%Nwd
zk@`Ok4Gn{lOoVAHJ}xZ)-l#X}0`1797@fV;S2YBAq3Q_zH>p`U199ZfMKWHlK*9p{
z(2l<k@(#kdxw|(YPW1crDRUqa#5bnGadVKgCv(*=aa4q3?o!KdB@*s&4&9S}=U62E
zD+`9J75a8yU+uJ=NJzjEwK|q097?vS@2o|K=KE^dOOVXAD-)JIMB8v*eJKA4e-NvW
zR=xHXWU^rv{+GHA1l~t=>-+wtzfm3&HvkE;ZC6X_CnQ_>aR@SLQhG<>Eks*wG7x#A
z)}E>he<MQtWJ#x7f(4SsHV@en!dQi*(cOvcgF@?(^GUYMqt@sfbNE&idg5O58J9-V
z&4d~%SiZ1^6?Gt3yXj^mV{n~ZhY6LNH&QC6b4Q-E&q;QlwP)ekoAhT-4I>l5x}WaL
zXkgR^$KcQIX&5ynSc{NZG^5yzvMMn0AXot3Bw5^yQ9q0|E6d1>U_A-kZB<lgh9Z&D
zhEW?h0!Pakge+w4vaPV&8q&)WU>H^DR3*UzSrfO^I&Pu2b>u(H#VCkifh=WNZXLJK
z+XC}v8F>*bkZ}G5)^Q8HJ&wF@&oF9Uut3&nO|p(#=xrX7C8N>0kx}b{h2E&gsWblH
z)`1JVJxKU#(+#601go4Qkkl({OuP!Yy{s13rKFd*(J;J%<;&KPg#IdE!*IVh(AY8b
z0N#S6?`YC?>5HWG$dc7aqPq?xhOYz3+g~j&At^`}klun_BZq>ujdCTlu#9}r3rU`L
z2a+!=kJjAl$onL3z-B9LNN9pp7}}6*n|Y3{TZ6oPc$hV(36@a|Mk84{^6W#Ki~FrJ
zh6$EYhYVo*9NT%@mJ;oSC58!>Q3o`tXl)?hvz4~q(FDsV5P2US{sRlGFu^hk!(j3|
zgIL<Gw`MfKGK#|~$P8SbXAcKiGn!x-#o>;eTUpmx6PjQd#i1R^f0gGnI7XccmaVuq
zg8UVE4S8N^M#43WI>ZFaaB+8z&wU`Uzcrx=mQfsL<ox_Cyuk#^C=eZ11%?Thkry^u
z6&NO1MxF%gHme511k1<+omjFw!vxDP48sJ=Fboqc!!QgJEW<Di6D-3pOt6gN(P>p+
zm|z)sVQr4jeZ4iG36@bTp3U)j|J|C;1j{HEi*kD2%dw?JCRj${cnX-7vvb}A{MMST
zj<JlRMhF*^uWY09tjX$Ir%bSnFa`kA$<GTYj<F^)!7_@?Xkb+i1nVYiDibWj0Jscz
zrG~}oAtW`jVS;5C09=a9z}1>q-31J_<}txCj36ffkJgA#J&(NU*<PG#f@K(9_69Bo
z9`8o6nhcDxrYN3ZH3UVfp`pQQ$B05R^3v6hsfe|Z&D&}^k!3<lfjMg7J%eRLEu3Hh
i+Y6Rq7)Gt~zX1Tkah$lnCeFYB0000<MNUMnLSTZ!n6o?p

diff --git a/web/images/header-logo.png b/web/images/header-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..a644b41fa842fa1019f9f76177a3a4eabe17fa34
GIT binary patch
literal 15143
zcmb80cRbd8`~Rtwy+dYp$zIuH?;Vm&_9js$StnT`*()QGtR$rDSw_evn~=R%e#hs&
zAHU!C@%{7nxUc(qba7p$)BE#2j^p)uzK%0OTT_Vuml_uX1A{<CSzZ?d1CtZ}Y=V6i
z{{HLM3-~+6RVy_md5jC>e{a4OCcsy4+?5}AVPN2qA^*q3NXwvtFJALj(NMTHcNw2R
zgtga&yA%WCCWeaqJ$>Ktb$<tUJ;Stvys6Ke4?nU#{Jq_4g@2U{pN|TkO@>sAk&MGe
z%kb6r0qKIL@0XM=R^Jz`7L}&0rWSb{K4I&!;a}mD8DI&;(7f5+YOxjUf`4^0{p-We
zoIhSwJ(u3e+%;7(G(7yymbtN6f1mu#v(4J&jMJ>cuWMc`0S(hc@$#f9`3;z_BK2;*
zQf7*{q{f1Lh1`fKg5}k%a`+?sa}X=?Ef!qP|M`}3ZsUKxMT(X5Ki^`}v4H>T|Gmn8
zzx97#<x1S-^6qy11EzQkjAq6G<+r+5s+9t)>l8~*&jXIm{{<eflH#zCsx%5k$jeSx
zd}dGlck@Y$DPBF#<Z1A9PoaOQC^kLKE?xZZuKlc;>6RYL)~QHq+WtvO2Z`db`Z!^9
zbV4`tgm3PRbmd|-((Jy&gw_@&eAyRW`Lm@Z?E<J$rKb!d0`Pkb;0k`Q5AD#p7pO2H
zz2tgZKX5A6@1}8noYTUS&ub>@IJM!Mr!|5MQhf>&M2zV&`2ky*>`NEu&#VI+cpuyu
zI@b1^=eN%mhRh@6FQH{IQ`IS$j7F&>UfEvXs8$Y+aZB%B9$U(a<y{iUQXV;We7i91
zd{~LYk#kP|zKdVOImft)cwJ=R;yCSn{1sYr#_qz*#CkiS%~=8ZQXko2MUfW^v$K|;
zK7Y<_Xkeg-!ZIs6WY2N%ATTL0VCLZ=di3bgEe?*{`oe4`^uvXI`-iA;eAjHXJCOwp
zs4A{{mz@<Q!I810AT_5s(x<Y*(v0i!r<uoFG}!@LsnU$YU8*OflSF=7Eoy3N@5;(L
ziu4M9_V)*&(OACUexEv0<62(gex>?WyLjjpCueJao|4DWmZg2wcy`8{bEg#2!yozA
zBN}k(j9rs080$!@BZ=3ng{Bl|Pe_XxFr_#P2O|XRdS^n2q+|>YDU*_u4NbL4$eK3~
zTb6e#6n}P3>lVEpYMsw*Yg0(+v5k(6ZE>xhFDlFmR?Iu@;^Uuonw5H^ZBCkfSfL=8
zw{k5T-8iK5S((m!J-DoZ?U&#qfr!+vUj_&`#)U(j15lfbU)+RFDqe}k3rNd2Io**u
z-_!H<@qwqKouK-TSuADj1w(X7qGJ^`b<9;99Gssk-n>-!%Brfe>gxCs^h8U`%Y34u
z5&iu->RMVY>ppTh+FQcgU(I-~UcI^{eX%Ru+0}LL{{8Fv979?IoC{<+HV;{v>iShF
zdQ``4Cf3n=XeVcr=36GlxYNgx?Kbm+1<HrX@4^<{MYekGPQNKG#&fNv;ZKdOCSMqD
z`ew%CEk?JqvlEw`d@ZjZJERHYo0%5YeG?N}D=Vv;30*V0$1^^4mQ}`lf`Xw11#BkY
zo?f4tnsOJ*jQg?pm9AS-Qu19%iGqp>&cNW{^H;W(`Nw#LiP(OwLgOYS0b2wp?ESHF
z2OHFt2I32*iBW}<J2)STif(&*ds{d-+|IRaGb~9`W-+Ss;d;p+{j%g?b+ZMpOkV#@
zHnyv(Z%J{{!Mk*8!zFTlexmfKt$P`g&nTw-59taD3mFr-m>eJ496C8TH0|vPMk_LF
z;4jelS??;8J7A)EauXL&CGt+jG0O(yL^&?F{W9n@PFdOxS-o5GC-GN?ySwq>pbdrm
z?{Oqr&9}$+t`-%(8C<y{kZQuMWNb{m_f+y@Wo3MNdX(34@9e?)#Fno_+>hG9P8<Fk
zZ0ziO($Yj_BQ$X<^aRWw*Gpw7`W%nMa)%ZIJ}es)Yt;YC8QKW{>Bcr-u42K(#nt3m
z4G(gczwU^?eRP!S<m9B>WkUF#F-8J8F4l0FIng(>*x=wx84`Y^F)=aaW6p71HW__S
zCFn&mHGlgF_oo;YR~gliUN;Q+_Z!8H(&Ln$-F<Sad~SXo-XLC7o2=dqCY%uEh23NK
zwPCKW`@;`?SKcOT>*xfHj*h;YP*YK9%8?6yGqOfPMi#QW+z0pmTm!vUOL2pt(4A#B
zp{&pDZF98N9+xr0tDnaU0!xW01$V}}k5a0NbsXED<e8M{R@zTfx+vfrn;xv0U!06!
zywNSP5TuUJ%p`cLi&Hrky|}noexnT~zV2De%g=u)p(}KB)X2uh1|DQsvJXjb_n>1H
z6&;;|mzMzCal42}-J;eOBI)SKNfT=28QfZ>^mm<yH<nNzd$^9dGT1sFYy7doP5#zf
z%@hB-?XGq9nknkEBF(FL-!yk<0G+S%p&eBk%5b!!B)B=}m=GJ7ACcG9)%C8Z=$?WC
z*1_Mg5b2BKzN3@1GI&x9RRs!CAAc-1@2`!(O`i1@L)r%m8yoI8W`-tvQc@DHq-4y)
zYS-D5{WX1~l3!XL4QFby-Pffeyze}csgEXeN$+PX{Me(wvUJY36h&YfBI<T$HZ?J2
zxxcr9IKU)k^Qm+@8&R0Min4NJ64%2w2F0_UweJ7U{5ZL}OFJc4w&>T_*L^R}4|TM)
z13!M`zeOHN-0odBWn^sJ+}wPLf|3&6X6(v}Lw9$#g`*>GOG``5lTG@o*REluhDcw(
zz?$f|s7PU?W^`{jdwgiEQz~zS<B||7TyDIdS-c+;(0!;d$d+xlFe@eN;lY>n{GXpu
ziNUX-p{7~)a>YfaRMqZop9uNj<72;3=g-6f4h{}D-@bkOv$4_M*@@lW-p(r|gdQ7v
z0Nu}slY*0rtDm3I_NqiSy6L_%r+4z4-bhCkM(#asY{OFu*E7^on3g0RL+GXY{b<>f
zngOTy0K0$=dr~unleIXB3_q55Wo<LFmy~9{n1tb%M@mgY23JD$IS4AYQ)O@0NWyS}
zD^q10^Xr#Bt%NVJ(?}^=Hs?+B0z8(L0oDu=k4tb^Mn*<~6YF6kYj0V_7Bc1S!ydAr
zz8lu)Pr9o_HT6|g&F?>j=Ln~4KMf-qigLkIRG;HIUA6W-8kZDl>Ou4|K7&SZY}b~x
z{H;{~tz*>Q!#GmjB7NMqx)CWUDS;+(^<8Bq=^wSTyU&~5A3EHRjB_fEVC|^B@GQ+#
z;YiGV{~p(@jFOL!&)&ra-D8`lPJHut!LxJG^A<U7YkRvaG$|=5dKDEFWep7lO-({!
z*U1+y6Q9uwHa)$)b3b?*<Xv32pl!caWkp9laM`{0&h5^C>&E_5%L*enZ!9R0hzOkS
zo*o?+ZSG`dXn4jY6h%cv%34}T1A?|pAhmUy0q03f31Px!2PKm{lf#4A@r55>Wp}bi
ze=88nxCqlgBjl5kB81nftrZ<z_c=Nbc&E?7!ph3X%zQaDH5GYpva+%=vK4U^SZ*xR
zNzY{8S$r|4X>&aNd~}qz7@v{hSxY-KG^DJea!*d~vY5CypRn-N;vwAX2?7jljznZG
zsjA}QU%jlWrx%}^8nL(M{b&E_A8#@EA?WpYx<&bq#3-WBUVJ5jD4t(RP5T*bR!y1W
zPkxS$zDP=<*xTQ?baf>ZPAAYTOgK>CPL?Y%kSiWy5*MdQ7j}__Vik7#9lf`=cfBw+
zbkJ%v(g!VOhQ_U87-Z-mABO+z^5x4l9`jdSCu@T0o@`oqdXj=h@D90ui~Og(;Lo-F
zTio1=@G2a4?&#?2w^G;En@ip0F5w<`>JMm9c2QV+x6I#@>T-gr#}G_$_w~`2B6(pW
zMYgef3^lJ&+0oVe)}Yvum&$^dDlR1jJ5iO@Xl>=spT_KqGrM2I!&Z)tkph{)Zn(jH
z%W^1`M8L)Abl#UQ)EtS9_i+u+1EiruJ)q7rM7^#aZcMez%`xTc-ac=!&5euA)90wL
z?V+X>amR?2{wJcUs`^Hs!!WeBR`>a^W14%vg^PlK>%eaqUaM<s+sDh<d9}4S;3$o;
zn+me0Hw*h0TU+J-j#gZDt3PJ@>^h~2w_u2eBge8KBnZtSC<wE=udikE5V<*uc_e;*
zewM{X3+j)@7d@L6JuUtGZur#EaVJN;9{{Q0;o$*KIH=#AJik`{V;htVa_pg@SD*{d
zMe)=JcG=_xgu54DF*H`$r$+veprWE`WVkp|LhTP3retP9g<=zjEgV}2Vp<7<Hr_ip
z0DW-D+S=Opcrm%cy5r?_yng$h+9BbGx&6j@L*DFcZ0;v}4ydEqaA-4O`W$bC-d}0H
zb#$7r78MmG@??W{XLmO~J3IE*uV3#hbmencGoTey)6i`9if=aB@MB`Y>myV0Y*+e1
zU|?Wi6pJF&83xTA!_qf}h1UiL2UF71Lt177r#F?HojGA%dwO|Q1e`x5r=)DL7aVA-
z9>@&)6rY?NZfNF*C6-B;9dL3RChwmJ@%~WR&G2<8aq+0b>E{fEnwiZzJN*0AB(w12
zqu|Vu>gGsn21RXKY3bn+pT<TSaRt-}oF^rZS$=(D74)n$hQJ?`l>^?FbBtCGTX1;d
zm3i;p4X?E8n>#<8R(k$i`nBq#Mx%%eUT6|fVrFH@NpJil=s`bl^6*%DdcI2AVmcRD
zfN?1y5uJY5?P|V;-#0U82WU#8(1>SGpKcvYxXt%wivPNMz55TeAt>dxmvrLpdw<}f
z>%&}STX<14gKqKRn%p*o3(zNZ$_Y*5-{JEM%FN76a-}=3wDHX__*3y!-}1}Mlw1k(
z@$ewY_CL6xnI(Z!IH<y&dZaX5@-Y1Udk*K{UvDVp#pAL<BUxIqMMR#QoSb{zl>WS@
z2yKn$A}%f-9t``KnwpyXUCEIJ@@z+k_5w9|nCp0lzujGGr(8|yd<fVzGa4HkWdh5Y
zjze1wQ{e1tYDD1IZL#6cDJda<ww{uf);utvi)~>cxZ9V+#@ISe{BcF;Buh3<v&CUn
zHg`)l3&$)Q7k$aIHsho;1)JO1MOUtWejCJM#Q32zkB3+$6*YA;h$uxx#jSQ4x0%ME
z%b1s5l!Q2|H&TePUkp1|`OZbK$3dqel0G9&<}ok$$1kiAw3mFu2~z?Nh@YRo9Ii?J
z+qY<R-t4?MV}IlC-)5-oHp+4%PE21*I54G`v`t=plHon+cPoe0=%Ik&b=t)@zlMMU
z9xv7BXq%j*U0q!*e|G5lIyt%Wq#?NDdj^ly2``CB>c3CQ__Sx@4&i5XlWfzTCGO|8
zX--XtahsG~{SqLe$H$E)zdcL-t+k;6PgGA!63w3Fd+GT27;`%7idtG)+7`5e`DQep
zGWdZA<w~5S89&Q|)UzI?A4Hm%xLI2KJPSk~iUR(gs8AxWOx}t4lPqVQpEKU9!t@Kf
z>h6L`MdhJ#o&-rWI~G0cua?c(5}M|>-#~A1Yd9C4o14>q@Sv;K30v}Un8?ig_wThq
zl0;GR%zaP11C?4}>A1w03LOIm8!vSXn7ZaKkJpfY=feli{QUf%(I@UH1}5T^$33={
zIiEjM+;#hn?~Z+flKT7m8;#r7?W>??wWL*fSy@<S;+5!w)Y(F&T$PlRt|{p3KmA7j
zq5SJti9kP?i*SK0DvbVo{qUeN>}A)w4_p#U3kwXk1RPKeV2xmU-MV$_O@TOrx8|iR
z5m0DgiBi<rK&1G7GqV?@rixLtdGrVwblcn8j8&=K!s|Zb1qB7=H8sjQw$LCz?Ox9A
z3xE5T6`zPG4}7bhp5E5eZ{W6!Ds2gn{u38ReDg($|Dmshy_1t1Xw$zw;xV8Vq+qzs
z{^`#{np@7unw+mDQ@l*!;A~Dfy)0NA7&b^}2LoDeTQ#zV9&&su)zQ_Z0&4FPh9ETo
zGAiTagJ4vSyOj>GL)QXvRb#>p#ZQHQm4%&su<DU;djIrvEO=_@;&N|w86_p@poN3C
zo5gp;y4cwEEiW&}Na(r(6$yR`M*FQqRT#WBwzf=n?%;ve{cz;Xos2g>KM#IE-}n2X
zC!7b2<>7$1U!)&3-|F7R+Aslmd3GjYYiGv?^Y){`r0d<V@bIF=s~8ax5imQ0{ETFk
zq0_DV<h^~1wfXIko|KeS+t`@nog$Ae6U#A}JGwrJUHq4{qQMmveE5WfR<^cbjwUR`
zabS$#*K2KS(-Gj!xY{w&p-_5?k^=8M4;q^BHYGHqj+b<DmX?-AmI~wG-AC*F#eLSt
z(NJs95%iWm8*$pZxphDxy?XWPPwD8yMAY;1k>?6_cI>8c4JSioa7}UGmj}Co6vLm*
z%|a<9rkkp2YTK3B=lG|Gn@XTdmVKvO?;^%{y?T0X;H}!9_4T*vswtW|+Bdnl2*iE<
zHiGd%)F_NPgPzs)7#iQTlIou$BiBF<pPiw;Znx9CD=k%g_>iXlWc7~8S6>pCY2fu<
zm%U0z(7Asf&7O@S1-kKJd=)I?`1m-lu&|=WJ*%YT#KhUr3Tu5M4;@9tt6*N~bBFjE
z#ugS>V2XHb&nbMWuGZ^xEg*jVV-ZGgQ-MZ$`SXhaq)M)a1l_0kII-@#ocY9kV^S0}
zH#}TgDHK)N*Bx9^GBO=Q!|<~D6I`&4f={oWVQ7Lo4{r%4nzxfay#Zs+@Ax4NHMRD`
zhf$wDe-5lCTV&?rBcTy?meJ54cwbx`pO7GzefacS&9g)9fYXWTxs9nh@+MYcVG1E3
zA>Z@;5lcbp%b`g>7IR$_wzoY_OcCq7ob`+l8j>&E0t?}E%gQl}>WRyOW$@U~mhLv>
zP?t?_c9fddZAF=%UAley_AHhGOCr)*X5HW9<Y2;lMN|sZlp)v0*2!A9exHoF;4fk4
zQQ|jA;o|vLLbGZn+>~KqVLzv*85&2WvWbv)40m3}l!bC-|EcqI{eQ;m68<h-US1vu
z&s^)Y?CcI;0=#^DnDD%y!jKCFjp}G2LF-*D?bjJj3OsJpFQHjk^y=#BGb@GJgdR4p
zM15*a?46xkC)^rhU{WI{sJH0HqO6-6&(mkmJkC!Zf8A=v^Zi@VAsc#G<@w6$YV+T}
zoR2y|Ujn6>iG6;?Y;0_7q-70HvPFr(KeWDH>TD;up%tdF!xzk2H*arpC=GWJ+Se8S
zQVcLtd^Uf_<mToEZhIUXjB*flp3~9M9sS9RMTiUdxyT(W-si8}?uv-KI5~L=if0DC
zE)PzvxP5SHDkdj~(U_zk3gF<t2lVpne5^G1GG*lkxZ7f4VsKl-p--I6OaHSDbjK-x
zKYzXWcPiqwgx}uL@j%G3dLm|V@ev%r8yK=KE-t?Rj+cubf`rl4uyb~f-bsN+mnvYV
zZD0@<&JZBd_<VG1EMl-wEAQL4%z|y`NcL66;A<x9o)Eze_|X3_cw=B>gz^n1l(%I-
z0R7dF*$dIBJjPV@Fd%Xn($DFk;rcEn8pb6iUax9odV!yikieU&F8CCTFSJXzUMrT@
zyRjEzN&5e+tTZ(@%UZO`a(6)WUA}^!P3#K=18~J-^S9&|8K413f8yf{(nuGs;O5?0
zhR4=+bR_ch=~Ez24jz8xvEYxa;mp~!vO>+uI=1IK<T3{3_5Q_P91($3Njwo!eiMR?
zr^}&0@fV!O)<)f?Y?1!lb_YYaVxFbY-7bdkmY^TWJoA6YDr@|9Z36=z(JX_8i%Uuh
zi;l+U2*f7YWg8s<7f}A_M-s8dUD9?^nyOEqW=g7m%bJ?f0WmBpV;?1I-LoXoIIirI
z3K>~zlRh7mX5`_CO}GoPLY<9F>S*Tj-r?aj>@bVPdra|-ww3+*(IaNhVuZ{cP$=4q
zee(;nUZEy5M8=yuIz{@jP&;e;12bv*9OyCU_OVL4S)V!>NP)SzOv)^zHg<ONKXc>|
z>oXL_LW%=V+5=jJ^TcO@8#iwJ>U(Hz9t*9M8l4EO^|K2NLdV_>Io3>V5StMsueSc$
z>lD~YEVu$M1p^ZWMc?`Td$StPH*(&HS;A`|?cn;Rq^35(NyAL&hdb8PbT2w4#?sdI
zDhy!VB65yITo@BzM?1m@Xv+OheLy9Ovbfm_VRi;%4Y#&lG2u20Ok)7e4D4!EZ{}1=
zx0L*EsEL_b*qHN6s_i<Tb!s@emGEC+)a(V}M<N1?ogUJG=;-JfXzI7PxD*~dc+fd_
z0dUrReO%~-KDHx7$Z6ODycEI&;b>1zPq#r)!}!i-YdC=F*jpI{&({t}P81#7V=Jep
zM@F!Egpz{a9-MjFVaEau^oq5Svb@SlGI;f0f_uIaDH$2~MlV<l-Fwo6^w(zacsmUU
zEcjF1cNSCx1qHP$GdZa;HN!J9XkqX-t@~Jmw}Bp{|1RFA;r!qs`St6w`y=K=q7}D|
z-VqTHSlZj)Y7~4K6_r;Hsz62PUXgwzz+=>I&s`DJ5ij7>OYJMbTM;1#Z`b=JN{Rt#
z>oA9a5Zo&pvG(zy=;`S}$U>V{&bqLm;G3G7lwLnDG6x$|QQ&cA;I3kx*TWH(nthAx
zpnrxBj|1SK$g=~^rKKf=%zD<wfg)dBbzE3n)JZTe9s;}4Paq(2D_6JZ4+=~gBG-=N
zc1e`uHQQO^DHFQn8I#7c%#Dq6-wWtOX|Rz2$OITM<1S+V(Q)gUt*tFDFK-~C|7+Ya
zk=aS6B@q-EiTh>icq1Rx+}!<~2ds;$E4O^i{UUwo(V=^Fw1)QSN6DR-W!*0bJU00I
z&Bjg?&z^vUhF+=&(+GwYv?m>Nb1e-jD_0<zNRxrFHd^Dsyk0it+5u&#ZD^=O83H!$
z-aX8K?I`m%;IHB0>C26SWcUa6kIdB6^cVXRK%0{_9+%<C7A{MF44R79h+NpeZ(xuM
z|NhkwOkie5tHotM$Hs2N*@%N&L~sGnCw&W1T0#V~xU1|;;b5@d#<VWJz@sc8{AWf$
zKmch&c$*at@BUrq(ZKnR*u31_OU5NhVlQ}1Y62V17J0m9$uRwwx^MiQs740XOtkJZ
z3HsF~5Nb{J{-@=S*9@S<kX!_`FkG2mw-K}ejsDr;hE9;e_$n|qG#;gWMEdk*xNJ_N
zb*yBVUA8|3=zT$Um(Abbjy5m;xdA>1!<__#BPc992ad+5AwUv}9(3gP(R?hz1wgv$
z<7H=Nw$*wqBVac_p9R4aHa0AcN(MSQ_Xe{u-V_vEg>$g2ya5LcQ2y;En}ddy^tm87
zo_9Z)3SCrKUNzog9N})fe(CTS1v1!D?gX4IoI;KJ>?Lp>_W$rIW>YP#xO3*WeP_0P
zk?Q~g0nGkf)reWkY)iObQ{|S10luws;UG?W4~1u}Y>teHNrpxC4ZoN2=+4~jr{AEj
zShmb`W3eTwZjV~W&JG!xD?rm5+Ce}!#?j6X9$>IVKhxlMS)Zsb;t6!Vw7<X4o8IGX
zsmen7ce;TgoRALp#U&D@J4LLS;PK^|f`%LwAh`i;|E|%>Rix>$HSi1(pTAUK+Y}tR
z!F_`EJ^RschPQv6L;$h{asWplQuHTG;j-5{FVM9H(Pm^3b8nHBZg>JhGAuPg8sC&4
zDB{S-$gKf29z^cHh=|DPvja~7i59RwhUaH|3M)5@C`(F8z=~kw5%fmOC%t|>vn+if
zO8@i^<EkyvdabOjw|_s|Y+CUiI25BL{Lc`ug_%rq*Y!<VS!~)KNFBiA$omCGNOe=>
z$M^4uiwEfS24pv69Bke`PoC(R=@#j~`|zO^j(Pjv>E^Y)hSE|(FrJFKx}@CZ_4w&M
zR{>up|3E{#g=3PIc?XSviJko##BmVmBy*eM8o5!&gyE{$juVgByzNg>mdcK$-?*8m
zS^-n<>)wDGNL@lpLg=wz1t}Vid)(aTT5%@p{nNwHnVNPl=7n^PvEo~y{ey})n%WEq
zhlvH@#Wl`9?r9bxmQ;j=k-VH<LA?I*&S~2DKDC;kZ23_lmBVZMND(6H6`@=P#SZ4c
z3o1bFE-Wnkv;#2+YzO=vuei9{1Qi2=lAWC$1{n?hRsH+-D^3>S0CkLwRrN4BgQ@80
z+Yw)(0U6LtXFM~aRx5ngjayq=Wxyl>O92Tx`sJ~c@|IOVKvtHF=1~Lzmpn(J=Ui2V
z%NOSc0(^W63yZ*=&%o=ToBI464U&9zaFd(+WiO?l9dK1gN5{CVEY0H^7%-dqhleSC
zURVTa9u=3D6Z3rCx<v24r;}e$FcA73h5_{8Yqhntm^f3dg0`*)0IvT0`GY-b0^IMj
z+w@C#4hCG%5{VG=?uRxgz8(@1@=G2oKxB7zYqq7cua9VJc5K}T$#oEO#Z|F=j1uH>
zfI#b$W|F8KM`C0^*$nDVqAC^;@kCXHP3FU`9ZQnOiDPff%9H{Eq`rUu4mKzPlo2B+
zBzZml^d1q9xho(F-(3W21=A%9%V#~QHTeSyw&8rD!4iZ9;@1F%@u1kHHY3RS2ntoU
z91^<hn`GnE<XD2Or|bQ})8lSaLamWgP{8#GPji)r!AyZf4^v+rgZCk4aVDwc$H1U|
zhwK8xA4`Iz1-1?kQ1%26rb9|v?H?`*yblIWt)l9xs?EQ@J#$db>dFUx4JQE|wGc1C
zS-l(G@_DBAV{xtfw^6|l2(Ikzz9L@)ZqNP_|3j++$k||&z<}VBkf5Depr@llPq`Ly
z2fCkq^_W)##HIa*wO~o!BEl7n0dJ{=%cQfgwT(^a7w#8D8F6tKQEjA5e-=GOKN#G3
z+?w!2EK?Kt0km(GE~yhq?h*eEI9(469iFIm(`!=mby**;8f|zkU3Sw%<Pc}=1iL<d
zC7#_@%gTyLS63HwEE+^AIXU@F0Rb}5SHRld_UZ|n$AiAm($bO%jVRN8vGA2md}eEl
z_qYF{>8P`?#BR3$a0HFfXy5u?-vUKNRqWvNhfs*XT$B5FMC8}K#pF;{EI7g<s;vf|
z^3AQzuQM{#pEwLiH_x!l_OEy&Fq=F14ok_*^u_t~gNjZ-$6#n6kCF9s8&w~h@wh`C
z8Hja5ojQh1e%EG)*(=;uQ8B_Dd)TI#^;+fqhjG)`ECjm&nVJyYQoYjYbJl`T0-Q-`
zAsh;XN-c`oU7MiQe|;mCa07q|fBdjPRnXuLMBdBG3v>P1xBq~zBWO1d`fViXi9iZo
zcJxsh!qa=mf|C&|v4agBsQ>qGO;a-UTdcuxAD?WRy$0Eg;Too9vSfV0=xfwXCoLtF
z74Qb?1w`v$gC3k`N{X_U8{xr5WxR2TqJaU$moHxo*1yULhh+f&>tJ{u4L(BR;%s-c
z+%m)>I@f*vru}v20$@{2=cA|yi(vsQird4FHd;;CyUHER7o@6;395|gJO_mM<|A&x
zWo1+cc?AhW=M53;1GRW*S+Dir)4u4B6+_Qowb4*gUaK|H6ylp}s4(IzpIFD-PeE}|
zr`Qh9%~`!rq@<(_KRWW&WJu91k_X6)%@Ak8&Pc<Te7{M-r%v*wUkY*mCuaZT8B+Ss
zQp7zgaJ#)t)aluRLas5Oh#{aU&a#qceDzq2jy~YXvbCcF*?)jx13cxYV->6@kYM&U
zt0;q<1g;l+a&_Yx`L+IF5Lfmk(*Vl18ZQ&wWMpK_ACA`=7T>*qx)wBUXPKk4dfyvA
z&cX)nkQ^m7ec{EX`W964uUc9M*IFuVwgfbmtaa45!cLwC&J);1@k6gm#$OUeMgB}Z
zM1XbiknCGs=+%R#nVRfKqz8EW?_cNNBpVh%ZQWOh4n#jXU^U&?jQ0)vu`rv!(7x!j
z?<?Vb+3Gjhhqs<CXYvkRot+j#Gb*mvDPzeP>AK#}i7#OUDY$;`>1l(6K=}z-{Z?yy
zc`igGz!(t2_GH?h5@<<=JD&-I80lUya8aO5j!sU%P_+S_T%-5Jc=*{F=N9Aa<uJ;x
z&q&FlisD6JLhkRwu=K>;n>hdlDu*I~Z3L#OFsBf=QpzSFYyR7053_0;gF{GwL5_ZV
z_9W1+c|Qj7Jz<yeP`D#6>LsNd1mcy8^qE*$v0&gSazwBR@bd?6Y`AiiH{&RB?_t;q
z-_=vY6+Rye1-9?`qMV6vNm<HDYK>#S<RcClS{9MDfYKDn=@&8~4MpZ6Mk33|>FH_z
z&!5B?9W9@Dp%}r|QBzZwI}EZxk}Z!ajKdc1@zw$?D|#ocYzuq&4paV+<2KR777^S@
z#P0(+$!o5dV@BiHsKM$7co&2=oUIx*$bu6wIxAJ4*W*a+{P6>_Boszy<;WVsyWkKm
zFTHfSYi?vD0}K+#_N5tzUyedBLm&LG8y%o&PE~ItdL(LFDcbr8lyOecHBi{_i=WUb
zivtPt-Kbp#;N7Jb2n$RsEG$=2)cfr_W$V3cZP{Qi0;%cxWuRB3<_#}lqQnVal8U<n
zvct-bugkVl0iT0d>2dk9K$iXAWqEbMc{SZJ3Ee#)ZngFF<na2AKgn_8vR#0toCV7U
z{+Vsc8K{TG2Ub+=r%#~(G@w^ETJZi{jdXuUh~gCT%r?Q6(h_{*q}~||irN|o!t>)F
z=H;J0eVR+Kt@TlDn2t?Ny#ag-Y*11aZ6HqzaZn-vdl(*pQ~7muG$7CJ85kG@X5TSM
zA1O0e^7ohQiDzQq5*57xDgC4UL@YTESdGBP$8Vf<zw&yVm_Jn=mJ8lKXzdnYk60<t
zz6EjKrB8};DTW-08IK){6;PUHmU&PP(Bc7-#H7)&=$)Q!Hgo{dsc@UFf3b-O;#76m
zY4PU9zbY44&MXrIBwDjjK<1&9;$_e)u>V5d+%Yyb1{GfH$^STiKWE7C@)ZKi+klkG
zscw#M&cph}axWdiM<AjUJk~E9v>YtZsCm3b!DY&vNHUGuB^WL>RZ}Zw%Jl5*R>Z#R
z;~+A~Jn4pt#kc$6)BEE`3)I;y<?%9`5w<O^c$7@M>;m|30O6w_AE^bZDEB@%JKOEs
zo_aEkj(JUT(L7Xa=z$2hS}*qedZ+V~{ZD@ck2pIlN`3;yg0CJSBqWZXj_?{1pEfl$
z1um<wiI5n<C_siB@Kg7HecjzNa1umRYWWgE+?Zr4H*xOu-Lw&;u7GQgI7n@=eqSVx
znhj@|TOBI?Kw?txAOIrIvxDk}w&m>SFJY@-mD-X%g(;y6fWG_gk_JfN@S)PQ^z_TR
z)Sa}+Nl70apB;t(P`z9}-I+lg6Tq5Q)??cO%%gv5iq1kfIXQWLG1<HT14Dk^vu+C5
zUB1u@6uNTCm8fWpp!|)&`vT8LO_e%;-p!t^3&Cy!nD$T>n}1YwU$k=+c0vy}r(?f-
z5yK}Sz{)5_=$7=^ED_L+9QIjg&~kvdXWcEpbHgP@c0!P%G`_18Dg&jatjIeO#+az;
z0gvu%MeBJmtQ@>0fv6AkbTgPOUQh%Uo{m+<kSh+h-Ad>}q9qt40K;_!>>*_}_us#c
zWdC4h2Hz-@Z-HfL0hK^YcnxT%9O`<%z2<DjNz+AaM8rK<V}b$%oOw?zwG(At>xl(F
z=o%rd4D3R|@sQBas4+)eS<fvh!hx_%#CPi^A%j%(>(}IIEr1v$)3{)L;Py<maY+H8
z10)+TMG?aYL<;X#`1a{}C$#F%E)%k!EEtv2a6E=VbLZygBL<IL<vy%5z{@W8X6EfD
zIU6Lx`2)g%)`Ku7Sd1AA0AFj&B=2}9!sqeU%)P(kRd@md0w67O6;>d?WM*cr@m?WC
zdN8E1#D<pyE~55Y9IKEQMWfMB6-XWn4b9kioT%$l|I;-?S>Wcr2V-`8uw4SZ`8$>L
zeWu<YKtN_II_O*KHtW?GO;hSd;cY}lMIlKom|Eyy@OTkE1f>ZTx%WZ#)o#JyO1ay#
z)ZeMPyEF41I9g1h#t$DlNLoOD>$Vj@6w1_;M)6{V7OS*$wk;i*Dg<l5y!#<0)J9DX
z4WXwm{v9F<H9(_f`Zjh!;&zsnl@Y-i$0@V;Ld4yY`vo^b*z-Q#6+Imt5<)t$(0~5|
zAf~%}lMARy4vdE<8<Y1ykx$70#70O7%p2gg5M>O`T<Jd;92h_d*{7;19WNcW1WRDP
zj#e=Hf;0>B?j=Kyoc!u1U?Bmy8u%9w;G_~f{b|F1bgo~&j)dVGzrU$rQK%fJW@NNN
z$cs3Xgg}V1ke>wkFsN8-XJ>pOi7gBOrz=asupo%QMBq?2jlV!j{&%vLtfHb~w9<|U
z;o-1Jgi9(j+=f8T^mMiJ!dBLt!4)uOkOQerR86dl_@4-ZdxVWQUNJG;kfuONa})_^
zo4-m!O2(YBrD!sFz<15yVS$oe;@I50tKhY8eNbtul}yXR-X0r@1K3-hcpa>9!6}2@
zKqyY?Yn(u(T<wKwgiZkE?qbiD2ldB}&ozM}(<rX1OW!zB&n6^^L`LrW_YkG2$UKBI
zd3Nykp0zb|{qYjb31?Aj1H`Hrkp({%gNGd3fXw&!@l(eDAYklWve#UWSO|RdPa49E
z`}gky)@uboFW*m?63_3+LYJ<1kEs9_P1vN!db|LxfL&`GF@LUsRcpfC0fryh#RP1k
z`;Oexo_p-;i--oVWldU9PZno_*>ir9yHLhyY1HbPnz{=_uqOl$7`4;I{;s$<#H_6F
z1vV5b$YyvaMkXeqKt7&66%#6i?plBG?-^`cVSS*3MZS=0M7lj<kV+zT{p^{zqLR|e
zv%<ncB-8;dvbtmOg@s>0fRC4#II#ZN>46I%u~@dZu2WyGL+*@&wM90!Hmm1M`w|Ci
zCX&bL>dH3N20zJBwi{Q#L-DkBkV+^5aD2Qrj6lh7cmj!c3=wOcIpJKTBd<&{J9~JV
zqt6i!t_I%3%+dBd;5O@4^mlb9?OWu)fr9}!gHkJ5XDPx{zgINmSOKygcCmO_aMcCN
zkR%9@LbdBuZWHk<CfV=$!SSrh4V~L=&c;{B$g)KLS(vj|;)gBZlk_B(ghs6V5CgOU
z`V968BA{#{=Ncz(jtUCDx}2Pl5c2Wk$G}g?V3ld5184!uAkAngmGjmsxsFx^cIq_6
zyr!j|^zGg33tCoIR?9VoRAW=#&;B(Sn7gU&wf9+=qy+>*AfL8+`ZTSXAl^d5+}ynJ
zspZ_i1m)W#Gq4?mTxDouMFvZUrxn2OG29g}kjn+&9v#Nic8<WX;^MrdYdMf$gH)M;
zoriMcl1~d!N6o=`la~HQD9s16QPGXp=j=i}NmiqbWAch?+WUstNqg?VwlSz&Bz}1s
zo!l{xbNdFPs1}qh<Xs913LqQXn?kNVa4M-0G@X-qz7VfuQDy9Lyz>Y^I@W?I2|gcO
z2-vTXINuxmp!6dCGf?Ym5Tiit<^cKuR0o%ppVuo3NB<+Z5n0(wJ{yxaJbzx+IUaHp
zlC(&Ao$bC@9FOmBd-Yj<M&qYXg2*c&n;^gxfpq?N^YRfc1tq?t@<}~p(g;6`l{&e_
z^@nZT@X;ey@a?d>1;Jg|%F0Thjq;N3bzCe-9mk2!E+S9&Zb2g3_N9oFQR`(8^K_KW
zW~IXbi1DNi;-1u0e}=D8Q2@sPs=`w48|Z;B1Hevsn}sA;bgk$Dg99bo0>_!tZx6A4
z^vjoo-j5&mKS{9Jg0S-15f@xwm=*2|og|T}YD>1TeggRt(xcE9u=K01Mngx}2FH61
zNMd;aHUp419WPz_by<qloA_o&a5~5xlrfV<8}JHzNctHWs;^R7W?Dx9DhxoGJcPDi
z>gr%$Ees?G_zJNVki}q3z=?JC_O?T60g;zt&_(mx7<cq%aJSI@17W8l@6#u8K#o+j
zwE6Lpu!sn{5bnhrcut(FtO5>+fgj?<DxmfwU(1}xhiZdNdOYej_K}sv2(UY{3IQ$W
z^&Io<L{$g|Dsb%ws$r!?VyBZCwp(&vPC$_lx3HvKjI4P3o^5v^)PH!`VDigjJlLu6
zF0{)nT=f<M^I?TBiI0!)-~cH}H|*v%p-I3Z6&<7kZ8I|#fxPUPu#6oG`x3BYGH5p{
ze19gKzYN|bgvG|zfYG!r(>kwlLi9@{b#xO5n*wXUW7TM_mz`0iACR113?q}1(GZOq
zv#T&oEzoM{Mkd3;6~H7*Sa^orJ|MNq%F1sx*~YaXi-h2T#$8v~Zxin5_AfoH97qR~
za7aoLQ#wL7mGAARyVa`<>chg}ZCyoJ4~M$m>ST@u;eTfF=;*>Ns%czPgh1|HQTu0%
z5`#OvS&~uG=PO#6qmn2rat4`uI~!oSL6tqn?wnj)eImjYrxpi$9Gsk-jn2ZLBXmFT
zSQU4GScBz2(D{Ho76jMa<uj6Cr$iCsDY6_Na9B4z3s4YdHf(S<f^GoJp|K!H9V0Dr
z`-Uw?w)HgJI0_01UZDS=jl?KCk7QtJ50DcKx?8v`G<|W{;{yYvLJi8Kk80|9vl+)t
zq2`7Zk3_a22B+YCSXF5M<s5kaDym%~F}yDW!D79=2x)Y@0~<-hzY9Q4r6ii1eT3@{
zKjAww^a6+r5~Wj%$aZ&kz4;P6D`xW5KOX}2gWL^bhbG6W0e!0fZoI;78L~JDE72L)
zRbRj27Z0hPasZsmb*~X}s-6HY?vP4GA_c$uhtKMo513}6uVBlRja&<~`QBxr!f(Vo
zS*BgWZY0j=5<h?j3x!yXY}5`8q}mVS84X`mldbFg?LS&hp;iE@73j|`ueLByUehgC
zHiDO^iUvMb&MIj#%{$2^LwNRL7{#Xk9?nJVa<W@o(Mm-R^T^dUA1ydASS-h4Z}6m3
z=@3q`7dlEwp)wduiCR{sHx*3Mf@eQu5UNPuRf+no5`cGzpKK8WNf@!D$$8EtC(s6f
zNs;`*DT2^EUy}*-VlY}}{3Yb}aIfs`?HdtIQDOAX_{5rQy7{40-6NKDR?>V8k)D^a
z6jUlNLNC9!ZsCjdrYa?7TlT8K7^yjyS8H*&=vOSsbJ4SBk(^{}3b$*P?7+I*gY~$z
ztqe78bE;{wDBOR57IhURp@xkZBxKm$Y9Y#lRqOnJ5t}Lvz~sVIpF#MKgh=)NG_d`=
zN32wuV7qBZe_tf1@eyID_<{JO6<&uCO5Ldx-Bu{0Z%^@5gc5^cUGv>l>J|SxbeEH5
zmc^vF(*)_IRwz*&#DscTYZuP!?7Li9OKCss#~1J>m>1HO9QAtjMbp#Mkw_Ju5#&a(
z<1d}-Xa!i-;DZ#fR{^mjcnz?>5Eq4Hnfz$IONu*JO&uKRmg6OYon}vA&yo-kyYgdX
z0Tz17hEtBr=B;~i)|r!|0`ZvA-K0ZPmQf}IC{xn-e+)5kMkRhG4$`^n0$c%X($E=z
z1<k=g-IM7A?)?U?E2uibzpCAmkby&+1Z52$0f|!l4zi@kIxdy6HJk*^DN(;f(iMAh
z+ipN9689tKF%DlMlj$-|W_12A-jGyi+LG*D2F6{|u6)X!Nyox5`H3a1B8K8e8jx@?
z8Ns$5$OSMKEsH;r<Fm3}c6Y0TalG=YBelmCwh}C02O%r)o){(JmnW>$_XJ(y1_P^%
zxt1+SWGO~e(Q$F_F-ZwP;laxHn-Ls(at3d_`rsElkqRt#gS0JcU)7p-9g?1Kjz}m9
z5Ea)Jl^h5h7WWMO!As<XB_o)^h($>m2Fnf0KMGn}L>QqqIs#;WM!)li(mQ|eIE!4U
zw0H%^1Uwd0#XpYTbLCZThVB#4B>&m!n3=f=njZ8EvKa`f>i!s2E@osM15J1A6cJ;;
zTh6pb{;AUIc`{N`_nAgaQ1WE(2^hv3%}tlsMZ#Hi9}pRm2RT*8Dpp+!c*on<*@^5N
z{Sig=b8<7vCYQaT_(%+Q^7dyvce)&6=_ysTOn$|-(B<4B^%t*4C`%%!V#*@Q;udMV
zXA_od(j=-$OP&jzkd(;E{dkcg4H#q&k<nlTu<dEniO{hp9q5wlD02~S4XHX7y_=A!
z!a~`6s$EtSSRRKk7nUVF%3w;}yw2s8t;fRrPT!PWXm>eVhm3tur;PeDIM-jw(zT$3
zlyjORdA<r%`b)ihRDbA!W6JH!FHFA#A1-V5t2!l_)O4S@ZE=1aVvJ-C5ISpShy=lY
zim^I%*X#L8Ugn}fl)B_+@5@Wm3(?hiO0jd0pTWW)<AZ_zzr?aGTZsz-5qs4N&MM`z
z!s4Z`lZQ|*wWMnVc}uTMEBi<1r<T~%%U(%>%@o+Zg$1sk<KvMV8ygs?E#-t(rA$gs
zo{@aM3pS<1<)tOqtht1Rh4l$_Gfg7TeN{AhwYP&4$MEhA?&YX8>g<EuZ)~3!X4|{k
z&rtDqYnb9q_6y^eqKY+2500WWuo<>vYCJO^*S?b1k=mRaB&xTbuheAX;E>Ah>pLKQ
z^+jg2Aa~neUiHQNTG<Ru5FnrzQBjZ`IX4E8N#CEllYu^ZbhKd~f6{iCdg>9giQ0DY
zdK(q$W^Q1;OZ=s2`}}V96P%%Orf=!7jiloR60~v&b8?^MNd8gi?`3~1$4#E?KESNi
zUs9Hha0;1e=|tUsB4xc;oaxCWEY+O4iNfK_W)f{XKKaJvGJ5BBc%)CIO*(Xw=z_nu
z2fRK^!v_?P4VgJAbhBS-yKoE$paz(8J@D~vYrh=!;2D@MC5kF*XKxK}YkMy1v}3^Z
z)$o04>8AxeY_D!Z_vPA90+r_$ccyS&&R{Y0XbRT4U*B=wTpoXnvt#Yvnf*1y<=XOh
zeZl~q+e%F5wg({*VqI8hCfwqS=T{7BoMbg`#(tVPmZz)Llp->$tA6$BQ=<HPW?att
z`s+E4H?#kmbCY9AMVZ*M2{Ta9NS&Lm_(d|E`}fCsD8DDBryNgas64S|^};Ea$5B8&
zm>KY%<$9qE@>$OR^(oB%{Q=GY-;a6jJ<+(h#$0-sXzION0v~C`P*Kp7FO{_j{y!W)
BGdutQ

