OpenConext · crosmuller · Jun 3, 2026 · May 29, 2026
diff --git a/README.md b/README.md
@@ -19,7 +19,6 @@ Every application has a seperate role to install it. The following roles can be
 | myconext              | eduID                          |
 | profile               | Profile page                   |
 | manage                | Entity registration            |
-| teams                 | Group membership app           |
 | mujina                | Mujina IdP                     |
 | voot                  | Voot membership API            |
 | pdp                   | Policy Decicions API           |

diff --git a/environments/template/group_vars/all.yml b/environments/template/group_vars/all.yml
@@ -52,7 +52,6 @@ engine_attribute_aggregation_password: "{{ aa.eb_password }}"
 
 # Some deprovision variables are shared between applications
 authz_server_api_lifecycle_username: authz_server_api_lifecycle_user
-teams_api_lifecycle_username: teams_api_lifecycle_user
 attribute_aggregator_api_lifecycle_username: attribute_aggregator_api_lifecycle_user
 engine_api_deprovision_user: lifecycle
 lifecycle_api_username: lifecycle

diff --git a/environments/template/group_vars/template.yml b/environments/template/group_vars/template.yml
@@ -38,8 +38,6 @@ mujina_version: "8.0.2"
 oidcng_version: "6.1.6"
 pdp_version: "7.3.0"
 profile_version: "3.1.4"
-teams_gui_version: "9.1.3"
-teams_server_version: "9.1.3"
 voot_version: "6.2.0"
 myconext_version: "8.1.12-1"
 dashboard_version: "13.0.11"
@@ -53,14 +51,12 @@ statistics_version: "1.1.7"
 
 databases:
   names:
-    - teams
     - "{{ engine_database_name }}"
     - pdp-server
     - aaserver
     - shibboleth
     - eb_logins
   users:
-    - { name: teamsrw, db_name: teams, password: "{{ mysql_passwords.teams }}" }
     - { name: "{{ engine_database_user }}", db_name: "{{ engine_database_name }}", password: "{{ mysql_passwords.eb }}" }
     - { name: pdp-serverrw, db_name: pdp-server, password: "{{ mysql_passwords.pdp_server }}" }
     - { name: aa-serverrw, db_name: aaserver, password: "{{ mysql_passwords.aa_server }}" }
@@ -110,22 +106,6 @@ profile_apache_symfony_environment: prod
 # Engine's assertion signing certificate:
 engine_profile_idp_certificate: /etc/openconext/engineblock.crt
 
-teams:
-  db_name: "teams"
-  db_user: "teamsrw"
-  db_password: "{{ mysql_passwords.teams }}"
-  db_host: "{{ mariadb_host }}"
-  group_name_context: "urn:collab:group:{{ base_domain }}:"
-  voot_api_user: "voot"
-  spdashboard_api_user: "spdashboard"
-  spdashboard_person_urn: "urn:collab:person:surfnet.nl:sp-dashboard-C133A36F-CFCA-4F3D-87CE-7ECE29773FE0"
-  product_name: "OpenConext Teams"
-  default_stem_name: "demo:openconext:org"
-  feature_invite_migration_on: False
-  super_admins_team_urns:
-    - "nl:surfnet:diensten:teams_super_users"
-    - "nl:surfnet:diensten:teams_super_admin_users"
-
 engineblock:
   idp_url: https://engine.{{ base_domain }}/authentication/idp/single-sign-on
   idp_entity_id: https://engine.{{ base_domain }}/authentication/idp/metadata
@@ -402,9 +382,6 @@ loadbalancing:
   metadata:
     port: 409
 
-  teams:
-    port: 601
-
   oidc_playground:
     port: 619
 
@@ -483,13 +460,6 @@ haproxy_applications:
     servers: "{{docker_servers}}"
     restricted: yes
 
