new configuration version

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/etc/nevis/k8s-auth-default-tls-client-trust-ac27dd7daad0ca2b7229bfaf.yaml

@@ -14,7 +14,7 @@ spec:
     namespace: "adn-agov-nevisidm-admin-01-uat"
   - name: "proxy-sp-op-onbrdng-authenticationrealm-identity"
     namespace: "adn-agov-nevisidm-admin-01-uat"
-  - name: "proxy-idm-saml-sp-nevisidm-admin-realm-identity"
-    namespace: "adn-agov-nevisidm-admin-01-uat"
   - name: "proxy-sp-ident-authenticationrealm-identity"
     namespace: "adn-agov-nevisidm-admin-01-uat"
+  - name: "proxy-idm-saml-sp-nevisidm-admin-realm-identity"
+    namespace: "adn-agov-nevisidm-admin-01-uat"

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/etc/nevis/k8s-nevisauth-ac27dd7daad0ca2b7229bfaf.yaml

@@ -11,8 +11,8 @@ metadata:
 spec:
   type: "NevisAuth"
   replicas: 1
-  version: "8.2411.3"
+  version: "8.2505.5"
-  gitInitVersion: "1.3.0"
+  gitInitVersion: "1.4.0"
   runAsNonRoot: true
   ports:
     management: 9000
@@ -39,13 +39,14 @@ spec:
     management:
       httpGet:
         path: "/nevisauth/liveness"
+      initialDelaySeconds: 50
       periodSeconds: 5
       timeoutSeconds: 6
-      failureThreshold: 50
+      failureThreshold: 30
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-d06bd972269492f0db33bc07396b5fe3c91cdaaf"
+    tag: "r-7e9f2304b72a07725abab4c27833af5cdd73ab53"
     dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/IdentProcessAndDispatch.groovy

@@ -76,3 +76,4 @@ LOG.info("Event='IDENT-INITREQ', rpcode='${rpcode}', rpentity='${rpentity}', Sou
 		"Origin='${origin}'")
 response.setResult('sendAuthnRequest')
 return
+

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/LitDict.properties

@@ -14,6 +14,7 @@ cancel.button.label=Cancel
 continue.button.label=Continue
 darkModeSwitch.aria.label=Dark mode toggle
 deputy.profile.label=(Deputy Profile)
+error.account.exists=Account already exists. Continue to log in.
 error.saml.failed=Please close your browser and try again.
 error_1=Please check your input.
 error_10=Please select the correct user account.
@@ -285,6 +286,8 @@ recovery_start_info.banner.warning=You will not be able to use your account unti
 recovery_start_info.instruction=During the recovery process you will register a new login factor. If  your account contains any verified information you might also have to go through a verification process to finish the recovery.
 recovery_start_info.title=You are about to start the recovery process
 reject.button.label=Deny
+signup.button.label=Signup
+skip.button.label=Skip
 submit.button.label=Submit
 tan.sent=Please enter the security code which has been sent to your mobile phone.
 title.login=Login
@@ -293,6 +296,7 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Client Authorization
 title.saml.failed=Error
+title.signup=Create account
 title.timeout.page=Logout
 user_input.invalid.email=Please enter a valid email address
 user_input.invalid.email.required=Field required

