diff --git a/htdocs/landing/authenticationError.html b/htdocs/landing/authenticationError.html
deleted file mode 100644
index db2d0b98c..000000000
--- a/htdocs/landing/authenticationError.html
+++ /dev/null
@@ -1,33 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-  <head>
-    <title></title>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-  </head>
-  <body>
-    
-    <!--To view this page you require a client certificate issued from an IGTF accredited authority
-    <a href="http://www.igtf.net">International Grid Trust Federation</a>.
-    -->
-    To access this page, you require an X509 digital certificate installed in your browser that has been
-    issued by one of the recognised <a href="http://www.eugridpma.org">EU-Grid-PMA</a> Certification Authorities.
-    <br/>
-    <br/>
-    <ul>
-        <li>
-          <a href="http://www.eugridpma.org/members/worldmap/">Obtain a supported X509 digital certificate</a>
-        </li>
-        <li>
-          <a href="https://goc.egi.eu">Back to GOCDB landing page</a>
-        </li>
-    </ul>
-    <br/>
-    Please note, after you have installed your certificate, you will need to restart and refresh your browser
-    to re-establish the secure connection.
-    <br/>
-    
-
-
-
-  </body>
-</html>
diff --git a/htdocs/web_portal/components/Get_User_Principle.php b/htdocs/web_portal/components/Get_User_Principle.php
index 04c35c194..78c79e361 100644
--- a/htdocs/web_portal/components/Get_User_Principle.php
+++ b/htdocs/web_portal/components/Get_User_Principle.php
@@ -243,77 +243,4 @@ function redirectUserToDiscoveryPage()
     die();
 }
 
-
-
-/*function Get_User_Principle_back()
-{
-    // Return hard wired user's principle string (DN) e.g. for testing
-    // =======================================================
-    //return '/C=UK/O=eScience/OU=CLRC/L=DL/CN=david meredith';
-
-    // Check if an authentication token has been set in the SecurityContext class
-    // by higher level code, eg Symfony Security which provides a Firewall component
-    // may have been used to intercept the HTTP request and authenticate the
-    // user (using whatever auth scheme was configured in the Firewall). A
-    // Symfony controller can then subsequently set the token in the SecurityContext
-    // before invoking the GOCDB code.
-    // =======================================================
-    require_once __DIR__.'/../../../lib/Gocdb_Services/SecurityContextSource.php';
-    if(\SecurityContextSource::getContext() != null){
-       $token = \SecurityContextSource::getContext()->getToken();
-       return str_replace("emailAddress=", "Email=", $token->getUser()->getUserName());
-    }
-
-    // ================Use x509 Authentication=======================
-    //if(!isset($_SERVER['SSL_CLIENT_CERT']))
-    //	return "";
-    //$Raw_Client_Certificate = $_SERVER['SSL_CLIENT_CERT'];
-    //$Plain_Client_Cerfificate = openssl_x509_parse($Raw_Client_Certificate);
-    //$User_DN = $Plain_Client_Cerfificate['name'];
-    // harmonise display of the "email" field that can be different depending on
-    // used version of SSL
-    //$User_DN = str_replace("emailAddress=", "Email=", $User_DN);
-    //return $User_DN;
-    if (isset($_SERVER['SSL_CLIENT_CERT'])) {
-        $Raw_Client_Certificate = $_SERVER['SSL_CLIENT_CERT'];
-        if (isset($Raw_Client_Certificate)) {
-            $Plain_Client_Cerfificate = openssl_x509_parse($Raw_Client_Certificate);
-            $User_DN = $Plain_Client_Cerfificate['name'];
-            if (isset($User_DN)) {
-                // harmonise "email" field that can be different depending on version of SSL
-                $dn = str_replace("emailAddress=", "Email=", $User_DN);
-                if ($dn != null && $dn != '') {
-                    return $dn;
-                }
-            }
-        }
-    }
-
-
-    // Fall back to try saml authentication (simplesaml)
-    // =======================================================
-    if(false){ // disable by default - to use saml requires install of simplesamlphp and config below
-        require_once('/var/simplesamlphp/lib/_autoload.php');
-        $as = new SimpleSAML_Auth_Simple('default-sp');
-        $as->requireAuth();
-        \Factory::$properties['LOGOUTURL'] = $as->getLogoutURL('https://gocdb-test.esc.rl.ac.uk');
-        $attributes = $as->getAttributes();
-        if(!empty($attributes)){
-            //return $attributes['eduPersonPrincipalName'][0];
-            $dnAttribute = $attributes['urn:oid:1.3.6.1.4.1.11433.2.2.1.9'][0];
-            if(!empty($dnAttribute)){
-                return str_replace("emailAddress=", "Email=", $dnAttribute);
-            } else {
-                die('Did not retrieve a valid certificate DN from identify provider - your SSO '
-                        . 'account needs to be associated with a certificate to login via this route');
-            }
-        }
-    }
-
-    // Couldn't authetnicate the user, so finally return null
-    return null;
-}*/
-
-
-
 ?>
diff --git a/lib/Authentication/AuthTokens/X509AuthenticationToken.php b/lib/Authentication/AuthTokens/X509AuthenticationToken.php
index e5f97fbe3..3b5aa3a4f 100644
--- a/lib/Authentication/AuthTokens/X509AuthenticationToken.php
+++ b/lib/Authentication/AuthTokens/X509AuthenticationToken.php
@@ -21,10 +21,6 @@ class X509AuthenticationToken implements IAuthentication {
     //private $logger;
 
     public function __construct() {
-        // create logger
-        //$this->logger = new Logger('X509AuthenticationTokenLogger');
-        //$this->logger->pushHandler(new StreamHandler(__DIR__.'/../../../gocdb.log', Logger::DEBUG));
-
         $this->initialDN = $this->getDN();
         $this->userDetails = array('AuthenticationRealm' => array('X.509'));
     }
diff --git a/todo.md b/todo.md
index 87ffb1e26..eb01c233d 100644
--- a/todo.md
+++ b/todo.md
@@ -62,23 +62,6 @@
 
 ## Maybe Todo 
 * Add LoA attribute to AuthToken details  
-* Support account linking where a user would need to authenticate multiple times using the different 
-  AAI supported methods in order to link those identities to a single (possibly existing) account:
-  * Update DB schema so that a user account has one-to-many identities rather than a single ID 
-  * Record additional information about which login-route/security-realm is associated with each ID 
-  * Modify the authentication lib so that the authentication-context can handle 
-a collection of AuthTokens rather than a single AuthToken during the same HTTP session 
-  * Enable linking a new/unregistered ID to an existing account: On registering, 
-provide an option to allow the new ID to be associated with an existing account 
-rather than creating a new/separate account. 
-  * Link two existing accounts together: Provide interface to allow joining/merging 
-two existing accounts (will need to merge existing roles, remove duplicate roles etc) 
-  * To perform either of these account linking scenarios, user will be required to 
-authenticate for all the authentication-mechanisms during the same HTTP session 
-(e.g. authenticate with x509, then re-authenticate via IdP). Only after successfully 
-authenticating with the multiple login mechanisms, should they be able to link those accounts together. 
-  * Or use Unity / Perun to do the account linking for us? 
-
 * Add filtering of resources by 'project' ?  
 * Add 'project' URL param to PI get_project, get_site, get_service, get_downtime ? 
 * Introduce READ action for roles? - currently, once a user is authenticated, all info can