literal 0
HcmV?d00001


From d181f7a238ee3f88baced01e83dd46bee872db43 Mon Sep 17 00:00:00 2001
From: Joris Steyn <joris@ibuildings.nl>
Date: Thu, 15 Mar 2018 11:58:58 +0100
Subject: [PATCH 03/29] Show the support URL instead of an email address on
 error pages

---
 .../views/Exception/error.html.twig                    |  2 +-
 .../views/Exception/error404.html.twig                 |  2 +-
 app/Resources/translations/messages.en_GB.xliff        | 10 +++-------
 app/Resources/translations/messages.nl_NL.xliff        | 10 +++-------
 4 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/app/Resources/SurfnetStepupBundle/views/Exception/error.html.twig b/app/Resources/SurfnetStepupBundle/views/Exception/error.html.twig
index a393fb726..c35308c7a 100644
--- a/app/Resources/SurfnetStepupBundle/views/Exception/error.html.twig
+++ b/app/Resources/SurfnetStepupBundle/views/Exception/error.html.twig
@@ -11,5 +11,5 @@
     <hr>
     <p><i class="fa fa-clock-o"></i> {{ "now"|date('Y-m-d H:i:s') }}</p>
     <p>{{ 'ss.error.text.your_art_code'|trans }}: <span class="art">#{{ art }}</span></p>
-    <p>{{ 'ss.error.text.what_were_you_doing_well_fix_it'|trans }}</p>
+    <p>{{ 'ss.error.text.if_you_think_this_is_incorrect_report'|trans({'%support_url%': global_view_parameters.supportUrl })|raw }}</p>
 {% endblock %}
diff --git a/app/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig b/app/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig
index 8a8eb1b85..9e9eee195 100644
--- a/app/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig
+++ b/app/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig
@@ -11,5 +11,5 @@
     <hr>
     <p><i class="fa fa-clock-o"></i> {{ "now"|date('Y-m-d H:i:s') }}</p>
     <p>{{ 'ss.error.text.your_art_code'|trans }}: <span class="art">#{{ art }}</span></p>
-    <p>{{ 'ss.error.text.if_you_think_this_is_incorrect_report'|trans }}</p>
+    <p>{{ 'ss.error.text.if_you_think_this_is_incorrect_report'|trans({'%support_url%': global_view_parameters.supportUrl })|raw }}</p>
 {% endblock %}
diff --git a/app/Resources/translations/messages.en_GB.xliff b/app/Resources/translations/messages.en_GB.xliff
index 4bd70e4f0..805698400 100644
--- a/app/Resources/translations/messages.en_GB.xliff
+++ b/app/Resources/translations/messages.en_GB.xliff
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2018-03-14T14:02:58Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
+  <file date="2018-03-15T11:56:30Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
@@ -85,7 +85,8 @@
       </trans-unit>
       <trans-unit id="4c4fb9b24a25bdd45d83562a4d71ecde8d527a77" resname="ss.error.text.if_you_think_this_is_incorrect_report">
         <source>ss.error.text.if_you_think_this_is_incorrect_report</source>
-        <target>Please report this error, including the error code, to the helpdesk via help@example.org</target>
+        <target>Visit &lt;a href="%support_url%" target="_blank"&gt;the support page&lt;/a&gt; if this does not fix your problem. On this page you will find more information about possible causes of the error and how to contact the support team.</target>
+        <jms:reference-file line="14">/Resources/SurfnetStepupBundle/views/Exception/error.html.twig</jms:reference-file>
         <jms:reference-file line="14">/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="da93d249a639d3abd2f513dbd2c07b9119d16694" resname="ss.error.text.page_not_found">
@@ -93,11 +94,6 @@
         <target>The page you requested was not found. Please try again or go back to 'Home'.</target>
         <jms:reference-file line="8">/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig</jms:reference-file>
       </trans-unit>
-      <trans-unit id="0e5b48b8a8746f624978afe69448cd9bdb31687c" resname="ss.error.text.what_were_you_doing_well_fix_it">
-        <source>ss.error.text.what_were_you_doing_well_fix_it</source>
-        <target>Please report this error, including the error code, to the helpdesk via help@example.org</target>
-        <jms:reference-file line="14">/Resources/SurfnetStepupBundle/views/Exception/error.html.twig</jms:reference-file>
-      </trans-unit>
       <trans-unit id="e0d3557591582d18755db2529a49f88400670167" resname="ss.error.text.your_art_code">
         <source>ss.error.text.your_art_code</source>
         <target>The error code is</target>
diff --git a/app/Resources/translations/messages.nl_NL.xliff b/app/Resources/translations/messages.nl_NL.xliff
index 2f5aafe49..a1b2152b4 100644
--- a/app/Resources/translations/messages.nl_NL.xliff
+++ b/app/Resources/translations/messages.nl_NL.xliff
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2018-03-14T14:02:54Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
+  <file date="2018-03-15T11:56:23Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
@@ -85,7 +85,8 @@
       </trans-unit>
       <trans-unit id="4c4fb9b24a25bdd45d83562a4d71ecde8d527a77" resname="ss.error.text.if_you_think_this_is_incorrect_report">
         <source>ss.error.text.if_you_think_this_is_incorrect_report</source>
-        <target>Meld deze error code aan de helpdesk via support@example.org</target>
+        <target>Bezoek &lt;a href="%support_url%" target="_blank"&gt;de support pagina&lt;/a&gt; als dit je probleem niet oplost. Op deze pagina vind je meer informatie over de mogelijk oorzaken en hoe je contact kan opnemen met het supportteam.</target>
+        <jms:reference-file line="14">/Resources/SurfnetStepupBundle/views/Exception/error.html.twig</jms:reference-file>
         <jms:reference-file line="14">/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="da93d249a639d3abd2f513dbd2c07b9119d16694" resname="ss.error.text.page_not_found">
@@ -93,11 +94,6 @@
         <target>De pagina die je zocht kan niet gevonden worden. Probeer het nog eens, of ga terug naar Home.</target>
         <jms:reference-file line="8">/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig</jms:reference-file>
       </trans-unit>
-      <trans-unit id="0e5b48b8a8746f624978afe69448cd9bdb31687c" resname="ss.error.text.what_were_you_doing_well_fix_it">
-        <source>ss.error.text.what_were_you_doing_well_fix_it</source>
-        <target>Meld deze error code aan de helpdesk via support@example.org</target>
-        <jms:reference-file line="14">/Resources/SurfnetStepupBundle/views/Exception/error.html.twig</jms:reference-file>
-      </trans-unit>
       <trans-unit id="e0d3557591582d18755db2529a49f88400670167" resname="ss.error.text.your_art_code">
         <source>ss.error.text.your_art_code</source>
         <target>De fout code is</target>

