From 5a4f3bae36034ef9ab1ae95e35d176481b71b455 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Thu, 1 Jun 2017 13:13:25 +0200
Subject: [PATCH 01/12] Added the enabled gssf and view configuration

---
 app/config/samlstepupproviders.yml            | 10 ++++
 .../samlstepupproviders_parameters.yml.dist   | 30 +++++++++++
 .../DependencyInjection/Configuration.php     | 52 +++++++++++++++++++
 3 files changed, 92 insertions(+)

diff --git a/app/config/samlstepupproviders.yml b/app/config/samlstepupproviders.yml
index 9babdc07..615857dc 100644
--- a/app/config/samlstepupproviders.yml
+++ b/app/config/samlstepupproviders.yml
@@ -18,6 +18,11 @@ surfnet_stepup_ra_saml_stepup_provider:
                 entity_id: %gssp_tiqr_remote_entity_id%
                 sso_url: %gssp_tiqr_remote_sso_url%
                 certificate: %gssp_tiqr_remote_certificate%
+            view_config:
+                page_title: %gssp_tiqr_page_title%
+                explanation: %gssp_tiqr_explanation%
+                initiate: %gssp_tiqr_initiate%
+                gssf_id_mismatch: %gssp_tiqr_gssf_id_mismatch%
         biometric:
             hosted:
                 service_provider:
@@ -30,3 +35,8 @@ surfnet_stepup_ra_saml_stepup_provider:
                 entity_id: %gssp_biometric_remote_entity_id%
                 sso_url: %gssp_biometric_remote_sso_url%
                 certificate: %gssp_biometric_remote_certificate%
+            view_config:
+                page_title: %gssp_biometric_page_title%
+                explanation: %gssp_biometric_explanation%
+                initiate: %gssp_biometric_initiate%
+                gssf_id_mismatch: %gssp_biometric_gssf_id_mismatch%
\ No newline at end of file
diff --git a/app/config/samlstepupproviders_parameters.yml.dist b/app/config/samlstepupproviders_parameters.yml.dist
index d04af2ff..406ec03a 100644
--- a/app/config/samlstepupproviders_parameters.yml.dist
+++ b/app/config/samlstepupproviders_parameters.yml.dist
@@ -6,6 +6,18 @@ parameters:
     gssp_tiqr_remote_entity_id: 'https://actual-gssp.entity-id.tld'
     gssp_tiqr_remote_sso_url: 'https://actual-gssp.entity-id.tld/single-sign-on/url'
     gssp_tiqr_remote_certificate: 'The contents of the certificate published by the gssp'
+    gssp_tiqr_page_title:
+        en_GB: 'EN ra.vetting.gssf.initiate.tiqr.title.page'
+        nl_NL: 'NL ra.vetting.gssf.initiate.tiqr.title.page'
+    gssp_tiqr_explanation: 
+        en_GB: 'EN ra.vetting.gssf.initiate.tiqr.text.explanation'
+        nl_NL: 'NL ra.vetting.gssf.initiate.tiqr.text.explanation'
+    gssp_tiqr_initiate:
+        en_GB: 'EN ra.vetting.gssf.initiate.tiqr.button.initiate'
+        nl_NL: 'NL ra.vetting.gssf.initiate.tiqr.button.initiate'
+    gssp_tiqr_gssf_id_mismatch: 
+        en_GB: 'EN ra.vetting.gssf.initiate.tiqr.error.gssf_id_mismatch'
+        nl_NL: 'NL ra.vetting.gssf.initiate.tiqr.error.gssf_id_mismatch'
     gssp_biometric_sp_publickey: '/full/path/to/the/gateway-as-sp/public-key-file.cer'
     gssp_biometric_sp_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem'
     gssp_biometric_metadata_publickey: '/full/path/to/the/gateway-metadata/public-key-file.cer'
@@ -13,3 +25,21 @@ parameters:
     gssp_biometric_remote_entity_id: 'https://actual-gssp.entity-id.tld'
     gssp_biometric_remote_sso_url: 'https://actual-gssp.entity-id.tld/single-sign-on/url'
     gssp_biometric_remote_certificate: 'The contents of the certificate published by the gssp'
+    gssp_biometric_page_title:
+        en_GB: 'EN ra.vetting.gssf.initiate.biometric.title.page'
+        nl_NL: 'NL ra.vetting.gssf.initiate.biometric.title.page'
+    gssp_biometric_explanation:
+        en_GB: 'EN ra.vetting.gssf.initiate.biometric.text.explanation'
+        nl_NL: 'NL ra.vetting.gssf.initiate.biometric.text.explanation'
+    gssp_biometric_initiate:
+        en_GB: 'EN ra.vetting.gssf.initiate.biometric.button.initiate'
+        nl_NL: 'NL ra.vetting.gssf.initiate.biometric.button.initiate'
+    gssp_biometric_gssf_id_mismatch:
+        en_GB: 'EN ra.vetting.gssf.initiate.biometric.error.gssf_id_mismatch'
+        nl_NL: 'NL ra.vetting.gssf.initiate.biometric.error.gssf_id_mismatch'
+
+    surfnet_stepup_gssf:
+        biometric:
+            loa: 3
+        tiqr:
+            loa: 3
\ No newline at end of file
diff --git a/src/Surfnet/StepupRa/SamlStepupProviderBundle/DependencyInjection/Configuration.php b/src/Surfnet/StepupRa/SamlStepupProviderBundle/DependencyInjection/Configuration.php
index 74a6dd82..6f9ba3d8 100644
--- a/src/Surfnet/StepupRa/SamlStepupProviderBundle/DependencyInjection/Configuration.php
+++ b/src/Surfnet/StepupRa/SamlStepupProviderBundle/DependencyInjection/Configuration.php
@@ -129,6 +129,58 @@ private function addProvidersSection(ArrayNodeDefinition $rootNode)
                         ->end()
                     ->end()
                 ->end()
+                ->arrayNode('view_config')
+                    ->children()
+                        ->arrayNode('page_title')
+                            ->children()
+                                ->scalarNode('en_GB')
+                                    ->isRequired()
+                                    ->info('English page title translation')
+                                ->end()
+                                ->scalarNode('nl_NL')
+                                    ->isRequired()
+                                    ->info('Dutch alt page title translation')
+                                ->end()
+                            ->end()
+                        ->end()
+                        ->arrayNode('explanation')
+                            ->children()
+                                ->scalarNode('en_GB')
+                                    ->isRequired()
+                                    ->info('English explanation translation')
+                                ->end()
+                                ->scalarNode('nl_NL')
+                                    ->isRequired()
+                                    ->info('Dutch explanation translation')
+                                ->end()
+                            ->end()
+                        ->end()
+                        ->arrayNode('initiate')
+                            ->children()
+                                ->scalarNode('en_GB')
+                                    ->isRequired()
+                                    ->info('English initiate text translation')
+                                ->end()
+                                ->scalarNode('nl_NL')
+                                    ->isRequired()
+                                    ->info('Dutch initiate text translation')
+                                ->end()
+                            ->end()
+                        ->end()
+                        ->arrayNode('gssf_id_mismatch')
+                            ->children()
+                                ->scalarNode('en_GB')
+                                    ->isRequired()
+                                    ->info('English id mismatch text translation')
+                                ->end()
+                                ->scalarNode('nl_NL')
+                                    ->isRequired()
+                                    ->info('Dutch id mismatch text translation')
+                                ->end()
+                            ->end()
+                        ->end()
+                    ->end()
+                ->end()
             ->end();
     }
 }

From b17f204d8d1d7d035de621b655272a9896013619 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Thu, 1 Jun 2017 13:14:01 +0200
Subject: [PATCH 02/12] Disabled validating the available second factors

There no longer is one SecondFactor type and it's no longer possible to
validate the GSSF types at this stage as they are config driven.
---
 .../DependencyInjection/Configuration.php       | 17 -----------------
 .../DependencyInjection/ConfigurationTest.php   | 13 -------------
 2 files changed, 30 deletions(-)

diff --git a/src/Surfnet/StepupRa/RaBundle/DependencyInjection/Configuration.php b/src/Surfnet/StepupRa/RaBundle/DependencyInjection/Configuration.php
index c628e896..c1e9d72f 100644
--- a/src/Surfnet/StepupRa/RaBundle/DependencyInjection/Configuration.php
+++ b/src/Surfnet/StepupRa/RaBundle/DependencyInjection/Configuration.php
@@ -68,23 +68,6 @@ private function appendSecondFactorTypesConfiguration(NodeBuilder $childNodes)
             ->arrayNode('enabled_second_factors')
                 ->isRequired()
                 ->prototype('scalar')
-                    ->validate()
-                        ->ifTrue(
-                            function ($type) {
-                                try {
-                                    new SecondFactorType($type);
-                                } catch (InvalidArgumentException $e) {
-                                    return true;
-                                } catch (DomainException $e) {
-                                    return true;
-                                }
-                            }
-                        )
-                        ->thenInvalid(
-                            'Enabled second factor type "%s" is not one of the valid types. See SecondFactorType'
-                        )
-                    ->end()
-                ->end()
             ->end()
         ->end();
     }
diff --git a/src/Surfnet/StepupRa/RaBundle/Tests/DependencyInjection/ConfigurationTest.php b/src/Surfnet/StepupRa/RaBundle/Tests/DependencyInjection/ConfigurationTest.php
index 96533b6e..22df8cf2 100644
--- a/src/Surfnet/StepupRa/RaBundle/Tests/DependencyInjection/ConfigurationTest.php
+++ b/src/Surfnet/StepupRa/RaBundle/Tests/DependencyInjection/ConfigurationTest.php
@@ -99,19 +99,6 @@ public function it_allows_two_enabled_second_factors()
         $this->assertConfigurationIsValid([['enabled_second_factors' => ['sms', 'yubikey']]], 'enabled_second_factors');
     }
 
-    /**
-     * @test
-     * @group configuration
-     */
-    public function it_rejects_invalid_second_factor_types()
-    {
-        $this->assertPartialConfigurationIsInvalid(
-            [['enabled_second_factors' => ['passport']]],
-            'enabled_second_factors',
-            'not one of the valid types'
-        );
-    }
-
     protected function getConfiguration()
     {
         return new Configuration();

From 5f992eecbee009426dc73eeba044573beff382ec Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Thu, 1 Jun 2017 13:16:01 +0200
Subject: [PATCH 03/12] Prevent direct access to SecondFactorType

Updated the VettingController and RaCandidateService. The
RaCandidateService received two new dependencies. The Controller
manually pulled the new dependency from the container.
---
 .../RaBundle/Controller/VettingController.php |  4 +--
 .../RaBundle/Resources/config/services.yml    |  2 ++
 .../RaBundle/Service/RaCandidateService.php   | 26 ++++++++++++++-----
 3 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/src/Surfnet/StepupRa/RaBundle/Controller/VettingController.php b/src/Surfnet/StepupRa/RaBundle/Controller/VettingController.php
index 6efea3f9..618b992f 100644
--- a/src/Surfnet/StepupRa/RaBundle/Controller/VettingController.php
+++ b/src/Surfnet/StepupRa/RaBundle/Controller/VettingController.php
@@ -19,7 +19,6 @@
 namespace Surfnet\StepupRa\RaBundle\Controller;
 
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
-use Surfnet\StepupBundle\Value\SecondFactorType;
 use Surfnet\StepupRa\RaBundle\Command\StartVettingProcedureCommand;
 use Surfnet\StepupRa\RaBundle\Command\VerifyIdentityCommand;
 use Surfnet\StepupRa\RaBundle\Exception\DomainException;
@@ -122,7 +121,8 @@ public function startProcedureAction(Request $request)
             ->forProcedure($procedureId)
             ->notice(sprintf('Starting new Vetting Procedure for second factor of type "%s"', $secondFactor->type));
 
-        $secondFactorType = new SecondFactorType($secondFactor->type);
+        $secondFactorTypeFactory = $this->get('surfnet_stepup.service.second_factor_type_factory');
+        $secondFactorType = $secondFactorTypeFactory->build($secondFactor->type);
         if ($secondFactorType->isYubikey()) {
             return $this->redirectToRoute('ra_vetting_yubikey_verify', ['procedureId' => $procedureId]);
         } elseif ($secondFactorType->isSms()) {
diff --git a/src/Surfnet/StepupRa/RaBundle/Resources/config/services.yml b/src/Surfnet/StepupRa/RaBundle/Resources/config/services.yml
index 76f3da7c..fc7d2be1 100644
--- a/src/Surfnet/StepupRa/RaBundle/Resources/config/services.yml
+++ b/src/Surfnet/StepupRa/RaBundle/Resources/config/services.yml
@@ -185,6 +185,8 @@ services:
             - "@surfnet_stepup_middleware_client.identity.service.ra_candidate"
             - "@ra.service.command"
             - "@logger"
+            - "@surfnet_stepup.service.second_factor_type"
+            - "@surfnet_stepup.service.second_factor_type_factory"
 
     ra.service.ra_location:
         class: Surfnet\StepupRa\RaBundle\Service\RaLocationService
diff --git a/src/Surfnet/StepupRa/RaBundle/Service/RaCandidateService.php b/src/Surfnet/StepupRa/RaBundle/Service/RaCandidateService.php
index 70f90ac5..434a6b39 100644
--- a/src/Surfnet/StepupRa/RaBundle/Service/RaCandidateService.php
+++ b/src/Surfnet/StepupRa/RaBundle/Service/RaCandidateService.php
@@ -19,8 +19,8 @@
 namespace Surfnet\StepupRa\RaBundle\Service;
 
 use Psr\Log\LoggerInterface;
+use Surfnet\StepupBundle\Service\SecondFactorType\SecondFactorTypeService;
 use Surfnet\StepupBundle\Value\Loa;
-use Surfnet\StepupBundle\Value\SecondFactorType;
 use Surfnet\StepupMiddlewareClient\Identity\Dto\RaCandidateSearchQuery;
 use Surfnet\StepupMiddlewareClientBundle\Identity\Command\AccreditIdentityCommand;
 use Surfnet\StepupMiddlewareClientBundle\Identity\Service\RaCandidateService as ApiRaCandidateService;
@@ -45,14 +45,28 @@ class RaCandidateService
      */
     private $logger;
 
