nevis
/
adn-agov-iam-admin-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
haburger 2025-05-08 07:58:10 +00:00
parent b2294bcb67
commit d389b12dea
81 changed files with 34127 additions and 336 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/etc/nevis/k8s-auth-default-tls-client-trust-ac27dd7daad0ca2b7229bfaf.yaml
View File

@ -16,3 +16,5 @@ spec:
namespace: "adn-agov-nevisidm-admin-01-uat"
- name: "proxy-idm-saml-sp-nevisidm-admin-realm-identity"
namespace: "adn-agov-nevisidm-admin-01-uat"
- name: "proxy-sp-ident-authenticationrealm-identity"
namespace: "adn-agov-nevisidm-admin-01-uat"

2
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/etc/nevis/k8s-nevisauth-ac27dd7daad0ca2b7229bfaf.yaml
View File

@ -45,7 +45,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-de679db35a5049f78feb4eca1e828eb6997985b5"
tag: "r-030a0c32f7aa373371615e3c88c1e7e33eccfd82"
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth"
credentials: "git-credentials"
keystores:

32
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/keys/own/agov-ident-signer-keystore/cert.pem Normal file
View File

@ -0,0 +1,32 @@
-----BEGIN CERTIFICATE-----
MIIFjzCCA3egAwIBAgIUFEFkfNhFmliJmUk1v6WdyJN+05swDQYJKoZIhvcNAQEL
BQAwVzELMAkGA1UEBhMCY2gxEDAOBgNVBAoMB0Fkbm92dW0xDTALBgNVBAsMBGFn
b3YxJzAlBgNVBAMMHmlkZW50LmFnb3Ytdy5henVyZS5hZG5vdnVtLm5ldDAeFw0y
NTA1MDcwNDQ3NDlaFw0zNTA1MDUwNDQ3NDlaMFcxCzAJBgNVBAYTAmNoMRAwDgYD
VQQKDAdBZG5vdnVtMQ0wCwYDVQQLDARhZ292MScwJQYDVQQDDB5pZGVudC5hZ292
LXcuYXp1cmUuYWRub3Z1bS5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQDIxuUes2jqQdn1usiVTtVpfJ2GZTxp0bqESesFUeRru5d9x00N6oeGL92e
DXnZfWByzASA6rFWGs44SEpNu97wLMqofPXJ6IGPGXmC7ZHzn4kzLo4Lab3Uy3r+
Xi5PD3j8G29ll+QIZTXBOD2ahgC5LxibnRPuV3UAXZdzcreDnozWbcYFTNmFT6+W
H0LRGlohkgO4yVpLLTH9ayoD0R198kcOTyLXr7IwFH8zvhzZAwNdHPHHP0nLuoVq
gqkNy/eZng4bT3ZWwvoX+RYXs7eJOiMUXd7PzOhvaTi1MMwHroVtFVgoJOSC9UW2
bchzuc62M3Plt02WI3FRKXFX9wX6aLzVFNDl3+1xvvfjE6zdgNBfrw7Q7xwp2ejJ
J8vY5bHDGq6OtmjAhELDio/YE611TLbB2r5XbDxVLp46pQvCDcu4091vzeLPCHX5
msYecamrZJRDL9X+01SeXc/bPMngHE1QaBqa1tAB2JEzg9k72EDj1b/cfmGsO839
0VSUQ9RqdQy2kJrLXx2GfxGkZdjLZJaCpGEXsedlCg5e2K/7H9Wtr/1ofSoV+0k3
xe9xuMIbC0wwh+dQ2ATMnTEHZHHwLrKo1qu4GSBdiRMBD92ib5EdRj94gXa0v3Cg
8uBp49lZHc6l7ctxQ97Ly9gxoobPXDoxh2/EbhCpM4dop74N5QIDAQABo1MwUTAd
BgNVHQ4EFgQU/LigkPHuQ28Zc/fsi36K4zsmjhIwHwYDVR0jBBgwFoAU/LigkPHu
Q28Zc/fsi36K4zsmjhIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
AgEAIQ0ajadHzIeOmTuPTOJo3+b47dNoZ/LnVn8tRz+q5xHd4bswrHTPyRW1gkP3
bGY0cp+JMsjKIeqqouhCu+i5OAPZyM57McDj9gMrx33jp4uKJF7Fa47KxZTC8Bam
tiLcPwXgkEQVWCn8xE6GrgZF93yolcABDW44U0G4yFR33p/IYvNFEQwnAGLN8CZC
2QIJGhSdCv+SKO2gf9SMOlOe26osgCv2aMQpRso+rbA2xOT9NAe5D/QNeyXX4ljX
Ghz0Hjen5+vE6vlUUXfflNg6EpA7rscj8R6R5cjY1oBKCuGCkO4MEx/kRTPJIq3g
dVl0dLSD3hcsOEu+DuCtzhj2avXVdgC/TZMrDl0VxL5Iv+Pmah16DoDZKlI00QHZ
Lne8n6fBd7U7m5I3EIlptdt8SxzKQ2IdrfJz9iSDzICl7CmYor2K5jYr2SUHLNSi
kFtSXY9zGHJ0nawzQSQCuXCIoW/utLIWQAfIsrTX325JSbCV62IthzRmoxOsupm0
O3h5NOnKSJI6oX2YVfWt1qPrNLPJf/IHOT7Khq/10wgd4Cg49JfKPcQ1Bj+4knQ1
M1Wyhazq24a8cH5eAo02Ckv79Pb5/UMhj7o7ZiFTLhzLATXju1v3+vA7F6PV0C8U
MNzIMeVZsN3qpcvJSEgkRtHuQe9akc7GmhNL4w+LV20QZy4=
-----END CERTIFICATE-----

54
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/keys/own/agov-ident-signer-keystore/key.pem Normal file
View File

@ -0,0 +1,54 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUuj8UNQmLKEwOD3Ij
gjT2bC1IgOUCAggAMB0GCWCGSAFlAwQBKgQQilo/zrSzyfj+eUjtGegooASCCVBn
3gQUmNY8CiejjthSXhpxCfVdX4P0lyhQ1Y7Q4wGhxVNTRNQoAJoUx6rnvhO+bLyp
/cW5OkIu212YrSaF9Yr+H06k6v8fMMeDEqLCrAT54HjtNqKP3NerBT0bQHs+ZHI7
CK92SyxDlwVXzmLBei2vTnclud93AwFXlnY1HEmt6nOIzzZYOZOrJJARoUfnsdEP
q0c27EhJ4crY6V4Ld+fhudOo7pPGchDOwagEXIjmi/rLnk3ZPo9vUE5TZh85bcv6
ggAoOKXR6nBVSykdUvwjBSQgkZj13WRSoutWOILxHer98qql3OhstFbmn0OPqabx
C3XL9Xh2iycWNWUFRoRb/b+g6asJrTKNmbq9h1v/iFr2s2dC8bHK3IXRuV0sTGyT
m3iUQOjFN1e1/kAcCu4a7qZwKk0athIPsEX89nkP0TV8TyGKRjP7jyECiTt4AwyE
b/I/gbJs8d6zACPkslXJmLmPUhxwwHBRw8Ayk83xvAtjGJAGMNqa2DjjTGE40jnJ
2/Mmq9uIK1tf7TBF7cp5SJrEpd+c+eq+nx2tgGhYfj3TrlG0LLi2kW/QVcYlJyVE
hDxA/PDQQ9ykuwwHGtmgykjEpxqhIlkzrsFfuShRw9KcwFwLaAWDzECzMjzwdCux
z3U4HYWMuSUgvwF/ek40yvw40DLPOz9l6WgFRwdtr2t7wPLu/g3KkyRp0SXL5Wf2
8cyMQ/CZhm10aSzOqFda9c2rFKZ+ICfPg96NGJ9y2lMm7aKVXywxlk42u8wfkG6B
Q0vRUNhmhED+SC+aDmxUpwmG5WCX5SJVvt3e9VRBDxZzHVEqTgtOqN8XgFDpoLg8
nis2Gz3VEpV2Ex1N4mgVNRSp8qIkB+SXm8aFi0s4XFAc4MBVDaW5orS8ucgxoX1m
SGa16/EwnP68rQou5bWlApe6TdmxFPGKiQgEb9eHLXy9Ye8wsUo85iDcLUGmiK9k
A9OnE5+essvEKEP0UPkSvML/uf5kaLWNb6lmWmZ9LZd9XuvrAwY+4jH+03OxWEwB
UBuEWCrkkYqYubMh6avkZQl/nG0I2nJx1lz7XOaWgXXaHm6w6kqQdfBvpzr6MUXy
gJKFKaCydI/z+Hb/HRsxQLBTXo/BdTGCYbakiQQbXEKmhrrrHuXUb273kJpmKAWu
s0147rjEPnZlZjsnKctILUOrUctkB8E53yXLx4mp4ptxOtbb/FgOxdUIo9iQ5/sZ
5o2whxjHIXn/jCGXUbdZXmAJ7fG9WY6WHBlcJrJuKJt3duu8OqJ45IZA6kkZLvCm
eR4tFSJWqvHfxLrzznHLzENOgB2A4Syvrzvbi9nBWWavS6dtqnBpVCr4FbchpZEM
N+ljYY3SJ7iX2a0mPpQ5llOfhC3yqrG71aaPLxcuFAY1g/YX/SWRTT3yMds/XZAh
Cd3iCR48Y+NZXQdnnTTyGpe3O+pxZbzxTeRcq7OKETKM/KJaISynEveccTvR1Jh0
7oHr+SxqmzFA3McupLvupv81ERT3kXe6h+5KlIdawwxW30gsIgFpx4XhpYQeBEPC
j/zH+ivBXJRs5+H4KGdTPJCRmXbSVmbCDPedrQOLNHY+rj79PhsV3Ut4s5+EHNiV
269FL0q3MdrPnZfbQSno2HCrOBoixVfFh7Kk+gEAL575NZPvhmkYdtS/ysYlR4yJ
Y6Zwl6IUV/bAu1hTg9vSZsxDId0mrmiJ9U6ovWrIzXHif1asLoHX1oxQHTJq0T9o
boLodekjlXswfXHckQyPwa3fDa0MnGb5ZN1vOo0X+DvmwthNKwhAuUULrTYqSJPQ
zGziNz1aEntO+2W6p+ZiHC0sUl3slVWS13borTLCs1GxyF3THctwCisfs6KfUQ46
N9urr/IGyD76TJgXDCWyCStNnDFSi5T67yvHkIkdJsFw4FhFq7nKCiiSqHy0hvwl
LuCnBDA5Io+77xRdWKY1X9qdFxeEnp7nTPsk0k0+LH6Ty213wxyOPrIzTGtPYGaH
AmFbY4yQ2jEjR1D1IAhH7AjPAP6Ifszp+PdSlCX++nIOQ6JFNw0TKIcxhg5iQ+hS
5a76Nmf1R1/KwWTB2h1aP9GxbKnz08xba4zdkf8WOKXTY943i5Dy2mNZ149ha03N
oOsyzihPw0Spf2ckI4fSTfosXtugoFw8lzt8IKn0V9xk1xWdKGIqCsPXVg9e0YT3
i/axJeQ6bEOUvUzMqmj20BxNZ+zwCRcFYJjaC9+L3DAmRpqKgZ9FAi+IHu+F2XS7
sQ6rsFJap7L4fbYy4h05Yr8PAwekJVmw3wOM2Y6jbTa0X/rE/kcOq+eHKywB1zia
fwzGNfE1yDujucQ7gDkFUCHXl2s/5PKYyKf/YSxz5v3KNp4KSNSEM8zgru45xvJx
bNn1A0loW6/KdJVT5lnZ62sKgrd46Zd+8asruQWl0KMCK8t+B0GEuhTUraZd2Ynb
8yOFnjHfzVcaBaaj5IILw5uVGJ30+vtx7ewaeXF82ssiXjPGE7DMDjW4CQsG5PTk
upTmWm3zmZnvo/YCLfbzI/WjTnaIoF0vFpE2bIuB4L/BqP1nYlmmFreKmqs0YFoE
uLn/7xmbxmw3z6dEboRPPgf9Yx2i+lOJhmfxYjSL0pnnRkFEJWkgaogMaTBgU9p1
aUvOQZy25SiTnjPagikHIGyQHbWfISAEG2hlpT1Au3pvowQrQ1YdfNHTklRSy32C
tA5EaR2AhZmrnSK9TqDREyayM0/g7ms7r7Ul0XbuZ0AJISkcpNvY64C6GCDrN/e4
NG+bTh7ALAX7f9QSJns86DAI4n+bYzoFBwclTiQ5N6q05StJIimNkOplNAXpAD26
H2d/Mz1JtfhHv9V9w0eM1d64Fcb8SqE2D8f+9m733JRPz8I7LdADq3nRBAwyrusO
6/D5tp85Bnt29aPspkJT6AYhPXql9mygg+fzjpnVzBZstkqBAALfgHelRfEyK3sp
6f2FvxHuHbS7/iSmdLkZ5HCo1A1U2UFocOhfSxnscghwjDaMoueR+Km034Xc9sCf
gXQoZyvcy86NssJvnmIPHF0PP+T3+8lxyl8wE8zWS4xUMPtChQLIZlqQP8iy0Jlo
O9FxMcvUnSCzFilbfihHd9VwFkOPcYoyhtyWtAEAhZz0qVjjchESO0D0hiJ9pAYI
QymW8hknE9mkKNvA+dv2t0EYdiEkUZxXJxpAp29c5A==
-----END ENCRYPTED PRIVATE KEY-----

2
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/keys/own/agov-ident-signer-keystore/keypass Executable file
View File

@ -0,0 +1,2 @@
#!/bin/bash
echo 'KdBAW9xaXAr+ZUg+DVfaepnTTMRGtnu5s8VEO6Cbpw='

BIN
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/keys/own/agov-ident-signer-keystore/keystore.jks Normal file
View File

Binary file not shown.

BIN
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/keys/own/agov-ident-signer-keystore/keystore.p12 Normal file
View File

Binary file not shown.

87
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/keys/own/agov-ident-signer-keystore/keystore.pem Normal file
View File

@ -0,0 +1,87 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUuj8UNQmLKEwOD3Ij
gjT2bC1IgOUCAggAMB0GCWCGSAFlAwQBKgQQilo/zrSzyfj+eUjtGegooASCCVBn
3gQUmNY8CiejjthSXhpxCfVdX4P0lyhQ1Y7Q4wGhxVNTRNQoAJoUx6rnvhO+bLyp
/cW5OkIu212YrSaF9Yr+H06k6v8fMMeDEqLCrAT54HjtNqKP3NerBT0bQHs+ZHI7
CK92SyxDlwVXzmLBei2vTnclud93AwFXlnY1HEmt6nOIzzZYOZOrJJARoUfnsdEP
q0c27EhJ4crY6V4Ld+fhudOo7pPGchDOwagEXIjmi/rLnk3ZPo9vUE5TZh85bcv6
ggAoOKXR6nBVSykdUvwjBSQgkZj13WRSoutWOILxHer98qql3OhstFbmn0OPqabx
C3XL9Xh2iycWNWUFRoRb/b+g6asJrTKNmbq9h1v/iFr2s2dC8bHK3IXRuV0sTGyT
m3iUQOjFN1e1/kAcCu4a7qZwKk0athIPsEX89nkP0TV8TyGKRjP7jyECiTt4AwyE
b/I/gbJs8d6zACPkslXJmLmPUhxwwHBRw8Ayk83xvAtjGJAGMNqa2DjjTGE40jnJ
2/Mmq9uIK1tf7TBF7cp5SJrEpd+c+eq+nx2tgGhYfj3TrlG0LLi2kW/QVcYlJyVE
hDxA/PDQQ9ykuwwHGtmgykjEpxqhIlkzrsFfuShRw9KcwFwLaAWDzECzMjzwdCux
z3U4HYWMuSUgvwF/ek40yvw40DLPOz9l6WgFRwdtr2t7wPLu/g3KkyRp0SXL5Wf2
8cyMQ/CZhm10aSzOqFda9c2rFKZ+ICfPg96NGJ9y2lMm7aKVXywxlk42u8wfkG6B
Q0vRUNhmhED+SC+aDmxUpwmG5WCX5SJVvt3e9VRBDxZzHVEqTgtOqN8XgFDpoLg8
nis2Gz3VEpV2Ex1N4mgVNRSp8qIkB+SXm8aFi0s4XFAc4MBVDaW5orS8ucgxoX1m
SGa16/EwnP68rQou5bWlApe6TdmxFPGKiQgEb9eHLXy9Ye8wsUo85iDcLUGmiK9k
A9OnE5+essvEKEP0UPkSvML/uf5kaLWNb6lmWmZ9LZd9XuvrAwY+4jH+03OxWEwB
UBuEWCrkkYqYubMh6avkZQl/nG0I2nJx1lz7XOaWgXXaHm6w6kqQdfBvpzr6MUXy
gJKFKaCydI/z+Hb/HRsxQLBTXo/BdTGCYbakiQQbXEKmhrrrHuXUb273kJpmKAWu
s0147rjEPnZlZjsnKctILUOrUctkB8E53yXLx4mp4ptxOtbb/FgOxdUIo9iQ5/sZ
5o2whxjHIXn/jCGXUbdZXmAJ7fG9WY6WHBlcJrJuKJt3duu8OqJ45IZA6kkZLvCm
eR4tFSJWqvHfxLrzznHLzENOgB2A4Syvrzvbi9nBWWavS6dtqnBpVCr4FbchpZEM
N+ljYY3SJ7iX2a0mPpQ5llOfhC3yqrG71aaPLxcuFAY1g/YX/SWRTT3yMds/XZAh
Cd3iCR48Y+NZXQdnnTTyGpe3O+pxZbzxTeRcq7OKETKM/KJaISynEveccTvR1Jh0
7oHr+SxqmzFA3McupLvupv81ERT3kXe6h+5KlIdawwxW30gsIgFpx4XhpYQeBEPC
j/zH+ivBXJRs5+H4KGdTPJCRmXbSVmbCDPedrQOLNHY+rj79PhsV3Ut4s5+EHNiV
269FL0q3MdrPnZfbQSno2HCrOBoixVfFh7Kk+gEAL575NZPvhmkYdtS/ysYlR4yJ
Y6Zwl6IUV/bAu1hTg9vSZsxDId0mrmiJ9U6ovWrIzXHif1asLoHX1oxQHTJq0T9o
boLodekjlXswfXHckQyPwa3fDa0MnGb5ZN1vOo0X+DvmwthNKwhAuUULrTYqSJPQ
zGziNz1aEntO+2W6p+ZiHC0sUl3slVWS13borTLCs1GxyF3THctwCisfs6KfUQ46
N9urr/IGyD76TJgXDCWyCStNnDFSi5T67yvHkIkdJsFw4FhFq7nKCiiSqHy0hvwl
LuCnBDA5Io+77xRdWKY1X9qdFxeEnp7nTPsk0k0+LH6Ty213wxyOPrIzTGtPYGaH
AmFbY4yQ2jEjR1D1IAhH7AjPAP6Ifszp+PdSlCX++nIOQ6JFNw0TKIcxhg5iQ+hS
5a76Nmf1R1/KwWTB2h1aP9GxbKnz08xba4zdkf8WOKXTY943i5Dy2mNZ149ha03N
oOsyzihPw0Spf2ckI4fSTfosXtugoFw8lzt8IKn0V9xk1xWdKGIqCsPXVg9e0YT3
i/axJeQ6bEOUvUzMqmj20BxNZ+zwCRcFYJjaC9+L3DAmRpqKgZ9FAi+IHu+F2XS7
sQ6rsFJap7L4fbYy4h05Yr8PAwekJVmw3wOM2Y6jbTa0X/rE/kcOq+eHKywB1zia
fwzGNfE1yDujucQ7gDkFUCHXl2s/5PKYyKf/YSxz5v3KNp4KSNSEM8zgru45xvJx
bNn1A0loW6/KdJVT5lnZ62sKgrd46Zd+8asruQWl0KMCK8t+B0GEuhTUraZd2Ynb
8yOFnjHfzVcaBaaj5IILw5uVGJ30+vtx7ewaeXF82ssiXjPGE7DMDjW4CQsG5PTk
upTmWm3zmZnvo/YCLfbzI/WjTnaIoF0vFpE2bIuB4L/BqP1nYlmmFreKmqs0YFoE
uLn/7xmbxmw3z6dEboRPPgf9Yx2i+lOJhmfxYjSL0pnnRkFEJWkgaogMaTBgU9p1
aUvOQZy25SiTnjPagikHIGyQHbWfISAEG2hlpT1Au3pvowQrQ1YdfNHTklRSy32C
tA5EaR2AhZmrnSK9TqDREyayM0/g7ms7r7Ul0XbuZ0AJISkcpNvY64C6GCDrN/e4
NG+bTh7ALAX7f9QSJns86DAI4n+bYzoFBwclTiQ5N6q05StJIimNkOplNAXpAD26
H2d/Mz1JtfhHv9V9w0eM1d64Fcb8SqE2D8f+9m733JRPz8I7LdADq3nRBAwyrusO
6/D5tp85Bnt29aPspkJT6AYhPXql9mygg+fzjpnVzBZstkqBAALfgHelRfEyK3sp
6f2FvxHuHbS7/iSmdLkZ5HCo1A1U2UFocOhfSxnscghwjDaMoueR+Km034Xc9sCf
gXQoZyvcy86NssJvnmIPHF0PP+T3+8lxyl8wE8zWS4xUMPtChQLIZlqQP8iy0Jlo
O9FxMcvUnSCzFilbfihHd9VwFkOPcYoyhtyWtAEAhZz0qVjjchESO0D0hiJ9pAYI
QymW8hknE9mkKNvA+dv2t0EYdiEkUZxXJxpAp29c5A==
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIFjzCCA3egAwIBAgIUFEFkfNhFmliJmUk1v6WdyJN+05swDQYJKoZIhvcNAQEL
BQAwVzELMAkGA1UEBhMCY2gxEDAOBgNVBAoMB0Fkbm92dW0xDTALBgNVBAsMBGFn
b3YxJzAlBgNVBAMMHmlkZW50LmFnb3Ytdy5henVyZS5hZG5vdnVtLm5ldDAeFw0y
NTA1MDcwNDQ3NDlaFw0zNTA1MDUwNDQ3NDlaMFcxCzAJBgNVBAYTAmNoMRAwDgYD
VQQKDAdBZG5vdnVtMQ0wCwYDVQQLDARhZ292MScwJQYDVQQDDB5pZGVudC5hZ292
LXcuYXp1cmUuYWRub3Z1bS5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQDIxuUes2jqQdn1usiVTtVpfJ2GZTxp0bqESesFUeRru5d9x00N6oeGL92e
DXnZfWByzASA6rFWGs44SEpNu97wLMqofPXJ6IGPGXmC7ZHzn4kzLo4Lab3Uy3r+
Xi5PD3j8G29ll+QIZTXBOD2ahgC5LxibnRPuV3UAXZdzcreDnozWbcYFTNmFT6+W
H0LRGlohkgO4yVpLLTH9ayoD0R198kcOTyLXr7IwFH8zvhzZAwNdHPHHP0nLuoVq
gqkNy/eZng4bT3ZWwvoX+RYXs7eJOiMUXd7PzOhvaTi1MMwHroVtFVgoJOSC9UW2
bchzuc62M3Plt02WI3FRKXFX9wX6aLzVFNDl3+1xvvfjE6zdgNBfrw7Q7xwp2ejJ
J8vY5bHDGq6OtmjAhELDio/YE611TLbB2r5XbDxVLp46pQvCDcu4091vzeLPCHX5
msYecamrZJRDL9X+01SeXc/bPMngHE1QaBqa1tAB2JEzg9k72EDj1b/cfmGsO839
0VSUQ9RqdQy2kJrLXx2GfxGkZdjLZJaCpGEXsedlCg5e2K/7H9Wtr/1ofSoV+0k3
xe9xuMIbC0wwh+dQ2ATMnTEHZHHwLrKo1qu4GSBdiRMBD92ib5EdRj94gXa0v3Cg
8uBp49lZHc6l7ctxQ97Ly9gxoobPXDoxh2/EbhCpM4dop74N5QIDAQABo1MwUTAd
BgNVHQ4EFgQU/LigkPHuQ28Zc/fsi36K4zsmjhIwHwYDVR0jBBgwFoAU/LigkPHu
Q28Zc/fsi36K4zsmjhIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
AgEAIQ0ajadHzIeOmTuPTOJo3+b47dNoZ/LnVn8tRz+q5xHd4bswrHTPyRW1gkP3
bGY0cp+JMsjKIeqqouhCu+i5OAPZyM57McDj9gMrx33jp4uKJF7Fa47KxZTC8Bam
tiLcPwXgkEQVWCn8xE6GrgZF93yolcABDW44U0G4yFR33p/IYvNFEQwnAGLN8CZC
2QIJGhSdCv+SKO2gf9SMOlOe26osgCv2aMQpRso+rbA2xOT9NAe5D/QNeyXX4ljX
Ghz0Hjen5+vE6vlUUXfflNg6EpA7rscj8R6R5cjY1oBKCuGCkO4MEx/kRTPJIq3g
dVl0dLSD3hcsOEu+DuCtzhj2avXVdgC/TZMrDl0VxL5Iv+Pmah16DoDZKlI00QHZ
Lne8n6fBd7U7m5I3EIlptdt8SxzKQ2IdrfJz9iSDzICl7CmYor2K5jYr2SUHLNSi
kFtSXY9zGHJ0nawzQSQCuXCIoW/utLIWQAfIsrTX325JSbCV62IthzRmoxOsupm0
O3h5NOnKSJI6oX2YVfWt1qPrNLPJf/IHOT7Khq/10wgd4Cg49JfKPcQ1Bj+4knQ1
M1Wyhazq24a8cH5eAo02Ckv79Pb5/UMhj7o7ZiFTLhzLATXju1v3+vA7F6PV0C8U
MNzIMeVZsN3qpcvJSEgkRtHuQe9akc7GmhNL4w+LV20QZy4=
-----END CERTIFICATE-----

65
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/IdentProcessAndDispatch.groovy Normal file
View File

@ -0,0 +1,65 @@
import ch.nevis.esauth.auth.engine.AuthResponse
import groovy.xml.XmlSlurper
import groovy.json.JsonSlurper
def cleanSession() {
def s = request.getAuthSession(true)
s.removeAttribute('agov.ident.rpcode.backup')
s.removeAttribute('agov.ident.rpcode')
s.removeAttribute('agov.ident.entityId')
s.removeAttribute('saml.response.statusCode')
if (response.getActualRoles().length > 0) {
def actualRoles = Arrays.copyOf(response.getActualRoles(), response.getActualRoles().length)
actualRoles.each{ role -> response.removeActualRole(role) }
}
}
// for auditing
def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
def referer = request.getLoginContext()['connection.HttpHeader.referer'] ?: request.getLoginContext()['connection.HttpHeader' +
'.Referer'] ?: '-'
def origin = request.getLoginContext()['connection.HttpHeader.origin'] ?: request.getLoginContext()['connection.HttpHeader' +
'.Origin'] ?: '-'
// 1) we need to know the code of the RP
def rpcode = inargs['rpcode'] ?: inargs['RelayState']
def rpcodeBackup = session['agov.ident.rpcode']
if (rpcode)
{
if (rpcodeBackup) {
response.setSessionAttribute('agov.ident.rpcode.backup', rpcodeBackup)
}
response.setSessionAttribute('agov.ident.rpcode', rpcode)
} else {
cleanSession()
LOG.info("Event='IDENT-INVALIDREQ', rpcode='missing', SourceIp=${sourceIp}, UserAgent=${userAgent}, Referer='${referer}', Origin='${origin}'")
response.setResult('inavlidurl')
return
}
// 2) load rp settings in session (if needed)
if (rpcode != rpcodeBackup) {
def slurper = new JsonSlurper()
def rpMap = slurper.parseText(parameters['rpcode.list'])
LOG.debug(">>> rpMaP: ${rpMap}")
if (!rpMap[rpcode]) {
cleanSession()
LOG.info("Event='IDENT-INVALIDREQ', rpcode='${rpcode}', SourceIp=${sourceIp}, UserAgent=${userAgent}, Referer='${referer}', Origin='${origin}'")
response.setResult('inavlidurl')
return
}
response.setSessionAttribute('agov.ident.entityId', rpMap[rpcode])
}
// 3) if we have a response ...
if (inargs['SAMLResponse']) {
response.setResult('processResponse')
return
}
// 4) otherwise
response.setResult('sendAuthnRequest')
return