From 074082629d7d773a7730f12f2a29e0a324e9cdc5 Mon Sep 17 00:00:00 2001
From: Joris Steyn <joris@ibuildings.nl>
Date: Thu, 15 Mar 2018 12:02:05 +0100
Subject: [PATCH 04/29] Generalize the 'token test successful' message

The user should never see the name stepup anyway and generalizing by
not showing the vendor name (OpenConext) is easier.
---
 app/Resources/translations/messages.en_GB.xliff | 2 +-
 app/Resources/translations/messages.nl_NL.xliff | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Resources/translations/messages.en_GB.xliff b/app/Resources/translations/messages.en_GB.xliff
index 805698400..9cfcc79f4 100644
--- a/app/Resources/translations/messages.en_GB.xliff
+++ b/app/Resources/translations/messages.en_GB.xliff
@@ -631,7 +631,7 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
       </trans-unit>
       <trans-unit id="7c0f4f14de1d3c98032305d9af18fad28ec67456" resname="ss.test_second_factor.verification_successful">
         <source>ss.test_second_factor.verification_successful</source>
-        <target>The test with your token was successful. You can login with OpenConext Stepup.</target>
+        <target>The test with your token was successful. You can login with your token.</target>
         <jms:reference-file line="55">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/translations.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="dc4478bd45a81c1a45020aac9d22d73abc5f1455" resname="ss.verify_yubikey_command.otp.otp_invalid">
diff --git a/app/Resources/translations/messages.nl_NL.xliff b/app/Resources/translations/messages.nl_NL.xliff
index a1b2152b4..4cde3560d 100644
--- a/app/Resources/translations/messages.nl_NL.xliff
+++ b/app/Resources/translations/messages.nl_NL.xliff
@@ -629,7 +629,7 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       </trans-unit>
       <trans-unit id="7c0f4f14de1d3c98032305d9af18fad28ec67456" resname="ss.test_second_factor.verification_successful">
         <source>ss.test_second_factor.verification_successful</source>
-        <target>De test met je token is geslaagd. Je kunt inloggen met OpenConext Stepup.</target>
+        <target>De test met je token is geslaagd. Je kunt inloggen met je token.</target>
         <jms:reference-file line="55">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/translations.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="dc4478bd45a81c1a45020aac9d22d73abc5f1455" resname="ss.verify_yubikey_command.otp.otp_invalid">

From 78f0fa2d503c0dab11cedad78d82888fa1b1f952 Mon Sep 17 00:00:00 2001
From: Joris Steyn <joris@ibuildings.nl>
Date: Wed, 14 Mar 2018 17:07:48 +0100
Subject: [PATCH 05/29] Use the generic error page for all exceptions

Instead of rendering specific error pages on a case-by-case basis,
handle all exceptions in the stepup-bundle exception controller. This
way, all error pages look the same with only the page title and error
description tailored to the specific error. Logging of exceptions is
also handled by the exception controller.

The following error templates are removed and the error is handled
using the exception controller:

 * authnFailed.html.twig
 * preconditionNotMet.html.twig
 * blank page in case of 'access denied'

And specific user error messages are shown for the following error
conditions:

 * response is missing a required attribute
 * unknown service provider
 * request not signed
 * request signed with unsupported algorithm
 * request signature validation failed

See:
 - https://www.pivotaltracker.com/story/show/137516239
 - https://www.pivotaltracker.com/story/show/155515714
---
 .../views/Exception/error.html.twig           |  15 --
 .../views/Exception/error404.html.twig        |  15 --
 .../translations/messages.en_GB.xliff         | 214 ++++++++++++------
 .../translations/messages.nl_NL.xliff         | 214 ++++++++++++------
 app/config/config.yml                         |   2 +-
 composer.json                                 |   4 +-
 composer.lock                                 |  56 +++--
 .../Controller/ExceptionController.php        |  49 ++++
 .../MissingRequiredAttributeException.php     |  25 ++
 .../Saml/Exception/authnFailed.html.twig      |  12 -
 .../Exception/preconditionNotMet.html.twig    |   9 -
 .../ProcessSamlAuthenticationHandler.php      |  45 +---
 .../Authentication/Provider/SamlProvider.php  |   5 +-
 13 files changed, 402 insertions(+), 263 deletions(-)
 delete mode 100644 app/Resources/SurfnetStepupBundle/views/Exception/error.html.twig
 delete mode 100644 app/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig
 create mode 100644 src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/ExceptionController.php
 create mode 100644 src/Surfnet/StepupSelfService/SelfServiceBundle/Exception/MissingRequiredAttributeException.php
 delete mode 100644 src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Saml/Exception/authnFailed.html.twig
 delete mode 100644 src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Saml/Exception/preconditionNotMet.html.twig

diff --git a/app/Resources/SurfnetStepupBundle/views/Exception/error.html.twig b/app/Resources/SurfnetStepupBundle/views/Exception/error.html.twig
deleted file mode 100644
index c35308c7a..000000000
--- a/app/Resources/SurfnetStepupBundle/views/Exception/error.html.twig
+++ /dev/null
@@ -1,15 +0,0 @@
-{% extends '::base.html.twig' %}
-
-{% block page_title %}{{ 'ss.error.title'|trans({'status_code': statusCode, 'status_text': statusText}) }}{% endblock %}
-
-{% block content %}
-    <h2>{{ block('page_title') }}</h2>
-
-    <p>{{ 'ss.error.text.an_error_occurred'|trans({'status_code': statusCode, 'status_text': statusText}) }}</p>
-    <a class="btn btn-primary" href="{{ path('ss_entry_point') }}">{{ 'ss.error.button.go_home'|trans }}</a>
-
-    <hr>
-    <p><i class="fa fa-clock-o"></i> {{ "now"|date('Y-m-d H:i:s') }}</p>
-    <p>{{ 'ss.error.text.your_art_code'|trans }}: <span class="art">#{{ art }}</span></p>
-    <p>{{ 'ss.error.text.if_you_think_this_is_incorrect_report'|trans({'%support_url%': global_view_parameters.supportUrl })|raw }}</p>
-{% endblock %}
diff --git a/app/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig b/app/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig
deleted file mode 100644
index 9e9eee195..000000000
--- a/app/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig
+++ /dev/null
@@ -1,15 +0,0 @@
-{% extends '::base.html.twig' %}
-
-{% block page_title %}{{ 'ss.error.page_not_found.title'|trans }}{% endblock %}
-
-{% block content %}
-    <h2>{{ block('page_title') }}</h2>
-
-    <p>{{ 'ss.error.text.page_not_found'|trans }}</p>
-    <a class="btn btn-primary" href="{{ path('ss_entry_point') }}">{{ 'ss.error.button.go_home'|trans }}</a>
-
-    <hr>
-    <p><i class="fa fa-clock-o"></i> {{ "now"|date('Y-m-d H:i:s') }}</p>
-    <p>{{ 'ss.error.text.your_art_code'|trans }}: <span class="art">#{{ art }}</span></p>
-    <p>{{ 'ss.error.text.if_you_think_this_is_incorrect_report'|trans({'%support_url%': global_view_parameters.supportUrl })|raw }}</p>
-{% endblock %}
diff --git a/app/Resources/translations/messages.en_GB.xliff b/app/Resources/translations/messages.en_GB.xliff
index 9cfcc79f4..deb2500bc 100644
--- a/app/Resources/translations/messages.en_GB.xliff
+++ b/app/Resources/translations/messages.en_GB.xliff
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2018-03-15T11:56:30Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
+  <file date="2018-03-15T15:47:01Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
@@ -42,69 +42,6 @@
         <target>Nederlands</target>
         <jms:reference-file line="3">/../vendor/surfnet/stepup-bundle/src/Resources/views/translations.twig</jms:reference-file>
       </trans-unit>
-      <trans-unit id="a31c84959103cbd5fb6f899025d9787c25d62bbe" resname="ss.error.button.go_home">
-        <source>ss.error.button.go_home</source>
-        <target>Back to Home</target>
-        <jms:reference-file line="9">/Resources/SurfnetStepupBundle/views/Exception/error.html.twig</jms:reference-file>
-        <jms:reference-file line="9">/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="2ce4a9321744be25a28ba83dad88923ee6905728" resname="ss.error.page_not_found.title">
-        <source>ss.error.page_not_found.title</source>
-        <target>Page not found</target>
-        <jms:reference-file line="3">/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="865517641b0d0da94788635ac950e5cbbded97a1" resname="ss.error.saml_authn_failed.button.try_again">
-        <source>ss.error.saml_authn_failed.button.try_again</source>
-        <target>Retry to sign-in</target>
-        <jms:reference-file line="10">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Saml/Exception/authnFailed.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="39ad001351f2f524be4a7136f8facdb65097ce59" resname="ss.error.saml_authn_failed.text.authn_failed">
-        <source>ss.error.saml_authn_failed.text.authn_failed</source>
-        <target>Sign in unsuccessful. Please try again.</target>
-        <jms:reference-file line="8">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Saml/Exception/authnFailed.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="e437d473b6267a6996aa245eb7d1a711c5a395c4" resname="ss.error.saml_authn_failed.title">
-        <source>ss.error.saml_authn_failed.title</source>
-        <target>Sign in</target>
-        <jms:reference-file line="3">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Saml/Exception/authnFailed.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="9bdaf74a75cfffab8e0de6c6258c9ddfaf7cb025" resname="ss.error.saml_precondition_not_met.text.precondition_not_met">
-        <source>ss.error.saml_precondition_not_met.text.precondition_not_met</source>
-        <target>You are not authorised to log in.</target>
-        <jms:reference-file line="8">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Saml/Exception/preconditionNotMet.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="6fc7fed55f78c4586ff617bd890dd35c3f63b338" resname="ss.error.saml_precondition_not_met.title">
-        <source>ss.error.saml_precondition_not_met.title</source>
-        <target>Sign in</target>
-        <jms:reference-file line="3">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Saml/Exception/preconditionNotMet.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="0187a2e37be4b12710d8b3a3c4e2d5a8dc30e18e" resname="ss.error.text.an_error_occurred">
-        <source>ss.error.text.an_error_occurred</source>
-        <target>Oops! Something went wrong. Go back to try again or go to the home screen.</target>
-        <jms:reference-file line="8">/Resources/SurfnetStepupBundle/views/Exception/error.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="4c4fb9b24a25bdd45d83562a4d71ecde8d527a77" resname="ss.error.text.if_you_think_this_is_incorrect_report">
-        <source>ss.error.text.if_you_think_this_is_incorrect_report</source>
-        <target>Visit &lt;a href="%support_url%" target="_blank"&gt;the support page&lt;/a&gt; if this does not fix your problem. On this page you will find more information about possible causes of the error and how to contact the support team.</target>
-        <jms:reference-file line="14">/Resources/SurfnetStepupBundle/views/Exception/error.html.twig</jms:reference-file>
-        <jms:reference-file line="14">/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="da93d249a639d3abd2f513dbd2c07b9119d16694" resname="ss.error.text.page_not_found">
-        <source>ss.error.text.page_not_found</source>
-        <target>The page you requested was not found. Please try again or go back to 'Home'.</target>
-        <jms:reference-file line="8">/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="e0d3557591582d18755db2529a49f88400670167" resname="ss.error.text.your_art_code">
-        <source>ss.error.text.your_art_code</source>
-        <target>The error code is</target>
-        <jms:reference-file line="13">/Resources/SurfnetStepupBundle/views/Exception/error.html.twig</jms:reference-file>
-        <jms:reference-file line="13">/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="ad9824f6caa954891a11b7db631468f24b9194ac" resname="ss.error.title">
-        <source>ss.error.title</source>
-        <target>Error</target>
-        <jms:reference-file line="3">/Resources/SurfnetStepupBundle/views/Exception/error.html.twig</jms:reference-file>
-      </trans-unit>
       <trans-unit id="b4adb3d9176c2fbdf293bee1b7dda2c6fb56c67c" resname="ss.flash.error_while_switching_locale">
         <source>ss.flash.error_while_switching_locale</source>
         <target>Due to an unknown reason, switching locales failed.</target>
@@ -488,18 +425,18 @@ For all devices with a USB port.</target>
       <trans-unit id="c954ee253d560c6f6d5baf1811ca34988a9029d8" resname="ss.second_factor.list.button.register_second_factor">
         <source>ss.second_factor.list.button.register_second_factor</source>
         <target>Register token</target>
-        <jms:reference-file line="29">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="24">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="efa2d0485dc634ae0f039634541529dce393e36c" resname="ss.second_factor.list.text.add_second_factor">
         <source>ss.second_factor.list.text.add_second_factor</source>
         <target state="new">Add new token</target>
-        <jms:reference-file line="25">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="20">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="474737f264f9527e93a9f4f4c4c380331b52e759" resname="ss.second_factor.list.text.no_second_factors">
         <source>ss.second_factor.list.text.no_second_factors</source>
         <target xml:space="preserve">There are no tokens registered for your account. Click on 'Register token' to register a new token.
 </target>
-        <jms:reference-file line="23">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="18">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="a1a1aa0e1c0a720bc6144c5a5a03d89ad6fdcc87" resname="ss.second_factor.list.text.unverified">
         <source>ss.second_factor.list.text.unverified</source>
@@ -537,12 +474,12 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
       <trans-unit id="39bf5f5849cef0ac9b176c769c79169676fc7b96" resname="ss.second_factor.revoke.button.revoke">
         <source>ss.second_factor.revoke.button.revoke</source>
         <target>Remove</target>
-        <jms:reference-file line="62">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="57">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="17d18b6bcd8642fedf8e5371cb722efc604e8281" resname="ss.second_factor.revoke.button.test">
         <source>ss.second_factor.revoke.button.test</source>
         <target>Test</target>
-        <jms:reference-file line="58">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="53">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="8cb0dc5d3faca805d69dce7496307078d2234dfb" resname="ss.second_factor.revoke.second_factor_type.sms">
         <source>ss.second_factor.revoke.second_factor_type.sms</source>
@@ -597,12 +534,12 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
       <trans-unit id="fedd12f3e661692730a3650ef6db64e71c9d8441" resname="ss.second_factor_list.header.second_factor_identifier">
         <source>ss.second_factor_list.header.second_factor_identifier</source>
         <target>ID</target>
-        <jms:reference-file line="44">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="39">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="e4d199fd46ed7fa1c78a8fde6faef80f034cd662" resname="ss.second_factor_list.header.type">
         <source>ss.second_factor_list.header.type</source>
         <target>Token</target>
-        <jms:reference-file line="43">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="38">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="fb5cac733dfdfe5c5e6818dee7d71aea02e95aa4" resname="ss.security.session_expired.click_to_login">
         <source>ss.security.session_expired.click_to_login</source>
@@ -632,7 +569,7 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
       <trans-unit id="7c0f4f14de1d3c98032305d9af18fad28ec67456" resname="ss.test_second_factor.verification_successful">
         <source>ss.test_second_factor.verification_successful</source>
         <target>The test with your token was successful. You can login with your token.</target>
-        <jms:reference-file line="55">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/translations.twig</jms:reference-file>
+        <jms:reference-file line="51">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/translations.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="dc4478bd45a81c1a45020aac9d22d73abc5f1455" resname="ss.verify_yubikey_command.otp.otp_invalid">
         <source>ss.verify_yubikey_command.otp.otp_invalid</source>
@@ -644,6 +581,139 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
         <target>The verification of the YubiKey code failed due to unknown reasons. Please try again.</target>
         <jms:reference-file line="27">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/translations.twig</jms:reference-file>
       </trans-unit>
+      <trans-unit id="c50aaca50072a446eab71327c6bfc5e5de8698f5" resname="stepup.error.authentication_error.description">
+        <source>stepup.error.authentication_error.description</source>
+        <target>Sign in unsuccessful. Please try again.</target>
+        <jms:reference-file line="138">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+        <jms:reference-file line="141">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="3dfd06a14f059828bb8d5dc76f85c2799b5336ae" resname="stepup.error.authentication_error.title">
+        <source>stepup.error.authentication_error.title</source>
+        <target>Sign in</target>
+        <jms:reference-file line="137">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+        <jms:reference-file line="140">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="be715de0ee4e47de280a8ed873572a1c70cb94e7" resname="stepup.error.authn_failed.description">
+        <source>stepup.error.authn_failed.description</source>
+        <target>Sign in unsuccessful. Please try again.</target>
+        <jms:reference-file line="130">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="51b97a37320d3c0bde0711a4e4a239d0ea15034f" resname="stepup.error.authn_failed.title">
+        <source>stepup.error.authn_failed.title</source>
+        <target>Sign in</target>
+        <jms:reference-file line="129">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="e40ed00c2f742d44908a389c9dbeacfa6defc84a" resname="stepup.error.back_button">
+        <source>stepup.error.back_button</source>
+        <target>Back</target>
+        <jms:reference-file line="11">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error404.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="45278127b39b1029ff5941470adcab5cc0358c58" resname="stepup.error.error_code">
+        <source>stepup.error.error_code</source>
+        <target>Error code</target>
+        <jms:reference-file line="24">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="91d524414db2193ad8462909ec5da4c9a732b595" resname="stepup.error.generic_error.description">
+        <source>stepup.error.generic_error.description</source>
+        <target>Something went wrong. Please try again.</target>
+        <jms:reference-file line="144">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="5dac3939e990d8ad764c06634b14adf85517d4f1" resname="stepup.error.generic_error.title">
+        <source>stepup.error.generic_error.title</source>
+        <target>Oops!</target>
+        <jms:reference-file line="143">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="42b8b855a8b8180a4f469f0a35b440e21016d695" resname="stepup.error.hostname">
+        <source>stepup.error.hostname</source>
+        <target>Application</target>
+        <jms:reference-file line="16">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="9bb9f4a8016a17f539ff6d1aeee607b0ce5760b4" resname="stepup.error.ip_address">
+        <source>stepup.error.ip_address</source>
+        <target>IP address</target>
+        <jms:reference-file line="32">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="4333aed6f41daef505fd25cc77e65a7dc4b12303" resname="stepup.error.missing_required_attribute.title">
+        <source>stepup.error.missing_required_attribute.title</source>
+        <target>Missing required attribute</target>
+        <jms:reference-file line="36">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="b4809e818f782127b31392936e35593812543700" resname="stepup.error.page_not_found.text">
+        <source>stepup.error.page_not_found.text</source>
+        <target>The page you requested was not found. Please try again or go back to Home.</target>
+        <jms:reference-file line="8">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error404.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="00a9129b20bf36b967a6fe27bc188494e43600e6" resname="stepup.error.page_not_found.title">
+        <source>stepup.error.page_not_found.title</source>
+        <target>Page not found</target>
+        <jms:reference-file line="3">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error404.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="708c217a666f488cb1ed8789192855b8d0a3dc91" resname="stepup.error.precondition_not_met.description">
+        <source>stepup.error.precondition_not_met.description</source>
+        <target>You are not authorised to sign in</target>
+        <jms:reference-file line="134">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="0c393d05bc482296c3415e2c97f0d0bc2c871cd0" resname="stepup.error.precondition_not_met.title">
+        <source>stepup.error.precondition_not_met.title</source>
+        <target>Not authorised to sign in</target>
+        <jms:reference-file line="133">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="f303d8138f38ef225b9e4f511ac91c8e34f5fa07" resname="stepup.error.request_id">
+        <source>stepup.error.request_id</source>
+        <target>Request ID</target>
+        <jms:reference-file line="20">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="2b4218eab37df989f5273a774c35222e8d9631b9" resname="stepup.error.signature_validation_failed.description">
+        <source>stepup.error.signature_validation_failed.description</source>
+        <target>The SAML request has been signed but the signature could not be validated.</target>
+        <jms:reference-file line="114">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="6342db69fdf7d95402132c466bf8fa092f763307" resname="stepup.error.signature_validation_failed.title">
+        <source>stepup.error.signature_validation_failed.title</source>
+        <target>Signature validation failed</target>
+        <jms:reference-file line="113">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="13cca787752c500356fbd62690001b8cb2a04e9a" resname="stepup.error.support_page.text">
+        <source>stepup.error.support_page.text</source>
+        <target><![CDATA[Please try again or visit <a href="%support_url%" target="_blank">the support page</a> if this does not fix your problem. On this page you will find more information about possible causes of the error and how to contact the support team.]]></target>
+        <jms:reference-file line="37">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="16">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error404.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="27518086f13a0c4f33e2e1f4c118187a4e41ce53" resname="stepup.error.timestamp">
+        <source>stepup.error.timestamp</source>
+        <target>Time</target>
+        <jms:reference-file line="12">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="555c8c1584cd37f11f630ca685f2dd1836018608" resname="stepup.error.unknown_service_provider.title">
+        <source>stepup.error.unknown_service_provider.title</source>
+        <target>Unknown service provider</target>
+        <jms:reference-file line="125">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="a8f949cd59f29bedf06a37db78e166266ec6379d" resname="stepup.error.unsigned_request.description">
+        <source>stepup.error.unsigned_request.description</source>
+        <target>The SAML request is expected to be signed but it was not</target>
+        <jms:reference-file line="118">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="b763c86ba6586ee3680b880cea7ac345066b5dd4" resname="stepup.error.unsigned_request.title">
+        <source>stepup.error.unsigned_request.title</source>
+        <target>Unsigned request</target>
+        <jms:reference-file line="117">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="2db5d0496af544f0581ab1bb2cef2713dd6bdb93" resname="stepup.error.unsupported_signature.description">
+        <source>stepup.error.unsupported_signature.description</source>
+        <target>The SAMLRequest has been signed, but the signature format is not supported</target>
+        <jms:reference-file line="122">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="8ad489d552646f3173e212901e999cbc09defe67" resname="stepup.error.unsupported_signature.title">
+        <source>stepup.error.unsupported_signature.title</source>
+        <target>Unsupported signature format</target>
+        <jms:reference-file line="121">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="0b18df78a6a355c42f216da4a98d1afaac5e5aba" resname="stepup.error.user_agent">
+        <source>stepup.error.user_agent</source>
+        <target>User agent</target>
+        <jms:reference-file line="28">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+      </trans-unit>
       <trans-unit id="fcbfd9e643bb8d8f3fcf3ca0380a73bb9dffee2b" resname="stepup_middleware_client.form.switch_locale.switch">
         <source>stepup_middleware_client.form.switch_locale.switch</source>
         <target>Switch</target>
diff --git a/app/Resources/translations/messages.nl_NL.xliff b/app/Resources/translations/messages.nl_NL.xliff
index 4cde3560d..7979b8c9c 100644
--- a/app/Resources/translations/messages.nl_NL.xliff
+++ b/app/Resources/translations/messages.nl_NL.xliff
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2018-03-15T11:56:23Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
+  <file date="2018-03-15T15:46:56Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
@@ -42,69 +42,6 @@
         <target>Nederlands</target>
         <jms:reference-file line="3">/../vendor/surfnet/stepup-bundle/src/Resources/views/translations.twig</jms:reference-file>
       </trans-unit>
-      <trans-unit id="a31c84959103cbd5fb6f899025d9787c25d62bbe" resname="ss.error.button.go_home">
-        <source>ss.error.button.go_home</source>
-        <target>Terug naar Home</target>
-        <jms:reference-file line="9">/Resources/SurfnetStepupBundle/views/Exception/error.html.twig</jms:reference-file>
-        <jms:reference-file line="9">/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="2ce4a9321744be25a28ba83dad88923ee6905728" resname="ss.error.page_not_found.title">
-        <source>ss.error.page_not_found.title</source>
-        <target>Pagina niet gevonden</target>
-        <jms:reference-file line="3">/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="865517641b0d0da94788635ac950e5cbbded97a1" resname="ss.error.saml_authn_failed.button.try_again">
-        <source>ss.error.saml_authn_failed.button.try_again</source>
-        <target>Inloggen</target>
-        <jms:reference-file line="10">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Saml/Exception/authnFailed.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="39ad001351f2f524be4a7136f8facdb65097ce59" resname="ss.error.saml_authn_failed.text.authn_failed">
-        <source>ss.error.saml_authn_failed.text.authn_failed</source>
-        <target>Inloggen mislukt. Probeer het nog eens.</target>
-        <jms:reference-file line="8">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Saml/Exception/authnFailed.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="e437d473b6267a6996aa245eb7d1a711c5a395c4" resname="ss.error.saml_authn_failed.title">
-        <source>ss.error.saml_authn_failed.title</source>
-        <target>Log in</target>
-        <jms:reference-file line="3">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Saml/Exception/authnFailed.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="9bdaf74a75cfffab8e0de6c6258c9ddfaf7cb025" resname="ss.error.saml_precondition_not_met.text.precondition_not_met">
-        <source>ss.error.saml_precondition_not_met.text.precondition_not_met</source>
-        <target>Je hebt niet de juiste rechten om in te mogen loggen.</target>
-        <jms:reference-file line="8">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Saml/Exception/preconditionNotMet.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="6fc7fed55f78c4586ff617bd890dd35c3f63b338" resname="ss.error.saml_precondition_not_met.title">
-        <source>ss.error.saml_precondition_not_met.title</source>
-        <target>Log in</target>
-        <jms:reference-file line="3">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Saml/Exception/preconditionNotMet.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="0187a2e37be4b12710d8b3a3c4e2d5a8dc30e18e" resname="ss.error.text.an_error_occurred">
-        <source>ss.error.text.an_error_occurred</source>
-        <target>Oeps! Er ging iets mis. Ga terug om het opnieuw te proberen of ga naar het beginscherm.</target>
-        <jms:reference-file line="8">/Resources/SurfnetStepupBundle/views/Exception/error.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="4c4fb9b24a25bdd45d83562a4d71ecde8d527a77" resname="ss.error.text.if_you_think_this_is_incorrect_report">
-        <source>ss.error.text.if_you_think_this_is_incorrect_report</source>
-        <target>Bezoek &lt;a href="%support_url%" target="_blank"&gt;de support pagina&lt;/a&gt; als dit je probleem niet oplost. Op deze pagina vind je meer informatie over de mogelijk oorzaken en hoe je contact kan opnemen met het supportteam.</target>
-        <jms:reference-file line="14">/Resources/SurfnetStepupBundle/views/Exception/error.html.twig</jms:reference-file>
-        <jms:reference-file line="14">/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="da93d249a639d3abd2f513dbd2c07b9119d16694" resname="ss.error.text.page_not_found">
-        <source>ss.error.text.page_not_found</source>
-        <target>De pagina die je zocht kan niet gevonden worden. Probeer het nog eens, of ga terug naar Home.</target>
-        <jms:reference-file line="8">/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="e0d3557591582d18755db2529a49f88400670167" resname="ss.error.text.your_art_code">
-        <source>ss.error.text.your_art_code</source>
-        <target>De fout code is</target>
-        <jms:reference-file line="13">/Resources/SurfnetStepupBundle/views/Exception/error.html.twig</jms:reference-file>
-        <jms:reference-file line="13">/Resources/SurfnetStepupBundle/views/Exception/error404.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="ad9824f6caa954891a11b7db631468f24b9194ac" resname="ss.error.title">
-        <source>ss.error.title</source>
-        <target>Foutmelding</target>
-        <jms:reference-file line="3">/Resources/SurfnetStepupBundle/views/Exception/error.html.twig</jms:reference-file>
-      </trans-unit>
       <trans-unit id="b4adb3d9176c2fbdf293bee1b7dda2c6fb56c67c" resname="ss.flash.error_while_switching_locale">
         <source>ss.flash.error_while_switching_locale</source>
         <target>Due to an unknown reason, switching locales failed.</target>
@@ -488,17 +425,17 @@ Geschikt voor alle devices met een USB-poort.</target>
       <trans-unit id="c954ee253d560c6f6d5baf1811ca34988a9029d8" resname="ss.second_factor.list.button.register_second_factor">
         <source>ss.second_factor.list.button.register_second_factor</source>
         <target>Registreer token</target>
-        <jms:reference-file line="29">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="24">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="efa2d0485dc634ae0f039634541529dce393e36c" resname="ss.second_factor.list.text.add_second_factor">
         <source>ss.second_factor.list.text.add_second_factor</source>
         <target state="new">Registreer nieuw token</target>
-        <jms:reference-file line="25">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="20">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="474737f264f9527e93a9f4f4c4c380331b52e759" resname="ss.second_factor.list.text.no_second_factors">
         <source>ss.second_factor.list.text.no_second_factors</source>
         <target>Er zijn geen tokens geregistreerd voor jouw account. Klik op 'Registreer token' om een nieuw token te registreren.</target>
-        <jms:reference-file line="23">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="18">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="a1a1aa0e1c0a720bc6144c5a5a03d89ad6fdcc87" resname="ss.second_factor.list.text.unverified">
         <source>ss.second_factor.list.text.unverified</source>
@@ -535,12 +472,12 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       <trans-unit id="39bf5f5849cef0ac9b176c769c79169676fc7b96" resname="ss.second_factor.revoke.button.revoke">
         <source>ss.second_factor.revoke.button.revoke</source>
         <target>Verwijderen</target>
-        <jms:reference-file line="62">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="57">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="17d18b6bcd8642fedf8e5371cb722efc604e8281" resname="ss.second_factor.revoke.button.test">
         <source>ss.second_factor.revoke.button.test</source>
         <target>Testen</target>
-        <jms:reference-file line="58">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="53">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="8cb0dc5d3faca805d69dce7496307078d2234dfb" resname="ss.second_factor.revoke.second_factor_type.sms">
         <source>ss.second_factor.revoke.second_factor_type.sms</source>
@@ -595,12 +532,12 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       <trans-unit id="fedd12f3e661692730a3650ef6db64e71c9d8441" resname="ss.second_factor_list.header.second_factor_identifier">
         <source>ss.second_factor_list.header.second_factor_identifier</source>
         <target>ID</target>
-        <jms:reference-file line="44">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="39">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="e4d199fd46ed7fa1c78a8fde6faef80f034cd662" resname="ss.second_factor_list.header.type">
         <source>ss.second_factor_list.header.type</source>
         <target>Token</target>
-        <jms:reference-file line="43">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="38">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="fb5cac733dfdfe5c5e6818dee7d71aea02e95aa4" resname="ss.security.session_expired.click_to_login">
         <source>ss.security.session_expired.click_to_login</source>
@@ -630,7 +567,7 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       <trans-unit id="7c0f4f14de1d3c98032305d9af18fad28ec67456" resname="ss.test_second_factor.verification_successful">
         <source>ss.test_second_factor.verification_successful</source>
         <target>De test met je token is geslaagd. Je kunt inloggen met je token.</target>
-        <jms:reference-file line="55">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/translations.twig</jms:reference-file>
+        <jms:reference-file line="51">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/translations.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="dc4478bd45a81c1a45020aac9d22d73abc5f1455" resname="ss.verify_yubikey_command.otp.otp_invalid">
         <source>ss.verify_yubikey_command.otp.otp_invalid</source>
@@ -642,6 +579,139 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
         <target>Het verifiëren van de YubiKey-code is wegens een onbekende reden niet gelukt. Probeer het opnieuw.</target>
         <jms:reference-file line="27">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/translations.twig</jms:reference-file>
       </trans-unit>
+      <trans-unit id="c50aaca50072a446eab71327c6bfc5e5de8698f5" resname="stepup.error.authentication_error.description">
+        <source>stepup.error.authentication_error.description</source>
+        <target>Inloggen mislukt. Probeer het nog eens.</target>
+        <jms:reference-file line="138">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+        <jms:reference-file line="141">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="3dfd06a14f059828bb8d5dc76f85c2799b5336ae" resname="stepup.error.authentication_error.title">
+        <source>stepup.error.authentication_error.title</source>
+        <target>Inloggen</target>
+        <jms:reference-file line="137">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+        <jms:reference-file line="140">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="be715de0ee4e47de280a8ed873572a1c70cb94e7" resname="stepup.error.authn_failed.description">
+        <source>stepup.error.authn_failed.description</source>
+        <target>Inloggen mislukt. Probeer het nog eens.</target>
+        <jms:reference-file line="130">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="51b97a37320d3c0bde0711a4e4a239d0ea15034f" resname="stepup.error.authn_failed.title">
+        <source>stepup.error.authn_failed.title</source>
+        <target>Inloggen</target>
+        <jms:reference-file line="129">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="e40ed00c2f742d44908a389c9dbeacfa6defc84a" resname="stepup.error.back_button">
+        <source>stepup.error.back_button</source>
+        <target>Terug</target>
+        <jms:reference-file line="11">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error404.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="45278127b39b1029ff5941470adcab5cc0358c58" resname="stepup.error.error_code">
+        <source>stepup.error.error_code</source>
+        <target>Foutcode</target>
+        <jms:reference-file line="24">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="91d524414db2193ad8462909ec5da4c9a732b595" resname="stepup.error.generic_error.description">
+        <source>stepup.error.generic_error.description</source>
+        <target>Something went wrong. Please try again.</target>
+        <jms:reference-file line="144">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="5dac3939e990d8ad764c06634b14adf85517d4f1" resname="stepup.error.generic_error.title">
+        <source>stepup.error.generic_error.title</source>
+        <target>Oeps!</target>
+        <jms:reference-file line="143">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="42b8b855a8b8180a4f469f0a35b440e21016d695" resname="stepup.error.hostname">
+        <source>stepup.error.hostname</source>
+        <target>Applicatie</target>
+        <jms:reference-file line="16">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="9bb9f4a8016a17f539ff6d1aeee607b0ce5760b4" resname="stepup.error.ip_address">
+        <source>stepup.error.ip_address</source>
+        <target>IP-adres</target>
+        <jms:reference-file line="32">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="4333aed6f41daef505fd25cc77e65a7dc4b12303" resname="stepup.error.missing_required_attribute.title">
+        <source>stepup.error.missing_required_attribute.title</source>
+        <target>Attribuut ontbreekt</target>
+        <jms:reference-file line="36">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="b4809e818f782127b31392936e35593812543700" resname="stepup.error.page_not_found.text">
+        <source>stepup.error.page_not_found.text</source>
+        <target>De pagina die je zocht kan niet gevonden worden. Probeer het nog eens, of ga terug naar Home.</target>
+        <jms:reference-file line="8">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error404.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="00a9129b20bf36b967a6fe27bc188494e43600e6" resname="stepup.error.page_not_found.title">
+        <source>stepup.error.page_not_found.title</source>
+        <target>Pagina niet gevonden</target>
+        <jms:reference-file line="3">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error404.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="708c217a666f488cb1ed8789192855b8d0a3dc91" resname="stepup.error.precondition_not_met.description">
+        <source>stepup.error.precondition_not_met.description</source>
+        <target>Je hebt niet de juiste rechten om in te mogen loggen.</target>
+        <jms:reference-file line="134">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="0c393d05bc482296c3415e2c97f0d0bc2c871cd0" resname="stepup.error.precondition_not_met.title">
+        <source>stepup.error.precondition_not_met.title</source>
+        <target>Onvoldoende rechten om in te loggen</target>
+        <jms:reference-file line="133">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="f303d8138f38ef225b9e4f511ac91c8e34f5fa07" resname="stepup.error.request_id">
+        <source>stepup.error.request_id</source>
+        <target>Request ID</target>
+        <jms:reference-file line="20">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="2b4218eab37df989f5273a774c35222e8d9631b9" resname="stepup.error.signature_validation_failed.description">
+        <source>stepup.error.signature_validation_failed.description</source>
+        <target>Het SAML bericht is ondertekend maar de signature kan niet gevalideerd worden</target>
+        <jms:reference-file line="114">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="6342db69fdf7d95402132c466bf8fa092f763307" resname="stepup.error.signature_validation_failed.title">
+        <source>stepup.error.signature_validation_failed.title</source>
+        <target>Verificatie van signature mislukt</target>
+        <jms:reference-file line="113">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="13cca787752c500356fbd62690001b8cb2a04e9a" resname="stepup.error.support_page.text">
+        <source>stepup.error.support_page.text</source>
+        <target><![CDATA[Bezoek <a href="%support_url%" target="_blank">de support pagina</a> als dit je probleem niet oplost. Op deze pagina vind je meer informatie over de mogelijk oorzaken en hoe je contact kan opnemen met het supportteam.]]></target>
+        <jms:reference-file line="37">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="16">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error404.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="27518086f13a0c4f33e2e1f4c118187a4e41ce53" resname="stepup.error.timestamp">
+        <source>stepup.error.timestamp</source>
+        <target>Tijd</target>
+        <jms:reference-file line="12">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="555c8c1584cd37f11f630ca685f2dd1836018608" resname="stepup.error.unknown_service_provider.title">
+        <source>stepup.error.unknown_service_provider.title</source>
+        <target>Onbekende serviceprovider</target>
+        <jms:reference-file line="125">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="a8f949cd59f29bedf06a37db78e166266ec6379d" resname="stepup.error.unsigned_request.description">
+        <source>stepup.error.unsigned_request.description</source>
+        <target>Het SAML bericht moet ondertekend zijn maar bevat geen signature</target>
+        <jms:reference-file line="118">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="b763c86ba6586ee3680b880cea7ac345066b5dd4" resname="stepup.error.unsigned_request.title">
+        <source>stepup.error.unsigned_request.title</source>
+        <target>Geen signature in SAML bericht</target>
+        <jms:reference-file line="117">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="2db5d0496af544f0581ab1bb2cef2713dd6bdb93" resname="stepup.error.unsupported_signature.description">
+        <source>stepup.error.unsupported_signature.description</source>
+        <target>Het SAML bericht is ondertekend, maar het signature formaat wordt niet ondersteund</target>
+        <jms:reference-file line="122">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="8ad489d552646f3173e212901e999cbc09defe67" resname="stepup.error.unsupported_signature.title">
+        <source>stepup.error.unsupported_signature.title</source>
+        <target>Signature formaat wordt niet ondersteund</target>
+        <jms:reference-file line="121">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="0b18df78a6a355c42f216da4a98d1afaac5e5aba" resname="stepup.error.user_agent">
+        <source>stepup.error.user_agent</source>
+        <target>User agent</target>
+        <jms:reference-file line="28">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+      </trans-unit>
       <trans-unit id="fcbfd9e643bb8d8f3fcf3ca0380a73bb9dffee2b" resname="stepup_middleware_client.form.switch_locale.switch">
         <source>stepup_middleware_client.form.switch_locale.switch</source>
         <target>Vertalen</target>
diff --git a/app/config/config.yml b/app/config/config.yml
index 06135c32a..963820e1b 100644
--- a/app/config/config.yml
+++ b/app/config/config.yml
@@ -35,7 +35,7 @@ framework:
 twig:
     debug:            "%kernel.debug%"
     strict_variables: "%kernel.debug%"
-    exception_controller:  SurfnetStepupBundle:Exception:show
+    exception_controller: SurfnetStepupSelfServiceSelfServiceBundle:Exception:show
     globals:
         global_view_parameters: "@self_service.service.global_view_parameters"
 
