diff --git a/.travis.yml b/.travis.yml
index 1d16dd916603..90a271210dd4 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -32,7 +32,7 @@ branches:
   - master
 jdk:
 - oraclejdk7
-- oraclejdk8
+# - oraclejdk8
 cache:
   directories:
     - '$HOME/.m2/repository'
diff --git a/NOTICE b/NOTICE
index 2cb8c1b10460..96ea90d655c0 100644
--- a/NOTICE
+++ b/NOTICE
@@ -16,7 +16,6 @@ specific language governing permissions and limitations
 under the License.
 
 This project includes:
-  "Java Concurrency in Practice" book annotations under Creative Commons Attribution License
   Annotations for Metrics under Apache License 2.0
   AntLR Parser Generator under BSD License
   AOP alliance under Public Domain
@@ -32,7 +31,6 @@ This project includes:
   Apache Log4j Core under The Apache Software License, Version 2.0
   Apache Log4j SLF4J Binding under The Apache Software License, Version 2.0
   Apache Log4j Web under The Apache Software License, Version 2.0
-  Apache Santuario under The Apache Software License, Version 2.0
   Apache Shiro :: Core under The Apache Software License, Version 2.0
   Apache Velocity under The Apache Software License, Version 2.0
   Apache XML Security for Java under The Apache Software License, Version 2.0
@@ -74,7 +72,16 @@ This project includes:
   Central Authentication Service under Jasig License
   ClassMate under The Apache Software License, Version 2.0
   Code Generation Library under ASF 2.0
-  Collections under The Apache Software License, Version 2.0
+  com.github.coova.jradius:jradius-apps under GNU Lesser General Public License, version 2.1
+  com.github.coova.jradius:jradius-client under GNU Lesser General Public License, version 2.1
+  com.github.coova.jradius:jradius-core under GNU Lesser General Public License, version 2.1
+  com.github.coova.jradius:jradius-dictionary under GNU Lesser General Public License, version 2.1
+  com.github.coova.jradius:jradius-dictionary-min under GNU Lesser General Public License, version 2.1
+  com.github.coova.jradius:jradius-example under GNU Lesser General Public License, version 2.1
+  com.github.coova.jradius:jradius-extended under GNU Lesser General Public License, version 2.1
+  com.github.coova.jradius:jradius-extras under GNU Lesser General Public License, version 2.1
+  com.github.coova.jradius:jradius-server under GNU Lesser General Public License, version 2.1
+  com.github.coova:jradius under GNU Lesser General Public License, version 2.1
   Commons BeanUtils under The Apache Software License, Version 2.0
   Commons Chain under The Apache Software License, Version 2.0
   Commons CLI under The Apache Software License, Version 2.0
@@ -90,7 +97,6 @@ This project includes:
   Commons Pool under The Apache Software License, Version 2.0
   commons-beanutils under Apache License, Version 2.0
   commons-beanutils-core under Apache License, Version 2.0
-  commons-collections under Apache License, Version 2.0
   Core Hibernate O/RM functionality under GNU Lesser General Public License
   Cryptacular Library under Apache 2 or GNU Lesser General Public License
   Digester under The Apache Software License, Version 2.0
@@ -98,7 +104,6 @@ This project includes:
   ehcache under The Apache Software License, Version 2.0
   Ehcache Core under The Apache Software License, Version 2.0
   Ehcache JCache Implementation under The Apache Software License, Version 2.0
-  ESAPI 2.0 under BSD or Creative Commons 3.0 BY-SA
   Expression Language 2.2 Implementation under CDDL + GPLv2 with classpath exception
   Expression Language 3.0 API under CDDL + GPLv2 with classpath exception
   fastinfoset under Apache License, Version 2.0
@@ -109,7 +114,6 @@ This project includes:
   fongo under The Apache Software License, Version 2.0
   FreeMarker under Apache License, Version 2.0
   GeoJson POJOs for Jackson under The Apache Software License, Version 2.0
-  gnu-crypto under GNU General Public License, with the "library exception"
   Guava: Google Core Libraries for Java under The Apache Software License, Version 2.0
   guice under The Apache Software License, Version 2.0
   Hamcrest Core under New BSD License
@@ -118,7 +122,6 @@ This project includes:
   Hibernate Commons Annotations under GNU Lesser General Public License
   Hibernate JPA Support under GNU Lesser General Public License
   Hibernate Validator Engine under Apache License, Version 2.0
-  HttpClient under Apache License
   HyperSQL Database under HSQLDB License, a BSD open source license
   Inspektr - Aspects under Apache 2.0 License
   Inspektr - Auditing API under Apache 2.0 License
@@ -140,7 +143,6 @@ This project includes:
   Java Persistence API, Version 2.1 under Eclipse Public License (EPL), Version 1.0 or Eclipse Distribution License (EDL), Version 1.0
   Java Servlet API under CDDL + GPLv2 with classpath exception
   Java Transaction API under Commons Development and Distribution License, Version 1.0
-  java-getopt under GNU General Public License, with the "library exception"
   java-support under The Apache Software License, Version 2.0
   JavaBeans Activation Framework (JAF) under Common Development and Distribution License (CDDL) v1.0
   JavaMail API (compat) under CDDL or GPLv2+CE
@@ -148,6 +150,7 @@ This project includes:
   javax.inject under The Apache Software License, Version 2.0
   JAXB CORE under CDDL 1.1 or GPL2 w/ CPE
   JAXB Reference Implementation under CDDL 1.1 or GPL2 w/ CPE
+  JBoss Cache - Core Edition under GNU Lesser General Public License
   JBoss Common Classes under lgpl
   JBoss Logging 3 under Apache License, version 2.0
   JBoss Logging I18n Annotations under Public Domain
@@ -163,7 +166,7 @@ This project includes:
   JGroups under Library (or Lesser) GNU Public License 2.1
   Joda-Time under Apache 2
   jose4j under The Apache Software License, Version 2.0
-  JSR 105 - Java(TM) XML Digital Signature API under JDL license
+  js under Mozilla Public License, Version 1.1
   JSR 353 (JSON Processing) API under Dual license consisting of the CDDL v1.1 and GPL v2
   JSR 353 (JSON Processing) Default Provider under Dual license consisting of the CDDL v1.1 and GPL v2
   JSR-250 Common Annotations for the JavaTM Platform under COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
@@ -191,9 +194,6 @@ This project includes:
   Mockito under The MIT License
   MongoDB Java Driver under The Apache Software License, Version 2.0
   Neko HTML under The Apache Software License, Version 2.0
-  net.jradius:jradius-core under LGPL, v3.0
-  net.jradius:jradius-dictionary under LGPL, v3.0
-  net.sf.ehcache:ehcache-terracotta under Apache License, Version 2.0
   net.shibboleth.idp:idp-attribute-api under Apache License, Version 2.0
   net.shibboleth.idp:idp-attribute-filter-api under Apache License, Version 2.0
   net.shibboleth.idp:idp-attribute-resolver-api under Apache License, Version 2.0
@@ -206,9 +206,9 @@ This project includes:
   net.shibboleth.idp:idp-saml-impl under Apache License, Version 2.0
   net.shibboleth.idp:idp-schema under Apache License, Version 2.0
   net.shibboleth.idp:idp-session-api under Apache License, Version 2.0
-  Not Yet Commons SSL under Apache License v2
   Objenesis under Apache 2
   OGNL - Object Graph Navigation Library under Apache License, Version 2.0
+  ON Enterprise Server JAR under GNU Lesser General Public License (LGPL)
   OpenID4Java under Apache 2
   OpenSAML :: Core under The Apache Software License, Version 2.0
   OpenSAML :: Messaging API under The Apache Software License, Version 2.0
@@ -222,11 +222,7 @@ This project includes:
   OpenSAML :: Storage API under The Apache Software License, Version 2.0
   OpenSAML :: XML Security API under The Apache Software License, Version 2.0
   OpenSAML :: XML Security Implementation under The Apache Software License, Version 2.0
-  OpenSAML-J under Apache 2
-  OpenWS under Apache 2
-  org.jboss.cache:jbosscache-core under LGPL, v2.1
   org.samba.jcifs:jcifs-ext under GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1
-  org.terracotta:terracotta-toolkit-1.0-runtime under Terracotta Public License, http://www.terracotta.org/legal/terracotta-public-license
   pac4j core under The Apache Software License, Version 2.0
   pac4j for HTTP protocol under The Apache Software License, Version 2.0
   pac4j for OAuth protocol under The Apache Software License, Version 2.0
@@ -240,7 +236,6 @@ This project includes:
   Restlet Extension - Servlet under Apache 2.0 license or LGPL 3.0 license or LGPL 2.1 license or CDDL 1.0 license or EPL 1.0 license
   Restlet Extension - SLF4J under Apache 2.0 license or LGPL 3.0 license or LGPL 2.1 license or CDDL 1.0 license or EPL 1.0 license
   Restlet Extension - Spring Framework under Apache 2.0 license or LGPL 3.0 license or LGPL 2.1 license or CDDL 1.0 license or EPL 1.0 license
-  Rhino under Mozilla Public License
   Scribe OAuth Library under MIT
   servlet-api under Commons Development and Distribution License, Version 1.0
   SLF4J API Module under MIT License
@@ -276,11 +271,5 @@ This project includes:
   UnboundID LDAP SDK for Java under GNU General Public License version 2 (GPLv2) or GNU Lesser General Public License version 2.1 (LGPLv2.1) or UnboundID LDAP SDK Free Use License
   VT Crypt Library under Apache 2 or GNU Lesser General Public License
   Woodstox under The Apache Software License, Version 2.0
-  Xalan Java under The Apache Software License, Version 2.0
-  Xalan Java Serializer under The Apache Software License, Version 2.0
-  Xerces2 Java Parser under The Apache Software License, Version 2.0
-  Xerces2-j under The Apache Software License, Version 2.0
   XML Commons External Components XML APIs under The Apache Software License, Version 2.0 or The SAX License or The W3C License
-  XML Commons Resolver Component under The Apache Software License, Version 2.0
-  XMLTooling-J under Apache 2
 
diff --git a/cas-management-webapp/NOTICE b/cas-management-webapp/NOTICE
index cec5d2afc8c9..fb3359307ece 100644
--- a/cas-management-webapp/NOTICE
+++ b/cas-management-webapp/NOTICE
@@ -16,7 +16,6 @@ specific language governing permissions and limitations
 under the License.
 
 This project includes:
-  "Java Concurrency in Practice" book annotations under Creative Commons Attribution License
   Annotations for Metrics under Apache License 2.0
   AntLR Parser Generator under BSD License
   AOP alliance under Public Domain
@@ -30,8 +29,6 @@ This project includes:
   Apache Log4j Core under The Apache Software License, Version 2.0
   Apache Log4j SLF4J Binding under The Apache Software License, Version 2.0
   Apache Log4j Web under The Apache Software License, Version 2.0
-  Apache Santuario under The Apache Software License, Version 2.0
-  Apache Velocity under The Apache Software License, Version 2.0
   Apereo CAS Core under Apache 2
   Apereo CAS Core APIs under Apache 2
   Apereo CAS Generic Support under Apache 2
@@ -48,11 +45,9 @@ This project includes:
   Commons IO under The Apache Software License, Version 2.0
   Commons JEXL under The Apache Software License, Version 2.0
   Commons Logging under The Apache Software License, Version 2.0
-  commons-collections under Apache License, Version 2.0
   Core Hibernate O/RM functionality under GNU Lesser General Public License
   Cryptacular Library under Apache 2 or GNU Lesser General Public License
   dom4j under BSD License
-  ESAPI 2.0 under BSD or Creative Commons 3.0 BY-SA
   Expression Language 2.2 Implementation under CDDL + GPLv2 with classpath exception
   Expression Language 3.0 API under CDDL + GPLv2 with classpath exception
   fastinfoset under Apache License, Version 2.0
@@ -61,7 +56,6 @@ This project includes:
   Hamcrest Core under New BSD License
   Hibernate Commons Annotations under GNU Lesser General Public License
   Hibernate Validator Engine under Apache License, Version 2.0
-  HttpClient under Apache License
   Inspektr - Aspects under Apache 2.0 License
   Inspektr - Auditing API under Apache 2.0 License
   Inspektr - Common API under Apache 2.0 License
@@ -101,17 +95,13 @@ This project includes:
   JUL to SLF4J bridge under MIT License
   JUnit under Eclipse Public License 1.0
   JVM Integration for Metrics under Apache License 2.0
-  Lang under The Apache Software License, Version 2.0
   LDAPTIVE under Apache 2 or GNU Lesser General Public License
   Metrics Core under Apache License 2.0
   Metrics Health Checks under Apache License 2.0
   Metrics Utility Servlets under Apache License 2.0
   Mockito under The MIT License
-  Not Yet Commons SSL under Apache License v2
   Objenesis under Apache 2
   OGNL - Object Graph Navigation Library under Apache License, Version 2.0
-  OpenSAML-J under Apache 2
-  OpenWS under Apache 2
   Person Directory API under Apache License Version 2.0
   Person Directory Implementations under Apache License Version 2.0
   quartz under The Apache Software License, Version 2.0
@@ -142,10 +132,5 @@ This project includes:
   Stax2 API under The BSD License
   Streaming API for XML under Sun Binary Code License
   Woodstox under The Apache Software License, Version 2.0
-  Xalan Java under The Apache Software License, Version 2.0
-  Xalan Java Serializer under The Apache Software License, Version 2.0
-  Xerces2-j under The Apache Software License, Version 2.0
   XML Commons External Components XML APIs under The Apache Software License, Version 2.0 or The SAX License or The W3C License
-  XML Commons Resolver Component under The Apache Software License, Version 2.0
-  XMLTooling-J under Apache 2
 
diff --git a/cas-management-webapp/pom.xml b/cas-management-webapp/pom.xml
index daaaed10feb4..d6863ea35a44 100644
--- a/cas-management-webapp/pom.xml
+++ b/cas-management-webapp/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.jasig.cas</groupId>
         <artifactId>cas-server</artifactId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>cas-management-webapp</artifactId>
diff --git a/cas-server-core-api/pom.xml b/cas-server-core-api/pom.xml
index b9db73ecf0a3..9decf52af9d3 100644
--- a/cas-server-core-api/pom.xml
+++ b/cas-server-core-api/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <artifactId>cas-server</artifactId>
         <groupId>org.jasig.cas</groupId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>cas-server-core-api</artifactId>
diff --git a/cas-server-core/pom.xml b/cas-server-core/pom.xml
index ff837405e71d..972e2e085ab9 100644
--- a/cas-server-core/pom.xml
+++ b/cas-server-core/pom.xml
@@ -22,7 +22,7 @@
   <parent>
     <artifactId>cas-server</artifactId>
     <groupId>org.jasig.cas</groupId>
-    <version>4.1.0-RC3-SNAPSHOT</version>
+    <version>4.2.0-SNAPSHOT</version>
   </parent>
   <modelVersion>4.0.0</modelVersion>
   <artifactId>cas-server-core</artifactId>
diff --git a/cas-server-core/src/main/java/org/jasig/cas/CasEnvironmentContextListener.java b/cas-server-core/src/main/java/org/jasig/cas/CasEnvironmentContextListener.java
index 4ccde47f20f5..9351fcb95132 100644
--- a/cas-server-core/src/main/java/org/jasig/cas/CasEnvironmentContextListener.java
+++ b/cas-server-core/src/main/java/org/jasig/cas/CasEnvironmentContextListener.java
@@ -76,8 +76,9 @@ public void logEnvironmentInfo() {
     private String collectEnvironmentInfo() {
         final Properties properties = System.getProperties();
         final Formatter formatter = new Formatter();
-        formatter.format("\n******************** Welcome to CAS ********************\n");
+        formatter.format("\n******************** Welcome to CAS *****************\n");
         formatter.format("CAS Version: %s\n", CasVersion.getVersion());
+        formatter.format("Build Date/Time: %s\n", CasVersion.getDateTime());
         formatter.format("Java Home: %s\n", properties.get("java.home"));
         formatter.format("Java Vendor: %s\n", properties.get("java.vendor"));
         formatter.format("Java Version: %s\n", properties.get("java.version"));
diff --git a/cas-server-core/src/main/java/org/jasig/cas/CasVersion.java b/cas-server-core/src/main/java/org/jasig/cas/CasVersion.java
index f621132152e8..384dda869d38 100644
--- a/cas-server-core/src/main/java/org/jasig/cas/CasVersion.java
+++ b/cas-server-core/src/main/java/org/jasig/cas/CasVersion.java
@@ -18,12 +18,16 @@
  */
 package org.jasig.cas;
 