800
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml
View File

@ -1,14 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE esauth-server SYSTEM "/opt/nevisauth/dtd/esauth4.dtd">
<esauth-server instance="auth">
<!-- source: pattern://6df66943ca713eed2a25d935, pattern://6f9c9f982dcc7ef59a34f1f7, pattern://7518c6cc61e47eec6322ae17, pattern://ac27dd7daad0ca2b7229bfaf -->
<!-- source: pattern://6df66943ca713eed2a25d935, pattern://6df66943ca713eed2a25d935, pattern://6f9c9f982dcc7ef59a34f1f7, pattern://7518c6cc61e47eec6322ae17, pattern://ac27dd7daad0ca2b7229bfaf -->
<SessionCoordinator sessionInitialInactivityTimeout="1200" sessionInactivityTimeout="28800" sessionInitialMaxLifetime="1200" sessionMaxLifetime="28800" sessionIdPreGenerate="true">
<!-- source: pattern://ac27dd7daad0ca2b7229bfaf -->
<LocalSessionStore maxSessions="100000"/>
<!-- source: pattern://ac27dd7daad0ca2b7229bfaf -->
<TokenAssembler name="DefaultTokenAssembler">
<Selector default="true"/>
<!-- source: pattern://6df66943ca713eed2a25d935, pattern://6f9c9f982dcc7ef59a34f1f7, pattern://7518c6cc61e47eec6322ae17 -->
<!-- source: pattern://3fd09bb6cfbd34874595c263, pattern://6df66943ca713eed2a25d935, pattern://6f9c9f982dcc7ef59a34f1f7, pattern://7518c6cc61e47eec6322ae17 -->
<TokenSpec ttl="28800">
<!-- source: pattern://ac27dd7daad0ca2b7229bfaf -->
<field src="session" key="ch.nevis.session.sessid" as="sessid"/>
@ -79,6 +79,11 @@
<!-- source: pattern://271d024334021208b71ac80a -->
<KeyObject name="Signer_NEVIS_SecToken" certificate="/var/opt/keys/own/auth-sh4r3d-nevisidm-sectoken-signer/cert.pem" privateKey="/var/opt/keys/own/auth-sh4r3d-nevisidm-sectoken-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/auth-sh4r3d-nevisidm-sectoken-signer/keypass"/>
</KeyStore>
<!-- source: pattern://6589067d403de8c65bcdcb16 -->
<KeyStore name="AGOV_IDENT_KS">
<!-- source: pattern://6589067d403de8c65bcdcb16 -->
<KeyObject name="AGOV_IDENT_SIGNER" certificate="/var/opt/keys/own/agov-ident-signer-keystore/cert.pem" privateKey="/var/opt/keys/own/agov-ident-signer-keystore/keystore.jks" passPhrase="pipe:///var/opt/keys/own/agov-ident-signer-keystore/keypass"/>
</KeyStore>
<!-- source: pattern://7e94f2eb346f07f78440e884 -->
<KeyStore name="Store_SAML_SP_nevisidm_admin_Realm">
<!-- source: pattern://7e94f2eb346f07f78440e884 -->
@ -96,8 +101,15 @@
</SessionCoordinator>
<!-- source: pattern://ac27dd7daad0ca2b7229bfaf -->
<LocalOutOfContextDataStore reaperPeriod="60"/>
<!-- source: pattern://2787b678d9cce5310a335419, pattern://fd3912c7af7a88b6342a4c78, pattern://12c979b6af0f15f1328656a4, pattern://24cbc652d3166c8374eda3cd, pattern://56955e7b6b92c254d7d1aae1, pattern://ac27dd7daad0ca2b7229bfaf, pattern://6df66943ca713eed2a25d935, pattern://6f9c9f982dcc7ef59a34f1f7, pattern://7518c6cc61e47eec6322ae17, pattern://ac27dd7daad0ca2b7229bfaf, pattern://ac27dd7daad0ca2b7229bfaf -->
<!-- source: pattern://2787b678d9cce5310a335419, pattern://fd3912c7af7a88b6342a4c78, pattern://12c979b6af0f15f1328656a4, pattern://24cbc652d3166c8374eda3cd, pattern://56955e7b6b92c254d7d1aae1, pattern://ac27dd7daad0ca2b7229bfaf, pattern://6df66943ca713eed2a25d935, pattern://6f9c9f982dcc7ef59a34f1f7, pattern://7518c6cc61e47eec6322ae17, pattern://ac27dd7daad0ca2b7229bfaf, pattern://6df66943ca713eed2a25d935, pattern://ac27dd7daad0ca2b7229bfaf, pattern://ac27dd7daad0ca2b7229bfaf -->
<AuthEngine useLiteralDictionary="true" literalDictionaryLanguages="en,de,fr,it" inputLanguageCookie="LANG" compatLevel="none" addAutheLevelToSecRoles="true" classPath="/opt/nevisidmcl/nevisauth/lib:/opt/nevisauth/plugin" propagateSession="false">
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<Domain name="IDENT-AuthenticationRealm" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
<Entry method="authenticate" state="IDENT-AuthenticationRealm_IDENT-Process-and-Dispatch"/>
<Entry method="authenticate" state="IDENT-AuthenticationRealm_IDENT-Process-and-Dispatch" selector="${request:currentResource:^http[s]?\u003A//[^/]+/process/.*$:true}"/>
<Entry method="stepup" state="IDENT-AuthenticationRealm_Selector"/>
<Entry method="stepup" state="IDENT-AuthenticationRealm_IDENT-Process-and-Dispatch" selector="${request:currentResource:^http[s]?\u003A//[^/]+/process/.*$:true}"/>
</Domain>
<!-- source: pattern://6df66943ca713eed2a25d935 -->
<Domain name="OP-ONBRDNG-AuthenticationRealm" default="false" inactiveInterval="1200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
<Entry method="authenticate" state="OP-ONBRDNG-AuthenticationRealm_OP-ONBRDNG-PreProcessing"/>
@ -121,6 +133,475 @@
<Entry method="stepup" state="SAML_SP_nevisidm_operations_Realm_NEVIS_SecToken" selector="${request:requiredRoles:^token.NEVIS_SecToken$:true}"/>
<Entry method="unlock" state="SAML_SP_nevisidm_operations_Realm_Extract_Issuer"/>
</Domain>
<AuthState name="IDENT-AuthenticationRealm_IDENT-Process-and-Dispatch" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
<!-- source: pattern://0f6977caedca600b17221f0a -->
<ResultCond name="inavlidurl" next="IDENT-AuthenticationRealm_IDENT-Failed"/>
<!-- source: pattern://0f6977caedca600b17221f0a -->
<ResultCond name="processResponse" next="IDENT-AuthenticationRealm_IDENT-SamlServiceProvider-ProcessResponse"/>
<!-- source: pattern://0f6977caedca600b17221f0a -->
<ResultCond name="sendAuthnRequest" next="IDENT-AuthenticationRealm_IDENT-SamlServiceProvider-AuthnRequest"/>
<!-- source: pattern://0f6977caedca600b17221f0a -->
<Response value="AUTH_ERROR"/>
<!-- source: pattern://0f6977caedca600b17221f0a -->
<property name="scriptTraceGroup" value="AGOVOP-IDENT"/>
<!-- source: pattern://0f6977caedca600b17221f0a -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/IdentProcessAndDispatch.groovy"/>
<!-- source: pattern://0f6977caedca600b17221f0a -->
<property name="parameter.rpcode.list" value="${param.list"/>
</AuthState>
<AuthState name="IDENT-AuthenticationRealm_IDENT-Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="true">
<!-- source: pattern://026e4ae8ef4cc5496a7fe8c6 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://026e4ae8ef4cc5496a7fe8c6 -->
<Gui name="IDENT-Failed" label="${notes:agov.ident.error.title.label}">
<!-- source: pattern://026e4ae8ef4cc5496a7fe8c6 -->
<GuiElem name="error" type="error" label="${notes:agov.ident.msg.label}"/>
</Gui>
</Response>
</AuthState>
<AuthState name="IDENT-AuthenticationRealm_IDENT-SamlServiceProvider-ProcessResponse" class="ch.nevis.esauth.auth.states.saml.ServiceProviderState" final="false" resumeState="false">
<!-- source: pattern://ac1151fe6a973b135fd4a460 -->
<ResultCond name="ok" next="IDENT-AuthenticationRealm_IDENT-Succeeded"/>
<!-- source: pattern://ac1151fe6a973b135fd4a460 -->
<ResultCond name="status-Requester" next="IDENT-AuthenticationRealm_IDENT-Failed-WithRetry"/>
<!-- source: pattern://ac1151fe6a973b135fd4a460 -->
<ResultCond name="status-Responder" next="IDENT-AuthenticationRealm_IDENT-Failed-WithRetry"/>
<!-- source: pattern://ac1151fe6a973b135fd4a460 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://ac1151fe6a973b135fd4a460 -->
<Gui name="NoGui"/>
</Response>
<propertyRef name="SAML_SP_nevisidm_operations_Realm_SAML_IDP_op_Connector_Connector"/>
<!-- source: pattern://ac1151fe6a973b135fd4a460 -->
<property name="idpURL" value="https://trustbroker.agov-d.azure.adnovum.net/adfs/ls"/>
<!-- source: pattern://ac1151fe6a973b135fd4a460 -->
<property name="consumerURL" value="https://ident.agov-w.azure.adnovum.net/process"/>
<!-- source: pattern://ac1151fe6a973b135fd4a460 -->
<property name="relayState" value=""/>
<!-- source: pattern://ac1151fe6a973b135fd4a460 -->
<property name="out.binding" value="none"/>
<!-- source: pattern://ac1151fe6a973b135fd4a460 -->
<property name="in.binding" value="auto"/>
<!-- source: pattern://ac1151fe6a973b135fd4a460 -->
<property name="in.relayState" value=""/>
<!-- source: pattern://ac1151fe6a973b135fd4a460 -->
<property name="in.audienceRegex" value="${session:agov.ident.entityId}"/>
<!-- source: pattern://ac1151fe6a973b135fd4a460 -->
<property name="in.audience.checkrequired" value="true"/>
<!-- source: pattern://ac1151fe6a973b135fd4a460 -->
<property name="in.map_issuer_certificate" value="false"/>
<!-- source: pattern://ac1151fe6a973b135fd4a460 -->
<property name="in.verify" value="Response Assertion"/>
</AuthState>
<AuthState name="IDENT-AuthenticationRealm_IDENT-SamlServiceProvider-AuthnRequest" class="ch.nevis.esauth.auth.states.saml.AssertionRequestState" final="false" resumeState="false">
<!-- source: pattern://dce20cc904f88df4b77f93d9 -->
<ResultCond name="default" next="IDENT-AuthenticationRealm_Authentication_Failed"/>
<!-- source: pattern://dce20cc904f88df4b77f93d9 -->
<ResultCond name="ok" next="IDENT-AuthenticationRealm_Prepare_Done"/>
<!-- source: pattern://dce20cc904f88df4b77f93d9 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://dce20cc904f88df4b77f93d9 -->
<Gui name="NoGui"/>
</Response>
<!-- source: pattern://dce20cc904f88df4b77f93d9 -->
<property name="idpURL" value="https://trustbroker.agov-d.azure.adnovum.net/adfs/ls"/>
<!-- source: pattern://dce20cc904f88df4b77f93d9 -->
<property name="consumerURL" value="https://ident.agov-w.azure.adnovum.net/process"/>
<!-- source: pattern://dce20cc904f88df4b77f93d9 -->
<property name="out.binding" value="http-post"/>
<!-- source: pattern://dce20cc904f88df4b77f93d9 -->
<property name="out.requestType" value="AuthnRequest"/>
<!-- source: pattern://dce20cc904f88df4b77f93d9 -->
<property name="out.sign" value="AuthnRequest"/>
<!-- source: pattern://dce20cc904f88df4b77f93d9 -->
<property name="out.signatureKeyInfo" value="Certificate"/>
<!-- source: pattern://dce20cc904f88df4b77f93d9 -->
<property name="out.keystoreref" value="AGOV_IDENT_KS"/>
<!-- source: pattern://dce20cc904f88df4b77f93d9 -->
<property name="out.keyobjectref" value="AGOV_IDENT_SIGNER"/>
<!-- source: pattern://dce20cc904f88df4b77f93d9 -->
<property name="out.issuer" value="${sess:agov.ident.entityId}"/>
<!-- source: pattern://dce20cc904f88df4b77f93d9 -->
<property name="request.ttl" value="60"/>
<!-- source: pattern://dce20cc904f88df4b77f93d9 -->
<property name="relayState" value="${sess:agov.ident.rpcode}"/>
</AuthState>
<AuthState name="IDENT-AuthenticationRealm_IDENT-Succeeded" class="ch.nevis.esauth.auth.states.standard.AuthError" final="true">
<!-- source: pattern://5f2cdff72cb899bff468ad90 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://5f2cdff72cb899bff468ad90 -->
<Gui name="IDENT-Succeeded" label="agov.ident.succeeded.title">
<!-- source: pattern://5f2cdff72cb899bff468ad90 -->
<GuiElem name="info" type="info" label="agov.ident.succeeded.msg"/>
</Gui>
</Response>
</AuthState>
<AuthState name="IDENT-AuthenticationRealm_IDENT-Failed-WithRetry" class="ch.nevis.esauth.auth.states.standard.AuthError" final="true">
<!-- source: pattern://ea2c110e0adfa95722c2cc99 -->
<ResultCond name="continue" next="IDENT-AuthenticationRealm_IDENT-Process-and-Dispatch"/>
<!-- source: pattern://ea2c110e0adfa95722c2cc99 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://ea2c110e0adfa95722c2cc99 -->
<Gui name="IDENT-Failed-WithRetry" label="${notes:agov.ident.error.title.label}">
<!-- source: pattern://ea2c110e0adfa95722c2cc99 -->
<GuiElem name="error" type="error" label="${notes:agov.ident.msg.label}"/>
<!-- source: pattern://ea2c110e0adfa95722c2cc99 -->
<GuiElem name="continue" type="button" label="continue.button.label" value="true"/>
</Gui>
</Response>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_SAML_IDP_op_Connector_Connector" class="ch.nevis.esauth.auth.states.saml.ServiceProviderState" final="false" resumeState="true">
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<ResultCond name="LogoutFailed" next="SAML_SP_nevisidm_operations_Realm_Logout_Fail"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<ResultCond name="logout" next="SAML_SP_nevisidm_operations_Realm_Logout_Done"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<ResultCond name="logoutCompleted" next="SAML_SP_nevisidm_operations_Realm_Logout_Redirect"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<ResultCond name="ok" next="SAML_SP_nevisidm_operations_Realm_Restore_Level"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<Response value="AUTH_ERROR">
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="idpURL" value="https://trustbroker.agov-d.azure.adnovum.net/adfs/ls"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="in.binding" value="auto"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="in.map_issuer_certificate" value="true"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="in.verify" value="Response Assertion"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="in.max_age" value="60"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="in.audienceRegex" value="^https://op.agov-w.azure.adnovum.net/SAML2/ACS/.*$"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="in.tolerance" value="5"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="out.binding" value="http-post"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="out.ttl" value="60"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="out.signatureKeyInfo" value="Certificate"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="relayState" value="#{inargs.containsKey('RelayState') ? inargs.get('RelayState') : request['currentResource']}"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="logoutType" value="NONE"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="out.sign" value="AuthnRequest,LogoutRequest"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<property name="out.authnContextClassRef" value="urn:qa.agov.ch:names:tc:ac:classes:100"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<property name="consumerURL" value="${request:currentResource:(http.?.//[^/]+)/.*:$1/SAML2/ACS/}"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<property name="out.issuer" value="https://op.agov-w.azure.adnovum.net/SAML2/ACS/"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<property name="in.keystoreref" value="Store_SAML_SP_nevisidm_operations_Realm"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<property name="out.keystoreref" value="Store_SAML_SP_nevisidm_operations_Realm"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<property name="out.keyobjectref" value="Signer_SAML_SP_nevisidm_operations_Realm"/>
</AuthState>
<AuthState name="IDENT-AuthenticationRealm_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
<!-- source: pattern://dce20cc904f88df4b77f93d9 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://dce20cc904f88df4b77f93d9 -->
<Gui name="Error">
<!-- source: pattern://dce20cc904f88df4b77f93d9 -->
<GuiElem name="info" type="error" label="error_99"/>
<!-- source: pattern://dce20cc904f88df4b77f93d9 -->
<GuiElem name="submit" type="button" label="continue.button.label"/>
</Gui>
</Response>
</AuthState>
<AuthState name="IDENT-AuthenticationRealm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://026e4ae8ef4cc5496a7fe8c6, pattern://dce20cc904f88df4b77f93d9, pattern://5f2cdff72cb899bff468ad90, pattern://3fd09bb6cfbd34874595c263 -->
<ResultCond name="default" next="IDENT-AuthenticationRealm_Auth_Done"/>
<!-- source: pattern://026e4ae8ef4cc5496a7fe8c6, pattern://dce20cc904f88df4b77f93d9, pattern://5f2cdff72cb899bff468ad90, pattern://3fd09bb6cfbd34874595c263 -->
<Response value="AUTH_DONE">
<!-- source: pattern://026e4ae8ef4cc5496a7fe8c6, pattern://dce20cc904f88df4b77f93d9, pattern://5f2cdff72cb899bff468ad90, pattern://3fd09bb6cfbd34874595c263 -->
<Gui name="ContinueResponse"/>
</Response>
<!-- source: pattern://026e4ae8ef4cc5496a7fe8c6, pattern://dce20cc904f88df4b77f93d9, pattern://5f2cdff72cb899bff468ad90, pattern://3fd09bb6cfbd34874595c263 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_Logout_Fail" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="true">
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<Response value="AUTH_ERROR">
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<Gui name="empty"/>
</Response>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_Logout_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<Gui name="ContinueResponse"/>
</Response>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_Logout_Redirect" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="true">
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<Gui name="AuthDoneDialog">
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<GuiElem name="lasterror" type="error" label="${notes:lasterrorinfo}" value="${notes:lasterror}"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<GuiElem name="continue" type="button" label="continue.button.label" value="true"/>
</Gui>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<Arg name="nevis.transfer.type" value="redirect"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<Arg name="nevis.transfer.destination" value="/loggedout"/>
</Response>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_Restore_Level" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<ResultCond name="ok" next="SAML_SP_nevisidm_operations_Realm_set_userExtId_Groovy_Script_Step"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/saml_sp_level.groovy"/>
</AuthState>
<AuthState name="IDENT-AuthenticationRealm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
<!-- source: pattern://026e4ae8ef4cc5496a7fe8c6, pattern://dce20cc904f88df4b77f93d9, pattern://5f2cdff72cb899bff468ad90, pattern://3fd09bb6cfbd34874595c263 -->
<Response value="AUTH_DONE">
<!-- source: pattern://026e4ae8ef4cc5496a7fe8c6, pattern://dce20cc904f88df4b77f93d9, pattern://5f2cdff72cb899bff468ad90, pattern://3fd09bb6cfbd34874595c263 -->
<Gui name="ContinueResponse"/>
</Response>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_set_userExtId_Groovy_Script_Step" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://488949a743edb1f46f73f232 -->
<ResultCond name="error" next="SAML_SP_nevisidm_operations_Realm_Authentication_Failed"/>
<!-- source: pattern://488949a743edb1f46f73f232 -->
<ResultCond name="ok" next="SAML_SP_nevisidm_operations_Realm_fetch_User_Authentication_Step"/>
<!-- source: pattern://488949a743edb1f46f73f232 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://488949a743edb1f46f73f232 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://488949a743edb1f46f73f232 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/set_userextid_groovy_script_step.groovy"/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
<!-- source: pattern://700ec185425d8645fea2caf5 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://700ec185425d8645fea2caf5 -->
<Gui name="Error">
<!-- source: pattern://700ec185425d8645fea2caf5 -->
<GuiElem name="info" type="error" label="error_99"/>
<!-- source: pattern://700ec185425d8645fea2caf5 -->
<GuiElem name="submit" type="button" label="continue.button.label"/>
</Gui>
<!-- source: pattern://700ec185425d8645fea2caf5 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_fetch_User_Authentication_Step" class="ch.nevis.idm.authstate.IdmUserVerifyState" final="false" resumeState="true">
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<ResultCond name="clientNotFound" next="SAML_SP_nevisidm_operations_Realm_Authentication_Failed"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<ResultCond name="failed" next="SAML_SP_nevisidm_operations_Realm_Authentication_Failed"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<ResultCond name="prospect" next="SAML_SP_nevisidm_operations_Realm_fetch_User_Authentication_Step_selectProfile"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<Gui name="AuthFailDialog"/>
</Response>
<propertyRef name="nevisIDM_Connector"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="user.loginid" value="unknown"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="userExtId" value="${sess:operationsExtId}"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="client.name" value="OPERATIONS"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="detaillevel.user" value="HIGH"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="detaillevel.profile" value="HIGH"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="detaillevel.role" value="HIGH"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="detaillevel.authorization" value="HIGH"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="detaillevel.dataroom" value="HIGH"/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_fetch_User_Authentication_Step_selectProfile" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<ResultCond name="error" next="SAML_SP_nevisidm_operations_Realm_Authentication_Failed"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<ResultCond name="ok" next="SAML_SP_nevisidm_operations_Realm_fetch_User_Authentication_Step_IdmGetPropertiesState"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<Gui name="op_idmlogin_select_profile">
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<GuiElem name="lasterror" type="error" label="${notes:lasterrorinfo}" value="${notes:lasterror}" optional="true"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<GuiElem name="submit" type="button" label="submit.button.label" value="go"/>
</Gui>
</Response>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/selectIdmProfile.groovy"/>
</AuthState>
<AuthState name="nevisIDM_Connector" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="false">
<!-- source: pattern://12c979b6af0f15f1328656a4 -->
<property name="login.service.connection.0" value="https://idm:8989/nevisidm/services/v1/LoginService"/>
<!-- source: pattern://12c979b6af0f15f1328656a4 -->
<property name="admin.service.connection.0" value="https://idm:8989/nevisidm/services/v1/AdminService"/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_fetch_User_Authentication_Step_IdmGetPropertiesState" class="ch.nevis.idm.authstate.IdmGetPropertiesState" final="false" resumeState="true">
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<ResultCond name="clientNotFound" next="SAML_SP_nevisidm_operations_Realm_Authentication_Failed"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<ResultCond name="default" next="SAML_SP_nevisidm_operations_Realm_Authentication_Failed"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<ResultCond name="ok" next="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<ResultCond name="showGui" next="SAML_SP_nevisidm_operations_Realm_Authentication_Failed"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<Response value="AUTH_ERROR"/>
<propertyRef name="nevisIDM_Connector"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="user.attributes" value="loginId,extId,firstName,name,email,language"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="chooseProfileFromSession" value="operationsProfileExtId"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="userExtId" value="${sess:operationsExtId}"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="client.name" value="OPERATIONS"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="detaillevel.user" value="HIGH"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="detaillevel.profile" value="HIGH"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="detaillevel.role" value="HIGH"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="detaillevel.authorization" value="HIGH"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="detaillevel.dataroom" value="HIGH"/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false" resumeState="false">
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<ResultCond name="default" next="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded_Update"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<ResultCond name="emailaddressDidntChange,givennameDidntChange,surnameDidntChange,languageDidntChange" next="SAML_SP_nevisidm_operations_Realm_Prepare_Done"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<Response value="AUTH_ERROR"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="condition:emailaddressDidntChange" value="#{ !sess.containsKey('idp.email') or sess.get('idp.email').equals(sess.get('ch.nevis.idm.User.email')) }"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="condition:givennameDidntChange" value="#{ !sess.containsKey('idp.firstName') or sess.get('idp.firstName').equals(sess.get('ch.nevis.idm.User.firstName')) }"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="condition:surnameDidntChange" value="#{ !sess.containsKey('idp.lastName') or sess.get('idp.lastName').equals(sess.get('ch.nevis.idm.User.lastName')) }"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="condition:languageDidntChange" value="#{ !sess.containsKey('idp.language') or sess.get('idp.language').equals(sess.get('ch.nevis.idm.User.language')) }"/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded_Update" class="ch.nevis.idm.authstate.IdmSetPropertiesState" final="false" resumeState="false">
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<ResultCond name="emailExists" next="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded_AuditError"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<ResultCond name="inputInvalid" next="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded_AuditError"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<ResultCond name="inputMissing" next="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded_AuditError"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<ResultCond name="loginIdExists" next="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded_AuditError"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<ResultCond name="ok" next="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded_AuditUpdate"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<ResultCond name="userIdExists" next="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded_AuditError"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<Response value="AUTH_ERROR">
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<propertyRef name="nevisIDM_Connector"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="user.loginid" value="${sess:ch.adnovum.nevisidm.user.loginId}"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="client.name" value="${sess:ch.adnovum.nevisidm.clientName}"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="user.attributes.optional" value="email,firstName,name,language"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="user.attributes.mandatory" value="remarks"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="user.attribute.email" value="${notes|saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress}"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="user.attribute.firstName" value="${notes|saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname}"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="user.attribute.name" value="${notes|saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname}"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="user.attribute.language" value="${notes|saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/languageOfCorrespondance}"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="user.attribute.remarks" value="Updated based on assertion '${sess:ch.nevis.auth.saml.assertion.id}' (Request-ID: ${inctx:connection.HttpHeader.X-Request-ID})"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="user.attributes.overwrite" value="email,firstName,name,language,remarks"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="allowInvalidUserEmails" value="true"/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://7518c6cc61e47eec6322ae17, pattern://271d024334021208b71ac80a -->
<ResultCond name="default" next="SAML_SP_nevisidm_operations_Realm_Redirect_RelayState"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17, pattern://271d024334021208b71ac80a -->
<Response value="AUTH_DONE">
<!-- source: pattern://7518c6cc61e47eec6322ae17, pattern://271d024334021208b71ac80a -->
<Gui name="ContinueResponse"/>
</Response>
<!-- source: pattern://7518c6cc61e47eec6322ae17, pattern://271d024334021208b71ac80a -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded_AuditError" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<Response value="AUTH_ERROR">
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="scriptTraceGroup" value="AGOVOP-ACCT"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="script" value=" def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'; def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'; def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'; LOG.error(&quot;Event='USERUPDATE', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', error='failed to update user in IDM', lasterrorinfo='${lasterrorinfo}'&quot;); response.setStatus(ch.nevis.esauth.auth.engine.AuthResponse.AUTH_ERROR); "/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded_AuditUpdate" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<ResultCond name="default" next="SAML_SP_nevisidm_operations_Realm_Prepare_Done"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<Response value="AUTH_CONTINUE"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="scriptTraceGroup" value="AGOVOP-ACCT"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="script" value=" def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'; def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'; def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'; LOG.info(&quot;Event='USERUPDATE', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}'&quot;); "/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_Redirect_RelayState" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<ResultCond name="default" next="SAML_SP_nevisidm_operations_Realm_Auth_Done"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<Response value="AUTH_DONE">
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<Gui name="ContinueResponse"/>
</Response>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/redirect_relay_state.groovy"/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
<!-- source: pattern://7518c6cc61e47eec6322ae17, pattern://271d024334021208b71ac80a -->
<Response value="AUTH_DONE">
<!-- source: pattern://7518c6cc61e47eec6322ae17, pattern://271d024334021208b71ac80a -->
<Gui name="ContinueResponse"/>
</Response>
</AuthState>
<AuthState name="IDENT-AuthenticationRealm_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<ResultCond name="nomatch" next="IDENT-AuthenticationRealm_Prepare_Done"/>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
</AuthState>
<AuthState name="OP-ONBRDNG-AuthenticationRealm_OP-ONBRDNG-PreProcessing" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
<!-- source: pattern://2787b678d9cce5310a335419 -->
<ResultCond name="processResponse" next="OP-ONBRDNG-AuthenticationRealm_OP-ONBRDNG-SamlServiceProvider-ProcessResponse"/>
@ -261,59 +742,6 @@
<!-- source: pattern://fd3912c7af7a88b6342a4c78 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/OpOnbrdng-PostProcessing.groovy"/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_SAML_IDP_op_Connector_Connector" class="ch.nevis.esauth.auth.states.saml.ServiceProviderState" final="false" resumeState="true">
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<ResultCond name="LogoutFailed" next="SAML_SP_nevisidm_operations_Realm_Logout_Fail"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<ResultCond name="logout" next="SAML_SP_nevisidm_operations_Realm_Logout_Done"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<ResultCond name="logoutCompleted" next="SAML_SP_nevisidm_operations_Realm_Logout_Redirect"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<ResultCond name="ok" next="SAML_SP_nevisidm_operations_Realm_Restore_Level"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<Response value="AUTH_ERROR">
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="idpURL" value="https://trustbroker.agov-d.azure.adnovum.net/adfs/ls"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="in.binding" value="auto"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="in.map_issuer_certificate" value="true"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="in.verify" value="Response Assertion"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="in.max_age" value="60"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="in.audienceRegex" value="^https://op.agov-w.azure.adnovum.net/SAML2/ACS/.*$"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="in.tolerance" value="5"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="out.binding" value="http-post"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="out.ttl" value="60"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="out.signatureKeyInfo" value="Certificate"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="relayState" value="#{inargs.containsKey('RelayState') ? inargs.get('RelayState') : request['currentResource']}"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="logoutType" value="NONE"/>
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<property name="out.sign" value="AuthnRequest,LogoutRequest"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<property name="out.authnContextClassRef" value="urn:qa.agov.ch:names:tc:ac:classes:100"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<property name="consumerURL" value="${request:currentResource:(http.?.//[^/]+)/.*:$1/SAML2/ACS/}"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<property name="out.issuer" value="https://op.agov-w.azure.adnovum.net/SAML2/ACS/"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<property name="in.keystoreref" value="Store_SAML_SP_nevisidm_operations_Realm"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<property name="out.keystoreref" value="Store_SAML_SP_nevisidm_operations_Realm"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<property name="out.keyobjectref" value="Signer_SAML_SP_nevisidm_operations_Realm"/>
</AuthState>
<AuthState name="OP-ONBRDNG-AuthenticationRealm_OP-ONBRDNG-PreProcessing_VerifyURLTicket_Failed" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="false">
<!-- source: pattern://2787b678d9cce5310a335419 -->
<ResultCond name="default" next="OP-ONBRDNG-AuthenticationRealm_OP-ONBRDNG-PreProcessing"/>
@ -367,12 +795,6 @@
<!-- source: pattern://2787b678d9cce5310a335419 -->
<property name="user.cred.saml_federation3.subjectNameId" value="true"/>
</AuthState>
<AuthState name="nevisIDM_Connector" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="false">
<!-- source: pattern://12c979b6af0f15f1328656a4 -->
<property name="login.service.connection.0" value="https://idm:8989/nevisidm/services/v1/LoginService"/>
<!-- source: pattern://12c979b6af0f15f1328656a4 -->
<property name="admin.service.connection.0" value="https://idm:8989/nevisidm/services/v1/AdminService"/>
</AuthState>
<AuthState name="OP-ONBRDNG-AuthenticationRealm_OP-ONBRDNG-PostProcessing_SamlFedCredential" class="ch.nevis.idm.authstate.IdmCreateCredentialState" final="false" resumeState="false">
<!-- source: pattern://fd3912c7af7a88b6342a4c78 -->
<ResultCond name="credentialExists" next="OP-ONBRDNG-AuthenticationRealm_OP-ONBRDNG-PostProcessing_SamlFedCredential_Failed"/>
@ -415,47 +837,6 @@
</Gui>
</Response>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_Logout_Fail" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="true">
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<Response value="AUTH_ERROR">
<!-- source: pattern://36af90d50b0d6ba66136dbde -->
<Gui name="empty"/>
</Response>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_Logout_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<Gui name="ContinueResponse"/>
</Response>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_Logout_Redirect" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="true">
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<Gui name="AuthDoneDialog">
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<GuiElem name="lasterror" type="error" label="${notes:lasterrorinfo}" value="${notes:lasterror}"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<GuiElem name="continue" type="button" label="continue.button.label" value="true"/>
</Gui>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<Arg name="nevis.transfer.type" value="redirect"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<Arg name="nevis.transfer.destination" value="/loggedout"/>
</Response>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_Restore_Level" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<ResultCond name="ok" next="SAML_SP_nevisidm_operations_Realm_set_userExtId_Groovy_Script_Step"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/saml_sp_level.groovy"/>
</AuthState>
<AuthState name="OP-ONBRDNG-AuthenticationRealm_OP-ONBRDNG-PreProcessing_IdmPostProcessing_Failed" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="false">
<!-- source: pattern://2787b678d9cce5310a335419 -->
<ResultCond name="default" next="OP-ONBRDNG-AuthenticationRealm_OP-ONBRDNG-PreProcessing"/>
@ -482,219 +863,6 @@
<!-- source: pattern://fd3912c7af7a88b6342a4c78 -->
<property name="notes:lasterrorinfo" value="Problem with creation of SamlFed credential: ${notes:lasttransition} - ${notes:lasterrorinfo}"/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_set_userExtId_Groovy_Script_Step" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://488949a743edb1f46f73f232 -->
<ResultCond name="error" next="SAML_SP_nevisidm_operations_Realm_Authentication_Failed"/>
<!-- source: pattern://488949a743edb1f46f73f232 -->
<ResultCond name="ok" next="SAML_SP_nevisidm_operations_Realm_fetch_User_Authentication_Step"/>
<!-- source: pattern://488949a743edb1f46f73f232 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://488949a743edb1f46f73f232 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://488949a743edb1f46f73f232 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/set_userextid_groovy_script_step.groovy"/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
<!-- source: pattern://700ec185425d8645fea2caf5 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://700ec185425d8645fea2caf5 -->
<Gui name="Error">
<!-- source: pattern://700ec185425d8645fea2caf5 -->
<GuiElem name="info" type="error" label="error_99"/>
<!-- source: pattern://700ec185425d8645fea2caf5 -->
<GuiElem name="submit" type="button" label="continue.button.label"/>
</Gui>
<!-- source: pattern://700ec185425d8645fea2caf5 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_fetch_User_Authentication_Step" class="ch.nevis.idm.authstate.IdmUserVerifyState" final="false" resumeState="true">
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<ResultCond name="clientNotFound" next="SAML_SP_nevisidm_operations_Realm_Authentication_Failed"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<ResultCond name="failed" next="SAML_SP_nevisidm_operations_Realm_Authentication_Failed"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<ResultCond name="prospect" next="SAML_SP_nevisidm_operations_Realm_fetch_User_Authentication_Step_selectProfile"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<Gui name="AuthFailDialog"/>
</Response>
<propertyRef name="nevisIDM_Connector"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="user.loginid" value="unknown"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="userExtId" value="${sess:operationsExtId}"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="client.name" value="OPERATIONS"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="detaillevel.user" value="HIGH"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="detaillevel.profile" value="HIGH"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="detaillevel.role" value="HIGH"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="detaillevel.authorization" value="HIGH"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="detaillevel.dataroom" value="HIGH"/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_fetch_User_Authentication_Step_selectProfile" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<ResultCond name="error" next="SAML_SP_nevisidm_operations_Realm_Authentication_Failed"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<ResultCond name="ok" next="SAML_SP_nevisidm_operations_Realm_fetch_User_Authentication_Step_IdmGetPropertiesState"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<Gui name="op_idmlogin_select_profile">
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<GuiElem name="lasterror" type="error" label="${notes:lasterrorinfo}" value="${notes:lasterror}" optional="true"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<GuiElem name="submit" type="button" label="submit.button.label" value="go"/>
</Gui>
</Response>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/selectIdmProfile.groovy"/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_fetch_User_Authentication_Step_IdmGetPropertiesState" class="ch.nevis.idm.authstate.IdmGetPropertiesState" final="false" resumeState="true">
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<ResultCond name="clientNotFound" next="SAML_SP_nevisidm_operations_Realm_Authentication_Failed"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<ResultCond name="default" next="SAML_SP_nevisidm_operations_Realm_Authentication_Failed"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<ResultCond name="ok" next="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<ResultCond name="showGui" next="SAML_SP_nevisidm_operations_Realm_Authentication_Failed"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<Response value="AUTH_ERROR"/>
<propertyRef name="nevisIDM_Connector"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="user.attributes" value="loginId,extId,firstName,name,email,language"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="chooseProfileFromSession" value="operationsProfileExtId"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="userExtId" value="${sess:operationsExtId}"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="client.name" value="OPERATIONS"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="detaillevel.user" value="HIGH"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="detaillevel.profile" value="HIGH"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="detaillevel.role" value="HIGH"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="detaillevel.authorization" value="HIGH"/>
<!-- source: pattern://56955e7b6b92c254d7d1aae1 -->
<property name="detaillevel.dataroom" value="HIGH"/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false" resumeState="false">
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<ResultCond name="default" next="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded_Update"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<ResultCond name="emailaddressDidntChange,givennameDidntChange,surnameDidntChange,languageDidntChange" next="SAML_SP_nevisidm_operations_Realm_Prepare_Done"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<Response value="AUTH_ERROR"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="condition:emailaddressDidntChange" value="#{ !sess.containsKey('idp.email') or sess.get('idp.email').equals(sess.get('ch.nevis.idm.User.email')) }"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="condition:givennameDidntChange" value="#{ !sess.containsKey('idp.firstName') or sess.get('idp.firstName').equals(sess.get('ch.nevis.idm.User.firstName')) }"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="condition:surnameDidntChange" value="#{ !sess.containsKey('idp.lastName') or sess.get('idp.lastName').equals(sess.get('ch.nevis.idm.User.lastName')) }"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="condition:languageDidntChange" value="#{ !sess.containsKey('idp.language') or sess.get('idp.language').equals(sess.get('ch.nevis.idm.User.language')) }"/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded_Update" class="ch.nevis.idm.authstate.IdmSetPropertiesState" final="false" resumeState="false">
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<ResultCond name="emailExists" next="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded_AuditError"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<ResultCond name="inputInvalid" next="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded_AuditError"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<ResultCond name="inputMissing" next="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded_AuditError"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<ResultCond name="loginIdExists" next="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded_AuditError"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<ResultCond name="ok" next="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded_AuditUpdate"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<ResultCond name="userIdExists" next="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded_AuditError"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<Response value="AUTH_ERROR">
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<propertyRef name="nevisIDM_Connector"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="user.loginid" value="${sess:ch.adnovum.nevisidm.user.loginId}"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="client.name" value="${sess:ch.adnovum.nevisidm.clientName}"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="user.attributes.optional" value="email,firstName,name,language"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="user.attributes.mandatory" value="remarks"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="user.attribute.email" value="${notes|saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress}"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="user.attribute.firstName" value="${notes|saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname}"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="user.attribute.name" value="${notes|saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname}"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="user.attribute.language" value="${notes|saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/languageOfCorrespondance}"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="user.attribute.remarks" value="Updated based on assertion '${sess:ch.nevis.auth.saml.assertion.id}' (Request-ID: ${inctx:connection.HttpHeader.X-Request-ID})"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="user.attributes.overwrite" value="email,firstName,name,language,remarks"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="allowInvalidUserEmails" value="true"/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://7518c6cc61e47eec6322ae17, pattern://271d024334021208b71ac80a -->
<ResultCond name="default" next="SAML_SP_nevisidm_operations_Realm_Redirect_RelayState"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17, pattern://271d024334021208b71ac80a -->
<Response value="AUTH_DONE">
<!-- source: pattern://7518c6cc61e47eec6322ae17, pattern://271d024334021208b71ac80a -->
<Gui name="ContinueResponse"/>
</Response>
<!-- source: pattern://7518c6cc61e47eec6322ae17, pattern://271d024334021208b71ac80a -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded_AuditError" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<Response value="AUTH_ERROR">
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="scriptTraceGroup" value="AGOVOP-ACCT"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="script" value=" def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'; def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'; def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'; LOG.error(&quot;Event='USERUPDATE', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', error='failed to update user in IDM', lasterrorinfo='${lasterrorinfo}'&quot;); response.setStatus(ch.nevis.esauth.auth.engine.AuthResponse.AUTH_ERROR); "/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_UpdateUserIfNeeded_AuditUpdate" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<ResultCond name="default" next="SAML_SP_nevisidm_operations_Realm_Prepare_Done"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<Response value="AUTH_CONTINUE"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="scriptTraceGroup" value="AGOVOP-ACCT"/>
<!-- source: pattern://24cbc652d3166c8374eda3cd -->
<property name="script" value=" def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'; def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'; def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'; LOG.info(&quot;Event='USERUPDATE', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}'&quot;); "/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_Redirect_RelayState" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<ResultCond name="default" next="SAML_SP_nevisidm_operations_Realm_Auth_Done"/>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<Response value="AUTH_DONE">
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<Gui name="ContinueResponse"/>
</Response>
<!-- source: pattern://7518c6cc61e47eec6322ae17 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/redirect_relay_state.groovy"/>
</AuthState>
<AuthState name="SAML_SP_nevisidm_operations_Realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
<!-- source: pattern://7518c6cc61e47eec6322ae17, pattern://271d024334021208b71ac80a -->
<Response value="AUTH_DONE">
<!-- source: pattern://7518c6cc61e47eec6322ae17, pattern://271d024334021208b71ac80a -->
<Gui name="ContinueResponse"/>
</Response>
</AuthState>
<AuthState name="OP-ONBRDNG-AuthenticationRealm_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
<!-- source: pattern://6df66943ca713eed2a25d935 -->
<ResultCond name="nomatch" next="OP-ONBRDNG-AuthenticationRealm_Prepare_Done"/>