+    /**
+     * @var SecondFactorTypeService
+     */
+    private $secondFactorTypeService;
+
+    /**
+     * @var SecondFactorTypeFactory
+     */
+    private $secondFactorTypeFactory;
+
     public function __construct(
         ApiRaCandidateService $raCandidateService,
         CommandService $commandService,
-        LoggerInterface $logger
+        LoggerInterface $logger,
+        SecondFactorTypeService $secondFactorTypeService,
+        SecondFactorTypeFactory $secondFactorTypeFactory
     ) {
         $this->apiRaCandidateService = $raCandidateService;
         $this->commandService = $commandService;
         $this->logger = $logger;
+        $this->secondFactorTypeService = $secondFactorTypeService;
+        $this->secondFactorTypeFactory = $secondFactorTypeFactory;
     }
 
     /**
@@ -129,11 +143,11 @@ public function accreditCandidate(AccreditCandidateCommand $command)
     private function getLoa3SecondFactorTypes()
     {
         $loa3 = new Loa(Loa::LOA_3, 'LOA3');
-
+        $factory = $this->secondFactorTypeFactory;
         return array_filter(
-            SecondFactorType::getAvailableSecondFactorTypes(),
-            function ($secondFactorType) use ($loa3) {
-                $secondFactorType = new SecondFactorType($secondFactorType);
+            $this->secondFactorTypeService->getAvailableSecondFactorTypes(),
+            function ($secondFactorType) use ($loa3, $factory) {
+                $secondFactorType = $factory->build($secondFactorType);
 
                 return $secondFactorType->canSatisfy($loa3);
             }

From e7eb5135bd1dc3a6543f4e506adf83e6e8671ef0 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Thu, 1 Jun 2017 13:23:53 +0200
Subject: [PATCH 04/12] Code cleanup

---
 .../StepupRa/RaBundle/DependencyInjection/Configuration.php    | 3 ---
 src/Surfnet/StepupRa/RaBundle/Service/RaCandidateService.php   | 3 +++
 .../DependencyInjection/Configuration.php                      | 3 +++
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/Surfnet/StepupRa/RaBundle/DependencyInjection/Configuration.php b/src/Surfnet/StepupRa/RaBundle/DependencyInjection/Configuration.php
index c1e9d72f..4b2b763e 100644
--- a/src/Surfnet/StepupRa/RaBundle/DependencyInjection/Configuration.php
+++ b/src/Surfnet/StepupRa/RaBundle/DependencyInjection/Configuration.php
@@ -18,9 +18,6 @@
 
 namespace Surfnet\StepupRa\RaBundle\DependencyInjection;
 
-use Surfnet\StepupBundle\Exception\DomainException;
-use Surfnet\StepupBundle\Exception\InvalidArgumentException;
-use Surfnet\StepupBundle\Value\SecondFactorType;
 use Symfony\Component\Config\Definition\Builder\NodeBuilder;
 use Symfony\Component\Config\Definition\Builder\TreeBuilder;
 use Symfony\Component\Config\Definition\ConfigurationInterface;
diff --git a/src/Surfnet/StepupRa/RaBundle/Service/RaCandidateService.php b/src/Surfnet/StepupRa/RaBundle/Service/RaCandidateService.php
index 434a6b39..1c889c1f 100644
--- a/src/Surfnet/StepupRa/RaBundle/Service/RaCandidateService.php
+++ b/src/Surfnet/StepupRa/RaBundle/Service/RaCandidateService.php
@@ -28,6 +28,9 @@
 use Surfnet\StepupRa\RaBundle\Command\SearchRaCandidatesCommand;
 use Surfnet\StepupRa\RaBundle\Exception\InvalidArgumentException;
 
+/**
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ */
 class RaCandidateService
 {
     /**
diff --git a/src/Surfnet/StepupRa/SamlStepupProviderBundle/DependencyInjection/Configuration.php b/src/Surfnet/StepupRa/SamlStepupProviderBundle/DependencyInjection/Configuration.php
index 6f9ba3d8..f44dbe8a 100644
--- a/src/Surfnet/StepupRa/SamlStepupProviderBundle/DependencyInjection/Configuration.php
+++ b/src/Surfnet/StepupRa/SamlStepupProviderBundle/DependencyInjection/Configuration.php
@@ -22,6 +22,9 @@
 use Symfony\Component\Config\Definition\Builder\TreeBuilder;
 use Symfony\Component\Config\Definition\ConfigurationInterface;
 
+/**
+ * @SuppressWarnings(PHPMD.ExcessiveMethodLength)
+ */
 class Configuration implements ConfigurationInterface
 {
     public function getConfigTreeBuilder()

From 52e53b57b943830938ddc30ecbca481ec1ffafa3 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Wed, 7 Jun 2017 09:24:10 +0200
Subject: [PATCH 05/12] Adapted the RA to the Stepup bundle change

The Factory was replaced by the new Service and the config change
was reflected in the DI Configuration.
---
 app/config/config.yml                         |  1 +
 app/config/parameters.yml.dist                |  5 +++++
 .../samlstepupproviders_parameters.yml.dist   |  8 +-------
 .../RaBundle/Controller/VettingController.php |  4 ++--
 .../DependencyInjection/Configuration.php     | 13 ++++++++++--
 .../SurfnetStepupRaRaExtension.php            |  6 +++++-
 .../RaBundle/Resources/config/services.yml    |  1 -
 .../RaBundle/Service/RaCandidateService.php   | 20 ++++++-------------
 8 files changed, 31 insertions(+), 27 deletions(-)

diff --git a/app/config/config.yml b/app/config/config.yml
index fac1de6c..c518725b 100644
--- a/app/config/config.yml
+++ b/app/config/config.yml
@@ -84,6 +84,7 @@ services:
 surfnet_stepup_ra_ra:
     required_loa: %loa_required_for_login%
     enabled_second_factors: %enabled_second_factors%
+    enabled_generic_second_factors: %enabled_generic_second_factors%
     session_lifetimes:
         max_absolute_lifetime: "%session_max_absolute_lifetime%"
         max_relative_lifetime: "%session_max_relative_lifetime%"
diff --git a/app/config/parameters.yml.dist b/app/config/parameters.yml.dist
index c5e8ab42..d78d7e67 100644
--- a/app/config/parameters.yml.dist
+++ b/app/config/parameters.yml.dist
@@ -39,6 +39,11 @@ parameters:
     enabled_second_factors:
         - sms
         - yubikey
+    enabled_generic_second_factors:
+            biometric:
+                loa: 3
+            tiqr:
+                loa: 3
     graylog_hostname: 'g2-dev.stepup.coin.surf.net'
     asset_version: 1
 
diff --git a/app/config/samlstepupproviders_parameters.yml.dist b/app/config/samlstepupproviders_parameters.yml.dist
index 406ec03a..bcddceb2 100644
--- a/app/config/samlstepupproviders_parameters.yml.dist
+++ b/app/config/samlstepupproviders_parameters.yml.dist
@@ -36,10 +36,4 @@ parameters:
         nl_NL: 'NL ra.vetting.gssf.initiate.biometric.button.initiate'
     gssp_biometric_gssf_id_mismatch:
         en_GB: 'EN ra.vetting.gssf.initiate.biometric.error.gssf_id_mismatch'
-        nl_NL: 'NL ra.vetting.gssf.initiate.biometric.error.gssf_id_mismatch'
-
-    surfnet_stepup_gssf:
-        biometric:
-            loa: 3
-        tiqr:
-            loa: 3
\ No newline at end of file
+        nl_NL: 'NL ra.vetting.gssf.initiate.biometric.error.gssf_id_mismatch'
\ No newline at end of file
diff --git a/src/Surfnet/StepupRa/RaBundle/Controller/VettingController.php b/src/Surfnet/StepupRa/RaBundle/Controller/VettingController.php
index 618b992f..6efea3f9 100644
--- a/src/Surfnet/StepupRa/RaBundle/Controller/VettingController.php
+++ b/src/Surfnet/StepupRa/RaBundle/Controller/VettingController.php
@@ -19,6 +19,7 @@
 namespace Surfnet\StepupRa\RaBundle\Controller;
 
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
+use Surfnet\StepupBundle\Value\SecondFactorType;
 use Surfnet\StepupRa\RaBundle\Command\StartVettingProcedureCommand;
 use Surfnet\StepupRa\RaBundle\Command\VerifyIdentityCommand;
 use Surfnet\StepupRa\RaBundle\Exception\DomainException;
@@ -121,8 +122,7 @@ public function startProcedureAction(Request $request)
             ->forProcedure($procedureId)
             ->notice(sprintf('Starting new Vetting Procedure for second factor of type "%s"', $secondFactor->type));
 
-        $secondFactorTypeFactory = $this->get('surfnet_stepup.service.second_factor_type_factory');
-        $secondFactorType = $secondFactorTypeFactory->build($secondFactor->type);
+        $secondFactorType = new SecondFactorType($secondFactor->type);
         if ($secondFactorType->isYubikey()) {
             return $this->redirectToRoute('ra_vetting_yubikey_verify', ['procedureId' => $procedureId]);
         } elseif ($secondFactorType->isSms()) {
diff --git a/src/Surfnet/StepupRa/RaBundle/DependencyInjection/Configuration.php b/src/Surfnet/StepupRa/RaBundle/DependencyInjection/Configuration.php
index 4b2b763e..e4fdf999 100644
--- a/src/Surfnet/StepupRa/RaBundle/DependencyInjection/Configuration.php
+++ b/src/Surfnet/StepupRa/RaBundle/DependencyInjection/Configuration.php
@@ -65,8 +65,17 @@ private function appendSecondFactorTypesConfiguration(NodeBuilder $childNodes)
             ->arrayNode('enabled_second_factors')
                 ->isRequired()
                 ->prototype('scalar')
-            ->end()
-        ->end();
+            ->end();
+        $childNodes
+            ->arrayNode('enabled_generic_second_factors')
+                ->isRequired()
+                ->prototype('array')
+                ->children()
+                    ->scalarNode('loa')
+                    ->isRequired()
+                    ->info('The lao level of the Gssf')
+                ->end()
+            ->end();
     }
 
     /**
diff --git a/src/Surfnet/StepupRa/RaBundle/DependencyInjection/SurfnetStepupRaRaExtension.php b/src/Surfnet/StepupRa/RaBundle/DependencyInjection/SurfnetStepupRaRaExtension.php
index eea12e6a..5a8c8792 100644
--- a/src/Surfnet/StepupRa/RaBundle/DependencyInjection/SurfnetStepupRaRaExtension.php
+++ b/src/Surfnet/StepupRa/RaBundle/DependencyInjection/SurfnetStepupRaRaExtension.php
@@ -40,7 +40,11 @@ public function load(array $configs, ContainerBuilder $container)
         // inject the required loa as parameter into the service container
         $container->setParameter('surfnet_stepup_ra.security.required_loa', $config['required_loa']);
 
-        $container->setParameter('surfnet_stepup_ra.enabled_second_factors', $config['enabled_second_factors']);
+        $gssfSecondFactors = array_keys($config['enabled_generic_second_factors']);
+        $container->setParameter(
+            'surfnet_stepup_ra.enabled_second_factors',
+            array_merge($config['enabled_second_factors'], $gssfSecondFactors)
+        );
 
         $container->setParameter(
             'ra.security.authentication.session.maximum_absolute_lifetime_in_seconds',
diff --git a/src/Surfnet/StepupRa/RaBundle/Resources/config/services.yml b/src/Surfnet/StepupRa/RaBundle/Resources/config/services.yml
index fc7d2be1..3fdaf8fc 100644
--- a/src/Surfnet/StepupRa/RaBundle/Resources/config/services.yml
+++ b/src/Surfnet/StepupRa/RaBundle/Resources/config/services.yml
@@ -186,7 +186,6 @@ services:
             - "@ra.service.command"
             - "@logger"
             - "@surfnet_stepup.service.second_factor_type"
-            - "@surfnet_stepup.service.second_factor_type_factory"
 
     ra.service.ra_location:
         class: Surfnet\StepupRa\RaBundle\Service\RaLocationService
diff --git a/src/Surfnet/StepupRa/RaBundle/Service/RaCandidateService.php b/src/Surfnet/StepupRa/RaBundle/Service/RaCandidateService.php
index 1c889c1f..41a59369 100644
--- a/src/Surfnet/StepupRa/RaBundle/Service/RaCandidateService.php
+++ b/src/Surfnet/StepupRa/RaBundle/Service/RaCandidateService.php
@@ -19,8 +19,9 @@
 namespace Surfnet\StepupRa\RaBundle\Service;
 
 use Psr\Log\LoggerInterface;
-use Surfnet\StepupBundle\Service\SecondFactorType\SecondFactorTypeService;
+use Surfnet\StepupBundle\Service\SecondFactorTypeService;
 use Surfnet\StepupBundle\Value\Loa;
+use Surfnet\StepupBundle\Value\SecondFactorType;
 use Surfnet\StepupMiddlewareClient\Identity\Dto\RaCandidateSearchQuery;
 use Surfnet\StepupMiddlewareClientBundle\Identity\Command\AccreditIdentityCommand;
 use Surfnet\StepupMiddlewareClientBundle\Identity\Service\RaCandidateService as ApiRaCandidateService;
@@ -53,23 +54,16 @@ class RaCandidateService
      */
     private $secondFactorTypeService;
 
-    /**
-     * @var SecondFactorTypeFactory
-     */
-    private $secondFactorTypeFactory;
-
     public function __construct(
         ApiRaCandidateService $raCandidateService,
         CommandService $commandService,
         LoggerInterface $logger,
-        SecondFactorTypeService $secondFactorTypeService,
-        SecondFactorTypeFactory $secondFactorTypeFactory
+        SecondFactorTypeService $secondFactorTypeService
     ) {
         $this->apiRaCandidateService = $raCandidateService;
         $this->commandService = $commandService;
         $this->logger = $logger;
         $this->secondFactorTypeService = $secondFactorTypeService;
-        $this->secondFactorTypeFactory = $secondFactorTypeFactory;
     }
 