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/LitDict_de.properties

@@ -14,6 +14,7 @@ cancel.button.label=Abbrechen
 continue.button.label=Weiter
 darkModeSwitch.aria.label=Dark-Mode-Schalter
 deputy.profile.label=(Profil Stellvertreter)
+error.account.exists=Konto existiert bereits. Melden Sie sich an.
 error.saml.failed=Bitte schliessen Sie Ihren Browser und versuchen Sie es erneut.
 error_1=Bitte überprüfen Sie Ihre Eingaben.
 error_10=Bitte wählen Sie das richtige Benutzerkonto aus.
@@ -285,6 +286,8 @@ recovery_start_info.banner.warning=Sie können Ihr Konto nicht nutzen, bis d
 recovery_start_info.instruction=Während des Wiederherstellungsprozesses werden Sie einen neuen Login-Faktor registrieren. Wenn Ihr Konto verifizierte Informationen enthält, müssen Sie zum Abschluss des Wiederherstellungsprozesses möglicherweise auch einen Verifikationsprozess durchlaufen.
 recovery_start_info.title=Sie sind dabei, den Wiederherstellungsprozess zu starten
 reject.button.label=Ablehnen
+signup.button.label=Registrieren
+skip.button.label=Überspringen
 submit.button.label=Senden
 tan.sent=Bitte erfassen Sie den Sicherheitscode, welcher an Ihr Mobiltelefon gesendet wurde.
 title.login=Login
@@ -293,6 +296,7 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Client Authorisierung
 title.saml.failed=Error
+title.signup=Konto erstellen
 title.timeout.page=Logout
 user_input.invalid.email=Bitte geben Sie eine gültige E-Mail ein
 user_input.invalid.email.required=Erforderliches Feld

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/LitDict_en.properties

@@ -14,6 +14,7 @@ cancel.button.label=Cancel
 continue.button.label=Continue
 darkModeSwitch.aria.label=Dark mode toggle
 deputy.profile.label=(Deputy Profile)
+error.account.exists=Account already exists. Continue to log in.
 error.saml.failed=Please close your browser and try again.
 error_1=Please check your input.
 error_10=Please select the correct user account.
@@ -285,6 +286,8 @@ recovery_start_info.banner.warning=You will not be able to use your account unti
 recovery_start_info.instruction=During the recovery process you will register a new login factor. If  your account contains any verified information you might also have to go through a verification process to finish the recovery.
 recovery_start_info.title=You are about to start the recovery process
 reject.button.label=Deny
+signup.button.label=Signup
+skip.button.label=Skip
 submit.button.label=Submit
 tan.sent=Please enter the security code which has been sent to your mobile phone.
 title.login=Login
@@ -293,6 +296,7 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Client Authorization
 title.saml.failed=Error
+title.signup=Create account
 title.timeout.page=Logout
 user_input.invalid.email=Please enter a valid email address
 user_input.invalid.email.required=Field required

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/LitDict_fr.properties

@@ -14,6 +14,7 @@ cancel.button.label=Abandonner
 continue.button.label=Continuer
 darkModeSwitch.aria.label=Activer l'apparence sombre
 deputy.profile.label=(Profil du suppléant)
+error.account.exists=Le compte existe déjà. Continuez à vous connecter.
 error.saml.failed=Fermez votre navigateur et r;eacute;essayez.
 error_1=Veuillez vérifier votre saisie.
 error_10=Veuillez sélectionner le compte d’utilisateur correct.
@@ -285,6 +286,8 @@ recovery_start_info.banner.warning=Vous ne pourrez pas utiliser votre compte tan
 recovery_start_info.instruction=Le processus de récupération nécessitera l’enregistrement d’un nouveau facteur d’authentification. Si votre compte contient des informations ayant déjà été vérifiées, il se peut que vous deviez les faire vérifier à nouveau pour terminer la récupération.
 recovery_start_info.title=Vous êtes sur le point de démarrer le processus de récupération.
 reject.button.label=Refuser
+signup.button.label=Inscription
+skip.button.label=Passer
 submit.button.label=Envoyer
 tan.sent=Veuillez saisir le code de sécurité que vous avez reçu au votre téléphone mobile.
 title.login=Login
@@ -293,6 +296,7 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Autorisation du client
 title.saml.failed=Error
+title.signup=Créer un compte
 title.timeout.page=Logout
 user_input.invalid.email=Veuillez saisir un e-mail valable.
 user_input.invalid.email.required=Champ requis