2
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/logging.yml
View File

@ -24,6 +24,8 @@ Configuration:
level: "FATAL"
- name: "AGOVOP-ACCT"
level: "INFO"
- name: "AGOVOP-IDENT"
level: "INFO"
- name: "AuthEngine"
level: "INFO"
- name: "AuthPerf"

2
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/etc/nevis/k8s-nevislogrend-8401da6318c6915d689cdfc9.yaml
View File

@ -44,7 +44,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-de679db35a5049f78feb4eca1e828eb6997985b5"
tag: "r-030a0c32f7aa373371615e3c88c1e7e33eccfd82"
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend"
credentials: "git-credentials"
podSecurity:

2
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/conf/logrend.properties
View File

@ -10,7 +10,7 @@ application.language.cookie.en=LANG:en:.agov-w.azure.adnovum.net
application.language.cookie.fr=LANG:fr:.agov-w.azure.adnovum.net
application.language.cookie.it=LANG:it:.agov-w.azure.adnovum.net
application.loginapp.current=
application.loginapp.default=OP-ONBRDNG-AuthenticationRealm
application.loginapp.default=IDENT-AuthenticationRealm
application.loginapp.override=header:channel
application.package.name=nevislogrend
application.render.content.type=text/html; charset=UTF-8

26
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/resources/conf/default.properties Normal file
View File

@ -0,0 +1,26 @@
# source: pattern://3fd09bb6cfbd34874595c263
application.countries.default=CH
# source: pattern://3fd09bb6cfbd34874595c263
cache.file.exempt=
# source: pattern://3fd09bb6cfbd34874595c263
cache.filefolder.exempt=
# source: pattern://3fd09bb6cfbd34874595c263
application.language.source.1=param:language
# source: pattern://3fd09bb6cfbd34874595c263
application.language.source.2=cookie:LANG
# source: pattern://3fd09bb6cfbd34874595c263
application.language.source.3=gui
# source: pattern://3fd09bb6cfbd34874595c263
application.language.source.4=browser
# source: pattern://3fd09bb6cfbd34874595c263
application.languages=en,de,fr,it
# source: pattern://3fd09bb6cfbd34874595c263
application.languages.default=en
# source: pattern://8401da6318c6915d689cdfc9
application.language.cookie.en=LANG:en
# source: pattern://8401da6318c6915d689cdfc9
application.language.cookie.de=LANG:de
# source: pattern://8401da6318c6915d689cdfc9
application.language.cookie.fr=LANG:fr
# source: pattern://8401da6318c6915d689cdfc9
application.language.cookie.it=LANG:it

219
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/resources/conf/text.properties Normal file
View File

@ -0,0 +1,219 @@
darkModeSwitch.aria.label=Dark mode toggle
error_1=Please check your input.
error_10=Please select the correct user account.
error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk.
error_101=The entered email address is not valid.
error_11=Please use another certficate or login with another credential type.
error_2=Please select another login name.
error_3=Your account will be locked if next authentication fails.
error_4=Your new password does not comply with the security policy. Please choose a different password.
error_5=Error in password confirmation.
error_50=The new password is too short.
error_55=The new password has to differ from old passwords.
error_6=Password change required.
error_7=Change of login ID required.
error_8=Your account has been locked due to repeated authentication failures.
error_81=No access card found, access from internet denied.
error_83=Your access card is no longer valid. Please contact your advisor to get a new access card.
error_9=Session take over failed.
error_97=You are not authorized to access this resource.
error_98=Your account has been locked.
error_99=System problems. Please try later.
error_9901=You need a valid on-boarding link to access this page.
error_9902=The email used for authentication doesn't match the expected one in operations. Please ask for a new on-boarding link.
error_9903=The used IdP didn't send us a valid assertion. Please make sure, you use the correct IdP. Ask the support for a new on-boarding link.
error_9904=Your link is not valid anymore. Please make sure, that you are using the latest Link received from operations. Ask for a new link, if the problem persists.
error_9905=There is a problem with your operations account. Please contact the support.
error_9909=An internal error occured. Please ask the support for a new on-boarding link.
errors.duplicateValue=Your account is already linked with another operations access.
fido2_auth.cancel.fido=The security key authentication was interrupted. Please ensure your FIDO key is registered and your email is correct, then follow the steps below.
fido2_auth.instruction1=Click on "Continue"
fido2_auth.instruction2=An authentication window will appear
fido2_auth.instruction3=Follow the instructions
fido2_auth.skipInstructions=Skip instructions next time
fido2_auth.switchLogin=SWITCH TO LOGIN WITH
footer.link=https://agov.ch
footer.link.label=Contact
footer.text=Authentication service of Swiss authorities AGOV - a collaboration between cantons, their municipalities, and the federal administration. -
general.AGOVAccessApp=AGOV access app
general.accessApp=AGOV access app
general.authenticate=Authenticate
general.back=Back
general.cancel=Cancel
general.confirm=Confirm
general.contactSupport=Contact Support
general.continue=Continue
general.edit=Edit
general.email=Email
general.email.address=Email address
general.entryCode=Code entry
general.fieldRequired=Field required.
general.getStarted=Get started
general.goAGOVHelp=Go to AGOV help
general.goAccessApp=Login with AGOV access
general.help=Help
general.help.link=https://agov.ch/help
general.login=Login
general.loginSecurityKey=Start Security key login
general.or=OR
general.otherOptions=OTHER OPTIONS
general.recovery=Recovery
general.recovery.help.link=https://help.agov.ch/?c=100recovery
general.recoveryCode.downloadPdf=Download as PDF
general.recoveryCode.inputLabel=Recovery code
general.recoveryCode.repeatCodeError=The code you entered was incorrect. Please ensure you have stored it correctly, then continue to resubmit.
general.recoveryCode.repeatCodeModal.description=A lost or incorrectly stored recovery code can make it more difficult to recover your account. To ensure you have recorded your code correctly, please repeat it below.
general.recoveryCode.repeatCodeModal.title=Repeat recovery code
general.recoveryCode.reveal=Reveal recovery code
general.recoveryOngoing=Ongoing recovery
general.register=Register
general.registerNow=Register now!
general.registration=Registration
general.securityKey=Security key
general.skip.content=Skip to main content
general.wrongPhoneNumber=Please enter a valid phone number
generic.auth.error.message=There was a service interruption. We are working on it.
generic.auth.error.next.steps=Please try again later. Please consult AGOV help if the problem persists.
generic.auth.error.subtitle=Something went wrong
generic.auth.error.title=Error
language.de=Deutsch
language.en=English
language.fr=Fran&ccedil;ais
language.it=Italiano
languageDropdown.aria.label=Select language
loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
loainfo.helper=Your data needs to be verified!
loainfo.later=Later
loainfo.startNow=Do you want to start the process now?
loainfo.startVerification=Start verification
loainfo.title=Verify your data
mauth_usernameless.EID=Continue with CH E-ID
mauth_usernameless.banner.error=Authentication interrupted.<br>Please try again when the page reloads.
mauth_usernameless.banner.info=Scan successful.<br>Please continue in the AGOV access app.
mauth_usernameless.banner.success=Authentication successful!<br>Please wait to be logged in.
mauth_usernameless.cannotLogin=Lost access to your app / security key?
mauth_usernameless.hideQR=Hide QR code
mauth_usernameless.instructions=Log in by scanning the QR code with your AGOV access app
mauth_usernameless.noAccount=Don't have an AGOV-Login yet?
mauth_usernameless.showQR=Show QR code
mauth_usernameless.startRecovery=Start account recovery
mauth_usernameless.useSecurityKey=Use a security key to log in
mauth_usernameless.useSecurityKeyInfo=A physical security key offers a secure way to login without having to use a phone.
op-admin.login=AGOV op admin
op-admin.login.intro.message=Login with your username and password
op-admin.login.loginid=LoginId
op-admin.login.password=Passwort
op-admin.login.title=Login
op-admin.logout=AGOV op admin
op-admin.logout.message=You have successfully logged out.
op-admin.logout.title=Logout
op-admin.pwchange.intro.message=Password change required
op-admin.pwchange.newpassword=New password
op-admin.pwchange.newpassword2=Repeat new password
op-admin.pwchange.password=Current password
op-admin.pwchange.title=Password Change
op-idmlogin.role.accs-mgmt-idm=IDM accessrights management
op-idmlogin.role.accs-mgmt-nonidm=Accessrights management
op-idmlogin.role.idmcfg-mgmt=IDM set-up
op-idmlogin.role.readonly-access=Default access (readonly)
op-idmlogin.role.support-basic=Support cases (recovery, ...)
op-idmlogin.role.support-priv=3rd level support (archiving, off-boarding)
op-idmlogin.role.usr-mgmt=User management (operations)
op-idmlogin.role.usr-unit-mgmt=User and organization management (operations)
op-idmlogin.select=AGOV idm
op-idmlogin.select.intro=Please select one of the profiles below...
op-idmlogin.select.note=Profiles marked with a * should only be used if required for a specific support or release tasks.
op-idmlogin.select.title=Profile selection
op-onboarding.done.message=On-boarding was successfull. You can now use your AGOV operations access. Please close the browser, before accessing on of the operations application.
op-onboarding.done.title=DONE
op-onboarding.failed.title=ERROR
op-onboarding.intro.message1=To complete your on-boarding for your AGOV operations access, you need either an AGOV or a FED-LOGIN account.
op-onboarding.intro.message2=After clicking on "Continue", you will be redirected for authentication.
op-onboarding.intro.message3=If you are using AGOV, and your account doesn't meet yet the required AGOVaq level, you will be given the possibility to start the required ID verification.
op-onboarding.intro.title=START
op-onboarding.onboarding=AGOV op on-boarding
op-onboarding.process.message=During the processing something went wrong. Please contact AGOV support if necessary and ask also for a new on-boarding link.
providePhoneNumber.banner=Phone number must be able to receive SMS.<br>This phone number will not be used to contact you.
providePhoneNumber.description=AGOV now supports recovery with your phone number. This will allow you to continue with an SMS during recovery if you have lost access to your recovery code.
providePhoneNumber.errorBanner=Phone numbers do not match. Please try again.
providePhoneNumber.inputLabel=Phone number (optional)
providePhoneNumber.laterModal.description1=Without a phone number, a recovery of your account might take up to 4 days if you lose access to your recovery code.
providePhoneNumber.laterModal.description2=Adding a phone number helps you to recover your account in a matter of minutes.
providePhoneNumber.laterModal.description3=This phone number will not be used to contact you.
providePhoneNumber.laterModal.title=Continue without a phone number?
providePhoneNumber.modal.description=An incorrectly stored phone number can make it more difficult to recover your account. To ensure you have recorded your phone number correctly, please repeat it below.
providePhoneNumber.modal.inputLabel=Phone number
providePhoneNumber.modal.title=Repeat phone number
providePhoneNumber.saveButtonText=Save
providePhoneNumber.title=Add phone number
recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered
recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process.
recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you.
recovery_check_code.banner.lockedError=Too many invalid input attempts. Please try again in a few minutes.
recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again.
recovery_check_code.enterRecoveryCode=Enter recovery code
recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me.
recovery_check_code.invalid.code=The code is invalid
recovery_check_code.invalid.code.required=Code required
recovery_check_code.invalid.code.tooLong=The code is too long
recovery_check_code.noAccess=I do not have access to my code
recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
recovery_check_noCode.banner.error=Too many attempts.
recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
recovery_code.banner.error=Please reveal your new code to be able to continue.
recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place.
recovery_code.newRecoveryCode=Introducing Recovery Code
recovery_code.validUntil=Valid until:
recovery_fidokey_auth.button=Start key authentication
recovery_fidokey_auth.fidoInstruction=Click on "Start key authentication"
recovery_fidokey_auth.instruction1=You have already registered a new security key !!!SECURITY_KEY_NAME!!! as part of the recovery process.
recovery_fidokey_auth.instruction2=Please use !!!SECURITY_KEY_NAME!!! to follow the steps below to identify you.
recovery_fidokey_auth.keyRegistered=Security key already registered
recovery_intro_email.banner.error=The link you used has expired. Please enter your email address to receive a new link.
recovery_intro_email.banner.info=Please enter your email address, so we can send you a link to start the recovery process.
recovery_intro_email.important=Important:
recovery_intro_email.process=The recovery process should only be used if you have lost access to your login factors (deleted AGOV access app, lost security key, lost phone, etc.).
recovery_intro_email_sent.banner.button=Didn't receive the email?
recovery_intro_email_sent.banner.success=Thank you! You will receive an email with a recovery link and instructions shortly.
recovery_on_going.finishRecovery=Finish recovery
recovery_on_going.instruction=You have an ongoing recovery process. Part of the recovery process can include an identity verification. To access applications with your AGOV-Login you need to finish the identity verification as well.
recovery_on_going.title=Please finish your recovery process.
recovery_questionnaire_instructions.banner.info=Please note that in certain cases you need access to your recovery code for a successful recovery.
recovery_questionnaire_instructions.explanation=Based on your answers an AGOV-Login recovery seems to be necessary. Please click on continue and follow the instructions on the screen.
recovery_questionnaire_instructions.instruction1=Provide your account email address so we can send you a link to begin the recovery process
recovery_questionnaire_instructions.instruction2=Follow steps to recover your account (steps will vary depending on your account verification level)
recovery_questionnaire_loginfactor.banner.error=Please select an answer.
recovery_questionnaire_loginfactor.no=No
recovery_questionnaire_loginfactor.question=Have you registered more than one login factor (AGOV access app or security key) to your account?
recovery_questionnaire_loginfactor.yes=Yes
recovery_questionnaire_no_recovery.explanation1=Based on your answers, the AGOV recovery option does not seem necessary right now.
recovery_questionnaire_no_recovery.explanation2=Should you need further information, please visit <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> for support articles.
recovery_questionnaire_no_recovery.instruction1=If you have issues logging in to an application, please visit <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> and test if you can log in successfully.
recovery_questionnaire_no_recovery.instruction2=If you have several login factors registered but lost access to one of them, please visit <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> to remove the one you have lost access to.
recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app
recovery_questionnaire_reason_selection.answer7=I have my security keys or apps but had trouble logging in
recovery_questionnaire_reason_selection.answer8=I lost access to all my security keys and AGOV access apps
recovery_questionnaire_reason_selection.answer9=I have issues with one of my login factors (deleted, reset, forgotten PIN)
recovery_questionnaire_reason_selection.banner.error=Please select a reason.
recovery_questionnaire_reason_selection.instruction=Please select the reason you are starting the recovery process:
recovery_start_info.banner.warning=You will not be able to use your account until the recovery process has been concluded.
recovery_start_info.instruction=During the recovery process you will register a new login factor. If your account contains any verified information you might also have to go through a verification process to finish the recovery.
recovery_start_info.title=You are about to start the recovery process
title=NEVIS SSO Portal
title.login=Login
user_input.invalid.email=Please enter a valid email address
user_input.invalid.email.required=Field required
user_input.invalid.email.tooLong=Input is too long

219
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/resources/conf/text_de.properties Normal file
View File

@ -0,0 +1,219 @@
darkModeSwitch.aria.label=Dark-Mode-Schalter
error_1=Bitte &uuml;berpr&uuml;fen Sie Ihre Eingaben.
error_10=Bitte w&auml;hlen Sie das richtige Benutzerkonto aus.
error_100=Zertifikat-Upload nicht m&ouml;glich. Das Zertifikat existiert bereits. Wenden Sie sich an Ihr Helpdesk.
error_101=Die eingegebene E-Mail-Adresse ist ung&uuml;ltig.
error_11=Bitte verwenden Sie ein anderes Zertifikat oder melden Sie sich mit einer anderen Art von Credential an.
error_2=Bitte w&auml;hlen Sie einen anderen Login-Namen.
error_3=Wenn die n&auml;chste Authentifizierung fehlschl&auml;gt, wird Ihr Konto gesperrt.
error_4=Ihr neues Passwort verst&ouml;sst gegen die Sicherheitsrichtlinien. Bitte w&auml;hlen Sie ein anderes Passwort.
error_5=Fehler bei der Passwortbest&auml;tigung.
error_50=Das neue Passwort ist zu kurz.
error_55=Das neue Passwort muss sich von alten Passw&ouml;rtern unterscheiden.
error_6=Passwort&auml;nderung erforderlich.
error_7=&Auml;nderung der Login-ID erforderlich.
error_8=Ihr Konto wurde aufgrund wiederholter fehlgeschlagener Authentifizierungsversuche gesperrt.
error_81=Keine Zugangskarte gefunden, Zugang &uuml;ber das Internet verweigert.
error_83=Ihre Zugangskarte ist nicht mehr g&uuml;ltig. Bitte wenden Sie sich an Ihre Beratungsperson, um eine neue Zugangskarte zu erhalten.
error_9=&Uuml;bernahme der Sitzung fehlgeschlagen.
error_97=Sie sind nicht berechtigt, auf diese Ressource zuzugreifen.
error_98=Ihr Konto wurde gesperrt.
error_99=Systemprobleme: Bitte versuchen Sie es sp&auml;ter noch einmal.
error_9901=Sie ben&ouml;tigen einen g&uuml;ltigen Onboarding-Link, um auf diese Seite zuzugreifen.
error_9902=Die f&uuml;r die Authentifizierung verwendete E-Mail-Adresse stimmt nicht mit der erwarteten E-Mail-Adresse in Operations &uuml;berein. Bitte fordern Sie einen neuen Onboarding-Link an.
error_9903=Der verwendete IdP hat uns keine g&uuml;ltige Assertion gesendet. Bitte stellen Sie sicher, dass Sie den richtigen IdP verwenden. Fordern Sie beim Support einen neuen Onboarding-Link an.
error_9904=Ihr Link ist nicht mehr g&uuml;ltig. Bitte stellen Sie sicher, dass Sie den neuesten Link verwenden, den Sie von Operations erhalten haben. Fordern Sie einen neuen Link an, falls das Problem weiterhin besteht.
error_9905=Es gibt ein Problem mit Ihrem Operations-Konto. Kontaktieren Sie bitte den Support.
error_9909=Es ist ein interner Fehler aufgetreten. Bitten Sie den Support um einen neuen Onboarding-Link.
errors.duplicateValue=Ihr Konto ist bereits mit einem anderen Operations-Zugang verkn&uuml;pft.
fido2_auth.cancel.fido=Die Authentifizierung mit dem Sicherheitsschl&uuml;ssel wurde unterbrochen. Bitte vergewissern Sie sich, dass Ihr FIDO-Schl&uuml;ssel registriert ist und Ihre E-Mail korrekt ist.
fido2_auth.instruction1=Klicken Sie auf "Weiter"
fido2_auth.instruction2=Ein Authentifizierungsfenster wird erscheinen
fido2_auth.instruction3=Folgen Sie den Anweisungen
fido2_auth.skipInstructions=Anweisungen n&auml;chstes Mal &uuml;berspringen
fido2_auth.switchLogin=WECHSEL ZU LOGIN MIT
footer.link=https://agov.ch
footer.link.label=Kontakt
footer.text=Authentifizierungsdienst der Schweizer Beh&ouml;rden AGOV &ndash; eine Zusammenarbeit zwischen den Kantonen, deren Gemeinden und der Bundesverwaltung. -
general.AGOVAccessApp=AGOV access App
general.accessApp=AGOV access App
general.authenticate=Authentifizieren
general.back=Zur&uuml;ck
general.cancel=Abbrechen
general.confirm=Best&auml;tigen
general.contactSupport=Support kontaktieren
general.continue=Weiter
general.edit=&Auml;ndern
general.email=E-Mail
general.email.address=E-Mail-Adresse
general.entryCode=Code-Eingabe
general.fieldRequired=Erforderliches Feld.
general.getStarted=Los geht's
general.goAGOVHelp=Weiter zur AGOV help
general.goAccessApp=Login mit AGOV access
general.help=Hilfe
general.help.link=https://agov.ch/help
general.login=Login
general.loginSecurityKey=Sicherheitsschl&uuml;ssel-Login starten
general.or=ODER
general.otherOptions=WEITERE OPTIONEN
general.recovery=Wiederherstellung
general.recovery.help.link=https://help.agov.ch/?c=100recovery
general.recoveryCode.downloadPdf=Als PDF herunterladen
general.recoveryCode.inputLabel=Wiederherstellungscode
general.recoveryCode.repeatCodeError=Der von Ihnen eingegebene Code war nicht korrekt. Bitte vergewissern Sie sich, dass Sie ihn richtig abgespeichert haben, und fahren Sie dann mit der erneuten Eingabe fort.
general.recoveryCode.repeatCodeModal.description=Ein verlorener oder falsch gespeicherter Wiederherstellungscode kann die Wiederherstellung Ihres Kontos erschweren. Um sicherzustellen, dass Sie Ihren Code richtig gespeichert haben, wiederholen Sie ihn bitte unten.
general.recoveryCode.repeatCodeModal.title=Wiederherstellungscode wiederholen
general.recoveryCode.reveal=Wiederherstellungscode enth&uuml;llen
general.recoveryOngoing=Wiederherstellung nicht abgeschlossen
general.register=Registrieren
general.registerNow=Jetzt registrieren!
general.registration=Registrierung
general.securityKey=Sicherheitsschl&uuml;ssel
general.skip.content=Direkt zum Hauptteil
general.wrongPhoneNumber=Bitte geben Sie eine g&uuml;ltige Telefonnummer ein
generic.auth.error.message=Es gab eine Service-Unterbrechung. Wir arbeiten daran.
generic.auth.error.next.steps=Versuchen Sie es bitte sp&auml;ter noch einmal. Bitte besuchen Sie die AGOV-Hilfe, wenn das Problem weiterhin besteht.
generic.auth.error.subtitle=Etwas ist schiefgegangen
generic.auth.error.title=Fehler
language.de=Deutsch
language.en=English
language.fr=Fran&ccedil;ais
language.it=Italiano
languageDropdown.aria.label=Sprache w&auml;hlen
loainfo.description.200=Um auf diese Applikation zuzugreifen, m&uuml;ssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
loainfo.description.300=Um auf diese Applikation zuzugreifen, m&uuml;ssen wir Ihre Angaben durch einen von zwei Vorg&auml;ngen verifizieren. Sie k&ouml;nnen die bevorzugte Methode im n&auml;chsten Schritt ausw&auml;hlen.
loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
loainfo.helper=Ihre pers&ouml;nlichen Daten m&uuml;ssen &uuml;berpr&uuml;ft werden!
loainfo.later=Sp&auml;ter
loainfo.startNow=M&ouml;chten Sie den Prozess jetzt starten?
loainfo.startVerification=Verifikation starten
loainfo.title=Verifizieren Sie Ihre Daten
mauth_usernameless.EID=Mit Schweizer E-ID fortfahren
mauth_usernameless.banner.error=Authentifizierung unterbrochen.<br>Bitte versuchen Sie es erneut, nachdem die Seite neu geladen wurde.
mauth_usernameless.banner.info=Scan erfolgreich.<br>Bitte fahren Sie in der AGOV access App fort.
mauth_usernameless.banner.success=Authentifizierung erfolgreich!<br>Bitte warten Sie, bis Sie eingeloggt werden.
mauth_usernameless.cannotLogin=Zugriff auf App / Sicherheitsschl&uuml;ssel verloren?
mauth_usernameless.hideQR=QR-Code ausblenden
mauth_usernameless.instructions=Melden Sie sich an, indem Sie den QR-Code mit Ihrer AGOV access App scannen
mauth_usernameless.noAccount=Haben Sie noch kein AGOV-Login?
mauth_usernameless.showQR=QR-Code anzeigen
mauth_usernameless.startRecovery=Kontowiederherstellung starten
mauth_usernameless.useSecurityKey=Verwenden Sie einen Sicherheitsschl&uuml;ssel, um sich anzumelden
mauth_usernameless.useSecurityKeyInfo=Ein physischer Sicherheitsschl&uuml;ssel bietet eine sichere M&ouml;glichkeit, sich ohne Telefon anzumelden.
op-admin.login=AGOV-op-Admin
op-admin.login.intro.message=Login mit Ihrem Benutzernamen und Passwort
op-admin.login.loginid=LoginID
op-admin.login.password=Passwort
op-admin.login.title=Login
op-admin.logout=AGOV-op-Admin
op-admin.logout.message=Sie haben sich erfolgreich ausgeloggt.
op-admin.logout.title=Logout
op-admin.pwchange.intro.message=Passwort&auml;nderung erforderlich
op-admin.pwchange.newpassword=Neues Passwort
op-admin.pwchange.newpassword2=Neues Passwort wiederholen
op-admin.pwchange.password=Aktuelles Passwort
op-admin.pwchange.title=&Auml;nderung des Passworts
op-idmlogin.role.accs-mgmt-idm=IDM accessrights management
op-idmlogin.role.accs-mgmt-nonidm=Accessrights management
op-idmlogin.role.idmcfg-mgmt=IDM set-up
op-idmlogin.role.readonly-access=Standardzugriff (Nur Leseberechtigung)
op-idmlogin.role.support-basic=Supportf&auml;lle (Wiederherstellung, ...)
op-idmlogin.role.support-priv=3rd Level Support (Archivierung, Abmeldungen, ...)
op-idmlogin.role.usr-mgmt=Benutzerverwaltung (Betrieb)
op-idmlogin.role.usr-unit-mgmt=Benutzer- und Organisationsverwaltung (Betrieb)
op-idmlogin.select=AGOV idm
op-idmlogin.select.intro=Bitte w&auml;hlen Sie ein Profil aus...
op-idmlogin.select.note=Mit * markierte Profile sollten nur f&uuml;r bestimmte Support oder Release Aufgaben genutzt werden.
op-idmlogin.select.title=Profilauswahl
op-onboarding.done.message=Das Onboarding war erfolgreich. Sie k&ouml;nnen nun Ihren AGOV-Operations-Zugang verwenden. Bitte schliessen Sie den Browser, bevor Sie auf eine der Operations-Applikationen zugreifen.
op-onboarding.done.title=FERTIG
op-onboarding.failed.title=FEHLER
op-onboarding.intro.message1=Um das Onboarding f&uuml;r Ihren AGOV-Operations-Zugang abzuschliessen, ben&ouml;tigen Sie entweder ein AGOV- oder ein FED-LOGIN-Konto.
op-onboarding.intro.message2=Wenn Sie auf &laquo;Weiter&raquo; klicken, werden Sie zur Authentifizierung weitergeleitet.
op-onboarding.intro.message3=Wenn Sie AGOV verwenden und Ihr Konto noch nicht der erforderlichen AGOVaq-Stufe entspricht, erhalten Sie die M&ouml;glichkeit, die erforderliche Identit&auml;tspr&uuml;fung zu starten.
op-onboarding.intro.title=START
op-onboarding.onboarding=AGOV-op-Onboarding
op-onboarding.process.message=Bei der Bearbeitung ist etwas schiefgegangen. Wenden Sie sich wenn n&ouml;tig an den AGOV-Support und fordern Sie einen neuen Onboarding-Link an.
providePhoneNumber.banner=Die Mobilnummer muss f&uuml;r den Empfang von SMS geeignet sein.<br>Diese Mobilnummer wird nicht verwendet, um Sie zu kontaktieren.
providePhoneNumber.description=AGOV erlaubt nun die Wiederherstellung mittels Mobilnummer. So k&ouml;nnen Sie w&auml;hrend der Wiederherstellung mit einer SMS fortfahren, wenn Sie Ihren Wiederherstellungscode verloren haben.
providePhoneNumber.errorBanner=Die Mobilnummern stimmen nicht &uuml;berein. Bitte versuchen Sie es erneut.
providePhoneNumber.inputLabel=Mobilnummer (optional)
providePhoneNumber.laterModal.description1=Ohne Mobilnummer kann die Wiederherstellung Ihres Kontos bis zu 4 Tage dauern, wenn Sie Ihren Wiederherstellungscode verlieren.
providePhoneNumber.laterModal.description2=Durch Hinzuf&uuml;gen einer Mobilnummer k&ouml;nnen Sie Ihr Konto in wenigen Minuten wiederherstellen.
providePhoneNumber.laterModal.description3=Diese Mobilnummer wird nicht verwendet, um Sie zu kontaktieren.
providePhoneNumber.laterModal.title=Ohne Mobilnummer weiterfahren?
providePhoneNumber.modal.description=Eine falsch gespeicherte Mobilnummer kann die Wiederherstellung Ihres Kontos erschweren. Um sicherzustellen, dass Sie Ihre Mobilnummer richtig gespeichert haben, wiederholen Sie sie bitte unten.
providePhoneNumber.modal.inputLabel=Mobilnummer
providePhoneNumber.modal.title=Mobilnummer wiederholen
providePhoneNumber.saveButtonText=Speichern
providePhoneNumber.title=Mobilnummer angeben
recovery_accessapp_auth.accessAppRegistered=AGOV access app schon registriert
recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um sich zu identifizieren.
recovery_check_code.banner.lockedError=Zu viele Fehlversuche. Bitte versuchen Sie es in ein paar Minuten noch einmal.
recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut.
recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben
recovery_check_code.instruction=Bitte geben Sie unten Ihren pers&ouml;nlichen 12-stelligen Wiederherstellungscode ein. Sie haben den Wiederherstellungscode in einer PDF-Datei bei der Registrierung oder in AGOV me erhalten.
recovery_check_code.invalid.code=Code ist ung&uuml;ltig
recovery_check_code.invalid.code.required=Code erforderlich
recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang
recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen
recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen k&ouml;nnen?
recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen k&ouml;nnen, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterst&uuml;tzen.
recovery_check_code.too_many_tries.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist m&ouml;glicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
recovery_check_code.too_many_tries.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterst&uuml;tzen.
recovery_check_noCode.banner.error=Zu viele Versuche.
recovery_check_noCode.instruction1=M&ouml;glicherweise haben Sie zu oft versucht, den Wiederherstellungscode einzugeben.
recovery_check_noCode.instruction2=Bitte schliessen Sie den Webbrowser und starten Sie die Kontowiederherstellung in zehn Minuten erneut auf <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
recovery_code.banner.error=Bitte enth&uuml;llen Sie den Code, um fortfahren zu k&ouml;nnen.
recovery_code.instruction=Der Wiederherstellungscode hilft Ihnen, Zugriff auf Ihr AGOV-Login zu erhalten, falls Sie alle Ihre Login-Faktoren verloren haben. Bitte bewahren Sie den Wiederherstellungscode an einem sicheren Ort auf.
recovery_code.newRecoveryCode=Einf&uuml;hrung von Wiederherstellungscode
recovery_code.validUntil=G&uuml;ltig bis:
recovery_fidokey_auth.button=Schl&uuml;sselauthentifizierung starten
recovery_fidokey_auth.fidoInstruction=Klicken Sie auf "Schl&uuml;sselauthentifizierung starten"
recovery_fidokey_auth.instruction1=Sie haben bereits einen neuen Sicherheitsschl&uuml;ssel !!!SECURITY_KEY_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um sich zu identifizieren.
recovery_fidokey_auth.keyRegistered=Sicherheitsschl&uuml;ssel schon registriert
recovery_intro_email.banner.error=Der von Ihnen verwendete Link ist abgelaufen. Bitte geben Sie Ihre E-Mail-Adresse ein, um einen neuen Link zu erhalten.
recovery_intro_email.banner.info=Bitte geben Sie Ihre E-Mail-Adresse ein, damit wir Ihnen einen Link schicken k&ouml;nnen, mit dem Sie den Wiederherstellungsprozess starten.
recovery_intro_email.important=Wichtig:
recovery_intro_email.process=Der Wiederherstellungsprozess sollte nur verwendet werden, wenn Sie den Zugriff auf Ihre Login-Faktoren verloren haben (gel&ouml;schte AGOV access App, verlorener Sicherheitsschl&uuml;ssel, verlorenes Telefon usw.).
recovery_intro_email_sent.banner.button=Keine E-Mail erhalten?
recovery_intro_email_sent.banner.success=Vielen Dank! Sie werden in K&uuml;rze eine E-Mail mit einem Wiederherstellungslink und Anweisungen erhalten.
recovery_on_going.finishRecovery=Wiederherstellung abschliessen
recovery_on_going.instruction=Sie haben einen laufenden Wiederherstellungsprozess. Der Wiederherstellungsprozess kann eine Identit&auml;tspr&uuml;fung umfassen. Um mit Ihrem AGOV-Login auf Applikationen zugreifen zu k&ouml;nnen, m&uuml;ssen Sie auch die Identit&auml;tspr&uuml;fung abschliessen.
recovery_on_going.title=Bitte schliessen Sie Ihren Wiederherstellungsprozess ab.
recovery_questionnaire_instructions.banner.info=Bitte beachten Sie, dass Sie in bestimmten F&auml;llen f&uuml;r eine erfolgreiche Wiederherstellung Zugang zu Ihrem Wiederherstellungscode ben&ouml;tigen.
recovery_questionnaire_instructions.explanation=Aufgrund Ihrer Antworten scheint eine Wiederherstellung Ihres AGOV-Logins erforderlich zu sein. Bitte klicken Sie auf Weiter und folgen Sie den Anweisungen auf dem Bildschirm.
recovery_questionnaire_instructions.instruction1=Geben Sie die E-Mail-Adresse Ihres AGOV-Logins an, damit wir Ihnen einen Link senden k&ouml;nnen, um den Wiederherstellungsprozess zu beginnen
recovery_questionnaire_instructions.instruction2=Folgen Sie den Schritten zur Wiederherstellung Ihres Kontos (die Schritte variieren je nach Verifizierungsstufe Ihres Kontos)
recovery_questionnaire_loginfactor.banner.error=Bitte w&auml;hlen Sie eine Antwort.
recovery_questionnaire_loginfactor.no=Nein
recovery_questionnaire_loginfactor.question=Haben Sie mehr als einen Loginfaktor (AGOV Access App oder Sicherheitsschl&uuml;ssel) f&uuml;r Ihren AGOV-Login registriert?
recovery_questionnaire_loginfactor.yes=Ja
recovery_questionnaire_no_recovery.explanation1=Ausgehend von Ihren Antworten scheint eine Wiederherstellung Ihres AGOV-Logins im Moment nicht notwendig zu sein.
recovery_questionnaire_no_recovery.explanation2=Falls Sie weitere Informationen ben&ouml;tigen, besuchen Sie bitte <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> f&uuml;r Support-Artikel.
recovery_questionnaire_no_recovery.instruction1=Wenn Sie Probleme haben, sich bei einer Anwendung anzumelden, besuchen Sie bitte <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> und testen Sie, ob Sie sich erfolgreich anmelden k&ouml;nnen.
recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren registriert haben, aber den Zugriff zu einem von ihnen verloren haben, besuchen Sie bitte <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a>, um den verlorenen Loginfaktor zu entfernen.
recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschl&uuml;ssel habe
recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschl&uuml;ssel)
recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen
recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht, neu installiert oder zur&uuml;ckgesetzt
recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschl&uuml;ssel verloren
recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu &uuml;bertragen
recovery_questionnaire_reason_selection.answer6=Ich habe die PIN f&uuml;r meine AGOV access App vergessen
recovery_questionnaire_reason_selection.answer7=Ich habe meine Sicherheitsschl&uuml;ssel oder AGOV access Apps, hatte aber Probleme beim Einloggen
recovery_questionnaire_reason_selection.answer8=Ich habe den Zugriff auf alle meine Sicherheitsschl&uuml;ssel und Apps verloren
recovery_questionnaire_reason_selection.answer9=Ich habe Probleme mit einem meiner Loginfaktoren (gel&ouml;scht, zur&uuml;ckgesetzt, vergessene PIN)
recovery_questionnaire_reason_selection.banner.error=Bitte w&auml;hlen Sie einen Grund aus.
recovery_questionnaire_reason_selection.instruction=Bitte w&auml;hlen Sie einen Grund wieso Sie den AGOV recovery Prozess starten:
recovery_start_info.banner.warning=Sie k&ouml;nnen Ihr Konto nicht nutzen, bis der Wiederherstellungsprozess abgeschlossen ist.
recovery_start_info.instruction=W&auml;hrend des Wiederherstellungsprozesses werden Sie einen neuen Login-Faktor registrieren. Wenn Ihr Konto verifizierte Informationen enth&auml;lt, m&uuml;ssen Sie zum Abschluss des Wiederherstellungsprozesses m&ouml;glicherweise auch einen Verifikationsprozess durchlaufen.
recovery_start_info.title=Sie sind dabei, den Wiederherstellungsprozess zu starten
title=NEVIS SSO Portal
title.login=Login
user_input.invalid.email=Bitte geben Sie eine g&uuml;ltige E-Mail ein
user_input.invalid.email.required=Erforderliches Feld
user_input.invalid.email.tooLong=Eingabe zu lang