+import org.joda.time.DateTime;
+
+import java.io.File;
+import java.net.URL;
+
 /**
  * Class that exposes the CAS version. Fetches the "Implementation-Version"
  * manifest attribute from the jar file.
  *
  * @author Dmitriy Kopylenko
-
  * @since 3.0.0
  */
 public final class CasVersion {
@@ -43,4 +47,27 @@ private CasVersion() {
     public static String getVersion() {
         return CasVersion.class.getPackage().getImplementationVersion();
     }
+
+    /**
+     * Gets last modified date/time for the module.
+     * @return the date/time
+     */
+    public static DateTime getDateTime() {
+        try {
+            final Class clazz = CasVersion.class;
+            final URL resource = clazz.getResource(clazz.getSimpleName() + ".class");
+            if ("file".equals(resource.getProtocol())) {
+                return new DateTime(new File(resource.toURI()).lastModified());
+            } else if ("jar".equals(resource.getProtocol())) {
+                final String path = resource.getPath();
+                final File file = new File(path.substring(5, path.indexOf('!')));
+                return new DateTime(file.lastModified());
+            }
+            throw new IllegalArgumentException("Unhandled url protocol: "
+                        + resource.getProtocol() + " for class: "
+                        + clazz.getName() + " resource: " + resource);
+        } catch (final Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
 }
diff --git a/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/BadCredentialsAuthenticationException.java b/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/BadCredentialsAuthenticationException.java
deleted file mode 100644
index 15cef68b7aca..000000000000
--- a/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/BadCredentialsAuthenticationException.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Licensed to Apereo under one or more contributor license
- * agreements. See the NOTICE file distributed with this work
- * for additional information regarding copyright ownership.
- * Apereo licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file
- * except in compliance with the License.  You may obtain a
- * copy of the License at the following location:
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.jasig.cas.authentication.handler;
-
-/**
- * Generic Bad Credential Exception. This can be thrown when the system knows
- * the credentials are not valid specificially because they are bad. Subclasses
- * can be specific to a certain type of Credential
- * (BadUsernamePassowrdCredentials).
- *
- * @author Scott Battaglia
-
- * @since 3.0.0
- */
-public class BadCredentialsAuthenticationException extends AuthenticationException {
-    /**
-     * Default constructor that does not allow the chaining of exceptions and
-     * uses the default code as the error code for this exception.
-     */
-    public static final String CODE = "error.authentication.credentials.bad";
-
-    /**
-     * Static instance of class to prevent cost incurred by creating new
-     * instance.
-     */
-    public static final BadCredentialsAuthenticationException ERROR = new BadCredentialsAuthenticationException();
-
-    /** UID for serializable objects. */
-    private static final long serialVersionUID = 3256719585087797044L;
-
-    /**
-     * Default constructor that does not allow the chaining of exceptions and
-     * uses the default code as the error code for this exception.
-     */
-    public BadCredentialsAuthenticationException() {
-        super(CODE);
-    }
-
-    /**
-     * Constructor to allow for the chaining of exceptions. Constructor defaults
-     * to default code.
-     *
-     * @param throwable the chainable exception.
-     */
-    public BadCredentialsAuthenticationException(final Throwable throwable) {
-        super(CODE, throwable);
-    }
-
-    /**
-     * Constructor method to allow for providing a custom code to associate with
-     * this exception.
-     *
-     * @param code the code to use.
-     */
-    public BadCredentialsAuthenticationException(final String code) {
-        super(code);
-    }
-
-    /**
-     * Constructor to allow for the chaining of exceptions and use of a
-     * non-default code.
-     *
-     * @param code the user-specified code.
-     * @param throwable the chainable exception.
-     */
-    public BadCredentialsAuthenticationException(final String code,
-        final Throwable throwable) {
-        super(code, throwable);
-    }
-}
diff --git a/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/BadPasswordAuthenticationException.java b/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/BadPasswordAuthenticationException.java
deleted file mode 100644
index a40d262491b7..000000000000
--- a/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/BadPasswordAuthenticationException.java
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Licensed to Apereo under one or more contributor license
- * agreements. See the NOTICE file distributed with this work
- * for additional information regarding copyright ownership.
- * Apereo licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file
- * except in compliance with the License.  You may obtain a
- * copy of the License at the following location:
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.jasig.cas.authentication.handler;
-
-/**
- * The exception to throw when we know the username is correct but the password
- * is not.
- *
- * @author Scott Battaglia
-
- * @since 3.0.0
- */
-public class BadPasswordAuthenticationException extends
-    BadUsernameOrPasswordAuthenticationException {
-
-    /** Static instance of BadPasswordAuthenticationException. */
-    public static final BadPasswordAuthenticationException ERROR = new BadPasswordAuthenticationException();
-
-    /** Unique ID for serializing. */
-    private static final long serialVersionUID = 3977861752513837361L;
-
-    /** The default code for this exception used for message resolving. */
-    private static final String CODE = "error.authentication.credentials.bad.usernameorpassword.password";
-
-    /**
-     * Default constructor that does not allow the chaining of exceptions and
-     * uses the default code as the error code for this exception.
-     */
-    public BadPasswordAuthenticationException() {
-        super(CODE);
-    }
-
-    /**
-     * Constructor that allows for the chaining of exceptions. Defaults to the
-     * default code provided for this exception.
-     *
-     * @param throwable the chained exception.
-     */
-    public BadPasswordAuthenticationException(final Throwable throwable) {
-        super(CODE, throwable);
-    }
-
-    /**
-     * Constructor that allows for providing a custom error code for this class.
-     * Error codes are often used to resolve exceptions into messages. Providing
-     * a custom error code allows the use of a different message.
-     *
-     * @param code the custom code to use with this exception.
-     */
-    public BadPasswordAuthenticationException(final String code) {
-        super(code);
-    }
-
-    /**
-     * Constructor that allows for chaining of exceptions and a custom error
-     * code.
-     *
-     * @param code the custom error code to use in message resolving.
-     * @param throwable the chained exception.
-     */
-    public BadPasswordAuthenticationException(final String code,
-        final Throwable throwable) {
-        super(code, throwable);
-    }
-}
diff --git a/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/BadUsernameOrPasswordAuthenticationException.java b/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/BadUsernameOrPasswordAuthenticationException.java
deleted file mode 100644
index 3e1b2cc4d0ef..000000000000
--- a/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/BadUsernameOrPasswordAuthenticationException.java
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Licensed to Apereo under one or more contributor license
- * agreements. See the NOTICE file distributed with this work
- * for additional information regarding copyright ownership.
- * Apereo licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file
- * except in compliance with the License.  You may obtain a
- * copy of the License at the following location:
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.jasig.cas.authentication.handler;
-
-/**
- * Exception to throw when we know the credentials provided were
- * username/password and the combination is wrong.
- *
- * @author Scott Battaglia
-
- * @since 3.0.0
- */
-public class BadUsernameOrPasswordAuthenticationException extends
-    BadCredentialsAuthenticationException {
-
-    /** Static instance of BadUsernameOrPasswordAuthenticationException. */
-    public static final BadUsernameOrPasswordAuthenticationException ERROR =
-            new BadUsernameOrPasswordAuthenticationException();
-
-    /** Unique ID for serializing. */
-    private static final long serialVersionUID = 3977861752513837361L;
-
-    /** The default code for this exception used for message resolving. */
-    private static final String CODE = "error.authentication.credentials.bad.usernameorpassword";
-
-    /**
-     * Default constructor that does not allow the chaining of exceptions and
-     * uses the default code as the error code for this exception.
-     */
-    public BadUsernameOrPasswordAuthenticationException() {
-        super(CODE);
-    }
-
-    /**
-     * Constructor that allows for the chaining of exceptions. Defaults to the
-     * default code provided for this exception.
-     *
-     * @param throwable the chained exception.
-     */
-    public BadUsernameOrPasswordAuthenticationException(
-        final Throwable throwable) {
-        super(CODE, throwable);
-    }
-
-    /**
-     * Constructor that allows for providing a custom error code for this class.
-     * Error codes are often used to resolve exceptions into messages. Providing
-     * a custom error code allows the use of a different message.
-     *
-     * @param code the custom code to use with this exception.
-     */
-    public BadUsernameOrPasswordAuthenticationException(final String code) {
-        super(code);
-    }
-
-    /**
-     * Constructor that allows for chaining of exceptions and a custom error
-     * code.
-     *
-     * @param code the custom error code to use in message resolving.
-     * @param throwable the chained exception.
-     */
-    public BadUsernameOrPasswordAuthenticationException(final String code,
-        final Throwable throwable) {
-        super(code, throwable);
-    }
-}
diff --git a/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/BlockedCredentialsAuthenticationException.java b/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/BlockedCredentialsAuthenticationException.java
deleted file mode 100644
index 7bde9f573bf2..000000000000
--- a/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/BlockedCredentialsAuthenticationException.java
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Licensed to Apereo under one or more contributor license
- * agreements. See the NOTICE file distributed with this work
- * for additional information regarding copyright ownership.
- * Apereo licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file
- * except in compliance with the License.  You may obtain a
- * copy of the License at the following location:
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.jasig.cas.authentication.handler;
-
-/**
- * Exception to represent credentials that have been blocked for a reason such
- * as Locked account.
- *
- * @author Scott Battaglia
-
- * @since 3.0.0
- */
-public class BlockedCredentialsAuthenticationException extends
-        AuthenticationException {
-
-    /** Static instance of BlockedCredentialsAuthenticationException. */
-    public static final BlockedCredentialsAuthenticationException ERROR =
-            new BlockedCredentialsAuthenticationException();
-
-    /** Unique ID for serialization. */
-    private static final long serialVersionUID = 3544669598642420017L;
-
-    /** The default code for this exception used for message resolving. */
-    private static final String CODE = "error.authentication.credentials.blocked";
-
-    /**
-     * Default constructor that does not allow the chaining of exceptions and
-     * uses the default code as the error code for this exception.
-     */
-    public BlockedCredentialsAuthenticationException() {
-        super(CODE);
-    }
-
-    /**
-     * Constructor that allows for the chaining of exceptions. Defaults to the
-     * default code provided for this exception.
-     *
-     * @param throwable the chained exception.
-     */
-    public BlockedCredentialsAuthenticationException(final Throwable throwable) {
-        super(CODE, throwable);
-    }
-
-    /**
-     * Constructor that allows for providing a custom error code for this class.
-     * Error codes are often used to resolve exceptions into messages. Providing
-     * a custom error code allows the use of a different message.
-     *
-     * @param code the custom code to use with this exception.
-     */
-    public BlockedCredentialsAuthenticationException(final String code) {
-        super(code);
-    }
-
-    /**
-     * Constructor that allows for chaining of exceptions and a custom error
-     * code.
-     *
-     * @param code the custom error code to use in message resolving.
-     * @param throwable the chained exception.
-     */
-    public BlockedCredentialsAuthenticationException(final String code,
-        final Throwable throwable) {
-        super(code, throwable);
-    }
-}
diff --git a/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/UncategorizedAuthenticationException.java b/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/UncategorizedAuthenticationException.java
deleted file mode 100644
index c39cf5885a7e..000000000000
--- a/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/UncategorizedAuthenticationException.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Licensed to Apereo under one or more contributor license
- * agreements. See the NOTICE file distributed with this work
- * for additional information regarding copyright ownership.
- * Apereo licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file
- * except in compliance with the License.  You may obtain a
- * copy of the License at the following location:
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.jasig.cas.authentication.handler;
-
-/**
- * Generic abstract exception to extend when you don't know what the heck is
- * going on.
- *
- * @author Scott Battaglia
- * @since 3.0.0
- * @deprecated As of 4.1, the class is required to note its abstractness in the name and will be renamed in the future.
- */
-@Deprecated
-public abstract class UncategorizedAuthenticationException extends AuthenticationException {
-
-    private static final long serialVersionUID = 872764495107139229L;
-
-    /**
-     * Constructor that allows for providing a custom error code for this class.
-     * Error codes are often used to resolve exceptions into messages. Providing
-     * a custom error code allows the use of a different message.
-     *
-     * @param code the custom code to use with this exception.
-     */
-    public UncategorizedAuthenticationException(final String code) {
-        super(code);
-    }
-
-    /**
-     * Constructor that allows for chaining of exceptions and a custom error
-     * code.
-     *
-     * @param code the custom error code to use in message resolving.
-     * @param throwable the chained exception.
-     */
-    public UncategorizedAuthenticationException(final String code,
-                                                final Throwable throwable) {
-        super(code, throwable);
-    }
-}
diff --git a/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/UnknownUsernameAuthenticationException.java b/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/UnknownUsernameAuthenticationException.java
deleted file mode 100644
index 07d8950b374e..000000000000
--- a/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/UnknownUsernameAuthenticationException.java
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Licensed to Apereo under one or more contributor license
- * agreements. See the NOTICE file distributed with this work
- * for additional information regarding copyright ownership.
- * Apereo licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file
- * except in compliance with the License.  You may obtain a
- * copy of the License at the following location:
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.jasig.cas.authentication.handler;
-
-/**
- * The exception to throw when we explicitly don't know anything about the
- * username.
- *
- * @author Scott Battaglia
-
- * @since 3.0.0
- */
-public class UnknownUsernameAuthenticationException extends
-    BadUsernameOrPasswordAuthenticationException {
-
-    /** Static instance of UnknownUsernameAuthenticationException. */
-    public static final UnknownUsernameAuthenticationException ERROR = new UnknownUsernameAuthenticationException();
-
-    /** Unique ID for serializing. */
-    private static final long serialVersionUID = 3977861752513837361L;
-
-    /** The code description of this exception. */
-    private static final String CODE = "error.authentication.credentials.bad.usernameorpassword.username";
-
-    /**
-     * Default constructor that does not allow the chaining of exceptions and
-     * uses the default code as the error code for this exception.
-     */
-    public UnknownUsernameAuthenticationException() {
-        super(CODE);
-    }
-
-    /**
-     * Constructor that allows for the chaining of exceptions. Defaults to the
-     * default code provided for this exception.
-     *
-     * @param throwable the chained exception.
-     */
-    public UnknownUsernameAuthenticationException(final Throwable throwable) {
-        super(CODE, throwable);
-    }
-
-    /**
-     * Constructor that allows for providing a custom error code for this class.
-     * Error codes are often used to resolve exceptions into messages. Providing
-     * a custom error code allows the use of a different message.
-     *
-     * @param code the custom code to use with this exception.
-     */
-    public UnknownUsernameAuthenticationException(final String code) {
-        super(code);
-    }
-
-    /**
-     * Constructor that allows for chaining of exceptions and a custom error
-     * code.
-     *
-     * @param code the custom error code to use in message resolving.
-     * @param throwable the chained exception.
-     */
-    public UnknownUsernameAuthenticationException(final String code,
-        final Throwable throwable) {
-        super(code, throwable);
-    }
-}
diff --git a/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/UnsupportedCredentialsException.java b/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/UnsupportedCredentialsException.java
deleted file mode 100644
index d3ccdb6f9cfb..000000000000
--- a/cas-server-core/src/main/java/org/jasig/cas/authentication/handler/UnsupportedCredentialsException.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Licensed to Apereo under one or more contributor license
- * agreements. See the NOTICE file distributed with this work
- * for additional information regarding copyright ownership.
- * Apereo licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file
- * except in compliance with the License.  You may obtain a
- * copy of the License at the following location:
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.jasig.cas.authentication.handler;
-
-/**
- * The exception thrown when a Handler does not know how to determine the
- * validity of the credentials based on the fact that it does not know what to
- * do with the credentials presented.
- *
- * @author Scott Battaglia
-
- * @since 3.0.0
- */
-public final class UnsupportedCredentialsException extends
-        AuthenticationException {
-
-    /** Static instance of UnsupportedCredentialsException. */
-    public static final UnsupportedCredentialsException ERROR = new UnsupportedCredentialsException();
-
-    /** Unique ID for serializing. */
-    private static final long serialVersionUID = 3977861752513837361L;
-
-    /** The code description of this exception. */
-    private static final String CODE = "error.authentication.credentials.unsupported";
-
-    /**
-     * Default constructor that does not allow the chaining of exceptions and
-     * uses the default code as the error code for this exception.
-     */
-    public UnsupportedCredentialsException() {
-        super(CODE);
-    }
-
-    /**
-     * Constructor that allows for the chaining of exceptions. Defaults to the
-     * default code provided for this exception.
-     *
-     * @param throwable the chained exception.
-     */
-    public UnsupportedCredentialsException(final Throwable throwable) {
-        super(CODE, throwable);
-    }
-}
diff --git a/cas-server-core/src/test/java/org/jasig/cas/authentication/handler/BadCredentialsAuthenticationExceptionTests.java b/cas-server-core/src/test/java/org/jasig/cas/authentication/handler/BadCredentialsAuthenticationExceptionTests.java
deleted file mode 100644
index ed893f9338ea..000000000000
--- a/cas-server-core/src/test/java/org/jasig/cas/authentication/handler/BadCredentialsAuthenticationExceptionTests.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Licensed to Apereo under one or more contributor license
- * agreements. See the NOTICE file distributed with this work
- * for additional information regarding copyright ownership.
- * Apereo licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file
- * except in compliance with the License.  You may obtain a
- * copy of the License at the following location:
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.jasig.cas.authentication.handler;
-
-import static org.junit.Assert.*;
-
-import org.junit.Test;
-
-
-/**
- * @author Scott Battaglia
- * @since 3.0.0
- */
-public final class BadCredentialsAuthenticationExceptionTests {
-
-    private static final String CODE = "error.authentication.credentials.bad";
-    private static final String MESSAGE = "GG";
-
-    @Test
-    public void verifyGetCode() {
-        final AuthenticationException e = new BadCredentialsAuthenticationException();
-        assertEquals(CODE, e.getCode());
-        assertEquals(CODE, e.toString());
-    }
-
-    @Test
-    public void verifyThrowableConstructor() {
-        final RuntimeException r = new RuntimeException();
-        final BadCredentialsAuthenticationException e = new BadCredentialsAuthenticationException(r);
-
-        assertEquals(CODE, e.getCode());
-        assertEquals(r, e.getCause());
-    }
-
-    @Test
-    public void verifyCodeConstructor() {
-        final BadCredentialsAuthenticationException e = new BadCredentialsAuthenticationException(MESSAGE);
-
-        assertEquals(MESSAGE, e.getCode());
-    }
-
-    @Test
-    public void verifyThrowableConstructorWithCode() {
-        final RuntimeException r = new RuntimeException();
-        final BadCredentialsAuthenticationException e = new BadCredentialsAuthenticationException(MESSAGE, r);
-
-        assertEquals(MESSAGE, e.getCode());
-        assertEquals(r, e.getCause());
-    }
-}
diff --git a/cas-server-core/src/test/java/org/jasig/cas/authentication/handler/BadPasswordAuthenticationExceptionTests.java b/cas-server-core/src/test/java/org/jasig/cas/authentication/handler/BadPasswordAuthenticationExceptionTests.java
deleted file mode 100644
index 10c670e69beb..000000000000
--- a/cas-server-core/src/test/java/org/jasig/cas/authentication/handler/BadPasswordAuthenticationExceptionTests.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Licensed to Apereo under one or more contributor license
- * agreements. See the NOTICE file distributed with this work
- * for additional information regarding copyright ownership.
- * Apereo licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file
- * except in compliance with the License.  You may obtain a
- * copy of the License at the following location:
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.jasig.cas.authentication.handler;
-
-import static org.junit.Assert.*;
-
-import org.junit.Test;
-
-/**
- * @author Scott Battaglia
- * @since 3.0.0
- */
-public final class BadPasswordAuthenticationExceptionTests  {
-
-    private static final String CODE = "error.authentication.credentials.bad.usernameorpassword.password";
-    private static final String MESSAGE = "GG";
-
-    @Test
-    public void verifyGetCode() {
-        final AuthenticationException e = new BadPasswordAuthenticationException();
-        assertEquals(CODE, e.getCode());
-        assertEquals(CODE, e.toString());
-    }
-
-    @Test
-    public void verifyThrowableConstructor() {
-        final RuntimeException r = new RuntimeException();
-        final BadPasswordAuthenticationException e = new BadPasswordAuthenticationException(r);
-
-        assertEquals(CODE, e.getCode());
-        assertEquals(r, e.getCause());
-    }
-
-    @Test
-    public void verifyCodeConstructor() {
-        final BadPasswordAuthenticationException e = new BadPasswordAuthenticationException(MESSAGE);
-
-        assertEquals(MESSAGE, e.getCode());
-    }
-
-    @Test
-    public void verifyThrowableConstructorWithCode() {
-        final RuntimeException r = new RuntimeException();
-        final BadPasswordAuthenticationException e = new BadPasswordAuthenticationException(MESSAGE, r);
-
-        assertEquals(MESSAGE, e.getCode());
-        assertEquals(r, e.getCause());
-    }
-}
diff --git a/cas-server-core/src/test/java/org/jasig/cas/authentication/handler/BadUsernameOrPasswordAuthenticationExceptionTests.java b/cas-server-core/src/test/java/org/jasig/cas/authentication/handler/BadUsernameOrPasswordAuthenticationExceptionTests.java
deleted file mode 100644
index 88cbb8567c15..000000000000
--- a/cas-server-core/src/test/java/org/jasig/cas/authentication/handler/BadUsernameOrPasswordAuthenticationExceptionTests.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Licensed to Apereo under one or more contributor license
- * agreements. See the NOTICE file distributed with this work
- * for additional information regarding copyright ownership.
- * Apereo licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file
- * except in compliance with the License.  You may obtain a
- * copy of the License at the following location:
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.jasig.cas.authentication.handler;
-
-import static org.junit.Assert.*;
-
-import org.junit.Test;
-
-/**
- * @author Scott Battaglia
- * @since 3.1
- */
-public final class BadUsernameOrPasswordAuthenticationExceptionTests {
-
-    private static final String CODE = "error.authentication.credentials.bad.usernameorpassword";
-    private static final String MESSAGE = "GG";
-
-    @Test
-    public void verifyGetCode() {
-        final AuthenticationException e = new BadUsernameOrPasswordAuthenticationException();
-        assertEquals(CODE, e.getCode());
-        assertEquals(CODE, e.toString());
-    }
-
-    @Test
-    public void verifyThrowableConstructor() {
-        final RuntimeException r = new RuntimeException();
-        final BadUsernameOrPasswordAuthenticationException e =
-                new BadUsernameOrPasswordAuthenticationException(r);
-
-        assertEquals(CODE, e.getCode());
-        assertEquals(r, e.getCause());
-    }
-
-    @Test
-    public void verifyCodeConstructor() {
-        final BadUsernameOrPasswordAuthenticationException e =
-                new BadUsernameOrPasswordAuthenticationException(MESSAGE);
-
-        assertEquals(MESSAGE, e.getCode());
-    }
-
-    public void verifyThrowableConstructorWithCode() {
-        final RuntimeException r = new RuntimeException();
-        final BadUsernameOrPasswordAuthenticationException e =
-                new BadUsernameOrPasswordAuthenticationException(MESSAGE, r);
-
-        assertEquals(MESSAGE, e.getCode());
-        assertEquals(r, e.getCause());
-    }
-}
diff --git a/cas-server-core/src/test/java/org/jasig/cas/authentication/handler/BlockedCredentialsAuthenticationExceptionTests.java b/cas-server-core/src/test/java/org/jasig/cas/authentication/handler/BlockedCredentialsAuthenticationExceptionTests.java
deleted file mode 100644
index 988e807c5079..000000000000
--- a/cas-server-core/src/test/java/org/jasig/cas/authentication/handler/BlockedCredentialsAuthenticationExceptionTests.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Licensed to Apereo under one or more contributor license
- * agreements. See the NOTICE file distributed with this work
- * for additional information regarding copyright ownership.
- * Apereo licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file
- * except in compliance with the License.  You may obtain a
- * copy of the License at the following location:
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.jasig.cas.authentication.handler;
-
-import static org.junit.Assert.*;
-
-import org.junit.Test;
-
-/**
- * @author Scott Battaglia
- * @since 3.1
- */
-public final class BlockedCredentialsAuthenticationExceptionTests {
-
-    private static final String CODE = "error.authentication.credentials.blocked";
-    private static final String MESSAGE = "GG";
-
-    @Test
-    public void verifyGetCode() {
-        final AuthenticationException e = new BlockedCredentialsAuthenticationException();
-        assertEquals(CODE, e.getCode());
-        assertEquals(CODE, e.toString());
-    }
-
-    @Test
-    public void verifyThrowableConstructor() {
-        final RuntimeException r = new RuntimeException();
-        final BlockedCredentialsAuthenticationException e = new BlockedCredentialsAuthenticationException(r);
-
-        assertEquals(CODE, e.getCode());
-        assertEquals(r, e.getCause());
-    }
-
-    @Test
-    public void verifyCodeConstructor() {
-        final BlockedCredentialsAuthenticationException e = new BlockedCredentialsAuthenticationException(MESSAGE);
-
-        assertEquals(MESSAGE, e.getCode());
-    }
-
-    @Test
-    public void verifyThrowableConstructorWithCode() {
-        final RuntimeException r = new RuntimeException();
-        final BlockedCredentialsAuthenticationException e = new BlockedCredentialsAuthenticationException(MESSAGE, r);
-
-        assertEquals(MESSAGE, e.getCode());
-        assertEquals(r, e.getCause());
-    }
-}
diff --git a/cas-server-core/src/test/java/org/jasig/cas/authentication/handler/UnknownUsernameAuthenticationExceptionTests.java b/cas-server-core/src/test/java/org/jasig/cas/authentication/handler/UnknownUsernameAuthenticationExceptionTests.java
deleted file mode 100644
index 15bac51e8158..000000000000
--- a/cas-server-core/src/test/java/org/jasig/cas/authentication/handler/UnknownUsernameAuthenticationExceptionTests.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Licensed to Apereo under one or more contributor license
- * agreements. See the NOTICE file distributed with this work
- * for additional information regarding copyright ownership.
- * Apereo licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file
- * except in compliance with the License.  You may obtain a
- * copy of the License at the following location:
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.jasig.cas.authentication.handler;
-
-import static org.junit.Assert.*;
-
-import org.junit.Test;
-
-/**
- * @author Scott Battaglia
- * @since 3.0.0
- */
-public final class UnknownUsernameAuthenticationExceptionTests {
-
-    private static final String CODE = "error.authentication.credentials.bad.usernameorpassword.username";
-    private static final String MESSAGE = "GG";
-
-    @Test
-    public void verifyGetCode() {
-        final AuthenticationException e = new UnknownUsernameAuthenticationException();
-        assertEquals(CODE, e.getCode());
-        assertEquals(CODE, e.toString());
-    }
-
-    @Test
-    public void verifyThrowableConstructor() {
-        final RuntimeException r = new RuntimeException();
-        final UnknownUsernameAuthenticationException e = new UnknownUsernameAuthenticationException(r);
-
-        assertEquals(CODE, e.getCode());
-        assertEquals(r, e.getCause());
-    }
-
-    @Test
-    public void verifyCodeConstructor() {
-        final UnknownUsernameAuthenticationException e = new UnknownUsernameAuthenticationException(MESSAGE);
-
-        assertEquals(MESSAGE, e.getCode());
-    }
-
-    @Test
-    public void verifyThrowableConstructorWithCode() {
-        final RuntimeException r = new RuntimeException();
-        final UnknownUsernameAuthenticationException e = new UnknownUsernameAuthenticationException(MESSAGE, r);
-
-        assertEquals(MESSAGE, e.getCode());
-        assertEquals(r, e.getCause());
-    }
-}
diff --git a/cas-server-core/src/test/java/org/jasig/cas/authentication/handler/UnsupportedCredentialsExceptionTests.java b/cas-server-core/src/test/java/org/jasig/cas/authentication/handler/UnsupportedCredentialsExceptionTests.java
deleted file mode 100644
index 1409ba414033..000000000000
--- a/cas-server-core/src/test/java/org/jasig/cas/authentication/handler/UnsupportedCredentialsExceptionTests.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Licensed to Apereo under one or more contributor license
- * agreements. See the NOTICE file distributed with this work
- * for additional information regarding copyright ownership.
- * Apereo licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file
- * except in compliance with the License.  You may obtain a
- * copy of the License at the following location:
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.jasig.cas.authentication.handler;
-
-import static org.junit.Assert.*;
-
-import org.junit.Test;
-
-/**
- * @author Scott Battaglia
-
- * @since 3.0.0
- */
-public class UnsupportedCredentialsExceptionTests {
-
-    private static final String CODE = "error.authentication.credentials.unsupported";
-
-    @Test
-    public void verifyNoParamConstructor() {
-        new UnsupportedCredentialsException();
-    }
-
-    @Test
-    public void verifyGetCode() {
-        assertEquals(CODE,
-            new UnsupportedCredentialsException().getCode());
-    }
-
-    @Test
-    public void verifyThrowableConstructor() {
-        final RuntimeException r = new RuntimeException();
-        final UnsupportedCredentialsException e = new UnsupportedCredentialsException(r);
-        assertEquals(CODE, e.getCode());
-        assertEquals(r, e.getCause());
-    }
-}
diff --git a/cas-server-core/src/test/java/org/jasig/cas/ticket/InvalidTicketExceptionTests.java b/cas-server-core/src/test/java/org/jasig/cas/ticket/InvalidTicketExceptionTests.java
index 6eed0dd1a8ad..1413e9b4ce85 100644
--- a/cas-server-core/src/test/java/org/jasig/cas/ticket/InvalidTicketExceptionTests.java
+++ b/cas-server-core/src/test/java/org/jasig/cas/ticket/InvalidTicketExceptionTests.java
@@ -20,8 +20,6 @@
 