diff --git a/composer.json b/composer.json
index 1d522565a..3d6ebd214 100644
--- a/composer.json
+++ b/composer.json
@@ -25,8 +25,8 @@
         "jms/di-extra-bundle": "~1.4.0",
         "surfnet/stepup-middleware-client-bundle": "^2.0",
         "guzzlehttp/guzzle": "^6",
-        "surfnet/stepup-saml-bundle": "^3.0",
-        "surfnet/stepup-bundle": "^3.2",
+        "surfnet/stepup-saml-bundle": "dev-feature/specific-error-pages as 3.0.0",
+        "surfnet/stepup-bundle": "dev-feature/specific-error-pages as 3.0.0",
         "surfnet/stepup-u2f-bundle": "dev-develop",
         "mopa/composer-bridge": "~1.5",
         "openconext/monitor-bundle": "^1.0",
diff --git a/composer.lock b/composer.lock
index 6f35e5811..a94f87749 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "content-hash": "0ded687d1bc7a1d86d78d88c1c92baba",
+    "content-hash": "5fdc668061995778751ba2a62b22d443",
     "packages": [
         {
             "name": "beberlei/assert",
@@ -2144,16 +2144,16 @@
         },
         {
             "name": "surfnet/stepup-bundle",
-            "version": "3.2.0",
+            "version": "dev-feature/specific-error-pages",
             "source": {
                 "type": "git",
                 "url": "https://github.com/OpenConext/Stepup-bundle.git",
-                "reference": "547c5bcb8fe1841fa657bbf43c5ea4b8e575ec3a"
+                "reference": "ece8c34dfdefa24f266b11ae9afadc595429ba3b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/OpenConext/Stepup-bundle/zipball/547c5bcb8fe1841fa657bbf43c5ea4b8e575ec3a",
-                "reference": "547c5bcb8fe1841fa657bbf43c5ea4b8e575ec3a",
+                "url": "https://api.github.com/repos/OpenConext/Stepup-bundle/zipball/ece8c34dfdefa24f266b11ae9afadc595429ba3b",
+                "reference": "ece8c34dfdefa24f266b11ae9afadc595429ba3b",
                 "shasum": ""
             },
             "require": {
@@ -2164,6 +2164,7 @@
                 "monolog/monolog": "~1.11",
                 "php": "^5.6|^7.0",
                 "sensio/framework-extra-bundle": "~3",
+                "surfnet/stepup-saml-bundle": "dev-feature/specific-error-pages as 3.0.0",
                 "symfony/config": "^2.7",
                 "symfony/dependency-injection": "^2.7",
                 "symfony/form": "^2.7",
@@ -2197,20 +2198,20 @@
                 "suaas",
                 "surfnet"
             ],
-            "time": "2018-03-14T13:11:17+00:00"
+            "time": "2018-03-15T14:23:07+00:00"
         },
         {
             "name": "surfnet/stepup-middleware-client-bundle",
-            "version": "2.3.0",
+            "version": "2.3.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/OpenConext/Stepup-Middleware-clientbundle.git",
-                "reference": "ae0912254c4090de400a84a76db387e76e896c4d"
+                "reference": "9706c3e63dee41cc11e331b3057f885b8772eb66"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/OpenConext/Stepup-Middleware-clientbundle/zipball/ae0912254c4090de400a84a76db387e76e896c4d",
-                "reference": "ae0912254c4090de400a84a76db387e76e896c4d",
+                "url": "https://api.github.com/repos/OpenConext/Stepup-Middleware-clientbundle/zipball/9706c3e63dee41cc11e331b3057f885b8772eb66",
+                "reference": "9706c3e63dee41cc11e331b3057f885b8772eb66",
                 "shasum": ""
             },
             "require": {
@@ -2220,6 +2221,7 @@
                 "php": "^5.6|^7.0",
                 "psr/log": "~1.0",
                 "ramsey/uuid": "^3.4",
+                "surfnet/stepup-bundle": "^3.0",
                 "symfony/config": "^2.7",
                 "symfony/dependency-injection": "^2.7",
                 "symfony/http-kernel": "^2.7",
@@ -2250,20 +2252,20 @@
                 "Apache-2.0"
             ],
             "description": "Symfony2 bundle for consuming the Step-up Middleware API.",
-            "time": "2018-01-18T08:54:37+00:00"
+            "time": "2018-03-08T15:25:18+00:00"
         },
         {
             "name": "surfnet/stepup-saml-bundle",
-            "version": "3.0.0",
+            "version": "dev-feature/specific-error-pages",
             "source": {
                 "type": "git",
                 "url": "https://github.com/OpenConext/Stepup-saml-bundle.git",
-                "reference": "67e24599a6402fdf602304851bfff915c0c4609c"
+                "reference": "322378f48a168d8d1eb9281af4772ba61c63ca6a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/OpenConext/Stepup-saml-bundle/zipball/67e24599a6402fdf602304851bfff915c0c4609c",
-                "reference": "67e24599a6402fdf602304851bfff915c0c4609c",
+                "url": "https://api.github.com/repos/OpenConext/Stepup-saml-bundle/zipball/322378f48a168d8d1eb9281af4772ba61c63ca6a",
+                "reference": "322378f48a168d8d1eb9281af4772ba61c63ca6a",
                 "shasum": ""
             },
             "require": {
@@ -2298,7 +2300,7 @@
                 "stepup",
                 "surfnet"
             ],
-            "time": "2018-01-17T12:59:03+00:00"
+            "time": "2018-03-15T08:14:44+00:00"
         },
         {
             "name": "surfnet/stepup-u2f-bundle",
@@ -2306,12 +2308,12 @@
             "source": {
                 "type": "git",
                 "url": "https://github.com/OpenConext/Stepup-u2f-bundle.git",
-                "reference": "b28737d7b8df5ecbdf7a1e952ecfb530a2951c05"
+                "reference": "67d8400160c5c9048cdd4354303d59243edbb7bf"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/OpenConext/Stepup-u2f-bundle/zipball/b28737d7b8df5ecbdf7a1e952ecfb530a2951c05",
-                "reference": "b28737d7b8df5ecbdf7a1e952ecfb530a2951c05",
+                "url": "https://api.github.com/repos/OpenConext/Stepup-u2f-bundle/zipball/67d8400160c5c9048cdd4354303d59243edbb7bf",
+                "reference": "67d8400160c5c9048cdd4354303d59243edbb7bf",
                 "shasum": ""
             },
             "require": {
@@ -2340,7 +2342,7 @@
                 "Apache-2.0"
             ],
             "description": "The SURFnet Step-up U2F bundle contains server-side device verification, and the necessary forms and resources to enable client-side U2F interaction with Step-up Identities",
-            "time": "2015-09-17T15:02:04+00:00"
+            "time": "2017-01-27T08:45:00+00:00"
         },
         {
             "name": "symfony/assetic-bundle",
@@ -4547,11 +4549,25 @@
             "alias_normalized": "3.0.0.0-beta5",
             "version": "9999999-dev",
             "package": "mopa/bootstrap-bundle"
+        },
+        {
+            "alias": "3.0.0",
+            "alias_normalized": "3.0.0.0",
+            "version": "dev-feature/specific-error-pages",
+            "package": "surfnet/stepup-saml-bundle"
+        },
+        {
+            "alias": "3.0.0",
+            "alias_normalized": "3.0.0.0",
+            "version": "dev-feature/specific-error-pages",
+            "package": "surfnet/stepup-bundle"
         }
     ],
     "minimum-stability": "stable",
     "stability-flags": {
         "mopa/bootstrap-bundle": 20,
+        "surfnet/stepup-saml-bundle": 20,
+        "surfnet/stepup-bundle": 20,
         "surfnet/stepup-u2f-bundle": 20
     },
     "prefer-stable": false,
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/ExceptionController.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/ExceptionController.php
new file mode 100644
index 000000000..8593d1815
--- /dev/null
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/ExceptionController.php
@@ -0,0 +1,49 @@
+<?php
+
+/**
+ * Copyright 2018 SURFnet bv
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Surfnet\StepupSelfService\SelfServiceBundle\Controller;
+
+use Exception;
+use Surfnet\StepupBundle\Controller\ExceptionController as BaseExceptionController;
+use Surfnet\StepupSelfService\SelfServiceBundle\Exception\MissingRequiredAttributeException;
+
+final class ExceptionController extends BaseExceptionController
+{
+    /**
+     * @param Exception $exception
+     * @return array View parameters 'title' and 'description'
+     */
+    protected function getPageTitleAndDescription(Exception $exception)
+    {
+        $translator = $this->getTranslator();
+
+        if ($exception instanceof MissingRequiredAttributeException) {
+            $title = $translator->trans('stepup.error.missing_required_attribute.title');
+            $description = $exception->getMessage();
+        }
+
+        if (isset($title) && isset($description)) {
+            return [
+                'title' => $title,
+                'description' => $description,
+            ];
+        }
+
+        return parent::getPageTitleAndDescription($exception);
+    }
+}
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Exception/MissingRequiredAttributeException.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Exception/MissingRequiredAttributeException.php
new file mode 100644
index 000000000..cf0d17949
--- /dev/null
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Exception/MissingRequiredAttributeException.php
@@ -0,0 +1,25 @@
+<?php
+
+/**
+ * Copyright 2014 SURFnet bv
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Surfnet\StepupSelfService\SelfServiceBundle\Exception;
+
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+
+final class MissingRequiredAttributeException extends AuthenticationException
+{
+}
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Saml/Exception/authnFailed.html.twig b/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Saml/Exception/authnFailed.html.twig
deleted file mode 100644
index beab512ac..000000000
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Saml/Exception/authnFailed.html.twig
+++ /dev/null
@@ -1,12 +0,0 @@
-{% extends '::base.html.twig' %}
-
-{% block page_title %}{{ 'ss.error.saml_authn_failed.title'|trans }}{% endblock %}
-
-{% block content %}
-    <h2>{{ block('page_title') }}</h2>
-
-    <p>{{ 'ss.error.saml_authn_failed.text.authn_failed'|trans }}</p>
-    <a class="btn btn-primary" href="{{ path('ss_entry_point') }}">
-        {{ 'ss.error.saml_authn_failed.button.try_again'|trans }}
-    </a>
-{% endblock %}
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Saml/Exception/preconditionNotMet.html.twig b/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Saml/Exception/preconditionNotMet.html.twig
deleted file mode 100644
index c02a8acee..000000000
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Saml/Exception/preconditionNotMet.html.twig
+++ /dev/null
@@ -1,9 +0,0 @@
-{% extends '::base.html.twig' %}
-
-{% block page_title %}{{ 'ss.error.saml_precondition_not_met.title'|trans }}{% endblock %}
-
-{% block content %}
-    <h2>{{ block('page_title') }}</h2>
-
-    <p>{{ 'ss.error.saml_precondition_not_met.text.precondition_not_met'|trans }}</p>
-{% endblock %}
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Security/Authentication/Handler/ProcessSamlAuthenticationHandler.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Security/Authentication/Handler/ProcessSamlAuthenticationHandler.php
index fea07b282..9f393de1e 100644
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/Security/Authentication/Handler/ProcessSamlAuthenticationHandler.php
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Security/Authentication/Handler/ProcessSamlAuthenticationHandler.php
@@ -18,9 +18,6 @@
 
 namespace Surfnet\StepupSelfService\SelfServiceBundle\Security\Authentication\Handler;
 