219
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/resources/conf/text_en.properties Normal file
View File

@ -0,0 +1,219 @@
darkModeSwitch.aria.label=Dark mode toggle
error_1=Please check your input.
error_10=Please select the correct user account.
error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk.
error_101=The entered email address is not valid.
error_11=Please use another certficate or login with another credential type.
error_2=Please select another login name.
error_3=Your account will be locked if next authentication fails.
error_4=Your new password does not comply with the security policy. Please choose a different password.
error_5=Error in password confirmation.
error_50=The new password is too short.
error_55=The new password has to differ from old passwords.
error_6=Password change required.
error_7=Change of login ID required.
error_8=Your account has been locked due to repeated authentication failures.
error_81=No access card found, access from internet denied.
error_83=Your access card is no longer valid. Please contact your advisor to get a new access card.
error_9=Session take over failed.
error_97=You are not authorized to access this resource.
error_98=Your account has been locked.
error_99=System problems. Please try later.
error_9901=You need a valid on-boarding link to access this page.
error_9902=The email used for authentication doesn't match the expected one in operations. Please ask for a new on-boarding link.
error_9903=The used IdP didn't send us a valid assertion. Please make sure, you use the correct IdP. Ask the support for a new on-boarding link.
error_9904=Your link is not valid anymore. Please make sure, that you are using the latest Link received from operations. Ask for a new link, if the problem persists.
error_9905=There is a problem with your operations account. Please contact the support.
error_9909=An internal error occured. Please ask the support for a new on-boarding link.
errors.duplicateValue=Your account is already linked with another operations access.
fido2_auth.cancel.fido=The security key authentication was interrupted. Please ensure your FIDO key is registered and your email is correct, then follow the steps below.
fido2_auth.instruction1=Click on "Continue"
fido2_auth.instruction2=An authentication window will appear
fido2_auth.instruction3=Follow the instructions
fido2_auth.skipInstructions=Skip instructions next time
fido2_auth.switchLogin=SWITCH TO LOGIN WITH
footer.link=https://agov.ch
footer.link.label=Contact
footer.text=Authentication service of Swiss authorities AGOV - a collaboration between cantons, their municipalities, and the federal administration. -
general.AGOVAccessApp=AGOV access app
general.accessApp=AGOV access app
general.authenticate=Authenticate
general.back=Back
general.cancel=Cancel
general.confirm=Confirm
general.contactSupport=Contact Support
general.continue=Continue
general.edit=Edit
general.email=Email
general.email.address=Email address
general.entryCode=Code entry
general.fieldRequired=Field required.
general.getStarted=Get started
general.goAGOVHelp=Go to AGOV help
general.goAccessApp=Login with AGOV access
general.help=Help
general.help.link=https://agov.ch/help
general.login=Login
general.loginSecurityKey=Start Security key login
general.or=OR
general.otherOptions=OTHER OPTIONS
general.recovery=Recovery
general.recovery.help.link=https://help.agov.ch/?c=100recovery
general.recoveryCode.downloadPdf=Download as PDF
general.recoveryCode.inputLabel=Recovery code
general.recoveryCode.repeatCodeError=The code you entered was incorrect. Please ensure you have stored it correctly, then continue to resubmit.
general.recoveryCode.repeatCodeModal.description=A lost or incorrectly stored recovery code can make it more difficult to recover your account. To ensure you have recorded your code correctly, please repeat it below.
general.recoveryCode.repeatCodeModal.title=Repeat recovery code
general.recoveryCode.reveal=Reveal recovery code
general.recoveryOngoing=Ongoing recovery
general.register=Register
general.registerNow=Register now!
general.registration=Registration
general.securityKey=Security key
general.skip.content=Skip to main content
general.wrongPhoneNumber=Please enter a valid phone number
generic.auth.error.message=There was a service interruption. We are working on it.
generic.auth.error.next.steps=Please try again later. Please consult AGOV help if the problem persists.
generic.auth.error.subtitle=Something went wrong
generic.auth.error.title=Error
language.de=Deutsch
language.en=English
language.fr=Fran&ccedil;ais
language.it=Italiano
languageDropdown.aria.label=Select language
loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
loainfo.helper=Your data needs to be verified!
loainfo.later=Later
loainfo.startNow=Do you want to start the process now?
loainfo.startVerification=Start verification
loainfo.title=Verify your data
mauth_usernameless.EID=Continue with CH E-ID
mauth_usernameless.banner.error=Authentication interrupted.<br>Please try again when the page reloads.
mauth_usernameless.banner.info=Scan successful.<br>Please continue in the AGOV access app.
mauth_usernameless.banner.success=Authentication successful!<br>Please wait to be logged in.
mauth_usernameless.cannotLogin=Lost access to your app / security key?
mauth_usernameless.hideQR=Hide QR code
mauth_usernameless.instructions=Log in by scanning the QR code with your AGOV access app
mauth_usernameless.noAccount=Don't have an AGOV-Login yet?
mauth_usernameless.showQR=Show QR code
mauth_usernameless.startRecovery=Start account recovery
mauth_usernameless.useSecurityKey=Use a security key to log in
mauth_usernameless.useSecurityKeyInfo=A physical security key offers a secure way to login without having to use a phone.
op-admin.login=AGOV op admin
op-admin.login.intro.message=Login with your username and password
op-admin.login.loginid=LoginId
op-admin.login.password=Passwort
op-admin.login.title=Login
op-admin.logout=AGOV op admin
op-admin.logout.message=You have successfully logged out.
op-admin.logout.title=Logout
op-admin.pwchange.intro.message=Password change required
op-admin.pwchange.newpassword=New password
op-admin.pwchange.newpassword2=Repeat new password
op-admin.pwchange.password=Current password
op-admin.pwchange.title=Password Change
op-idmlogin.role.accs-mgmt-idm=IDM accessrights management
op-idmlogin.role.accs-mgmt-nonidm=Accessrights management
op-idmlogin.role.idmcfg-mgmt=IDM set-up
op-idmlogin.role.readonly-access=Default access (readonly)
op-idmlogin.role.support-basic=Support cases (recovery, ...)
op-idmlogin.role.support-priv=3rd level support (archiving, off-boarding)
op-idmlogin.role.usr-mgmt=User management (operations)
op-idmlogin.role.usr-unit-mgmt=User and organization management (operations)
op-idmlogin.select=AGOV idm
op-idmlogin.select.intro=Please select one of the profiles below...
op-idmlogin.select.note=Profiles marked with a * should only be used if required for a specific support or release tasks.
op-idmlogin.select.title=Profile selection
op-onboarding.done.message=On-boarding was successfull. You can now use your AGOV operations access. Please close the browser, before accessing on of the operations application.
op-onboarding.done.title=DONE
op-onboarding.failed.title=ERROR
op-onboarding.intro.message1=To complete your on-boarding for your AGOV operations access, you need either an AGOV or a FED-LOGIN account.
op-onboarding.intro.message2=After clicking on "Continue", you will be redirected for authentication.
op-onboarding.intro.message3=If you are using AGOV, and your account doesn't meet yet the required AGOVaq level, you will be given the possibility to start the required ID verification.
op-onboarding.intro.title=START
op-onboarding.onboarding=AGOV op on-boarding
op-onboarding.process.message=During the processing something went wrong. Please contact AGOV support if necessary and ask also for a new on-boarding link.
providePhoneNumber.banner=Phone number must be able to receive SMS.<br>This phone number will not be used to contact you.
providePhoneNumber.description=AGOV now supports recovery with your phone number. This will allow you to continue with an SMS during recovery if you have lost access to your recovery code.
providePhoneNumber.errorBanner=Phone numbers do not match. Please try again.
providePhoneNumber.inputLabel=Phone number (optional)
providePhoneNumber.laterModal.description1=Without a phone number, a recovery of your account might take up to 4 days if you lose access to your recovery code.
providePhoneNumber.laterModal.description2=Adding a phone number helps you to recover your account in a matter of minutes.
providePhoneNumber.laterModal.description3=This phone number will not be used to contact you.
providePhoneNumber.laterModal.title=Continue without a phone number?
providePhoneNumber.modal.description=An incorrectly stored phone number can make it more difficult to recover your account. To ensure you have recorded your phone number correctly, please repeat it below.
providePhoneNumber.modal.inputLabel=Phone number
providePhoneNumber.modal.title=Repeat phone number
providePhoneNumber.saveButtonText=Save
providePhoneNumber.title=Add phone number
recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered
recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process.
recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you.
recovery_check_code.banner.lockedError=Too many invalid input attempts. Please try again in a few minutes.
recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again.
recovery_check_code.enterRecoveryCode=Enter recovery code
recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me.
recovery_check_code.invalid.code=The code is invalid
recovery_check_code.invalid.code.required=Code required
recovery_check_code.invalid.code.tooLong=The code is too long
recovery_check_code.noAccess=I do not have access to my code
recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
recovery_check_noCode.banner.error=Too many attempts.
recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
recovery_code.banner.error=Please reveal your new code to be able to continue.
recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place.
recovery_code.newRecoveryCode=Introducing Recovery Code
recovery_code.validUntil=Valid until:
recovery_fidokey_auth.button=Start key authentication
recovery_fidokey_auth.fidoInstruction=Click on "Start key authentication"
recovery_fidokey_auth.instruction1=You have already registered a new security key !!!SECURITY_KEY_NAME!!! as part of the recovery process.
recovery_fidokey_auth.instruction2=Please use !!!SECURITY_KEY_NAME!!! to follow the steps below to identify you.
recovery_fidokey_auth.keyRegistered=Security key already registered
recovery_intro_email.banner.error=The link you used has expired. Please enter your email address to receive a new link.
recovery_intro_email.banner.info=Please enter your email address, so we can send you a link to start the recovery process.
recovery_intro_email.important=Important:
recovery_intro_email.process=The recovery process should only be used if you have lost access to your login factors (deleted AGOV access app, lost security key, lost phone, etc.).
recovery_intro_email_sent.banner.button=Didn't receive the email?
recovery_intro_email_sent.banner.success=Thank you! You will receive an email with a recovery link and instructions shortly.
recovery_on_going.finishRecovery=Finish recovery
recovery_on_going.instruction=You have an ongoing recovery process. Part of the recovery process can include an identity verification. To access applications with your AGOV-Login you need to finish the identity verification as well.
recovery_on_going.title=Please finish your recovery process.
recovery_questionnaire_instructions.banner.info=Please note that in certain cases you need access to your recovery code for a successful recovery.
recovery_questionnaire_instructions.explanation=Based on your answers an AGOV-Login recovery seems to be necessary. Please click on continue and follow the instructions on the screen.
recovery_questionnaire_instructions.instruction1=Provide your account email address so we can send you a link to begin the recovery process
recovery_questionnaire_instructions.instruction2=Follow steps to recover your account (steps will vary depending on your account verification level)
recovery_questionnaire_loginfactor.banner.error=Please select an answer.
recovery_questionnaire_loginfactor.no=No
recovery_questionnaire_loginfactor.question=Have you registered more than one login factor (AGOV access app or security key) to your account?
recovery_questionnaire_loginfactor.yes=Yes
recovery_questionnaire_no_recovery.explanation1=Based on your answers, the AGOV recovery option does not seem necessary right now.
recovery_questionnaire_no_recovery.explanation2=Should you need further information, please visit <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> for support articles.
recovery_questionnaire_no_recovery.instruction1=If you have issues logging in to an application, please visit <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> and test if you can log in successfully.
recovery_questionnaire_no_recovery.instruction2=If you have several login factors registered but lost access to one of them, please visit <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> to remove the one you have lost access to.
recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app
recovery_questionnaire_reason_selection.answer7=I have my security keys or apps but had trouble logging in
recovery_questionnaire_reason_selection.answer8=I lost access to all my security keys and AGOV access apps
recovery_questionnaire_reason_selection.answer9=I have issues with one of my login factors (deleted, reset, forgotten PIN)
recovery_questionnaire_reason_selection.banner.error=Please select a reason.
recovery_questionnaire_reason_selection.instruction=Please select the reason you are starting the recovery process:
recovery_start_info.banner.warning=You will not be able to use your account until the recovery process has been concluded.
recovery_start_info.instruction=During the recovery process you will register a new login factor. If your account contains any verified information you might also have to go through a verification process to finish the recovery.
recovery_start_info.title=You are about to start the recovery process
title=NEVIS SSO Portal
title.login=Login
user_input.invalid.email=Please enter a valid email address
user_input.invalid.email.required=Field required
user_input.invalid.email.tooLong=Input is too long

219
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/resources/conf/text_fr.properties Normal file
View File

@ -0,0 +1,219 @@
darkModeSwitch.aria.label=Activer l'apparence sombre
error_1=Veuillez v&eacute;rifier votre saisie.
error_10=Veuillez s&eacute;lectionner le compte d&rsquo;utilisateur correct.
error_100=Le t&eacute;l&eacute;chargement du certificat est impossible. Le certificat existe d&eacute;j&agrave;. Veuillez contacter votre service d&rsquo;assistance.
error_101=L&rsquo;adresse e-mail saisie n&rsquo;est pas valable.
error_11=Veuillez utiliser un autre certificat ou vous connecter au moyen d&rsquo;un autre type de facteur d&rsquo;authentification.
error_2=Veuillez s&eacute;lectionner un autre nom d&rsquo;utilisateur.
error_3=Votre compte sera bloqu&eacute; si la prochaine tentative d&rsquo;authentification &eacute;choue.
error_4=Votre nouveau mot de passe n&rsquo;est pas conforme &agrave; la politique de s&eacute;curit&eacute;. Veuillez choisir un autre mot de passe.
error_5=Erreur de confirmation du mot de passe
error_50=Le nouveau mot de passe est trop court.
error_55=Le nouveau mot de passe doit &ecirc;tre diff&eacute;rent des pr&eacute;c&eacute;dents.
error_6=Changement de mot de passe requis.
error_7=Changement d&rsquo;identifiant de connexion requis.
error_8=Votre compte a &eacute;t&eacute; bloqu&eacute; en raison de plusieurs &eacute;checs d&rsquo;authentification.
error_81=Aucune carte d&rsquo;acc&egrave;s n&rsquo;a &eacute;t&eacute; trouv&eacute;e, l&rsquo;acc&egrave;s depuis Internet est refus&eacute;.
error_83=Votre carte d&rsquo;acc&egrave;s n&rsquo;est plus valable. Veuillez contacter votre conseiller pour obtenir une nouvelle carte d&rsquo;acc&egrave;s.
error_9=La reprise de session a &eacute;chou&eacute;.
error_97=Vous n&rsquo;&ecirc;tes pas autoris&eacute; &agrave; acc&eacute;der &agrave; cette ressource.
error_98=Votre compte a &eacute;t&eacute; bloqu&eacute;.
error_99=Probl&egrave;mes de syst&egrave;me. Veuillez r&eacute;essayer plus tard.
error_9901=Vous devez disposer d&rsquo;un lien d&rsquo;enregistrement valable pour acc&eacute;der &agrave; cette page.
error_9902=L&rsquo;adresse e-mail utilis&eacute;e pour l&rsquo;authentification ne correspond pas &agrave; celle qui est renseign&eacute;e dans AGOV operations. Veuillez demander un nouveau lien d&rsquo;enregistrement.
error_9903=Le fournisseur d&rsquo;identit&eacute; utilis&eacute; ne nous a pas envoy&eacute; d&rsquo;assertion valide. Assurez-vous d&rsquo;utiliser le bon fournisseur d&rsquo;identit&eacute;. Demandez un nouveau lien d&rsquo;enregistrement au service d&rsquo;assistance.
error_9904=Le lien que vous avez suivi n&rsquo;est plus valable. Veuillez vous assurer que vous utilisez le dernier lien que vous avez re&ccedil;u d&rsquo;AGOV operations. Demandez un nouveau lien si le probl&egrave;me persiste.
error_9905=Il y a un probl&egrave;me avec votre compte AGOV operations. Veuillez contacter le service d&rsquo;assistance.
error_9909=Un probl&egrave;me interne s&rsquo;est produit. Veuillez demander un nouveau lien d&rsquo;enregistrement au service d&rsquo;assistance.
errors.duplicateValue=Votre compte est d&eacute;j&agrave; li&eacute; &agrave; un autre acc&egrave;s &agrave; AGOV operations.
fido2_auth.cancel.fido=L'authentification avec la cl&eacute; de s&eacute;curit&eacute; a &eacute;t&eacute; interrompue. Veuillez vous assurer que votre cl&eacute; FIDO est enregistr&eacute;e et que votre adresse e-mail est correcte, puis suivez les &eacute;tapes ci-dessous.
fido2_auth.instruction1=Cliquez sur "Continuer"
fido2_auth.instruction2=Une fen&ecirc;tre d'authentification s'affichera
fido2_auth.instruction3=Suivez les instructions
fido2_auth.skipInstructions=Passer les instructions la fois suivante
fido2_auth.switchLogin=S'AUTHENTIFIER AVEC
footer.link=https://agov.ch
footer.link.label=Contact
footer.text=Service d'authentification des autorit&eacute;s suisses AGOV - une collaboration entre les cantons, leurs communes et l'administration f&eacute;d&eacute;rale. -
general.AGOVAccessApp=Application AGOV access
general.accessApp=Application AGOV access
general.authenticate=Authentification
general.back=Retour
general.cancel=Annuler
general.confirm=Confirmer
general.contactSupport=Contacter le service d'assistance
general.continue=Continuer
general.edit=Editer
general.email=E-mail
general.email.address=Adresse e-mail
general.entryCode=Entrer le code
general.fieldRequired=Champ requis.
general.getStarted=D&eacute;marrer
general.goAGOVHelp=Rendez-vous sur AGOV help
general.goAccessApp=Login avec AGOV access
general.help=Aide
general.help.link=https://agov.ch/help
general.login=Login
general.loginSecurityKey=D&eacute;marrer la connexion avec la cl&eacute; de s&eacute;curit&eacute;
general.or=OU
general.otherOptions=AUTRES OPTIONS
general.recovery=R&eacute;cup&eacute;ration
general.recovery.help.link=https://help.agov.ch/?c=100recovery
general.recoveryCode.downloadPdf=T&eacute;l&eacute;charger en format PDF
general.recoveryCode.inputLabel=Code de r&eacute;cup&eacute;ration
general.recoveryCode.repeatCodeError=Le code que vous avez saisi est incorrect. Veuillez vous assurer que vous l'avez enregistr&eacute; correctement, puis essayer de le soumettre &agrave; nouveau.
general.recoveryCode.repeatCodeModal.description=Un code de r&eacute;cup&eacute;ration perdu ou mal enregistr&eacute; peut rendre la r&eacute;cup&eacute;ration de votre compte plus difficile. Pour vous assurer que vous avez correctement enregistr&eacute; votre code, veuillez le r&eacute;p&eacute;ter ci-dessous.
general.recoveryCode.repeatCodeModal.title=R&eacute;p&eacute;ter le code de r&eacute;cup&eacute;ration
general.recoveryCode.reveal=R&eacute;v&eacute;ler le code de r&eacute;cup&eacute;ration
general.recoveryOngoing=R&eacute;cup&eacute;ration en cours
general.register=Cr&eacute;er un compte
general.registerNow=Enregistrez-vous d&egrave;s maintenant!
general.registration=Enregistrement
general.securityKey=Cl&eacute; de s&eacute;curit&eacute;
general.skip.content=Passer au contenu principal
general.wrongPhoneNumber=Veuillez saisir un num&eacute;ro de t&eacute;l&eacute;phone valable
generic.auth.error.message=Une interruption de service s&rsquo;est produite. Nous nous employons &agrave; r&eacute;soudre le probl&egrave;me.
generic.auth.error.next.steps=Veuillez r&eacute;essayer plus tard. Veuillez vous rendre sur AGOV help si le probl&egrave;me persiste.
generic.auth.error.subtitle=Un probl&egrave;me s&rsquo;est produit
generic.auth.error.title=Erreur
language.de=Deutsch
language.en=English
language.fr=Fran&ccedil;ais
language.it=Italiano
languageDropdown.aria.label=S&eacute;lectionner la langue
loainfo.description.200=Pour acc&eacute;der &agrave; l'application, nous devons v&eacute;rifier vos donn&eacute;es. Ce processus peut prendre jusqu'&agrave; 2 ou 3 jours.
loainfo.description.300=Pour acc&eacute;der &agrave; l'application, nous devons v&eacute;rifier vos donn&eacute;es par le biais de l'une des deux proc&eacute;dures suivantes. Vous pouvez choisir la proc&eacute;dure que vous pr&eacute;f&eacute;rez &agrave; l'&eacute;tape suivante.
loainfo.description.400=Veuillez saisir votre num&eacute;ro AVS pour acc&eacute;der &agrave; l'application.
loainfo.helper=Vos donn&eacute;es doivent &ecirc;tre v&eacute;rifi&eacute;es!
loainfo.later=Plus tard
loainfo.startNow=Voulez-vous commencer le processus maintenant?
loainfo.startVerification=D&eacute;marrer la v&eacute;rification
loainfo.title=V&eacute;rifiez vos donn&eacute;es
mauth_usernameless.EID=Continuer avec l'e-ID suisse
mauth_usernameless.banner.error=Authentification interrompue.<br>Veuillez r&eacute;essayer lorsque la page sera recharg&eacute;e.
mauth_usernameless.banner.info=Scan r&eacute;ussi!<br> Veuillez continuer dans l'application AGOV access.
mauth_usernameless.banner.success=Authentification r&eacute;ussie!<br>Veuillez attendre d'&ecirc;tre connect&eacute;.
mauth_usernameless.cannotLogin=Avez-vous perdu l'acc&egrave;s &agrave; votre application / votre cl&eacute; de s&eacute;curit&eacute; ?
mauth_usernameless.hideQR=Cacher le code QR
mauth_usernameless.instructions=Connectez-vous en scannant le code QR avec l'application AGOV access
mauth_usernameless.noAccount=Vous n'avez pas encore d'AGOV-Login ?
mauth_usernameless.showQR=Afficher le code QR
mauth_usernameless.startRecovery=Commencer la r&eacute;cup&eacute;ration du compte
mauth_usernameless.useSecurityKey=Utiliser une cl&eacute; de s&eacute;curit&eacute; pour se connecter
mauth_usernameless.useSecurityKeyInfo=Une cl&eacute; de s&eacute;curit&eacute; physique offre un moyen s&ucirc;r de se connecter sans devoir utiliser son t&eacute;l&eacute;phone.
op-admin.login=Administration de l&rsquo;acc&egrave;s &agrave; AGOV op
op-admin.login.intro.message=Connectez-vous avec votre nom d&rsquo;utilisateur et votre mot de passe
op-admin.login.loginid=Identifiant de connexion
op-admin.login.password=Mot de passe
op-admin.login.title=Connexion
op-admin.logout=Administration de l&rsquo;acc&egrave;s &agrave; AGOV op
op-admin.logout.message=Vous vous &ecirc;tes d&eacute;connect&eacute; avec succ&egrave;s.
op-admin.logout.title=D&eacute;connexion
op-admin.pwchange.intro.message=Changement de mot de passe requis
op-admin.pwchange.newpassword=Nouveau mot de passe
op-admin.pwchange.newpassword2=R&eacute;p&eacute;ter le nouveau mot de passe
op-admin.pwchange.password=Mot de passe actuel
op-admin.pwchange.title=Changer de mot de passe
op-idmlogin.role.accs-mgmt-idm=Gestion des droits d'acc&egrave;s IDM
op-idmlogin.role.accs-mgmt-nonidm=Gestion des droits d'acc&egrave;s
op-idmlogin.role.idmcfg-mgmt=Mise en place de l'IDM
op-idmlogin.role.readonly-access=Acc&egrave;s par d&eacute;faut (lecture seule)
op-idmlogin.role.support-basic=Cas de support (r&eacute;cup&eacute;ration, ...)
op-idmlogin.role.support-priv=Support de 3&egrave;me niveau (archivage, d&eacute;sinscription)
op-idmlogin.role.usr-mgmt=Gestion des utilisateurs (op&eacute;rations)
op-idmlogin.role.usr-unit-mgmt=Gestion des utilisateurs et des organisations (op&eacute;rations)
op-idmlogin.select=AGOV idm
op-idmlogin.select.intro=Veuillez s&eacute;lectionner l&rsquo;un des profils ci-dessous...
op-idmlogin.select.note=Les profils marqu&eacute;s d'un * ne doivent &ecirc;tre utilis&eacute;s que s'ils sont n&eacute;cessaires pour des t&acirc;ches sp&eacute;cifiques de support ou de mise en production.
op-idmlogin.select.title=S&eacute;l&eacute;ction du profil
op-onboarding.done.message=L&rsquo;enregistrement a &eacute;t&eacute; effectu&eacute; avec succ&egrave;s. Vous disposez maintenant d&rsquo;un acc&egrave;s &agrave; AGOV operations. Veuillez fermer le navigateur avant d&rsquo;acc&eacute;der &agrave; AGOV operations.
op-onboarding.done.title=TERMIN&Eacute;
op-onboarding.failed.title=ERREUR
op-onboarding.intro.message1=Pour terminer l&rsquo;enregistrement de votre acc&egrave;s &agrave; AGOV operations, vous devez disposer d&rsquo;un compte AGOV ou d&rsquo;un compte FED-LOGIN.
op-onboarding.intro.message2=Apr&egrave;s avoir cliqu&eacute; sur "Continuer", vous serez redirig&eacute; vers l&rsquo;authentification.
op-onboarding.intro.message3=Si vous utilisez AGOV et que votre compte n&rsquo;a pas encore atteint le niveau de qualit&eacute; d&rsquo;authentification requis, vous aurez la possibilit&eacute; de d&eacute;marrer la v&eacute;rification d&rsquo;identit&eacute; n&eacute;cessaire pour l&rsquo;atteindre.
op-onboarding.intro.title=D&Eacute;MARRER
op-onboarding.onboarding=Enregistrement de l&rsquo;acc&egrave;s &agrave; AGOV op
op-onboarding.process.message=Un probl&egrave;me s&rsquo;est produit. Veuillez contacter le service d&rsquo;assistance AGOV afin de demander un nouveau lien d&rsquo;enregistrement.
providePhoneNumber.banner=Ce num&eacute;ro de t&eacute;l&eacute;phone doit pouvoir recevoir des SMS.<br>Ce num&eacute;ro de t&eacute;l&eacute;phone ne sera pas utilis&eacute; pour vous contacter.
providePhoneNumber.description=AGOV prend d&eacute;sormais en charge la r&eacute;cup&eacute;ration avec votre num&eacute;ro de t&eacute;l&eacute;phone. Cela vous permettra de vous envoyer un SMS pendant la r&eacute;cup&eacute;ration si vous avez perdu l'acc&egrave;s &agrave; votre code de r&eacute;cup&eacute;ration.
providePhoneNumber.errorBanner=Les num&eacute;ros de t&eacute;l&eacute;phone fournies ne correspondent pas. Veuillez r&eacute;essayer.
providePhoneNumber.inputLabel=Num&eacute;ro de t&eacute;l&eacute;phone (facultatif)
providePhoneNumber.laterModal.description1=Sans num&eacute;ro de t&eacute;l&eacute;phone, la r&eacute;cup&eacute;ration de votre compte peut prendre jusqu'&agrave; 4 jours si vous perdez l'acc&egrave;s &agrave; votre code de r&eacute;cup&eacute;ration.
providePhoneNumber.laterModal.description2=Ajouter un num&eacute;ro de t&eacute;l&eacute;phone vous permet de r&eacute;cup&eacute;rer votre compte en quelques minutes.
providePhoneNumber.laterModal.description3=Ce num&eacute;ro de t&eacute;l&eacute;phone ne sera pas utilis&eacute; pour vous contacter.
providePhoneNumber.laterModal.title=Continuer sans num&eacute;ro de t&eacute;l&eacute;phone ?
providePhoneNumber.modal.description=Un num&eacute;ro de t&eacute;l&eacute;phone mal enregistr&eacute; peut rendre plus difficile la r&eacute;cup&eacute;ration de votre compte. Pour vous assurer que vous avez correctement enregistr&eacute; votre num&eacute;ro de t&eacute;l&eacute;phone, veuillez le r&eacute;p&eacute;ter ci-dessous.
providePhoneNumber.modal.inputLabel=Num&eacute;ro de t&eacute;l&eacute;phone
providePhoneNumber.modal.title=R&eacute;p&eacute;ter votre num&eacute;ro de t&eacute;l&eacute;phone
providePhoneNumber.saveButtonText=Sauvegarder
providePhoneNumber.title=Ajouter le num&eacute;ro de t&eacute;l&eacute;phone
recovery_accessapp_auth.accessAppRegistered=L'application AGOV access est d&eacute;j&agrave; enregistr&eacute;e
recovery_accessapp_auth.instruction1=Vous avez d&eacute;j&agrave; enregistr&eacute; une nouvelle AGOV access app !!!ACCESS_APP_NAME!!! dans le cadre du processus de r&eacute;cup&eacute;ration.
recovery_accessapp_auth.instruction2=Veuillez utiliser !!!ACCESS_APP_NAME!!! pour vous identifier.
recovery_check_code.banner.lockedError=Trop de saisies erron&eacute;es. Veuillez r&eacute;essayer dans quelques minutes.
recovery_check_code.codeIncorrect=Le code saisi est incorrect. Veuillez r&eacute;essayer.
recovery_check_code.enterRecoveryCode=Saisir le code de r&eacute;cup&eacute;ration
recovery_check_code.instruction=Veuillez saisir votre code de r&eacute;cup&eacute;ration &agrave; douze chiffres. Lors de votre inscription, vous avez re&ccedil;u le code de r&eacute;cup&eacute;ration sous la forme d&rsquo;un fichier PDF ou dans AGOV me.
recovery_check_code.invalid.code=Le code est invalide
recovery_check_code.invalid.code.required=Code requis
recovery_check_code.invalid.code.tooLong=Le code est trop long
recovery_check_code.noAccess=Je n&rsquo;ai pas acc&egrave;s &agrave; mon code de r&eacute;cup&eacute;ration
recovery_check_code.noCodeAccess=&Ecirc;tes-vous s&ucirc;r de ne pas avoir acc&egrave;s &agrave; votre code de r&eacute;cup&eacute;ration ?
recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de r&eacute;cup&eacute;ration, veuillez vous rendre sur AGOV help et contacter le service d&rsquo;assistance AGOV. Un agent pourra vous aider dans le processus de r&eacute;cup&eacute;ration.
recovery_check_code.too_many_tries.instruction1=Le code de r&eacute;cup&eacute;ration que vous avez saisi a peut-&ecirc;tre expir&eacute; ou vous avez peut-&ecirc;tre essay&eacute; de le saisir trop de fois.
recovery_check_code.too_many_tries.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d&rsquo;assistance. Un agent pourra vous aider dans le processus de r&eacute;cup&eacute;ration.
recovery_check_noCode.banner.error=Trop de tentatives.
recovery_check_noCode.instruction1=Vous avez peut-&ecirc;tre essay&eacute; de saisir le code de r&eacute;cup&eacute;ration trop de fois.
recovery_check_noCode.instruction2=Veuillez fermer le navigateur web et recommencer la r&eacute;cup&eacute;ration du compte dans dix minutes &agrave; partir de <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
recovery_code.banner.error=Veuillez indiquer votre nouveau code pour pouvoir continuer.
recovery_code.instruction=Les codes de r&eacute;cup&eacute;ration vous permettent d'acc&eacute;der &agrave; votre compte au cas o&ugrave; vous auriez perdu tous vos identifiants. Conservez le code de r&eacute;cup&eacute;ration en lieu s&ucirc;r.
recovery_code.newRecoveryCode=Introduction du code de r&eacute;cup&eacute;ration
recovery_code.validUntil=Valable jusqu'au:
recovery_fidokey_auth.button=D&eacute;marrer l'authentification par cl&eacute; de s&eacute;curit&eacute;
recovery_fidokey_auth.fidoInstruction=Cliquez sur "D&eacute;marrer l'enregistrement de la cl&eacute;"
recovery_fidokey_auth.instruction1=Vous avez d&eacute;j&agrave; enregistr&eacute; une nouvelle cl&eacute; de s&eacute;curit&eacute; !!!SECURITY_KEY_NAME!!! dans le cadre du processus de r&eacute;cup&eacute;ration.
recovery_fidokey_auth.instruction2=Veuillez utiliser !!!SECURITY_KEY_NAME!!! pour suivre les &eacute;tapes ci-dessous afin de vous identifier.
recovery_fidokey_auth.keyRegistered=Cl&eacute; de s&eacute;curit&eacute; d&eacute;j&agrave; enregistr&eacute;e
recovery_intro_email.banner.error=Le lien que vous avez utilis&eacute; a expir&eacute;. Veuillez saisir votre adresse e-mail pour recevoir un nouveau lien.
recovery_intro_email.banner.info=Veuillez saisir votre adresse e-mail. Nous vous enverrons un e-mail vous permettant de d&eacute;marrer le processus de r&eacute;cup&eacute;ration.
recovery_intro_email.important=Important:
recovery_intro_email.process=Le processus de r&eacute;cup&eacute;ration ne doit &ecirc;tre utilis&eacute; que si vous avez perdu l'acc&egrave;s &agrave; vos facteurs de connexion (application AGOV access supprim&eacute;e, cl&eacute; de s&eacute;curit&eacute; perdue, t&eacute;l&eacute;phone perdu, etc.).
recovery_intro_email_sent.banner.button=Vous n&rsquo;avez pas re&ccedil;u l'email?
recovery_intro_email_sent.banner.success=Merci! Vous recevrez dans un instant un e-mail contenant un lien de r&eacute;cup&eacute;ration et des instructions.
recovery_on_going.finishRecovery=Terminer la r&eacute;cup&eacute;ration
recovery_on_going.instruction=Vous n&rsquo;avez pas encore termin&eacute; le processus de r&eacute;cup&eacute;ration. Dans le cadre du processus de r&eacute;cup&eacute;ration, votre identit&eacute; peut faire l&rsquo;objet d&rsquo;une v&eacute;rification. Pour acc&eacute;der &agrave; des applications au moyen de votre identifiant AGOV, vous devez terminer la v&eacute;rification d&rsquo;identit&eacute;.
recovery_on_going.title=Veuillez terminer le processus de r&eacute;cup&eacute;ration.
recovery_questionnaire_instructions.banner.info=Veuillez noter que dans certains cas, vous devez avoir acc&egrave;s &agrave; votre code de r&eacute;cup&eacute;ration pour que la r&eacute;cup&eacute;ration soit r&eacute;ussie.
recovery_questionnaire_instructions.explanation=D'apr&egrave;s vos r&eacute;ponses, une r&eacute;cup&eacute;ration de l'identifiant AGOV-Login semble n&eacute;cessaire. Veuillez cliquer sur continuer et suivre les instructions &agrave; l'&eacute;cran.
recovery_questionnaire_instructions.instruction1=Fournissez l'adresse &eacute;lectronique de votre compte afin que nous puissions vous envoyer un lien pour commencer le processus de r&eacute;cup&eacute;ration
recovery_questionnaire_instructions.instruction2=Suivez les &eacute;tapes pour r&eacute;cup&eacute;rer votre compte (les &eacute;tapes varient en fonction du niveau de v&eacute;rification de votre compte)
recovery_questionnaire_loginfactor.banner.error=Veuillez choisir une r&eacute;ponse.
recovery_questionnaire_loginfactor.no=Non
recovery_questionnaire_loginfactor.question=Avez-vous enregistr&eacute; plus d'un facteur d'authentification (application AGOV access ou cl&eacute; de s&eacute;curit&eacute;) sur votre compte ?
recovery_questionnaire_loginfactor.yes=Oui
recovery_questionnaire_no_recovery.explanation1=D'apr&egrave;s vos r&eacute;ponses, l'option de r&eacute;cup&eacute;ration d'AGOV ne semble pas n&eacute;cessaire pour l'instant.
recovery_questionnaire_no_recovery.explanation2=Si vous avez besoin de plus amples informations, veuillez consulter <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> pour obtenir des articles de soutien.
recovery_questionnaire_no_recovery.instruction1=Si vous rencontrez des difficult&eacute;s pour vous connecter &agrave; une application, visitez <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> et v&eacute;rifiez si vous pouvez vous connecter avec succ&egrave;s.
recovery_questionnaire_no_recovery.instruction2=Si vous avez enregistr&eacute; plusieurs facteurs de connexion mais que vous avez perdu l'acc&egrave;s &agrave; l'un d'entre eux, veuillez consulter <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> pour supprimer celui auquel vous avez perdu l'acc&egrave;s.
recovery_questionnaire_reason_selection.answer1=Je n'arrive pas &agrave; me connecter, m&ecirc;me si j'ai mon application / ma cl&eacute; de s&eacute;curit&eacute;
recovery_questionnaire_reason_selection.answer10=J'ai perdu l'un de mes facteurs d'authentification (application AGOV access ou cl&eacute; de s&eacute;curit&eacute;)
recovery_questionnaire_reason_selection.answer2=Je n'ai pas pu terminer mon inscription
recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute;, r&eacute;install&eacute; ou r&eacute;initialis&eacute; mon application d'acc&egrave;s AGOV
recovery_questionnaire_reason_selection.answer4=J'ai perdu mon t&eacute;l&eacute;phone / cl&eacute; de s&eacute;curit&eacute;
recovery_questionnaire_reason_selection.answer5=J'ai un nouveau t&eacute;l&eacute;phone et j'ai oubli&eacute; de transf&eacute;rer mon application AGOV access
recovery_questionnaire_reason_selection.answer6=J'ai oubli&eacute; mon PIN pour l'application AGOV access
recovery_questionnaire_reason_selection.answer7=J'ai mes cl&eacute;s de s&eacute;curit&eacute; ou mes applications, mais j'ai du mal &agrave; me connecter
recovery_questionnaire_reason_selection.answer8=J'ai perdu l'acc&egrave;s &agrave; toutes mes cl&eacute;s de s&eacute;curit&eacute; et aux applications AGOV access
recovery_questionnaire_reason_selection.answer9=J'ai des probl&egrave;mes avec l'un de mes facteurs d'authentification (effac&eacute;, r&eacute;initialis&eacute;, PIN oubli&eacute;)
recovery_questionnaire_reason_selection.banner.error=Veuillez s&eacute;lectionner un motif.
recovery_questionnaire_reason_selection.instruction=Veuillez s&eacute;lectionner la raison pour laquelle vous entamez le processus de r&eacute;cup&eacute;ration :
recovery_start_info.banner.warning=Vous ne pourrez pas utiliser votre compte tant que le processus de r&eacute;cup&eacute;ration n'aura pas &eacute;t&eacute; termin&eacute;.
recovery_start_info.instruction=Le processus de r&eacute;cup&eacute;ration n&eacute;cessitera l&rsquo;enregistrement d&rsquo;un nouveau facteur d&rsquo;authentification. Si votre compte contient des informations ayant d&eacute;j&agrave; &eacute;t&eacute; v&eacute;rifi&eacute;es, il se peut que vous deviez les faire v&eacute;rifier &agrave; nouveau pour terminer la r&eacute;cup&eacute;ration.
recovery_start_info.title=Vous &ecirc;tes sur le point de d&eacute;marrer le processus de r&eacute;cup&eacute;ration.
title=NEVIS SSO Portal
title.login=Login
user_input.invalid.email=Veuillez saisir un e-mail valable.
user_input.invalid.email.required=Champ requis
user_input.invalid.email.tooLong=La saisie est trop longue