 import static org.junit.Assert.*;
 
-import org.jasig.cas.authentication.handler.AuthenticationException;
-import org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException;
 import org.junit.Test;
 
 /**
@@ -35,12 +33,4 @@ public void verifyCodeNoThrowable() {
         final TicketException t = new InvalidTicketException("InvalidTicketId");
         assertEquals("INVALID_TICKET", t.getCode());
     }
-
-    @Test
-    public void verifyCodeWithThrowable() {
-        final AuthenticationException a = new BadCredentialsAuthenticationException();
-        final TicketException t = new InvalidTicketException(a, "InvalidTicketId");
-
-        assertEquals(a.toString(), t.getCode());
-    }
 }
diff --git a/cas-server-documentation/installation/Configuring-Authentication-Components.md b/cas-server-documentation/installation/Configuring-Authentication-Components.md
index 2241776f9604..eabda2a25b9a 100644
--- a/cas-server-documentation/installation/Configuring-Authentication-Components.md
+++ b/cas-server-documentation/installation/Configuring-Authentication-Components.md
@@ -69,7 +69,8 @@ used to support a multi-factor authentication situation, for example, where user
 required but an additional OTP is optional.
 
 The following configuration snippet demonstrates how to configure `PolicyBasedAuthenticationManager` for a
-straightforward multi-factor authentication case where username/password authentication is required and an additional OTP credential is optional; in both cases principals are resolved from LDAP.
+straightforward multi-factor authentication case where username/password authentication is required 
+and an additional OTP credential is optional; in both cases principals are resolved from LDAP.
 
 {% highlight xml %}
 <bean id="passwordHandler"
@@ -85,19 +86,21 @@ straightforward multi-factor authentication case where username/password authent
       class="org.jasig.cas.authentication.RequiredHandlerAuthenticationPolicyFactory"
       c:requiredHandlerName="passwordHandler"
       p:tryAll="true" />
-
-<bean id="ldapPrincipalResolver"
-      class="org.jasig.cas.authentication.principal.CredentialsToLdapAttributePrincipalResolver">
-      <!-- Details elided for simplicity -->
-</bean>
-
+      
+
+<bean id="principalResolver"
+      class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver"
+      p:principalAttributeName="username"
+      p:attributeRepository-ref="attributeRepository"
+      p:returnNullIfNoAttributes="true" />
+      
 <bean id="authenticationManager"
       class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"
       p:authenticationPolicy-ref="authenticationPolicy">
   <constructor-arg>
     <map>
-      <entry key-ref="passwordHandler" value-ref="ldapPrincipalResolver"/>
-      <entry key-ref="oneTimePasswordHandler" value-ref="ldapPrincipalResolver" />
+      <entry key-ref="passwordHandler" value-ref="principalResolver"/>
+      <entry key-ref="oneTimePasswordHandler" value-ref="principalResolver" />
     </map>
   </constructor-arg>
   <property name="authenticationMetaDataPopulators">
@@ -181,8 +184,9 @@ Default transformer, that actually does no transformation on the user id.
 Transforms the user id by adding a postfix or suffix.
 
 ######`ConvertCasePrincipalNameTransformer`
-A transformer that converts the form uid to either lowercase or uppercase. The result is also trimmed. The transformer is also able
-to accept and work on the result of a previous transformer that might have modified the uid, such that the two can be chained.
+A transformer that converts the form uid to either lowercase or uppercase. The result is also trimmed.
+The transformer is also able to accept and work on the result of 
+a previous transformer that might have modified the uid, such that the two can be chained.
 
 #### Configuration
 Here is an example configuration based for the `AcceptUsersAuthenticationHandler`:
@@ -198,8 +202,9 @@ Here is an example configuration based for the `AcceptUsersAuthenticationHandler
     </property>
 </bean>
 
-<bean id="convertCasePrincipalNameTransformer" class="org.jasig.cas.authentication.handler.ConvertCasePrincipalNameTransformer"
-p:toUpperCase="true" />
+<bean id="convertCasePrincipalNameTransformer" 
+    class="org.jasig.cas.authentication.handler.ConvertCasePrincipalNameTransformer"
+    p:toUpperCase="true" />
 
 {% endhighlight %}
 
diff --git a/cas-server-documentation/installation/Configuring-Authentication-Throttling.md b/cas-server-documentation/installation/Configuring-Authentication-Throttling.md
index 6e91a9982823..2948fc6b803a 100644
--- a/cas-server-documentation/installation/Configuring-Authentication-Throttling.md
+++ b/cas-server-documentation/installation/Configuring-Authentication-Throttling.md
@@ -112,7 +112,7 @@ It is convenient to place Spring configuration for login throttling components i
 
 <!-- A scheduler that drives all configured triggers is provided by default in applicationContext.xml. -->
 <bean id="loginThrottleTrigger"
-      class="org.springframework.scheduling.quartz.SimpleTriggerBean"
+      class="org.springframework.scheduling.quartz.SimpleTriggerFactoryBean"
       p:jobDetail-ref="loginThrottleJobDetail"
       p:startDelay="1000"
       p:repeatInterval="1000"/>
diff --git a/cas-server-documentation/installation/Configuring-Principal-Resolution.md b/cas-server-documentation/installation/Configuring-Principal-Resolution.md
index 895a0d2055e1..ab85fe49f54d 100644
--- a/cas-server-documentation/installation/Configuring-Principal-Resolution.md
+++ b/cas-server-documentation/installation/Configuring-Principal-Resolution.md
@@ -4,7 +4,8 @@ title: CAS - Configuring Principal Resolution
 ---
 
 # Configuring Principal Resolution
-Principal resolution converts information in the authentication credential into a security principal that commonly contains additional
+Principal resolution converts information in the authentication credential into a security principal 
+that commonly contains additional
 metadata attributes (i.e. user details such as affiliations, group membership, email, display name).
 
 A CAS principal contains a unique identifier by which the authenticated user will be known to all requesting
@@ -25,7 +26,7 @@ be be combined with an LDAP-based principal resolver to accommodate this case.
 ## Principal Resolution Components
 
 ###`PersonDirectoryPrincipalResolver`
-Uses the Jasig Person Directory library to provide a flexible principal resolution services against a number of data
+Uses the Person Directory library to provide a flexible principal resolution services against a number of data
 sources. The key to configuring `PersonDirectoryPrincipalResolver` is the definition of an `IPersonAttributeDao` object.
 The [Person Directory documentation](https://wiki.jasig.org/display/PDM15/Person+Directory+1.5+Manual) provides
 configuration for two common examples:
@@ -70,7 +71,7 @@ that provides a simple case transform on the principal ID. The following values
 
 {% highlight xml %}
 <bean id="principalResolver"
-      class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver"
+      class="org.jasig.cas.support.spnego.authentication.principal.SpnegoPrincipalResolver"
       p:principalAttributeName="username"
       p:attributeRepository-ref="attributeRepository"
       p:returnNullIfNoAttributes="true"
@@ -85,8 +86,10 @@ See the [X.509 principal resolver](#x_509) section for more information.
 Creates a principal ID from the certificate subject distinguished name.
 
 ###`ChainingPrincipalResolver`
-Delegates to one or more principal resolves in series to resolve a principal. The input to first configured resolver is the authenticated
-credential; for every subsequent resolver, the input is a Credential whose ID is the resolved principal ID of the previous resolver.
+Delegates to one or more principal resolves in series to resolve a principal. The input to first configured
+resolver is the authenticated
+credential; for every subsequent resolver, the input is a Credential whose ID is the resolved principal
+ ID of the previous resolver.
 A common use case for this component is resolving a temporary principal ID from an X.509 credential followed
 by a search (e.g. LDAP, database) for the final principal based on the temporary ID.
 
diff --git a/cas-server-documentation/installation/Configuring-SSO-Session-Cookie.md b/cas-server-documentation/installation/Configuring-SSO-Session-Cookie.md
index f00ad947fa48..959d51d39719 100644
--- a/cas-server-documentation/installation/Configuring-SSO-Session-Cookie.md
+++ b/cas-server-documentation/installation/Configuring-SSO-Session-Cookie.md
@@ -10,13 +10,12 @@ A ticket-granting cookie is an HTTP cookie set by CAS upon the establishment of
 The generation of the ticket-granting cookie is controlled by the file `cas-server-webapp\src\main\webapp\WEB-INF\spring-configuration\ticketGrantingTicketCookieGenerator.xml`
 
 {% highlight xml %}
-<bean id="ticketGrantingTicketCookieGenerator" 
-    class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
-    c:casCookieValueManager-ref="cookieValueManager"
-    p:cookieSecure="true"
-    p:cookieMaxAge="-1"
-    p:cookieName="TGC"
-    p:cookiePath="/cas" />
+<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
+      c:casCookieValueManager-ref="cookieValueManager"
+      p:cookieSecure="${tgc.secure:true}"
+      p:cookieMaxAge="${tgc.maxAge:-1}"
+      p:cookieName="${tgc.name:TGC}"
+      p:cookiePath="${tgc.path:/cas}"/>
 
 <bean id="cookieCipherExecutor" class="org.jasig.cas.util.DefaultCipherExecutor"
     c:secretKeyEncryption="${tgc.encryption.key}"
@@ -96,4 +95,15 @@ The controlling of this behavior is done via the `cas.properties` file:
 # create.sso.renewed.authn=true
 {% endhighlight %}
 
+# SSO Warning Session Cookie
+A warning cookie set by CAS upon the establishment of the SSO session at the request of the user on the CAS login page. The cookie is used later to warn and prompt
+the user before a service ticket is generated and access to the service application is granted. The cookie is controlled via the
+controlled by the file `cas-server-webapp\src\main\webapp\WEB-INF\spring-configuration\warnCookieGenerator.xml` file:
 
+{% highlight xml %}
+<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
+          p:cookieSecure="${warn.cookie.secure:true}"
+          p:cookieMaxAge="${warn.cookie.maxAge:-1}"
+          p:cookieName="${warn.cookie.name:CASPRIVACY}"
+          p:cookiePath="${warn.cookie.path:/cas}"/>
+{% endhighlight %}
diff --git a/cas-server-documentation/installation/LDAP-Authentication.md b/cas-server-documentation/installation/LDAP-Authentication.md
index bd3012c90584..ec93f6b5cb18 100644
--- a/cas-server-documentation/installation/LDAP-Authentication.md
+++ b/cas-server-documentation/installation/LDAP-Authentication.md
@@ -155,7 +155,7 @@ Simply copy the configuration to `deployerConfigContext.xml` and provide values
 <!-- If you wish to search by user, rather than by dn, change {dn} to {user} -->
 <bean id="entryResolver"
       class="org.ldaptive.auth.SearchEntryResolver"
-      p:baseDn="${ldap.baseDn}"
+      p:baseDn="${ldap.authn.baseDn}"
       p:userFilter="userPrincipalName={dn}"
       p:subtreeSearch="true" />
 {% endhighlight %}
@@ -189,7 +189,7 @@ followed by a bind. Copy the configuration to `deployerConfigContext.xml` and pr
       c:handler-ref="authHandler" />
 
 <bean id="dnResolver" class="org.ldaptive.auth.PooledSearchDnResolver"
-      p:baseDn="${ldap.baseDn}"
+      p:baseDn="${ldap.authn.baseDn}"
       p:subtreeSearch="true"
       p:allowMultipleDns="false"
       p:connectionFactory-ref="searchPooledLdapConnectionFactory"
@@ -300,7 +300,7 @@ followed by a bind. Copy the configuration to `deployerConfigContext.xml` and pr
       c:handler-ref="authHandler" />
 
 <bean id="dnResolver" class="org.ldaptive.auth.PooledSearchDnResolver"
-      p:baseDn="${ldap.baseDn}"
+      p:baseDn="${ldap.authn.baseDn}"
       p:subtreeSearch="true"
       p:allowMultipleDns="false"
       p:connectionFactory-ref="searchPooledLdapConnectionFactory"
@@ -400,7 +400,7 @@ Copy the configuration to `deployerConfigContext.xml` and provide values for pro
    -->
 <bean id="dnResolver"
       class="org.ldaptive.auth.FormatDnResolver"
-      c:format="uid=%s,${ldap.baseDn}" />
+      c:format="uid=%s,${ldap.authn.baseDn}" />
 
 <bean id="authHandler" class="org.ldaptive.auth.PooledBindAuthenticationHandler"
       p:connectionFactory-ref="pooledLdapConnectionFactory" />
diff --git a/cas-server-documentation/installation/Logout-Single-Signout.md b/cas-server-documentation/installation/Logout-Single-Signout.md
index 1b49cc547fa8..8bde16a9c283 100644
--- a/cas-server-documentation/installation/Logout-Single-Signout.md
+++ b/cas-server-documentation/installation/Logout-Single-Signout.md
@@ -37,16 +37,6 @@ The redirect behavior is turned off by default, and is activated via the followi
 
 The specified url must be registered in the service registry of CAS and enabled.
 