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/LitDict_it.properties

@@ -1,5 +1,5 @@
 
-accept.button.label=Accettare
+accept.button.label=Accetta
 agov-ident.done.message=Il vostro conto AGOV è ora pronto per l'uso. Può chiudere questa pagina.
 agov-ident.done.title=Finito
 agov-ident.failed.instruction=Per completare la registrazione è necessario disporre di un account AGOV e superare la verifica dei dati suggerita. Riprova.
@@ -10,10 +10,11 @@ agov-ident.invalid-url.message=Il link non può essere elaborato
 agov-ident.invalid-url.title=Link non valido
 agov-ident.onboarding=Registrazione e verifica
 agov-ident.retry=Riprova
-cancel.button.label=Abortire
+cancel.button.label=Annulla
 continue.button.label=Continua
 darkModeSwitch.aria.label=Attivare la modalità scura
 deputy.profile.label=(profilo del delegato)
+error.account.exists=L'account esiste gi<67>. Prosegui col login.
 error.saml.failed=Chiudi il browser e riprova.
 error_1=Verificare i dati inseriti.
 error_10=Scegliere l&rsquo;account utente corretto.
@@ -284,7 +285,9 @@ recovery_questionnaire_reason_selection.instruction=Selezioni il motivo per cui
 recovery_start_info.banner.warning=Non &egrave; possibile utilizzare l&rsquo;account finch&eacute; il processo di ripristino non sar&agrave; concluso.
 recovery_start_info.instruction=Durante il processo di ripristino registrer&agrave; un nuovo fattore di login. Se il suo account contiene informazioni verificate, potrebbe dover effettuare anche un processo di verificazione per completare il ripristino.
 recovery_start_info.title=Sta per iniziare il processo di ripristino
-reject.button.label=Rifiuti
+reject.button.label=Rifiuta
+signup.button.label=Iscriviti
+skip.button.label=Salta
 submit.button.label=Continua
 tan.sent=Inserisci il codice di sicurezza che &egrave; stato inviato al tuo telefono cellulare.
 title.login=Login
@@ -293,6 +296,7 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Autorizzazione del client
 title.saml.failed=Error
+title.signup=Crea un account
 title.timeout.page=Logout
 user_input.invalid.email=Inserire un'e-mail valida.
 user_input.invalid.email.required=Campo obbligatorio

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/env.conf

@@ -13,8 +13,9 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2505.5,service.instance.id=$HOSTNAME"
     "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-default-tls-trust/truststore.p12"
     "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-default-tls-trust/keypass}"
 )
 