219
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/resources/conf/text_it.properties Normal file
View File

@ -0,0 +1,219 @@
darkModeSwitch.aria.label=Attivare la modalit&agrave; scura
error_1=Verificare i dati inseriti.
error_10=Scegliere l&rsquo;account utente corretto.
error_100=Impossibile caricare il certificato. Il certificato esiste gi&agrave;. Contattare l&rsquo;help desk.
error_101=L&rsquo;e-mail inserita non &egrave; valida.
error_11=Utilizzare un altro certificato o accedere con altre credenziali.
error_2=Selezionare un altro nome di accesso.
error_3=Se la prossima autenticazione fallisce, l&rsquo;account sar&agrave; bloccato.
error_4=La nuova password non rispetta le norme di sicurezza. Scegliere un&rsquo;altra password.
error_5=Errore nella conferma della password.
error_50=La nuova password &egrave; troppo corta.
error_55=La nuova password deve differire da quelle precedenti.
error_6=&Egrave; richiesta la modifica della password.
error_7=&Egrave; richiesta la modifica dell&rsquo;ID di accesso.
error_8=A causa dei ripetuti tentativi di autenticazione falliti, l&rsquo;account &egrave; stato bloccato.
error_81=Non &egrave; stata trovata alcuna carta di accesso; l&rsquo;accesso da Internet &egrave; negato.
error_83=La carta di accesso non &egrave; pi&ugrave; valida. Per richiedere una nuova carta di accesso, contattare il responsabile.
error_9=Takeover di sessione fallito.
error_97=Accesso non autorizzato a questa risorsa.
error_98=L&rsquo;account &egrave; stato bloccato.
error_99=Ci sono problemi di sistema. Riprovare pi&ugrave; tardi.
error_9901=Per accedere a questa pagina, &egrave; necessario un link di registrazione valido.
error_9902=L&rsquo;e-mail utilizzata per l&rsquo;autenticazione non corrisponde a quella di AGOV operations. Richiedere un nuovo link di registrazione.
error_9903=L&rsquo;IdP utilizzato non ha inviato un&rsquo;asserzione valida. Assicurarsi di utilizzare l&rsquo;IdP corretto. Richiedere al supporto un nuovo link di registrazione.
error_9904=Il link non &egrave; pi&ugrave; valido. Assicurarsi di utilizzare il link pi&ugrave; recente ricevuto in AGOV operations. Se il problema persiste, richiedere un nuovo link.
error_9905=Si &egrave; verificato un problema con l&rsquo;account AGOV operations. Contattare il supporto.
error_9909=Si &egrave; verificato un errore interno. Richiedere al supporto un nuovo link di registrazione.
errors.duplicateValue=Il suo account &egrave; gi&agrave; collegato ad un altro accesso operativo.
fido2_auth.cancel.fido=L'autenticazione con la chiave di sicurezza &egrave; stata interrotta. Assicurarsi che la chiave FIDO sia registrata e che l'indirizzo e-mail sia corretto, poi seguire le istruzioni.
fido2_auth.instruction1=Cliccare su "Continua"
fido2_auth.instruction2=A breve si aprir&agrave; una finestra per l'autenticazione.
fido2_auth.instruction3=Seguire le istruzioni.
fido2_auth.skipInstructions=Non mostrare pi&ugrave; le istruzioni
fido2_auth.switchLogin=ACCEDERE CON
footer.link=https://agov.ch
footer.link.label=Contatto
footer.text=Servizio di autenticazione delle autorit&agrave; Svizzere AGOV - una collaborazione tra Cantoni, Comuni e l'Amministrazione federale. -
general.AGOVAccessApp=App AGOV access
general.accessApp=App AGOV access
general.authenticate=Autentifica
general.back=Indietro
general.cancel=Annullare
general.confirm=Confermare
general.contactSupport=Contattare il supporto
general.continue=Continuare
general.edit=Modificare
general.email=e-mail
general.email.address=Indirizzo e-mail
general.entryCode=Codice
general.fieldRequired=Campo obbligatorio.
general.getStarted=Iniziare
general.goAGOVHelp=Vai ad AGOV help
general.goAccessApp=Login con AGOV access
general.help=Aiuto
general.help.link=https://agov.ch/help
general.login=Accedere
general.loginSecurityKey=Iniziare il login con la chiave di sicurezza
general.or=O
general.otherOptions=ALTRE OPZIONI
general.recovery=Ripristino
general.recovery.help.link=https://help.agov.ch/?c=100recovery
general.recoveryCode.downloadPdf=Salva come PDF
general.recoveryCode.inputLabel=Codice di ripristino
general.recoveryCode.repeatCodeError=Il codice inserito non &egrave; corretto. Assicurati di averlo memorizzato correttamente, quindi riprova a inviarlo.
general.recoveryCode.repeatCodeModal.description=Un codice di ripristino perso o memorizzato in modo errato pu&ograve; rendere pi&ugrave; difficile il recupero del tuo account. Per assicurarti di aver registrato correttamente il codice, inseriscilo di nuovo qui sotto.
general.recoveryCode.repeatCodeModal.title=Ripeti il codice di ripristino
general.recoveryCode.reveal=Mostri il codice di ripristino
general.recoveryOngoing=Ripristino in corso
general.register=Registrarsi
general.registerNow=Si registri ora!
general.registration=Registrazione
general.securityKey=Chiave di sicurezza
general.skip.content=Vai al contenuto principale
general.wrongPhoneNumber=Inserire un numero di cellulare valido
generic.auth.error.message=Si &egrave; verificata un&rsquo;interruzione. Stiamo lavorando per ripristinare l&rsquo;esercizio.
generic.auth.error.next.steps=Riprovare pi&ugrave; tardi. Se il problema persiste, consultare AGOV help.
generic.auth.error.subtitle=Qualcosa non ha funzionato.
generic.auth.error.title=Errore
language.de=Deutsch
language.en=English
language.fr=Fran&ccedil;ais
language.it=Italiano
languageDropdown.aria.label=Selezionare la lingua
loainfo.description.200=Per accedere all'app &egrave; necessaria una verifica dei dati. La procedura pu&ograve; richiedere fino a 2&ndash;3 giorni lavorativi.
loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, pu&ograve; selezionare la procedura di verifica desiderata.
loainfo.description.400=Per accedere all'applicazione &egrave; necessario inserire il numero AVS.
loainfo.helper=I dati devono essere verificati!
loainfo.later=Pi&ugrave; tardi
loainfo.startNow=Iniziare la procedura?
loainfo.startVerification=Iniziare la verifica
loainfo.title=Verificare i dati.
mauth_usernameless.EID=Continuare con CH e-ID
mauth_usernameless.banner.error=Autenticazione interrotta.<br>Riprovare dopo che la pagina si sar&agrave; ricaricata.
mauth_usernameless.banner.info=La scansione &egrave; stata eseguita.<br>Continuare nell'app AGOV access.
mauth_usernameless.banner.success=Autenticazione riuscita!<br>Aspettare di essere connessi.
mauth_usernameless.cannotLogin=Ha perso l'accesso alla sua app/chiave di sicurezza?
mauth_usernameless.hideQR=Nascondi il codice QR
mauth_usernameless.instructions=Per accedere, scansionare il codice QR con l'app AGOV access.
mauth_usernameless.noAccount=Non ha ancora un AGOV-Login ?
mauth_usernameless.showQR=Visualizza il codice QR
mauth_usernameless.startRecovery=Inizia il recupero dell'account
mauth_usernameless.useSecurityKey=Accedere utilizzando una chiave di sicurezza.
mauth_usernameless.useSecurityKeyInfo=Una chiave di sicurezza fisica permette di accedere in modo sicuro senza utilizzare un telefono.
op-admin.login=AGOV op admin
op-admin.login.intro.message=Accedere con nome utente e password
op-admin.login.loginid=ID di accesso
op-admin.login.password=Password
op-admin.login.title=Accedere
op-admin.logout=AGOV op admin
op-admin.logout.message=La sessione &egrave; terminata.
op-admin.logout.title=Disconnessione
op-admin.pwchange.intro.message=&Egrave; richiesta la modifica della password.
op-admin.pwchange.newpassword=Nuova password
op-admin.pwchange.newpassword2=Ripetere la nuova password
op-admin.pwchange.password=Password attuale
op-admin.pwchange.title=Modificare password
op-idmlogin.role.accs-mgmt-idm=Gestione dei diritti di accesso IDM
op-idmlogin.role.accs-mgmt-nonidm=Gestione dei diritti di accesso
op-idmlogin.role.idmcfg-mgmt=Configurazione dell'IDM
op-idmlogin.role.readonly-access=Accesso predefinito (sola lettura)
op-idmlogin.role.support-basic=Casi di supporto (ripristino, ...)
op-idmlogin.role.support-priv=Supporto di terzo livello (archiviazione, off-boarding)
op-idmlogin.role.usr-mgmt=Gestione utenti (operazioni)
op-idmlogin.role.usr-unit-mgmt=Gestione utenti e organizzazione (operazioni)
op-idmlogin.select=AGOV idm
op-idmlogin.select.intro=Si prega di selezionare uno dei seguenti profili...
op-idmlogin.select.note=I profili contrassegnati con * devono essere utilizzati solo se richiesti per attivit&agrave; di supporto o rilascio specifiche.
op-idmlogin.select.title=Selezione del profilo
op-onboarding.done.message=La registrazione &egrave; riuscita. Ora l&rsquo;accesso AGOV operations &egrave; pronto. Prima di accedere ad AGOV operations, chiudere il browser.
op-onboarding.done.title=FINITO
op-onboarding.failed.title=ERRORE
op-onboarding.intro.message1=Per completare la registrazione per l'accesso AGOV operations, &egrave; necessario avere un account AGOV o FED-LOGIN.
op-onboarding.intro.message2=Dopo aver cliccato su "Continua", si &egrave; reindirizzati al servizio di autenticazione.
op-onboarding.intro.message3=Se utilizza AGOV e l&rsquo;account non soddisfa ancora il livello richiesto AGOVaq, potr&agrave; avviare la verifica dell&rsquo;identit&agrave; richiesta.
op-onboarding.intro.title=INIZIARE
op-onboarding.onboarding=Registrazione AGOV op
op-onboarding.process.message=Qualcosa non ha funzionato. Contattare il supporto AGOV e, se necessario, richiedere un nuovo link di registrazione.
providePhoneNumber.banner=Il numero di telefono deve essere in grado di ricevere SMS.<br>Questo numero di telefono non sar&agrave; utilizzato per contattarti.
providePhoneNumber.description=AGOV ora supporta il ripristino tramite il tuo numero di telefono. Questo ti permetter&agrave; di continuare con un SMS durante il ripristino se hai perso l'accesso al tuo codice di ripristino.
providePhoneNumber.errorBanner=Il numero di telefono non corrispondono. Si prega di riprovare.
providePhoneNumber.inputLabel=Numero di telefono (facoltativo)
providePhoneNumber.laterModal.description1=Senza un numero di telefono, il recupero del tuo account potrebbe richiedere fino a 4 giorni se perdi l'accesso al codice di ripristino.
providePhoneNumber.laterModal.description2=Aggiungere un numero di telefono ti aiuta a recuperare il tuo account in pochi minuti.
providePhoneNumber.laterModal.description3=Questo numero di telefono non sar&agrave; utilizzato per contattarti.
providePhoneNumber.laterModal.title=Continuare senza un numero di telefono?
providePhoneNumber.modal.description=Un numero di telefono memorizzato in modo errato pu&ograve; rendere pi&ugrave; difficile il recupero del tuo account. Per assicurarti di aver registrato correttamente il tuo numero di telefono, inseriscilo di nuovo qui sotto.
providePhoneNumber.modal.inputLabel=Numero di telefono
providePhoneNumber.modal.title=Ripetere il numero di telefono
providePhoneNumber.saveButtonText=Salva
providePhoneNumber.title=Aggiungi numero di telefono
recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV gi&agrave; registrata
recovery_accessapp_auth.instruction1=Ha gi&agrave; registrato una nuova app AGOV access !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
recovery_check_code.banner.lockedError=Troppi tentativi di inserimento non validi. Riprovare tra qualche minuto.
recovery_check_code.codeIncorrect=Il codice inserito non &egrave; corretto. Riprovare.
recovery_check_code.enterRecoveryCode=Inserisca il codice di recupero
recovery_check_code.instruction=Inserire qui sotto il codice di ripristino a 12 caratteri alfanumerici. Ha ricevuto questo codice in un file PDF al momento della registration o in AGOV me.
recovery_check_code.invalid.code=Il codice non &egrave; valido
recovery_check_code.invalid.code.required=Codice richiesto
recovery_check_code.invalid.code.tooLong=Il codice &egrave; troppo lungo
recovery_check_code.noAccess=Non ho il mio codice.
recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino?
recovery_check_code.noCodeAccessInstructions=Se non ha pi&ugrave; il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assister&agrave; nel processo di ripristino.
recovery_check_code.too_many_tries.instruction1=Il codice di ripristino inserito pu&ograve; essere scaduto o &egrave; stato inserito troppe volte.
recovery_check_code.too_many_tries.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
recovery_check_noCode.banner.error=Troppi tentativi.
recovery_check_noCode.instruction1=Potresti aver tentato di inserire il codice di ripristino troppe volte.
recovery_check_noCode.instruction2=Chiudi il browser web e inizia nuovamente il processo di ripristino dell'account tra dieci minuti da <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
recovery_code.banner.error=La preghiamo di rivelare il suo nuovo codice per poter continuare.
recovery_code.instruction=Il codice di ripristino le aiuta ad accedere al suo conto in caso in cui lei abbia perso le credentiali di accesso. Per favore, conservi il codice di ripristino in un luogo sicuro.
recovery_code.newRecoveryCode=Introduzione del codice di ripristino
recovery_code.validUntil=Valido fino a:
recovery_fidokey_auth.button=Iniziare l'authenticazione della chiave
recovery_fidokey_auth.fidoInstruction=Cliccare su "Iniziare l'authenticazione della chiave"
recovery_fidokey_auth.instruction1=Ha gi&agrave; registrato una nuova chiave di sicurezza !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
recovery_fidokey_auth.instruction2=Si prega di usare !!!SECURITY_KEY_NAME!!! per poter seguire i passaggi seguenti per identificarti.
recovery_fidokey_auth.keyRegistered=Chiave di sicurezza gi&agrave; registrata
recovery_intro_email.banner.error=Il link utilizzato &egrave; scaduto. Per ricevere un nuovo link, inserire l&rsquo;indirizzo e-mail.
recovery_intro_email.banner.info=Per ricevere il link e avviare il processo di ripristino, inserire l&rsquo;indirizzo e-mail.
recovery_intro_email.important=Importante:
recovery_intro_email.process=Il processo di ripristino deve essere utilizzato solo se ha perso l'accesso ai suoi fattori di accesso (app AGOV access eliminata, chiave di sicurezza persa, telefono smarrito, ecc.).
recovery_intro_email_sent.banner.button=Non avete ricevuto l'e-mail?
recovery_intro_email_sent.banner.success=Grazie! &Egrave; stata inviata un&rsquo;e-mail contenente il codice di ripristino e le istruzioni.
recovery_on_going.finishRecovery=Completare il ripristino
recovery_on_going.instruction=&Egrave; in corso un processo di ripristino. Il processo di ripristino pu&ograve; includere una verifica dell&rsquo;identit&agrave;. Per accedere alle applicazioni con il proprio AGOV-Login, &egrave; necessario completare la verifica dell&rsquo;identit&agrave;.
recovery_on_going.title=Completare il processo di ripristino.
recovery_questionnaire_instructions.banner.info=Tenga presente che in alcuni casi &egrave; necessario utilizzare il codice di ripristino per un ripristino riuscito.
recovery_questionnaire_instructions.explanation=In base alle sue risposte sembra essere necessario un ripristino AGOV-Login. Fare clic su Continua e seguire le istruzioni visualizzate sullo schermo.
recovery_questionnaire_instructions.instruction1=Si prega di fornire l'indirizzo email del suo account in modo di poter inviarle un link per iniziare il processo di recupero
recovery_questionnaire_instructions.instruction2=Si prega di seguire i passaggi per recuperare il suo account (i passaggi varieranno a seconda del livello di verifica dell'account)
recovery_questionnaire_loginfactor.banner.error=Si prega di selezionare una risposta.
recovery_questionnaire_loginfactor.no=No
recovery_questionnaire_loginfactor.question=Ha registrato pi&ugrave; di un fattore di accesso (app AGOV access o chiave di sicurezza) al suo account?
recovery_questionnaire_loginfactor.yes=Si
recovery_questionnaire_no_recovery.explanation1=In base alle sue risposte, l'opzione di ripristino AGOV non sembra necessaria al momento.
recovery_questionnaire_no_recovery.explanation2=Se ha bisogno di ulteriori informazioni, visiti <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> per articoli di supporto.
recovery_questionnaire_no_recovery.instruction1=Se riscontra problemi di accesso a un'applicazione, visiti <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> e verifichi se pu&ograve; accedere con successo.
recovery_questionnaire_no_recovery.instruction2=Se ha registrato pi&ugrave; fattori di accesso ma ha perso l'accesso a uno di essi, visit <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> per rimuovere quello a cui ha perso l'accesso.
recovery_questionnaire_reason_selection.answer1=Ho problemi ad accedere, anche se ho la mia app/chiave di sicurezza
recovery_questionnaire_reason_selection.answer10=Ho perso uno dei miei fattori di accesso (app AGOV access o chiave di sicurezza)
recovery_questionnaire_reason_selection.answer2=Non sono riuscito a completare la registrazione
recovery_questionnaire_reason_selection.answer3=Ho eliminato, reinstallato o reimpostato la mia app AGOV access
recovery_questionnaire_reason_selection.answer4=Ho perso il telefono/la chiave di sicurezza
recovery_questionnaire_reason_selection.answer5=Ho un nuovo telefono e ho dimenticato di trasferire la mia app AGOV access
recovery_questionnaire_reason_selection.answer6=Ho dimenticato il PIN dell'app AGOV access
recovery_questionnaire_reason_selection.answer7=Ho i miei token di sicurezza o le mie app, ma ho avuto problemi ad accedere
recovery_questionnaire_reason_selection.answer8=Ho perso l'accesso a tutte le mie chiavi di sicurezza e alle app AGOV access
recovery_questionnaire_reason_selection.answer9=Ho problemi con uno dei miei fattori di accesso (PIN cancellato, reimpostato, dimenticato)
recovery_questionnaire_reason_selection.banner.error=Si prega di selezionare il motivo.
recovery_questionnaire_reason_selection.instruction=Si prega di selezionare il motivo per cui sta avviando il processo di recupero:
recovery_start_info.banner.warning=Non &egrave; possibile utilizzare l&rsquo;account finch&eacute; il processo di ripristino non sar&agrave; concluso.
recovery_start_info.instruction=Durante il processo di ripristino sar&agrave; registrato un nuovo fattore di accesso. Se l&rsquo;account contiene informazioni verificate, potrebbe essere necessario avviare un processo di verifica per completare il ripristino.
recovery_start_info.title=Il processo di ripristino sta per iniziare.
title=NEVIS SSO Portal
title.login=Login
user_input.invalid.email=Inserire un'e-mail valida.
user_input.invalid.email.required=Campo obbligatorio
user_input.invalid.email.tooLong=Il testo inserito &egrave; troppo lungo.

165
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/authcloud_login.js Normal file
View File

@ -0,0 +1,165 @@
let baseURL; // base URL
let statusToken; // used to check progress
let dispatcherElement; // to display link or QR code
let infoElement; // to display info text
let errorElement; // to display error text
function addInput(form, name, value) {
const input = document.createElement("input");
input.name = name;
input.value = value;
form.appendChild(input);
}
function submitStatus(status) {
// we have to do a form POST instead of AJAX
const form = document.createElement("form");
form.method = "POST";
form.style.display = "none";
addInput(form, "status", status);
document.body.appendChild(form);
form.submit();
}
const Status = {
_pollInterval: 2 * 1000, // Check every 2 seconds
latest: null,
startPolling: function (token, uiCallback) {
let interval = setInterval(async () => {
await this._check(token).then(function (resp) {
console.log("Polling status: %o", resp);
uiCallback && uiCallback(resp, false);
return Status.latest = resp;
})
.catch(function (err) {
console.error("Error during polling: %o", err);
return false;
});
if (Status.latest && (Status.latest.status === 'succeeded' || Status.latest.status === 'failed' || Status.latest.status === 'unknown')) {
// Done!
console.log('Latest status is: %o', this.latest);
uiCallback && uiCallback(this.latest, true);
clearInterval(interval);
}
}, this._pollInterval);
},
_check: async function (token) {
const payload = { statusToken: token };
const response = await fetch(baseURL + 'api/v1/status', {
method: 'POST',
mode: 'cors',
cache: 'no-cache',
credentials: 'omit',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json;charset=utf-8'
},
body: JSON.stringify(payload),
redirect: 'follow',
referrerPolicy: 'no-referrer'
});
return await response.json();
}
};
function setDeepLinkLabel(button) {
const text = document.getElementsByName('info.deeplink')[0].value;
button.innerHTML = text;
}
function messageScanQR() {
const text = document.getElementsByName('info.qrcode')[0].value;
infoElement.innerHTML = text;
}
function messageCheckPhone() {
const text = document.getElementsByName('info.check.phone')[0].value;
infoElement.innerHTML = text;
}
const Element = {
_elem: null, // QR code or deep link depending on device
show: function (appLink) {
const userAgent = navigator.userAgent || navigator.vendor || window.opera;
const isIphone = 'iPhone' === navigator.platform;
const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent);
if (isAndroid || isIphone) {
this._elem = document.createElement('a');
this._elem.setAttribute('href', appLink);
this._elem.setAttribute('class', 'btn btn-primary');
this._elem.setAttribute('target', '_blank');
dispatcherElement.appendChild(this._elem);
setDeepLinkLabel(this._elem);
}
else {
const authenticationType = document.getElementsByName('authenticationType')[0].value;
if (authenticationType == 'push') {
messageCheckPhone();
}
else {
messageScanQR();
this._elem = document.createElement('canvas');
dispatcherElement.appendChild(this._elem);
var qrcode = new QRious({
element: this._elem,
foreground: "#168CA9",
level: "M",
size: 280,
value: appLink
});
}
}
},
hide: function() {
// hide the element which was shown
if (this._elem != null) {
this._elem.style.display = "none";
}
}
};
function authenticateUser(appLink) {
Element.show(appLink);
console.log('Starting Authentication Cloud status polling...');
Status.startPolling(statusToken, (st, done) => {
if (st.status === 'succeeded') {
console.log('Authentication Cloud login done.');
submitStatus('succeeded')
}
else if (st.status === 'failed') {
// failed: The transaction failed, either by timeout or because the user did not accept.
console.warn('Authentication Cloud login failed. User abort or timeout.');
submitStatus('failed')
}
else if (st.status === 'unknown') {
console.error('Authentication Cloud login failed. Unknown status.');
submitStatus('unknown')
}
});
}
function init() {
const form = document.getElementById('authcloud_login');
baseURL = form.url.value;
statusToken = form.statusToken.value;
infoElement = document.getElementById('authcloud_info');
errorElement = document.getElementById('authcloud_error');
dispatcherElement = document.getElementById('authcloud_dispatch');
const appLink = form.appLink.value;
authenticateUser(appLink);
}
window.onload = function() {
init();
};

154
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/authcloud_onboard.js Normal file
View File

@ -0,0 +1,154 @@
let baseURL; // base URL
let statusToken; // used to check progress
let dispatcherElement; // to display link or QR code
let infoElement; // to display info text
let errorElement; // to display error text
function addInput(form, name, value) {
const input = document.createElement("input");
input.name = name;
input.value = value;
form.appendChild(input);
}
function submitStatus(status) {
// we have to do a form POST instead of AJAX
const form = document.createElement("form");
form.method = "POST";
form.style.display = "none";
addInput(form, "status", status);
document.body.appendChild(form);
form.submit();
}
const Status = {
_pollInterval: 2 * 1000, // Check every 2 seconds
latest: null,
startPolling: function (token, uiCallback) {
let interval = setInterval(async () => {
await this._check(token).then(function (resp) {
console.log("Polling status: %o", resp);
uiCallback && uiCallback(resp, false);
return Status.latest = resp;
})
.catch(function (err) {
console.error("Error during polling: %o", err);
return false;
});
if (Status.latest && (Status.latest.status === 'succeeded' || Status.latest.status === 'failed' || Status.latest.status === 'unknown')) {
// Done!
console.log('Latest status is: %o', this.latest);
uiCallback && uiCallback(this.latest, true);
clearInterval(interval);
}
}, this._pollInterval);
},
_check: async function (token) {
const payload = { statusToken: token };
const response = await fetch(baseURL + 'api/v1/status', {
method: 'POST',
mode: 'cors',
cache: 'no-cache',
credentials: 'omit',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json;charset=utf-8'
},
body: JSON.stringify(payload),
redirect: 'follow',
referrerPolicy: 'no-referrer'
});
return await response.json();
}
};
function setDeepLinkLabel(button) {
const text = document.getElementsByName('info.deeplink')[0].value;
button.innerHTML = text;
}
function messageScanQR() {
const text = document.getElementsByName('info.qrcode')[0].value;
infoElement.innerHTML = text;
}
const Element = {
_elem: null, // QR code or deep link depending on device
show: function (appLink) {
const userAgent = navigator.userAgent || navigator.vendor || window.opera;
const isIphone = 'iPhone' === navigator.platform;
const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent);
if (isAndroid || isIphone) {
this._elem = document.createElement('a');
this._elem.setAttribute('href', appLink);
this._elem.setAttribute('class', 'btn btn-primary');
this._elem.setAttribute('target', '_blank');
dispatcherElement.appendChild(this._elem);
setDeepLinkLabel(this._elem);
}
else {
messageScanQR();
this._elem = document.createElement('canvas');
dispatcherElement.appendChild(this._elem);
var qrcode = new QRious({
element: this._elem,
foreground: "#168CA9",
level: "M",
size: 280,
value: appLink
});
}
},
hide: function() {
// hide the element which was shown
if (this._elem != null) {
this._elem.style.display = "none";
}
}
};
function onboardUser(appLink) {
Element.show(appLink);
console.log('Starting Authentication Cloud status polling...');
Status.startPolling(statusToken, (st, done) => {
if (st.status === 'succeeded') {
console.log('Authentication Cloud onboarding done.');
submitStatus('succeeded')
}
else if (st.status === 'failed') {
// failed: The transaction failed, either by timeout or because the user did not accept.
console.warn('Authentication Cloud onboarding failed. User abort or timeout.');
submitStatus('failed')
}
else if (st.status === 'unknown') {
console.error('Authentication Cloud onboarding failed. Unknown status.');
submitStatus('unknown')
}
});
}
function init() {
const form = document.getElementById('authcloud_onboard');
baseURL = form.url.value;
statusToken = form.statusToken.value;
infoElement = document.getElementById('authcloud_info');
errorElement = document.getElementById('authcloud_error');
dispatcherElement = document.getElementById('authcloud_dispatch');
const appLink = form.appLink.value;
onboardUser(appLink);
}
window.onload = function() {
init();
};

87
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/base64.js Normal file
View File

@ -0,0 +1,87 @@
/*
* Base64URL-ArrayBuffer
* https://github.com/herrjemand/Base64URL-ArrayBuffer
*
* Copyright (c) 2017 Yuriy Ackermann <ackermann.yuriy@gmail.com>
* Copyright (c) 2012 Niklas von Hertzen
* Licensed under the MIT license.
*
*/
(function() {
"use strict";
var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
// Use a lookup table to find the index.
var lookup = new Uint8Array(256);
for (var i = 0; i < chars.length; i++) {
lookup[chars.charCodeAt(i)] = i;
}
var encode = function(arraybuffer) {
var bytes = new Uint8Array(arraybuffer),
i, len = bytes.length, base64 = "";
for (i = 0; i < len; i+=3) {
base64 += chars[bytes[i] >> 2];
base64 += chars[((bytes[i] & 3) << 4) | (bytes[i + 1] >> 4)];
base64 += chars[((bytes[i + 1] & 15) << 2) | (bytes[i + 2] >> 6)];
base64 += chars[bytes[i + 2] & 63];
}
if ((len % 3) === 2) {
base64 = base64.substring(0, base64.length - 1);
} else if (len % 3 === 1) {
base64 = base64.substring(0, base64.length - 2);
}
return base64;
};
var decode = function(base64) {
var bufferLength = base64.length * 0.75,
len = base64.length, i, p = 0,
encoded1, encoded2, encoded3, encoded4;
var arraybuffer = new ArrayBuffer(bufferLength),
bytes = new Uint8Array(arraybuffer);
for (i = 0; i < len; i+=4) {
encoded1 = lookup[base64.charCodeAt(i)];
encoded2 = lookup[base64.charCodeAt(i+1)];
encoded3 = lookup[base64.charCodeAt(i+2)];
encoded4 = lookup[base64.charCodeAt(i+3)];
bytes[p++] = (encoded1 << 2) | (encoded2 >> 4);
bytes[p++] = ((encoded2 & 15) << 4) | (encoded3 >> 2);
bytes[p++] = ((encoded3 & 3) << 6) | (encoded4 & 63);
}
return arraybuffer;
};
/**
* Exporting and stuff
*/
if (typeof module !== 'undefined' && typeof module.exports !== 'undefined') {
module.exports = {
'encode': encode,
'decode': decode
}
} else {
if (typeof define === 'function' && define.amd) {
define([], function() {
return {
'encode': encode,
'decode': decode
}
});
} else {
window.base64url = {
'encode': encode,
'decode': decode
}
}
}
})();