-##Web Session Termination
-By default, CAS comes with a `TerminateWebSessionListener` whose job is to expire the web session once the webflow has ended. The goal is to clean up the session as soon as possible to decrease memory consumption.
-
-The listener configures the maximum inactivity interval for the web session, which is the time, in seconds, between client requests before the servlet container will invalidate this session. An interval value of zero or less indicates that the session should never timeout. This value can be controlled via the following setting in `cas.properties`:
-
-{% highlight bash %}
-# Specifies the time, in seconds, to invalidate the web session.
-# terminate.web.session.timeout=2
-{% endhighlight %}
-
 ##Single Logout (SLO)
 CAS is designed to support single sign out: it means that it will be able to invalidate client application sessions in addition to its own SSO session.  
 Whenever a ticket-granting ticket is explicitly expired, the logout protocol will be initiated. Clients that do not support the logout protocol may notice extra requests in their access logs that appear not to do anything.
diff --git a/cas-server-documentation/installation/SPNEGO-Authentication.md b/cas-server-documentation/installation/SPNEGO-Authentication.md
index 20bff91d83f9..5f3c7be87f05 100644
--- a/cas-server-documentation/installation/SPNEGO-Authentication.md
+++ b/cas-server-documentation/installation/SPNEGO-Authentication.md
@@ -29,11 +29,13 @@ ticket expires.
 ## SPNEGO Components
 SPNEGO support is enabled by including the following dependency in the Maven WAR overlay:
 
-    <dependency>
-      <groupId>org.jasig.cas</groupId>
-      <artifactId>cas-server-support-spnego</artifactId>
-      <version>${cas.version}</version>
-    </dependency>
+{% highlight xml %}
+<dependency>
+  <groupId>org.jasig.cas</groupId>
+  <artifactId>cas-server-support-spnego</artifactId>
+  <version>${cas.version}</version>
+</dependency>
+{% endhighlight %}
 
 
 ######`JCIFSSpnegoAuthenticationHandler`
diff --git a/cas-server-documentation/integration/ClearPass-Proxy-Authentication.md b/cas-server-documentation/integration/ClearPass-Proxy-Authentication.md
index 42baa9236a99..690374c10835 100644
--- a/cas-server-documentation/integration/ClearPass-Proxy-Authentication.md
+++ b/cas-server-documentation/integration/ClearPass-Proxy-Authentication.md
@@ -85,7 +85,6 @@ Uncomment the below element that is responsible for capturing and caching the pa
   <list>
     <bean class="org.jasig.cas.extension.clearpass.CacheCredentialsMetaDataPopulator"
       c:credentialCache-ref="encryptedMap" />
-    </bean>
   </list>
 </property>
 {% endhighlight %}
diff --git a/cas-server-documentation/planning/Security-Guide.md b/cas-server-documentation/planning/Security-Guide.md
index 289d60741ca2..f971fe36b3f9 100644
--- a/cas-server-documentation/planning/Security-Guide.md
+++ b/cas-server-documentation/planning/Security-Guide.md
@@ -196,6 +196,12 @@ The filters are configured to sanitize authentication request parameters and rej
 
 It is **STRONGLY** recommended that all CAS deployments be evaluated and include this configuration if necessary to prevent protocol attacks in situations where the CAS container and environment are unable to block malicious and badly-configured requests.
 
+### Spring Webflow Sessions
+The CAS project uses Spring Webflow to manage and orchestrate the authentication process. The conversational state of the
+webflow used by CAS is managed by the client which is then passed and tracked throughout various states of the authentication
+process. This state must be secured and encrypted to prevent session hijacking. While CAS provides default encryptions
+settings out of the box, it is **STRONGLY** recommended that [all CAS deployments](../installation/Webflow-Customization.html) be evaluated prior to production rollouts and regenerate this configuration to prevent attacks. 
+
 ## User-Driven Security Features
 The following features may be employed to afford some user control of the SSO experience.
 
diff --git a/cas-server-documentation/planning/Upgrade-Guide.md b/cas-server-documentation/planning/Upgrade-Guide.md
index b5101f5f43a0..0b2f907cf275 100644
--- a/cas-server-documentation/planning/Upgrade-Guide.md
+++ b/cas-server-documentation/planning/Upgrade-Guide.md
@@ -6,7 +6,7 @@ title: CAS - Upgrade Guide
 # Upgrade Guide
 In general, it is recommended that adopters try to keep their CAS deployment in alignment with the latest CAS version available.
 In particular, releases that are of `PATCH` or `SECURITY` nature should be immediately applied as they are drop-in replacements
-for their corresponding parent version. See CAS [Release Policy](../../Release-Policy.html) for more info. 
+for their corresponding parent version. See CAS [Release Policy](../../developer/Release-Policy.html) for more info. 
 
 The general objectives of a CAS upgrade could be:
 
@@ -17,7 +17,7 @@ affected by that vulnerability and/or bug?
 local changes, I can realize their benefit from CAS directly and end up with a smaller more-maintainable overlay? 
 
 This document attempts to describe, at a very high level, the scope and effort required to upgrade a given 
-[CAS Maven overlay](../Maven-Overlay-Installation.html). Rather than describing all steps/changes that would be required
+[CAS Maven overlay](../installation/Maven-Overlay-Installation.html). Rather than describing all steps/changes that would be required
 to review and adjust (which would be impossible), we describe a strategy by which the upgrade could be executed. 
 
 ## Change Log
@@ -33,12 +33,12 @@ evaluation to determine feasibility of the solution and the target version in wh
 
 ## Scope Review
 Once you decide your ideal CAS version for the upgrade, before attempting to upgrade, 
-please review the CAS [Release Policy](../../Release-Policy.html). This will provide you
+please review the CAS [Release Policy](../../developer/Release-Policy.html). This will provide you
 with an understanding of what changes you may expect from new version and what the required effort
 may be for the upgrade.
 
 ## Evaluate Local Overlay
-As a best practice, it is recommended that you deploy CAS via a [Maven overlay method](../Maven-Overlay-Installation.html).
+As a best practice, it is recommended that you deploy CAS via a [Maven overlay method](../installation/Maven-Overlay-Installation.html).
 If you have, the task here would be to identify the number of files your overlay has touched and modified. Catalog the 
 what and why of the changes applied, and cross-check those changes with the CAS change log. Chances are, many of the
 local changes that are present within your overlay are provided by default via CAS as a result of that upgrade which will
@@ -64,7 +64,7 @@ the software dependencies and platform requirements of the new upgrade (i.e. Jav
 and make sure you have everything installed and configured correctly before you attempt. 
 
 ## Clean Maven Overlay
-We recommend that you first start out with a separate clean [CAS Maven overlay](../Maven-Overlay-Installation.html) targeted
+We recommend that you first start out with a separate clean [CAS Maven overlay](../installation/Maven-Overlay-Installation.html) targeted
 at the version to which you want to upgrade. This has the advantage of guaranteeing that your new CAS deployment 
 will be functional without any local changes. Build and deploy the clean CAS overlay once to make sure
 your build/deployment process is functional.
diff --git a/cas-server-documentation/protocol/SAML-Protocol.md b/cas-server-documentation/protocol/SAML-Protocol.md
index 814d4334182f..876f02200aed 100644
--- a/cas-server-documentation/protocol/SAML-Protocol.md
+++ b/cas-server-documentation/protocol/SAML-Protocol.md
@@ -126,6 +126,7 @@ In `cas-servlet.xml`:
   p:validationSpecificationClass="org.jasig.cas.validation.Cas20WithoutProxyingValidationSpecification"
   p:centralAuthenticationService-ref="centralAuthenticationService"
   p:proxyHandler-ref="proxy20Handler"
+  p:servicesManager-ref="servicesManager"
   p:argumentExtractor-ref="samlArgumentExtractor"
   p:successView="casSamlServiceSuccessView"
   p:failureView="casSamlServiceFailureView"/>
diff --git a/cas-server-extension-clearpass/NOTICE b/cas-server-extension-clearpass/NOTICE
index e6e226e90e65..87bb46d1ab53 100644
--- a/cas-server-extension-clearpass/NOTICE
+++ b/cas-server-extension-clearpass/NOTICE
@@ -16,7 +16,6 @@ specific language governing permissions and limitations
 under the License.
 
 This project includes:
-  "Java Concurrency in Practice" book annotations under Creative Commons Attribution License
   Annotations for Metrics under Apache License 2.0
   AntLR Parser Generator under BSD License
   AOP alliance under Public Domain
@@ -29,8 +28,6 @@ This project includes:
   Apache Log4j Commons Logging Bridge under The Apache Software License, Version 2.0
   Apache Log4j Core under The Apache Software License, Version 2.0
   Apache Log4j SLF4J Binding under The Apache Software License, Version 2.0
-  Apache Santuario under The Apache Software License, Version 2.0
-  Apache Velocity under The Apache Software License, Version 2.0
   Apereo CAS ClearPass Extension - DEPRECATED under Apache 2
   Apereo CAS Core under Apache 2
   Apereo CAS Core APIs under Apache 2
@@ -42,12 +39,10 @@ This project includes:
   Commons IO under The Apache Software License, Version 2.0
   Commons JEXL under The Apache Software License, Version 2.0
   Commons Logging under The Apache Software License, Version 2.0
-  commons-collections under Apache License, Version 2.0
   Core Hibernate O/RM functionality under GNU Lesser General Public License
   dom4j under BSD License
   ehcache under The Apache Software License, Version 2.0
   Ehcache JCache Implementation under The Apache Software License, Version 2.0
-  ESAPI 2.0 under BSD or Creative Commons 3.0 BY-SA
   Expression Language 2.2 Implementation under CDDL + GPLv2 with classpath exception
   Expression Language 3.0 API under CDDL + GPLv2 with classpath exception
   fastinfoset under Apache License, Version 2.0
@@ -55,7 +50,6 @@ This project includes:
   Guava: Google Core Libraries for Java under The Apache Software License, Version 2.0
   Hamcrest Core under New BSD License
   Hibernate Commons Annotations under GNU Lesser General Public License
-  HttpClient under Apache License
   Inspektr - Aspects under Apache 2.0 License
   Inspektr - Auditing API under Apache 2.0 License
   Inspektr - Common API under Apache 2.0 License
@@ -84,15 +78,11 @@ This project includes:
   jsr173_api under Commons Development and Distribution License, Version 1.0
   JUL to SLF4J bridge under MIT License
   JUnit under Eclipse Public License 1.0
-  Lang under The Apache Software License, Version 2.0
   LDAPTIVE under Apache 2 or GNU Lesser General Public License
   Metrics Core under Apache License 2.0
   Mockito under The MIT License
-  Not Yet Commons SSL under Apache License v2
   Objenesis under Apache 2
   OGNL - Object Graph Navigation Library under Apache License, Version 2.0
-  OpenSAML-J under Apache 2
-  OpenWS under Apache 2
   Person Directory API under Apache License Version 2.0
   Person Directory Implementations under Apache License Version 2.0
   Reflections under WTFPL or The New BSD License
@@ -114,10 +104,5 @@ This project includes:
   Spring Web Flow under The Apache Software License, Version 2.0
   Spring Web MVC under The Apache Software License, Version 2.0
   spring-security-core under The Apache Software License, Version 2.0
-  Xalan Java under The Apache Software License, Version 2.0
-  Xalan Java Serializer under The Apache Software License, Version 2.0
-  Xerces2-j under The Apache Software License, Version 2.0
   XML Commons External Components XML APIs under The Apache Software License, Version 2.0 or The SAX License or The W3C License
-  XML Commons Resolver Component under The Apache Software License, Version 2.0
-  XMLTooling-J under Apache 2
 
diff --git a/cas-server-extension-clearpass/pom.xml b/cas-server-extension-clearpass/pom.xml
index 84e0d1b691b2..0cf838525f6a 100644
--- a/cas-server-extension-clearpass/pom.xml
+++ b/cas-server-extension-clearpass/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <artifactId>cas-server</artifactId>
         <groupId>org.jasig.cas</groupId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <artifactId>cas-server-extension-clearpass</artifactId>
 
diff --git a/cas-server-integration-ehcache/pom.xml b/cas-server-integration-ehcache/pom.xml
index c178a2abe5ca..122449eb5f89 100644
--- a/cas-server-integration-ehcache/pom.xml
+++ b/cas-server-integration-ehcache/pom.xml
@@ -21,7 +21,7 @@
   <parent>
     <groupId>org.jasig.cas</groupId>
     <artifactId>cas-server</artifactId>
-    <version>4.1.0-RC3-SNAPSHOT</version>
+    <version>4.2.0-SNAPSHOT</version>
   </parent>   
   <modelVersion>4.0.0</modelVersion>      
   <artifactId>cas-server-integration-ehcache</artifactId>   
diff --git a/cas-server-integration-hazelcast/pom.xml b/cas-server-integration-hazelcast/pom.xml
index 4abc3aebc132..e20bf698eb42 100644
--- a/cas-server-integration-hazelcast/pom.xml
+++ b/cas-server-integration-hazelcast/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.jasig.cas</groupId>
         <artifactId>cas-server</artifactId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>cas-server-integration-hazelcast</artifactId>
diff --git a/cas-server-integration-jboss/pom.xml b/cas-server-integration-jboss/pom.xml
index 2ab9a291ef66..7b9992d65865 100644
--- a/cas-server-integration-jboss/pom.xml
+++ b/cas-server-integration-jboss/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.jasig.cas</groupId>
         <artifactId>cas-server</artifactId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>cas-server-integration-jboss</artifactId>
diff --git a/cas-server-integration-memcached/NOTICE b/cas-server-integration-memcached/NOTICE
index 107244ee0475..583c2fcc3d04 100644
--- a/cas-server-integration-memcached/NOTICE
+++ b/cas-server-integration-memcached/NOTICE
@@ -93,7 +93,6 @@ This project includes:
   jdom under Apache style license
   Joda-Time under Apache 2
   jose4j under The Apache Software License, Version 2.0
-  JSR 105 - Java(TM) XML Digital Signature API under JDL license
   JSR 353 (JSON Processing) API under Dual license consisting of the CDDL v1.1 and GPL v2
   JSR 353 (JSON Processing) Default Provider under Dual license consisting of the CDDL v1.1 and GPL v2
   JSR-250 Common Annotations for the JavaTM Platform under COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
diff --git a/cas-server-integration-memcached/pom.xml b/cas-server-integration-memcached/pom.xml
index 89216b012914..90444013160d 100644
--- a/cas-server-integration-memcached/pom.xml
+++ b/cas-server-integration-memcached/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.jasig.cas</groupId>
         <artifactId>cas-server</artifactId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>cas-server-integration-memcached</artifactId>
diff --git a/cas-server-integration-mongo/NOTICE b/cas-server-integration-mongo/NOTICE
index 50347f0d54b6..3a52d96f539a 100644
--- a/cas-server-integration-mongo/NOTICE
+++ b/cas-server-integration-mongo/NOTICE
@@ -72,6 +72,7 @@ This project includes:
   JCL 1.1.1 implemented over SLF4J under MIT License
   Joda-Time under Apache 2
   jose4j under The Apache Software License, Version 2.0
+  js under Mozilla Public License, Version 1.1
   JSR-250 Common Annotations for the JavaTM Platform under COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
   JSR107 API and SPI under JSR-000107 JCACHE 2.9 Public Review - Updated Specification
                 License
@@ -89,7 +90,6 @@ This project includes:
   Person Directory API under Apache License Version 2.0
   Person Directory Implementations under Apache License Version 2.0
   Reflections under WTFPL or The New BSD License
-  Rhino under Mozilla Public License
   SLF4J API Module under MIT License
   Spring AOP under The Apache Software License, Version 2.0
   Spring Beans under The Apache Software License, Version 2.0
diff --git a/cas-server-integration-mongo/pom.xml b/cas-server-integration-mongo/pom.xml
index 8beb63f29e75..9b8a2fb9881b 100644
--- a/cas-server-integration-mongo/pom.xml
+++ b/cas-server-integration-mongo/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.jasig.cas</groupId>
         <artifactId>cas-server</artifactId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>cas-server-integration-mongo</artifactId>
diff --git a/cas-server-integration-restlet/pom.xml b/cas-server-integration-restlet/pom.xml
index b7c7a79b819d..849c34b6ff17 100644
--- a/cas-server-integration-restlet/pom.xml
+++ b/cas-server-integration-restlet/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.jasig.cas</groupId>
         <artifactId>cas-server</artifactId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>cas-server-integration-restlet</artifactId>
diff --git a/cas-server-support-generic/pom.xml b/cas-server-support-generic/pom.xml
index 853610b789a6..1b5ccab92c6b 100644
--- a/cas-server-support-generic/pom.xml
+++ b/cas-server-support-generic/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.jasig.cas</groupId>
         <artifactId>cas-server</artifactId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>cas-server-support-generic</artifactId>
diff --git a/cas-server-support-jdbc/pom.xml b/cas-server-support-jdbc/pom.xml
index 803645dde085..aef2e64fe293 100644
--- a/cas-server-support-jdbc/pom.xml
+++ b/cas-server-support-jdbc/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.jasig.cas</groupId>
         <artifactId>cas-server</artifactId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>cas-server-support-jdbc</artifactId>
diff --git a/cas-server-support-ldap/pom.xml b/cas-server-support-ldap/pom.xml
index 6dd1a3b269aa..00119a68f168 100644
--- a/cas-server-support-ldap/pom.xml
+++ b/cas-server-support-ldap/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.jasig.cas</groupId>
         <artifactId>cas-server</artifactId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
   <artifactId>cas-server-support-ldap</artifactId>
diff --git a/cas-server-support-legacy/pom.xml b/cas-server-support-legacy/pom.xml
index cb9adcf99d45..147f4cc6e114 100644
--- a/cas-server-support-legacy/pom.xml
+++ b/cas-server-support-legacy/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.jasig.cas</groupId>
         <artifactId>cas-server</artifactId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>cas-server-support-legacy</artifactId>
diff --git a/cas-server-support-oauth/pom.xml b/cas-server-support-oauth/pom.xml
index d50c815cbac1..75f0009ab6ed 100644
--- a/cas-server-support-oauth/pom.xml
+++ b/cas-server-support-oauth/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.jasig.cas</groupId>
         <artifactId>cas-server</artifactId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>cas-server-support-oauth</artifactId>
diff --git a/cas-server-support-openid/NOTICE b/cas-server-support-openid/NOTICE
index c5bf16a165a7..823d32e315b6 100644
--- a/cas-server-support-openid/NOTICE
+++ b/cas-server-support-openid/NOTICE
@@ -103,6 +103,5 @@ This project includes:
   Spring Web Flow under The Apache Software License, Version 2.0
   Spring Web MVC under The Apache Software License, Version 2.0
   spring-security-core under The Apache Software License, Version 2.0
-  Xerces2 Java Parser under The Apache Software License, Version 2.0
   XML Commons External Components XML APIs under The Apache Software License, Version 2.0 or The SAX License or The W3C License
 