-use Exception;
-use SAML2\Response\Exception\PreconditionNotMetException;
-use Surfnet\SamlBundle\Http\Exception\AuthnFailedSamlResponseException;
 use Surfnet\SamlBundle\Monolog\SamlAuthenticationLogger;
 use Surfnet\SamlBundle\SAML2\Response\Assertion\InResponseTo;
 use Surfnet\StepupSelfService\SelfServiceBundle\Security\Authentication\AuthenticatedSessionStateHandler;
@@ -29,7 +26,6 @@
 use Surfnet\StepupSelfService\SelfServiceBundle\Security\Authentication\Token\SamlToken;
 use Symfony\Bundle\FrameworkBundle\Templating\EngineInterface;
 use Symfony\Component\HttpFoundation\RedirectResponse;
-use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
 use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
@@ -109,37 +105,9 @@ public function process(GetResponseEvent $event)
 
             $logger->notice('No authenticated user and AuthnRequest pending, attempting to process SamlResponse');
 
-            try {
-                $assertion = $this->samlInteractionProvider->processSamlResponse($event->getRequest());
-            } catch (AuthnFailedSamlResponseException $exception) {
-                $logger->notice(sprintf('SAML Authentication failed at IdP: "%s"', $exception->getMessage()));
-                $responseBody = $this->templating->render(
-                    'SurfnetStepupSelfServiceSelfServiceBundle:Saml/Exception:authnFailed.html.twig',
-                    ['exception' => $exception]
-                );
-
-                $event->setResponse(new Response($responseBody, Response::HTTP_UNAUTHORIZED));
-
-                return;
-            } catch (PreconditionNotMetException $exception) {
-                $logger->notice(sprintf('SAMLResponse precondition not met: "%s"', $exception->getMessage()));
-                $responseBody = $this->templating->render(
-                    'SurfnetStepupSelfServiceSelfServiceBundle:Saml/Exception:preconditionNotMet.html.twig',
-                    ['exception' => $exception]
-                );
-
-                $event->setResponse(new Response($responseBody, Response::HTTP_UNAUTHORIZED));
-
-                return;
-            } catch (Exception $exception) {
-                $logger->error(sprintf('Failed SAMLResponse Parsing: "%s"', $exception->getMessage()));
-
-                throw new AuthenticationException('Failed SAMLResponse parsing', 0, $exception);
-            }
+            $assertion = $this->samlInteractionProvider->processSamlResponse($event->getRequest());
 
             if (!InResponseTo::assertEquals($assertion, $expectedInResponseTo)) {
-                $logger->error('Unknown or unexpected InResponseTo in SAMLResponse');
-
                 throw new AuthenticationException('Unknown or unexpected InResponseTo in SAMLResponse');
             }
 
@@ -148,16 +116,7 @@ public function process(GetResponseEvent $event)
             $token            = new SamlToken();
             $token->assertion = $assertion;
 
-            try {
-                $authToken = $this->authenticationManager->authenticate($token);
-            } catch (AuthenticationException $failed) {
-                $logger->error(sprintf('Authentication Failed, reason: "%s"', $failed->getMessage()));
-
-                // By default deny authorization
-                $event->setResponse(new Response('', Response::HTTP_FORBIDDEN));
-
-                return;
-            }
+            $authToken = $this->authenticationManager->authenticate($token);
 
             $this->authenticatedSession->logAuthenticationMoment();
             $this->tokenStorage->setToken($authToken);
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Security/Authentication/Provider/SamlProvider.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Security/Authentication/Provider/SamlProvider.php
index bfaf0ab7a..1918d6394 100644
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/Security/Authentication/Provider/SamlProvider.php
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Security/Authentication/Provider/SamlProvider.php
@@ -23,6 +23,7 @@
 use Surfnet\SamlBundle\SAML2\Response\AssertionAdapter;
 use Surfnet\StepupMiddlewareClientBundle\Identity\Dto\Identity;
 use Surfnet\StepupMiddlewareClientBundle\Uuid\Uuid;
+use Surfnet\StepupSelfService\SelfServiceBundle\Exception\MissingRequiredAttributeException;
 use Surfnet\StepupSelfService\SelfServiceBundle\Locale\PreferredLocaleProvider;
 use Surfnet\StepupSelfService\SelfServiceBundle\Security\Authentication\Token\SamlToken;
 use Surfnet\StepupSelfService\SelfServiceBundle\Service\IdentityService;
@@ -118,7 +119,7 @@ private function getSingleStringValue($attribute, AssertionAdapter $translatedAs
         $values = $translatedAssertion->getAttributeValue($attribute);
 
         if (empty($values)) {
-            throw new BadCredentialsException(sprintf('Missing value for required attribute "%s"', $attribute));
+            throw new MissingRequiredAttributeException(sprintf('Missing value for required attribute "%s"', $attribute));
         }
 
         // see https://www.pivotaltracker.com/story/show/121296389
@@ -141,7 +142,7 @@ private function getSingleStringValue($attribute, AssertionAdapter $translatedAs
 
             $this->logger->warning($message);
 
-            throw new BadCredentialsException($message);
+            throw new MissingRequiredAttributeException($message);
         }
 
         return $value;

From 176bfff57969b4627c10f5c9ad8bc2b2a5c0d3fd Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Wed, 21 Mar 2018 14:03:16 +0100
Subject: [PATCH 06/29] Update of Stepup-saml-bundle and Stepup-bundle

Versions where bumped to version 4.0.0 for the stepup-saml-bundle and
3.2.0 for the stepup-bundle.
---
 composer.json |  4 ++--
 composer.lock | 38 ++++++++++++--------------------------
 2 files changed, 14 insertions(+), 28 deletions(-)

diff --git a/composer.json b/composer.json
index 3d6ebd214..2b92007cb 100644
--- a/composer.json
+++ b/composer.json
@@ -25,8 +25,8 @@
         "jms/di-extra-bundle": "~1.4.0",
         "surfnet/stepup-middleware-client-bundle": "^2.0",
         "guzzlehttp/guzzle": "^6",
-        "surfnet/stepup-saml-bundle": "dev-feature/specific-error-pages as 3.0.0",
-        "surfnet/stepup-bundle": "dev-feature/specific-error-pages as 3.0.0",
+        "surfnet/stepup-saml-bundle": "^4.0",
+        "surfnet/stepup-bundle": "^3.3",
         "surfnet/stepup-u2f-bundle": "dev-develop",
         "mopa/composer-bridge": "~1.5",
         "openconext/monitor-bundle": "^1.0",
diff --git a/composer.lock b/composer.lock
index a94f87749..486a69a13 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "content-hash": "5fdc668061995778751ba2a62b22d443",
+    "content-hash": "25b06d1f3bac31fa01b5fec0fd811713",
     "packages": [
         {
             "name": "beberlei/assert",
@@ -2144,16 +2144,16 @@
         },
         {
             "name": "surfnet/stepup-bundle",
-            "version": "dev-feature/specific-error-pages",
+            "version": "3.3.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/OpenConext/Stepup-bundle.git",
-                "reference": "ece8c34dfdefa24f266b11ae9afadc595429ba3b"
+                "reference": "6ac86cdcf6bbc2e0c50408fff7cafa7a5445a8fb"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/OpenConext/Stepup-bundle/zipball/ece8c34dfdefa24f266b11ae9afadc595429ba3b",
-                "reference": "ece8c34dfdefa24f266b11ae9afadc595429ba3b",
+                "url": "https://api.github.com/repos/OpenConext/Stepup-bundle/zipball/6ac86cdcf6bbc2e0c50408fff7cafa7a5445a8fb",
+                "reference": "6ac86cdcf6bbc2e0c50408fff7cafa7a5445a8fb",
                 "shasum": ""
             },
             "require": {
@@ -2164,7 +2164,7 @@
                 "monolog/monolog": "~1.11",
                 "php": "^5.6|^7.0",
                 "sensio/framework-extra-bundle": "~3",
-                "surfnet/stepup-saml-bundle": "dev-feature/specific-error-pages as 3.0.0",
+                "surfnet/stepup-saml-bundle": "^4.0",
                 "symfony/config": "^2.7",
                 "symfony/dependency-injection": "^2.7",
                 "symfony/form": "^2.7",
@@ -2198,7 +2198,7 @@
                 "suaas",
                 "surfnet"
             ],
-            "time": "2018-03-15T14:23:07+00:00"
+            "time": "2018-03-22T14:15:12+00:00"
         },
         {
             "name": "surfnet/stepup-middleware-client-bundle",
@@ -2256,16 +2256,16 @@
         },
         {
             "name": "surfnet/stepup-saml-bundle",
-            "version": "dev-feature/specific-error-pages",
+            "version": "4.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/OpenConext/Stepup-saml-bundle.git",
-                "reference": "322378f48a168d8d1eb9281af4772ba61c63ca6a"
+                "reference": "9bb7098248c7b60c8b2cbc74d996b027de69e68a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/OpenConext/Stepup-saml-bundle/zipball/322378f48a168d8d1eb9281af4772ba61c63ca6a",
-                "reference": "322378f48a168d8d1eb9281af4772ba61c63ca6a",
+                "url": "https://api.github.com/repos/OpenConext/Stepup-saml-bundle/zipball/9bb7098248c7b60c8b2cbc74d996b027de69e68a",
+                "reference": "9bb7098248c7b60c8b2cbc74d996b027de69e68a",
                 "shasum": ""
             },
             "require": {
@@ -2300,7 +2300,7 @@
                 "stepup",
                 "surfnet"
             ],
-            "time": "2018-03-15T08:14:44+00:00"
+            "time": "2018-03-21T09:35:58+00:00"
         },
         {
             "name": "surfnet/stepup-u2f-bundle",
@@ -4549,25 +4549,11 @@
             "alias_normalized": "3.0.0.0-beta5",
             "version": "9999999-dev",
             "package": "mopa/bootstrap-bundle"
-        },
-        {
-            "alias": "3.0.0",
-            "alias_normalized": "3.0.0.0",
-            "version": "dev-feature/specific-error-pages",
-            "package": "surfnet/stepup-saml-bundle"
-        },
-        {
-            "alias": "3.0.0",
-            "alias_normalized": "3.0.0.0",
-            "version": "dev-feature/specific-error-pages",
-            "package": "surfnet/stepup-bundle"
         }
     ],
     "minimum-stability": "stable",
     "stability-flags": {
         "mopa/bootstrap-bundle": 20,
-        "surfnet/stepup-saml-bundle": 20,
-        "surfnet/stepup-bundle": 20,
         "surfnet/stepup-u2f-bundle": 20
     },
     "prefer-stable": false,

From f463690979d3f56a9c56af569027a0156c3084bc Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Thu, 22 Mar 2018 13:28:35 +0100
Subject: [PATCH 07/29] Translate English translation to Dutch

---
 app/Resources/translations/messages.nl_NL.xliff | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/Resources/translations/messages.nl_NL.xliff b/app/Resources/translations/messages.nl_NL.xliff
index 7979b8c9c..0ecbe5647 100644
--- a/app/Resources/translations/messages.nl_NL.xliff
+++ b/app/Resources/translations/messages.nl_NL.xliff
@@ -44,7 +44,7 @@
       </trans-unit>
       <trans-unit id="b4adb3d9176c2fbdf293bee1b7dda2c6fb56c67c" resname="ss.flash.error_while_switching_locale">
         <source>ss.flash.error_while_switching_locale</source>
-        <target>Due to an unknown reason, switching locales failed.</target>
+        <target>Door een onbekende oorzaak is het wisselen van taal mislukt.</target>
         <jms:reference-file line="72">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/LocaleController.php</jms:reference-file>
       </trans-unit>
       <trans-unit id="600028302c7b3a43ae0e30ab3b015f505c2b7f1f" resname="ss.flash.invalid_switch_locale_form">
@@ -576,7 +576,7 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       </trans-unit>
       <trans-unit id="222ba32640d7ba4a87f2070d67125ccabf100de8" resname="ss.verify_yubikey_command.otp.verification_error">
         <source>ss.verify_yubikey_command.otp.verification_error</source>
-        <target>Het verifiëren van de YubiKey-code is wegens een onbekende reden niet gelukt. Probeer het opnieuw.</target>
+        <target>Het verifiëren van de YubiKey-code is wegens een onbekende reden nigelukt. Probeer het opnieuw.</target>
         <jms:reference-file line="27">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/translations.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="c50aaca50072a446eab71327c6bfc5e5de8698f5" resname="stepup.error.authentication_error.description">
@@ -613,7 +613,7 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       </trans-unit>
       <trans-unit id="91d524414db2193ad8462909ec5da4c9a732b595" resname="stepup.error.generic_error.description">
         <source>stepup.error.generic_error.description</source>
-        <target>Something went wrong. Please try again.</target>
+        <target>Er is iets mis gegaan, Probeer het opnieuw.</target>
         <jms:reference-file line="144">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
       </trans-unit>
       <trans-unit id="5dac3939e990d8ad764c06634b14adf85517d4f1" resname="stepup.error.generic_error.title">

From 1986a14aff0ee6bb0d5ca1b8eed982f39b4e89a5 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Thu, 22 Mar 2018 13:36:59 +0100
Subject: [PATCH 08/29] Remove app.subname from base.html.twig

---
 .../translations/messages.en_GB.xliff         | 28 ++++++-------------
 .../translations/messages.nl_NL.xliff         | 28 ++++++-------------
 app/Resources/views/base.html.twig            |  1 -
 3 files changed, 18 insertions(+), 39 deletions(-)

diff --git a/app/Resources/translations/messages.en_GB.xliff b/app/Resources/translations/messages.en_GB.xliff
index deb2500bc..794402eeb 100644
--- a/app/Resources/translations/messages.en_GB.xliff
+++ b/app/Resources/translations/messages.en_GB.xliff
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2018-03-15T15:47:01Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
+  <file date="2018-03-22T13:35:06Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
@@ -17,15 +17,10 @@
         <jms:reference-file line="26">/Resources/views/base.html.twig</jms:reference-file>
         <jms:reference-file line="6">/Resources/views/base.html.twig</jms:reference-file>
       </trans-unit>
-      <trans-unit id="d5f9b7260670ee26f330c74f911d56591a563154" resname="app.subname">
-        <source>app.subname</source>
-        <target>Authentication in two steps</target>
-        <jms:reference-file line="27">/Resources/views/base.html.twig</jms:reference-file>
-      </trans-unit>
       <trans-unit id="ff6230b38fe127145d864f4d4920ceb4d857af18" resname="button.logout">
         <source>button.logout</source>
         <target>Sign out</target>
-        <jms:reference-file line="34">/Resources/views/base.html.twig</jms:reference-file>
+        <jms:reference-file line="33">/Resources/views/base.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="a91ec2021294ddfceb930e47ee05536b0f85193b" resname="country code">
         <source>country code</source>
@@ -559,7 +554,7 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
       <trans-unit id="bbd9e56cf5b5effaa4a6ace130497a4b5a4da1f9" resname="ss.support_url_text">
         <source>ss.support_url_text</source>
         <target>Help</target>
-        <jms:reference-file line="68">/Resources/views/base.html.twig</jms:reference-file>
+        <jms:reference-file line="67">/Resources/views/base.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="cbdf2c4bacdae4b97285b0201968c2d3a9de1be1" resname="ss.test_second_factor.verification_failed">
         <source>ss.test_second_factor.verification_failed</source>
@@ -603,15 +598,10 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
         <target>Sign in</target>
         <jms:reference-file line="129">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
       </trans-unit>
-      <trans-unit id="e40ed00c2f742d44908a389c9dbeacfa6defc84a" resname="stepup.error.back_button">
-        <source>stepup.error.back_button</source>
-        <target>Back</target>
-        <jms:reference-file line="11">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error404.html.twig</jms:reference-file>
-      </trans-unit>
       <trans-unit id="45278127b39b1029ff5941470adcab5cc0358c58" resname="stepup.error.error_code">
         <source>stepup.error.error_code</source>
         <target>Error code</target>
-        <jms:reference-file line="24">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="26">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="91d524414db2193ad8462909ec5da4c9a732b595" resname="stepup.error.generic_error.description">
         <source>stepup.error.generic_error.description</source>
@@ -631,7 +621,7 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
       <trans-unit id="9bb9f4a8016a17f539ff6d1aeee607b0ce5760b4" resname="stepup.error.ip_address">
         <source>stepup.error.ip_address</source>
         <target>IP address</target>
-        <jms:reference-file line="32">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="36">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="4333aed6f41daef505fd25cc77e65a7dc4b12303" resname="stepup.error.missing_required_attribute.title">
         <source>stepup.error.missing_required_attribute.title</source>
@@ -661,7 +651,7 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
       <trans-unit id="f303d8138f38ef225b9e4f511ac91c8e34f5fa07" resname="stepup.error.request_id">
         <source>stepup.error.request_id</source>
         <target>Request ID</target>
-        <jms:reference-file line="20">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="21">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="2b4218eab37df989f5273a774c35222e8d9631b9" resname="stepup.error.signature_validation_failed.description">
         <source>stepup.error.signature_validation_failed.description</source>
@@ -676,8 +666,8 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
       <trans-unit id="13cca787752c500356fbd62690001b8cb2a04e9a" resname="stepup.error.support_page.text">
         <source>stepup.error.support_page.text</source>
         <target><![CDATA[Please try again or visit <a href="%support_url%" target="_blank">the support page</a> if this does not fix your problem. On this page you will find more information about possible causes of the error and how to contact the support team.]]></target>
-        <jms:reference-file line="37">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
-        <jms:reference-file line="16">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error404.html.twig</jms:reference-file>
+        <jms:reference-file line="41">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="12">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error404.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="27518086f13a0c4f33e2e1f4c118187a4e41ce53" resname="stepup.error.timestamp">
         <source>stepup.error.timestamp</source>
@@ -712,7 +702,7 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
       <trans-unit id="0b18df78a6a355c42f216da4a98d1afaac5e5aba" resname="stepup.error.user_agent">
         <source>stepup.error.user_agent</source>
         <target>User agent</target>
-        <jms:reference-file line="28">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="31">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="fcbfd9e643bb8d8f3fcf3ca0380a73bb9dffee2b" resname="stepup_middleware_client.form.switch_locale.switch">
         <source>stepup_middleware_client.form.switch_locale.switch</source>
diff --git a/app/Resources/translations/messages.nl_NL.xliff b/app/Resources/translations/messages.nl_NL.xliff
index 0ecbe5647..3817aa5e3 100644
--- a/app/Resources/translations/messages.nl_NL.xliff
+++ b/app/Resources/translations/messages.nl_NL.xliff
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2018-03-15T15:46:56Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
+  <file date="2018-03-22T13:35:02Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
@@ -17,15 +17,10 @@
         <jms:reference-file line="26">/Resources/views/base.html.twig</jms:reference-file>
         <jms:reference-file line="6">/Resources/views/base.html.twig</jms:reference-file>
       </trans-unit>
-      <trans-unit id="d5f9b7260670ee26f330c74f911d56591a563154" resname="app.subname">
-        <source>app.subname</source>
-        <target>Inloggen in twee stappen</target>
-        <jms:reference-file line="27">/Resources/views/base.html.twig</jms:reference-file>
-      </trans-unit>
       <trans-unit id="ff6230b38fe127145d864f4d4920ceb4d857af18" resname="button.logout">
         <source>button.logout</source>
         <target>Uitloggen</target>
-        <jms:reference-file line="34">/Resources/views/base.html.twig</jms:reference-file>
+        <jms:reference-file line="33">/Resources/views/base.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="a91ec2021294ddfceb930e47ee05536b0f85193b" resname="country code">
         <source>country code</source>
@@ -557,7 +552,7 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       <trans-unit id="bbd9e56cf5b5effaa4a6ace130497a4b5a4da1f9" resname="ss.support_url_text">
         <source>ss.support_url_text</source>
         <target>Help</target>
-        <jms:reference-file line="68">/Resources/views/base.html.twig</jms:reference-file>
+        <jms:reference-file line="67">/Resources/views/base.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="cbdf2c4bacdae4b97285b0201968c2d3a9de1be1" resname="ss.test_second_factor.verification_failed">
         <source>ss.test_second_factor.verification_failed</source>
@@ -601,15 +596,10 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
         <target>Inloggen</target>
         <jms:reference-file line="129">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
       </trans-unit>
-      <trans-unit id="e40ed00c2f742d44908a389c9dbeacfa6defc84a" resname="stepup.error.back_button">
-        <source>stepup.error.back_button</source>
-        <target>Terug</target>
-        <jms:reference-file line="11">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error404.html.twig</jms:reference-file>
-      </trans-unit>
       <trans-unit id="45278127b39b1029ff5941470adcab5cc0358c58" resname="stepup.error.error_code">
         <source>stepup.error.error_code</source>
         <target>Foutcode</target>
-        <jms:reference-file line="24">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="26">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="91d524414db2193ad8462909ec5da4c9a732b595" resname="stepup.error.generic_error.description">
         <source>stepup.error.generic_error.description</source>
@@ -629,7 +619,7 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       <trans-unit id="9bb9f4a8016a17f539ff6d1aeee607b0ce5760b4" resname="stepup.error.ip_address">
         <source>stepup.error.ip_address</source>
         <target>IP-adres</target>
-        <jms:reference-file line="32">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="36">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="4333aed6f41daef505fd25cc77e65a7dc4b12303" resname="stepup.error.missing_required_attribute.title">
         <source>stepup.error.missing_required_attribute.title</source>
@@ -659,7 +649,7 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       <trans-unit id="f303d8138f38ef225b9e4f511ac91c8e34f5fa07" resname="stepup.error.request_id">
         <source>stepup.error.request_id</source>
         <target>Request ID</target>
-        <jms:reference-file line="20">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="21">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="2b4218eab37df989f5273a774c35222e8d9631b9" resname="stepup.error.signature_validation_failed.description">
         <source>stepup.error.signature_validation_failed.description</source>
@@ -674,8 +664,8 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       <trans-unit id="13cca787752c500356fbd62690001b8cb2a04e9a" resname="stepup.error.support_page.text">
         <source>stepup.error.support_page.text</source>
         <target><![CDATA[Bezoek <a href="%support_url%" target="_blank">de support pagina</a> als dit je probleem niet oplost. Op deze pagina vind je meer informatie over de mogelijk oorzaken en hoe je contact kan opnemen met het supportteam.]]></target>
-        <jms:reference-file line="37">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
-        <jms:reference-file line="16">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error404.html.twig</jms:reference-file>
+        <jms:reference-file line="41">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="12">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error404.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="27518086f13a0c4f33e2e1f4c118187a4e41ce53" resname="stepup.error.timestamp">
         <source>stepup.error.timestamp</source>
@@ -710,7 +700,7 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       <trans-unit id="0b18df78a6a355c42f216da4a98d1afaac5e5aba" resname="stepup.error.user_agent">
         <source>stepup.error.user_agent</source>
         <target>User agent</target>
-        <jms:reference-file line="28">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="31">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="fcbfd9e643bb8d8f3fcf3ca0380a73bb9dffee2b" resname="stepup_middleware_client.form.switch_locale.switch">
         <source>stepup_middleware_client.form.switch_locale.switch</source>
diff --git a/app/Resources/views/base.html.twig b/app/Resources/views/base.html.twig
index 93597688b..3f1cda9b6 100644
--- a/app/Resources/views/base.html.twig
+++ b/app/Resources/views/base.html.twig
@@ -24,7 +24,6 @@
             <div class="page-header clearfix">
                 <img src="/images/header-logo.png" class="pull-right logo" alt="OpenConext Stepup">
                 <h1>{{ 'app.name'|trans }}</h1>
-                <h2>{{ 'app.subname'|trans }}</h2>
             </div>
         {% if app.user %}
             <div class="clearfix page-header-user">

From c8d2131edf20064b7ab84078d27a336a64400271 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Thu, 29 Mar 2018 11:56:44 +0200
Subject: [PATCH 09/29] Simplify the 'add token' UI section