-  - name: teams
-    vhost_name: teams.{{ base_domain }}
-    ha_method: "GET"
-    ha_url: "/api/teams/health"
-    port: "{{ loadbalancing.teams.port }}"
-    servers: "{{docker_servers}}"
-
   - name: oidc_playground
     vhost_name: "oidc-playground.{{ base_domain }}"
     ha_method: "GET"

diff --git a/environments/template/inventory b/environments/template/inventory
@@ -84,9 +84,6 @@ docker2.example.com
 [docker_invite:children]
 docker_apps1
 
-[docker_teams:children]
-docker_apps1
-
 [docker_pdp:children]
 docker_apps1
 

diff --git a/environments/template/secrets/secret_example.yml b/environments/template/secrets/secret_example.yml
@@ -1,7 +1,6 @@
 mysql_root_password: secret
 
 mysql_passwords:
-  teams: secret
   eb: secret
   pdp_server: secret
   aa_server: secret
@@ -36,7 +35,6 @@ engine_parameters_secret: secretsecretsecretsecretsecretsecret  # need 32 chars
 
 profile_secret: secret
 
-teams_authz_client_secret: secret
 teams_migration_secret_key: secret
 
 voot_resource_checking_secret: secret
@@ -45,7 +43,6 @@ voot_oidcng_checkToken_secret: secret
 external_group_provider_secrets:
   teams: secret
 
-teams_api_lifecycle_password: secret
 teams_api_spdashboard_password: secret
 attribute_aggregator_api_lifecycle_password: secret
 

diff --git a/provision.yml b/provision.yml
@@ -283,13 +283,6 @@
     - role: stepupwebauthn
   tags: ['stepupwebauthn', 'stepup']
 
-- name: Deploy teams app
-  hosts: docker_teams
-  become: true
-  roles:
-    - teams
-  tags: ['teams']
-
 - name: Deploy voot app
   hosts: docker_voot
   become: true

diff --git a/roles/hosts/tasks/main.yml b/roles/hosts/tasks/main.yml
@@ -20,7 +20,6 @@
     - "aa.vm.openconext.org"
     - "link.vm.openconext.org"
     - "connect.vm.openconext.org"
-    - "teams.vm.openconext.org"
     - "manage.vm.openconext.org"
 
 - name: Set logstash in hostsfile

diff --git a/roles/rsyslog/templates/sc_ruleset.conf.j2 b/roles/rsyslog/templates/sc_ruleset.conf.j2
@@ -19,8 +19,6 @@ if $programname == "engineblock" and $msg contains '{"channel":"authentication"'
 :programname, isequal, "pdp" { action(type="omfile" DynaFile="pdp-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
 if $programname == "profile" and $msg startswith "{" then { action(type="omfile" DynaFile="profile-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
 :programname, isequal, "profile" { action(type="omfile" DynaFile="apache-profile-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
-:programname, isequal, "teamsserver" { action(type="omfile" DynaFile="teams-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
-:programname, isequal, "teamsgui" { action(type="omfile" DynaFile="apache-teams-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
 :programname, isequal, "vootserver" { action(type="omfile" DynaFile="voot-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
 :programname, isequal, "mariadbd" { action(type="omfile" DynaFile="galera-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
 :programname, isequal, "garb-systemd" { action(type="omfile" DynaFile="haproxy-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }

diff --git a/roles/rsyslog/templates/sc_template.conf.j2 b/roles/rsyslog/templates/sc_template.conf.j2
@@ -14,8 +14,6 @@ $template pdpanalytics-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/
 $template apache-pdp-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/pdp/apache.log"
 $template profile-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/profile/profile.log"
 $template apache-profile-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/profile/apache.log"
-$template teams-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/teams/teams.log"
-$template apache-teams-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/teams/apache.log"
 $template voot-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/voot/voot.log"
 $template apache-voot-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/voot/apache.log"
 $template galera-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/galera/galera.log"

diff --git a/roles/teams/defaults/main.yml b/roles/teams/defaults/main.yml
diff --git a/roles/teams/handlers/main.yml b/roles/teams/handlers/main.yml
diff --git a/roles/teams/tasks/main.yml b/roles/teams/tasks/main.yml
diff --git a/roles/teams/templates/logback.xml.j2 b/roles/teams/templates/logback.xml.j2