9
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/bootstrap-theme.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

11
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/bootstrap.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

12
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/bootstrap.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

222
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/default.css Normal file
View File

@ -0,0 +1,222 @@
/********************************************************
* Layout
********************************************************/
html { /* magic to position footer */
position: relative;
min-height: 100%;
}
body {
margin-bottom: 76px; /* == footer height */
}
.container, .container-fluid {
padding-left: 36px;
padding-right: 36px;
}
nav {
min-height: 100px;
padding: 36px;
}
header {
margin-bottom: 16px; /* h1.logintitle adds 20px => 36px */
}
.container {
min-width: 260px;
max-width: 700px;
}
h1 {
margin-bottom: 50px;
}
footer {
width: 100%;
position: absolute;
bottom: 0;
padding: 0 36px;
}
img {
width: 100%;
}
/********************************************************
* Header
********************************************************/
header .logo {
/* width: 20%;*/
/*max-width: 600px;*/
max-height: 150px;
width: auto;
}
/********************************************************
* Dropdown
********************************************************/
a.dropdown-toggle {
text-decoration: none;
}
a.dropdown-toggle:hover {
color: #168CA9;
border-bottom: 3px solid #168CA9;
}
.dropdown-menu {
padding: 5px 0;
}
.dropdown-menu li > a {
padding: 6px 28px;
}
.dropdown-menu a > .prefix {
display: inline-block;
min-width: 22px;
margin-right: 28px;
text-align: right;
}
/********************************************************
* Form
********************************************************/
/* Labels should not be bold */
label {
font-weight: normal;
}
/* Make error messages bold */
.has-error .help-block {
font-weight: bold;
}
/* Change button size, by default 116px in width */
.btn {
min-width: 116px;
padding: 3px 12px;
}
/* Disable gradient in buttons, ughhhh */
.btn.btn-primary {
border-color: transparent;
background-image: none;
text-shadow: none;
box-shadow: none;
-webkit-box-shadow: none;
}
.help-block a, .help-block a:visited {
color: #168CA9;
font-weight: bold;
text-decoration: none;
}
.help-block a:hover {
color: #168CA9;
text-decoration: underline;
}
/********************************************************
* Footer
********************************************************/
footer .row {
margin: 36px 0 0 0;
height: 40px;
padding-top: 14px;
line-height: 26px; /* to center text: height - padding-top = 26px */
border-top: 1px solid #168CA9;
}
footer .row > div { /* Fix alignment between border + text on Bootstrap grid */
padding: 0;
}
footer .logo-round-container {
position: relative;
}
footer .logo-round {
position: absolute;
left: 0;
right: 0;
top: -33px; /* found visually with Chrome Dev Tools */
height: 36px;
width: 36px;
border: 1px solid #00868c;
border-radius: 18px;
background: #fff;
padding: 8px;
}
footer .logo-round > img {
display: block;
}
#dispatchTargets {
margin-top: 20px;
}
/********************************************************
* Social login
********************************************************/
.btn.line {
background-color: transparent;
display: block;
width: 100%;
padding: 0;
margin: 1.5em 0 1em;
border: 0.5px solid #ccc;
pointer-events: none;
}
.btn.socialLogin {
background-color: #fff;
border: thin solid #ccc;
color: #000;
font-weight: 600;
position: relative;
margin: 5px;
min-width: 140px;
width: 210px;
border-radius: 8px;
padding: 8px 12px;
text-align: left;
}
.socialLogin img {
width: 1.5em;
height: 108%;
margin-right: 0.5em;
}
.btn.apple img {
width: 1.2em;
}
/********************************************************
* Show password
********************************************************/
.icon-inside {
position: relative;
}
.icon-inside input {
padding-right: calc(0.75rem + 1.25rem + 0.75rem);
}
.icon-inside button {
position: absolute;
right: 0;
top: 0;
margin-top: 0.45rem;
margin-right: 0.45rem;
background: #FFFFFF;
border: #FFFFFF;
}

36
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/dropdown.js Normal file
View File

@ -0,0 +1,36 @@
(function() {
var closeDropdownTimeout;
function closeDropdown(event) {
var dropdowns = document.querySelectorAll('.dropdown');
for (var i = 0; i < dropdowns.length; i++) {
var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu');
if (dropdownMenu.style.display !== 'none' && !dropdowns[i].contains(event.target)) {
dropdownMenu.style.display = 'none';
}
}
// remove event listener till we have a new dropdown menu open
if (document.querySelector('.dropdown-menu:not([style*="display: none"])') === null) {
document.removeEventListener('click', closeDropdown);
}
}
var dropdowns = document.querySelectorAll('.dropdown');
for (var i = 0; i < dropdowns.length; i++) {
var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu');
dropdownMenu.style.display = 'none'; // ensure menu is initially hidden
dropdowns[i].addEventListener('click', function(e) {
// show dropdown menu
var dropdownMenu = this.querySelector('.dropdown-menu');
dropdownMenu.style.display = 'block';
// handle clicking away
clearTimeout(closeDropdownTimeout);
closeDropdownTimeout = setTimeout(function() {
document.addEventListener('click', closeDropdown);
}, 10);
});
}
}());

98
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/e2eenc.js Normal file
View File

@ -0,0 +1,98 @@
var e2eenc = function() {
this.encryptForm = function(algoString, formId) {
// TODO: in case of an error we should return false, to prevent the for to be submitted
// or replace the fields with dummy values, just to prevent the the transmission
// of unencrypted values
// create the array of input fields to encrypt (needs to be done before setting the form
// invisible
var fieldsToEncrypt = new Array();
$.each($("form input:visible"), function(index, _inputField) { fieldsToEncrypt.push($(_inputField));});
// hide the form, and display the splash screen
$('#loginform').css('display','none');
$('#e2eeSplashScreen').css('display','block');
// encryption logic
var pubKey = $("input[name='e2eenc.publicKey']").val();
var kemSessionKey = readPublicKeyAndGenerateSessionKey(pubKey)
var iv = forge.random.getBytesSync(16);
keyB64 = forge.util.encode64(kemSessionKey.key);
encapsulationB64 = forge.util.encode64(kemSessionKey.encapsulation);
ivB64 = forge.util.encode64(iv);
//console.log("Encrypting form " + formId + " (" + algoString + ")");
var fields = "";
$.each(fieldsToEncrypt, function(index, _inputField) {
var inputField = $(_inputField);
if (inputField.attr("type") == "text" || inputField.attr("type") == "password") {
//console.log("Encrypting field " + JSON.stringify(inputField));
var plainValue = inputField.val();
var encryptedValueB64 = encrypt(kemSessionKey, iv, plainValue);
//console.log("Setting encrypted value in b64: " + encryptedValueB64);
inputField.val(encryptedValueB64);
if (fields.length > 0) {
fields = fields + ","
}
fields = fields + inputField.attr("name");
}
});
$("input[name='e2eenc.iv']").val(ivB64);
$("input[name='e2eenc.encapsulation']").val(encapsulationB64);
$("input[name='e2eenc.fields']").val(fields);
}
function getRSApublicKey(pem) {
//console.log("PEM: " + pem);
var msg = forge.pem.decode(pem)[0];
//console.log("msg type: " + msg.type);
if(msg.procType && msg.procType.type === 'ENCRYPTED') {
throw new Error('Could not retrieve RSA public key from PEM; PEM is encrypted.');
}
// convert DER to ASN.1 object
var asn1obj = forge.asn1.fromDer(msg.body);
//console.log("ASN.1 obj: " + JSON.stringify(asn1obj))
var pubKey = forge.pki.publicKeyFromAsn1(asn1obj)
//console.log("PubKey: " + JSON.stringify(pubKey))
return pubKey;
}
function generateKEMSessionKey(rsaPublicKey) {
// generate key-derivation-function and initializes it with sha1
var kdf1 = new forge.kem.kdf1(forge.md.sha1.create());
// creates a KEM function based on the key-derivation-function created above
var kem = forge.kem.rsa.create(kdf1);
// generate and encapsulate a 16-byte secret key.
// The secret key is generated using the kdf defined above.
var kemSessionKey = kem.encrypt(rsaPublicKey, 16);
// kemSessionKey has 'encapsulation' (= pub key) and 'key' (= generated secret key)
return kemSessionKey;
}
function readPublicKeyAndGenerateSessionKey(pem) {
var rsaPublicKey = getRSApublicKey(pem);
//console.log("PubKey: " + JSON.stringify(rsaPublicKey))
var kemSessionKey = generateKEMSessionKey(rsaPublicKey);
//console.log("KEM session key: " + JSON.stringify(kemSessionKey))
return kemSessionKey;
}
function encrypt(kemSessionKey, iv, msg) {
var cipher = forge.cipher.createCipher('AES-CBC', kemSessionKey.key);
cipher.start({iv: iv});
cipher.update(forge.util.createBuffer(msg, 'utf-8'));
cipher.finish();
var encrypted = cipher.output.getBytes();
encryptedB64 = forge.util.encode64(encrypted);
return encryptedB64;
}
};

3
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/eye-off.svg Normal file
View File

@ -0,0 +1,3 @@
<svg width="22" height="20" viewBox="0 0 22 20" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M2 1L5.58916 4.58916M20 19L16.4112 15.4112M12.8749 16.8246C12.2677 16.9398 11.6411 17 11.0005 17C6.52281 17 2.73251 14.0571 1.45825 9.99997C1.80515 8.8955 2.33851 7.87361 3.02143 6.97118M8.87868 7.87868C9.42157 7.33579 10.1716 7 11 7C12.6569 7 14 8.34315 14 10C14 10.8284 13.6642 11.5784 13.1213 12.1213M8.87868 7.87868L13.1213 12.1213M8.87868 7.87868L5.58916 4.58916M13.1213 12.1213L5.58916 4.58916M13.1213 12.1213L16.4112 15.4112M5.58916 4.58916C7.14898 3.58354 9.00656 3 11.0004 3C15.4781 3 19.2684 5.94291 20.5426 10C19.8357 12.2507 18.3545 14.1585 16.4112 15.4112" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 769 B

4
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/eye.svg Normal file
View File

@ -0,0 +1,4 @@
<svg width="22" height="16" viewBox="0 0 22 16" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M14 8C14 9.65685 12.6569 11 11 11C9.34315 11 8 9.65685 8 8C8 6.34315 9.34315 5 11 5C12.6569 5 14 6.34315 14 8Z" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
<path d="M1.45825 7.99997C2.73253 3.94288 6.52281 1 11.0004 1C15.4781 1 19.2684 3.94291 20.5426 8.00004C19.2684 12.0571 15.4781 15 11.0005 15C6.52281 15 2.73251 12.0571 1.45825 7.99997Z" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 585 B

61
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/fido2_auth.js Normal file
View File

@ -0,0 +1,61 @@
(function() {
'use strict'
async function assertion(options) {
let credential;
try {
credential = await navigator.credentials.get({ "publicKey": options });
}
// Cancel and timeout can occur besides error
catch (error) {
console.error(`Failed to get WebAuthn credential: ${error}`);
throw error;
}
// as this is the last call we have to do a top-level request instead of AJAX
const form = document.createElement("form");
form.method = "POST";
form.style.display = "none";
addInput(form, "path", "/nevisfido/fido2/assertion/result")
addInput(form, "id", credential.id);
addInput(form, "type", credential.type);
addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON));
addInput(form, "response.authenticatorData", base64url.encode(credential.response.authenticatorData));
addInput(form, "response.signature", base64url.encode(credential.response.signature));
document.body.appendChild(form);
form.submit();
}
function authenticate() {
// WebAuthn feature detection
if (!isWebAuthnSupportedByTheBrowser()) {
cancelFido2();
return;
};
const request = {};
request.path = "/nevisfido/fido2/attestation/options";
// calling nevisFIDO through nevisAuth on current URL using AJAX
fetch("", {
method: "POST",
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(request)
})
.then(res => res.json())
.then(options => {
options.challenge = base64url.decode(options.challenge);
options.allowCredentials = options.allowCredentials.map((c) => {
c.id = base64url.decode(c.id);
return c;
});
return assertion(options);
}).catch((error) => {
console.error(`Error during FIDO2 authentication: ${error}`);
cancelFido2();
});
}
authenticate();
})();

175
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/fido2_auth_std.js Normal file
View File

@ -0,0 +1,175 @@
(function() {
'use strict'
async function authenticate(username, params) {
try {
const { authenticationOptionsEndpoint, authenticationEndpoint, statusServiceEndpoint, userVerification, originalResource, nevisAuthEndpoint } = params;
const { startAuthentication } = SimpleWebAuthnBrowser;
// fetch authentication options from nevisFIDO and save the returned fido2SessionId for later use
const authOptRespJson = await getAuthenticationOptions(username, userVerification, nevisAuthEndpoint);
const fido2SessionId = authOptRespJson.fido2SessionId;
// do the client side authentication using the SimpleWebAuthn JS library
const authRespJson = await startAuthentication(authOptRespJson);
// in case the authentication response does not contain a userHandle (e.g. virtual authenticators used in system tests)
// then we have to obtain it (in our case it is the IDM extId) using the Status Service since at the moment nevisFIDO always expects it
if (!authRespJson.response.userHandle) {
const statusRespJson = await getFido2SessionStatus(fido2SessionId, statusServiceEndpoint);
if (statusRespJson && statusRespJson.userId) {
console.log("adding userHandle: " + statusRespJson.userId);
authRespJson.response.userHandle = btoa(statusRespJson.userId); // add missing userHandle
}
else {
throw new Error('userHandle is missing and could not determine it using the status service');
}
}
else {
console.log("userHandle already set: " + authRespJson.response.userHandle);
}
// send the assertion response created by the authenticator to nevisFIDO
const serverRespJson = await submitAssertion(authRespJson, authenticationEndpoint);
// checking the server response of nevisFIDO
if ((!serverRespJson) || (serverRespJson && serverRespJson.status !== 'ok')) {
let errorMessage = (serverRespJson && serverRespJson.errorMessage) ? serverRespJson.errorMessage : 'unexpected error';
throw new Error('authentication failed: ' + errorMessage);
}
// send a request to nevisAuth with the fido2SessionId in the header to trigger the synchronisation of the
// nevisFIDO and nevisAuth sessions (FIDO2 AuthState -> SyncFido2SessionStatusHandler) to reach AUTH_DONE
await updateNevisAuth(fido2SessionId, nevisAuthEndpoint);
console.log('authentication was successful');
console.log('reloading page...');
window.location.reload();
}
catch (error) {
console.error(`Error during FIDO2 authentication: ${error}`);
cancelFido2();
}
};
async function getAuthenticationOptions(username, userVerification, authenticationOptionsEndpoint) {
const authOptReqJson = {
'username': username,
'userVerification': userVerification,
};
const authOptReq = JSON.stringify(authOptReqJson);
console.log('authOptReq ==> ' + authOptReq);
const authOptResp = await fetch(authenticationOptionsEndpoint, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: authOptReq,
});
if (!authOptResp.ok) {
throw new Error('authOptResp error: HTTP ' + authOptResp.status + ' ' + authOptResp.statusText);
}
const authOptRespJson = await authOptResp.json()
console.log('authOptResp <== ' + JSON.stringify(authOptRespJson));
return authOptRespJson;
};
async function getFido2SessionStatus(fido2SessionId, statusServiceEndpoint) {
const statusReqJson = {
'fido2SessionId': fido2SessionId,
};
const statusReq = JSON.stringify(statusReqJson);
console.log('statusReq ==> ' + statusReq);
const statusResp = await fetch(statusServiceEndpoint, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: statusReq,
});
if (!statusResp.ok) {
throw new Error('statusResp error: HTTP ' + statusResp.status + ' ' + statusResp.statusText);
}
const statusRespJson = await statusResp.json();
console.log('statusResp <== ' + JSON.stringify(statusRespJson));
return statusRespJson;
}
async function submitAssertion(authRespJson, authenticationEndpoint) {
console.log("submitting assertion for userHandle: " + authRespJson.response.userHandle);
// TODO koenig 20230504: read btoa once nevisFIDO is adapted
let encodedAuthResp = {
"id": authRespJson.id,
"response": {
"authenticatorData": authRespJson.response.authenticatorData,
"signature": authRespJson.response.signature,
"userHandle": authRespJson.response.userHandle,
"clientDataJSON": authRespJson.response.clientDataJSON
},
"type": authRespJson.type
}
const authResp = JSON.stringify(encodedAuthResp);
console.log('authResp ==> ' + authResp);
const serverResp = await fetch(authenticationEndpoint, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: authResp,
});
if (!serverResp.ok) {
throw new Error('submitAssertion error: HTTP ' + submitAssertion.status + ' ' + submitAssertion.statusText);
}
const serverRespJson = await serverResp.json();
console.log('serverResp <== ' + JSON.stringify(serverRespJson));
return serverRespJson;
};
async function updateNevisAuth(fido2SessionId, nevisAuthEndpoint) {
console.log('updateNevisAuth ==> ' + fido2SessionId);
const updateNevisAuthResponse = await fetch(nevisAuthEndpoint, {
method: 'GET',
credentials: 'same-origin',
headers: {
'nevis-fido2-session-id': fido2SessionId,
}
});
if (!updateNevisAuthResponse.ok) {
throw new Error('updateNevisAuthResponse error: HTTP ' + updateNevisAuthResponse.status + ' ' + updateNevisAuthResponse.statusText);
}
console.log('updateNevisAuth <== OK');
return;
};
// TODO koenig 20230206: we don't generate IDs into the HTML yet
let username = document.getElementsByName("username")[0].value;
params.nevisAuthEndpoint = window.location.href;
authenticate(username, params);
})();

70
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/fido2_onboard.js Normal file
View File

@ -0,0 +1,70 @@
function dispatch(name) {
// we have to do a top-level request instead of AJAX
const form = document.createElement("form");
form.method = "POST";
form.style.display = "none";
addInput(form, name, "true");
document.body.appendChild(form);
form.submit();
}
async function attestation(options) {
let credential;
try {
credential = await navigator.credentials.create({ "publicKey": options });
}
// cancel and timeout can occur besides error
catch (error) {
console.error(`Failed to create WebAuthn credential: ${error}`);
throw error;
}
// as this is the last call we have to do a top-level request instead of AJAX
const form = document.createElement("form");
form.method = "POST";
form.style.display = "none";
addInput(form, "path", "/nevisfido/fido2/attestation/result")
addInput(form, "id", credential.id);
addInput(form, "type", credential.type);
addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON));
addInput(form, "response.attestationObject", base64url.encode(credential.response.attestationObject));
document.body.appendChild(form);
form.submit();
}
function start() {
if (!isWebAuthnSupportedByTheBrowser()) {
dispatch("unsupported");
return;
};
const request = {};
request.path = "/nevisfido/fido2/attestation/options";
// calling nevisFIDO through nevisAuth on current URL using AJAX
fetch("", {
method: "POST",
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(request)
})
.then(res => res.json())
.then(options => {
options.user.id = base64url.decode(options.user.id);
options.challenge = base64url.decode(options.challenge);
if (options.excludeCredentials != null) {
options.excludeCredentials = options.excludeCredentials.map((c) => {
c.id = base64url.decode(c.id);
return c;
});
}
if (options.authenticatorSelection.authenticatorAttachment === null) {
options.authenticatorSelection.authenticatorAttachment = undefined;
}
return attestation(options);
}).catch((error) => {
console.log('Error during FIDO2 onboarding: ' + error);
dispatch("failed");
});
}

40
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/fido2_utils.js Normal file
View File

@ -0,0 +1,40 @@
function addInput(form, name, value) {
const input = document.createElement("input");
input.name = name;
input.value = value;
form.appendChild(input);
}
/**
* Checks whether WebAuthn is supported by the browser or not.
* @return true if supported, false if it is not supported or not in secure context
*/
function isWebAuthnSupportedByTheBrowser() {
if (window.isSecureContext) {
// This feature is available only in secure contexts in some or all supporting browsers.
if ('credentials' in navigator) {
return true;
}
console.warn('Oh no! This browser does not support WebAuthn.');
return false;
}
console.warn('WebAuthn feature is available only in secure contexts. For testing over HTTP, you can use the origin "localhost".');
return false;
}
/**
* Trigger on cancel pattern of the FIDO2 authentication step.
*
* Provides an alternative when the user decides to
* cancel the fido2 credential operation(create or fetch) or
* the operation fails and the error cannot be handled.
*/
function cancelFido2() {
// we have to do a top-level request instead of AJAX
const form = document.createElement("form");
form.method = "POST";
form.style.display = "none";
addInput(form, "cancel_fido2", "true");
document.body.appendChild(form);
form.submit();
}

28767
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/forge.bundle.js Normal file
View File

File diff suppressed because it is too large Load Diff

1
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/icons/apple/black.svg Normal file
View File

@ -0,0 +1 @@
<svg width="842" height="1e3" xmlns="http://www.w3.org/2000/svg"><path d="M702 960c-54.2 52.6-114 44.4-171 19.6-60.6-25.3-116-26.9-180 0-79.7 34.4-122 24.4-170-19.6-271-279-231-704 77-720 74.7 4 127 41.3 171 44.4 65.4-13.3 128-51.4 198-46.4 84.1 6.8 147 40 189 99.7-173 104-132 332 26.9 396-31.8 83.5-72.6 166-141 227zM423 237C414.9 113 515.4 11 631 1c15.9 143-130 250-208 236z"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 386 B

BIN
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/icons/facebook/white.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.4 KiB

9
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/icons/google/google.svg Normal file
View File

@ -0,0 +1,9 @@
<?xml version="1.0" encoding="utf-8"?>
<svg viewBox="0 0 24 24" width="24" height="24" xmlns="http://www.w3.org/2000/svg">
<g transform="matrix(1, 0, 0, 1, 27.009001, -39.238998)">
<path fill="#4285F4" d="M -3.264 51.509 C -3.264 50.719 -3.334 49.969 -3.454 49.239 L -14.754 49.239 L -14.754 53.749 L -8.284 53.749 C -8.574 55.229 -9.424 56.479 -10.684 57.329 L -10.684 60.329 L -6.824 60.329 C -4.564 58.239 -3.264 55.159 -3.264 51.509 Z"/>
<path fill="#34A853" d="M -14.754 63.239 C -11.514 63.239 -8.804 62.159 -6.824 60.329 L -10.684 57.329 C -11.764 58.049 -13.134 58.489 -14.754 58.489 C -17.884 58.489 -20.534 56.379 -21.484 53.529 L -25.464 53.529 L -25.464 56.619 C -23.494 60.539 -19.444 63.239 -14.754 63.239 Z"/>
<path fill="#FBBC05" d="M -21.484 53.529 C -21.734 52.809 -21.864 52.039 -21.864 51.239 C -21.864 50.439 -21.724 49.669 -21.484 48.949 L -21.484 45.859 L -25.464 45.859 C -26.284 47.479 -26.754 49.299 -26.754 51.239 C -26.754 53.179 -26.284 54.999 -25.464 56.619 L -21.484 53.529 Z"/>
<path fill="#EA4335" d="M -14.754 43.989 C -12.984 43.989 -11.404 44.599 -10.154 45.789 L -6.734 42.369 C -8.804 40.429 -11.514 39.239 -14.754 39.239 C -19.444 39.239 -23.494 41.939 -25.464 45.859 L -21.484 48.949 C -20.534 46.099 -17.884 43.989 -14.754 43.989 Z"/>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.3 KiB

1
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/icons/microsoft/microsoft.svg Normal file
View File

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" aria-label="Microsoft" role="img" viewBox="0 0 512 512"><rect width="512" height="512" rx="15%" fill="#fff"/><path d="M75 75v171h171v-171z" fill="#f25022"/><path d="M266 75v171h171v-171z" fill="#7fba00"/><path d="M75 266v171h171v-171z" fill="#00a4ef"/><path d="M266 266v171h171v-171z" fill="#ffb900"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 347 B

2
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/jquery-3.6.0.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

31
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/loading.svg Normal file
View File

@ -0,0 +1,31 @@
<svg width="38" height="38" viewBox="0 0 38 38" xmlns="http://www.w3.org/2000/svg">
<defs>
<linearGradient x1="8.042%" y1="0%" x2="65.682%" y2="23.865%" id="a">
<stop stop-color="#168CA9" stop-opacity="0" offset="0%"/>
<stop stop-color="#168CA9" stop-opacity=".631" offset="63.146%"/>
<stop stop-color="#168CA9" offset="100%"/>
</linearGradient>
</defs>
<g fill="none" fill-rule="evenodd">
<g transform="translate(1 1)">
<path d="M36 18c0-9.94-8.06-18-18-18" id="Oval-2" stroke="url(#a)" stroke-width="2">
<animateTransform
attributeName="transform"
type="rotate"
from="0 18 18"
to="360 18 18"
dur="0.9s"
repeatCount="indefinite" />
</path>
<circle fill="#fff" cx="36" cy="18" r="1">
<animateTransform
attributeName="transform"
type="rotate"
from="0 18 18"
to="360 18 18"
dur="0.9s"
repeatCount="indefinite" />
</circle>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.2 KiB

BIN
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.5 KiB

BIN
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/logo_animated.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 68 KiB

142
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/mauth_link_qr.js Normal file
View File

@ -0,0 +1,142 @@
(function () {
function createForm() {
const form = document.createElement("form");
form.method = "POST";
form.style.display = "none";
return form;
}
function addInput(form, name, value) {
const input = document.createElement("input");
input.name = name;
input.value = value;
form.appendChild(input);
}
let statusPolling;
let isPolling = false;
let pollingTimeout = null;
const POLLING_INTERVAL = 2000;
const REQUEST_TIMEOUT = 3000;
function dispatchLink() {
document.getElementById("mauth_started").style.display = "block"; // show
const request = {};
// calling nevisFIDO through nevisAuth on current URL using AJAX
fetch("", {
method: "POST",
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(request)
}).then(res => {
res.json().then(o => {
// example response: {"dispatchResult":"..."}
if (o.dispatchResult == 'dispatched') {
// example response: {..., "dispatcherInformation":{..., "response":"admin4testing://authenticate?dispatchTokenResponse=ey..."}}
var link = o.dispatcherInformation.response;
console.log("received link: " + link);
var linkElem = document.getElementById("mauth_link");
linkElem.href = link; // custom scheme link does not work in Android 13
const isMobile = !!/(iPhone|iPad|Android)/.test(window.navigator.userAgent);
if (isMobile) {
document.getElementById("mauth_link_parent").style.display = "inline"; // show
}
var url = new URL(link);
var dispatchTokenResponse = url.searchParams.get("dispatchTokenResponse");
// render QR code
var qrCodeElem = document.getElementById("mauth_qrcode");
var qrcode = new QRious({
element: qrCodeElem,
foreground: "#168CA9",
level: "M",
size: 256,
value: link
});
var sessionId = o.sessionId;
console.log("started polling for session ID: " + sessionId);
poll(sessionId);
}
else {
console.log("authentication failed: " + o.dispatchResult);
const form = createForm();
document.body.appendChild(form);
form.submit();
}
});
}).catch((err) => console.error("error: ", err));
}
function poll(sessionId) {
if (isPolling) {
return; // Exit if a polling request is already ongoing
}
isPolling = true;
const request = { fidoUafSessionId: sessionId };
const fetchRequest = fetch("", {
method: "POST",
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(request)
});
// Set up the timeout for the fetch request
const timeoutPromise = new Promise((_, reject) => {
pollingTimeout = setTimeout(() => {
reject(new Error('Request timed out'));
}, REQUEST_TIMEOUT);
});
Promise.race([fetchRequest, timeoutPromise])
.then(res => res.json())
.then(o => {
clearTimeout(pollingTimeout);
var status = o.status;
console.log("status: " + status);
if (status == 'clientAuthenticating') {
// show process icon
document.getElementById("mauth_loading").style.display = 'block';
// hide QR-code and information
document.getElementById("mauth_qrcode").style.display = 'none';
document.getElementById("mauth_qrcode_info").style.display = 'none';
}
if (status == 'succeeded') {
clearInterval(statusPolling);
// as this is the last call we have to do a top-level request instead of AJAX
const form = createForm();
addInput(form, "continue", "true"); // required for custom dispatching in usernameless
document.body.appendChild(form);
form.submit();
} else if (status == 'failed' || status == 'unknown') {
clearInterval(statusPolling);
console.error("authentication failed with status: " + status);
// as this is the last call we have to do a top-level request instead of AJAX
const form = createForm();
addInput(form, "fidoUafSessionId", sessionId);
document.body.appendChild(form);
form.submit();
}
})
.catch((err) => {
console.error("error:", err);
})
.finally(() => {
isPolling = false;
// Schedule the next poll if needed
setTimeout(() => poll(sessionId), POLLING_INTERVAL);
});
}
dispatchLink();
})();

128
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/mauth_onboard.js Normal file
View File

@ -0,0 +1,128 @@
(function () {
function createForm() {
const form = document.createElement("form");
form.method = "POST";
form.style.display = "none";
return form;
}
function addInput(form, name, value) {
const input = document.createElement("input");
input.name = name;
input.value = value;
form.appendChild(input);
}
let statusPolling;
let isPolling = false;
let pollingTimeout = null;
const POLLING_INTERVAL = 2000;
const REQUEST_TIMEOUT = 3000;
function renderEnrollment() {
// link is provided by a hidden GuiElem
var link = document.getElementsByName("mauth_dispatcher_link")[0].value;
console.log("received dispatcher link: " + link);
const isMobile = !!/(iPhone|iPad|Android)/.test(window.navigator.userAgent);
if (isMobile) {
var linkElem = document.getElementById("mauth_link");
linkElem.href = link;
document.getElementById("mauth_link_parent").style.display = "inline"; // show
}
var url = new URL(link);
var dispatchTokenResponse = url.searchParams.get("dispatchTokenResponse");
// render QR code into mauth_qrcode element
var qrCodeElem = document.getElementById("mauth_qrcode");
var qrcode = new QRious({
element: qrCodeElem,
foreground: "#168CA9",
level: "M",
size: 256,
value: link
});
// show entire element
document.getElementById("mauth_started").style.display = "block";
console.log("scheduling status polling (2s interval)");
statusPolling = window.setInterval(function () {
poll();
}, 2000);
}
function poll() {
if (isPolling) {
return; // Exit if a polling request is already ongoing
}
isPolling = true;
// state is held on backend side
const request = {};
const fetchRequest = fetch("", {
method: "POST",
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(request)
});
// Set up the timeout for the fetch request
const timeoutPromise = new Promise((_, reject) => {
pollingTimeout = setTimeout(() => {
reject(new Error('Request timed out'));
}, REQUEST_TIMEOUT);
});
Promise.race([fetchRequest, timeoutPromise])
.then(res => res.json())
.then(o => {
clearTimeout(pollingTimeout);
var status = o.status;
console.log("status: " + status);
if (status == 'clientRegistering') {
// show process icon
document.getElementById("mauth_loading").style.display = 'block';
// hide QR-code and information
document.getElementById("mauth_qrcode").style.display = 'none';
document.getElementById("mauth_qrcode_info").style.display = 'none';
} else if (status == 'succeeded') {
clearInterval(statusPolling);
console.log("onboarding successful");
// as this is the last call we have to do a top-level request instead of AJAX
const form = createForm();
document.body.appendChild(form);
form.submit();
} else if (status == 'failed' || status == 'unknown') {
clearInterval(statusPolling);
console.error("onboarding failed with status: " + status);
// as this is the last call we have to do a top-level request instead of AJAX
const form = createForm();
document.body.appendChild(form);
form.submit();
}
})
.catch((err) => {
console.error("error:", err);
})
.finally(() => {
isPolling = false;
// Schedule the next poll if needed
setTimeout(() => poll(), POLLING_INTERVAL);
});
}
renderEnrollment();
})();

193
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/mauth_push_qr.js Normal file
View File

@ -0,0 +1,193 @@
(function () {
function createForm() {
const form = document.createElement("form");
form.method = "POST";
form.style.display = "none";
return form;
}
function addInput(form, name, value) {
const input = document.createElement("input");
input.name = name;
input.value = value;
form.appendChild(input);
}
let statusPolling;
let isPolling = false;
let pollingTimeout = null;
const POLLING_INTERVAL = 2000;
const REQUEST_TIMEOUT = 3000;
function dispatch(id) {
document.getElementById("mauth_devices").style.display = "none"; // hide selection menu
document.getElementById("mauth_started").style.display = "block"; // show
const request = {};
request.dispatchTargetId = id;
request.dispatcher = "firebase-cloud-messaging";
// calling nevisFIDO through nevisAuth on current URL using AJAX
fetch("", {
method: "POST",
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(request)
}).then(res => {
res.json().then(o => {
console.log("dispatch response: " + JSON.stringify(o));
// example response: {"dispatchResult":"..."}
if (o.dispatchResult == 'dispatched') {
// example response: {"token":"...","sessionId":"...","dispatchResult":"dispatched","dispatcherInformation":{"name":"firebase-cloud-messaging","response":"..."}}
console.log("push dispatching successful");
// set numbers for number matching
if (o.channelLinking) {
document.getElementById('mauth_match_numbers').innerHTML = o.channelLinking.content;
}
// preparing content for QR-code
var token = o.token;
console.log("found token: " + token);
// hidden GuiElem
var redeemUrl = document.querySelector('input[name=redeem_url]').value;
console.log("found redeem URL: " + redeemUrl);
let qrCodeContents = {
nma_data_version: "1",
nma_data_content_type: "application/json",
nma_data: {
token: token,
redeem_url: redeemUrl
}
};
var qrCodeValue = window.btoa(JSON.stringify(qrCodeContents));
// render QR code
var qrCodeElem = document.getElementById("mauth_qrcode");
console.log("rendering QR code");
var qrcode = new QRious({
element: qrCodeElem,
foreground: "#168CA9",
level: "M",
size: 256,
value: qrCodeValue
});
var sessionId = o.sessionId;
console.log("started polling for session ID: " + sessionId);
poll(sessionId);
}
else {
console.log("authentication failed: " + o.dispatchResult);
const form = createForm();
document.body.appendChild(form);
form.submit();
}
});
}).catch((err) => console.error("error: ", err));
}
function renderDeviceList() {
const request = {};
// calling nevisFIDO through nevisAuth on current URL using AJAX
fetch("", {
method: "POST",
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(request)
}).then(res => {
res.json().then(o => {
// example response: {"dispatchTargets":[{"id":"40a41ac7-0189-4c0b-8db9-cafcaa3e3f11","name":"Android Google Pixel 4 23.11.2022 07:26:25"}]}
var devices = o.dispatchTargets;
if (devices.length > 1) {
console.log("multiple devices found, selection menu required.");
let list = document.getElementById("mauth_devices");
for (let i = 0; i < devices.length; i++) {
let device = devices[i];
var item = document.createElement("li");
item.class = "list-group-item list-group-item-action";
item.onclick = function() { dispatch(device.id) };
item.innerHTML += device.name;
list.appendChild(item);
}
list.style.display = "block"; // show selection menu
}
else if (devices.length == 1) {
console.log("user has only 1 device, no selection required.");
dispatch(devices[0].id);
}
else {
console.error("user has no device.");
// TODO koenig 20221124: design this case
}
});
}).catch((err) => console.error("error: ", err));
}
function poll(sessionId) {
if (isPolling) {
return; // Exit if a polling request is already ongoing
}
isPolling = true;
const request = { fidoUafSessionId: sessionId };
const fetchRequest = fetch("", {
method: "POST",
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(request)
});
// Set up the timeout for the fetch request
const timeoutPromise = new Promise((_, reject) => {
pollingTimeout = setTimeout(() => {
reject(new Error('Request timed out'));
}, REQUEST_TIMEOUT);
});
Promise.race([fetchRequest, timeoutPromise])
.then(res => res.json())
.then(o => {
clearTimeout(pollingTimeout);
var status = o.status;
console.log("status: " + status);
if (status == 'clientAuthenticating') {
document.getElementById("mauth_qrcode").style.display = 'none';
document.getElementById("mauth_qrcode_info").style.display = 'none';
document.getElementById("mauth_match_numbers").style.display = 'block';
document.getElementById("mauth_loading").style.display = 'block';
}
if (status == 'succeeded') {
clearInterval(statusPolling);
const form = createForm();
document.body.appendChild(form);
form.submit();
} else if (status == 'failed' || status == 'unknown') {
clearInterval(statusPolling);
console.error("authentication failed with status: " + status);
const form = createForm();
addInput(form, "fidoUafSessionId", sessionId);
document.body.appendChild(form);
form.submit();
}
})
.catch((err) => {
console.error("error:", err);
})
.finally(() => {
isPolling = false;
// Schedule the next poll if needed
setTimeout(() => poll(sessionId), POLLING_INTERVAL);
});
}
renderDeviceList();
})();