The add token button was accompanied by a text that did not render
very neatly together. Creating a possibly confusing UI for the end user.
By simplifying the desing, the intent of the button is made much
clearer.
---
 .../translations/messages.en_GB.xliff         | 29 ++++++++-----------
 .../translations/messages.nl_NL.xliff         | 29 ++++++++-----------
 .../views/SecondFactor/list.html.twig         | 10 +++----
 3 files changed, 28 insertions(+), 40 deletions(-)

diff --git a/app/Resources/translations/messages.en_GB.xliff b/app/Resources/translations/messages.en_GB.xliff
index 794402eeb..e8af81e87 100644
--- a/app/Resources/translations/messages.en_GB.xliff
+++ b/app/Resources/translations/messages.en_GB.xliff
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2018-03-22T13:35:06Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
+  <file date="2018-03-29T11:52:53Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
@@ -419,13 +419,8 @@ For all devices with a USB port.</target>
       </trans-unit>
       <trans-unit id="c954ee253d560c6f6d5baf1811ca34988a9029d8" resname="ss.second_factor.list.button.register_second_factor">
         <source>ss.second_factor.list.button.register_second_factor</source>
-        <target>Register token</target>
-        <jms:reference-file line="24">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="efa2d0485dc634ae0f039634541529dce393e36c" resname="ss.second_factor.list.text.add_second_factor">
-        <source>ss.second_factor.list.text.add_second_factor</source>
-        <target state="new">Add new token</target>
-        <jms:reference-file line="20">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <target>Add token</target>
+        <jms:reference-file line="22">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="474737f264f9527e93a9f4f4c4c380331b52e759" resname="ss.second_factor.list.text.no_second_factors">
         <source>ss.second_factor.list.text.no_second_factors</source>
@@ -469,12 +464,12 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
       <trans-unit id="39bf5f5849cef0ac9b176c769c79169676fc7b96" resname="ss.second_factor.revoke.button.revoke">
         <source>ss.second_factor.revoke.button.revoke</source>
         <target>Remove</target>
-        <jms:reference-file line="57">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="55">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="17d18b6bcd8642fedf8e5371cb722efc604e8281" resname="ss.second_factor.revoke.button.test">
         <source>ss.second_factor.revoke.button.test</source>
         <target>Test</target>
-        <jms:reference-file line="53">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="51">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="8cb0dc5d3faca805d69dce7496307078d2234dfb" resname="ss.second_factor.revoke.second_factor_type.sms">
         <source>ss.second_factor.revoke.second_factor_type.sms</source>
@@ -529,12 +524,12 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
       <trans-unit id="fedd12f3e661692730a3650ef6db64e71c9d8441" resname="ss.second_factor_list.header.second_factor_identifier">
         <source>ss.second_factor_list.header.second_factor_identifier</source>
         <target>ID</target>
-        <jms:reference-file line="39">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="37">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="e4d199fd46ed7fa1c78a8fde6faef80f034cd662" resname="ss.second_factor_list.header.type">
         <source>ss.second_factor_list.header.type</source>
         <target>Token</target>
-        <jms:reference-file line="38">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="36">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="fb5cac733dfdfe5c5e6818dee7d71aea02e95aa4" resname="ss.security.session_expired.click_to_login">
         <source>ss.security.session_expired.click_to_login</source>
@@ -601,7 +596,7 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
       <trans-unit id="45278127b39b1029ff5941470adcab5cc0358c58" resname="stepup.error.error_code">
         <source>stepup.error.error_code</source>
         <target>Error code</target>
-        <jms:reference-file line="26">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="24">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="91d524414db2193ad8462909ec5da4c9a732b595" resname="stepup.error.generic_error.description">
         <source>stepup.error.generic_error.description</source>
@@ -621,7 +616,7 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
       <trans-unit id="9bb9f4a8016a17f539ff6d1aeee607b0ce5760b4" resname="stepup.error.ip_address">
         <source>stepup.error.ip_address</source>
         <target>IP address</target>
-        <jms:reference-file line="36">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="34">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="4333aed6f41daef505fd25cc77e65a7dc4b12303" resname="stepup.error.missing_required_attribute.title">
         <source>stepup.error.missing_required_attribute.title</source>
@@ -651,7 +646,7 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
       <trans-unit id="f303d8138f38ef225b9e4f511ac91c8e34f5fa07" resname="stepup.error.request_id">
         <source>stepup.error.request_id</source>
         <target>Request ID</target>
-        <jms:reference-file line="21">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="20">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="2b4218eab37df989f5273a774c35222e8d9631b9" resname="stepup.error.signature_validation_failed.description">
         <source>stepup.error.signature_validation_failed.description</source>
@@ -666,7 +661,7 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
       <trans-unit id="13cca787752c500356fbd62690001b8cb2a04e9a" resname="stepup.error.support_page.text">
         <source>stepup.error.support_page.text</source>
         <target><![CDATA[Please try again or visit <a href="%support_url%" target="_blank">the support page</a> if this does not fix your problem. On this page you will find more information about possible causes of the error and how to contact the support team.]]></target>
-        <jms:reference-file line="41">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="39">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
         <jms:reference-file line="12">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error404.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="27518086f13a0c4f33e2e1f4c118187a4e41ce53" resname="stepup.error.timestamp">
@@ -702,7 +697,7 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
       <trans-unit id="0b18df78a6a355c42f216da4a98d1afaac5e5aba" resname="stepup.error.user_agent">
         <source>stepup.error.user_agent</source>
         <target>User agent</target>
-        <jms:reference-file line="31">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="29">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="fcbfd9e643bb8d8f3fcf3ca0380a73bb9dffee2b" resname="stepup_middleware_client.form.switch_locale.switch">
         <source>stepup_middleware_client.form.switch_locale.switch</source>
diff --git a/app/Resources/translations/messages.nl_NL.xliff b/app/Resources/translations/messages.nl_NL.xliff
index 3817aa5e3..28bdc489c 100644
--- a/app/Resources/translations/messages.nl_NL.xliff
+++ b/app/Resources/translations/messages.nl_NL.xliff
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2018-03-22T13:35:02Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
+  <file date="2018-03-29T11:52:47Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
@@ -419,13 +419,8 @@ Geschikt voor alle devices met een USB-poort.</target>
       </trans-unit>
       <trans-unit id="c954ee253d560c6f6d5baf1811ca34988a9029d8" resname="ss.second_factor.list.button.register_second_factor">
         <source>ss.second_factor.list.button.register_second_factor</source>
-        <target>Registreer token</target>
-        <jms:reference-file line="24">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
-      </trans-unit>
-      <trans-unit id="efa2d0485dc634ae0f039634541529dce393e36c" resname="ss.second_factor.list.text.add_second_factor">
-        <source>ss.second_factor.list.text.add_second_factor</source>
-        <target state="new">Registreer nieuw token</target>
-        <jms:reference-file line="20">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <target>Token toevoegen</target>
+        <jms:reference-file line="22">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="474737f264f9527e93a9f4f4c4c380331b52e759" resname="ss.second_factor.list.text.no_second_factors">
         <source>ss.second_factor.list.text.no_second_factors</source>
@@ -467,12 +462,12 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       <trans-unit id="39bf5f5849cef0ac9b176c769c79169676fc7b96" resname="ss.second_factor.revoke.button.revoke">
         <source>ss.second_factor.revoke.button.revoke</source>
         <target>Verwijderen</target>
-        <jms:reference-file line="57">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="55">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="17d18b6bcd8642fedf8e5371cb722efc604e8281" resname="ss.second_factor.revoke.button.test">
         <source>ss.second_factor.revoke.button.test</source>
         <target>Testen</target>
-        <jms:reference-file line="53">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="51">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="8cb0dc5d3faca805d69dce7496307078d2234dfb" resname="ss.second_factor.revoke.second_factor_type.sms">
         <source>ss.second_factor.revoke.second_factor_type.sms</source>
@@ -527,12 +522,12 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       <trans-unit id="fedd12f3e661692730a3650ef6db64e71c9d8441" resname="ss.second_factor_list.header.second_factor_identifier">
         <source>ss.second_factor_list.header.second_factor_identifier</source>
         <target>ID</target>
-        <jms:reference-file line="39">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="37">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="e4d199fd46ed7fa1c78a8fde6faef80f034cd662" resname="ss.second_factor_list.header.type">
         <source>ss.second_factor_list.header.type</source>
         <target>Token</target>
-        <jms:reference-file line="38">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="36">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="fb5cac733dfdfe5c5e6818dee7d71aea02e95aa4" resname="ss.security.session_expired.click_to_login">
         <source>ss.security.session_expired.click_to_login</source>
@@ -599,7 +594,7 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       <trans-unit id="45278127b39b1029ff5941470adcab5cc0358c58" resname="stepup.error.error_code">
         <source>stepup.error.error_code</source>
         <target>Foutcode</target>
-        <jms:reference-file line="26">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="24">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="91d524414db2193ad8462909ec5da4c9a732b595" resname="stepup.error.generic_error.description">
         <source>stepup.error.generic_error.description</source>
@@ -619,7 +614,7 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       <trans-unit id="9bb9f4a8016a17f539ff6d1aeee607b0ce5760b4" resname="stepup.error.ip_address">
         <source>stepup.error.ip_address</source>
         <target>IP-adres</target>
-        <jms:reference-file line="36">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="34">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="4333aed6f41daef505fd25cc77e65a7dc4b12303" resname="stepup.error.missing_required_attribute.title">
         <source>stepup.error.missing_required_attribute.title</source>
@@ -649,7 +644,7 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       <trans-unit id="f303d8138f38ef225b9e4f511ac91c8e34f5fa07" resname="stepup.error.request_id">
         <source>stepup.error.request_id</source>
         <target>Request ID</target>
-        <jms:reference-file line="21">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="20">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="2b4218eab37df989f5273a774c35222e8d9631b9" resname="stepup.error.signature_validation_failed.description">
         <source>stepup.error.signature_validation_failed.description</source>
@@ -664,7 +659,7 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       <trans-unit id="13cca787752c500356fbd62690001b8cb2a04e9a" resname="stepup.error.support_page.text">
         <source>stepup.error.support_page.text</source>
         <target><![CDATA[Bezoek <a href="%support_url%" target="_blank">de support pagina</a> als dit je probleem niet oplost. Op deze pagina vind je meer informatie over de mogelijk oorzaken en hoe je contact kan opnemen met het supportteam.]]></target>
-        <jms:reference-file line="41">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="39">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
         <jms:reference-file line="12">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error404.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="27518086f13a0c4f33e2e1f4c118187a4e41ce53" resname="stepup.error.timestamp">
@@ -700,7 +695,7 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       <trans-unit id="0b18df78a6a355c42f216da4a98d1afaac5e5aba" resname="stepup.error.user_agent">
         <source>stepup.error.user_agent</source>
         <target>User agent</target>
-        <jms:reference-file line="31">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
+        <jms:reference-file line="29">/../vendor/surfnet/stepup-bundle/src/Resources/views/Exception/error.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="fcbfd9e643bb8d8f3fcf3ca0380a73bb9dffee2b" resname="stepup_middleware_client.form.switch_locale.switch">
         <source>stepup_middleware_client.form.switch_locale.switch</source>
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig b/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig
index 8f6388805..bfe9d3458 100644
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig
@@ -16,13 +16,11 @@
     %}
         {% if (unverifiedSecondFactors.elements is empty and verifiedSecondFactors.elements is empty and vettedSecondFactors.elements is empty) %}
             <p>{{ 'ss.second_factor.list.text.no_second_factors'|trans }}</p>
-        {% else %}
-            <p>{{ 'ss.second_factor.list.text.add_second_factor'|trans }}</p>
         {% endif %}
-        <a href="{{ path('ss_registration_display_types') }}"
-           class="btn btn-primary">
-            {{ 'ss.second_factor.list.button.register_second_factor'|trans }}
-        </a>
+            <a href="{{ path('ss_registration_display_types') }}"
+               class="btn btn-primary">
+                {{ 'ss.second_factor.list.button.register_second_factor'|trans }}
+            </a>
     {% endif %}
 
 {% endblock %}

From 8c7c4f05c35be00d1a5c46aeaccdf6eefddbb106 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Wed, 28 Mar 2018 15:09:27 +0200
Subject: [PATCH 10/29] Update the testSecondFactorAction

This action no longer requres a SecondFactorId to test. The token to
test is selected by the authenticating user in the WAYG.

Some restyling of the code was applied during this update.
---
 .../Controller/SamlController.php             | 24 +++++++++----------
 .../Resources/config/routing.yml              |  2 +-
 2 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/SamlController.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/SamlController.php
index e73be9428..c2726c6b5 100644
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/SamlController.php
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/SamlController.php
@@ -21,7 +21,7 @@
 use Exception;
 use Surfnet\SamlBundle\Http\XMLResponse;
 use Surfnet\SamlBundle\SAML2\Response\Assertion\InResponseTo;
-use Surfnet\StepupBundle\Value\SecondFactorType;
+use Surfnet\StepupBundle\Value\Loa;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
@@ -30,41 +30,39 @@
 class SamlController extends Controller
 {
     /**
-     * @param string $secondFactorId
+     * A SelfService user is able to test it's token in this endpoint
      *
      * @return \Symfony\Component\HttpFoundation\RedirectResponse
      * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
      * @throws \Symfony\Component\Security\Core\Exception\AccessDeniedException
      */
-    public function testSecondFactorAction($secondFactorId)
+    public function testSecondFactorAction()
     {
         $logger = $this->get('logger');
         $logger->notice('Starting second factor test');
 
         $secondFactorService = $this->get('surfnet_stepup_self_service_self_service.service.second_factor');
-        $identity            = $this->getIdentity();
+        $loaResolutionService = $this->get('surfnet_stepup.service.loa_resolution');
+        $identity = $this->getIdentity();
 
-        if (!$secondFactorService->identityHasSecondFactorOfStateWithId($identity->id, 'vetted', $secondFactorId)) {
+        $vettedSecondFactors = $secondFactorService->findVettedByIdentity($identity->id);
+        if (!$vettedSecondFactors || $vettedSecondFactors->getTotalItems() === 0) {
             $logger->error(
                 sprintf(
-                    'Identity "%s" tried to test second factor "%s", but does not own that second factor or it is not vetted',
-                    $identity->id,
-                    $secondFactorId
+                    'Identity "%s" tried to test a second factor, but does not own a suitable vetted token.',
+                    $identity->id
                 )
             );
 
             throw new NotFoundHttpException();
         }
 
-        $loaResolutionService         = $this->get('surfnet_stepup.service.loa_resolution');
         $authenticationRequestFactory = $this->get('self_service.test_second_factor_authentication_request_factory');
-        $secondFactorTypeService      = $this->get('surfnet_stepup.service.second_factor_type');
-        $secondFactor     = $secondFactorService->findOneVetted($secondFactorId);
-        $secondFactorType = new SecondFactorType($secondFactor->type);
 
+        // By requesting LoA 2 any relevant token can be tested (LoA 2 and 3)
         $authenticationRequest = $authenticationRequestFactory->createSecondFactorTestRequest(
             $identity->nameId,
-            $loaResolutionService->getLoaByLevel($secondFactorTypeService->getLevel($secondFactorType))
+            $loaResolutionService->getLoaByLevel(Loa::LOA_2)
         );
 
         $this->get('session')->set('second_factor_test_request_id', $authenticationRequest->getRequestId());
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/config/routing.yml b/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/config/routing.yml
index 9dad338f8..27e9a390d 100644
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/config/routing.yml
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/config/routing.yml
@@ -9,7 +9,7 @@ ss_second_factor_list:
     defaults: { _controller: SurfnetStepupSelfServiceSelfServiceBundle:SecondFactor:list }
 
 ss_second_factor_test:
-    path:     /second-factor/{secondFactorId}/test
+    path:     /second-factor/test
     methods:  [GET]
     defaults: { _controller: SurfnetStepupSelfServiceSelfServiceBundle:Saml:testSecondFactor }
 

From c5edf5411e9634c37a4603a00b857cec1e3c6a81 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Wed, 28 Mar 2018 15:30:34 +0200
Subject: [PATCH 11/29] Move the test buttons to the table footer

The vetted token overview no longer has a token test button per token.
A single test button is placed in the footer of the table instead.

The button text was modified to make the intent of the button clearer.
---
 app/Resources/translations/messages.en_GB.xliff  |  8 ++++----
 app/Resources/translations/messages.nl_NL.xliff  |  8 ++++----
 .../Resources/views/SecondFactor/list.html.twig  | 16 +++++++++++-----
 3 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/app/Resources/translations/messages.en_GB.xliff b/app/Resources/translations/messages.en_GB.xliff
index e8af81e87..298372f84 100644
--- a/app/Resources/translations/messages.en_GB.xliff
+++ b/app/Resources/translations/messages.en_GB.xliff
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2018-03-29T11:52:53Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
+  <file date="2018-04-03T12:41:04Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
@@ -464,12 +464,12 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
       <trans-unit id="39bf5f5849cef0ac9b176c769c79169676fc7b96" resname="ss.second_factor.revoke.button.revoke">
         <source>ss.second_factor.revoke.button.revoke</source>
         <target>Remove</target>
-        <jms:reference-file line="55">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="50">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="17d18b6bcd8642fedf8e5371cb722efc604e8281" resname="ss.second_factor.revoke.button.test">
         <source>ss.second_factor.revoke.button.test</source>
-        <target>Test</target>
-        <jms:reference-file line="51">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <target>Test a token</target>
+        <jms:reference-file line="62">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="8cb0dc5d3faca805d69dce7496307078d2234dfb" resname="ss.second_factor.revoke.second_factor_type.sms">
         <source>ss.second_factor.revoke.second_factor_type.sms</source>
diff --git a/app/Resources/translations/messages.nl_NL.xliff b/app/Resources/translations/messages.nl_NL.xliff
index 28bdc489c..adc9dca99 100644
--- a/app/Resources/translations/messages.nl_NL.xliff
+++ b/app/Resources/translations/messages.nl_NL.xliff
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2018-03-29T11:52:47Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
+  <file date="2018-04-03T12:41:01Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
@@ -462,12 +462,12 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       <trans-unit id="39bf5f5849cef0ac9b176c769c79169676fc7b96" resname="ss.second_factor.revoke.button.revoke">
         <source>ss.second_factor.revoke.button.revoke</source>
         <target>Verwijderen</target>
-        <jms:reference-file line="55">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="50">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="17d18b6bcd8642fedf8e5371cb722efc604e8281" resname="ss.second_factor.revoke.button.test">
         <source>ss.second_factor.revoke.button.test</source>
-        <target>Testen</target>
-        <jms:reference-file line="51">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <target>Test een token</target>
+        <jms:reference-file line="62">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="8cb0dc5d3faca805d69dce7496307078d2234dfb" resname="ss.second_factor.revoke.second_factor_type.sms">
         <source>ss.second_factor.revoke.second_factor_type.sms</source>
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig b/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig
index bfe9d3458..9c191560d 100644
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig
@@ -45,11 +45,6 @@
                             <td>{{ secondFactor.secondFactorIdentifier }}</td>
                             <td>
                                 <div class="btn-group pull-right" role="group">
-                                    {% if state == 'vetted' %}
-                                        <a class="btn btn-mini btn-default"
-                                            href="{{ path('ss_second_factor_test', {'secondFactorId': secondFactor.id}) }}">
-                                            {{ 'ss.second_factor.revoke.button.test'|trans }}</a>
-                                    {% endif %}
                                     <a class="btn btn-mini btn-warning"
                                         href="{{ path('ss_second_factor_revoke', {'state': state, 'secondFactorId': secondFactor.id}) }}">
                                         {{ 'ss.second_factor.revoke.button.revoke'|trans }}
@@ -59,6 +54,17 @@
                         </tr>
                     {% endfor %}
                     </tbody>
+                    {% if state == 'vetted' %}
+                    <tfoot>
+                        <tr>
+                            <td colspan="3">
+                                <a class="btn btn-mini btn-default pull-right" href="{{ path('ss_second_factor_test') }}">
+                                    {{ 'ss.second_factor.revoke.button.test'|trans }}
+                                </a>
+                            </td>
+                        </tr>
+                    </tfoot>
+                    {% endif %}
                 </table>
             </div>
         </div>

From 5e0682de570be18ae354ec5891ed986fcf371c26 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Tue, 3 Apr 2018 12:10:13 +0200
Subject: [PATCH 12/29] Collect Available tokens in a collection

When displaying the second factor tokens in the registration overview,
we want them to be sorted in LoA, alphabetical order. This was not
possible without sorting them in a collection as hard coded and gssp
tokens where passed individually to the template.

The new collection stores AvailableTokenInterface implementations. And
contains sorting logic.
---
 .../Value/AvailableTokenCollectionTest.php    |  78 +++++++++++++
 .../Value/AvailableTokenCollection.php        |  72 ++++++++++++
 .../Value/AvailableTokenInterface.php         |  42 +++++++
 .../SelfServiceBundle/Value/GsspToken.php     | 104 ++++++++++++++++++
 .../Value/HardcodedToken.php                  |  90 +++++++++++++++
 5 files changed, 386 insertions(+)
 create mode 100644 src/Surfnet/StepupSelfService/SelfServiceBundle/Tests/Value/AvailableTokenCollectionTest.php
 create mode 100644 src/Surfnet/StepupSelfService/SelfServiceBundle/Value/AvailableTokenCollection.php
 create mode 100644 src/Surfnet/StepupSelfService/SelfServiceBundle/Value/AvailableTokenInterface.php
 create mode 100644 src/Surfnet/StepupSelfService/SelfServiceBundle/Value/GsspToken.php
 create mode 100644 src/Surfnet/StepupSelfService/SelfServiceBundle/Value/HardcodedToken.php

diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Tests/Value/AvailableTokenCollectionTest.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Tests/Value/AvailableTokenCollectionTest.php
new file mode 100644
index 000000000..bd8e2466c
--- /dev/null
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Tests/Value/AvailableTokenCollectionTest.php
@@ -0,0 +1,78 @@
+<?php
+
+/**
+ * Copyright 2018 SURFnet bv
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Surfnet\Stepup\Tests;
+
+use PHPUnit_Framework_TestCase as UnitTest;
+use Surfnet\StepupSelfService\SamlStepupProviderBundle\Provider\ViewConfig;
+use Surfnet\StepupSelfService\SelfServiceBundle\Value\AvailableTokenCollection;
+
+class AvailableTokenCollectionTest extends UnitTest
+{
+    public function test_create_from()
+    {
+        $nonGssp = ['sms' => 'sms', 'yubikey' => 'yubikey'];
+        $gssp = [
+            'fatima' => $this->getViewConfig('fatima', 2),
+            'tiqr' => $this->getViewConfig('tiqr', 3),
+            'biometric' => $this->getViewConfig('biometric', 3),
+        ];
+        $collection = AvailableTokenCollection::from($nonGssp, $gssp);
+
+        $this->assertCount(5, $collection->getData());
+
+        $expextedSortOrder = ['fatima', 'sms', 'biometric', 'tiqr', 'yubikey'];
+        $this->assertEquals($expextedSortOrder, array_keys($collection->getData()));
+    }
+
+    public function test_create_from_empty_input()
+    {
+        $nonGssp = [];
+        $gssp = [];
+        $collection = AvailableTokenCollection::from($nonGssp, $gssp);
+
+        $this->assertCount(0, $collection->getData());
+    }
+
+    public function test_create_from_only_gssp()
+    {
+        $nonGssp = [];
+        $gssp = [
+            'irma' => $this->getViewConfig('irma', 2),
+            'tiqr' => $this->getViewConfig('tiqr', 3),
+            'aauth' => $this->getViewConfig('aauth', 3),
+            'xerxes' => $this->getViewConfig('xerxes', 2),
+            'biometric' => $this->getViewConfig('biometric', 3),
+            'fatima' => $this->getViewConfig('fatima', 2),
+        ];
+        $collection = AvailableTokenCollection::from($nonGssp, $gssp);
+
+        $this->assertCount(6, $collection->getData());
+
+        $expextedSortOrder = ['fatima', 'irma', 'xerxes', 'aauth', 'biometric', 'tiqr'];
+        $this->assertEquals($expextedSortOrder, array_keys($collection->getData()));
+    }
+
+    private function getViewConfig($tokenType, $loa)
+    {
+        $mock = \Mockery::mock(ViewConfig::class);
+        $mock->shouldReceive('getLoa')->andReturn($loa);
+        $mock->shouldReceive('getType')->andReturn($tokenType);
+        return $mock;
+    }
+}
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/AvailableTokenCollection.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/AvailableTokenCollection.php
new file mode 100644
index 000000000..d106c6be3
--- /dev/null
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/AvailableTokenCollection.php
@@ -0,0 +1,72 @@
+<?php
+
+/**
+ * Copyright 2018 SURFnet bv
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Surfnet\StepupSelfService\SelfServiceBundle\Value;
+
+/**
+ * AvailableTokenCollection is used in the display second factor types view to be able to handle GSSP and non GSSP
+ * tokens in a more homogeneous manner.
+ */
+class AvailableTokenCollection
+{
+    /**
+     * @var AvailableTokenInterface[]
+     */
+    private $collection = [];
+
+    /**
+     * @param array $hardcodedTokens
+     * @param array $gsspTokens
+     * @return AvailableTokenCollection
+     */
+    public static function from(array $hardcodedTokens, array $gsspTokens)
+    {
+        $collection = new self();
+
+        foreach ($hardcodedTokens as $token) {
+            $collection->collection[$token] = HardcodedToken::fromSecondFactorType($token);
+        }
+
+        foreach ($gsspTokens as $type => $token) {
+            $collection->collection[$type] = GsspToken::fromViewConfig($token, $type);
+        }
+
+        return $collection;
+    }
+
+    /**
+     * Sorts and returns the available tokens
+     * @return AvailableTokenInterface[]
+     */
+    public function getData()
+    {
+        $this->sortCollection();
+        return $this->collection;
+    }
+
+    private function sortCollection()
+    {
+        // The collection is first sorted by LoA level and then in alphabetic order.
+        uasort($this->collection, function (AvailableTokenInterface $a, AvailableTokenInterface $b) {
+            if ($a->getLoaLevel() === $b->getLoaLevel()) {
+                return strcmp($a->getType(), $b->getType());
+            }
+            return $a->getLoaLevel() > $b->getLoaLevel();
+        });
+    }
+}
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/AvailableTokenInterface.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/AvailableTokenInterface.php
new file mode 100644
index 000000000..6454969c5
--- /dev/null
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/AvailableTokenInterface.php
@@ -0,0 +1,42 @@
+<?php
+
+/**
+ * Copyright 2018 SURFnet bv
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Surfnet\StepupSelfService\SelfServiceBundle\Value;
+
+interface AvailableTokenInterface
+{
+    /**
+     * @return string
+     */
+    public function getRoute();
+
+    /**
+     * @return mixed
+     */
+    public function getType();
+
+    /**
+     * @return int
+     */
+    public function getLoaLevel();
+
+    /**
+     * @return boolean
+     */
+    public function isGssp();
+}
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/GsspToken.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/GsspToken.php
new file mode 100644
index 000000000..705723790
--- /dev/null
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/GsspToken.php
@@ -0,0 +1,104 @@
+<?php
+
+/**
+ * Copyright 2018 SURFnet bv
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Surfnet\StepupSelfService\SelfServiceBundle\Value;
+
+use Surfnet\StepupSelfService\SamlStepupProviderBundle\Provider\ViewConfig;
+use Surfnet\StepupSelfService\SelfServiceBundle\Exception\InvalidArgumentException;
+
+class GsspToken implements AvailableTokenInterface
+{
+    /**
+     * @var ViewConfig
+     */
+    private $viewConfig;
+
+    /**
+     * @var string
+     */
+    private $type;
+
+    /**
+     * @param ViewConfig $viewConfig
+     * @param $type
+     * @return GsspToken
+     */
+    public static function fromViewConfig(ViewConfig $viewConfig, $type)
+    {
+        if (!is_string($type) || empty($type)) {
+            throw InvalidArgumentException::invalidType('a non empty string', 'type', $type);
+        }
+
+        return new self($viewConfig, $type);
+    }
+
+    /**
+     * GsspToken constructor.
+     * @param ViewConfig $viewConfig
+     * @param string $type
+     */
+    private function __construct(ViewConfig $viewConfig, $type)
+    {
+        $this->viewConfig = $viewConfig;
+        $this->type = $type;
+    }
+
+    /**
+     * @return string
+     */
+    public function getRoute()
+    {
+        return 'ss_registration_gssf_initiate';
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getType()
+    {
+        return $this->type;
+    }
+
+    /**
+     * @return int
+     */
+    public function getLoaLevel()
+    {
+        return (int) $this->viewConfig->getLoa();
+    }
+
+    /**
+     * @return boolean
+     */
+    public function isGssp()
+    {
+        return true;
+    }
+
+    public function getRouteParams()
+    {
+        return [
+            'provider' => $this->type,
+        ];
+    }
+
+    public function getViewConfig()
+    {
+        return $this->viewConfig;
+    }
+}
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/HardcodedToken.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/HardcodedToken.php
new file mode 100644
index 000000000..1a921cc74
--- /dev/null
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/HardcodedToken.php
@@ -0,0 +1,90 @@
+<?php
+
+/**
+ * Copyright 2018 SURFnet bv
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Surfnet\StepupSelfService\SelfServiceBundle\Value;
+
+use Surfnet\StepupSelfService\SelfServiceBundle\Exception\InvalidArgumentException;
+
+class HardcodedToken implements AvailableTokenInterface
+{
+    private static $supportedTypes = [
+        'sms' => [
+            'loaLevel' => 2,
+            'route' => 'ss_registration_sms_send_challenge'
+        ],
+        'u2f' => [
+            'loaLevel' => 3,
+            'route' => 'ss_registration_u2f_registration'
+        ],
+        'yubikey' => [
+            'loaLevel' => 3,
+            'route' => 'ss_registration_yubikey_prove_possession'
+        ],
+    ];
+
+    private $type;
+
+    /**
+     * @param $type
+     * @return HardcodedToken
+     */
+    public static function fromSecondFactorType($type)
+    {
+        if (!isset(self::$supportedTypes[$type])) {
+            throw InvalidArgumentException::invalidType('valid second factor type', 'type', $type);
+        }
+        return new self($type);
+    }
+
+    private function __construct($type)
+    {
+        $this->type = $type;
+    }
+
+    /**
+     * @return string
+     */
+    public function getRoute()
+    {
+        return self::$supportedTypes[$this->type]['route'];
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getType()
+    {
+        return $this->type;
+    }
+
+    /**
+     * @return int
+     */
+    public function getLoaLevel()
+    {
+        return self::$supportedTypes[$this->type]['loaLevel'];
+    }
+
+    /**
+     * @return boolean
+     */
+    public function isGssp()
+    {
+        return false;
+    }
+}