diff --git a/cas-server-support-openid/pom.xml b/cas-server-support-openid/pom.xml
index 55ede15d8a9c..325980bcffb2 100644
--- a/cas-server-support-openid/pom.xml
+++ b/cas-server-support-openid/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.jasig.cas</groupId>
         <artifactId>cas-server</artifactId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>cas-server-support-openid</artifactId>
@@ -46,6 +46,12 @@
             <artifactId>openid4java</artifactId>
             <version>${openid4java.version}</version>
             <scope>compile</scope>
+            <exclusions>
+              <exclusion>
+                <groupId>xerces</groupId>
+                <artifactId>xercesImpl</artifactId>
+              </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>
diff --git a/cas-server-support-pac4j/pom.xml b/cas-server-support-pac4j/pom.xml
index 82de68c1149d..2429012e755d 100644
--- a/cas-server-support-pac4j/pom.xml
+++ b/cas-server-support-pac4j/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.jasig.cas</groupId>
         <artifactId>cas-server</artifactId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>cas-server-support-pac4j</artifactId>
diff --git a/cas-server-support-radius/NOTICE b/cas-server-support-radius/NOTICE
index 07917c6ef339..4419d3b088d5 100644
--- a/cas-server-support-radius/NOTICE
+++ b/cas-server-support-radius/NOTICE
@@ -34,8 +34,8 @@ This project includes:
   AspectJ runtime under Eclipse Public License - v 1.0
   AspectJ weaver under Eclipse Public License - v 1.0
   Bean Validation API under The Apache Software License, Version 2.0
+  Bouncy Castle Provider under Bouncy Castle Licence
   CDI APIs under Apache License, Version 2.0
-  Collections under The Apache Software License, Version 2.0
   Commons Chain under The Apache Software License, Version 2.0
   Commons Configuration under The Apache Software License, Version 2.0
   Commons IO under The Apache Software License, Version 2.0
@@ -47,13 +47,11 @@ This project includes:
   Core Hibernate O/RM functionality under GNU Lesser General Public License
   Digester under The Apache Software License, Version 2.0
   dom4j under BSD License
-  ehcache under The Apache Software License, Version 2.0 or Terracotta Public License
   Ehcache Core under The Apache Software License, Version 2.0
   Expression Language 2.2 Implementation under CDDL + GPLv2 with classpath exception
   Expression Language 3.0 API under CDDL + GPLv2 with classpath exception
   fastinfoset under Apache License, Version 2.0
   FindBugs-Annotations under GNU Lesser Public License
-  gnu-crypto under GNU General Public License, with the "library exception"
   Guava: Google Core Libraries for Java under The Apache Software License, Version 2.0
   Hamcrest Core under New BSD License
   Hibernate Commons Annotations under GNU Lesser General Public License
@@ -70,7 +68,6 @@ This project includes:
   Java Persistence API, Version 2.1 under Eclipse Public License (EPL), Version 1.0 or Eclipse Distribution License (EDL), Version 1.0
   Java Servlet API under CDDL + GPLv2 with classpath exception
   Java Transaction API under Common Development and Distribution License or GNU General Public License, Version 2 with the Classpath Exception
-  java-getopt under GNU General Public License, with the "library exception"
   Javassist under MPL 1.1 or LGPL 2.1 or Apache License 2.0
   javax.inject under The Apache Software License, Version 2.0
   JAXB CORE under CDDL 1.1 or GPL2 w/ CPE
@@ -78,8 +75,16 @@ This project includes:
   JBoss Logging 3 under Apache License, version 2.0
   Joda-Time under Apache 2
   jose4j under The Apache Software License, Version 2.0
-  jradius-core-1.1.3 under GNU Lessor/Library Public License, Version 3.0 or GNU Public License, Version 3.0
-  jradius-dictionary-1.1.3 under GNU Lessor/Library Public License, Version 3.0 or GNU Public License, Version 3.0
+  jradius under GNU Lesser General Public License, version 2.1
+  jradius-apps-jradius-1.1.5 under GNU Lessor/Library Public License, Version 3.0 or GNU Public License, Version 3.0
+  jradius-client-jradius-1.1.5 under GNU Lessor/Library Public License, Version 3.0 or GNU Public License, Version 3.0
+  jradius-core-jradius-1.1.5 under GNU Lessor/Library Public License, Version 3.0 or GNU Public License, Version 3.0
+  jradius-dictionary-jradius-1.1.5 under GNU Lessor/Library Public License, Version 3.0 or GNU Public License, Version 3.0
+  jradius-dictionary-min-jradius-1.1.5 under GNU Lessor/Library Public License, Version 3.0 or GNU Public License, Version 3.0
+  jradius-example-jradius-1.1.5 under GNU Lessor/Library Public License, Version 3.0 or GNU Public License, Version 3.0
+  jradius-extended-jradius-1.1.5 under GNU Lessor/Library Public License, Version 3.0 or GNU Public License, Version 3.0
+  jradius-extras-jradius-1.1.5 under GNU Lessor/Library Public License, Version 3.0 or GNU Public License, Version 3.0
+  jradius-server-jradius-1.1.5 under GNU Lessor/Library Public License, Version 3.0 or GNU Public License, Version 3.0
   JSR-250 Common Annotations for the JavaTM Platform under COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
   JSR107 API and SPI under JSR-000107 JCACHE 2.9 Public Review - Updated Specification
                 License
@@ -91,10 +96,9 @@ This project includes:
   LDAPTIVE under Apache 2 or GNU Lesser General Public License
   Metrics Core under Apache License 2.0
   Mockito under The MIT License
-  net.sf.ehcache:ehcache-terracotta under Apache License, Version 2.0
   Objenesis under Apache 2
   OGNL - Object Graph Navigation Library under Apache License, Version 2.0
-  org.terracotta:terracotta-toolkit-1.0-runtime under Terracotta Public License, http://www.terracotta.org/legal/terracotta-public-license
+  ON Enterprise Server JAR under GNU Lesser General Public License (LGPL)
   Person Directory API under Apache License Version 2.0
   Person Directory Implementations under Apache License Version 2.0
   Reflections under WTFPL or The New BSD License
diff --git a/cas-server-support-radius/pom.xml b/cas-server-support-radius/pom.xml
index e79fda11e650..4fcbcae4f9aa 100644
--- a/cas-server-support-radius/pom.xml
+++ b/cas-server-support-radius/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.jasig.cas</groupId>
         <artifactId>cas-server</artifactId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>cas-server-support-radius</artifactId>
@@ -36,8 +36,8 @@
         </dependency>
 
         <dependency>
-            <groupId>net.jradius</groupId>
-            <artifactId>jradius-core</artifactId>
+            <groupId>com.github.coova</groupId>
+            <artifactId>jradius</artifactId>
             <version>${radius.version}</version>
             <exclusions>
                 <exclusion>
@@ -48,34 +48,31 @@
                     <groupId>log4j</groupId>
                     <artifactId>log4j</artifactId>
                 </exclusion>
+                <exclusion>
+                    <artifactId>slf4j-api</artifactId>
+                    <groupId>org.slf4j</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>commons-collections</artifactId>
+                    <groupId>commons-collections</groupId>
+                </exclusion>
             </exclusions>
-        </dependency>
-
-        <dependency>
-            <groupId>net.jradius</groupId>
-            <artifactId>jradius-dictionary</artifactId>
-            <version>${radius.version}</version>
-        </dependency>
-        <!--
-                <dependency>
-                    <groupId>net.jradius</groupId>
-                    <artifactId>jradius-extended</artifactId>
-                    <version>1.0.0</version>
-                </dependency>
-        -->
-
+        </dependency>        
     </dependencies>
 
     <repositories>
+        <!-- 
+        The JRadius artifacts above are not available in Maven Central yet.
+        So the following alternative is provided.
+        -->
         <repository>
-            <id>coova</id>
-            <name>Coova Repository</name>
-            <url>http://coova-dev.s3.amazonaws.com/mvn</url>
+            <id>jitpack.io</id>
+            <url>https://jitpack.io</url>
         </repository>
     </repositories>
 
     <properties>
         <cs.dir>${project.parent.basedir}</cs.dir>
-        <radius.version>1.1.3</radius.version>
+        <radius.version>jradius-1.1.5</radius.version>
     </properties>
 </project>
diff --git a/cas-server-support-rest/pom.xml b/cas-server-support-rest/pom.xml
index 187b93b74e9b..02571a744b9d 100644
--- a/cas-server-support-rest/pom.xml
+++ b/cas-server-support-rest/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.jasig.cas</groupId>
         <artifactId>cas-server</artifactId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>cas-server-support-rest</artifactId>
diff --git a/cas-server-support-saml/NOTICE b/cas-server-support-saml/NOTICE
index 6cb41d7dd443..cf432bf163cc 100644
--- a/cas-server-support-saml/NOTICE
+++ b/cas-server-support-saml/NOTICE
@@ -85,7 +85,6 @@ This project includes:
   jdom under Apache style license
   Joda-Time under Apache 2
   jose4j under The Apache Software License, Version 2.0
-  JSR 105 - Java(TM) XML Digital Signature API under JDL license
   JSR 353 (JSON Processing) API under Dual license consisting of the CDDL v1.1 and GPL v2
   JSR 353 (JSON Processing) Default Provider under Dual license consisting of the CDDL v1.1 and GPL v2
   JSR-250 Common Annotations for the JavaTM Platform under COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
diff --git a/cas-server-support-saml/pom.xml b/cas-server-support-saml/pom.xml
index 9127ff53fe20..58d06d46ae53 100644
--- a/cas-server-support-saml/pom.xml
+++ b/cas-server-support-saml/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.jasig.cas</groupId>
         <artifactId>cas-server</artifactId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>cas-server-support-saml</artifactId>
diff --git a/cas-server-support-spnego/pom.xml b/cas-server-support-spnego/pom.xml
index 452398f7a822..60f82f45536f 100644
--- a/cas-server-support-spnego/pom.xml
+++ b/cas-server-support-spnego/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.jasig.cas</groupId>
         <artifactId>cas-server</artifactId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>cas-server-support-spnego</artifactId>
diff --git a/cas-server-support-spnego/src/main/java/org/jasig/cas/support/spnego/authentication/handler/support/JCIFSSpnegoAuthenticationHandler.java b/cas-server-support-spnego/src/main/java/org/jasig/cas/support/spnego/authentication/handler/support/JCIFSSpnegoAuthenticationHandler.java
index a92b4952ca72..6dc1cd41062b 100644
--- a/cas-server-support-spnego/src/main/java/org/jasig/cas/support/spnego/authentication/handler/support/JCIFSSpnegoAuthenticationHandler.java
+++ b/cas-server-support-spnego/src/main/java/org/jasig/cas/support/spnego/authentication/handler/support/JCIFSSpnegoAuthenticationHandler.java
@@ -65,6 +65,9 @@ protected HandlerResult doAuthentication(final Credential credential) throws Gen
         final SpnegoCredential spnegoCredential = (SpnegoCredential) credential;
         java.security.Principal principal;
         byte[] nextToken;
+        if (!this.isNTLMallowed && spnegoCredential.isNtlm()) {
+            throw new FailedLoginException("NTLM not allowed");
+        }
         try {
             // proceed authentication using jcifs
             synchronized (this) {
@@ -89,12 +92,10 @@ protected HandlerResult doAuthentication(final Credential credential) throws Gen
         if (principal != null) {
             if (spnegoCredential.isNtlm()) {
                 logger.debug("NTLM Credential is valid for user [{}]", principal.getName());
-                spnegoCredential.setPrincipal(getPrincipal(principal.getName(), true));
-                success = this.isNTLMallowed;
+            } else {
+                logger.debug("Kerberos Credential is valid for user [{}]", principal.getName());
             }
-            // else => kerberos
-            logger.debug("Kerberos Credential is valid for user [{}]", principal.getName());
-            spnegoCredential.setPrincipal(getPrincipal(principal.getName(), false));
+            spnegoCredential.setPrincipal(getPrincipal(principal.getName(), spnegoCredential.isNtlm()));
             success = true;
         }
 
diff --git a/cas-server-support-trusted/pom.xml b/cas-server-support-trusted/pom.xml
index 5cec94687ce0..12131b949886 100644
--- a/cas-server-support-trusted/pom.xml
+++ b/cas-server-support-trusted/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.jasig.cas</groupId>
         <artifactId>cas-server</artifactId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>cas-server-support-trusted</artifactId>
diff --git a/cas-server-support-x509/pom.xml b/cas-server-support-x509/pom.xml
index 9930fb0b693d..02a7d77250a2 100644
--- a/cas-server-support-x509/pom.xml
+++ b/cas-server-support-x509/pom.xml
@@ -21,7 +21,7 @@
   <parent>
     <groupId>org.jasig.cas</groupId>
     <artifactId>cas-server</artifactId>
-    <version>4.1.0-RC3-SNAPSHOT</version>
+    <version>4.2.0-SNAPSHOT</version>
   </parent>
   <modelVersion>4.0.0</modelVersion>
   <artifactId>cas-server-support-x509</artifactId>
diff --git a/cas-server-uber-webapp/NOTICE b/cas-server-uber-webapp/NOTICE
index 15f317e3f34f..38c360b83184 100644
--- a/cas-server-uber-webapp/NOTICE
+++ b/cas-server-uber-webapp/NOTICE
@@ -47,7 +47,16 @@ This project includes:
   Bean Validation API under The Apache Software License, Version 2.0
   Bouncy Castle Provider under Bouncy Castle Licence
   CDI APIs under Apache License, Version 2.0
-  Collections under The Apache Software License, Version 2.0
+  com.github.coova.jradius:jradius-apps under GNU Lesser General Public License, version 2.1
+  com.github.coova.jradius:jradius-client under GNU Lesser General Public License, version 2.1
+  com.github.coova.jradius:jradius-core under GNU Lesser General Public License, version 2.1
+  com.github.coova.jradius:jradius-dictionary under GNU Lesser General Public License, version 2.1
+  com.github.coova.jradius:jradius-dictionary-min under GNU Lesser General Public License, version 2.1
+  com.github.coova.jradius:jradius-example under GNU Lesser General Public License, version 2.1
+  com.github.coova.jradius:jradius-extended under GNU Lesser General Public License, version 2.1
+  com.github.coova.jradius:jradius-extras under GNU Lesser General Public License, version 2.1
+  com.github.coova.jradius:jradius-server under GNU Lesser General Public License, version 2.1
+  com.github.coova:jradius under GNU Lesser General Public License, version 2.1
   Commons BeanUtils under The Apache Software License, Version 2.0
   Commons Chain under The Apache Software License, Version 2.0
   Commons CLI under The Apache Software License, Version 2.0
@@ -65,7 +74,6 @@ This project includes:
   Expression Language 3.0 API under CDDL + GPLv2 with classpath exception
   fastinfoset under Apache License, Version 2.0
   FindBugs-Annotations under GNU Lesser Public License
-  gnu-crypto under GNU General Public License, with the "library exception"
   Guava: Google Core Libraries for Java under The Apache Software License, Version 2.0
   Hamcrest Core under New BSD License
   Hibernate Commons Annotations under GNU Lesser General Public License
@@ -82,11 +90,11 @@ This project includes:
   Java Persistence API, Version 2.1 under Eclipse Public License (EPL), Version 1.0 or Eclipse Distribution License (EDL), Version 1.0
   Java Servlet API under CDDL + GPLv2 with classpath exception
   Java Transaction API under Commons Development and Distribution License, Version 1.0
-  java-getopt under GNU General Public License, with the "library exception"
   Javassist under MPL 1.1 or LGPL 2.1 or Apache License 2.0
   javax.inject under The Apache Software License, Version 2.0
   JAXB CORE under CDDL 1.1 or GPL2 w/ CPE
   JAXB Reference Implementation under CDDL 1.1 or GPL2 w/ CPE
+  JBoss Cache - Core Edition under GNU Lesser General Public License
   JBoss Common Classes under lgpl
   JBoss Logging 3 under Apache License, version 2.0
   JBoss Logging Programming Interface under lgpl
@@ -108,14 +116,10 @@ This project includes:
   Metrics Core under Apache License 2.0
   MinLog under New BSD License
   Mockito under The MIT License
-  net.jradius:jradius-core under LGPL, v3.0
-  net.jradius:jradius-dictionary under LGPL, v3.0
-  net.sf.ehcache:ehcache-terracotta under Apache License, Version 2.0
   Objenesis under Apache 2
   OGNL - Object Graph Navigation Library under Apache License, Version 2.0
-  org.jboss.cache:jbosscache-core under LGPL, v2.1
+  ON Enterprise Server JAR under GNU Lesser General Public License (LGPL)
   org.samba.jcifs:jcifs-ext under GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1
-  org.terracotta:terracotta-toolkit-1.0-runtime under Terracotta Public License, http://www.terracotta.org/legal/terracotta-public-license
   Person Directory API under Apache License Version 2.0
   Person Directory Implementations under Apache License Version 2.0
   Protocol Buffer Java API under New BSD license
diff --git a/cas-server-uber-webapp/pom.xml b/cas-server-uber-webapp/pom.xml
index a07ad510baec..b8b1951fd9e0 100644
--- a/cas-server-uber-webapp/pom.xml
+++ b/cas-server-uber-webapp/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <artifactId>cas-server</artifactId>
         <groupId>org.jasig.cas</groupId>
-        <version>4.1.0-RC3-SNAPSHOT</version>
+        <version>4.2.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <packaging>war</packaging>
diff --git a/cas-server-webapp-support/pom.xml b/cas-server-webapp-support/pom.xml
index c326b854e1fc..ff550ec56845 100644
--- a/cas-server-webapp-support/pom.xml
+++ b/cas-server-webapp-support/pom.xml
@@ -21,7 +21,7 @@
   <parent>
     <groupId>org.jasig.cas</groupId>
     <artifactId>cas-server</artifactId>
-    <version>4.1.0-RC3-SNAPSHOT</version>
+    <version>4.2.0-SNAPSHOT</version>
   </parent>
   <modelVersion>4.0.0</modelVersion>
   <artifactId>cas-server-webapp-support</artifactId>
diff --git a/cas-server-webapp/pom.xml b/cas-server-webapp/pom.xml
index a3fed143de1b..5119095fb411 100644
--- a/cas-server-webapp/pom.xml
+++ b/cas-server-webapp/pom.xml
@@ -21,7 +21,7 @@
   <parent>
     <groupId>org.jasig.cas</groupId>
     <artifactId>cas-server</artifactId>
-    <version>4.1.0-RC3-SNAPSHOT</version>
+    <version>4.2.0-SNAPSHOT</version>
   </parent>
   <modelVersion>4.0.0</modelVersion>
   <artifactId>cas-server-webapp</artifactId>
diff --git a/cas-server-webapp/src/main/resources/messages.properties b/cas-server-webapp/src/main/resources/messages.properties
index 369401078f5e..320b17d27b33 100644
--- a/cas-server-webapp/src/main/resources/messages.properties
+++ b/cas-server-webapp/src/main/resources/messages.properties
@@ -123,4 +123,11 @@ screen.oauth.confirm.allow=Allow
 