143
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/mauth_usernameless.js Normal file
View File

@ -0,0 +1,143 @@
(function () {
function createForm() {
const form = document.createElement("form");
form.method = "POST";
form.style.display = "none";
return form;
}
function addInput(form, name, value) {
const input = document.createElement("input");
input.name = name;
input.value = value;
form.appendChild(input);
}
let statusPolling;
let isPolling = false;
let pollingTimeout = null;
const POLLING_INTERVAL = 2000;
const REQUEST_TIMEOUT = 3000;
function dispatch() {
console.log("initiating usernameless mobile authentication...");
document.getElementById("mauth_started").style.display = "block"; // show
const request = {};
// calling nevisFIDO through nevisAuth on current URL using AJAX
fetch("", {
method: "POST",
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(request)
}).then(res => {
res.json().then(o => {
console.log(o);
// example response: {"dispatchResult":"..."}
if (o.dispatchResult == 'dispatched') {
// example response: {..., "dispatcherInformation":{..., "response":"admin4testing://authenticate?dispatchTokenResponse=ey..."}}
var link = o.dispatcherInformation.response;
console.log("received link: " + link);
var linkElem = document.getElementById("mauth_link");
linkElem.href = link; // custom scheme link does not work in Android 13
const isMobile = !!/(iPhone|iPad|Android)/.test(window.navigator.userAgent);
if (isMobile) {
document.getElementById("mauth_link_parent").style.display = "inline"; // show
}
var url = new URL(link);
var dispatchTokenResponse = url.searchParams.get("dispatchTokenResponse");
// render QR code
var qrCodeElem = document.getElementById("mauth_qrcode");
var qrcode = new QRious({
element: qrCodeElem,
foreground: "#168CA9",
level: "M",
size: 256,
value: link
});
var sessionId = o.sessionId;
console.log("started polling for session ID: " + sessionId);
poll(sessionId);
}
else {
console.log("authentication failed: " + o.dispatchResult);
const form = createForm();
document.body.appendChild(form);
form.submit();
}
});
}).catch((err) => console.error("error: ", err));
}
function poll(sessionId) {
if (isPolling) {
return; // Exit if a polling request is already ongoing
}
isPolling = true;
const request = { fidoUafSessionId: sessionId };
const fetchRequest = fetch("", {
method: "POST",
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(request)
});
// Set up the timeout for the fetch request
const timeoutPromise = new Promise((_, reject) => {
pollingTimeout = setTimeout(() => {
reject(new Error('Request timed out'));
}, REQUEST_TIMEOUT);
});
Promise.race([fetchRequest, timeoutPromise])
.then(res => res.json())
.then(o => {
clearTimeout(pollingTimeout);
var status = o.status;
console.log("status: " + status);
if (status == 'clientAuthenticating') {
// show process icon
document.getElementById("mauth_loading").style.display = 'block';
document.getElementById("mauth_qrcode").style.display = 'none';
}
if (status == 'succeeded') {
clearInterval(statusPolling);
// as this is the last call we have to do a top-level request instead of AJAX
const form = createForm();
addInput(form, "continue", "true"); // required for custom dispatching in usernameless
document.body.appendChild(form);
form.submit();
} else if (status == 'failed' || status == 'unknown') {
clearInterval(statusPolling);
console.error("authentication failed with status: " + status);
// as this is the last call we have to do a top-level request instead of AJAX
const form = createForm();
addInput(form, "fidoUafSessionId", sessionId);
document.body.appendChild(form);
form.submit();
}
})
.catch((err) => {
console.error("error:", err);
})
.finally(() => {
isPolling = false;
// Schedule the next poll if needed
setTimeout(() => poll(sessionId), POLLING_INTERVAL);
});
}
dispatch();
})();

43
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/oauth_consent.js Normal file
View File

@ -0,0 +1,43 @@
// display oauth scopes listed in input field 'consentInformation'
// change 'consentInformation' and 'scope_name' to the values used in your configuration.
$(function() {
var consentInformationFieldName = "consentInformation"; // name of the input field from which to parse the value as the consent information JSON
var scopeDescriptionSource = "scope_name"; // key of the field in the consent information JSON of which to get the value as the scope description
function displayOAuthScopesConsent() {
var jsonData = parseJson();
if (jsonData !== undefined) {
mapJsonToHtml(jsonData)
}
}
function mapJsonToHtml(jsonData) {
mapJsonToHtmlScopeList("listOfRequestedScopesWithExistingConsent", jsonData.requestedScopesWithExistingConsent, "Already accepted scopes:");
mapJsonToHtmlScopeList("listOfRequestedScopes", jsonData.requestedScopesRequiringConsent, "Requested scopes that require a consent:");
}
function mapJsonToHtmlScopeList(elementId, scopeInformation, title) {
if (scopeInformation !== undefined && Object.keys(scopeInformation).length > 0) {
$("input[name=" + consentInformationFieldName +"]").after("<p style='margin-top: 0.5em'>" + title + "</p><div class='scopeinfobox'><ul id='" + elementId + "' /> </div>");
jQuery.each(scopeInformation, function(key,value) {
var scopeDescription = value[scopeDescriptionSource];
if (scopeDescription) {
$("#" + elementId).append('<li>' + scopeDescription + '</li>');
} else {
$("#" + elementId).append('<li>' + key + '</li>');
}
});
}
}
function parseJson() {
var consentInformationField = $("input[name=" +consentInformationFieldName +"]");
if (consentInformationField.length > 0) {
return JSON.parse(consentInformationField.val());
}
}
displayOAuthScopesConsent();
});

6
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/qrious.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

11
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/show-password.js Normal file
View File

@ -0,0 +1,11 @@
function toggleInputType(passwordInputId, eyeIconId, resourcePath) {
const passwordInput = document.getElementById(passwordInputId);
const eyeIcon = document.getElementById(eyeIconId);
if (passwordInput.type === 'text') {
passwordInput.type = 'password';
eyeIcon.src = resourcePath + '/resources/eye.svg';
return;
}
passwordInput.type = 'text';
eyeIcon.src = resourcePath + '/resources/eye-off.svg';
}

2
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/simplewebauthn-browser@7.1.0.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

65
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/default.vm Normal file
View File

@ -0,0 +1,65 @@
#set($jsValidation = 1) ## enable JS validation, client-side
#set($useFormEncryption = $gui.encryption && ($gui.encryption.length() > 0))
#set($encryptionParamsOk = true)
#if ($useFormEncryption)
#* check the mandatory e2eenc.publicKey GuiElem *#
#set($encryptionParamsOk = $gui.getGuiElem("e2eenc.publicKey") && ($gui.getGuiElem("e2eenc.publicKey") != "" ))
#end
#if (!$encryptionParamsOk)
$response.setStatus(502)
#else
#set($isAjaxRequest = "XMLHttpRequest" == $login.requestHeaders.get("X-Requested-With"))
#set($acceptHeader = $login.requestHeaders.accept)
#if (!$acceptHeader)
#set($acceptHeader = $login.requestHeaders.Accept)
#end
#if ($acceptHeader)
#set($isHtmlRequest = $acceptHeader.contains("text/html") || $acceptHeader.contains("*/*"))
#set($isJsonRequest = $acceptHeader.contains("application/json"))
#set($isSoapRequest = $acceptHeader.contains("application/soap+xml"))
#set($isXmlRequest = $acceptHeader.contains("application/xml")||$acceptHeader.contains("text/xml"))
#set($isCssRequest = $acceptHeader.contains("text/css"))
#else
#set($isHtmlRequest = true)
#set($isSoapRequest = false)
#set($isXmlRequest = false)
#set($isCssRequest = false)
#end
## sending the query parameter render=form will render only the inner form
#set($isFormRequest = "form" == $login.requestParameters.render && $isHtmlRequest)
#parse("${templatePath}/macros.vm")
#if ($isHtmlRequest)
#if ($isFormRequest)
#parse("${templatePath}/form.vm")
#else
## html.vm is generated from html provided via pattern
#parse("${templatePath}/html.vm")
#end
#end
## AJAX requests: signal to JS-Client that login is required
#if ($isAjaxRequest)
$response.setStatus(401)
$response.setHeader("WWW-Authenticate","$gui.domain")
#end
#if (!$isHtmlRequest && $isXmlRequest)
$response.setHeader("Content-Type","text/xml")
## emit custom XML here, use $utils.escapeXml to sanitize values coming from clients
#end
#if (!$isHtmlRequest && $isJsonRequest)
$response.setHeader("Content-Type","application/json")
#parse("${templatePath}/json.vm")
## emit custom JSON here, use $utils.escapeJs to sanitize values coming from clients
#end
#end

11
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/footer.vm Normal file
View File

@ -0,0 +1,11 @@
<footer id="footer" class="text-primary">
<div class="row small">
<div class="col-md-4 hidden-xs hidden-sm">Copyright &#169; 2023 NEVIS Security AG</div>
<div class="col-xs-12 col-md-4 text-center text-uppercase logo-round-container">
<div class="logo-round center-block">
<img src="${login.appDataPath}/resources/logo.png" alt="NEVIS Security Suite">
</div>
<strong>NEVIS Security Suite</strong>
</div>
</div>
</footer>

127
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/form.vm Normal file
View File

@ -0,0 +1,127 @@
## if only form, then we include javascript here (start of body)
#if ($isFormRequest)
#parse("${templatePath}/js_start.vm")
#end
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
#if ($useFormEncryption)
<div id="e2eeSplashScreen" style="display:none;">
<h2 class="logintitle text-center">$gui.label</h2>
<div class="field info" id="info">$text.get("e2ee.splashscreen.msg")</div>
</div>
#end
<div id="loginform">
<form id="$gui.name" name="$gui.name"
#if ($useFormEncryption) onsubmit="new e2eenc().encryptForm('$gui.encryption','$gui.name')" #end
method="POST" target="_self" action="$formTarget" autocomplete="off" accept-charset="UTF-8" class="form-horizontal">
<h1 class="logintitle text-center">$gui.label</h1>
#set ($tabindex = 0)
#set ($policyFailureOpen = false)
#set ($policyInfoOpen = false)
#foreach ($guiElem in $gui.getGuiElems())
#set ($tabindex = $tabindex+1)
#if ($guiElem.name.startsWith("policyInfo") && $guiElem.label && $guiElem.label.length() > 0)
#if (!$policyInfoOpen)
<div class="form-group">
<div class="col-sm-offset-3 col-sm-6">
#set ($policyInfoOpen = true)
#end
<span class="help-block small" id="$guiElem.name">$guiElem.label</span>
#elseif ($guiElem.name.startsWith("policyFailure") && $guiElem.label && $guiElem.label.length() > 0)
#if (!$policyFailureOpen)
<div class="form-group has-error">
<div class="col-sm-offset-3 col-sm-6">
#set ($policyFailureOpen = true)
#end
<span class="help-block small" id="$guiElem.name">$guiElem.label</span>
#else
#if (!$guiElem.name.startsWith("policyInfo") && $policyInfoOpen) ## close
</div>
</div>
#set ($policyInfoOpen = false)
#end
#if (!$guiElem.name.startsWith("policyFailure") && $policyFailureOpen) ## close
</div>
</div>
#set ($policyFailureOpen = false)
#end
#renderFormField($guiElem, $gui, $tabindex)
#end
#end
## this block applies when Channel is set to Push / Link
#if ($gui.name == "mauth_link_qr" || $gui.name == "mauth_onboard")
<!-- shown after dispatching -->
<center id="mauth_started">
<img id="mauth_loading" style="width: 60px; height: 60px; display: none;" src="${login.appDataPath}/resources/loading.svg"/>
<br><br>
<p id="mauth_qrcode_info">$text.get("mobile_auth.scan")</p>
<canvas id="mauth_qrcode" style="width: 256px; height: 256px;">
</canvas>
<div id="mauth_link_parent" class="form-group" style="display: none">
$text.get("mobile_auth.link")
</div>
</center>
#end
## this block applies when Channel is set to Push / QR-code (in-app)
#if ($gui.name == "mauth_push_qr")
<!-- shown if the user has multiple devices -->
<ul id="mauth_devices" style="display: none">
</ul>
<!-- shown after selecting the device -->
<center id="mauth_started" style="display: none">
<img id="mauth_loading" style="width: 60px; height: 60px; display: none;" src="${login.appDataPath}/resources/loading.svg"/>
<p id="mauth_match_numbers" style="font-size: 64px; display: none;"></p>
<p id="mauth_qrcode_info">$text.get("mobile_auth.push-or-scan")</p>
<canvas id="mauth_qrcode" style="width: 256px; height: 256px;">
</canvas>
</center>
#end
## this block applies for usernameless mobile authentication
#if ($gui.name == "mauth_usernameless")
<center id="mauth_started" style="display: none">
<img id="mauth_loading" style="width: 60px; height: 60px; display: none;" src="${login.appDataPath}/resources/loading.svg"/>
<br><br>
<p id="mauth_qrcode_info">$text.get("mobile_auth.scan")</p>
<canvas id="mauth_qrcode" style="width: 256px; height: 256px;">
</canvas>
<div id="mauth_link_parent" class="form-group" style="display: none">
<a href="" id="mauth_link">$text.get("mobile_auth.link")</a>
</div>
</center>
#end
#if ($useFormEncryption)
<input type="hidden" name="e2eenc.fields" value="not-set">
<input type="hidden" name="e2eenc.iv" value="not-set">
<input type="hidden" name="e2eenc.encapsulation" value="not-set">
#end
#renderFormControls($gui)
#renderFormLinks($gui)
</form>
<!-- position input focus into first element of form -->
<script type="text/javascript">
const form = document.forms['$gui.name'];
if (form) {
const input = form.elements[0];
if (input) {
input.focus();
}
}
</script>
## if only form, then we include javascript here (end of body)
#if ($isFormRequest)
#parse("${templatePath}/js_end.vm")
#end
</div>

3
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/header.vm Normal file
View File

@ -0,0 +1,3 @@
<header id="header" class="container-fluid">
<img class="logo center-block" src="${login.appDataPath}/resources/logo_animated.gif" alt="NEVIS Security Suite">
</header>

32
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/html.vm Normal file
View File

@ -0,0 +1,32 @@
<!DOCTYPE html>
<html lang="${utils.escapeHtml($login.localeCode)}">
<head>
<title>$text.get('title')</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link href="${login.appDataPath}/resources/bootstrap.min.css" rel="stylesheet" type="text/css">
<link href="${login.appDataPath}/resources/bootstrap-theme.min.css" rel="stylesheet" type="text/css" media="all">
<link href="${login.appDataPath}/resources/default.css" rel="stylesheet" type="text/css" media="all">
<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">
#parse("${templatePath}/js_start.vm")
</head>
<body>
#parse("${templatePath}/lang.vm")
#parse("${templatePath}/header.vm")
<main id="content" class="container">
#parse("${templatePath}/form.vm")
</main>
#parse("${templatePath}/footer.vm")
#parse("${templatePath}/js_end.vm")
</body>
</html>

76
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/js_end.vm Normal file
View File

@ -0,0 +1,76 @@
<script src="${login.appDataPath}/resources/dropdown.js"></script>
<script src="${login.appDataPath}/resources/show-password.js"></script>
#if ($gui.name == "oauth_consent")
<script src="${login.appDataPath}/resources/oauth_consent.js"></script>
#end
#if ($gui.name == "authcloud")
<script src="${login.appDataPath}/resources/qrious.min.js"></script>
<script src="${login.appDataPath}/resources/authcloud.js"></script>
#end
#if ($gui.name == "authcloud_onboard")
<script src="${login.appDataPath}/resources/qrious.min.js"></script>
<script src="${login.appDataPath}/resources/authcloud_onboard.js"></script>
#end
#if ($gui.name == "authcloud_login")
<script src="${login.appDataPath}/resources/qrious.min.js"></script>
<script src="${login.appDataPath}/resources/authcloud_login.js"></script>
#end
#if ($gui.name == "mauth_onboard")
<script src="${login.appDataPath}/resources/qrious.min.js"></script>
<script src="${login.appDataPath}/resources/mauth_onboard.js"></script>
#end
#if ($gui.name == "mauth_link_qr")
<script src="${login.appDataPath}/resources/qrious.min.js"></script>
<script src="${login.appDataPath}/resources/mauth_link_qr.js"></script>
#end
#if ($gui.name == "mauth_push_qr")
<script src="${login.appDataPath}/resources/qrious.min.js"></script>
<script src="${login.appDataPath}/resources/mauth_push_qr.js"></script>
#end
#if ($gui.name == "mauth_usernameless")
<script src="${login.appDataPath}/resources/qrious.min.js"></script>
<script src="${login.appDataPath}/resources/mauth_usernameless.js"></script>
#end
#if ($gui.name == "fido2_auth")
<script src="${login.appDataPath}/resources/base64.js"></script>
<script src="${login.appDataPath}/resources/fido2_utils.js"></script>
<script src="${login.appDataPath}/resources/fido2_auth.js"></script>
#end
#if ($gui.name == "fido2_auth_std")
#set ($authenticationOptionsPath = $login.requestHeaders["fido2AuthenticationOptionsPath"])
#set ($authenticationPath = $login.requestHeaders["fido2AuthenticationPath"])
#set ($statusServicePath = $login.requestHeaders["fido2StatusServicePath"])
#set ($userVerification = $login.requestHeaders["fido2UserVerification"])
<script>
let params = {
authenticationOptionsEndpoint: "$authenticationOptionsPath",
authenticationEndpoint: "$authenticationPath",
statusServiceEndpoint: "$statusServicePath",
userVerification: "$userVerification",
};
</script>
<script src="${login.appDataPath}/resources/simplewebauthn-browser@7.1.0.min.js"></script>
<script src="${login.appDataPath}/resources/fido2_utils.js"></script>
<script src="${login.appDataPath}/resources/fido2_auth_std.js"></script>
#end
#if ($gui.name == "fido2_onboard")
<script src="${login.appDataPath}/resources/base64.js"></script>
<script src="${login.appDataPath}/resources/fido2_utils.js"></script>
<script src="${login.appDataPath}/resources/fido2_onboard.js"></script>
#end
#if ($useFormEncryption)
<script src="${login.appDataPath}/resources/forge.bundle.js"></script>
<script src="${login.appDataPath}/resources/e2eenc.js"></script>
#end

1
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/js_start.vm Normal file
View File

@ -0,0 +1 @@
<script src="${login.appDataPath}/resources/jquery-3.6.0.min.js"></script>

88
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/json.vm Normal file
View File

@ -0,0 +1,88 @@
## This template is used to respond with a JSON format
## In this case, the client is supposed to parse and show the data
## The JSON data is close to the XML format of the GuiDesc
#set ($target = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
{
"name" : "$gui.name" ,
"target" : "$target" #if ($gui.label || $gui.language || $gui.domain || $gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if
#if ($gui.label) "label" : "$gui.label" #if ($gui.language || $gui.domain || $gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if
#end ## if
#if ($gui.language) "language" : "$gui.language" #if ($gui.domain || $gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if
#end ## if ($gui.language)
#if ($gui.domain) "domain" : "$gui.domain" #if ($gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if
#end ## if ($gui.domain)
#if ($gui.getGuiElems().size() > 0)
"elements" : [
#set ($i = 0)
#foreach ($guiElem in $gui.getGuiElems())
{
"name" : "$guiElem.name",
"type" : "$guiElem.type",
"optional" : "$guiElem.optional",
"label" : "$guiElem.label" #if ($guiElem['validation-failed'] || $guiElem.value || $guiElem.length || $guiElem.format), #end
#if ($guiElem['validation-failed']) "validation-failed" : "$guiGroup.validationFailed" #if ($guiElem.value || $guiElem.length || $guiElem.format), #end
#end ## if ($guiElem['validation-failed'])
#if ($guiElem.value) "value" : "$guiElem.value.replaceAll('\\\\','_ESCAPED_BACKSLASH_').replaceAll('\\"','_ESCAPED_QUOTE_').replaceAll('\\','\\\\').replaceAll('"','\\"').replaceAll('_ESCAPED_BACKSLASH_','\\\\').replaceAll('_ESCAPED_QUOTE_','\\"')" #if ($guiElem.length || $guiElem.format), #end
#end ## if ($guiElem.value)
#if ($guiElem.length) "max-length" : "$guiElem.length" #if ($guiElem.format), #end
#end ## if ($guiElem.length)
#if ($guiElem.format) "format" : "$guiElem.format"
#end
}
#set ($i = $i + 1)
#if ($i < ($gui.getGuiElems().size())), #end
#end ## loop
] #if ($gui.getGuiGroup() && $gui.getGuiGroup().size() > 0), #end
#end ## if ($gui.getGuiGroup() && $gui.getGuiElem().size() > 0)
#if ($gui.getGuiGroup() && $gui.getGuiGroup().size() > 0)
"groups" : [
#set ($j = 0)
#foreach ($guiGroup in $gui.getGuiGroup())
"name" : "$guiGroup.name",
"type" : "$guiGroup.type",
"label" : "$guiGroup.label",
"multiple" : "$guiGroup.multiple",
"format" : "$guiGroup.format",
"optional" : "$guiGroup.optional",
"validation-failed" : "$guiGroup.validationFailed" #if ($gui.getGuiElems().length() > 0), #end
#if ($gui.getGuiElems() && $gui.getGuiElems().length() > 0)
"elements" : [
#set ($i = 0)
#foreach ($guiElem in $gui.getGuiElems())
{
"name" : "$guiElem.name",
"type" : "$guiElem.type",
"optional" : "$guiElem.optional",
"validation-failed" : "$guiGroup.validationFailed",
"label" : "$guiElem.label" #if ($guiElem.value || $guiElem.length || $guiElem.format), #end
#if ($guiElem.value)
"value" : "$guiElem.value.replaceAll('\\\\','_ESCAPED_BACKSLASH_').replaceAll('\\"','_ESCAPED_QUOTE_').replaceAll('\\','\\\\').replaceAll('"','\\"').replaceAll('_ESCAPED_BACKSLASH_','\\\\').replaceAll('_ESCAPED_QUOTE_','\\"')" #if ($guiElem.length || $guiElem.format), #end
#end ## if ($guiElem.value)
#if ($guiElem.length)
"max-length" : "$guiElem.length" #if ($guiElem.format), #end
#end ## if ($guiElem.length)
#if ($guiElem.format)
"format" : "$guiElem.format"
#end ## if ($guiElem.format)
}
#set ($i = $i + 1)
#if ($i < ($gui.getGuiElems().size())), #end
#end ## loop
] #if ($foreach.hasNext), #end
#set ($j = $j + 1)
#if ($j < ($gui.getGuiGroup().size())), #end
#end ## foreach ($guiGroup in $gui.getGuiGroup())
#end ## if ($gui.getGuiElem() && $gui.getGuiElem().size() > 0)
]
#end ## if ($gui.getGuiGroup() && $gui.getGuiGroup().length() > 0)
}

32
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/lang.vm Normal file
View File

@ -0,0 +1,32 @@
## Nav =================================================================
<nav id="language-switch" class="container-fluid">
<div class="dropdown pull-right">
<a id="language-switch-btn" class="dropdown-toggle text-uppercase small" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
<strong id="language">$login.localeCode</strong>
<span class="caret"></span>
</a>
<ul class="dropdown-menu" aria-labelledby="language-switch-btn">
## loop over all defined languages/locales....
#foreach ($locale in $login.locales)
## find translated label of current locale
#if ($text.contains("language.$locale"))
#set ($langLabel = $text.get("language.$locale"))
#elseif ($locale.length() > 2)
#set ($langLabel = $text.get("language.${locale.substring(0,2).toLowercase()}"))
#else
#set ($langLabel = $locale)
#end
## emit link or text for each language
#if ($login.localeCode != $locale && $login.language != $locale)
#set ($langTarget = $utils.escapeHtmlAttribute($gui.target('language', $locale)))
<li>
<a class="lang" href="$langTarget">
<strong class="prefix text-primary text-uppercase">$locale</strong>
<span>$langLabel</span>
</a>
</li>
#end
#end ## end foreach
</ul>
</div>
</nav>

295
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/macros.vm Normal file
View File

@ -0,0 +1,295 @@
#macro(renderFormField $guiElem, $gui, $tabindex)
#if ($guiElem.type == "submit" || $guiElem.type == "button" || $guiElem.type == "reset" || $guiElem.type == "link")
## do nothing, will be rendered in renderFormControls nd renderFormLinks
#elseif ($guiElem.type == "info" || $guiElem.type == "error")
#if ($guiElem.label && $guiElem.label.length() > 0)
## special fields: display some text only
#set ($class = "form-group")
#if ($guiElem.type == "error")
#set ($class = "$class has-error")
#end
<div class="$class">
<div class="col-sm-offset-3 col-sm-6">
<span class="help-block small" id="$guiElem.name">
$guiElem.label
</span>
</div>
</div>
#end
#elseif ($guiElem.type == "hidden" && $guiElem.name == "saml.logoutURLs")
<script>
var sp_urls = '$guiElem.value'.split(',');
var final_url = '$gui.getGuiElem("saml.logoutURL").value';
function kill_session() {
var current_url = window.location.href;
if (current_url.indexOf('?logout') == -1 && current_url.indexOf('&logout') == -1) {
console.log("current URL does not terminate the IDP session");
var logout_url = '';
if (current_url.indexOf('?') > 0) {
logout_url = current_url + "&logout";
}
else {
logout_url = current_url + "?logout";
}
$.ajax({
type: "GET",
url: logout_url,
async: false,
xhrFields: {
withCredentials: true
},
dataType: "text",
success: function() {},
error: function() {}
});
}
}
var request_urls = sp_urls.filter(function(current_url) {
return current_url.indexOf('SAMLRequest') > 0;
});
var response_urls = sp_urls.filter(function(current_url) {
return current_url.indexOf('SAMLResponse') > 0;
});
function end_logout() {
if (response_urls.length == 0) {
console.log('IDP-initiated SAML logout detected');
kill_session(); // required to terminate IDP session
window.location.href = final_url;
}
else {
console.log('SP-initiated SAML logout detected');
kill_session(); // required to terminate IDP session
window.location.href = response_urls[0]; // only 1 such URL allowed. process ends on SP
}
}
var requests = [];
for (var i = 0; i < request_urls.length; i++) {
var current_url = request_urls[i];
requests.push($.ajax({
type: "GET",
url: current_url,
xhrFields: {
withCredentials: true
},
crossDomain: true,
dataType: 'jsonp',
error: function() {}
})
);
}
// send out the requests in parallel and afterwards terminate the logout process
// we have to terminate the logout no mather if the requests were successful or if there were failed requests
$.when.apply($, requests).then(function() { end_logout(); }, function() { end_logout(); });
</script>
#elseif ($guiElem.type == "hidden")
<input type="hidden" name="$guiElem.name" value="$utils.escapeHtml($guiElem.value)">
#else ## not info, error, button, submit, reset or hidden -> normal visual element
## define CSS class of representation in form
#set ($class = "form-group")
#if ($guiElem.optional)
#set ($class = "$class optional")
#else
#set ($class = "$class required")
#end
## highlight failed input validation, if flagged
#if ($guiElem.validationFailed && $guiElem.value && $guiElem.value.length() > 0)
#set ($class = "$class has-error")
#end
#if ($guiElem.validationFailed && (!$guiElem.value || $guiElem.value.length() == 0))
#set ($class = "$class has-error")
#end
## the form field's container, a label, and optionally a validation-related message
<div class="$class">
## Special handling required for radios + checkboxes
#if ($guiElem.type != "radio" && $guiElem.type != "checkbox")
<label class="col-sm-3 control-label" for="$guiElem.name">
#if ($guiElem.name.startsWith("inputField") && !$guiElem.optional)
$guiElem.label<span style="color: red">*</span>
#else
$guiElem.label
#end
</label>
<div class="col-sm-6">
#if ($guiElem.type == "text")
<input class="form-control" type="text" name="$guiElem.name" id="$guiElem.name"
maxlength="$guiElem.length"
value="$utils.escapeHtml($guiElem.value)" tabindex="$tabindex">
#elseif ($guiElem.type == "pw-text")
<div class="icon-inside">
<input name="${guiElem.name}" type="password" class="form-control" id="${guiElem.name}" value="$utils.escapeHtml($guiElem.value)" tabindex="$tabindex">
<button class="icon-button" type="button" onclick="toggleInputType('${guiElem.name}', '${guiElem.name}eye-icon', '${login.appDataPath}')">
<img id="${guiElem.name}eye-icon" src="${login.appDataPath}/resources/eye.svg">
</button>
</div>
#elseif ($guiElem.type == "select")
#set ($scrollSize = $guiElem.getGuiElems().size())
#set ($scrollSize = $math.min($scrollSize,4))
#if ($guiElem.multiple)
<select name="$guiElem.name" class="form-control" size="$scrollSize" multiple>
#else
<select name="$guiElem.name" class="form-control">
#end
#foreach ($option in $guiElem.getGuiElems())
#if ($option.selected)
<option value="$utils.escapeHtml($option.value)" selected>$option.label</option>
#else
<option value="$utils.escapeHtml($option.value)">$option.label</option>
#end
#end ## foreach option
</select>
#elseif ($guiElem.type == "image" )
<img src="$utils.escapeHtml($guiElem.value)" alt="$guiElem.label" />
#end
#if ($guiElem.validationMessage && $guiElem.validationMessage.length() > 0)
<span class="help-block small">$guiElem.validationMessage</span>
#end
#if ($jsValidation)
#renderElementValidation($guiElem, $gui)
#end
</div>
#else
## Special handling for checkboxes and radios
<div class="col-sm-offset-3 col-sm-6">
<label>
<input type="$guiElem.type" name="$guiElem.name"
value="$utils.escapeHtml($guiElem.value)"
#if ($guiElem.checked || $guiElem.value == 'true')
checked
#end
tabindex="$tabindex">
$guiElem.label
</label>
#if ($guiElem.validationMessage && $guiElem.validationMessage.length() > 0)
<span class="help-block small">$guiElem.validationMessage</span>
#end
#if ($jsValidation)
#renderElementValidation($guiElem, $gui)
#end
</div>
#end
</div>
#end
#end ## end macro
#macro(renderElementValidation $guiElem, $gui)
#if (($guiElem.validation && $guiElem.validation.length() > 0)||($guiElem.format && $guiElem.format.length() > 0))
<script type="text/javascript">
#if ($guiElem.validation && $guiElem.validation.length() > 0)
#if ($guiElem.validation.indexof('return ') > 0)
#set ($validationFunc="function () { $guiElem.validation }")
#else
#set ($validationFunc="function () { return $guiElem.validation ; }")
#end
#else
#set ($validationFunc="function () { return true; }")
#end
var form = document.getElementById('${gui.name}');
var formInput = form.elements["${guiElem.name}"];
formInput.onchange = function () {
var valid = ${validationFunc}.call(this);
#if ($guiElem.format && $guiElem.format.length() > 0)
valid = valid && (/${guiElem.format}/).test(this.value);
#end
var parent = this.parentNode;
if (!valid) {
parent.className += " has-error";
} else {
parent.className = parent.className.replace(/ has-error/g, '');
}
#if (!$guiElem.optional)
if (!this.value) {
parent.className += " has-warning";
} else {
parent.className = parent.className.replace(/ has-warning/g,'');
}
#end
};
</script>
#end
#end ## macro
#macro(renderFormLinks $gui)
#set ($noLinks = true)
#foreach ($guiElem in $gui.getGuiElems())
#if ($guiElem.type == "link")
#if ($noLinks)
<div class="form-group text-center">
#set ($noLinks = false)
#end
<a class="link" title="${utils.escapeHtml($guiElem.label)}" href="$utils.escapeHtml($guiElem.value)">${utils.escapeHtml($guiElem.label)}</a>
#end
#end
#if (!$noLinks)
</div>
#end
#end
#macro(renderFormControls $gui)
<div class="form-group text-center">
#set ($buttonClass = "btn")
#if ($isFormRequest)
#set ($buttonClass = "$buttonClass btn-default")
#else
#set ($buttonClass = "$buttonClass btn-primary")
#end
#foreach ($guiElem in $gui.getGuiElems())
#if ($guiElem.type == "submit" || $guiElem.type == "button" || $guiElem.type == "reset")
<button class="$buttonClass $guiElem.cssClass"
## special handling for button which execute a JS
#if ($guiElem.name == 'onclick')
type="button"
onClick="start()"
#else
name="$guiElem.name"
value="$utils.escapeHtml($guiElem.value)"
#end
>
#if ($guiElem.icon != "")
#if ($guiElem.icon.contains("http"))
<img src="$guiElem.icon" class="$guiElem.iconCssClass" />
#else
<img src="${login.appDataPath}/resources/$guiElem.icon" class="$guiElem.iconCssClass" />
#end
#end
$utils.escapeHtml($guiElem.label)
</button>
#end
#end ## foreach
</div>
#end ## end macro