From d3274c003ce0463de538d0a0a982bb54f596cb52 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Tue, 3 Apr 2018 12:10:43 +0200
Subject: [PATCH 13/29] Implement the usage of AvailableTokenCollection

---
 .../Controller/RegistrationController.php     |  7 ++-
 .../displaySecondFactorTypes.html.twig        | 47 +++++++------------
 2 files changed, 22 insertions(+), 32 deletions(-)

diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/RegistrationController.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/RegistrationController.php
index 070779135..c8032caa4 100644
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/RegistrationController.php
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/RegistrationController.php
@@ -23,6 +23,7 @@
 use Mpdf\Output\Destination as MpdfDestination;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
 use Surfnet\StepupSelfService\SelfServiceBundle\Service\SecondFactorService;
+use Surfnet\StepupSelfService\SelfServiceBundle\Value\AvailableTokenCollection;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
@@ -70,10 +71,12 @@ public function displaySecondFactorTypesAction()
                 unset($secondFactors->available[$index]);
             }
         }
+
+        $availableTokens = AvailableTokenCollection::from($secondFactors->available, $availableGsspSecondFactors);
+
         return [
             'commonName' => $this->getIdentity()->commonName,
-            'availableSecondFactors' => $secondFactors->available,
-            'availableGsspSecondFactors' => $availableGsspSecondFactors,
+            'availableSecondFactors' => $availableTokens,
             'verifyEmail' => $this->emailVerificationIsRequired(),
         ];
     }
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Registration/displaySecondFactorTypes.html.twig b/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Registration/displaySecondFactorTypes.html.twig
index 905c9974f..b0c593846 100644
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Registration/displaySecondFactorTypes.html.twig
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/Registration/displaySecondFactorTypes.html.twig
@@ -12,36 +12,23 @@
     <h2>{{ block('page_title') }}</h2>
 
     <div class="row second-factors">
-        {% if availableSecondFactors.sms is defined %}
-            {% include 'SurfnetStepupSelfServiceSelfServiceBundle::Registration/partial/secondFactor.html.twig' with {
-                'type': 'sms',
-                'security': 2,
-                'url': path('ss_registration_sms_send_challenge'),
-            } only %}
-        {% endif %}
-        {% if availableSecondFactors.yubikey is defined %}
-            {% include 'SurfnetStepupSelfServiceSelfServiceBundle::Registration/partial/secondFactor.html.twig' with {
-                'type': 'yubikey',
-                'security': 3,
-                'url': path('ss_registration_yubikey_prove_possession'),
-            } only %}
-        {% endif %}
-        {% if availableSecondFactors.u2f is defined %}
-            {% include 'SurfnetStepupSelfServiceSelfServiceBundle::Registration/partial/secondFactor.html.twig' with {
-                'type': 'u2f',
-                'security': 3,
-                'url': path('ss_registration_u2f_registration'),
-            } only %}
-        {% endif %}
-        {% for type, secondFactor in availableGsspSecondFactors %}
-            {% include 'SurfnetStepupSelfServiceSelfServiceBundle::Registration/partial/genericSecondFactor.html.twig' with {
-            'type': type,
-            'security': secondFactor.loa,
-            'url': path('ss_registration_gssf_initiate', {'provider': type}),
-            'appAndroidUrl': secondFactor.androidUrl,
-            'appIosUrl': secondFactor.iosUrl,
-            'secondFactor': secondFactor
-            } only %}
+        {% for type, secondFactor in availableSecondFactors.data %}
+            {% if secondFactor.isGssp %}
+                {% include 'SurfnetStepupSelfServiceSelfServiceBundle::Registration/partial/genericSecondFactor.html.twig' with {
+                    'type': type,
+                    'security': secondFactor.loaLevel,
+                    'url': path(secondFactor.route, secondFactor.routeParams),
+                    'appAndroidUrl': secondFactor.viewConfig.androidUrl,
+                    'appIosUrl': secondFactor.viewConfig.iosUrl,
+                    'secondFactor': secondFactor.viewConfig
+                } only %}
+            {% else %}
+                {% include 'SurfnetStepupSelfServiceSelfServiceBundle::Registration/partial/secondFactor.html.twig' with {
+                    'type': type,
+                    'security': secondFactor.loaLevel,
+                    'url': path(secondFactor.route),
+                } only %}
+            {% endif %}
         {% endfor %}
     </div>
 {% endblock %}

From aa1553458daaa2e2557af939ad218c5269495e4f Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Thu, 5 Apr 2018 14:26:07 +0200
Subject: [PATCH 14/29] Rename HardcodedToken to BuiltInToken

BuiltIn sounds less hacky. And in the process the static private variable has been moved out of its static context.
---
 .../Tests/Value/AvailableTokenCollectionTest.php |  5 +++--
 .../Value/AvailableTokenCollection.php           |  8 ++++----
 .../{HardcodedToken.php => BuiltInToken.php}     | 16 ++++++++--------
 3 files changed, 15 insertions(+), 14 deletions(-)
 rename src/Surfnet/StepupSelfService/SelfServiceBundle/Value/{HardcodedToken.php => BuiltInToken.php} (86%)

diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Tests/Value/AvailableTokenCollectionTest.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Tests/Value/AvailableTokenCollectionTest.php
index bd8e2466c..0022fffa5 100644
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/Tests/Value/AvailableTokenCollectionTest.php
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Tests/Value/AvailableTokenCollectionTest.php
@@ -31,12 +31,13 @@ public function test_create_from()
             'fatima' => $this->getViewConfig('fatima', 2),
             'tiqr' => $this->getViewConfig('tiqr', 3),
             'biometric' => $this->getViewConfig('biometric', 3),
+            'intrinsic' => $this->getViewConfig('intrinsic', 1),
         ];
         $collection = AvailableTokenCollection::from($nonGssp, $gssp);
 
-        $this->assertCount(5, $collection->getData());
+        $this->assertCount(6, $collection->getData());
 
-        $expextedSortOrder = ['fatima', 'sms', 'biometric', 'tiqr', 'yubikey'];
+        $expextedSortOrder = ['intrinsic', 'fatima', 'sms', 'biometric', 'tiqr', 'yubikey'];
         $this->assertEquals($expextedSortOrder, array_keys($collection->getData()));
     }
 
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/AvailableTokenCollection.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/AvailableTokenCollection.php
index d106c6be3..897c30c75 100644
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/AvailableTokenCollection.php
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/AvailableTokenCollection.php
@@ -30,16 +30,16 @@ class AvailableTokenCollection
     private $collection = [];
 
     /**
-     * @param array $hardcodedTokens
+     * @param array $builtInTokens
      * @param array $gsspTokens
      * @return AvailableTokenCollection
      */
-    public static function from(array $hardcodedTokens, array $gsspTokens)
+    public static function from(array $builtInTokens, array $gsspTokens)
     {
         $collection = new self();
 
-        foreach ($hardcodedTokens as $token) {
-            $collection->collection[$token] = HardcodedToken::fromSecondFactorType($token);
+        foreach ($builtInTokens as $token) {
+            $collection->collection[$token] = BuiltInToken::fromSecondFactorType($token);
         }
 
         foreach ($gsspTokens as $type => $token) {
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/HardcodedToken.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/BuiltInToken.php
similarity index 86%
rename from src/Surfnet/StepupSelfService/SelfServiceBundle/Value/HardcodedToken.php
rename to src/Surfnet/StepupSelfService/SelfServiceBundle/Value/BuiltInToken.php
index 1a921cc74..b639b5af2 100644
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/HardcodedToken.php
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/BuiltInToken.php
@@ -20,9 +20,9 @@
 
 use Surfnet\StepupSelfService\SelfServiceBundle\Exception\InvalidArgumentException;
 
-class HardcodedToken implements AvailableTokenInterface
+class BuiltInToken implements AvailableTokenInterface
 {
-    private static $supportedTypes = [
+    private $supportedTypes = [
         'sms' => [
             'loaLevel' => 2,
             'route' => 'ss_registration_sms_send_challenge'
@@ -41,18 +41,18 @@ class HardcodedToken implements AvailableTokenInterface
 
     /**
      * @param $type
-     * @return HardcodedToken
+     * @return BuiltInToken
      */
     public static function fromSecondFactorType($type)
     {
-        if (!isset(self::$supportedTypes[$type])) {
-            throw InvalidArgumentException::invalidType('valid second factor type', 'type', $type);
-        }
         return new self($type);
     }
 
     private function __construct($type)
     {
+        if (!isset($this->supportedTypes[$type])) {
+            throw InvalidArgumentException::invalidType('valid second factor type', 'type', $type);
+        }
         $this->type = $type;
     }
 
@@ -61,7 +61,7 @@ private function __construct($type)
      */
     public function getRoute()
     {
-        return self::$supportedTypes[$this->type]['route'];
+        return $this->supportedTypes[$this->type]['route'];
     }
 
     /**
@@ -77,7 +77,7 @@ public function getType()
      */
     public function getLoaLevel()
     {
-        return self::$supportedTypes[$this->type]['loaLevel'];
+        return $this->supportedTypes[$this->type]['loaLevel'];
     }
 
     /**

From 0c6e4d40e8a04ddf6d01a3d523bb875ced62540a Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Thu, 5 Apr 2018 14:29:50 +0200
Subject: [PATCH 15/29] Fix return value of order callback function

The LoA comparison returned a boolean value where a numeric value is in
order. This is not an actual problem as PHP is very forgiving.
---
 .../SelfServiceBundle/Value/AvailableTokenCollection.php        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/AvailableTokenCollection.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/AvailableTokenCollection.php
index 897c30c75..c635ae9cc 100644
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/AvailableTokenCollection.php
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Value/AvailableTokenCollection.php
@@ -66,7 +66,7 @@ private function sortCollection()
             if ($a->getLoaLevel() === $b->getLoaLevel()) {
                 return strcmp($a->getType(), $b->getType());
             }
-            return $a->getLoaLevel() > $b->getLoaLevel();
+            return $a->getLoaLevel() > $b->getLoaLevel() ? 1 : -1;
         });
     }
 }

From 6801dccf7c3a980e921e0bbeb431188bff283870 Mon Sep 17 00:00:00 2001
From: Pieter van der Meulen <pieter.vanderMeulen@surfnet.nl>
Date: Wed, 14 Mar 2018 17:50:34 +0100
Subject: [PATCH 16/29] Change dev logging configuration to use syslog instead
 of graylog

---
 app/config/config_dev.yml | 47 ++++++++++-----------------------------
 1 file changed, 12 insertions(+), 35 deletions(-)

diff --git a/app/config/config_dev.yml b/app/config/config_dev.yml
index 9d9254b05..a01868173 100644
--- a/app/config/config_dev.yml
+++ b/app/config/config_dev.yml
@@ -11,45 +11,22 @@ web_profiler:
     toolbar: "%debug_toolbar%"
     intercept_redirects: "%debug_redirects%"
 
-# Be careful not to remove the prod-signaler handler, which overwrites
-# the prod-signaler handler defined in logging.yml. The handler defined
-# in logging.yml disables bubbling which means that none of the handlers
-# below are invoked. Since the current dev setup is incompatible with the
-# prod setup defined in logging.yml, this means we won't see any logs in
-# the infrastructure currently used (graylog). Overwriting the handler
-# here resolves that and reinstates the dev logging setup.
-#
-# this configuration must be replaced to reflect production setup
-# see https://www.pivotaltracker.com/story/show/96056010
-#
+# The monolog configuration below overwrites the in logging.yml that
+# is normally used for production.
 monolog:
     handlers:
         prod-signaler:
-            type: group
-            members:
-                - main_graylog
-                - main_logfile
-                - main_debuglog
-        main_graylog:
-            type:    buffer
-            handler: graylog
-            level:   NOTICE
-        main_logfile:
-            type:    stream
-            handler: logfile
-            level:   NOTICE
-            path:    %kernel.logs_dir%/%kernel.environment%.log
+            type: fingers_crossed
+            action_level: ERROR
+            passthru_level: DEBUG # DEV setting: this means that all message of level DEBUG or higher are always logged
+            #passthru_level: NOTICE # PROD setting this means that all message of level NOTICE or higher are always logged
+            handler: main_syslog
+            bubble: false # if we handle it, nothing else should
+        main_syslog:
+            type: syslog
+            ident: stepup-selfservice
+            facility: user
             formatter: surfnet_stepup.monolog.json_formatter
-        main_debuglog:
-            type:    stream
-            handler: logfile
-            level:   DEBUG
-            path:    "%kernel.logs_dir%/%kernel.environment%.debug.log"
-            formatter: surfnet_stepup.monolog.json_formatter
-        graylog:
-            type:      gelf
-            publisher: { hostname: %graylog_hostname% }
-            formatter: surfnet_stepup.monolog.full_message_exception_gelf_message_formatter
 
 assetic:
     use_controller: "%use_assetic_controller%"

From f9cf305efb9eb568d84f0da70c59440696c7ac02 Mon Sep 17 00:00:00 2001
From: Joris Steyn <joris@ibuildings.nl>
Date: Mon, 9 Apr 2018 12:26:12 +0200
Subject: [PATCH 17/29] Remove unused production configuration for monolog

Logging for production is configured in logging.yml. The configuration
in config.yml had no effect in production because the prod-signaler in
logging.yml is configured to not bubble messages to other handlers.
---
 app/config/config.yml          | 21 ---------------------
 app/config/parameters.yml.dist |  1 -
 2 files changed, 22 deletions(-)

diff --git a/app/config/config.yml b/app/config/config.yml
index 963820e1b..28d5a042a 100644
--- a/app/config/config.yml
+++ b/app/config/config.yml
@@ -67,27 +67,6 @@ nelmio_security:
         # Content types: default, script, object, style, img, media, frame, font, connect
         default: [ self ]
 
-monolog:
-    handlers:
-        main:
-            type: group
-            members:
-                - main_graylog
-                - main_logfile
-        main_graylog:
-            type: buffer
-            handler: graylog
-            level: NOTICE
-        main_logfile:
-            type: stream
-            handler: logfile
-            level: NOTICE
-            path: %kernel.logs_dir%/%kernel.environment%.log
-        graylog:
-            type: gelf
-            publisher: { hostname: %graylog_hostname% }
-            formatter: surfnet_stepup.monolog.full_message_exception_gelf_message_formatter
-
 mopa_bootstrap:
     form:
         show_legend: false
diff --git a/app/config/parameters.yml.dist b/app/config/parameters.yml.dist
index d7ec31215..2ed2fe296 100644
--- a/app/config/parameters.yml.dist
+++ b/app/config/parameters.yml.dist
@@ -32,7 +32,6 @@ parameters:
     saml_remote_idp_entity_id:
     saml_remote_idp_sso_url:
     saml_remote_idp_certificate: 'FOR CI ONLY, REPLACE WITH ACTUAL VALUE'
-    graylog_hostname: g2-dev.stepup.coin.surf.net
     asset_version: 1
 
     second_factor_test_idp_entity_id: ~

From 020c12803b8d368a49c53d23d679efdb4ce245c4 Mon Sep 17 00:00:00 2001
From: Joris Steyn <joris@ibuildings.nl>
Date: Mon, 9 Apr 2018 12:30:42 +0200
Subject: [PATCH 18/29] Enable file logging for development

The development configuration now logs to two destinations:

 - fingers crossed to syslog (DEBUG and higher, action leven ERROR)
 - log all notices and higher to app/logs/dev.log
---
 app/config/config_dev.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/config/config_dev.yml b/app/config/config_dev.yml
index a01868173..08ca0450c 100644
--- a/app/config/config_dev.yml
+++ b/app/config/config_dev.yml
@@ -21,12 +21,17 @@ monolog:
             passthru_level: DEBUG # DEV setting: this means that all message of level DEBUG or higher are always logged
             #passthru_level: NOTICE # PROD setting this means that all message of level NOTICE or higher are always logged
             handler: main_syslog
-            bubble: false # if we handle it, nothing else should
+            bubble: true
         main_syslog:
             type: syslog
             ident: stepup-selfservice
             facility: user
             formatter: surfnet_stepup.monolog.json_formatter
+        main_logfile:
+            type: stream
+            handler: logfile
+            level: NOTICE
+            path: %kernel.logs_dir%/%kernel.environment%.log
 
 assetic:
     use_controller: "%use_assetic_controller%"

From b0344519b76e2fd57d2939728017d9c9e8d1774a Mon Sep 17 00:00:00 2001
From: Joris Steyn <joris@ibuildings.nl>
Date: Mon, 9 Apr 2018 13:19:58 +0200
Subject: [PATCH 19/29] Update stepup-bundle to 3.4.0

---
 composer.json |  2 +-
 composer.lock | 67 +++++----------------------------------------------
 2 files changed, 7 insertions(+), 62 deletions(-)

diff --git a/composer.json b/composer.json
index 2b92007cb..dc541c3b2 100644
--- a/composer.json
+++ b/composer.json
@@ -26,7 +26,7 @@
         "surfnet/stepup-middleware-client-bundle": "^2.0",
         "guzzlehttp/guzzle": "^6",
         "surfnet/stepup-saml-bundle": "^4.0",
-        "surfnet/stepup-bundle": "^3.3",
+        "surfnet/stepup-bundle": "^3.4.0",
         "surfnet/stepup-u2f-bundle": "dev-develop",
         "mopa/composer-bridge": "~1.5",
         "openconext/monitor-bundle": "^1.0",
diff --git a/composer.lock b/composer.lock
index 486a69a13..23e41bc62 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "content-hash": "25b06d1f3bac31fa01b5fec0fd811713",
+    "content-hash": "c2782be1c2cb93499ebb9d04d40b1b58",
     "packages": [
         {
             "name": "beberlei/assert",
@@ -511,59 +511,6 @@
             ],
             "time": "2014-08-26T16:36:44+00:00"
         },
-        {
-            "name": "graylog2/gelf-php",
-            "version": "1.5.0",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/bzikarsky/gelf-php.git",
-                "reference": "bc1175a5b40f585e69a017647286d84211e82544"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/bzikarsky/gelf-php/zipball/bc1175a5b40f585e69a017647286d84211e82544",
-                "reference": "bc1175a5b40f585e69a017647286d84211e82544",
-                "shasum": ""
-            },
-            "require": {
-                "php": ">=5.3.9",
-                "psr/log": "~1.0"
-            },
-            "provide": {
-                "psr/log-implementation": "~1.0"
-            },
-            "require-dev": {
-                "phpunit/phpunit": "~4.3",
-                "squizlabs/php_codesniffer": "~2.0"
-            },
-            "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-master": "1.4.x-dev"
-                }
-            },
-            "autoload": {
-                "psr-4": {
-                    "Gelf\\": "src/Gelf"
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Benjamin Zikarsky",
-                    "email": "benjamin@zikarsky.de"
-                },
-                {
-                    "name": "gelf-php contributors",
-                    "homepage": "https://github.com/bzikarsky/gelf-php/contributors"
-                }
-            ],
-            "description": "A php implementation to send log-messages to a GELF compatible backend like Graylog2.",
-            "time": "2016-06-02T06:04:56+00:00"
-        },
         {
             "name": "guzzlehttp/guzzle",
             "version": "6.2.3",
@@ -2144,22 +2091,21 @@
         },
         {
             "name": "surfnet/stepup-bundle",
-            "version": "3.3.3",
+            "version": "3.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/OpenConext/Stepup-bundle.git",
-                "reference": "6ac86cdcf6bbc2e0c50408fff7cafa7a5445a8fb"
+                "reference": "e0afaa26ffd0a38bb89b55e95761fe9555b6670f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/OpenConext/Stepup-bundle/zipball/6ac86cdcf6bbc2e0c50408fff7cafa7a5445a8fb",
-                "reference": "6ac86cdcf6bbc2e0c50408fff7cafa7a5445a8fb",
+                "url": "https://api.github.com/repos/OpenConext/Stepup-bundle/zipball/e0afaa26ffd0a38bb89b55e95761fe9555b6670f",
+                "reference": "e0afaa26ffd0a38bb89b55e95761fe9555b6670f",
                 "shasum": ""
             },
             "require": {
                 "ext-gmp": "*",
                 "ext-openssl": "*",
-                "graylog2/gelf-php": "^1.5",
                 "guzzlehttp/guzzle": "^6.0",
                 "monolog/monolog": "~1.11",
                 "php": "^5.6|^7.0",
@@ -2174,7 +2120,6 @@
                 "symfony/validator": "^2.7"
             },
             "require-dev": {
-                "liip/rmt": "1.1.*",
                 "mockery/mockery": "0.9.*",
                 "phpmd/phpmd": "^2.0",
                 "phpunit/phpunit": "^4.0",
@@ -2198,7 +2143,7 @@
                 "suaas",
                 "surfnet"
             ],
-            "time": "2018-03-22T14:15:12+00:00"
+            "time": "2018-04-09T11:13:53+00:00"
         },
         {
             "name": "surfnet/stepup-middleware-client-bundle",

From 29d5d7c9344eef53bfdd50138d2670d8b8de218b Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Tue, 10 Apr 2018 16:17:05 +0200
Subject: [PATCH 20/29] Remove the max_number_of_tokens setting

The global max_number_of_tokens / number_of_tokens_per_identity setting
is now configured in Middleware. It's no longer practical to also track
this configuration option in SelfService. Any
number_of_tokens_per_identity related settings will be loaded from the
Middleware api.
---
 app/config/config.yml                                        | 1 -
 app/config/parameters.yml.dist                               | 3 ---
 .../SelfServiceBundle/DependencyInjection/Configuration.php  | 3 ---
 .../SurfnetStepupSelfServiceSelfServiceExtension.php         | 5 -----
 4 files changed, 12 deletions(-)

diff --git a/app/config/config.yml b/app/config/config.yml
index 28d5a042a..5cd1481f0 100644
--- a/app/config/config.yml
+++ b/app/config/config.yml
@@ -144,7 +144,6 @@ jms_translation:
             extractors: []
 
 surfnet_stepup_self_service_self_service:
-    max_number_of_tokens: %number_of_tokens_per_identity%
     enabled_second_factors: %enabled_second_factors%
     enabled_generic_second_factors: %enabled_generic_second_factors%
     second_factor_test_identity_provider:
diff --git a/app/config/parameters.yml.dist b/app/config/parameters.yml.dist
index 2ed2fe296..d6efd89ac 100644
--- a/app/config/parameters.yml.dist
+++ b/app/config/parameters.yml.dist
@@ -60,6 +60,3 @@ parameters:
 
     session_max_absolute_lifetime: 3600 # 1 hours * 60 minutes * 60 seconds
     session_max_relative_lifetime: 600  # 10 minutes * 60 seconds
-
-    # The maximum number of tokens each identity (person) can register.
-    number_of_tokens_per_identity: 2
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/DependencyInjection/Configuration.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/DependencyInjection/Configuration.php
index 0e423ac29..3cf42db72 100644
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/DependencyInjection/Configuration.php
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/DependencyInjection/Configuration.php
@@ -34,9 +34,6 @@ public function getConfigTreeBuilder()
         $this->appendSecondFactorTestIdentityProvider($childNodes);
         $this->appendSessionConfiguration($childNodes);
 
-        $childNodes->integerNode('max_number_of_tokens')
-            ->isRequired();
-
         return $treeBuilder;
     }
 
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/DependencyInjection/SurfnetStepupSelfServiceSelfServiceExtension.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/DependencyInjection/SurfnetStepupSelfServiceSelfServiceExtension.php
index 81384ed63..5d7acafe5 100644
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/DependencyInjection/SurfnetStepupSelfServiceSelfServiceExtension.php
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/DependencyInjection/SurfnetStepupSelfServiceSelfServiceExtension.php
@@ -63,11 +63,6 @@ public function load(array $configs, ContainerBuilder $container)
             'self_service.security.authentication.session.maximum_relative_lifetime_in_seconds',
             $config['session_lifetimes']['max_relative_lifetime']
         );
-        $container->setParameter(
-            'self_service.second_factor.max_tokens_per_identity',
-            $config['max_number_of_tokens']
-        );
-
         $this->parseSecondFactorTestIdentityProviderConfiguration(
             $config['second_factor_test_identity_provider'],
             $container

From 64fd80b65142c0ab55a07a47ad48dd6837a6d8c1 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Tue, 10 Apr 2018 16:19:41 +0200
Subject: [PATCH 21/29] Read 'numberOfTokensPerIdentity' from institution
 config

As described in the previous commit, the numberOfTokensPerIdentity
config value is no longer read from the YAML config but from the
middleware configuration api.

