diff --git a/acs-warning.patch b/acs-warning.patch
deleted file mode 100644
index 1163574..0000000
--- a/acs-warning.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-commit 5ba9bb72707a90503cd4d042083ea074a0cb6b8a
-Author: John Dennis <jdennis@redhat.com>
-Date:   Fri Oct 30 15:46:33 2015 -0400
-
-    Role maybe unknown when assertion consumer url is looked up
-    
-    Replace the call to lasso_provider_get_metadata_one() with
-    lasso_provider_get_metadata_one_for_role() so that we can exlicitly
-    pass the LASSO_PROVIDER_ROLE_SP role. The former call obtains the
-    role from the provider object and then calls
-    lasso_provider_get_metadata_one_for_role() using that role. However
-    the role will not have been set in the provider until the first request is
-    processed. This means the first time we call this routine it won't
-    work correctly because the role will not have been set yet, by
-    explicitly passing the role we avoid this problem.
-    
-    Signed-off-by: John Dennis <jdennis@redhat.com>
-
-diff --git a/auth_mellon_util.c b/auth_mellon_util.c
-index 155bb1a..6c694b7 100644
---- a/auth_mellon_util.c
-+++ b/auth_mellon_util.c
-@@ -1827,7 +1827,9 @@ char *am_get_assertion_consumer_service_by_binding(LassoProvider *provider, cons
-     }
- 
-     if (selected_descriptor) {
--        url = lasso_provider_get_metadata_one(provider, selected_descriptor);
-+        url = lasso_provider_get_metadata_one_for_role(provider,
-+                                                       LASSO_PROVIDER_ROLE_SP,
-+                                                       selected_descriptor);
-     }
- 
-     lasso_release_list_of_strings(descriptors);
diff --git a/content-type.patch b/content-type.patch
deleted file mode 100644
index 7b8b54a..0000000
--- a/content-type.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-commit 040a1ae5cb2aab38b2bc716cc3d0d6fa7b998a7a
-Author: John Dennis <jdennis@redhat.com>
-Date:   Mon Jan 16 09:02:06 2017 -0500
-
-    Use ap_set_content_type() to set "Content-Type" header
-    
-    Formerly we were setting the response header "Content-Type" in
-    r->headers_out directly via the apr_table_setn() call. Although using
-    apr_table_setn() is appropriate for many HTTP headers Apache actively
-    manages a small set of headers in
-    http_filters.c:ap_http_header_filter(). These managed headers are
-    derived from values maintained in the request_rec. "Content-Type" is
-    one of the managed headers.
-    
-    Because we didn't set r->content_type field via the
-    ap_set_content_type() call and instead directly updated the
-    r->headers_out table our value for "Content-Type" was overwriten when
-    the ap_http_header_filter() was run just prior to emitting the
-    response with the result the "Content-Type" header returned to the
-    client was incorrect.
-    
-    Signed-off-by: John Dennis <jdennis@redhat.com>
-
-diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
-index a55828a..25365de 100644
---- a/auth_mellon_handler.c
-+++ b/auth_mellon_handler.c
-@@ -2655,7 +2655,7 @@ static int am_set_authn_request_post_content(request_rec *r, LassoLogin *login)
-  */
- static int am_set_authn_request_paos_content(request_rec *r, LassoLogin *login)
- {
--    apr_table_setn(r->headers_out, "Content-Type", MEDIA_TYPE_PAOS);
-+    ap_set_content_type(r, MEDIA_TYPE_PAOS);
-     ap_rputs(LASSO_PROFILE(login)->msg_body, r);
- 
-     return OK;
diff --git a/enabled_in_check_uid.patch b/enabled_in_check_uid.patch
deleted file mode 100644
index ba99055..0000000
--- a/enabled_in_check_uid.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-commit 912aa852ebd78577f59cf7958c709acea98ace4c
-Author: John Dennis <jdennis@redhat.com>
-Date:   Fri Apr 8 09:01:22 2016 -0400
-
-    am_check_uid() should be no-op if mellon not enabled
-    
-    mod_auth_mellon was interferring with other Apache authentication
-    modules (e.g. mod_auth_kerb) because when the Apache check_user_id
-    hook ran the logic in am_check_uid would execute even if mellon was
-    not enabled for the location. This short circuited the hook execution
-    and never allowed the authentication enabled for the location to
-    execute. It resulted in HTTP_UNAUTHORIZED being returned with the
-    client then expecting a WWW-Authenticate header field causing the
-    client to attempt to authenticate again.
-    
-    Signed-off-by: John Dennis <jdennis@redhat.com>
-
-diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
-index a72e1ca..864396f 100644
---- a/auth_mellon_handler.c
-+++ b/auth_mellon_handler.c
-@@ -3625,6 +3625,12 @@ int am_check_uid(request_rec *r)
-         return OK;
-     }
- 
-+    /* Check that the user has enabled authentication for this directory. */
-+    if(dir->enable_mellon == am_enable_off
-+       || dir->enable_mellon == am_enable_default) {
-+	return DECLINED;
-+    }
-+
- #ifdef HAVE_ECP
-     am_req_cfg_rec *req_cfg = am_get_req_cfg(r);
-     if (req_cfg->ecp_authn_req) {