 # Unavailable
 screen.unavailable.heading=CAS is Unavailable
-screen.unavailable.message=There was an error trying to complete your request. Please notify your support desk or try again.
+screen.unavailable.message=There was an error trying to complete your request. \
+<strong>Please notify your support desk or try again.</strong> \
+<div>Apereo is a non-profit open source software governance foundation. The CAS software is an Apereo sponsored project \
+and is freely downloadable and usable by anyone. However, Apereo does not operate the systems of anyone using the \
+software and in most cases doesn't even know who is using it or how to contact them unless they are an active part \
+of the Apereo community.<br/></br>If you are having problems logging in using CAS, \
+<strong>you will need to contact the IT staff or Help Desk of your organization for assistance</strong>. \
+<br/><br/>We wish we could be more directly helpful to you.</div>
diff --git a/cas-server-webapp/src/main/resources/messages_ar.properties b/cas-server-webapp/src/main/resources/messages_ar.properties
index 7d05563b3f41..6414f14b9991 100644
--- a/cas-server-webapp/src/main/resources/messages_ar.properties
+++ b/cas-server-webapp/src/main/resources/messages_ar.properties
@@ -56,8 +56,8 @@ screen.service.sso.error.header=<span dir='rtl'> \u0644\u0644\u0648\u0635\u0648\
 screen.service.sso.error.message=<span dir='rtl'>\u0644\u0642\u062F \u062D\u0627\u0648\u0644\u062A \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u062E\u062F\u0645\u0629 \u064A\u062A\u0637\u0644\u0628 \u0645\u0635\u0627\u062F\u0642\u0629 \u0645\u0646 \u062F\u0648\u0646 \u0645\u0635\u0627\u062F\u0642\u0629 \u0645\u0646 \u062C\u062F\u064A\u062F.\u0627\u0644\u0631\u062C\u0627\u0621 \u062D\u0627\u0648\u0644 \u0644\u0645\u0635\u0627\u062F\u0642\u0629 \u0645\u0631\u0629 \u0623\u062E\u0631\u0649 {0} </span>
 
 error.invalid.loginticket=\u0644\u0627 \u064A\u0645\u0643\u0646\u0643 \u0645\u062D\u0627\u0648\u0644\u0629 \u0625\u0639\u0627\u062F\u0629 \u0627\u0644\u062A\u0642\u062F\u064A\u0645 \u0644\u0644\u0646\u0645\u0648\u0630\u062C \u0627\u0644\u0630\u064A \u062A\u0645 \u062A\u0642\u062F\u064A\u0645\u0647 \u0628\u0627\u0644\u0641\u0639\u0644
-required.username=\u0627\u0633\u0645 \u0627\u0644\u0645\u0633\u062A\u062E\u062F\u0645 \u0647\u0648 \u0627\u0644\u062D\u0642\u0644 \u0627\u0644\u0645\u0637\u0644\u0648\u0628
-required.password=\u0643\u0644\u0645\u0629 \u0627\u0644\u0633\u0631 \u0647\u064A \u0627\u0644\u062D\u0642\u0644 \u0627\u0644\u0645\u0637\u0644\u0648\u0628
+username.required=\u0627\u0633\u0645 \u0627\u0644\u0645\u0633\u062A\u062E\u062F\u0645 \u0647\u0648 \u0627\u0644\u062D\u0642\u0644 \u0627\u0644\u0645\u0637\u0644\u0648\u0628
+password.required=\u0643\u0644\u0645\u0629 \u0627\u0644\u0633\u0631 \u0647\u064A \u0627\u0644\u062D\u0642\u0644 \u0627\u0644\u0645\u0637\u0644\u0648\u0628
 error.authentication.credentials.bad= \u0623\u0648\u0631\u0627\u0642 \u0627\u0644\u0627\u0639\u062A\u0645\u0627\u062F \u0627\u0644\u062A\u064A \u0642\u062F\u0645\u062A\u0647\u0627 \u0644\u0627 \u064A\u0645\u0643\u0646 \u062A\u062D\u062F\u064A\u0647 \u0644\u0644\u0645\u0635\u0627\u062F\u0642\u0629 \u0639\u0644\u064A\u0647
 error.authentication.credentials.unsupported= \u0623\u0648\u0631\u0627\u0642 \u0627\u0644\u0627\u0639\u062A\u0645\u0627\u062F \u0627\u0644\u062A\u064A \u0642\u062F\u0645\u062A\u0647\u0627 \u063A\u064A\u0631 \u0645\u0639\u062A\u0645\u062F\u0629 \u0628\u0648\u0627\u0633\u0637\u0629
 
diff --git a/cas-server-webapp/src/main/resources/messages_ca.properties b/cas-server-webapp/src/main/resources/messages_ca.properties
index 38f579fddf93..768d61c248e3 100644
--- a/cas-server-webapp/src/main/resources/messages_ca.properties
+++ b/cas-server-webapp/src/main/resources/messages_ca.properties
@@ -59,8 +59,8 @@ screen.service.sso.error.header=Cal reautenticar per a accedir a aquest servei
 screen.service.sso.error.message=Heu intentat accedir a un servei que requereix autenticació sense reautenticar. Si us plau, intenteu <a href="{0}">autenticar de nou</a>.
 
 error.invalid.loginticket=No podeu intentar reenviar un formulari que ja s'ha enviat.
-required.username=El nom d'usuari és un camp obligatori.
-required.password=La contrasenya és un camp obligatori.
+username.required=El nom d'usuari és un camp obligatori.
+password.required=La contrasenya és un camp obligatori.
 
 # Authentication failure messages
 authenticationFailure.AccountDisabledException=S'ha deshabilitat aquest compte.
diff --git a/cas-server-webapp/src/main/resources/messages_de.properties b/cas-server-webapp/src/main/resources/messages_de.properties
index 6b3d5a715d21..4769ab85e455 100644
--- a/cas-server-webapp/src/main/resources/messages_de.properties
+++ b/cas-server-webapp/src/main/resources/messages_de.properties
@@ -56,8 +56,8 @@ screen.service.sso.error.header=Eine Neuanmeldung ist erforderlich, um auf den S
 screen.service.sso.error.message=Der Service, für den Sie versucht haben, sich zu authentifizieren, hat nicht das Recht, CAS zu benutzen.
 
 error.invalid.loginticket=Sie können kein Formular erneut abschicken, das bereits übertragen wurde.
-required.username=Benutzername ist ein Pflichtfeld.
-required.password=Passwort ist ein Pflichtfeld.
+username.required=Benutzername ist ein Pflichtfeld.
+password.required=Passwort ist ein Pflichtfeld.
 
 # Authentication failure messages
 authenticationFailure.AccountDisabledException=Dieses Konto wurde deaktiviert.
diff --git a/cas-server-webapp/src/main/resources/messages_es.properties b/cas-server-webapp/src/main/resources/messages_es.properties
index 3987bd9ec57f..180338f7d8e7 100644
--- a/cas-server-webapp/src/main/resources/messages_es.properties
+++ b/cas-server-webapp/src/main/resources/messages_es.properties
@@ -59,8 +59,8 @@ screen.service.sso.error.header=Reautenticación requerida para acceder a este s
 screen.service.sso.error.message=Intentó acceder a un servicio que requiere autenticación sin reautenticar. Por favor intente <a href="{0}">autenticar de nuevo</a>.
 
 error.invalid.loginticket=No puede intentar reenviar un formulario que ya se ha enviado.
-required.username=El nombre de usuario es un campo requerido.
-required.password=La contraseña es un campo requerido.
+username.required=El nombre de usuario es un campo requerido.
+password.required=La contraseña es un campo requerido.
 
 # Authentication failure messages
 authenticationFailure.AccountDisabledException=Se ha deshabilitado esta cuenta.
diff --git a/cas-server-webapp/src/main/resources/messages_fa.properties b/cas-server-webapp/src/main/resources/messages_fa.properties
index 57399ef00345..38ed90a655a8 100644
--- a/cas-server-webapp/src/main/resources/messages_fa.properties
+++ b/cas-server-webapp/src/main/resources/messages_fa.properties
@@ -56,8 +56,8 @@ screen.service.sso.error.header=<span dir='rtl'>\u0628\u0631\u0627\u06CC \u062F\
 screen.service.sso.error.message=<span dir='rtl'>\u0633\u0639\u06CC \u062F\u0627\u0634\u062A\u06CC\u062F \u0628\u062F\u0648\u0646 \u062A\u0627\u06CC\u06CC\u062F \u062F\u0648\u0628\u0627\u0631\u0647\u060C \u0628\u0647 \u0633\u0631\u0648\u06CC\u0633\u06CC \u062F\u0633\u062A\u0631\u0633\u06CC \u067E\u06CC\u062F\u0627 \u06A9\u0646\u06CC\u062F \u06A9\u0647 \u0646\u06CC\u0627\u0632 \u0628\u0647 \u062A\u0627\u06CC\u06CC\u062F \u062F\u0627\u0631\u062F. \u0644\u0637\u0641\u0627\u064B \u0628\u0639\u062F \u0627\u0632 </a>\u062A\u0627\u06CC\u06CC\u062F <a href=\u201D{0}\u201D> \u062F\u0648\u0628\u0627\u0631\u0647 \u0627\u0645\u062A\u062D\u0627\u0646 \u06A9\u0646\u06CC\u062F</span>
 
 error.invalid.loginticket=\u0646\u0645\u06CC\u062A\u0648\u0627\u0646\u06CC\u062F \u0641\u0631\u0645\u06CC \u06A9\u0647 \u0627\u0631\u0633\u0627\u0644 \u0634\u062F\u0647 \u0631\u0627 \u062F\u0648\u0628\u0627\u0631\u0647 \u0627\u0631\u0633\u0627\u0644 \u06A9\u0646\u06CC\u062F
-required.username=\u0648\u0627\u0631\u062F \u06A9\u0631\u062F\u0646 \u0646\u0627\u0645 \u06A9\u0627\u0631\u0628\u0631\u06CC \u0627\u0644\u0632\u0627\u0645\u06CC \u0627\u0633\u062A
-required.password=\u0648\u0627\u0631\u062F \u06A9\u0631\u062F\u0646 \u0631\u0645\u0632 \u0648\u0631\u0648\u062F \u0627\u0644\u0632\u0627\u0645\u06CC \u0627\u0633\u062A
+username.required=\u0648\u0627\u0631\u062F \u06A9\u0631\u062F\u0646 \u0646\u0627\u0645 \u06A9\u0627\u0631\u0628\u0631\u06CC \u0627\u0644\u0632\u0627\u0645\u06CC \u0627\u0633\u062A
+password.required=\u0648\u0627\u0631\u062F \u06A9\u0631\u062F\u0646 \u0631\u0645\u0632 \u0648\u0631\u0648\u062F \u0627\u0644\u0632\u0627\u0645\u06CC \u0627\u0633\u062A
 error.authentication.credentials.bad=\u0646\u0627\u0645 \u06A9\u0627\u0631\u0628\u0631\u06CC \u0648 \u0631\u0645\u0632 \u0648\u0631\u0648\u062F \u0635\u062D\u06CC\u062D \u0646\u0645\u06CC\u0628\u0627\u0634\u062F
 error.authentication.credentials.unsupported=>CAS \u0627\u06CC\u0646 \u0646\u0627\u0645 \u06A9\u0627\u0631\u0628\u0631\u06CC \u0648 \u0631\u0645\u0632 \u0648\u0631\u0648\u062F \u0631\u0627 \u067E\u0634\u062A\u06CC\u0627\u0646\u06CC \u0646\u0645\u06CC\u06A9\u0646\u062F
 
diff --git a/cas-server-webapp/src/main/resources/messages_fr.properties b/cas-server-webapp/src/main/resources/messages_fr.properties
index 60e43b6282c2..f17ecf50094b 100644
--- a/cas-server-webapp/src/main/resources/messages_fr.properties
+++ b/cas-server-webapp/src/main/resources/messages_fr.properties
@@ -72,8 +72,8 @@ screen.service.sso.error.message=Vous avez tenté d'accéder à un service qui r
 screen.service.required.message=Vous avez tenté de vous authentifier sans préciser d'application cible. Merci de vérifier votre requête et de recommencer.
 
 error.invalid.loginticket=Vous ne pouvez pas re-soumettre un formulaire d'autentification qui a déjà été soumis.
-required.username=Vous devez entrer votre identifiant.
-required.password=Vous devez entrer votre mot de passe.
+username.required=Vous devez entrer votre identifiant.
+password.required=Vous devez entrer votre mot de passe.
 
 # Authentication failure messages
 authenticationFailure.AccountDisabledException=Votre compte a été désactivé.
diff --git a/cas-server-webapp/src/main/resources/messages_hr.properties b/cas-server-webapp/src/main/resources/messages_hr.properties
index 348fc062f128..355be26470c2 100644
--- a/cas-server-webapp/src/main/resources/messages_hr.properties
+++ b/cas-server-webapp/src/main/resources/messages_hr.properties
@@ -54,8 +54,8 @@ screen.service.sso.error.header=Za pristup ovom servisu potrebna je ponovna aute
 screen.service.sso.error.message=Poku\u0161ali ste pristupiti servisu koji zahtijeva autentikaciju, pri \u010demu se niste ponovno autenticirali. Molimo vas poku\u0161ajte se ponovno autenticirati pritiskom <a href="{0}">ovdje</a>.
 
 error.invalid.loginticket=Sadr\u017eaj forme ve\u0107 je poslan. Ponovno slanje nije dozvoljeno.
-required.username=Korisni\u010dko ime je obavezno polje.
-required.password=Zaporka je obavezno polje.
+username.required=Korisni\u010dko ime je obavezno polje.
+password.required=Zaporka je obavezno polje.
 error.authentication.credentials.bad=Korisni\u010dko ime i(li) zaporka nisu ispravni.
 error.authentication.credentials.unsupported=CAS ne podr\u017eava ovaj na\u010din autentikacije.
 
diff --git a/cas-server-webapp/src/main/resources/messages_it.properties b/cas-server-webapp/src/main/resources/messages_it.properties
index bf45e5c02c09..81082c7c3c93 100644
--- a/cas-server-webapp/src/main/resources/messages_it.properties
+++ b/cas-server-webapp/src/main/resources/messages_it.properties
@@ -57,8 +57,8 @@ screen.service.sso.error.header=
 screen.service.sso.error.message=Si è tentato di accedere a un servizio che richiede di effettuare nuovamente l'autenticazione. Si prega di <a href="{0}">autenticarsi nuovamente</a>.
 