     /**
@@ -146,13 +140,11 @@ public function accreditCandidate(AccreditCandidateCommand $command)
     private function getLoa3SecondFactorTypes()
     {
         $loa3 = new Loa(Loa::LOA_3, 'LOA3');
-        $factory = $this->secondFactorTypeFactory;
         return array_filter(
             $this->secondFactorTypeService->getAvailableSecondFactorTypes(),
-            function ($secondFactorType) use ($loa3, $factory) {
-                $secondFactorType = $factory->build($secondFactorType);
-
-                return $secondFactorType->canSatisfy($loa3);
+            function ($secondFactorType) use ($loa3) {
+                $secondFactorType = new SecondFactorType($secondFactorType);
+                return $this->secondFactorTypeService->canSatisfy($secondFactorType, $loa3);
             }
         );
     }

From f4cf28d35c8f090ad1c6a58ac18c30e1e9f06a19 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Thu, 8 Jun 2017 16:07:32 +0200
Subject: [PATCH 06/12] Upgraded surfnet/stepup-bundle to version 2.0.0

---
 composer.json |   2 +-
 composer.lock | 181 +++++++++++++++++++++++++-------------------------
 2 files changed, 91 insertions(+), 92 deletions(-)

diff --git a/composer.json b/composer.json
index 6a5d119e..e9c6164c 100644
--- a/composer.json
+++ b/composer.json
@@ -25,7 +25,7 @@
         "jms/di-extra-bundle": "~1.4.0",
         "surfnet/stepup-middleware-client-bundle": "^2.0",
         "surfnet/stepup-saml-bundle": "^2.5",
-        "surfnet/stepup-bundle": "^1.7",
+        "surfnet/stepup-bundle": "^2.0",
         "surfnet/stepup-u2f-bundle": "dev-develop",
         "guzzlehttp/guzzle": "^6",
         "symfony/swiftmailer-bundle": "~2.3",
diff --git a/composer.lock b/composer.lock
index 0875f13f..b574b815 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,8 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "hash": "531daa2b9405ac57d4baca49cf6f4587",
-    "content-hash": "b3bac046adc08a305dd8397db0ae5025",
+    "content-hash": "bd8ec85ce4735608b0e8a609d9e4c108",
     "packages": [
         {
             "name": "beberlei/assert",
@@ -58,7 +57,7 @@
                 "assertion",
                 "validation"
             ],
-            "time": "2016-06-20 12:01:28"
+            "time": "2016-06-20T12:01:28+00:00"
         },
         {
             "name": "doctrine/annotations",
@@ -126,7 +125,7 @@
                 "docblock",
                 "parser"
             ],
-            "time": "2015-08-31 12:32:49"
+            "time": "2015-08-31T12:32:49+00:00"
         },
         {
             "name": "doctrine/cache",
@@ -196,7 +195,7 @@
                 "cache",
                 "caching"
             ],
-            "time": "2015-12-31 16:37:02"
+            "time": "2015-12-31T16:37:02+00:00"
         },
         {
             "name": "doctrine/collections",
@@ -262,7 +261,7 @@
                 "collections",
                 "iterator"
             ],
-            "time": "2015-04-14 22:21:58"
+            "time": "2015-04-14T22:21:58+00:00"
         },
         {
             "name": "doctrine/common",
@@ -335,7 +334,7 @@
                 "persistence",
                 "spl"
             ],
-            "time": "2015-12-25 13:18:31"
+            "time": "2015-12-25T13:18:31+00:00"
         },
         {
             "name": "doctrine/inflector",
@@ -402,7 +401,7 @@
                 "singularize",
                 "string"
             ],
-            "time": "2015-11-06 14:35:42"
+            "time": "2015-11-06T14:35:42+00:00"
         },
         {
             "name": "doctrine/lexer",
@@ -456,7 +455,7 @@
                 "lexer",
                 "parser"
             ],
-            "time": "2014-09-09 13:34:57"
+            "time": "2014-09-09T13:34:57+00:00"
         },
         {
             "name": "fortawesome/font-awesome",
@@ -504,7 +503,7 @@
                 "font",
                 "icon"
             ],
-            "time": "2014-08-26 16:36:44"
+            "time": "2014-08-26T16:36:44+00:00"
         },
         {
             "name": "graylog2/gelf-php",
@@ -557,7 +556,7 @@
                 }
             ],
             "description": "A php implementation to send log-messages to a GELF compatible backend like Graylog2.",
-            "time": "2016-06-02 06:04:56"
+            "time": "2016-06-02T06:04:56+00:00"
         },
         {
             "name": "guzzlehttp/guzzle",
@@ -619,7 +618,7 @@
                 "rest",
                 "web service"
             ],
-            "time": "2017-02-28 22:50:30"
+            "time": "2017-02-28T22:50:30+00:00"
         },
         {
             "name": "guzzlehttp/promises",
@@ -670,7 +669,7 @@
             "keywords": [
                 "promise"
             ],
-            "time": "2016-12-20 10:07:11"
+            "time": "2016-12-20T10:07:11+00:00"
         },
         {
             "name": "guzzlehttp/psr7",
@@ -735,7 +734,7 @@
                 "uri",
                 "url"
             ],
-            "time": "2017-02-27 10:51:17"
+            "time": "2017-02-27T10:51:17+00:00"
         },
         {
             "name": "incenteev/composer-parameter-handler",
@@ -786,7 +785,7 @@
             "keywords": [
                 "parameters management"
             ],
-            "time": "2015-11-10 17:04:01"
+            "time": "2015-11-10T17:04:01+00:00"
         },
         {
             "name": "jms/aop-bundle",
@@ -833,7 +832,7 @@
                 "annotations",
                 "aop"
             ],
-            "time": "2015-09-13 09:02:33"
+            "time": "2015-09-13T09:02:33+00:00"
         },
         {
             "name": "jms/cg",
@@ -877,7 +876,7 @@
             "keywords": [
                 "code generation"
             ],
-            "time": "2015-09-13 08:54:43"
+            "time": "2015-09-13T08:54:43+00:00"
         },
         {
             "name": "jms/di-extra-bundle",
@@ -944,7 +943,7 @@
                 "annotations",
                 "dependency injection"
             ],
-            "time": "2013-06-08 13:13:40"
+            "time": "2013-06-08T13:13:40+00:00"
         },
         {
             "name": "jms/metadata",
@@ -996,7 +995,7 @@
                 "xml",
                 "yaml"
             ],
-            "time": "2014-07-12 07:13:19"
+            "time": "2014-07-12T07:13:19+00:00"
         },
         {
             "name": "jms/translation-bundle",
@@ -1070,7 +1069,7 @@
                 "ui",
                 "webinterface"
             ],
-            "time": "2013-06-08 14:08:19"
+            "time": "2013-06-08T14:08:19+00:00"
         },
         {
             "name": "knplabs/knp-components",
@@ -1141,7 +1140,7 @@
                 "pager",
                 "paginator"
             ],
-            "time": "2016-04-21 06:26:20"
+            "time": "2016-04-21T06:26:20+00:00"
         },
         {
             "name": "knplabs/knp-paginator-bundle",
@@ -1202,7 +1201,7 @@
                 "pagination",
                 "paginator"
             ],
-            "time": "2016-04-20 11:40:30"
+            "time": "2016-04-20T11:40:30+00:00"
         },
         {
             "name": "kriswallsmith/assetic",
@@ -1279,7 +1278,7 @@
                 "compression",
                 "minification"
             ],
-            "time": "2015-11-12 13:51:40"
+            "time": "2015-11-12T13:51:40+00:00"
         },
         {
             "name": "monolog/monolog",
@@ -1357,7 +1356,7 @@
                 "logging",
                 "psr-3"
             ],
-            "time": "2016-04-12 18:29:35"
+            "time": "2016-04-12T18:29:35+00:00"
         },
         {
             "name": "moontoast/math",
@@ -1393,7 +1392,7 @@
                 "bcmath",
                 "math"
             ],
-            "time": "2013-01-19 17:42:34"
+            "time": "2013-01-19T17:42:34+00:00"
         },
         {
             "name": "mopa/bootstrap-bundle",
@@ -1465,7 +1464,7 @@
                 "form",
                 "template"
             ],
-            "time": "2015-09-10 17:23:40"
+            "time": "2015-09-10T17:23:40+00:00"
         },
         {
             "name": "mopa/composer-bridge",
@@ -1516,7 +1515,7 @@
                 "Symfony2",
                 "composer"
             ],
-            "time": "2015-10-01 19:20:19"
+            "time": "2015-10-01T19:20:19+00:00"
         },
         {
             "name": "nelmio/security-bundle",
@@ -1568,7 +1567,7 @@
             "keywords": [
                 "security"
             ],
-            "time": "2016-02-23 10:42:13"
+            "time": "2016-02-23T10:42:13+00:00"
         },
         {
             "name": "nikic/php-parser",
@@ -1607,7 +1606,7 @@
                 "parser",
                 "php"
             ],
-            "time": "2012-04-23 22:52:11"
+            "time": "2012-04-23T22:52:11+00:00"
         },
         {
             "name": "paragonie/random_compat",
@@ -1655,7 +1654,7 @@
                 "pseudorandom",
                 "random"
             ],
-            "time": "2016-03-18 20:34:03"
+            "time": "2016-03-18T20:34:03+00:00"
         },
         {
             "name": "psr/http-message",
@@ -1705,7 +1704,7 @@
                 "request",
                 "response"
             ],
-            "time": "2016-08-06 14:39:51"
+            "time": "2016-08-06T14:39:51+00:00"
         },
         {
             "name": "psr/log",
@@ -1752,7 +1751,7 @@
                 "psr",
                 "psr-3"
             ],
-            "time": "2016-10-10 12:19:37"
+            "time": "2016-10-10T12:19:37+00:00"
         },
         {
             "name": "ramsey/uuid",
@@ -1832,7 +1831,7 @@
                 "identifier",
                 "uuid"
             ],
-            "time": "2016-08-02 18:39:32"
+            "time": "2016-08-02T18:39:32+00:00"
         },
         {
             "name": "robrichards/xmlseclibs",
@@ -1873,7 +1872,7 @@
                 "xml",
                 "xmldsig"
             ],
-            "time": "2016-09-08 13:31:44"
+            "time": "2016-09-08T13:31:44+00:00"
         },
         {
             "name": "sensio/distribution-bundle",
@@ -1933,7 +1932,7 @@
                 "configuration",
                 "distribution"
             ],
-            "time": "2015-06-05 22:32:22"
+            "time": "2015-06-05T22:32:22+00:00"
         },
         {
             "name": "sensio/framework-extra-bundle",
@@ -1995,7 +1994,7 @@
                 "annotations",
                 "controllers"
             ],
-            "time": "2016-03-25 17:08:27"
+            "time": "2016-03-25T17:08:27+00:00"
         },
         {
             "name": "sensiolabs/security-checker",
@@ -2040,7 +2039,7 @@
                 }
             ],
             "description": "A security checker for your composer.lock",
-            "time": "2015-05-28 14:22:40"
+            "time": "2015-05-28T14:22:40+00:00"
         },
         {
             "name": "simplesamlphp/saml2",
@@ -2089,20 +2088,20 @@
                 }
             ],
             "description": "SAML2 PHP library from SimpleSAMLphp",
-            "time": "2016-12-02 12:15:53"
+            "time": "2016-12-02T12:15:53+00:00"
         },
         {
             "name": "surfnet/stepup-bundle",
-            "version": "1.7.0",
+            "version": "2.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/OpenConext/Stepup-bundle.git",
-                "reference": "084b1e11781ca3f526e32a486f75a7e6a953e5fc"
+                "reference": "0ea9b1d5b661b28b8819fc2c9008ec8c71701183"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/OpenConext/Stepup-bundle/zipball/084b1e11781ca3f526e32a486f75a7e6a953e5fc",
-                "reference": "084b1e11781ca3f526e32a486f75a7e6a953e5fc",
+                "url": "https://api.github.com/repos/OpenConext/Stepup-bundle/zipball/0ea9b1d5b661b28b8819fc2c9008ec8c71701183",
+                "reference": "0ea9b1d5b661b28b8819fc2c9008ec8c71701183",
                 "shasum": ""
             },
             "require": {
@@ -2146,7 +2145,7 @@
                 "suaas",
                 "surfnet"
             ],
-            "time": "2017-03-07 13:44:04"
+            "time": "2017-06-08T13:26:09+00:00"
         },
         {
             "name": "surfnet/stepup-middleware-client-bundle",
@@ -2199,7 +2198,7 @@
                 "Apache-2.0"
             ],
             "description": "Symfony2 bundle for consuming the Step-up Middleware API.",
-            "time": "2017-03-07 14:10:57"
+            "time": "2017-03-07T14:10:57+00:00"
         },
         {
             "name": "surfnet/stepup-saml-bundle",
@@ -2247,7 +2246,7 @@
                 "stepup",
                 "surfnet"
             ],
-            "time": "2016-07-01 09:33:44"
+            "time": "2016-07-01T09:33:44+00:00"
         },
         {
             "name": "surfnet/stepup-u2f-bundle",
@@ -2342,7 +2341,7 @@
                 "mail",
                 "mailer"
             ],
-            "time": "2016-05-01 08:45:47"
+            "time": "2016-05-01T08:45:47+00:00"
         },
         {
             "name": "symfony/assetic-bundle",
@@ -2412,7 +2411,7 @@
                 "compression",
                 "minification"
             ],
-            "time": "2015-12-28 13:12:39"
+            "time": "2015-12-28T13:12:39+00:00"
         },
         {
             "name": "symfony/monolog-bundle",
@@ -2472,7 +2471,7 @@
                 "log",
                 "logging"
             ],
-            "time": "2016-04-13 16:21:01"
+            "time": "2016-04-13T16:21:01+00:00"
         },
         {
             "name": "symfony/polyfill-apcu",
@@ -2525,7 +2524,7 @@
                 "portable",
                 "shim"
             ],
-            "time": "2016-05-18 14:26:46"
+            "time": "2016-05-18T14:26:46+00:00"
         },
         {
             "name": "symfony/polyfill-mbstring",
@@ -2584,7 +2583,7 @@
                 "portable",
                 "shim"
             ],
-            "time": "2016-05-18 14:26:46"
+            "time": "2016-05-18T14:26:46+00:00"
         },
         {
             "name": "symfony/swiftmailer-bundle",
@@ -2641,7 +2640,7 @@
             ],
             "description": "Symfony SwiftmailerBundle",
             "homepage": "http://symfony.com",
-            "time": "2016-01-15 16:41:20"
+            "time": "2016-01-15T16:41:20+00:00"
         },
         {
             "name": "symfony/symfony",
@@ -2768,7 +2767,7 @@
             "keywords": [
                 "framework"
             ],
-            "time": "2016-06-06 15:23:39"
+            "time": "2016-06-06T15:23:39+00:00"
         },
         {
             "name": "twbs/bootstrap",
@@ -2819,7 +2818,7 @@
                 "responsive",
                 "web"
             ],
-            "time": "2014-06-26 16:36:48"
+            "time": "2014-06-26T16:36:48+00:00"
         },
         {
             "name": "twig/extensions",
@@ -2871,7 +2870,7 @@
                 "i18n",
                 "text"
             ],
-            "time": "2015-08-22 16:38:35"
+            "time": "2015-08-22T16:38:35+00:00"
         },
         {
             "name": "twig/twig",
@@ -2933,7 +2932,7 @@
             "keywords": [
                 "templating"
             ],
-            "time": "2017-02-27 00:07:03"
+            "time": "2017-02-27T00:07:03+00:00"
         },
         {
             "name": "yubico/u2flib-server",
@@ -2964,7 +2963,7 @@
             ],
             "description": "Library for U2F implementation",
             "homepage": "https://developers.yubico.com/php-u2flib-server",
-            "time": "2015-03-03 08:05:16"
+            "time": "2015-03-03T08:05:16+00:00"
         }
     ],
     "packages-dev": [
@@ -3020,7 +3019,7 @@
                 "constructor",
                 "instantiate"
             ],
-            "time": "2015-06-14 21:17:01"
+            "time": "2015-06-14T21:17:01+00:00"
         },
         {
             "name": "guzzlehttp/streams",
@@ -3073,7 +3072,7 @@
                 "Guzzle",
                 "stream"
             ],
-            "time": "2014-08-17 21:15:53"
+            "time": "2014-08-17T21:15:53+00:00"
         },
         {
             "name": "hamcrest/hamcrest-php",
@@ -3118,7 +3117,7 @@
             "keywords": [
                 "test"
             ],
-            "time": "2015-05-11 14:41:42"
+            "time": "2015-05-11T14:41:42+00:00"
         },
         {
             "name": "liip/rmt",
@@ -3177,7 +3176,7 @@
                 "vcs tag",
                 "version"
             ],
-            "time": "2015-05-06 20:11:13"
+            "time": "2015-05-06T20:11:13+00:00"
         },
         {
             "name": "matthiasnoback/symfony-config-test",
@@ -3225,19 +3224,19 @@
                 "phpunit",
                 "symfony"
             ],
-            "time": "2015-11-25 21:40:32"
+            "time": "2015-11-25T21:40:32+00:00"
         },
         {
             "name": "mockery/mockery",
             "version": "0.9.5",
             "source": {
                 "type": "git",
-                "url": "https://github.com/padraic/mockery.git",
+                "url": "https://github.com/mockery/mockery.git",
                 "reference": "4db079511a283e5aba1b3c2fb19037c645e70fc2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/padraic/mockery/zipball/4db079511a283e5aba1b3c2fb19037c645e70fc2",
+                "url": "https://api.github.com/repos/mockery/mockery/zipball/4db079511a283e5aba1b3c2fb19037c645e70fc2",
                 "reference": "4db079511a283e5aba1b3c2fb19037c645e70fc2",
                 "shasum": ""
             },
@@ -3290,7 +3289,7 @@
                 "test double",
                 "testing"
             ],
-            "time": "2016-05-22 21:52:33"
+            "time": "2016-05-22T21:52:33+00:00"
         },
         {
             "name": "pdepend/pdepend",
@@ -3330,7 +3329,7 @@
                 "BSD-3-Clause"
             ],
             "description": "Official version of pdepend to be handled with Composer",
-            "time": "2017-01-19 14:23:36"
+            "time": "2017-01-19T14:23:36+00:00"
         },
         {
             "name": "phpdocumentor/reflection-common",
@@ -3384,7 +3383,7 @@
                 "reflection",
                 "static analysis"
             ],
-            "time": "2015-12-27 11:43:31"
+            "time": "2015-12-27T11:43:31+00:00"
         },
         {
             "name": "phpdocumentor/reflection-docblock",
@@ -3429,7 +3428,7 @@
                 }
             ],
             "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
-            "time": "2016-09-30 07:12:33"
+            "time": "2016-09-30T07:12:33+00:00"
         },
         {
             "name": "phpdocumentor/type-resolver",
@@ -3476,7 +3475,7 @@
                     "email": "me@mikevanriel.com"
                 }
             ],
-            "time": "2016-11-25 06:54:22"
+            "time": "2016-11-25T06:54:22+00:00"
         },
         {
             "name": "phpmd/phpmd",
@@ -3542,7 +3541,7 @@
                 "phpmd",
                 "pmd"
             ],
-            "time": "2017-01-20 14:41:10"
+            "time": "2017-01-20T14:41:10+00:00"
         },
         {
             "name": "phpspec/prophecy",
@@ -3605,7 +3604,7 @@
                 "spy",
                 "stub"
             ],
-            "time": "2017-03-02 20:05:34"
+            "time": "2017-03-02T20:05:34+00:00"
         },
         {
             "name": "phpunit/php-code-coverage",
@@ -3667,7 +3666,7 @@
                 "testing",
                 "xunit"
             ],
-            "time": "2015-10-06 15:47:00"
+            "time": "2015-10-06T15:47:00+00:00"
         },
         {
             "name": "phpunit/php-file-iterator",
@@ -3714,7 +3713,7 @@
                 "filesystem",
                 "iterator"
             ],
-            "time": "2016-10-03 07:40:28"
+            "time": "2016-10-03T07:40:28+00:00"
         },
         {
             "name": "phpunit/php-text-template",
@@ -3755,7 +3754,7 @@
             "keywords": [
                 "template"
             ],
-            "time": "2015-06-21 13:50:34"
+            "time": "2015-06-21T13:50:34+00:00"
         },
         {
             "name": "phpunit/php-timer",
@@ -3804,7 +3803,7 @@
             "keywords": [
                 "timer"
             ],
-            "time": "2017-02-26 11:10:40"
+            "time": "2017-02-26T11:10:40+00:00"
         },
         {
             "name": "phpunit/php-token-stream",
@@ -3853,7 +3852,7 @@
             "keywords": [
                 "tokenizer"
             ],
-            "time": "2017-02-27 10:12:30"
+            "time": "2017-02-27T10:12:30+00:00"
         },
         {
             "name": "phpunit/phpunit",
@@ -3925,7 +3924,7 @@
                 "testing",
                 "xunit"
             ],
-            "time": "2017-02-06 05:18:07"
+            "time": "2017-02-06T05:18:07+00:00"
         },
         {
             "name": "phpunit/phpunit-mock-objects",
@@ -3981,7 +3980,7 @@
                 "mock",
                 "xunit"
             ],
-            "time": "2015-10-02 06:51:40"
+            "time": "2015-10-02T06:51:40+00:00"
         },
         {
             "name": "sebastian/comparator",
@@ -4045,7 +4044,7 @@
                 "compare",
                 "equality"
             ],
-            "time": "2017-01-29 09:50:25"
+            "time": "2017-01-29T09:50:25+00:00"
         },
         {
             "name": "sebastian/diff",
@@ -4097,7 +4096,7 @@
             "keywords": [
                 "diff"
             ],
-            "time": "2015-12-08 07:14:41"
+            "time": "2015-12-08T07:14:41+00:00"
         },
         {
             "name": "sebastian/environment",
@@ -4147,7 +4146,7 @@
                 "environment",
                 "hhvm"
             ],
-            "time": "2016-08-18 05:49:44"
+            "time": "2016-08-18T05:49:44+00:00"
         },
         {
             "name": "sebastian/exporter",
@@ -4214,7 +4213,7 @@
                 "export",
                 "exporter"
             ],
-            "time": "2016-06-17 09:04:28"
+            "time": "2016-06-17T09:04:28+00:00"
         },
         {
             "name": "sebastian/finder-facade",
@@ -4253,7 +4252,7 @@
             ],
             "description": "FinderFacade is a convenience wrapper for Symfony's Finder component.",
             "homepage": "https://github.com/sebastianbergmann/finder-facade",
-            "time": "2016-02-17 07:02:23"
+            "time": "2016-02-17T07:02:23+00:00"
         },
         {
             "name": "sebastian/global-state",
@@ -4304,7 +4303,7 @@
             "keywords": [
                 "global state"
             ],
-            "time": "2015-10-12 03:26:01"
+            "time": "2015-10-12T03:26:01+00:00"
         },
         {
             "name": "sebastian/phpcpd",
@@ -4355,7 +4354,7 @@
             ],
             "description": "Copy/Paste Detector (CPD) for PHP code.",
             "homepage": "https://github.com/sebastianbergmann/phpcpd",
-            "time": "2016-04-17 19:32:49"
+            "time": "2016-04-17T19:32:49+00:00"
         },
         {
             "name": "sebastian/recursion-context",
@@ -4408,7 +4407,7 @@
             ],
             "description": "Provides functionality to recursively process PHP variables",
             "homepage": "http://www.github.com/sebastianbergmann/recursion-context",
-            "time": "2015-11-11 19:50:13"
+            "time": "2015-11-11T19:50:13+00:00"
         },
         {
             "name": "sebastian/version",
@@ -4443,7 +4442,7 @@
             ],
             "description": "Library that helps with managing the version number of Git-hosted PHP projects",
             "homepage": "https://github.com/sebastianbergmann/version",
-            "time": "2015-06-21 13:59:46"
+            "time": "2015-06-21T13:59:46+00:00"
         },
         {
             "name": "sensio/generator-bundle",
@@ -4491,7 +4490,7 @@
                 }
             ],
             "description": "This bundle generates code for you",
-            "time": "2015-03-17 06:36:52"
+            "time": "2015-03-17T06:36:52+00:00"
         },
         {
             "name": "squizlabs/php_codesniffer",
@@ -4566,7 +4565,7 @@
                 "phpcs",
                 "standards"
             ],
-            "time": "2014-12-04 22:32:15"
+            "time": "2014-12-04T22:32:15+00:00"
         },
         {
             "name": "theseer/fdomdocument",
@@ -4606,7 +4605,7 @@
             ],
             "description": "The classes contained within this repository extend the standard DOM to use exceptions at all occasions of errors instead of PHP warnings or notices. They also add various custom methods and shortcuts for convenience and to simplify the usage of DOM.",
             "homepage": "https://github.com/theseer/fDOMDocument",
-            "time": "2015-05-27 22:58:02"
+            "time": "2015-05-27T22:58:02+00:00"
         },
         {
             "name": "vierbergenlars/php-semver",
@@ -4658,7 +4657,7 @@
                 "semver",
                 "versioning"
             ],
-            "time": "2015-05-02 19:28:54"
+            "time": "2015-05-02T19:28:54+00:00"
         },
         {
             "name": "webmozart/assert",
@@ -4708,7 +4707,7 @@
                 "check",
                 "validate"
             ],
-            "time": "2016-11-23 20:04:58"
+            "time": "2016-11-23T20:04:58+00:00"
         }
     ],
     "aliases": [],