6
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/etc/nevis/k8s-operations-nevisproxy-instance-bd83dfbd467e8211ffe71d28.yaml
View File

@ -46,14 +46,18 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-26364fed1751c3f2fa25a6fe1de353169db0e5c8"
tag: "r-030a0c32f7aa373371615e3c88c1e7e33eccfd82"
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp"
credentials: "git-credentials"
keystores:
- "proxy-sp-816a1456192f974b57418ca9"
- "proxy-sp-39ecde9a0d101628fed3e3be"
- "proxy-sp-ident-authenticationrealm-identity"
- "proxy-sp-op-onbrdng-authenticationrealm-identity"
- "proxy-sp-saml-sp-nevisidm-operations-realm-identity"
truststores:
- "proxy-sp-ident-authenticationrealm-tls-trust"
- "proxy-sp-ident-authenticationrealm-signer-trust"
- "proxy-sp-nevisidm-sectoken-truststore"
- "proxy-sp-op-onbrdng-authenticationrealm-tls-trust"
- "proxy-sp-saml-sp-nevisidm-operations-realm-tls-trust"

19
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/etc/nevis/k8s-proxy-sp-816a1456192f974b57418ca9-bd83dfbd467e8211ffe71d28.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisKeyStore"
metadata:
name: "proxy-sp-816a1456192f974b57418ca9"
namespace: "adn-agov-nevisidm-admin-01-uat"
labels:
deploymentTarget: "proxy-sp"
annotations:
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
patternId: "bd83dfbd467e8211ffe71d28"
spec:
cn: "ident.agov-w.azure.adnovum.net"
usage: "<reserved for future use>"
san:
dns:
- "proxy-sp"
- "proxy-sp.adn-agov-nevisidm-admin-01-uat"
- "ident.agov-w.azure.adnovum.net"
email: []

18
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/etc/nevis/k8s-proxy-sp-ident-authenticationrealm-identity-bd83dfbd467e8211ffe71d28.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisKeyStore"
metadata:
name: "proxy-sp-ident-authenticationrealm-identity"
namespace: "adn-agov-nevisidm-admin-01-uat"
labels:
deploymentTarget: "proxy-sp"
annotations:
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
patternId: "bd83dfbd467e8211ffe71d28"
spec:
cn: "proxy-sp"
usage: "<reserved for future use>"
san:
dns:
- "proxy-sp"
- "proxy-sp.adn-agov-nevisidm-admin-01-uat"
email: []

14
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/etc/nevis/k8s-proxy-sp-ident-authenticationrealm-signer-trust-bd83dfbd467e8211ffe71d28.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisTrustStore"
metadata:
name: "proxy-sp-ident-authenticationrealm-signer-trust"
namespace: "adn-agov-nevisidm-admin-01-uat"
labels:
deploymentTarget: "proxy-sp"
annotations:
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
patternId: "bd83dfbd467e8211ffe71d28"
spec:
keystores:
- name: "auth-sh4r3d-nevisidm-sectoken-signer"
namespace: "adn-agov-nevisidm-admin-01-uat"

14
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/etc/nevis/k8s-proxy-sp-ident-authenticationrealm-tls-trust-bd83dfbd467e8211ffe71d28.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisTrustStore"
metadata:
name: "proxy-sp-ident-authenticationrealm-tls-trust"
namespace: "adn-agov-nevisidm-admin-01-uat"
labels:
deploymentTarget: "proxy-sp"
annotations:
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
patternId: "bd83dfbd467e8211ffe71d28"
spec:
keystores:
- name: "auth-default-identity"
namespace: "adn-agov-nevisidm-admin-01-uat"

4
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/etc/nevis/k8s-proxy-sp-ingress-bd83dfbd467e8211ffe71d28.yaml
View File

@ -10,6 +10,10 @@ metadata:
patternId: "bd83dfbd467e8211ffe71d28"
spec:
hosts:
- host: "ident.agov-w.azure.adnovum.net"
protocol: "HTTPS"
servicePort: 8443
serviceName: "proxy-sp"
- host: "op.agov-w.azure.adnovum.net"
protocol: "HTTPS"
servicePort: 8443

1
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/etc/nevis/nevisproxy_default.yml
View File

@ -13,6 +13,7 @@ instance:
ports:
- "0.0.0.0:11080"
- "0.0.0.0:8443"
- "0.0.0.0:8443"
control:
start: "systemctl restart nevisproxy@default"
stop: "systemctl stop nevisproxy@default"

12
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/conf/navajo.xml
View File

@ -11,8 +11,13 @@
<Server User="nevis" Group="root" ServerName="proxy-sp" Timeout="30" MaxClients="600" MaxRequestsPerChild="0" KeepAlive="on" KeepAliveTimeout="5" MaxKeepAliveRequests="100" LimitRequestLine="5120" LimitRequestBody="512000" LimitRequestFields="50" LimitRequestFieldsize="5120" ServerRoot="/var/opt/nevisproxy/default" CoreDumpDirectory="" ErrorLog="&quot;|/bin/sed -u s/^/[apache.log]\ /g&quot;" LogLevel="notice" TransferLog="&quot;|/bin/stdbuf -oL /bin/egrep -v GET./.....?ness&quot;" LogFormat="&quot;[access.log] %h %l %u %t \&quot;%r\&quot; %&gt;s %b %{content-length}i %T %v \&quot;%{Referer}i\&quot; \&quot;%{User-Agent}i\&quot; trID=%{UNIQUE_ID}e&quot;" SSLPassPhraseDialog="builtin" SSLSessionCache="shmcb:/var/opt/nevisproxy/default/run/apache_shmcb"/>
<!-- source: pattern://bd83dfbd467e8211ffe71d28 -->
<Connector port="11080" name="management" listen="0.0.0.0:11080"/>
<!-- source: pattern://816a1456192f974b57418ca9 -->
<Connector port="443" name="ident.agov-w.azure.adnovum.net" listen="0.0.0.0:8443">
<!-- source: pattern://816a1456192f974b57418ca9, pattern://816a1456192f974b57418ca9#keystore -->
<SSL SSLCipherSuite="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256" SSLOptions="+OptRenegotiate +StdEnvVars +ExportCertData" SSLProtocol="-all +TLSv1.2 -TLSv1.3" SSLCertificateFile="/var/opt/keys/own/proxy-sp-816a1456192f974b57418ca9/cert.pem" SSLCertificateKeyFile="/var/opt/keys/own/proxy-sp-816a1456192f974b57418ca9/key.pem" SSLCertificateChainFile="/var/opt/keys/own/proxy-sp-816a1456192f974b57418ca9/ca-chain.pem" SSLInsecureRenegotiation="off" SSLHonorCipherOrder="on"/>
</Connector>
<!-- source: pattern://39ecde9a0d101628fed3e3be -->
<Connector port="443" name="op.agov-w.azure.adnovum.net" listen="0.0.0.0:8443">
<Connector port="443" name="op.agov-w.azure.adnovum.net" nameVirtualHost="0.0.0.0:8443">
<!-- source: pattern://39ecde9a0d101628fed3e3be, pattern://39ecde9a0d101628fed3e3be#keystore -->
<SSL SSLCipherSuite="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256" SSLOptions="+OptRenegotiate +StdEnvVars +ExportCertData" SSLProtocol="-all +TLSv1.2 -TLSv1.3" SSLCertificateFile="/var/opt/keys/own/proxy-sp-39ecde9a0d101628fed3e3be/cert.pem" SSLCertificateKeyFile="/var/opt/keys/own/proxy-sp-39ecde9a0d101628fed3e3be/key.pem" SSLCertificateChainFile="/var/opt/keys/own/proxy-sp-39ecde9a0d101628fed3e3be/ca-chain.pem" SSLInsecureRenegotiation="off" SSLHonorCipherOrder="on"/>
</Connector>
@ -24,6 +29,11 @@
<Context docBase="/var/opt/nevisproxy/default/host-management"/>
</Host>
<!-- source: pattern://bd83dfbd467e8211ffe71d28 -->
<Host name="ident.agov-w.azure.adnovum.net">
<!-- source: pattern://816a1456192f974b57418ca9 -->
<Context entryURI="/" unsecureConnection="allow" trailingSlashRedirect="true" filePreload="false" docBase="/var/opt/nevisproxy/default/host-ident.agov-w.azure.adnovum.net" path="" allowedMethods="ALL-HTTP ALL-WEBDAV -TRACE -CONNECT"/>
</Host>
<!-- source: pattern://bd83dfbd467e8211ffe71d28 -->
<Host name="op.agov-w.azure.adnovum.net">
<!-- source: pattern://39ecde9a0d101628fed3e3be -->
<Context entryURI="/" unsecureConnection="allow" trailingSlashRedirect="true" filePreload="false" docBase="/var/opt/nevisproxy/default/host-op.agov-w.azure.adnovum.net" path="" allowedMethods="ALL-HTTP ALL-WEBDAV -TRACE -CONNECT"/>

398
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/host-ident.agov-w.azure.adnovum.net/WEB-INF/web.xml Normal file
View File

@ -0,0 +1,398 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "/opt/nevisproxy/dtd/web-app_2_3.dtd">
<web-app>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<context-param>
<param-name>SectokenVerifierCert</param-name>
<param-value>/var/opt/keys/trust/proxy-sp-ident-authenticationrealm-signer-trust/truststore.pem</param-value>
</context-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<filter>
<filter-name>AuthenticationService_IDENT-AuthenticationRealm</filter-name>
<filter-class>ch::nevis::isiweb4::filter::auth::IdentityCreationFilter</filter-class>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>AuthenticationServlet</param-name>
<param-value>Connector_IDENT-AuthenticationRealm</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>BodyReadSize</param-name>
<param-value>32768</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>EntryPointID</param-name>
<param-value>ident.agov-w.azure.adnovum.net</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>InactiveInterval</param-name>
<param-value>7200</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>InterceptionRedirect</param-name>
<param-value>never</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>LoginRendererServlet</param-name>
<param-value>LoginRenderer_nevisLogrend</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>Realm</param-name>
<param-value>IDENT-AuthenticationRealm</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>RecheckAuthentication</param-name>
<param-value>On</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>RenewIdentification</param-name>
<param-value>true</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>StateKey</param-name>
<param-value>IDENT-AuthenticationRealm</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>StoreInterceptedRequest</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<!-- source: pattern://58ece0328f5bf4d78e1a82d2, pattern://58ece0328f5bf4d78e1a82d2#filters -->
<filter>
<filter-name>DefaultErrorFilter</filter-name>
<filter-class>ch::nevis::isiweb4::filter::error::ErrorFilter</filter-class>
<!-- source: pattern://58ece0328f5bf4d78e1a82d2#filters -->
<init-param>
<param-name>CheckAcceptHeader</param-name>
<param-value>true</param-value>
</init-param>
<!-- source: pattern://58ece0328f5bf4d78e1a82d2#filters -->
<init-param>
<param-name>PlaceHolders</param-name>
<param-value>
TransferIdHolder:TRANSFER_ID
TimestampHolder:TIMESTAMP
</param-value>
</init-param>
<!-- source: pattern://58ece0328f5bf4d78e1a82d2#filters -->
<init-param>
<param-name>StatusCode</param-name>
<param-value>
400:file:/resources/errorPages/404.html:reset-header:reset-status-code
403:file:/resources/errorPages/403.html:reset-header:reset-status-code
404:file:/resources/errorPages/404.html:reset-header:reset-status-code
500:file:/resources/errorPages/500.html:reset-header:reset-status-code
502:file:/resources/errorPages/502.html:reset-header:reset-status-code
</param-value>
</init-param>
</filter>
<!-- source: pattern://816a1456192f974b57418ca9 -->
<filter>
<filter-name>ErrorHandler_Default</filter-name>
<filter-class>ch::nevis::isiweb4::filter::error::ErrorFilter</filter-class>
<!-- source: pattern://816a1456192f974b57418ca9 -->
<init-param>
<param-name>PlaceHolders</param-name>
<param-value>
TRANSFER_ID:TRANSFER_ID
TIMESTAMP:TIMESTAMP
</param-value>
</init-param>
<!-- source: pattern://816a1456192f974b57418ca9 -->
<init-param>
<param-name>StatusCode</param-name>
<param-value>
403:Hosting_Default:/errorpages/403.html:reset-header:keep-status-code
404:Hosting_Default:/errorpages/404.html:keep-header:keep-status-code
500:Hosting_Default:/errorpages/500.html:reset-header:keep-status-code
502:Hosting_Default:/errorpages/502.html:keep-header:keep-status-code
</param-value>
</init-param>
</filter>
<!-- source: pattern://816a1456192f974b57418ca9 -->
<filter>
<filter-name>Qos</filter-name>
<filter-class>ch:nevis:navajo:apglue:httpd_2_4_x:servlet:ApacheConfigFilter</filter-class>
<filter-lib>libApache2_4_Servlet.so.1</filter-lib>
<!-- source: pattern://816a1456192f974b57418ca9 -->
<init-param>
<param-name>ServerConfig</param-name>
<param-value>
QS_SrvMaxConnClose 85%
QS_SrvMaxConnPerIP 75 500
QS_SrvMinDataRate 120 1500 500
</param-value>
</init-param>
</filter>
<!-- source: pattern://816a1456192f974b57418ca9 -->
<filter>
<filter-name>Redirect_Default</filter-name>
<filter-class>ch::nevis::isiweb4::filter::rewrite::RewriteFilter</filter-class>
<!-- source: pattern://816a1456192f974b57418ca9 -->
<init-param>
<param-name>RequestURI</param-name>
<param-value>^/$:/process:R</param-value>
</init-param>
</filter>
<!-- source: pattern://36886a1934993d1f69690e1d -->
<filter>
<filter-name>ResponseHeader_Base_Security_Response_Headers</filter-name>
<filter-class>ch::nevis::isiweb4::filter::delegation::HeaderDelegationFilter</filter-class>
<!-- source: pattern://36886a1934993d1f69690e1d -->
<init-param>
<param-name>DelegateToFrontend</param-name>
<param-value>
Cross-Origin-Embedder-Policy:require-corp
Cross-Origin-Opener-Policy:same-origin
Cross-Origin-Resource-Policy:same-site
Permissions-Policy:geolocation=(), camera=(), microphone=(), interest-cohort=()
Referrer-Policy:strict-origin-when-cross-origin
Strict-Transport-Security:max-age=63072000; includeSubDomains;
X-Content-Type-Options:nosniff
X-Frame-Options:DENY
</param-value>
</init-param>
</filter>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<filter>
<filter-name>SessionHandler_IDENT-AuthenticationRealm</filter-name>
<filter-class>ch::nevis::nevisproxy::filter::session::SessionManagementFilter</filter-class>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>Cookie.ExtraAttributes</param-name>
<param-value>SameSite=None</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>Cookie.Name</param-name>
<param-value>Session_IDENT-AuthenticationRealm</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>Cookie.Secure</param-name>
<param-value>true</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>Identification</param-name>
<param-value>COOKIE</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>MaxInactiveInterval</param-name>
<param-value>600</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>MaxLifetime</param-name>
<param-value>28800</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>Servlet</param-name>
<param-value>LocalSessionStoreServlet</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>UpdateTimeStampMinInterval</param-name>
<param-value>120</param-value>
</init-param>
</filter>
<!-- source: pattern://816a1456192f974b57418ca9 -->
<filter-mapping>
<filter-name>Redirect_Default</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- source: pattern://58ece0328f5bf4d78e1a82d2 -->
<filter-mapping>
<filter-name>DefaultErrorFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- source: pattern://816a1456192f974b57418ca9 -->
<filter-mapping>
<filter-name>ErrorHandler_Default</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- source: pattern://36886a1934993d1f69690e1d -->
<filter-mapping>
<filter-name>ResponseHeader_Base_Security_Response_Headers</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<filter-mapping>
<filter-name>SessionHandler_IDENT-AuthenticationRealm</filter-name>
<url-pattern>/process/*</url-pattern>
</filter-mapping>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<filter-mapping>
<filter-name>AuthenticationService_IDENT-AuthenticationRealm</filter-name>
<url-pattern>/process/*</url-pattern>
</filter-mapping>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<listener>
<listener-class>ch::nevis::isiweb4::listener::SessionListener</listener-class>
</listener>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<servlet>
<servlet-name>Connector_IDENT-AuthenticationRealm</servlet-name>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<servlet-class>ch::nevis::isiweb4::servlet::connector::soap::esauth4::Esauth4ConnectorServlet</servlet-class>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>Transport.DNSCache.ttl</param-name>
<param-value>60</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>Transport.InetAddress</param-name>
<param-value>auth:8991</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>Transport.KeepAlive.LifeTime</param-name>
<param-value>30</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>Transport.RequestTimeout</param-name>
<param-value>90000</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>Transport.ResourceManager.RetryTimeout</param-name>
<param-value>0</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>Transport.SSLCACertificateFile</param-name>
<param-value>/var/opt/keys/trust/proxy-sp-ident-authenticationrealm-tls-trust/truststore.pem</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>Transport.SSLCheckPeerHostname</param-name>
<param-value>false</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>Transport.SSLClientCertificateFile</param-name>
<param-value>/var/opt/keys/own/proxy-sp-ident-authenticationrealm-identity/cert.pem</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>Transport.SSLClientKeyFile</param-name>
<param-value>/var/opt/keys/own/proxy-sp-ident-authenticationrealm-identity/key.pem</param-value>
</init-param>
</servlet>
<!-- source: pattern://6977f8a683f63744bbd56d69 -->
<servlet>
<servlet-name>Hosting_Default</servlet-name>
<!-- source: pattern://6977f8a683f63744bbd56d69 -->
<servlet-class>ch::nevis::isiweb4::servlet::defaults::DefaultServlet</servlet-class>
</servlet>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<servlet>
<servlet-name>LocalSessionStoreServlet</servlet-name>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<servlet-class>ch::nevis::nevisproxy::servlet::cache::local::LocalSessionStoreServlet</servlet-class>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>MaxInactiveInterval</param-name>
<param-value>600</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>MaxLifetime</param-name>
<param-value>28800</param-value>
</init-param>
<!-- source: pattern://3fd09bb6cfbd34874595c263 -->
<init-param>
<param-name>MemorySize</param-name>
<param-value>512000000</param-value>
</init-param>
</servlet>
<!-- source: pattern://8401da6318c6915d689cdfc9 -->
<servlet>
<servlet-name>LoginRenderer_nevisLogrend</servlet-name>
<!-- source: pattern://8401da6318c6915d689cdfc9 -->
<servlet-class>ch::nevis::isiweb4::servlet::rendering::LoginRendererServlet</servlet-class>
<!-- source: pattern://8401da6318c6915d689cdfc9 -->
<init-param>
<param-name>PropagateRemoteHeaders</param-name>
<param-value>Set-Cookie</param-value>
</init-param>
<!-- source: pattern://8401da6318c6915d689cdfc9 -->
<init-param>
<param-name>RenderingProvider</param-name>
<param-value>remote:NevisLogrendConnector_nevisLogrend:/nevislogrend/index.vm?logrendresourcepath=/nevislogrend</param-value>
</init-param>
</servlet>
<!-- source: pattern://8401da6318c6915d689cdfc9 -->
<servlet>
<servlet-name>NevisLogrendConnector_nevisLogrend</servlet-name>
<!-- source: pattern://8401da6318c6915d689cdfc9 -->
<servlet-class>ch::nevis::isiweb4::servlet::connector::http::HttpConnectorServlet</servlet-class>
<!-- source: pattern://8401da6318c6915d689cdfc9 -->
<init-param>
<param-name>InetAddress</param-name>
<param-value>logrend:8988</param-value>
</init-param>
<!-- source: pattern://8401da6318c6915d689cdfc9 -->
<init-param>
<param-name>MappingType</param-name>
<param-value>pathinfo</param-value>
</init-param>
<!-- source: pattern://8401da6318c6915d689cdfc9 -->
<init-param>
<param-name>ResourceManager.RetryTimeout</param-name>
<param-value>0</param-value>
</init-param>
<!-- source: pattern://8401da6318c6915d689cdfc9 -->
<init-param>
<param-name>URIPrefix</param-name>
<param-value>/nevislogrend</param-value>
</init-param>
</servlet>
<!-- source: pattern://8401da6318c6915d689cdfc9 -->
<servlet-mapping>
<servlet-name>NevisLogrendConnector_nevisLogrend</servlet-name>
<url-pattern>/nevislogrend/*</url-pattern>
</servlet-mapping>
<!-- source: pattern://6977f8a683f63744bbd56d69 -->
<servlet-mapping>
<servlet-name>Hosting_Default</servlet-name>
<url-pattern>/process/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Hosting_Default</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<!-- source: pattern://816a1456192f974b57418ca9 -->
<mime-mapping>
<extension>css</extension>
<mime-type>text/css</mime-type>
</mime-mapping>
<!-- source: pattern://816a1456192f974b57418ca9 -->
<mime-mapping>
<extension>ico</extension>
<mime-type>image/x-icon</mime-type>
</mime-mapping>
<!-- source: pattern://816a1456192f974b57418ca9 -->
<mime-mapping>
<extension>png</extension>
<mime-type>image/png</mime-type>
</mime-mapping>
<!-- source: pattern://816a1456192f974b57418ca9 -->
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
</web-app>

50
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/host-ident.agov-w.azure.adnovum.net/errorpages/403.html Normal file
View File

@ -0,0 +1,50 @@
<!DOCTYPE html>
<html>
<head>
<title>Nevis - Forbidden</title>
<meta charset="utf-8">
<link href="/resources/bootstrap.min.css" rel="stylesheet" type="text/css">
<link href="/resources/default.css" rel="stylesheet" type="text/css" media="all">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">
</head>
<body>
<br/><br/><br/><br/><br/><br/><br/><br/><br/>
<header id="header" class="container-fluid">
<img class="logo center-block" src="/resources/logo.png" alt="NEVIS Security Suite">
</header>
<main id="content" class="container">
<div id="loginform">
<h1 align="center">Forbidden</h1>
<div align="center"><br>
<br>
<table border="0">
<tr>
<td>You are not authorized for this application. Contact the person responsible for the access infrastructure.</td>
</tr>
<tr>
<td>Sie sind nicht berechtigt f&uuml;r diese Applikation. Kontaktieren Sie den Verantwortlichen der Zugangsinfrastruktur.</td>
</tr>
<tr>
<td>Vous n'&ecirc;tes pas autoris&eacute; pour cette application. Contactez la personne responsable de l'infrastructure d'acc&egrave;s.</td>
</tr>
<tr>
<td>Non &egrave; autorizzato per questa applicazione. Contatta il leader delle infrastrutture di accesso.</td>
</tr>
</table>
</div>
</div>
</main>
<footer id="footer" class="text-primary">
<div class="row small">
<div class="col-md-4 hidden-xs hidden-sm">Copyright &#169; 2023 NEVIS Security AG</div>
<div class="col-xs-12 col-md-4 text-center text-uppercase logo-round-container">
<div class="logo-round center-block">
<img src="/resources/logo.png" alt="NEVIS Security Suite">
</div>
<strong>NEVIS Security Suite</strong>
</div>
</div>
</footer>
</body>
</html>

50
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/host-ident.agov-w.azure.adnovum.net/errorpages/404.html Normal file
View File

@ -0,0 +1,50 @@
<!DOCTYPE html>
<html>
<head>
<title>Nevis - Page Not Found</title>
<meta charset="utf-8">
<link href="/resources/bootstrap.min.css" rel="stylesheet" type="text/css">
<link href="/resources/default.css" rel="stylesheet" type="text/css" media="all">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">
</head>
<body>
<br/><br/><br/><br/><br/><br/><br/><br/><br/>
<header id="header" class="container-fluid">
<img class="logo center-block" src="/resources/logo.png" alt="NEVIS Security Suite">
</header>
<main id="content" class="container">
<div id="loginform">
<h1 align="center">Page Not Found</h1>
<div align="center"><br>
<br>
<table border="0">
<tr>
<td>The application you selected was not found on this server.</td>
</tr>
<tr>
<td>Die von Ihnen angew&auml;hlte Applikation existiert nicht auf diesem Server.</td>
</tr>
<tr>
<td>L'application que vous avez s&eacute;lectionn&eacute;e n'existe pas sur ce serveur.</td>
</tr>
<tr>
<td>L'applicazione che ha selezionato non &egrave; stata trovata su questo server.</td>
</tr>
</table>
</div>
</div>
</main>
<footer id="footer" class="text-primary">
<div class="row small">
<div class="col-md-4 hidden-xs hidden-sm">Copyright &#169; 2023 NEVIS Security AG</div>
<div class="col-xs-12 col-md-4 text-center text-uppercase logo-round-container">
<div class="logo-round center-block">
<img src="/resources/logo.png" alt="NEVIS Security Suite">
</div>
<strong>NEVIS Security Suite</strong>
</div>
</div>
</footer>
</body>
</html>

50
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/host-ident.agov-w.azure.adnovum.net/errorpages/500.html Normal file
View File

@ -0,0 +1,50 @@
<!DOCTYPE html>
<html>
<head>
<title>Nevis - Server Error</title>
<meta charset="utf-8">
<link href="/resources/bootstrap.min.css" rel="stylesheet" type="text/css">
<link href="/resources/default.css" rel="stylesheet" type="text/css" media="all">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">
</head>
<body>
<br/><br/><br/><br/><br/><br/><br/><br/><br/>
<header id="header" class="container-fluid">
<img class="logo center-block" src="/resources/logo.png" alt="NEVIS Security Suite">
</header>
<main id="content" class="container">
<div id="loginform">
<h1 align="center">Server Error</h1>
<div align="center"><br>
<br>
<table border="0">
<tr>
<td>An application error has occurred. Try again and contact the system administrator.</td>
</tr>
<tr>
<td>Es ist ein Applikationsfehler aufgetreten. Probieren Sie es nochmals und verst&auml;ndigen Sie den System-Administrator.</td>
</tr>
<tr>
<td>Une erreur d'application s'est produite. Essayez &agrave; nouveau et contactez l'administrateur syst&egrave;me.</td>
</tr>
<tr>
<td>Si &egrave; verificato un errore nell'applicazione. Provi nuovamente e contatti l'amministratore di sistema.</td>
</tr>
</table>
</div>
</div>
</main>
<footer id="footer" class="text-primary">
<div class="row small">
<div class="col-md-4 hidden-xs hidden-sm">Copyright &#169; 2023 NEVIS Security AG</div>
<div class="col-xs-12 col-md-4 text-center text-uppercase logo-round-container">
<div class="logo-round center-block">
<img src="/resources/logo.png" alt="NEVIS Security Suite">
</div>
<strong>NEVIS Security Suite</strong>
</div>
</div>
</footer>
</body>
</html>

50
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/host-ident.agov-w.azure.adnovum.net/errorpages/502.html Normal file
View File

@ -0,0 +1,50 @@
<!DOCTYPE html>
<html>
<head>
<title>Nevis - Server Error</title>
<meta charset="utf-8">
<link href="/resources/bootstrap.min.css" rel="stylesheet" type="text/css">
<link href="/resources/default.css" rel="stylesheet" type="text/css" media="all">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">
</head>
<body>
<br/><br/><br/><br/><br/><br/><br/><br/><br/>
<header id="header" class="container-fluid">
<img class="logo center-block" src="/resources/logo.png" alt="NEVIS Security Suite">
</header>
<main id="content" class="container">
<div id="loginform">
<h1 align="center">Server Error</h1>
<div align="center"><br>
<br>
<table border="0">
<tr>
<td>An application error has occurred. Try again and contact the system administrator.</td>
</tr>
<tr>
<td>Es ist ein Applikationsfehler aufgetreten. Probieren Sie es nochmals und verst&auml;ndigen Sie den System-Administrator.</td>
</tr>
<tr>
<td>Une erreur d'application s'est produite. Essayez &agrave; nouveau et contactez l'administrateur syst&egrave;me.</td>
</tr>
<tr>
<td>Si &egrave; verificato un errore nell'applicazione. Provi nuovamente e contatti l'amministratore di sistema.</td>
</tr>
</table>
</div>
</div>
</main>
<footer id="footer" class="text-primary">
<div class="row small">
<div class="col-md-4 hidden-xs hidden-sm">Copyright &#169; 2023 NEVIS Security AG</div>
<div class="col-xs-12 col-md-4 text-center text-uppercase logo-round-container">
<div class="logo-round center-block">
<img src="/resources/logo.png" alt="NEVIS Security Suite">
</div>
<strong>NEVIS Security Suite</strong>
</div>
</div>
</footer>
</body>
</html>

BIN
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/host-ident.agov-w.azure.adnovum.net/favicon.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.2 KiB

50
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/host-ident.agov-w.azure.adnovum.net/index.html Normal file
View File

@ -0,0 +1,50 @@
<!DOCTYPE html>
<html>
<head>
<title>Nevis - Welcome</title>
<meta charset="utf-8">
<link href="/resources/bootstrap.min.css" rel="stylesheet" type="text/css">
<link href="/resources/default.css" rel="stylesheet" type="text/css" media="all">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">
</head>
<body>
<br/><br/><br/><br/><br/><br/><br/><br/><br/>
<header id="header" class="container-fluid">
<img class="logo center-block" src="/resources/logo.png" alt="NEVIS Security Suite">
</header>
<main id="content" class="container">
<div id="loginform">
<h1 align="center">Welcome</h1>
<div align="center"><br>
<br>
<table border="0">
<tr>
<td>The application you selected was not found on this server.</td>
</tr>
<tr>
<td>Die von Ihnen angew&auml;hlte Applikation existiert nicht auf diesem Server.</td>
</tr>
<tr>
<td>L'application que vous avez s&eacute;lectionn&eacute;e n'existe pas sur ce serveur.</td>
</tr>
<tr>
<td>L'applicazione che ha selezionato non &egrave; stata trovata su questo server.</td>
</tr>
</table>
</div>
</div>
</main>
<footer id="footer" class="text-primary">
<div class="row small">
<div class="col-md-4 hidden-xs hidden-sm">Copyright &#169; 2023 NEVIS Security AG</div>
<div class="col-xs-12 col-md-4 text-center text-uppercase logo-round-container">
<div class="logo-round center-block">
<img src="/resources/logo.png" alt="NEVIS Security Suite">
</div>
<strong>NEVIS Security Suite</strong>
</div>
</div>
</footer>
</body>
</html>

14
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/host-ident.agov-w.azure.adnovum.net/resources/bootstrap.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

158
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/host-ident.agov-w.azure.adnovum.net/resources/default.css Normal file
View File

@ -0,0 +1,158 @@
/********************************************************
* Layout
********************************************************/
html { /* magic to position footer */
position: relative;
min-height: 100%;
}
body {
margin-bottom: 76px; /* == footer height */
}
.container, .container-fluid {
padding-left: 36px;
padding-right: 36px;
}
nav {
min-height: 100px;
padding: 36px;
}
header {
margin-bottom: 16px; /* h1.logintitle adds 20px => 36px */
}
.container {
min-width: 260px;
max-width: 700px;
}
h1 {
margin-bottom: 100px;
}
footer {
width: 100%;
position: absolute;
bottom: 0;
padding: 0 36px;
}
img {
width: 100%;
}
/********************************************************
* Header
********************************************************/
header .logo {
width: 20%;
max-width: 124px;
}
/********************************************************
* Dropdown
********************************************************/
a.dropdown-toggle {
text-decoration: none;
}
a.dropdown-toggle:hover {
color: #00868C;
border-bottom: 3px solid #00868C;
}
.dropdown-menu {
padding: 5px 0;
}
.dropdown-menu li > a {
padding: 6px 28px;
}
.dropdown-menu a > .prefix {
display: inline-block;
min-width: 22px;
margin-right: 28px;
text-align: right;
}
/********************************************************
* Form
********************************************************/
/* Labels should not be bold */
label {
font-weight: normal;
}
/* Make error messages bold */
.has-error .help-block {
font-weight: bold;
}
/* Change button size, by default 116px in width */
.btn {
min-width: 116px;
padding: 3px 12px;
}
/* Disable gradient in buttons, ughhhh */
.btn.btn-primary {
border-color: transparent;
background-image: none;
text-shadow: none;
box-shadow: none;
-webkit-box-shadow: none;
}
.help-block a, .help-block a:visited {
color: #00868C;
font-weight: bold;
text-decoration: none;
}
.help-block a:hover {
color: #65B6B9;
text-decoration: underline;
}
/********************************************************
* Footer
********************************************************/
footer .row {
margin: 36px 0 0 0;
height: 40px;
padding-top: 14px;
line-height: 26px; /* to center text: height - padding-top = 26px */
border-top: 1px solid #00868c;
}
footer .row > div { /* Fix alignment between border + text on Bootstrap grid */
padding: 0;
}
footer .logo-round-container {
position: relative;
}
footer .logo-round {
position: absolute;
left: 0;
right: 0;
top: -33px; /* found visually with Chrome Dev Tools */
height: 36px;
width: 36px;
border: 1px solid #00868c;
border-radius: 18px;
background: #fff;
padding: 8px;
}
footer .logo-round > img {
display: block;
}

BIN
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/host-ident.agov-w.azure.adnovum.net/resources/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.5 KiB

15
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/host-op.agov-w.azure.adnovum.net/WEB-INF/web.xml
View File

@ -236,21 +236,6 @@
</init-param>
</filter>
<!-- source: pattern://39ecde9a0d101628fed3e3be -->
<filter>
<filter-name>Qos</filter-name>
<filter-class>ch:nevis:navajo:apglue:httpd_2_4_x:servlet:ApacheConfigFilter</filter-class>
<filter-lib>libApache2_4_Servlet.so.1</filter-lib>
<!-- source: pattern://39ecde9a0d101628fed3e3be -->
<init-param>
<param-name>ServerConfig</param-name>
<param-value>
QS_SrvMaxConnClose 85%
QS_SrvMaxConnPerIP 75 500
QS_SrvMinDataRate 120 1500 500
</param-value>
</init-param>
</filter>
<!-- source: pattern://39ecde9a0d101628fed3e3be -->
<filter>
<filter-name>Redirect_Default</filter-name>
<filter-class>ch::nevis::isiweb4::filter::rewrite::RewriteFilter</filter-class>

13
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/run/status.sh
View File

@ -25,4 +25,17 @@ else
echo "up: https://0.0.0.0:8443"
fi
# service at "https://0.0.0.0:8443"
SSL=`echo | openssl s_client -connect 0.0.0.0:8443`
HC=`curl --insecure --silent --output /dev/null --write-out "%{http_code}" https://0.0.0.0:8443`
CON=$?
if [[ $SSL = *"Acceptable client certificate CA names"* ]]; then
echo "skipped: https://0.0.0.0:8443"
elif [ "$CON" -ne 0 ]; then
echo "down: https://0.0.0.0:8443 (exit code $CON)"
EXIT_CODE=$CON
else
echo "up: https://0.0.0.0:8443"
fi
exit $EXIT_CODE