 error.invalid.loginticket=Ricompila il form dall'inizio senza utilizzare il tasto 'indietro'
-required.username=Il campo login é obbligatorio
-required.password=Il campo password é obbligatorio
+username.required=Il campo login é obbligatorio
+password.required=Il campo password é obbligatorio
 error.authentication.credentials.bad=Login o password errate
 error.authentication.credentials.unsupported=Le credenziali utilizzate non sono supportate da CAS
 
diff --git a/cas-server-webapp/src/main/resources/messages_ja.properties b/cas-server-webapp/src/main/resources/messages_ja.properties
index cf7d299140bd..c1c94f8a954e 100644
--- a/cas-server-webapp/src/main/resources/messages_ja.properties
+++ b/cas-server-webapp/src/main/resources/messages_ja.properties
@@ -57,8 +57,8 @@ screen.service.sso.error.header=\u3053\u306e\u30b5\u30fc\u30d3\u30b9\u306b\u30a2
 screen.service.sso.error.message=\u518d\u8a8d\u8a3c\u3092\u8981\u6c42\u3059\u308b\u30b5\u30fc\u30d3\u30b9\u306b\u30a2\u30af\u30bb\u30b9\u3057\u3088\u3046\u3068\u3057\u307e\u3057\u305f\uff0e<a href="{0}">\u518d\u8a8d\u8a3c</a>\u3092\u8a66\u307f\u3066\u304f\u3060\u3055\u3044\uff0e
 
 error.invalid.loginticket=\u3059\u3067\u306b\u9001\u4fe1\u6e08\u307f\u306e\u30d5\u30a9\u30fc\u30e0\u306f\u518d\u9001\u4fe1\u3067\u304d\u307e\u305b\u3093\uff0e
-required.username=\u30e6\u30fc\u30b6\u540d\u306f\u5fc5\u9808\u30d5\u30a3\u30fc\u30eb\u30c9\u3067\u3059\uff0e
-required.password=\u30d1\u30b9\u30ef\u30fc\u30c9\u306f\u5fc5\u9808\u30d5\u30a3\u30fc\u30eb\u30c9\u3067\u3059\uff0e
+username.required=\u30e6\u30fc\u30b6\u540d\u306f\u5fc5\u9808\u30d5\u30a3\u30fc\u30eb\u30c9\u3067\u3059\uff0e
+password.required=\u30d1\u30b9\u30ef\u30fc\u30c9\u306f\u5fc5\u9808\u30d5\u30a3\u30fc\u30eb\u30c9\u3067\u3059\uff0e
 error.authentication.credentials.bad=\u3042\u306a\u305f\u304c\u5165\u529b\u3057\u305f\u8a8d\u8a3c\u60c5\u5831\u306f\uff0c\u8a8d\u8a3c\u53ef\u80fd\u306a\u3082\u306e\u3067\u3042\u308b\u3053\u3068\u304c\u78ba\u8a8d\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\uff0e
 error.authentication.credentials.unsupported=\u5165\u529b\u3057\u305f\u8a8d\u8a3c\u60c5\u5831\u306f CAS \u3067\u306f\u30b5\u30dd\u30fc\u30c8\u3055\u308c\u3066\u3044\u307e\u305b\u3093\uff0e
 
diff --git a/cas-server-webapp/src/main/resources/messages_mk.properties b/cas-server-webapp/src/main/resources/messages_mk.properties
index 46db8a758a23..3218978ebf3e 100644
--- a/cas-server-webapp/src/main/resources/messages_mk.properties
+++ b/cas-server-webapp/src/main/resources/messages_mk.properties
@@ -52,8 +52,8 @@ screen.service.sso.error.header=\u0417\u0430 \u043f\u0440\u0438\u0441\u0442\u043
 screen.service.sso.error.message=\u0421\u0435 \u043e\u0431\u0438\u0434\u043e\u0432\u0442\u0435 \u0434\u0430 \u043f\u0440\u0438\u0441\u0442\u0430\u043f\u0438\u0442\u0435 \u043d\u0430 \u0441\u0435\u0440\u0432\u0438\u0441 \u043a\u043e\u0458 \u043f\u043e\u0431\u0430\u0440\u0443\u0432\u0430 \u0430\u0432\u0442\u0435\u043d\u0442\u0438\u043a\u0430\u0446\u0438\u0458\u0430, \u043f\u0440\u0438\u0442\u043e\u0430 \u043d\u0435 \u0441\u0442\u0435 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e \u0430\u0432\u0442\u0435\u043d\u0442\u0438\u0446\u0438\u0440\u0430\u043d\u0438. \u0412\u0435 \u043c\u043e\u043b\u0438\u043c\u0435 \u0434\u0430 \u0441\u0435 \u043e\u0431\u0438\u0434\u0435\u0442\u0435 \u0434\u0430 \u0441\u0435 \u0430\u0432\u0442\u0435\u0442\u0438\u043d\u0446\u0438\u0440\u0430\u0442\u0435 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e \u0441\u043e \u043f\u0440\u0438\u0442\u0438\u0441\u043a\u0430\u045a\u0435 <a href="{0}&renew=true">\u0422\u0423\u041a\u0410</a>.
 
 error.invalid.loginticket=\u0421\u043e\u0434\u0440\u0436\u0438\u043d\u0430\u0442\u0430 \u043d\u0430 \u0444\u043e\u0440\u043c\u0443\u043b\u0430\u0440\u043e\u0442 \u0435 \u0432\u0435\u045c\u0435 \u0438\u0441\u043f\u0440\u0430\u0442\u0435\u043d\u0430. \u041f\u043e\u0432\u0442\u043e\u0440\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u045c\u0430\u045a\u0435 \u043d\u0435 \u0435 \u0434\u043e\u0437\u0432\u043e\u043b\u0435\u043d\u043e.
-required.username=\u041a\u043e\u0440\u0438\u0441\u043d\u0438\u0447\u043a\u043e\u0442\u043e \u0438\u043c\u0435 \u0437\u0430\u0434\u043e\u043b\u0436\u0438\u0442\u0435\u043b\u043d\u043e \u0442\u0440\u0435\u0431\u0430 \u0434\u0430 \u0441\u0435 \u043f\u043e\u043f\u043e\u043b\u043d\u0438.
-required.password=\u041b\u043e\u0437\u0438\u043d\u043a\u0430\u0442\u0430 \u0437\u0430\u0434\u043e\u043b\u0436\u0438\u0442\u0435\u043b\u043d\u043e \u0442\u0440\u0435\u0431\u0430 \u0434\u0430 \u0441\u0435 \u043f\u043e\u043f\u043e\u043b\u043d\u0438
+username.required=\u041a\u043e\u0440\u0438\u0441\u043d\u0438\u0447\u043a\u043e\u0442\u043e \u0438\u043c\u0435 \u0437\u0430\u0434\u043e\u043b\u0436\u0438\u0442\u0435\u043b\u043d\u043e \u0442\u0440\u0435\u0431\u0430 \u0434\u0430 \u0441\u0435 \u043f\u043e\u043f\u043e\u043b\u043d\u0438.
+password.required=\u041b\u043e\u0437\u0438\u043d\u043a\u0430\u0442\u0430 \u0437\u0430\u0434\u043e\u043b\u0436\u0438\u0442\u0435\u043b\u043d\u043e \u0442\u0440\u0435\u0431\u0430 \u0434\u0430 \u0441\u0435 \u043f\u043e\u043f\u043e\u043b\u043d\u0438
 error.authentication.credentials.bad=\u041a\u043e\u0440\u0438\u0441\u043d\u0438\u0447\u043a\u043e\u0442\u043e \u0438\u043c\u0435 \u0438/\u0438\u043b\u0438 \u043b\u043e\u0437\u0438\u043d\u043a\u0430\u0442\u0430 \u043d\u0435 \u0441\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043d\u0438.
 error.authentication.credentials.unsupported=\u0426\u0410\u0421 \u043d\u0435 \u0433\u043e \u043f\u043e\u0434\u0434\u0440\u0436\u0443\u0432\u0430 \u043e\u0432\u043e\u0458 \u043d\u0430\u0447\u0438\u043d \u043d\u0430 \u0430\u0432\u0442\u0435\u043d\u0442\u0438\u043a\u0430\u0446\u0438\u0458\u0430.
 
diff --git a/cas-server-webapp/src/main/resources/messages_nl.properties b/cas-server-webapp/src/main/resources/messages_nl.properties
index a9b42a07e716..7674739cbffe 100644
--- a/cas-server-webapp/src/main/resources/messages_nl.properties
+++ b/cas-server-webapp/src/main/resources/messages_nl.properties
@@ -50,8 +50,8 @@ screen.logout.security=Voor de veiligheid dien je je browser nu af te sluiten.
 screen.logout.redirect=De applicatie waar je vandaan komt heeft <a href="{0}">deze link opgegeven die je kan volgen door hier te klikken</a>.
 
 error.invalid.loginticket=Je mag geen formulier verzenden dat je al eens hebt verzonden.
-required.username=Gelieve een gebruikersnaam in te vullen.
-required.password=Gelieve een wachtwoord in te vullen.
+username.required=Gelieve een gebruikersnaam in te vullen.
+password.required=Gelieve een wachtwoord in te vullen.
 error.authentication.credentials.bad=De combinatie van gebruikersnaam en wachtwoord was niet juist.
 error.authentication.credentials.unsupported=De verstuurde identificatiegegevens worden niet ondersteund door CAS.
 
diff --git a/cas-server-webapp/src/main/resources/messages_pt_BR.properties b/cas-server-webapp/src/main/resources/messages_pt_BR.properties
index e80b4cd72c82..872eb3b85f3a 100644
--- a/cas-server-webapp/src/main/resources/messages_pt_BR.properties
+++ b/cas-server-webapp/src/main/resources/messages_pt_BR.properties
@@ -49,8 +49,8 @@ screen.service.sso.error.header=Re-Autenti\u00e7\u00e3o Obrigat\u00f3ria para Ac
 screen.service.sso.error.message=Voc\u00ea tentou acessar um servi\u00e7o que necessita de autentica\u00e7\u00e3o sem re-autentica\u00e7\u00e3o. Por favor, tente <a href="{0}">autenticar novamente</a>.
 
 error.invalid.loginticket=Voc\u00ea n\u00e3o pode tentar re-enviar um formul\u00e1rio que j\u00e1 vou enviado anteriormente.
-required.username=Usu\u00e1rio \u00e9 um campo obrigat\u00f3rio.
-required.password=Senha \u00e9 um campo obrigat\u00f3rio.
+username.required=Usu\u00e1rio \u00e9 um campo obrigat\u00f3rio.
+password.required=Senha \u00e9 um campo obrigat\u00f3rio.
 error.authentication.credentials.bad=Usu\u00e1rio ou senha inv\u00e1lidos.
 error.authentication.credentials.unsupported=As credenciais fornecidas n\u00e3o n\u00e3o suportadas pelo CAS.
 
diff --git a/cas-server-webapp/src/main/resources/messages_pt_PT.properties b/cas-server-webapp/src/main/resources/messages_pt_PT.properties
index 046364b76cd7..aa0507cb7716 100644
--- a/cas-server-webapp/src/main/resources/messages_pt_PT.properties
+++ b/cas-server-webapp/src/main/resources/messages_pt_PT.properties
@@ -54,8 +54,8 @@ screen.service.sso.error.header=\u221a\u00e2 necess\u221a\u00b0ria reautentica\u
 screen.service.sso.error.message=Voc\u221a\u2122 tentou o acesso a um servi\u221a\u00dfo que requer reautentica\u221a\u00df\u221a\u00a3o sem a efectuar. Por favor tente <a href="{0}">autenticar-se novamente</a>.
 
 error.invalid.loginticket=N\u221a\u00a3o pode tentar reenviar um formul\u221a\u00b0rio que foi enviado anteriormente.
-required.username=Utilizador \u221a\u00a9 um campo obrigat\u221a\u2265rio.
-required.password=Palavra-passe \u221a\u00a9 um campo obrigat\u221a\u2265rio.
+username.required=Utilizador \u221a\u00a9 um campo obrigat\u221a\u2265rio.
+password.required=Palavra-passe \u221a\u00a9 um campo obrigat\u221a\u2265rio.
 error.authentication.credentials.bad=Utilizador ou palavra-passe inv\u221a\u00b0lidos.
 error.authentication.credentials.unsupported=As credenciais fornecidas n\u221a\u00a3o s\u221a\u00a3o suportadas pelo Servi\u221a\u00dfo de Autentica\u221a\u00df\u221a\u00a3o Central.
 
diff --git a/cas-server-webapp/src/main/resources/messages_ru.properties b/cas-server-webapp/src/main/resources/messages_ru.properties
index f7a92a2f5f8e..57b88bb1f63a 100644
--- a/cas-server-webapp/src/main/resources/messages_ru.properties
+++ b/cas-server-webapp/src/main/resources/messages_ru.properties
@@ -56,8 +56,8 @@ screen.service.sso.error.header=\u041F\u0435\u0440\u0435\u0443\u0441\u0442\u0430
 screen.service.sso.error.message=\u0412\u044B \u043F\u043E\u043F\u044B\u0442\u0430\u043B\u0438\u0441\u044C \u043F\u043E\u043B\u0443\u0447\u0438\u0442\u044C \u0434\u043E\u0441\u0442\u0443\u043F \u043A \u0441\u0435\u0440\u0432\u0438\u0441\u0443 \u043A\u043E\u0442\u043E\u0440\u043E\u043C\u0443 \u043D\u0435\u043E\u0431\u0445\u043E\u0434\u0438\u043C\u043E \u043F\u0435\u0440\u0435\u0443\u0441\u0442\u0430\u043D\u043E\u0432\u043B\u0435\u043D\u0438\u0435 \u043F\u043E\u0434\u043B\u0438\u043D\u043D\u043E\u0441\u0442\u0438. \u041F\u043E\u0436\u0430\u043B\u0443\u0439\u0441\u0442\u0430 <a href="{0}">\u0441\u0434\u0435\u043B\u0430\u0439\u0442\u0435 \u044D\u0442\u043E \u0441\u043D\u043E\u0432\u0430</a>.
 
 error.invalid.loginticket=\u0412\u0435\u0431-\u0444\u043E\u0440\u043C\u0430 \u0443\u0436\u0435 \u043E\u0442\u043F\u0440\u0430\u0432\u0438\u043B\u0430 \u0434\u0430\u043D\u043D\u044B\u0435 \u043D\u0430 \u0441\u0435\u0440\u0432\u0435\u0440. \u041F\u043E\u0432\u0442\u043E\u0440\u043D\u0430\u044F \u043F\u0435\u0440\u0435\u043E\u0442\u043F\u0440\u0430\u0432\u043A\u0430 \u0434\u0430\u043D\u043D\u044B\u0445 \u043D\u0435\u0432\u043E\u0437\u043C\u043E\u0436\u043D\u0430.
-required.username=\u0418\u043C\u044F \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044F - \u043E\u0431\u044F\u0437\u0430\u0442\u0435\u043B\u044C\u043D\u043E\u0435 \u043F\u043E\u043B\u0435 \u0432\u0432\u043E\u0434\u0430.
-required.password=\u041F\u0430\u0440\u043E\u043B\u044C - \u043E\u0431\u044F\u0437\u0430\u0442\u0435\u043B\u044C\u043D\u043E\u0435 \u043F\u043E\u043B\u0435 \u0432\u0432\u043E\u0434\u0430.
+username.required=\u0418\u043C\u044F \u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u0435\u043B\u044F - \u043E\u0431\u044F\u0437\u0430\u0442\u0435\u043B\u044C\u043D\u043E\u0435 \u043F\u043E\u043B\u0435 \u0432\u0432\u043E\u0434\u0430.
+password.required=\u041F\u0430\u0440\u043E\u043B\u044C - \u043E\u0431\u044F\u0437\u0430\u0442\u0435\u043B\u044C\u043D\u043E\u0435 \u043F\u043E\u043B\u0435 \u0432\u0432\u043E\u0434\u0430.
 
 # Authentication failure messages
 authenticationFailure.AccountDisabledException=\u042D\u0442\u0430 \u0443\u0447\u0451\u0442\u043D\u0430\u044F \u0437\u0430\u043F\u0438\u0441\u044C \u0432\u0440\u0435\u043C\u0435\u043D\u043D\u043E \u043D\u0435\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044E\u0449\u0430\u044F.
diff --git a/cas-server-webapp/src/main/resources/messages_sl.properties b/cas-server-webapp/src/main/resources/messages_sl.properties
index afa088666922..dfb6de98e2e0 100644
--- a/cas-server-webapp/src/main/resources/messages_sl.properties
+++ b/cas-server-webapp/src/main/resources/messages_sl.properties
@@ -51,8 +51,8 @@ screen.service.error.message=Vstopiti ste hoteli do o spletne storitve nima dovo
 
 
 error.invalid.loginticket=Ne morete narediti re-submit forme, ki je \u017Ee bila poslana.
-required.username=Uporabni\u0161ko ime je nujno vpisati\!
-required.password=Geslo je nujno vpisati\!
+username.required=Uporabni\u0161ko ime je nujno vpisati\!
+password.required=Geslo je nujno vpisati\!
 error.authentication.credentials.bad=Veredostojnost, ki ste jo vpisali ne moremo dolo\u010Diti, da je pristno\!
 error.authentication.credentials.unsupported=Veredostojnost, ki ste jo vpisali ni podprto v CAS-u\!
 
diff --git a/cas-server-webapp/src/main/resources/messages_sv.properties b/cas-server-webapp/src/main/resources/messages_sv.properties
index 1918c56774cd..9286c78e9f56 100644
--- a/cas-server-webapp/src/main/resources/messages_sv.properties
+++ b/cas-server-webapp/src/main/resources/messages_sv.properties
@@ -53,8 +53,8 @@ screen.service.sso.error.header=Du måste logga in igen för att använda denna
 screen.service.sso.error.message=Du försökte använda en webbtjänst som kräver att du loggar in igen för att använda den. <a href="{0}">Logga in igen</a>!
 
 error.invalid.loginticket=Du kan inte återanvända ett webbformulär som redan har skickats in.
-required.username=Användaridentitet är en obligatoriskt uppgift.
-required.password=Lösenord är en obligatoriskt uppgift.
+username.required=Användaridentitet är en obligatoriskt uppgift.
+password.required=Lösenord är en obligatoriskt uppgift.
 error.authentication.credentials.bad=Inloggningsuppgifterna du angav kunde inte valideras!
 error.authentication.credentials.unsupported=Inloggningsuppgifterna du angav kan inte hanteras av CAS.
 
diff --git a/cas-server-webapp/src/main/resources/messages_tr.properties b/cas-server-webapp/src/main/resources/messages_tr.properties
index f3511fc81b6b..2566e334f3ad 100644
--- a/cas-server-webapp/src/main/resources/messages_tr.properties
+++ b/cas-server-webapp/src/main/resources/messages_tr.properties
@@ -52,8 +52,8 @@ screen.service.sso.error.header=Bu servise eri\u015fim i\u00e7in tekrar kimlikle
 screen.service.sso.error.message=Bir servise ard\u0131\u015f\u0131k kimlik onay\u0131 yaparak eri\u015fmeye \u00e7al\u0131\u015ft\u0131n\u0131z. Onay i\u00e7in l\u00fctfen tekrar <a href="{0}">t\u0131klay\u0131n\u0131z</a>.
 
 error.invalid.loginticket=\u00d6nceden g\u00f6nderilmi\u015f bir giri\u015f formunu tekrar g\u00f6nderemezsiniz.
-required.username=Kullan\u0131c\u0131 Ad\u0131 girilmesi gerekli bir aland\u0131r.
-required.password=Parola girilmesi gerekli bir aland\u0131r.
+username.required=Kullan\u0131c\u0131 Ad\u0131 girilmesi gerekli bir aland\u0131r.
+password.required=Parola girilmesi gerekli bir aland\u0131r.
 error.authentication.credentials.bad=Kullan\u0131c\u0131 Kodu veya Parola bilginizde yanl\u0131\u015fl\u0131k var. L\u00fctfen kontrol edip tekrar deneyiniz.
 error.authentication.credentials.unsupported=Sa\u011flad\u0131\u011f\u0131n\u0131z kimliklendirme bilgileri Merkezi Kimliklendirme Sistemi taraf\u0131ndan tan\u0131nmamaktad\u0131r.
 