From 304b1ca245610fd17add90db026c30f1297c3d13 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Thu, 8 Jun 2017 16:30:30 +0200
Subject: [PATCH 07/12] Upgraded surfnet/stepup-bundle to version 2.0.0

---
 composer.lock | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/composer.lock b/composer.lock
index a78eb691..d41a28e4 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "content-hash": "3aa6c3ba125a0d8d07cf999fecd8b157",
+    "content-hash": "a58e344cdaaa088e470fbaae634e9ed7",
     "packages": [
         {
             "name": "beberlei/assert",
@@ -2092,16 +2092,16 @@
         },
         {
             "name": "surfnet/stepup-bundle",
-            "version": "1.7.0",
+            "version": "2.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/OpenConext/Stepup-bundle.git",
-                "reference": "084b1e11781ca3f526e32a486f75a7e6a953e5fc"
+                "reference": "0ea9b1d5b661b28b8819fc2c9008ec8c71701183"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/OpenConext/Stepup-bundle/zipball/084b1e11781ca3f526e32a486f75a7e6a953e5fc",
-                "reference": "084b1e11781ca3f526e32a486f75a7e6a953e5fc",
+                "url": "https://api.github.com/repos/OpenConext/Stepup-bundle/zipball/0ea9b1d5b661b28b8819fc2c9008ec8c71701183",
+                "reference": "0ea9b1d5b661b28b8819fc2c9008ec8c71701183",
                 "shasum": ""
             },
             "require": {
@@ -2145,7 +2145,7 @@
                 "suaas",
                 "surfnet"
             ],
-            "time": "2017-03-07T13:44:04+00:00"
+            "time": "2017-06-08T13:26:09+00:00"
         },
         {
             "name": "surfnet/stepup-middleware-client-bundle",
@@ -3121,12 +3121,12 @@
             "version": "0.9.5",
             "source": {
                 "type": "git",
-                "url": "https://github.com/padraic/mockery.git",
+                "url": "https://github.com/mockery/mockery.git",
                 "reference": "4db079511a283e5aba1b3c2fb19037c645e70fc2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/padraic/mockery/zipball/4db079511a283e5aba1b3c2fb19037c645e70fc2",
+                "url": "https://api.github.com/repos/mockery/mockery/zipball/4db079511a283e5aba1b3c2fb19037c645e70fc2",
                 "reference": "4db079511a283e5aba1b3c2fb19037c645e70fc2",
                 "shasum": ""
             },

From 2b021034469d536052bacbf916eba57b5102ebfe Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Wed, 14 Jun 2017 11:38:20 +0200
Subject: [PATCH 08/12] Inject VettingService with SFTypeService

The VettingService verifies the loa of the RAA is sufficient to start
 the vetting procdure. In `isLoaSufficientToStartProcedure` the
 `secondFactorType` was asked if the loa satisfied the required LOA.
 This operation should have been performed on the Service.

