diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
index 547cedd6aa..bf828ed22a 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
@@ -231,36 +231,6 @@ class MainConfiguration implements ConfigurationInterface
             ->arrayNode('logout')
                 ->treatTrueLike(array())
                 ->canBeUnset()
-                ->beforeNormalization()
-                    ->ifTrue(function ($v) { return isset($v['csrf_provider']) && isset($v['csrf_token_generator']); })
-                    ->thenInvalid("You should define a value for only one of 'csrf_provider' and 'csrf_token_generator' on a security firewall. Use 'csrf_token_generator' as this replaces 'csrf_provider'.")
-                ->end()
-                ->beforeNormalization()
-                    ->ifTrue(function ($v) { return isset($v['intention']) && isset($v['csrf_token_id']); })
-                    ->thenInvalid("You should define a value for only one of 'intention' and 'csrf_token_id' on a security firewall. Use 'csrf_token_id' as this replaces 'intention'.")
-                ->end()
-                ->beforeNormalization()
-                    ->ifTrue(function ($v) { return isset($v['csrf_provider']); })
-                    ->then(function ($v) {
-                        @trigger_error("Setting the 'csrf_provider' configuration key on a security firewall is deprecated since version 2.8 and will be removed in 3.0. Use the 'csrf_token_generator' configuration key instead.", E_USER_DEPRECATED);
-
-                        $v['csrf_token_generator'] = $v['csrf_provider'];
-                        unset($v['csrf_provider']);
-
-                        return $v;
-                    })
-                ->end()
-                ->beforeNormalization()
-                    ->ifTrue(function ($v) { return isset($v['intention']); })
-                    ->then(function ($v) {
-                        @trigger_error("Setting the 'intention' configuration key on a security firewall is deprecated since version 2.8 and will be removed in 3.0. Use the 'csrf_token_id' key instead.", E_USER_DEPRECATED);
-
-                        $v['csrf_token_id'] = $v['intention'];
-                        unset($v['intention']);
-
-                        return $v;
-                    })
-                ->end()
                 ->children()
                     ->scalarNode('csrf_parameter')->defaultValue('_csrf_token')->end()
                     ->scalarNode('csrf_token_generator')->cannotBeEmpty()->end()
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php
index aa81aa8b92..021c050b79 100644
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginFactory.php
@@ -48,21 +48,6 @@ class FormLoginFactory extends AbstractFactory
         parent::addConfiguration($node);
 
         $node
-            ->beforeNormalization()
-                ->ifTrue(function ($v) { return isset($v['csrf_provider']) && isset($v['csrf_token_generator']); })
-                ->thenInvalid("You should define a value for only one of 'csrf_provider' and 'csrf_token_generator' on a security firewall. Use 'csrf_token_generator' as this replaces 'csrf_provider'.")
-            ->end()
-            ->beforeNormalization()
-                ->ifTrue(function ($v) { return isset($v['csrf_provider']); })
-                ->then(function ($v) {
-                    @trigger_error("Setting the 'csrf_provider' configuration key on a security firewall is deprecated since version 2.8 and will be removed in 3.0. Use the 'csrf_token_generator' configuration key instead.", E_USER_DEPRECATED);
-
-                    $v['csrf_token_generator'] = $v['csrf_provider'];
-                    unset($v['csrf_provider']);
-
-                    return $v;
-                })
-                ->end()
             ->children()
                 ->scalarNode('csrf_token_generator')->cannotBeEmpty()->end()
             ->end()
diff --git a/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php b/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php
index a00bae6c6f..2fca459aa2 100644
--- a/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php
+++ b/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php
@@ -111,22 +111,12 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
      */
     public function configureOptions(OptionsResolver $resolver)
     {
-        // BC clause for the "intention" option
-        $csrfTokenId = function (Options $options) {
-            if (null !== $options['intention']) {
-                @trigger_error('The form option "intention" is deprecated since version 2.8 and will be removed in 3.0. Use "csrf_token_id" instead.', E_USER_DEPRECATED);
-            }
-
-            return $options['intention'];
-        };
-
         $resolver->setDefaults(array(
             'csrf_protection' => $this->defaultEnabled,
             'csrf_field_name' => $this->defaultFieldName,
             'csrf_message' => 'The CSRF token is invalid. Please try to resubmit the form.',
             'csrf_token_manager' => $this->defaultTokenManager,
-            'csrf_token_id' => $csrfTokenId,
-            'intention' => null, // deprecated
+            'csrf_token_id' => null,
         ));
     }