diff --git a/cas-server-webapp/src/main/resources/messages_uk.properties b/cas-server-webapp/src/main/resources/messages_uk.properties
index 91709330e0eb..89972c60a1c2 100644
--- a/cas-server-webapp/src/main/resources/messages_uk.properties
+++ b/cas-server-webapp/src/main/resources/messages_uk.properties
@@ -51,8 +51,8 @@ screen.service.error.message=\u0421\u0435\u0440\u0432\u0456\u0441, \u0434\u043b\
 
 
 error.invalid.loginticket=\u0412\u0438 \u043d\u0435 \u043c\u043e\u0436\u0435\u0442\u0435 \u0432\u0456\u0434\u0456\u0441\u043b\u0430\u0442\u0438 \u0432\u0435\u0431-\u0444\u043e\u0440\u043c\u0443, \u044f\u043a\u0430 \u0432\u0436\u0435 \u0432\u0456\u0434\u0456\u0441\u043b\u0430\u043d\u0430.
-required.username=\u0406\u043c'\u044f \u043a\u043e\u0440\u0438\u0441\u0442\u0443\u0432\u0430\u0447\u0430 - \u043e\u0431\u043e\u0432'\u044f\u0437\u043a\u043e\u0432\u0435 \u043f\u043e\u043b\u0435 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044f.
-required.password=\u041f\u0430\u0440\u043e\u043b\u044c - \u043e\u0431\u043e\u0432'\u044f\u0437\u043a\u043e\u0432\u0435 \u043f\u043e\u043b\u0435 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044f.
+username.required=\u0406\u043c'\u044f \u043a\u043e\u0440\u0438\u0441\u0442\u0443\u0432\u0430\u0447\u0430 - \u043e\u0431\u043e\u0432'\u044f\u0437\u043a\u043e\u0432\u0435 \u043f\u043e\u043b\u0435 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044f.
+password.required=\u041f\u0430\u0440\u043e\u043b\u044c - \u043e\u0431\u043e\u0432'\u044f\u0437\u043a\u043e\u0432\u0435 \u043f\u043e\u043b\u0435 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044f.
 error.authentication.credentials.bad=\u0421\u043f\u0440\u0430\u0432\u0436\u043d\u0456\u0441\u0442\u044c \u043d\u0430\u0434\u0430\u043d\u0438\u0445 \u0432\u0456\u0440\u0447\u0438\u0445 \u0434\u0430\u043d\u0438\u0445 \u043d\u0435 \u043c\u043e\u0436\u0435 \u0431\u0443\u0442\u0438 \u043f\u0456\u0434\u0442\u0432\u0435\u0440\u0434\u0436\u0435\u043d\u0430.
 error.authentication.credentials.unsupported=\u041d\u0430\u0434\u0430\u043d\u0456 \u0432\u0456\u0440\u0447\u0456 \u0434\u0430\u043d\u0456 \u043d\u0435 \u043f\u0456\u0434\u0442\u0440\u0438\u043c\u0443\u044e\u0442\u044c\u0441\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u043e\u044e CAS.
 
diff --git a/cas-server-webapp/src/main/resources/messages_ur.properties b/cas-server-webapp/src/main/resources/messages_ur.properties
index c6cbea47dfb8..c64575901b41 100644
--- a/cas-server-webapp/src/main/resources/messages_ur.properties
+++ b/cas-server-webapp/src/main/resources/messages_ur.properties
@@ -54,8 +54,8 @@ screen.service.error.header=Bay Sanud Service
 screen.service.error.message=Aap jiss service kay liay tasdeek ki kooshush kar rahay thay woo service CAS istamal karnay ki mijaz nahi.
 
 error.invalid.loginticket=Aap oos form ko dobara arsaal karnay ki kooshsish nahi kar saktay joo aap pahly arsal kar chookay hoon.
-required.username=Username ka khana por karna lazmi hay.
-required.password=Password ka khana por karna lazmi hay.
+username.required=Username ka khana por karna lazmi hay.
+password.required=Password ka khana por karna lazmi hay.
 error.authentication.credentials.bad=Aap ka mohya kia howa waseeka (parteet puter) ki tasdeek karna momkin nahi.
 error.authentication.credentials.unsupported=Aap kay mohya kiay howay waseeka (parteet puter) ko CAS support nahi karta.
 
diff --git a/cas-server-webapp/src/main/resources/messages_zh_CN.properties b/cas-server-webapp/src/main/resources/messages_zh_CN.properties
index 28427bf8b668..a387c4c70efc 100644
--- a/cas-server-webapp/src/main/resources/messages_zh_CN.properties
+++ b/cas-server-webapp/src/main/resources/messages_zh_CN.properties
@@ -56,8 +56,8 @@ screen.service.sso.error.header=\u5728\u8bbf\u95ee\u5230\u5230\u76ee\u6807\u670d
 screen.service.sso.error.message=\u4f60\u6b63\u8bd5\u56fe\u8bbf\u95ee\u8981\u6c42\u91cd\u65b0\u8ba4\u8bc1\u7684\u670d\u52a1\u3002\u8bf7\u5c1d\u8bd5\u8fdb\u884c<a href="{0}">\u518d\u6b21\u8ba4\u8bc1</a>\u3002
 
 error.invalid.loginticket=\u60a8\u4e0d\u80fd\u591f\u518d\u6b21\u63d0\u4ea4\u5df2\u7ecf\u63d0\u4ea4\u8fc7\u7684\u8868\u5355\u3002
-required.username=\u5fc5\u987b\u5f55\u5165\u7528\u6237\u540d\u3002
-required.password=\u5fc5\u987b\u5f55\u5165\u5bc6\u7801\u3002
+username.required=\u5fc5\u987b\u5f55\u5165\u7528\u6237\u540d\u3002
+password.required=\u5fc5\u987b\u5f55\u5165\u5bc6\u7801\u3002
 
 # Authentication failure messages
 authenticationFailure.AccountDisabledException=\u8fd9\u4e2a\u8d26\u6237\u88ab\u7981\u7528\u4e86\u3002
diff --git a/cas-server-webapp/src/main/resources/messages_zh_TW.properties b/cas-server-webapp/src/main/resources/messages_zh_TW.properties
index 01a403420e86..af68df3a71d0 100644
--- a/cas-server-webapp/src/main/resources/messages_zh_TW.properties
+++ b/cas-server-webapp/src/main/resources/messages_zh_TW.properties
@@ -53,8 +53,8 @@ screen.service.sso.error.header=\u5728\u8a2a\u554f\u5230\u5230\u76ee\u6a19\u670d
 screen.service.sso.error.message=\u4f60\u6b63\u8a66\u5716\u8a2a\u554f\u8981\u6c42\u91cd\u65b0\u8a8d\u8b49\u7684\u670d\u52d9\u3002\u8acb\u5617\u8a66\u9032\u884c<a href="{0}">\u518d\u6b21\u8a8d\u8b49</a>\u3002
 
 error.invalid.loginticket=\u60a8\u4e0d\u80fd\u5920\u518d\u6b21\u63d0\u4ea4\u5df2\u7d93\u63d0\u4ea4\u904e\u7684\u8868\u55ae\u3002
-required.username=\u5fc5\u9808\u9304\u5165\u7528\u6236\u540d\u3002
-required.password=\u5fc5\u9808\u9304\u5165\u5bc6\u78bc\u3002
+username.required=\u5fc5\u9808\u9304\u5165\u7528\u6236\u540d\u3002
+password.required=\u5fc5\u9808\u9304\u5165\u5bc6\u78bc\u3002
 error.authentication.credentials.bad=\u60a8\u63d0\u4f9b\u7684\u6191\u8b49\u6709\u8aa4\u3002
 error.authentication.credentials.unsupported=CAS\u4e0d\u652f\u6301\u60a8\u63d0\u4f9b\u7684\u6191\u8b49\u3002
 
diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/cas-servlet.xml b/cas-server-webapp/src/main/webapp/WEB-INF/cas-servlet.xml
index 8a0f266a3a9f..e21636fcefdb 100644
--- a/cas-server-webapp/src/main/webapp/WEB-INF/cas-servlet.xml
+++ b/cas-server-webapp/src/main/webapp/WEB-INF/cas-servlet.xml
@@ -345,6 +345,7 @@
   <bean id="samlValidateController" class="org.jasig.cas.web.ServiceValidateController"
           p:validationSpecificationClass="org.jasig.cas.validation.Cas20WithoutProxyingValidationSpecification"
           p:centralAuthenticationService-ref="centralAuthenticationService"
+          p:servicesManager-ref="servicesManager"
           p:proxyHandler-ref="proxy20Handler"
           p:argumentExtractor-ref="samlArgumentExtractor"
           p:successView="casSamlServiceSuccessView"
diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/cas.properties b/cas-server-webapp/src/main/webapp/WEB-INF/cas.properties
index 40c854e02aa6..76635708022e 100644
--- a/cas-server-webapp/src/main/webapp/WEB-INF/cas.properties
+++ b/cas-server-webapp/src/main/webapp/WEB-INF/cas.properties
@@ -21,7 +21,7 @@ server.name=http://localhost:8080
 server.prefix=${server.name}/cas
 
 # Spring Security's EL-based access rules for the /status URI of CAS that exposes health check information
-cas.securityContext.status.access=hasIpAddress('127.0.0.1')
+cas.securityContext.status.access=permitAll
 
 # Spring Security's EL-based access rules for the /statistics URI of CAS that exposes stats about the CAS server
 cas.securityContext.statistics.access=hasIpAddress('127.0.0.1')
@@ -63,6 +63,31 @@ tgc.encryption.key=1PbwSbnHeinpkZOSZjuSJ8yYpUrInm5aaV18J2Ar4rM
 # The signing secret key. By default, must be a octet string of size 512.
 tgc.signing.key=szxK-5_eJjs-aUj-64MpUZ-GPPzGLhYPLGl0wrYjYNVAGva2P0lLe6UGKGM7k8dWxsOVGutZWgvmY3l5oVPO3w
 
+# Decides whether SSO cookie should be created only under secure connections.
+# tgc.secure=true
+
+# The expiration value of the SSO cookie
+# tgc.maxAge=-1
+
+# The name of the SSO cookie
+# tgc.name=TGC
+
+# The path to which the SSO cookie will be scoped
+# tgc.path=/cas
+
+# Decides whether SSO Warning cookie should be created only under secure connections.
+# warn.cookie.secure=true
+
+# The expiration value of the SSO Warning cookie
+# warn.cookie.maxAge=-1
+
+# The name of the SSO Warning cookie
+# warn.cookie.name=CASPRIVACY
+
+# The path to which the SSO Warning cookie will be scoped
+# warn.cookie.path=/cas
+
+
 ##
 # CAS Logout Behavior
 # WEB-INF/cas-servlet.xml
diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/ticketExpirationPolicies.xml b/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/ticketExpirationPolicies.xml
index d46403c91555..3786b8c7c0fc 100644
--- a/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/ticketExpirationPolicies.xml
+++ b/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/ticketExpirationPolicies.xml
@@ -43,5 +43,6 @@
     <!-- TicketGrantingTicketExpirationPolicy: Default as of 3.5 -->
     <!-- Provides both idle and hard timeouts, for instance 2 hour sliding window with an 8 hour max lifetime -->
     <bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.TicketGrantingTicketExpirationPolicy"
-          c:maxTimeToLive="${tgt.maxTimeToLiveInSeconds:28800}" c:timeToKill="${tgt.timeToKillInSeconds:7200}" c:timeUnit-ref="SECONDS" />
+          c:maxTimeToLive="${tgt.maxTimeToLiveInSeconds:28800}" c:timeToKill="${tgt.timeToKillInSeconds:7200}"
+          c:timeUnit-ref="SECONDS" />
 </beans>
diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml b/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml
index 5ac20c9c45c4..123b534b2b50 100644
--- a/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml
+++ b/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml
@@ -33,10 +33,10 @@
 
     <bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
           c:casCookieValueManager-ref="cookieValueManager"
-          p:cookieSecure="true"
-          p:cookieMaxAge="-1"
-          p:cookieName="TGC"
-          p:cookiePath="/cas"/>
+          p:cookieSecure="${tgc.secure:true}"
+          p:cookieMaxAge="${tgc.maxAge:-1}"
+          p:cookieName="${tgc.name:TGC}"
+          p:cookiePath="${tgc.path:/cas}"/>
 
     <bean id="cookieCipherExecutor" class="org.jasig.cas.util.DefaultCipherExecutor"
           c:secretKeyEncryption="${tgc.encryption.key}"
diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/warnCookieGenerator.xml b/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/warnCookieGenerator.xml
index 015ed82c6ee3..5350ae9cbec4 100644
--- a/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/warnCookieGenerator.xml
+++ b/cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/warnCookieGenerator.xml
@@ -30,9 +30,9 @@
     </description>
 
     <bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
-          p:cookieSecure="true"
-          p:cookieMaxAge="-1"
-          p:cookieName="CASPRIVACY"
-          p:cookiePath="/cas"/>
+          p:cookieSecure="${warn.cookie.secure:true}"
+          p:cookieMaxAge="${warn.cookie.maxAge:-1}"
+          p:cookieName="${warn.cookie.name:CASPRIVACY}"
+          p:cookiePath="${warn.cookie.path:/cas}"/>
 
 </beans>
diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/includes/bottom.jsp b/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/includes/bottom.jsp
index b79a0208f014..4d1b7dfb12aa 100644
--- a/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/includes/bottom.jsp
+++ b/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/includes/bottom.jsp
@@ -25,7 +25,9 @@
 <footer>
     <div id="copyright">
         <p><spring:message code="copyright" /></p>
-        <p>Powered by <a href="http://www.apereo.org/cas">Apereo Central Authentication Service <%=org.jasig.cas.CasVersion.getVersion()%></a></p>
+        <p>Powered by <a href="http://www.apereo.org/cas">
+            Apereo Central Authentication Service <%=org.jasig.cas.CasVersion.getVersion()%></a>
+            <%=org.jasig.cas.CasVersion.getDateTime()%></p>
     </div>
 </footer>
 
diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/includes/top.jsp b/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/includes/top.jsp
index 2e5ed3f60003..441c82cfd1a2 100644
--- a/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/includes/top.jsp
+++ b/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/default/ui/includes/top.jsp
@@ -30,6 +30,7 @@
 <html lang="en">
 <head>
   <meta charset="UTF-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1">
   
   <title>CAS &#8211; Central Authentication Service</title>
   
diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdAssociationFailureView.jsp b/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdAssociationFailureView.jsp
index 2c168663306e..7b1cf20aed06 100644
--- a/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdAssociationFailureView.jsp
+++ b/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdAssociationFailureView.jsp
@@ -17,5 +17,4 @@
     specific language governing permissions and limitations
     under the License.
 
---%>
-<%= "openid.mode:cancel\n" %>
\ No newline at end of file
+--%><%= "openid.mode:cancel\n" %>
\ No newline at end of file
diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdAssociationSuccessView.jsp b/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdAssociationSuccessView.jsp
index 3aa5bed31a38..88081b8459ac 100644
--- a/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdAssociationSuccessView.jsp
+++ b/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdAssociationSuccessView.jsp
@@ -17,9 +17,7 @@
     specific language governing permissions and limitations
     under the License.
 
---%>
-<%@ page import="java.util.Set, java.util.Map, java.util.Iterator" %>
-<%
+--%><%@ page import="java.util.Set, java.util.Map, java.util.Iterator" %><%
     Map parameters = (Map)request.getAttribute("parameters");
     Iterator iterator = parameters.keySet().iterator();
     while (iterator.hasNext()) {
diff --git a/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdServiceFailureView.jsp b/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdServiceFailureView.jsp
index 90f0555cb4c0..890b6d2632c7 100644
--- a/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdServiceFailureView.jsp
+++ b/cas-server-webapp/src/main/webapp/WEB-INF/view/jsp/protocol/openid/casOpenIdServiceFailureView.jsp
@@ -17,5 +17,4 @@
     specific language governing permissions and limitations
     under the License.
 
---%>
-<%= "openid.mode:id_res\nis_valid:false\n" %>
\ No newline at end of file
+--%><%= "openid.mode:id_res\nis_valid:false\n" %>
\ No newline at end of file
diff --git a/checkstyle-rules.xml b/checkstyle-rules.xml
index 4991cae8a497..744c3e2f57e5 100644
--- a/checkstyle-rules.xml
+++ b/checkstyle-rules.xml
@@ -38,9 +38,11 @@ Checkstyle configuration based on Sun's conventions, compliant with CAS coding c
     <module name="TreeWalker">
         <property name="tabWidth" value="4"/>
         <module name="JavadocMethod">
+      <property name="scope" value="protected"/>
             <property name="severity" value="error"/>
             <property name="allowUndeclaredRTE" value="true"/>
             <property name="allowMissingPropertyJavadoc" value="true"/>
+      <property name="allowThrowsTagsForSubclasses" value="true"/>
         </module>
         <module name="JavadocType">
             <property name="severity" value="error"/>
@@ -51,6 +53,7 @@ Checkstyle configuration based on Sun's conventions, compliant with CAS coding c
         <module name="JavadocVariable">
             <property name="severity" value="error"/>
             <property name="scope" value="protected"/>
+      <property name="ignoreNamePattern" value="log|logger|LOG|LOGGER"/>
         </module>
         <module name="JavadocStyle">
             <property name="severity" value="error"/>
diff --git a/pom.xml b/pom.xml
index 5644ea7281a1..169e5e467d58 100644
--- a/pom.xml
+++ b/pom.xml
@@ -30,7 +30,7 @@
     <packaging>pom</packaging>
     <name>Apereo Central Authentication Service</name>
     <description>Apereo CAS SSO server libraries and Web application.</description>
-    <version>4.1.0-RC3-SNAPSHOT</version>
+    <version>4.2.0-SNAPSHOT</version>
     <url>http://www.jasig.org/cas/</url>
     <inceptionYear>2004</inceptionYear>
 
@@ -1558,7 +1558,7 @@
         <hsqldb.version>2.3.3</hsqldb.version>
         <apache.httpclient.version>4.5</apache.httpclient.version>
         <joda-time.version>2.8.2</joda-time.version>
-        <cas.client.version>3.3.3</cas.client.version>
+        <cas.client.version>3.4.1</cas.client.version>
         <quartz.version>2.2.1</quartz.version>
         <reflections.version>0.9.10</reflections.version>
         <apache.shiro.version>1.2.3</apache.shiro.version>