 The VettingService received the SecondFactorTypeService as a dependency
 to do just that.
---
 .../StepupRa/RaBundle/Resources/config/services.yml  |  1 +
 .../StepupRa/RaBundle/Service/VettingService.php     | 12 ++++++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/Surfnet/StepupRa/RaBundle/Resources/config/services.yml b/src/Surfnet/StepupRa/RaBundle/Resources/config/services.yml
index 3fdaf8fc..fe48a51d 100644
--- a/src/Surfnet/StepupRa/RaBundle/Resources/config/services.yml
+++ b/src/Surfnet/StepupRa/RaBundle/Resources/config/services.yml
@@ -100,6 +100,7 @@ services:
             - "@ra.repository.vetting_procedure"
             - "@translator"
             - "@ra.service.identity"
+            - "@surfnet_stepup.service.second_factor_type"
 
     ra.service.yubikey:
         public: false
diff --git a/src/Surfnet/StepupRa/RaBundle/Service/VettingService.php b/src/Surfnet/StepupRa/RaBundle/Service/VettingService.php
index e0848130..6c57f203 100644
--- a/src/Surfnet/StepupRa/RaBundle/Service/VettingService.php
+++ b/src/Surfnet/StepupRa/RaBundle/Service/VettingService.php
@@ -21,6 +21,7 @@
 use RuntimeException;
 use Surfnet\StepupBundle\Command\SendSmsChallengeCommand;
 use Surfnet\StepupBundle\Command\VerifyPossessionOfPhoneCommand;
+use Surfnet\StepupBundle\Service\SecondFactorTypeService;
 use Surfnet\StepupBundle\Service\SmsSecondFactor\OtpVerification;
 use Surfnet\StepupBundle\Service\SmsSecondFactorService;
 use Surfnet\StepupBundle\Value\PhoneNumber\InternationalPhoneNumber;
@@ -93,6 +94,11 @@ class VettingService
      */
     private $identityService;
 
+    /**
+     * @var \Surfnet\StepupBundle\Service\SecondFactorTypeService
+     */
+    private $secondFactorTypeService;
+
     public function __construct(
         SmsSecondFactorService $smsSecondFactorService,
         YubikeySecondFactorService $yubikeySecondFactorService,
@@ -101,7 +107,8 @@ public function __construct(
         CommandService $commandService,
         VettingProcedureRepository $vettingProcedureRepository,
         TranslatorInterface $translator,
-        IdentityService $identityService
+        IdentityService $identityService,
+        SecondFactorTypeService $secondFactorTypeService
     ) {
         $this->smsSecondFactorService = $smsSecondFactorService;
         $this->yubikeySecondFactorService = $yubikeySecondFactorService;
@@ -111,6 +118,7 @@ public function __construct(
         $this->vettingProcedureRepository = $vettingProcedureRepository;
         $this->translator = $translator;
         $this->identityService = $identityService;
+        $this->secondFactorTypeService = $secondFactorTypeService;
     }
 
     /**
@@ -121,7 +129,7 @@ public function isLoaSufficientToStartProcedure(StartVettingProcedureCommand $co
     {
         $secondFactorType = new SecondFactorType($command->secondFactor->type);
 
-        return $secondFactorType->isSatisfiedBy($command->authorityLoa);
+        return $this->secondFactorTypeService->isSatisfiedBy($secondFactorType, $command->authorityLoa);
     }
 
     /**

From fdc4ae9446c57fac0ef9729a52c6c2457d6c4515 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Wed, 14 Jun 2017 15:16:15 +0200
Subject: [PATCH 09/12] Updated Stepup-bundle to 2.0.1

---
 composer.lock | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/composer.lock b/composer.lock
index d41a28e4..963c5264 100644
--- a/composer.lock
+++ b/composer.lock
@@ -2092,16 +2092,16 @@
         },
         {
             "name": "surfnet/stepup-bundle",
-            "version": "2.0.0",
+            "version": "2.0.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/OpenConext/Stepup-bundle.git",
-                "reference": "0ea9b1d5b661b28b8819fc2c9008ec8c71701183"
+                "reference": "0766c91a6b391739d9fe4693f684ef1332342df4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/OpenConext/Stepup-bundle/zipball/0ea9b1d5b661b28b8819fc2c9008ec8c71701183",
-                "reference": "0ea9b1d5b661b28b8819fc2c9008ec8c71701183",
+                "url": "https://api.github.com/repos/OpenConext/Stepup-bundle/zipball/0766c91a6b391739d9fe4693f684ef1332342df4",
+                "reference": "0766c91a6b391739d9fe4693f684ef1332342df4",
                 "shasum": ""
             },
             "require": {
@@ -2145,7 +2145,7 @@
                 "suaas",
                 "surfnet"
             ],
-            "time": "2017-06-08T13:26:09+00:00"
+            "time": "2017-06-14T13:03:51+00:00"
         },
         {
             "name": "surfnet/stepup-middleware-client-bundle",

From 288cfa3bc43f10fe030e4c7cdd9c2f5b0123c803 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Thu, 15 Jun 2017 14:32:32 +0200
Subject: [PATCH 10/12] Added the ViewConfig

The view config can be used within the request scope. And can be used
to get translated gssf related strings.
---
 ...netStepupRaSamlStepupProviderExtension.php |  11 ++
 .../Provider/ViewConfig.php                   | 130 ++++++++++++++++++
 .../Tests/Provider/ViewConfigTest.php         | 105 ++++++++++++++
 3 files changed, 246 insertions(+)
 create mode 100644 src/Surfnet/StepupRa/SamlStepupProviderBundle/Provider/ViewConfig.php
 create mode 100644 src/Surfnet/StepupRa/SamlStepupProviderBundle/Tests/Provider/ViewConfigTest.php

diff --git a/src/Surfnet/StepupRa/SamlStepupProviderBundle/DependencyInjection/SurfnetStepupRaSamlStepupProviderExtension.php b/src/Surfnet/StepupRa/SamlStepupProviderBundle/DependencyInjection/SurfnetStepupRaSamlStepupProviderExtension.php
index 19fb7aab..d22b75e3 100644
--- a/src/Surfnet/StepupRa/SamlStepupProviderBundle/DependencyInjection/SurfnetStepupRaSamlStepupProviderExtension.php
+++ b/src/Surfnet/StepupRa/SamlStepupProviderBundle/DependencyInjection/SurfnetStepupRaSamlStepupProviderExtension.php
@@ -80,6 +80,17 @@ private function loadProviderConfiguration(
         $providerDefinition->setPublic(false);
         $container->setDefinition('gssp.provider.' . $provider, $providerDefinition);
 
+        $viewConfigDefinition = new Definition('Surfnet\StepupRa\SamlStepupProviderBundle\Provider\ViewConfig', [
+            new Reference('request'),
+            $configuration['view_config']['page_title'],
+            $configuration['view_config']['explanation'],
+            $configuration['view_config']['initiate'],
+            $configuration['view_config']['gssf_id_mismatch'],
+        ]);
+        $viewConfigDefinition->setScope('request');
+
+        $container->setDefinition('gssp.view_config.' . $provider, $viewConfigDefinition);
+
         $container
             ->getDefinition('gssp.provider_repository')
             ->addMethodCall('addProvider', [new Reference('gssp.provider.' . $provider)]);
diff --git a/src/Surfnet/StepupRa/SamlStepupProviderBundle/Provider/ViewConfig.php b/src/Surfnet/StepupRa/SamlStepupProviderBundle/Provider/ViewConfig.php
new file mode 100644
index 00000000..d8b96f40
--- /dev/null
+++ b/src/Surfnet/StepupRa/SamlStepupProviderBundle/Provider/ViewConfig.php
@@ -0,0 +1,130 @@
+<?php
+
+/**
+ * Copyright 2017 SURFnet bv
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Surfnet\StepupRa\SamlStepupProviderBundle\Provider;
+
+use Surfnet\StepupRa\RaBundle\Exception\LogicException;
+use Symfony\Component\HttpFoundation\Request;
+
+class ViewConfig
+{
+
+    /**
+     * @var array
+     */
+    public $pageTitle;
+
+    /**
+     * @var array
+     */
+    public $explanation;
+
+    /**
+     * @var array
+     */
+    public $initiate;
+
+    /**
+     * @var array
+     */
+    public $gssfIdMismatch;
+
+    /**
+     * @var Request
+     */
+    private $request;
+
+    /**
+     * The arrays are arrays of translated text, indexed on locale.
+     *
+     * @param Request $request
+     * @param array $pageTitle
+     * @param array $explanation
+     * @param array $initiate
+     * @param array $gssfIdMismatch
+     * @SuppressWarnings(PHPMD.ExcessiveParameterList)
+     */
+    public function __construct(
+        Request $request,
+        array $pageTitle,
+        array $explanation,
+        array $initiate,
+        array $gssfIdMismatch
+    ) {
+        $this->request = $request;
+        $this->pageTitle = $pageTitle;
+        $this->explanation = $explanation;
+        $this->initiate = $initiate;
+        $this->gssfIdMismatch = $gssfIdMismatch;
+    }
+
+    /**
+     * @return array
+     */
+    public function getExplanation()
+    {
+        return $this->getTranslation($this->explanation);
+    }
+
+    /**
+     * @return array
+     */
+    public function getGssfIdMismatch()
+    {
+        return $this->getTranslation($this->gssfIdMismatch);
+    }
+
+    /**
+     * @return array
+     */
+    public function getInitiate()
+    {
+        return $this->getTranslation($this->initiate);
+    }
+
+    /**
+     * @return array
+     */
+    public function getPageTitle()
+    {
+        return $this->getTranslation($this->pageTitle);
+    }
+
+    /**
+     * @param array $translations
+     * @return mixed
+     * @throws LogicException
+     */
+    private function getTranslation(array $translations)
+    {
+        $currentLocale = $this->request->getLocale();
+        if (is_null($currentLocale)) {
+            throw new LogicException('The current language is not set');
+        }
+        if (isset($translations[$currentLocale])) {
+            return $translations[$currentLocale];
+        }
+        throw new LogicException(
+            sprintf(
+                'The requested translation is not available in this language: %s. Available languages: %s',
+                $currentLocale,
+                implode(', ', array_keys($translations))
+            )
+        );
+    }
+}
diff --git a/src/Surfnet/StepupRa/SamlStepupProviderBundle/Tests/Provider/ViewConfigTest.php b/src/Surfnet/StepupRa/SamlStepupProviderBundle/Tests/Provider/ViewConfigTest.php
new file mode 100644
index 00000000..a19e4abd
--- /dev/null
+++ b/src/Surfnet/StepupRa/SamlStepupProviderBundle/Tests/Provider/ViewConfigTest.php
@@ -0,0 +1,105 @@
+<?php
+
+/**
+ * Copyright 2017 SURFnet bv
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Surfnet\StepupRa\SamlStepupProviderBundle\Tests\Provider;
+
+use Mockery as m;
+use PHPUnit_Framework_TestCase as TestCase;
+use Surfnet\StepupRa\SamlStepupProviderBundle\Provider\ViewConfig;
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * Tests the ViewConfig class
+ * @package  Surfnet\StepupRa\SamlStepupProviderBundle\Tests\Provider
+ */
+final class ViewConfigTest extends TestCase
+{
+    /**
+     * @test
+     * @group di
+     */
+    public function view_config_translates_correctly()
+    {
+        $viewConfig = $this->buildViewConfig('nl_NL');
+
+        $this->assertEquals('NL pageTitle', $viewConfig->getPageTitle());
+        $this->assertEquals('NL explanation', $viewConfig->getExplanation());
+        $this->assertEquals('NL initiate', $viewConfig->getInitiate());
+        $this->assertEquals('NL gssfIdMismatch', $viewConfig->getGssfIdMismatch());
+
+        $viewConfig = $this->buildViewConfig('en_GB');
+        $this->assertEquals('EN pageTitle', $viewConfig->getPageTitle());
+        $this->assertEquals('EN explanation', $viewConfig->getExplanation());
+        $this->assertEquals('EN initiate', $viewConfig->getInitiate());
+        $this->assertEquals('EN gssfIdMismatch', $viewConfig->getGssfIdMismatch());
+    }
+
+    /**
+     * @test
+     * @group di
+     * @expectedException \Surfnet\StepupRa\RaBundle\Exception\LogicException
+     * @expectedExceptionMessage The current language is not set
+     */
+    public function translation_fails_when_no_current_language_set()
+    {
+        $viewConfig = $this->buildViewConfig(null);
+        $viewConfig->getExplanation();
+    }
+
+    /**
+     * @test
+     * @group di
+     * @expectedException \Surfnet\StepupRa\RaBundle\Exception\LogicException
+     * @expectedExceptionMessage The requested translation is not available in this language: fr_FR.
+     *                           Available languages: en_GB, nl_NL
+     */
+    public function view_config_cannot_serve_french_translations()
+    {
+        $viewConfig = $this->buildViewConfig('fr_FR');
+        $viewConfig->getGssfIdMismatch();
+    }
+
+    /**
+     * @param string $locale
+     * @return ViewConfig
+     */
+    private function buildViewConfig($locale = '')
+    {
+        $request = m::mock(Request::class);
+        $request->shouldReceive('getLocale')->andReturn($locale)->byDefault();
+        return new ViewConfig(
+            $request,
+            $this->getTranslationsArray('pageTitle'),
+            $this->getTranslationsArray('explanation'),
+            $this->getTranslationsArray('initiate'),
+            $this->getTranslationsArray('gssfIdMismatch')
+        );
+    }
+
+    /**
+     * @param $string
+     * @return array
+     */
+    private function getTranslationsArray($string)
+    {
+        return [
+            'en_GB' => 'EN ' . $string,
+            'nl_NL' => 'NL ' . $string,
+        ];
+    }
+}

From 4c8ee586563025998a97a428c6cf6ebed56042f6 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Thu, 15 Jun 2017 15:19:45 +0200
Subject: [PATCH 11/12] Implement the translations in the view and form