This commit updates the old usage of the YAML config to the new API
results based solution.
---
 .../SelfServiceBundle/Controller/RegistrationController.php     | 2 +-
 .../SelfServiceBundle/Controller/SecondFactorController.php     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/RegistrationController.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/RegistrationController.php
index c8032caa4..acc8ad401 100644
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/RegistrationController.php
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/RegistrationController.php
@@ -50,7 +50,7 @@ public function displaySecondFactorTypesAction()
             $identity,
             $allSecondFactors,
             $institutionConfigurationOptions->allowedSecondFactors,
-            $this->getParameter('self_service.second_factor.max_tokens_per_identity')
+            $institutionConfigurationOptions->numberOfTokensPerIdentity
         );
 
         if ($secondFactors->getRegistrationsLeft() <= 0) {
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/SecondFactorController.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/SecondFactorController.php
index 14c70d6e0..3602c5c61 100644
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/SecondFactorController.php
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/SecondFactorController.php
@@ -45,7 +45,7 @@ public function listAction()
             $identity,
             $allSecondFactors,
             $institutionConfigurationOptions->allowedSecondFactors,
-            $this->getParameter('self_service.second_factor.max_tokens_per_identity')
+            $institutionConfigurationOptions->numberOfTokensPerIdentity
         );
 
         return [

From 3888b890f1f1ea97ae6c65b21fb369f5fd0f1623 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Wed, 11 Apr 2018 09:26:58 +0200
Subject: [PATCH 22/29] Update middleware client bundle to version 2.4

---
 composer.json |  2 +-
 composer.lock | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/composer.json b/composer.json
index dc541c3b2..bdb951de8 100644
--- a/composer.json
+++ b/composer.json
@@ -23,7 +23,7 @@
         "fortawesome/font-awesome": "~4.2.0",
         "jms/translation-bundle": "~1.3.0",
         "jms/di-extra-bundle": "~1.4.0",
-        "surfnet/stepup-middleware-client-bundle": "^2.0",
+        "surfnet/stepup-middleware-client-bundle": "^2.4",
         "guzzlehttp/guzzle": "^6",
         "surfnet/stepup-saml-bundle": "^4.0",
         "surfnet/stepup-bundle": "^3.4.0",
diff --git a/composer.lock b/composer.lock
index 23e41bc62..1ad10fe10 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "content-hash": "c2782be1c2cb93499ebb9d04d40b1b58",
+    "content-hash": "9fad25912e1c03a983366445cb4510f8",
     "packages": [
         {
             "name": "beberlei/assert",
@@ -2147,16 +2147,16 @@
         },
         {
             "name": "surfnet/stepup-middleware-client-bundle",
-            "version": "2.3.1",
+            "version": "2.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/OpenConext/Stepup-Middleware-clientbundle.git",
-                "reference": "9706c3e63dee41cc11e331b3057f885b8772eb66"
+                "reference": "83aa482f74d290167d8d4713484c6882fd4983c0"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/OpenConext/Stepup-Middleware-clientbundle/zipball/9706c3e63dee41cc11e331b3057f885b8772eb66",
-                "reference": "9706c3e63dee41cc11e331b3057f885b8772eb66",
+                "url": "https://api.github.com/repos/OpenConext/Stepup-Middleware-clientbundle/zipball/83aa482f74d290167d8d4713484c6882fd4983c0",
+                "reference": "83aa482f74d290167d8d4713484c6882fd4983c0",
                 "shasum": ""
             },
             "require": {
@@ -2197,7 +2197,7 @@
                 "Apache-2.0"
             ],
             "description": "Symfony2 bundle for consuming the Step-up Middleware API.",
-            "time": "2018-03-08T15:25:18+00:00"
+            "time": "2018-04-11T07:19:11+00:00"
         },
         {
             "name": "surfnet/stepup-saml-bundle",

From 5f873e383750712438b5cdcccf85d9b3c7cda272 Mon Sep 17 00:00:00 2001
From: Joris Steyn <joris@ibuildings.nl>
Date: Thu, 12 Apr 2018 10:14:19 +0200
Subject: [PATCH 23/29] Ignore unknown attributes in attribute dictionary

Prevents UnknownUrnExceptions when IDP sends an attribute not defined
in the stepup-saml-bundle. Gateway already does this:

    https://github.com/OpenConext/Stepup-Gateway/pull/147/files
---
 app/config/config.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/config/config.yml b/app/config/config.yml
index 963820e1b..bcc15833f 100644
--- a/app/config/config.yml
+++ b/app/config/config.yml
@@ -114,6 +114,8 @@ surfnet_stepup_middleware_client:
 
 surfnet_saml:
     hosted:
+        attribute_dictionary:
+            ignore_unknown_attributes: true
         service_provider:
             enabled: true
             assertion_consumer_route: selfservice_serviceprovider_consume_assertion

From b740313ffb98b1202efce05b6b1f5ca7c41f2aa7 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Fri, 6 Apr 2018 15:13:54 +0200
Subject: [PATCH 24/29] Add expiration date to token overview

The expiration date is only shown on the verified tokens. When the
expiration date is met, a label and explanation is added to instruct the
user how to restart the registration of his token.
---
 .../translations/messages.en_GB.xliff         | 25 ++++++++++++----
 .../translations/messages.nl_NL.xliff         | 25 ++++++++++++----
 composer.lock                                 | 10 +++----
 .../Controller/SecondFactorController.php     |  3 ++
 .../views/SecondFactor/list.html.twig         | 29 +++++++++++++++----
 5 files changed, 71 insertions(+), 21 deletions(-)

diff --git a/app/Resources/translations/messages.en_GB.xliff b/app/Resources/translations/messages.en_GB.xliff
index 298372f84..68912eef5 100644
--- a/app/Resources/translations/messages.en_GB.xliff
+++ b/app/Resources/translations/messages.en_GB.xliff
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2018-04-03T12:41:04Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
+  <file date="2018-04-06T13:30:38Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
@@ -464,12 +464,12 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
       <trans-unit id="39bf5f5849cef0ac9b176c769c79169676fc7b96" resname="ss.second_factor.revoke.button.revoke">
         <source>ss.second_factor.revoke.button.revoke</source>
         <target>Remove</target>
-        <jms:reference-file line="50">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="61">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="17d18b6bcd8642fedf8e5371cb722efc604e8281" resname="ss.second_factor.revoke.button.test">
         <source>ss.second_factor.revoke.button.test</source>
         <target>Test a token</target>
-        <jms:reference-file line="62">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="73">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="8cb0dc5d3faca805d69dce7496307078d2234dfb" resname="ss.second_factor.revoke.second_factor_type.sms">
         <source>ss.second_factor.revoke.second_factor_type.sms</source>
@@ -521,15 +521,30 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
         <target>YubiKey</target>
         <jms:reference-file line="36">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/translations.twig</jms:reference-file>
       </trans-unit>
+      <trans-unit id="86cc7496d68c0c83cd166ad3e22ed89b47b1c989" resname="ss.second_factor_list.header.expiration_date">
+        <source>ss.second_factor_list.header.expiration_date</source>
+        <target>Expiration date</target>
+        <jms:reference-file line="39">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="de7df14a4a009c74319576cad9e6c6e68e89ac0c" resname="ss.second_factor_list.header.expired_explanation">
+        <source>ss.second_factor_list.header.expired_explanation</source>
+        <target>The token registration period has expired. Please remove your token and restart the registration process.</target>
+        <jms:reference-file line="82">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="1d6751b490158de0a89683522c6ba1a8b957875c" resname="ss.second_factor_list.header.expired_warning">
+        <source>ss.second_factor_list.header.expired_warning</source>
+        <target>Expired!</target>
+        <jms:reference-file line="53">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+      </trans-unit>
       <trans-unit id="fedd12f3e661692730a3650ef6db64e71c9d8441" resname="ss.second_factor_list.header.second_factor_identifier">
         <source>ss.second_factor_list.header.second_factor_identifier</source>
         <target>ID</target>
-        <jms:reference-file line="37">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="38">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="e4d199fd46ed7fa1c78a8fde6faef80f034cd662" resname="ss.second_factor_list.header.type">
         <source>ss.second_factor_list.header.type</source>
         <target>Token</target>
-        <jms:reference-file line="36">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="37">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="fb5cac733dfdfe5c5e6818dee7d71aea02e95aa4" resname="ss.security.session_expired.click_to_login">
         <source>ss.security.session_expired.click_to_login</source>
diff --git a/app/Resources/translations/messages.nl_NL.xliff b/app/Resources/translations/messages.nl_NL.xliff
index adc9dca99..c8098b9fd 100644
--- a/app/Resources/translations/messages.nl_NL.xliff
+++ b/app/Resources/translations/messages.nl_NL.xliff
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2018-04-03T12:41:01Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
+  <file date="2018-04-06T13:30:34Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
@@ -462,12 +462,12 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       <trans-unit id="39bf5f5849cef0ac9b176c769c79169676fc7b96" resname="ss.second_factor.revoke.button.revoke">
         <source>ss.second_factor.revoke.button.revoke</source>
         <target>Verwijderen</target>
-        <jms:reference-file line="50">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="61">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="17d18b6bcd8642fedf8e5371cb722efc604e8281" resname="ss.second_factor.revoke.button.test">
         <source>ss.second_factor.revoke.button.test</source>
         <target>Test een token</target>
-        <jms:reference-file line="62">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="73">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="8cb0dc5d3faca805d69dce7496307078d2234dfb" resname="ss.second_factor.revoke.second_factor_type.sms">
         <source>ss.second_factor.revoke.second_factor_type.sms</source>
@@ -519,15 +519,30 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
         <target>YubiKey</target>
         <jms:reference-file line="36">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/translations.twig</jms:reference-file>
       </trans-unit>
+      <trans-unit id="86cc7496d68c0c83cd166ad3e22ed89b47b1c989" resname="ss.second_factor_list.header.expiration_date">
+        <source>ss.second_factor_list.header.expiration_date</source>
+        <target>Verloopdatum</target>
+        <jms:reference-file line="39">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="de7df14a4a009c74319576cad9e6c6e68e89ac0c" resname="ss.second_factor_list.header.expired_explanation">
+        <source>ss.second_factor_list.header.expired_explanation</source>
+        <target>De uiterste registratiedatum is verlopen. Registreer het token opnieuw door deze te verwijderen en het registratieproces opnieuw te starten.</target>
+        <jms:reference-file line="82">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+      </trans-unit>
+      <trans-unit id="1d6751b490158de0a89683522c6ba1a8b957875c" resname="ss.second_factor_list.header.expired_warning">
+        <source>ss.second_factor_list.header.expired_warning</source>
+        <target>Verlopen!</target>
+        <jms:reference-file line="53">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+      </trans-unit>
       <trans-unit id="fedd12f3e661692730a3650ef6db64e71c9d8441" resname="ss.second_factor_list.header.second_factor_identifier">
         <source>ss.second_factor_list.header.second_factor_identifier</source>
         <target>ID</target>
-        <jms:reference-file line="37">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="38">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="e4d199fd46ed7fa1c78a8fde6faef80f034cd662" resname="ss.second_factor_list.header.type">
         <source>ss.second_factor_list.header.type</source>
         <target>Token</target>
-        <jms:reference-file line="36">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
+        <jms:reference-file line="37">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="fb5cac733dfdfe5c5e6818dee7d71aea02e95aa4" resname="ss.security.session_expired.click_to_login">
         <source>ss.security.session_expired.click_to_login</source>
diff --git a/composer.lock b/composer.lock
index 23e41bc62..dca90e09f 100644
--- a/composer.lock
+++ b/composer.lock
@@ -2091,16 +2091,16 @@
         },
         {
             "name": "surfnet/stepup-bundle",
-            "version": "3.4.0",
+            "version": "3.4.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/OpenConext/Stepup-bundle.git",
-                "reference": "e0afaa26ffd0a38bb89b55e95761fe9555b6670f"
+                "reference": "2542a5f0d3032bc8c995b995dcc029999007393f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/OpenConext/Stepup-bundle/zipball/e0afaa26ffd0a38bb89b55e95761fe9555b6670f",
-                "reference": "e0afaa26ffd0a38bb89b55e95761fe9555b6670f",
+                "url": "https://api.github.com/repos/OpenConext/Stepup-bundle/zipball/2542a5f0d3032bc8c995b995dcc029999007393f",
+                "reference": "2542a5f0d3032bc8c995b995dcc029999007393f",
                 "shasum": ""
             },
             "require": {
@@ -2143,7 +2143,7 @@
                 "suaas",
                 "surfnet"
             ],
-            "time": "2018-04-09T11:13:53+00:00"
+            "time": "2018-04-12T14:02:19+00:00"
         },
         {
             "name": "surfnet/stepup-middleware-client-bundle",
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/SecondFactorController.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/SecondFactorController.php
index 14c70d6e0..32a622b1e 100644
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/SecondFactorController.php
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/SecondFactorController.php
@@ -41,6 +41,8 @@ public function listAction()
         // Get all available second factors from the config.
         $allSecondFactors = $this->getParameter('ss.enabled_second_factors');
 
+        $expirationHelper = $this->get('surfnet_stepup.registration_expiration_helper');
+
         $secondFactors = $service->getSecondFactorsForIdentity(
             $identity,
             $allSecondFactors,
@@ -56,6 +58,7 @@ public function listAction()
             'verifiedSecondFactors' => $secondFactors->verified,
             'vettedSecondFactors' => $secondFactors->vetted,
             'availableSecondFactors' => $secondFactors->available,
+            'expirationHelper' => $expirationHelper,
         ];
     }
 
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig b/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig
index 9c191560d..58a968b87 100644
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig
@@ -6,9 +6,9 @@
 {% block content %}
     <h2>{{ block('page_title') }}</h2>
 
-    {{ macro.secondFactorTable(vettedSecondFactors, 'ss.second_factor.list.text.vetted', 'vetted', email) }}
-    {{ macro.secondFactorTable(verifiedSecondFactors, 'ss.second_factor.list.text.verified', 'verified', email) }}
-    {{ macro.secondFactorTable(unverifiedSecondFactors, 'ss.second_factor.list.text.unverified', 'unverified', email) }}
+    {{ macro.secondFactorTable(vettedSecondFactors, 'ss.second_factor.list.text.vetted', 'vetted', email, expirationHelper) }}
+    {{ macro.secondFactorTable(verifiedSecondFactors, 'ss.second_factor.list.text.verified', 'verified', email, expirationHelper) }}
+    {{ macro.secondFactorTable(unverifiedSecondFactors, 'ss.second_factor.list.text.unverified', 'unverified', email, expirationHelper) }}
 
     {% if registrationsLeft > 0
             and ((unverifiedSecondFactors.elements is empty and verifiedSecondFactors.elements is empty and vettedSecondFactors.elements is empty)
@@ -18,15 +18,16 @@
             <p>{{ 'ss.second_factor.list.text.no_second_factors'|trans }}</p>
         {% endif %}
             <a href="{{ path('ss_registration_display_types') }}"
-               class="btn btn-primary">
+               class="btn btn-primary m-t-2">
                 {{ 'ss.second_factor.list.button.register_second_factor'|trans }}
             </a>
     {% endif %}
 
 {% endblock %}
 
-{% macro secondFactorTable(secondFactorCollection, text, state, email) %}
+{% macro secondFactorTable(secondFactorCollection, text, state, email, expirationHelper, locale) %}
     {% if secondFactorCollection.elements is not empty %}
+        {% set hasExpired = false %}
         <p>{{ text|trans({'%email%': email}) }}</p>
         <div class="row">
             <div class="col-xs-12">
@@ -35,6 +36,9 @@
                     <tr>
                         <th scope="col">{{ 'ss.second_factor_list.header.type'|trans }}</th>
                         <th scope="col">{{ 'ss.second_factor_list.header.second_factor_identifier'|trans }}</th>
+                        {% if state == 'verified' %}
+                            <th scope="col">{{ 'ss.second_factor_list.header.expiration_date'|trans }}</th>
+                        {% endif %}
                         <th scope="col">{# Action button #}</th>
                     </tr>
                     </thead>
@@ -43,6 +47,15 @@
                         <tr>
                             <td>{{ secondFactor.type|trans_second_factor_type }}</td>
                             <td>{{ secondFactor.secondFactorIdentifier }}</td>
+                            {% if state == 'verified' %}
+                            <td>
+                                {{ expirationHelper.expiresAt(secondFactor.registrationRequestedAt)|localizeddate('full', 'none', locale) }}
+                                {% if expirationHelper.hasExpired(secondFactor.registrationRequestedAt) %}
+                                    {% set hasExpired = true %}
+                                    <span class="label label-danger">{{ 'ss.second_factor_list.header.expired_warning'|trans }}</span>
+                                {% endif %}
+                            </td>
+                            {% endif %}
                             <td>
                                 <div class="btn-group pull-right" role="group">
                                     <a class="btn btn-mini btn-warning"
@@ -57,7 +70,7 @@
                     {% if state == 'vetted' %}
                     <tfoot>
                         <tr>
-                            <td colspan="3">
+                            <td colspan="4">
                                 <a class="btn btn-mini btn-default pull-right" href="{{ path('ss_second_factor_test') }}">
                                     {{ 'ss.second_factor.revoke.button.test'|trans }}
                                 </a>
@@ -66,6 +79,10 @@
                     </tfoot>
                     {% endif %}
                 </table>
+
+                {% if hasExpired %}
+                    <p><span class="label label-danger">{{ 'ss.second_factor_list.header.expired_warning'|trans }}</span> {{ 'ss.second_factor_list.header.expired_explanation'|trans }}
+                {% endif %}
             </div>
         </div>
     {% endif %}

From 1e21d876ef8ad62043ca4fba2c18685b100a8d7e Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Fri, 6 Apr 2018 15:15:29 +0200
Subject: [PATCH 25/29] Add margin top style rule

This rule adds 2rem margin top to any element that is specified with
this class.
---
 .../SelfServiceBundle/Resources/public/less/style.less         | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/public/less/style.less b/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/public/less/style.less
index b15965741..1350b18fe 100644
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/public/less/style.less
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/public/less/style.less
@@ -110,6 +110,9 @@ select[name="stepup_switch_locale[locale]"] {
         margin-right: 5px;
     }
 }
+.m-t-2 {
+    margin-top: 2em;
+}
 
 @media print {
     footer,

From fa5da6d9527e3d1bafc9919de09d87e3c23291e4 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Thu, 12 Apr 2018 09:33:06 +0200
Subject: [PATCH 26/29] Removed exclamation marks from expiration label

---
 app/Resources/translations/messages.en_GB.xliff | 2 +-
 app/Resources/translations/messages.nl_NL.xliff | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Resources/translations/messages.en_GB.xliff b/app/Resources/translations/messages.en_GB.xliff
index 68912eef5..cf6b2e66d 100644
--- a/app/Resources/translations/messages.en_GB.xliff
+++ b/app/Resources/translations/messages.en_GB.xliff
@@ -533,7 +533,7 @@ An e-mail with your activation code has been sent to the e-mail address %email%.
       </trans-unit>
       <trans-unit id="1d6751b490158de0a89683522c6ba1a8b957875c" resname="ss.second_factor_list.header.expired_warning">
         <source>ss.second_factor_list.header.expired_warning</source>
-        <target>Expired!</target>
+        <target>Expired</target>
         <jms:reference-file line="53">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="fedd12f3e661692730a3650ef6db64e71c9d8441" resname="ss.second_factor_list.header.second_factor_identifier">
diff --git a/app/Resources/translations/messages.nl_NL.xliff b/app/Resources/translations/messages.nl_NL.xliff
index c8098b9fd..c33f7709e 100644
--- a/app/Resources/translations/messages.nl_NL.xliff
+++ b/app/Resources/translations/messages.nl_NL.xliff
@@ -531,7 +531,7 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       </trans-unit>
       <trans-unit id="1d6751b490158de0a89683522c6ba1a8b957875c" resname="ss.second_factor_list.header.expired_warning">
         <source>ss.second_factor_list.header.expired_warning</source>
-        <target>Verlopen!</target>
+        <target>Verlopen</target>
         <jms:reference-file line="53">/../src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="fedd12f3e661692730a3650ef6db64e71c9d8441" resname="ss.second_factor_list.header.second_factor_identifier">

From 457376acd554467ec697f117599d63c6b2da2e8e Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Thu, 12 Apr 2018 15:35:54 +0200
Subject: [PATCH 27/29] Align table data vertically in the middle

Text, labels and buttons where not aligned correctly. This commit
changes the vertical alignment of table data elements to the middle.

In addition the padding of the bootstrap label component was updated
to be more consistent all round.
---
 .../SelfServiceBundle/Resources/public/less/style.less | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/public/less/style.less b/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/public/less/style.less
index 1350b18fe..48476fa8a 100644
--- a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/public/less/style.less
+++ b/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/public/less/style.less
@@ -114,6 +114,16 @@ select[name="stepup_switch_locale[locale]"] {
     margin-top: 2em;
 }
 
+.table-striped tbody td {
+    vertical-align: middle !important;
+}
+
+span.label {
+    display: inline-block;
+    line-height: 2em;
+    padding: .2em .6em .1em;
+}
+
 @media print {
     footer,
     .page-header-user,

From 780ed585c976d21f52dcc11980d11daf7c19c736 Mon Sep 17 00:00:00 2001
From: Joris Steyn <joris@ibuildings.nl>
Date: Fri, 13 Apr 2018 14:12:40 +0200
Subject: [PATCH 28/29] Update middleware-client-bundle to 2.4.0

Previously installed 2.3.1 can trigger the following error:

    The Choice constraint expects a valid callback
---
 composer.lock | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/composer.lock b/composer.lock
index 23e41bc62..9fc4a59e9 100644
--- a/composer.lock
+++ b/composer.lock
@@ -2147,16 +2147,16 @@
         },
         {
             "name": "surfnet/stepup-middleware-client-bundle",
-            "version": "2.3.1",
+            "version": "2.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/OpenConext/Stepup-Middleware-clientbundle.git",
-                "reference": "9706c3e63dee41cc11e331b3057f885b8772eb66"
+                "reference": "83aa482f74d290167d8d4713484c6882fd4983c0"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/OpenConext/Stepup-Middleware-clientbundle/zipball/9706c3e63dee41cc11e331b3057f885b8772eb66",
-                "reference": "9706c3e63dee41cc11e331b3057f885b8772eb66",
+                "url": "https://api.github.com/repos/OpenConext/Stepup-Middleware-clientbundle/zipball/83aa482f74d290167d8d4713484c6882fd4983c0",
+                "reference": "83aa482f74d290167d8d4713484c6882fd4983c0",
                 "shasum": ""
             },
             "require": {
@@ -2197,7 +2197,7 @@
                 "Apache-2.0"
             ],
             "description": "Symfony2 bundle for consuming the Step-up Middleware API.",
-            "time": "2018-03-08T15:25:18+00:00"
+            "time": "2018-04-11T07:19:11+00:00"
         },
         {
             "name": "surfnet/stepup-saml-bundle",

From ffef1a74c8a8b6e32f7acb0dfc7a69afbdbdebee Mon Sep 17 00:00:00 2001
From: Joris Steyn <joris@ibuildings.nl>
Date: Wed, 18 Apr 2018 14:34:16 +0200
Subject: [PATCH 29/29] Fine-tune generic error page translation

---
 app/Resources/translations/messages.nl_NL.xliff | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Resources/translations/messages.nl_NL.xliff b/app/Resources/translations/messages.nl_NL.xliff
index c33f7709e..a5cdfb70d 100644
--- a/app/Resources/translations/messages.nl_NL.xliff
+++ b/app/Resources/translations/messages.nl_NL.xliff
@@ -613,7 +613,7 @@ Er is een e-mail met activatiecode gestuurd naar het e-mailadres %email%. Volg d
       </trans-unit>
       <trans-unit id="91d524414db2193ad8462909ec5da4c9a732b595" resname="stepup.error.generic_error.description">
         <source>stepup.error.generic_error.description</source>
-        <target>Er is iets mis gegaan, Probeer het opnieuw.</target>
+        <target>Er is iets mis gegaan. Probeer het opnieuw.</target>
         <jms:reference-file line="144">/../vendor/surfnet/stepup-bundle/src/Controller/ExceptionController.php</jms:reference-file>
       </trans-unit>
       <trans-unit id="5dac3939e990d8ad764c06634b14adf85517d4f1" resname="stepup.error.generic_error.title">