---
 .../Controller/Vetting/GssfController.php     | 22 +++++++++++++++++--
 .../RaBundle/Form/Type/InitiateGssfType.php   |  3 ++-
 .../views/Vetting/Gssf/initiate.html.twig     |  6 ++---
 3 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/src/Surfnet/StepupRa/RaBundle/Controller/Vetting/GssfController.php b/src/Surfnet/StepupRa/RaBundle/Controller/Vetting/GssfController.php
index 37b344e5..c3203f69 100644
--- a/src/Surfnet/StepupRa/RaBundle/Controller/Vetting/GssfController.php
+++ b/src/Surfnet/StepupRa/RaBundle/Controller/Vetting/GssfController.php
@@ -25,6 +25,7 @@
 use Surfnet\SamlBundle\SAML2\Response\Assertion\InResponseTo;
 use Surfnet\StepupRa\RaBundle\Exception\RuntimeException;
 use Surfnet\StepupRa\RaBundle\Service\VettingService;
+use Surfnet\StepupRa\SamlStepupProviderBundle\Provider\ViewConfig;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
@@ -253,11 +254,28 @@ private function getVettingService()
      */
     private function renderInitiateForm($procedureId, $provider, array $parameters = [])
     {
-        $form = $this->createForm('ra_initiate_gssf', null, ['procedureId' => $procedureId, 'provider' => $provider]);
+        /** @var ViewConfig $secondFactorConfig */
+        $secondFactorConfig = $this->get("gssp.view_config.{$provider}");
+
+        $form = $this->createForm(
+            'ra_initiate_gssf',
+            null,
+            [
+                'procedureId' => $procedureId,
+                'provider' => $provider,
+                /** @Ignore from translation message extraction */
+                'label' => $secondFactorConfig->getInitiate()
+            ]
+        );
 
         $templateParameters = array_merge(
             $parameters,
-            ['form' => $form->createView(), 'procedureId' => $procedureId, 'provider' => $provider]
+            [
+                'form' => $form->createView(),
+                'procedureId' => $procedureId,
+                'provider' => $provider,
+                'secondFactorConfig' => $secondFactorConfig
+            ]
         );
 
         return $this->render('SurfnetStepupRaRaBundle:Vetting/Gssf:initiate.html.twig', $templateParameters);
diff --git a/src/Surfnet/StepupRa/RaBundle/Form/Type/InitiateGssfType.php b/src/Surfnet/StepupRa/RaBundle/Form/Type/InitiateGssfType.php
index b4e915e4..41b552f3 100644
--- a/src/Surfnet/StepupRa/RaBundle/Form/Type/InitiateGssfType.php
+++ b/src/Surfnet/StepupRa/RaBundle/Form/Type/InitiateGssfType.php
@@ -45,7 +45,8 @@ public function buildForm(FormBuilderInterface $builder, array $options)
         $builder
             ->add('submit', 'submit', [
                 'attr'  => ['class' => 'btn btn-primary'],
-                'label' => /** @Ignore */ 'ra.vetting.gssf.initiate.' . $options['provider'] . '.button.initiate'
+                /** @Ignore */
+                'label' => $options['label']
             ])
             ->setAction($action);
     }
diff --git a/src/Surfnet/StepupRa/RaBundle/Resources/views/Vetting/Gssf/initiate.html.twig b/src/Surfnet/StepupRa/RaBundle/Resources/views/Vetting/Gssf/initiate.html.twig
index df917c8e..c80b767b 100644
--- a/src/Surfnet/StepupRa/RaBundle/Resources/views/Vetting/Gssf/initiate.html.twig
+++ b/src/Surfnet/StepupRa/RaBundle/Resources/views/Vetting/Gssf/initiate.html.twig
@@ -1,6 +1,6 @@
 {% extends "::base.html.twig" %}
 
-{% block page_title %}{{ ('ra.vetting.gssf.initiate.' ~ provider ~ '.title.page')|trans }}{% endblock %}
+{% block page_title %}{{ secondFactorConfig.getPageTitle() }}{% endblock %}
 
 {% block page_header %}
     {{ parent() }}
@@ -11,12 +11,12 @@
 {% block content %}
     <h2>{{ block('page_title') }}</h2>
 
-    <p>{{ ('ra.vetting.gssf.initiate.' ~ provider ~ '.text.explanation')|trans }}</p>
+    <p>{{ secondFactorConfig.getExplanation() }}</p>
 
     <hr>
 
     {% if gssfIdMismatch is defined %}
-        <div class="alert alert-danger">{{ ('ra.vetting.gssf.initiate.' ~ provider ~ '.error.gssf_id_mismatch')|trans }}</div>
+        <div class="alert alert-danger">{{ secondFactorConfig.getGssfIdMismatch() }}</div>
     {% endif %}
     {{ form(form) }}
 

From c6fe2f06aad5720dc78b27fd05357aed745c730d Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Thu, 15 Jun 2017 15:51:56 +0200
Subject: [PATCH 12/12] Removed gssf translations from twig

The translations are removed from the translations.html.twig dummy
file. The translations have been extracted after that.
---
 .../translations/messages.en_GB.xliff         | 106 ++++++------------
 .../translations/messages.nl_NL.xliff         | 106 ++++++------------
 .../translations/validators.en_GB.xliff       |   6 +-
 .../translations/validators.nl_NL.xliff       |   6 +-
 .../Resources/views/translations.html.twig    |  10 --
 5 files changed, 76 insertions(+), 158 deletions(-)

diff --git a/app/Resources/translations/messages.en_GB.xliff b/app/Resources/translations/messages.en_GB.xliff
index 2eb4425b..81a875dc 100644
--- a/app/Resources/translations/messages.en_GB.xliff
+++ b/app/Resources/translations/messages.en_GB.xliff
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2016-11-25T16:20:09Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
+  <file date="2017-06-15T15:47:58Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
@@ -33,72 +33,72 @@
         <target>Nederlands</target>
       </trans-unit>
       <trans-unit id="37836182b3260cbaf343a44bfb622776839666cc" resname="ra.auditlog.action.accredited_as_ra">
-        <jms:reference-file line="63">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="53">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.accredited_as_ra</source>
         <target>Accredited as RA</target>
       </trans-unit>
       <trans-unit id="66b320bfe1f15eabe6e0baa04e94b71c2152f8e2" resname="ra.auditlog.action.accredited_as_raa">
-        <jms:reference-file line="64">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="54">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.accredited_as_raa</source>
         <target>Accredited as RAA</target>
       </trans-unit>
       <trans-unit id="ba50c2f5a7066cd14d8ae1f33c5f4decc892d0b7" resname="ra.auditlog.action.appointed_as_ra">
-        <jms:reference-file line="65">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="55">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.appointed_as_ra</source>
         <target>Appointed as RA</target>
       </trans-unit>
       <trans-unit id="f1a9c08794cd9c91a7f63841cc1c9ff61c3da452" resname="ra.auditlog.action.appointed_as_raa">
-        <jms:reference-file line="66">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="56">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.appointed_as_raa</source>
         <target>Appointed as RAA</target>
       </trans-unit>
       <trans-unit id="9c05a55d8f3ef06afe4f9d81883c0cd6dc415933" resname="ra.auditlog.action.bootstrapped">
-        <jms:reference-file line="62">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="52">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.bootstrapped</source>
         <target>Identity and Token bootstrapped</target>
       </trans-unit>
       <trans-unit id="c9199d83adb7c6ebeaa6cfe08d2fc57f308677a9" resname="ra.auditlog.action.created">
-        <jms:reference-file line="57">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="47">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.created</source>
         <target>Identity Created</target>
       </trans-unit>
       <trans-unit id="f2264e8a139e432bc0b30abd24ab34750e944da0" resname="ra.auditlog.action.email_changed">
-        <jms:reference-file line="58">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="48">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.email_changed</source>
         <target>E-mail changed</target>
       </trans-unit>
       <trans-unit id="8750a7f384fd2159c68613b478b283083c45f8fa" resname="ra.auditlog.action.email_verified">
-        <jms:reference-file line="55">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="45">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.email_verified</source>
         <target>E-mail verified</target>
       </trans-unit>
       <trans-unit id="59b375a103f9bff34d2da25cb0563524354b357d" resname="ra.auditlog.action.possession_proven">
-        <jms:reference-file line="56">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="46">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.possession_proven</source>
         <target>Token possession proven</target>
       </trans-unit>
       <trans-unit id="6182cba621f2930f0600729d0cf846477b645851" resname="ra.auditlog.action.renamed">
-        <jms:reference-file line="59">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="49">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.renamed</source>
         <target>Name changed</target>
       </trans-unit>
       <trans-unit id="625f464c28c526a1fb856c5c6c8387e8d4c49518" resname="ra.auditlog.action.retracted_as_ra">
-        <jms:reference-file line="67">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="57">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.retracted_as_ra</source>
         <target>Removed as RA(A)</target>
       </trans-unit>
       <trans-unit id="3b4520b328a4b841d468fd967962d674db2d2947" resname="ra.auditlog.action.revoked">
-        <jms:reference-file line="61">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="51">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.revoked</source>
         <target>Token revoked</target>
       </trans-unit>
       <trans-unit id="cfa1707c5ee601824695a03199bac938cbac9a62" resname="ra.auditlog.action.revoked_by_ra">
-        <jms:reference-file line="54">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="44">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.revoked_by_ra</source>
         <target>Token revoked by RA</target>
       </trans-unit>
       <trans-unit id="0685bbf771d00c304c5807c48e34ba0c8b73b3eb" resname="ra.auditlog.action.vetted">
-        <jms:reference-file line="60">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="50">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.vetted</source>
         <target>Token vetted</target>
       </trans-unit>
@@ -158,8 +158,8 @@
         <target>RA location successfully created</target>
       </trans-unit>
       <trans-unit id="5a045b50111a6cdd614329837fa07cbf64d896a6" resname="ra.error.button.go_home">
-        <jms:reference-file line="12">views/Exception/error.html.twig</jms:reference-file>
         <jms:reference-file line="12">views/Exception/error404.html.twig</jms:reference-file>
+        <jms:reference-file line="12">views/Exception/error.html.twig</jms:reference-file>
         <source>ra.error.button.go_home</source>
         <target>Back to Home</target>
       </trans-unit>
@@ -254,8 +254,8 @@
         <target>Please report this error + error code to the helpdesk via support@surfconext.nl</target>
       </trans-unit>
       <trans-unit id="97cec45f4b04606121bd0a6613f2673f4e55eff7" resname="ra.error.text.your_art_code">
-        <jms:reference-file line="16">views/Exception/error.html.twig</jms:reference-file>
         <jms:reference-file line="16">views/Exception/error404.html.twig</jms:reference-file>
+        <jms:reference-file line="16">views/Exception/error.html.twig</jms:reference-file>
         <source>ra.error.text.your_art_code</source>
         <target>The error code is:</target>
       </trans-unit>
@@ -285,12 +285,12 @@
         <target>Due to an unknown reason, switching locales failed.</target>
       </trans-unit>
       <trans-unit id="c73b11f71b8ad5d46b3e42e649919aee4bc9ece5" resname="ra.form.extension.ra_role_choice.ra">
-        <jms:reference-file line="50">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="40">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.form.extension.ra_role_choice.ra</source>
         <target>RA</target>
       </trans-unit>
       <trans-unit id="e55aa3fd11b0cd43d84e2e3e41be6729e7fc35f0" resname="ra.form.extension.ra_role_choice.raa">
-        <jms:reference-file line="51">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="41">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.form.extension.ra_role_choice.raa</source>
         <target>RAA</target>
       </trans-unit>
@@ -330,8 +330,8 @@
         <target>E-mail</target>
       </trans-unit>
       <trans-unit id="9f4c34138ef487cdf008770c1257b06291343831" resname="ra.form.ra_search_ra_candidates.label.name">
-        <jms:reference-file line="31">Form/Type/ChangeRaLocationType.php</jms:reference-file>
         <jms:reference-file line="31">Form/Type/SearchRaCandidatesType.php</jms:reference-file>
+        <jms:reference-file line="31">Form/Type/ChangeRaLocationType.php</jms:reference-file>
         <source>ra.form.ra_search_ra_candidates.label.name</source>
         <target>Name</target>
       </trans-unit>
@@ -476,7 +476,7 @@
         <target>Verify identity</target>
       </trans-unit>
       <trans-unit id="584ef35d6af2f2917e708a1a6092f0b0938151e4" resname="ra.management.amend_ra_info.error.middleware_command_failed">
-        <jms:reference-file line="74">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="64">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.management.amend_ra_info.error.middleware_command_failed</source>
         <target>The amendment of the RA's information failed due to a server error.</target>
       </trans-unit>
@@ -564,7 +564,7 @@
         <target>The Registration Authority has been granted the selected role</target>
       </trans-unit>
       <trans-unit id="f2d212150076ce42ffe47d514f182ad5e7a6c9fe" resname="ra.management.create_ra.error.middleware_command_failed">
-        <jms:reference-file line="73">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="63">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.management.create_ra.error.middleware_command_failed</source>
         <target>The identity could not be granted the chosen role due to a server error.</target>
       </trans-unit>
@@ -714,8 +714,8 @@
         <target>Change Role</target>
       </trans-unit>
       <trans-unit id="249a6c69487c5477929e1dac383aa2d02fb25198" resname="ra.management.overview.common_name">
-        <jms:reference-file line="13">views/RaManagement/manage.html.twig</jms:reference-file>
         <jms:reference-file line="26">views/Vetting/verifyIdentity.html.twig</jms:reference-file>
+        <jms:reference-file line="13">views/RaManagement/manage.html.twig</jms:reference-file>
         <source>ra.management.overview.common_name</source>
         <target>Name</target>
       </trans-unit>
@@ -740,17 +740,17 @@
         <target>Role</target>
       </trans-unit>
       <trans-unit id="64d8691325da6d2b996fd48f7da7a382fdeb22e7" resname="ra.management.overview.role.value.ra">
-        <jms:reference-file line="70">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="60">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.management.overview.role.value.ra</source>
         <target>RA</target>
       </trans-unit>
       <trans-unit id="ac982ab35b7b5438a72cb6e243975c8ddd35e148" resname="ra.management.overview.role.value.raa">
-        <jms:reference-file line="71">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="61">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.management.overview.role.value.raa</source>
         <target>RAA</target>
       </trans-unit>
       <trans-unit id="53c4452d09c417bfb728d1e738b2ae2bbff3c883" resname="ra.management.overview.role.value.sraa">
-        <jms:reference-file line="72">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="62">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.management.overview.role.value.sraa</source>
         <target>SRAA</target>
       </trans-unit>
@@ -1127,7 +1127,7 @@
         <target>Identity verification failed</target>
       </trans-unit>
       <trans-unit id="eff2ebc67229b22b80526799953593c40a2c6ef9" resname="ra.verify_identity.registration_code_expired">
-        <jms:reference-file line="228">RaBundle/Controller/VettingController.php</jms:reference-file>
+        <jms:reference-file line="231">RaBundle/Controller/VettingController.php</jms:reference-file>
         <jms:reference-file line="10">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.verify_identity.registration_code_expired</source>
         <target>The activation code has expired. First, delete the current token registration of the user (by RA or user). The user then starts a new registration on %self_service_url% and will receive a new activation code that is valid for 14 days.</target>
@@ -1151,59 +1151,19 @@
         <jms:reference-file line="51">Form/Type/VerifyIdentityType.php</jms:reference-file>
         <jms:reference-file line="47">Form/Type/VerifyPhoneNumberType.php</jms:reference-file>
         <jms:reference-file line="5">Vetting/partial/cancelVettingProcedure.html.twig</jms:reference-file>
+        <jms:reference-file line="56">views/Vetting/verifyIdentity.html.twig</jms:reference-file>
         <jms:reference-file line="47">Vetting/Sms/provePossession.html.twig</jms:reference-file>
         <jms:reference-file line="47">Vetting/Sms/sendChallenge.html.twig</jms:reference-file>
-        <jms:reference-file line="56">views/Vetting/verifyIdentity.html.twig</jms:reference-file>
         <source>ra.vetting.button.cancel_procedure</source>
         <target>Cancel</target>
       </trans-unit>
       <trans-unit id="32b7bc724e0d07eac8325753ae89605966b495c7" resname="ra.vetting.flash.cancelled">
+        <jms:reference-file line="157">RaBundle/Controller/VettingController.php</jms:reference-file>
+        <jms:reference-file line="187">RaBundle/Controller/VettingController.php</jms:reference-file>
         <jms:reference-file line="120">Controller/Vetting/SmsController.php</jms:reference-file>
-        <jms:reference-file line="154">RaBundle/Controller/VettingController.php</jms:reference-file>
-        <jms:reference-file line="184">RaBundle/Controller/VettingController.php</jms:reference-file>
         <source>ra.vetting.flash.cancelled</source>
         <target>The vetting procedure was cancelled.</target>
       </trans-unit>
-      <trans-unit id="1dec0b54fa1739f15b995a5a8a3acb03adeff07d" resname="ra.vetting.gssf.initiate.biometric.button.initiate">
-        <jms:reference-file line="46">Resources/views/translations.html.twig</jms:reference-file>
-        <source>ra.vetting.gssf.initiate.biometric.button.initiate</source>
-        <target>Verify biometrics</target>
-      </trans-unit>
-      <trans-unit id="94b9f4e4392a0b3cdf5cff65cf8951cb2ee4b3ba" resname="ra.vetting.gssf.initiate.biometric.error.gssf_id_mismatch">
-        <jms:reference-file line="47">Resources/views/translations.html.twig</jms:reference-file>
-        <source>ra.vetting.gssf.initiate.biometric.error.gssf_id_mismatch</source>
-        <target>The biometric device returned a different ID than was registered in the Self-Service application.</target>
-      </trans-unit>
-      <trans-unit id="900abec75af2dfb739b1f7a9e73695385893b0d0" resname="ra.vetting.gssf.initiate.biometric.text.explanation">
-        <jms:reference-file line="45">Resources/views/translations.html.twig</jms:reference-file>
-        <source>ra.vetting.gssf.initiate.biometric.text.explanation</source>
-        <target>Click the button below to verify the registrant biometrically.</target>
-      </trans-unit>
-      <trans-unit id="ee546154768e6aa0c5075029912a2b01d7cd5ab6" resname="ra.vetting.gssf.initiate.biometric.title.page">
-        <jms:reference-file line="44">Resources/views/translations.html.twig</jms:reference-file>
-        <source>ra.vetting.gssf.initiate.biometric.title.page</source>
-        <target>Verify biometrics</target>
-      </trans-unit>
-      <trans-unit id="485287b4d4e2f13a9df979601799e727821b9817" resname="ra.vetting.gssf.initiate.tiqr.button.initiate">
-        <jms:reference-file line="42">Resources/views/translations.html.twig</jms:reference-file>
-        <source>ra.vetting.gssf.initiate.tiqr.button.initiate</source>
-        <target>Verify with Tiqr</target>
-      </trans-unit>
-      <trans-unit id="e6ca047d4a5ae812276be6e8ece30cc7d6102af2" resname="ra.vetting.gssf.initiate.tiqr.error.gssf_id_mismatch">
-        <jms:reference-file line="43">Resources/views/translations.html.twig</jms:reference-file>
-        <source>ra.vetting.gssf.initiate.tiqr.error.gssf_id_mismatch</source>
-        <target>The Tiqr server responded with an ID that doesn't match the requested ID the registrant registered with using the Self-Service application.</target>
-      </trans-unit>
-      <trans-unit id="a5ec286b6d7f1ba6056eb720211d748ca9e8844c" resname="ra.vetting.gssf.initiate.tiqr.text.explanation">
-        <jms:reference-file line="41">Resources/views/translations.html.twig</jms:reference-file>
-        <source>ra.vetting.gssf.initiate.tiqr.text.explanation</source>
-        <target>Click the button below to verify the registrant owns the Tiqr account he or she registered with in the Self-Service application.</target>
-      </trans-unit>
-      <trans-unit id="cb3ffa7493a6cbda2c134ee5c2b80f193f822737" resname="ra.vetting.gssf.initiate.tiqr.title.page">
-        <jms:reference-file line="40">Resources/views/translations.html.twig</jms:reference-file>
-        <source>ra.vetting.gssf.initiate.tiqr.title.page</source>
-        <target>Verify with Tiqr</target>
-      </trans-unit>
       <trans-unit id="3f708a1089bb9a75621006456174cd658d18b541" resname="ra.vetting.progress_bar.enter_registration_code">
         <jms:reference-file line="2">Vetting/partial/progressBar.html.twig</jms:reference-file>
         <source>ra.vetting.progress_bar.enter_registration_code</source>
@@ -1250,7 +1210,7 @@
         <target>Token type disabled</target>
       </trans-unit>
       <trans-unit id="8e4a356a46fe95b04ae1cbb201b8d62e15670b2e" resname="ra.vetting.sms.challenge_body">
-        <jms:reference-file line="216">RaBundle/Service/VettingService.php</jms:reference-file>
+        <jms:reference-file line="224">RaBundle/Service/VettingService.php</jms:reference-file>
         <source>ra.vetting.sms.challenge_body</source>
         <target>Your code: %challenge%</target>
       </trans-unit>
@@ -1300,12 +1260,12 @@
         <target>Home</target>
       </trans-unit>
       <trans-unit id="385d56fffaf0e844dcd7b164b18741f050ba28e7" resname="ra.vetting.u2f.alert.device_reported_an_error">
-        <jms:reference-file line="77">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="67">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.vetting.u2f.alert.device_reported_an_error</source>
         <target>The U2F device reported an error. Try again or visit your IT helpdesk.</target>
       </trans-unit>
       <trans-unit id="467eb86ef7b096d0e14386714ef1b120c3f6b834" resname="ra.vetting.u2f.alert.error">
-        <jms:reference-file line="78">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="68">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.vetting.u2f.alert.error</source>
         <target>The authentication using the U2F device failed. Try again or visit your IT helpdesk.</target>
       </trans-unit>
diff --git a/app/Resources/translations/messages.nl_NL.xliff b/app/Resources/translations/messages.nl_NL.xliff
index 5987368a..0564dc2a 100644
--- a/app/Resources/translations/messages.nl_NL.xliff
+++ b/app/Resources/translations/messages.nl_NL.xliff
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2016-11-25T16:20:48Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
+  <file date="2017-06-15T15:47:50Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
@@ -33,72 +33,72 @@
         <target>Nederlands</target>
       </trans-unit>
       <trans-unit id="37836182b3260cbaf343a44bfb622776839666cc" resname="ra.auditlog.action.accredited_as_ra">
-        <jms:reference-file line="63">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="53">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.accredited_as_ra</source>
         <target>Geaccrediteerd als RA</target>
       </trans-unit>
       <trans-unit id="66b320bfe1f15eabe6e0baa04e94b71c2152f8e2" resname="ra.auditlog.action.accredited_as_raa">
-        <jms:reference-file line="64">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="54">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.accredited_as_raa</source>
         <target>Geaccrediteerd als RAA</target>
       </trans-unit>
       <trans-unit id="ba50c2f5a7066cd14d8ae1f33c5f4decc892d0b7" resname="ra.auditlog.action.appointed_as_ra">
-        <jms:reference-file line="65">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="55">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.appointed_as_ra</source>
         <target>RA rol toegewezen gekregen</target>
       </trans-unit>
       <trans-unit id="f1a9c08794cd9c91a7f63841cc1c9ff61c3da452" resname="ra.auditlog.action.appointed_as_raa">
-        <jms:reference-file line="66">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="56">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.appointed_as_raa</source>
         <target>RAA rol toegewezen gekregen</target>
       </trans-unit>
       <trans-unit id="9c05a55d8f3ef06afe4f9d81883c0cd6dc415933" resname="ra.auditlog.action.bootstrapped">
-        <jms:reference-file line="62">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="52">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.bootstrapped</source>
         <target>Identiteit en Token gebootstrapped</target>
       </trans-unit>
       <trans-unit id="c9199d83adb7c6ebeaa6cfe08d2fc57f308677a9" resname="ra.auditlog.action.created">
-        <jms:reference-file line="57">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="47">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.created</source>
         <target>Identiteit aangemaakt</target>
       </trans-unit>
       <trans-unit id="f2264e8a139e432bc0b30abd24ab34750e944da0" resname="ra.auditlog.action.email_changed">
-        <jms:reference-file line="58">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="48">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.email_changed</source>
         <target>E-mail gewijzigd</target>
       </trans-unit>
       <trans-unit id="8750a7f384fd2159c68613b478b283083c45f8fa" resname="ra.auditlog.action.email_verified">
-        <jms:reference-file line="55">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="45">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.email_verified</source>
         <target>E-mail geverifieerd</target>
       </trans-unit>
       <trans-unit id="59b375a103f9bff34d2da25cb0563524354b357d" resname="ra.auditlog.action.possession_proven">
-        <jms:reference-file line="56">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="46">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.possession_proven</source>
         <target>Bezit aangetoond</target>
       </trans-unit>
       <trans-unit id="6182cba621f2930f0600729d0cf846477b645851" resname="ra.auditlog.action.renamed">
-        <jms:reference-file line="59">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="49">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.renamed</source>
         <target>Naam gewijzigd</target>
       </trans-unit>
       <trans-unit id="625f464c28c526a1fb856c5c6c8387e8d4c49518" resname="ra.auditlog.action.retracted_as_ra">
-        <jms:reference-file line="67">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="57">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.retracted_as_ra</source>
         <target>Verwijderd als RA(A)</target>
       </trans-unit>
       <trans-unit id="3b4520b328a4b841d468fd967962d674db2d2947" resname="ra.auditlog.action.revoked">
-        <jms:reference-file line="61">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="51">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.revoked</source>
         <target>Token verwijderd</target>
       </trans-unit>
       <trans-unit id="cfa1707c5ee601824695a03199bac938cbac9a62" resname="ra.auditlog.action.revoked_by_ra">
-        <jms:reference-file line="54">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="44">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.revoked_by_ra</source>
         <target>Token verwijderd door RA</target>
       </trans-unit>
       <trans-unit id="0685bbf771d00c304c5807c48e34ba0c8b73b3eb" resname="ra.auditlog.action.vetted">
-        <jms:reference-file line="60">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="50">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.auditlog.action.vetted</source>
         <target>Token gevet</target>
       </trans-unit>
@@ -158,8 +158,8 @@
         <target>RA-locatie succesvol aangemaakt</target>
       </trans-unit>
       <trans-unit id="5a045b50111a6cdd614329837fa07cbf64d896a6" resname="ra.error.button.go_home">
-        <jms:reference-file line="12">views/Exception/error.html.twig</jms:reference-file>
         <jms:reference-file line="12">views/Exception/error404.html.twig</jms:reference-file>
+        <jms:reference-file line="12">views/Exception/error.html.twig</jms:reference-file>
         <source>ra.error.button.go_home</source>
         <target>Terug naar Home</target>
       </trans-unit>
@@ -254,8 +254,8 @@
         <target>Meld deze error code aan de helpdesk via support@surfconext.nl</target>
       </trans-unit>
       <trans-unit id="97cec45f4b04606121bd0a6613f2673f4e55eff7" resname="ra.error.text.your_art_code">
-        <jms:reference-file line="16">views/Exception/error.html.twig</jms:reference-file>
         <jms:reference-file line="16">views/Exception/error404.html.twig</jms:reference-file>
+        <jms:reference-file line="16">views/Exception/error.html.twig</jms:reference-file>
         <source>ra.error.text.your_art_code</source>
         <target>De fout code is:</target>
       </trans-unit>
@@ -285,12 +285,12 @@
         <target>Het wisselen van taal is mislukt wegens een onbekende reden.</target>
       </trans-unit>
       <trans-unit id="c73b11f71b8ad5d46b3e42e649919aee4bc9ece5" resname="ra.form.extension.ra_role_choice.ra">
-        <jms:reference-file line="50">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="40">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.form.extension.ra_role_choice.ra</source>
         <target>RA</target>
       </trans-unit>
       <trans-unit id="e55aa3fd11b0cd43d84e2e3e41be6729e7fc35f0" resname="ra.form.extension.ra_role_choice.raa">
-        <jms:reference-file line="51">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="41">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.form.extension.ra_role_choice.raa</source>
         <target>RAA</target>
       </trans-unit>
@@ -330,8 +330,8 @@
         <target>E-mail</target>
       </trans-unit>
       <trans-unit id="9f4c34138ef487cdf008770c1257b06291343831" resname="ra.form.ra_search_ra_candidates.label.name">
-        <jms:reference-file line="31">Form/Type/ChangeRaLocationType.php</jms:reference-file>
         <jms:reference-file line="31">Form/Type/SearchRaCandidatesType.php</jms:reference-file>
+        <jms:reference-file line="31">Form/Type/ChangeRaLocationType.php</jms:reference-file>
         <source>ra.form.ra_search_ra_candidates.label.name</source>
         <target>Naam</target>
       </trans-unit>
@@ -476,7 +476,7 @@
         <target>Verifieer identiteit</target>
       </trans-unit>
       <trans-unit id="584ef35d6af2f2917e708a1a6092f0b0938151e4" resname="ra.management.amend_ra_info.error.middleware_command_failed">
-        <jms:reference-file line="74">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="64">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.management.amend_ra_info.error.middleware_command_failed</source>
         <target>Het wijzigen van de gegevens van de RA is mislukt vanwege een serverfout.</target>
       </trans-unit>
@@ -564,7 +564,7 @@
         <target>De Registratie Authoriteit heeft de gekozen rol toegewezen gekregen</target>
       </trans-unit>
       <trans-unit id="f2d212150076ce42ffe47d514f182ad5e7a6c9fe" resname="ra.management.create_ra.error.middleware_command_failed">
-        <jms:reference-file line="73">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="63">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.management.create_ra.error.middleware_command_failed</source>
         <target>De gekozen rol kon niet aan de identiteit toegekend worden vanwege een serverfout.</target>
       </trans-unit>
@@ -714,8 +714,8 @@
         <target>Verander Rol</target>
       </trans-unit>
       <trans-unit id="249a6c69487c5477929e1dac383aa2d02fb25198" resname="ra.management.overview.common_name">
-        <jms:reference-file line="13">views/RaManagement/manage.html.twig</jms:reference-file>
         <jms:reference-file line="26">views/Vetting/verifyIdentity.html.twig</jms:reference-file>
+        <jms:reference-file line="13">views/RaManagement/manage.html.twig</jms:reference-file>
         <source>ra.management.overview.common_name</source>
         <target>Naam</target>
       </trans-unit>
@@ -740,17 +740,17 @@
         <target>Rol</target>
       </trans-unit>
       <trans-unit id="64d8691325da6d2b996fd48f7da7a382fdeb22e7" resname="ra.management.overview.role.value.ra">
-        <jms:reference-file line="70">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="60">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.management.overview.role.value.ra</source>
         <target>RA</target>
       </trans-unit>
       <trans-unit id="ac982ab35b7b5438a72cb6e243975c8ddd35e148" resname="ra.management.overview.role.value.raa">
-        <jms:reference-file line="71">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="61">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.management.overview.role.value.raa</source>
         <target>RAA</target>
       </trans-unit>
       <trans-unit id="53c4452d09c417bfb728d1e738b2ae2bbff3c883" resname="ra.management.overview.role.value.sraa">
-        <jms:reference-file line="72">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="62">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.management.overview.role.value.sraa</source>
         <target>SRAA</target>
       </trans-unit>
@@ -1127,7 +1127,7 @@
         <target>De verificatie van de identiteit is mislukt</target>
       </trans-unit>
       <trans-unit id="eff2ebc67229b22b80526799953593c40a2c6ef9" resname="ra.verify_identity.registration_code_expired">
-        <jms:reference-file line="228">RaBundle/Controller/VettingController.php</jms:reference-file>
+        <jms:reference-file line="231">RaBundle/Controller/VettingController.php</jms:reference-file>
         <jms:reference-file line="10">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.verify_identity.registration_code_expired</source>
         <target>De activatie code is verlopen. Verwijder eerst de huidige token registratie (door RA of gebruiker). De gebruiker start vervolgens een nieuwe registratie via %self_service_url% en ontvangt een nieuwe activatiecode die weer 14 dagen geldig blijft.</target>
@@ -1151,59 +1151,19 @@
         <jms:reference-file line="51">Form/Type/VerifyIdentityType.php</jms:reference-file>
         <jms:reference-file line="47">Form/Type/VerifyPhoneNumberType.php</jms:reference-file>
         <jms:reference-file line="5">Vetting/partial/cancelVettingProcedure.html.twig</jms:reference-file>
+        <jms:reference-file line="56">views/Vetting/verifyIdentity.html.twig</jms:reference-file>
         <jms:reference-file line="47">Vetting/Sms/provePossession.html.twig</jms:reference-file>
         <jms:reference-file line="47">Vetting/Sms/sendChallenge.html.twig</jms:reference-file>
-        <jms:reference-file line="56">views/Vetting/verifyIdentity.html.twig</jms:reference-file>
         <source>ra.vetting.button.cancel_procedure</source>
         <target>Annuleren</target>
       </trans-unit>
       <trans-unit id="32b7bc724e0d07eac8325753ae89605966b495c7" resname="ra.vetting.flash.cancelled">
+        <jms:reference-file line="157">RaBundle/Controller/VettingController.php</jms:reference-file>
+        <jms:reference-file line="187">RaBundle/Controller/VettingController.php</jms:reference-file>
         <jms:reference-file line="120">Controller/Vetting/SmsController.php</jms:reference-file>
-        <jms:reference-file line="154">RaBundle/Controller/VettingController.php</jms:reference-file>
-        <jms:reference-file line="184">RaBundle/Controller/VettingController.php</jms:reference-file>
         <source>ra.vetting.flash.cancelled</source>
         <target>De activatieprocedure is afgebroken.</target>
       </trans-unit>
-      <trans-unit id="1dec0b54fa1739f15b995a5a8a3acb03adeff07d" resname="ra.vetting.gssf.initiate.biometric.button.initiate">
-        <jms:reference-file line="46">Resources/views/translations.html.twig</jms:reference-file>
-        <source>ra.vetting.gssf.initiate.biometric.button.initiate</source>
-        <target>Biometrie verifiëren</target>
-      </trans-unit>
-      <trans-unit id="94b9f4e4392a0b3cdf5cff65cf8951cb2ee4b3ba" resname="ra.vetting.gssf.initiate.biometric.error.gssf_id_mismatch">
-        <jms:reference-file line="47">Resources/views/translations.html.twig</jms:reference-file>
-        <source>ra.vetting.gssf.initiate.biometric.error.gssf_id_mismatch</source>
-        <target>Het biometrisch apparaat heeft een ID teruggegeven dat niet overeenkomt met het gevraagde ID, dat de registrant heeft geregistreerd in de Self-Service-applicatie.</target>
-      </trans-unit>
-      <trans-unit id="900abec75af2dfb739b1f7a9e73695385893b0d0" resname="ra.vetting.gssf.initiate.biometric.text.explanation">
-        <jms:reference-file line="45">Resources/views/translations.html.twig</jms:reference-file>
-        <source>ra.vetting.gssf.initiate.biometric.text.explanation</source>
-        <target>Klik de knop hieronder om de registrant biometrisch te verifiëren.</target>
-      </trans-unit>
-      <trans-unit id="ee546154768e6aa0c5075029912a2b01d7cd5ab6" resname="ra.vetting.gssf.initiate.biometric.title.page">
-        <jms:reference-file line="44">Resources/views/translations.html.twig</jms:reference-file>
-        <source>ra.vetting.gssf.initiate.biometric.title.page</source>
-        <target>Biometrie verifiëren</target>
-      </trans-unit>
-      <trans-unit id="485287b4d4e2f13a9df979601799e727821b9817" resname="ra.vetting.gssf.initiate.tiqr.button.initiate">
-        <jms:reference-file line="42">Resources/views/translations.html.twig</jms:reference-file>
-        <source>ra.vetting.gssf.initiate.tiqr.button.initiate</source>
-        <target>Verifiëren bij Tiqr</target>
-      </trans-unit>
-      <trans-unit id="e6ca047d4a5ae812276be6e8ece30cc7d6102af2" resname="ra.vetting.gssf.initiate.tiqr.error.gssf_id_mismatch">
-        <jms:reference-file line="43">Resources/views/translations.html.twig</jms:reference-file>
-        <source>ra.vetting.gssf.initiate.tiqr.error.gssf_id_mismatch</source>
-        <target>De Tiqr-server heeft een ID teruggegeven dat niet overeenkomt met het gevraagde ID, dat de registrant heeft geregistreerd in de Self-Service-applicatie.</target>
-      </trans-unit>
-      <trans-unit id="a5ec286b6d7f1ba6056eb720211d748ca9e8844c" resname="ra.vetting.gssf.initiate.tiqr.text.explanation">
-        <jms:reference-file line="41">Resources/views/translations.html.twig</jms:reference-file>
-        <source>ra.vetting.gssf.initiate.tiqr.text.explanation</source>
-        <target>Klik de knop hieronder om te verifiëren dat de registrant het Tiqr-account bezit dat hij of zij gebruikt heeft in de Self-Service-applicatie.</target>
-      </trans-unit>
-      <trans-unit id="cb3ffa7493a6cbda2c134ee5c2b80f193f822737" resname="ra.vetting.gssf.initiate.tiqr.title.page">
-        <jms:reference-file line="40">Resources/views/translations.html.twig</jms:reference-file>
-        <source>ra.vetting.gssf.initiate.tiqr.title.page</source>
-        <target>Tiqr verifiëren</target>
-      </trans-unit>
       <trans-unit id="3f708a1089bb9a75621006456174cd658d18b541" resname="ra.vetting.progress_bar.enter_registration_code">
         <jms:reference-file line="2">Vetting/partial/progressBar.html.twig</jms:reference-file>
         <source>ra.vetting.progress_bar.enter_registration_code</source>
@@ -1250,7 +1210,7 @@
         <target>Tokentype uitgeschakeld</target>
       </trans-unit>
       <trans-unit id="8e4a356a46fe95b04ae1cbb201b8d62e15670b2e" resname="ra.vetting.sms.challenge_body">
-        <jms:reference-file line="216">RaBundle/Service/VettingService.php</jms:reference-file>
+        <jms:reference-file line="224">RaBundle/Service/VettingService.php</jms:reference-file>
         <source>ra.vetting.sms.challenge_body</source>
         <target>Uw SMS-code: %challenge%</target>
       </trans-unit>
@@ -1300,12 +1260,12 @@
         <target>Home</target>
       </trans-unit>
       <trans-unit id="385d56fffaf0e844dcd7b164b18741f050ba28e7" resname="ra.vetting.u2f.alert.device_reported_an_error">
-        <jms:reference-file line="77">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="67">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.vetting.u2f.alert.device_reported_an_error</source>
         <target>Het U2F-apparaat heeft een foutmelding gerapporteerd. Probeer het opnieuw of neem contact op met de IT-helpdesk.</target>
       </trans-unit>
       <trans-unit id="467eb86ef7b096d0e14386714ef1b120c3f6b834" resname="ra.vetting.u2f.alert.error">
-        <jms:reference-file line="78">Resources/views/translations.html.twig</jms:reference-file>
+        <jms:reference-file line="68">Resources/views/translations.html.twig</jms:reference-file>
         <source>ra.vetting.u2f.alert.error</source>
         <target>De authenticate met het U2F-apparaat is mislukt. Probeer het opnieuw of neem contact op met de IT-helpdesk.</target>
       </trans-unit>
diff --git a/app/Resources/translations/validators.en_GB.xliff b/app/Resources/translations/validators.en_GB.xliff
index c34632c9..283c1a23 100644
--- a/app/Resources/translations/validators.en_GB.xliff
+++ b/app/Resources/translations/validators.en_GB.xliff
@@ -1,11 +1,15 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2016-11-03T10:43:41Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
+  <file date="2017-06-15T15:47:57Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
     </header>
     <body>
+      <trans-unit id="9fe9614ee06100ffa9474b193d1aec7a4c1d1334" resname="middleware_client.dto.configuration.allowed_second_factors.must_be_array">
+        <source>middleware_client.dto.configuration.allowed_second_factors.must_be_array</source>
+        <target state="new">middleware_client.dto.configuration.allowed_second_factors.must_be_array</target>
+      </trans-unit>
       <trans-unit id="e921db3beb8170142aa4dcd8c364595343b6fc64" resname="middleware_client.dto.configuration.show_raa_contact_information.must_be_boolean">
         <source>middleware_client.dto.configuration.show_raa_contact_information.must_be_boolean</source>
         <target>Show RAA Contact Information option must be boolean.</target>
diff --git a/app/Resources/translations/validators.nl_NL.xliff b/app/Resources/translations/validators.nl_NL.xliff
index c079e317..3ed6db7d 100644
--- a/app/Resources/translations/validators.nl_NL.xliff
+++ b/app/Resources/translations/validators.nl_NL.xliff
@@ -1,11 +1,15 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2016-11-03T10:45:46Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
+  <file date="2017-06-15T15:47:50Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
     </header>
     <body>
+      <trans-unit id="9fe9614ee06100ffa9474b193d1aec7a4c1d1334" resname="middleware_client.dto.configuration.allowed_second_factors.must_be_array">
+        <source>middleware_client.dto.configuration.allowed_second_factors.must_be_array</source>
+        <target state="new">middleware_client.dto.configuration.allowed_second_factors.must_be_array</target>
+      </trans-unit>
       <trans-unit id="e921db3beb8170142aa4dcd8c364595343b6fc64" resname="middleware_client.dto.configuration.show_raa_contact_information.must_be_boolean">
         <source>middleware_client.dto.configuration.show_raa_contact_information.must_be_boolean</source>
         <target>Show RAA Contact Information option must be boolean.</target>
diff --git a/src/Surfnet/StepupRa/RaBundle/Resources/views/translations.html.twig b/src/Surfnet/StepupRa/RaBundle/Resources/views/translations.html.twig
index 1d1b0a49..6191101c 100644
--- a/src/Surfnet/StepupRa/RaBundle/Resources/views/translations.html.twig
+++ b/src/Surfnet/StepupRa/RaBundle/Resources/views/translations.html.twig
@@ -36,16 +36,6 @@
 {{ 'ra.second_factor.search.status.vetted'|trans }}
 {{ 'ra.second_factor.search.status.revoked'|trans }}
 
-{# GssfController #}
-{{ ('ra.vetting.gssf.initiate.tiqr.title.page')|trans }}
-{{ ('ra.vetting.gssf.initiate.tiqr.text.explanation')|trans }}
-{{ ('ra.vetting.gssf.initiate.tiqr.button.initiate')|trans }}
-{{ ('ra.vetting.gssf.initiate.tiqr.error.gssf_id_mismatch')|trans }}
-{{ ('ra.vetting.gssf.initiate.biometric.title.page')|trans }}
-{{ ('ra.vetting.gssf.initiate.biometric.text.explanation')|trans }}
-{{ ('ra.vetting.gssf.initiate.biometric.button.initiate')|trans }}
-{{ ('ra.vetting.gssf.initiate.biometric.error.gssf_id_mismatch')|trans }}
-
 {# RaRoleChoiceList labels #}
 {{ ('ra.form.extension.ra_role_choice.ra'|trans) }}
 {{ ('ra.form.extension.ra_role_choice.raa'|trans) }}