+

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml

@@ -45,6 +45,8 @@
                 <!-- source: pattern://271d024334021208b71ac80a -->
                 <field src="session" key="ch.adnovum.nevisidm.clientId" as="clientId"/>
                 <!-- source: pattern://271d024334021208b71ac80a -->
+                <field src="session" key="ch.nevis.session.domain" as="domain"/>
+                <!-- source: pattern://271d024334021208b71ac80a -->
                 <field src="request" key="ActualRoles" as="roles"/>
             </TokenSpec>
             <!-- source: pattern://271d024334021208b71ac80a -->
@@ -65,6 +67,8 @@
                 <!-- source: pattern://271d024334021208b71ac80a -->
                 <field src="session" key="ch.adnovum.nevisidm.clientId" as="clientId"/>
                 <!-- source: pattern://271d024334021208b71ac80a -->
+                <field src="session" key="ch.nevis.session.domain" as="domain"/>
+                <!-- source: pattern://271d024334021208b71ac80a -->
                 <field src="request" key="ActualRoles" as="roles"/>
             </TokenSpec>
             <!-- source: pattern://271d024334021208b71ac80a -->
@@ -1137,8 +1141,6 @@
             <!-- source: pattern://12c979b6af0f15f1328656a4 -->
             <ResultCond name="SOAP:showGui" next="SAML_SP_nevisidm_admin_Realm_Log_Login_User"/>
             <!-- source: pattern://12c979b6af0f15f1328656a4 -->
-            <ResultCond name="default" next="SAML_SP_nevisidm_admin_Realm_Log_Login_User"/>
-            <!-- source: pattern://12c979b6af0f15f1328656a4 -->
             <ResultCond name="ok" next="SAML_SP_nevisidm_admin_Realm_Log_Login_User" startOver="true"/>
             <!-- source: pattern://12c979b6af0f15f1328656a4 -->
             <ResultCond name="showGui" next="SAML_SP_nevisidm_admin_Realm_admin_nevisIDM_Password_Login-IdmPostProcessing"/>
@@ -1157,6 +1159,12 @@
             <property name="detaillevel.default" value="EXCLUDE"/>
             <!-- source: pattern://12c979b6af0f15f1328656a4 -->
             <property name="detaillevel.user" value="MEDIUM"/>
+            <!-- source: pattern://12c979b6af0f15f1328656a4 -->
+            <property name="detaillevel.profile" value="MEDIUM"/>
+            <!-- source: pattern://12c979b6af0f15f1328656a4 -->
+            <property name="detaillevel.role" value="LOW"/>
+            <!-- source: pattern://12c979b6af0f15f1328656a4 -->
+            <property name="forceDataReload" value="true"/>
         </AuthState>
         <AuthState name="SAML_SP_nevisidm_admin_Realm_admin_nevisIDM_Password_Login-IdmPasswordChange" class="ch.nevis.idm.authstate.IdmChangePasswordState" final="false">
             <!-- source: pattern://12c979b6af0f15f1328656a4 -->
@@ -1234,7 +1242,7 @@
                     <!-- source: pattern://12c979b6af0f15f1328656a4 -->
                     <GuiElem name="isiwebnewpw2" type="pw-text" label="prompt.newpassword.confirm"/>
                     <!-- source: pattern://12c979b6af0f15f1328656a4 -->
-                    <GuiElem name="submit" type="submit" label="button.submit"/>
+                    <GuiElem name="submit" type="submit" label="submit.button.label"/>
                 </Gui>
             </Response>
             <propertyRef name="nevisIDM_Connector"/>
@@ -1342,4 +1350,6 @@
             <property name="generateNow" value="true"/>
         </AuthState>
     </AuthEngine>
+    <!-- source: pattern://ac27dd7daad0ca2b7229bfaf -->
+    <RESTService name="ManagementService" class="ch.nevis.esauth.rest.service.session.ManagementService"/>
 </esauth-server>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/logging.yml

@@ -16,12 +16,6 @@ Configuration:
       level: "INFO"
     - name: "EsAuthStart"
       level: "INFO"
-    - name: "org.apache.catalina.loader.WebappClassLoader"
-      level: "FATAL"
-    - name: "org.apache.catalina.startup.HostConfig"
-      level: "ERROR"
-    - name: "ch.nevis.esauth.events"
-      level: "FATAL"
     - name: "AGOVOP-ACCT"
       level: "INFO"
     - name: "AGOVOP-IDENT"

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/otel.properties

@@ -1,4 +1,5 @@
 otel.service.name = auth
+otel.traces.sampler = always_on
 otel.traces.exporter = none
 otel.metrics.exporter = none
 otel.logs.exporter = none

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm-job/etc/nevis/k8s-nevisidm-batch-641ac4edf0c17383d3c0ea38.yaml

@@ -11,8 +11,8 @@ metadata:
 spec:
   type: "NevisIDM"
   replicas: 1
-  version: "8.2411.3"
+  version: "8.2505.5"
-  gitInitVersion: "1.3.0"
+  gitInitVersion: "1.4.0"
   runAsNonRoot: true
   ports:
     management: 8998
@@ -40,13 +40,14 @@ spec:
     management:
       httpGet:
         path: "/health"
+      initialDelaySeconds: 60
       periodSeconds: 5
       timeoutSeconds: 6
-      failureThreshold: 50
+      failureThreshold: 30
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-209bf374662c383a97fa9f48eab356e6e7ded80a"
+    tag: "r-7e9f2304b72a07725abab4c27833af5cdd73ab53"
     dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm-job"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm-job/var/opt/nevisidm/default/conf/env.conf

@@ -4,5 +4,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2505.5,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm-job/var/opt/nevisidm/default/conf/nevisidm-prod.properties

@@ -2,6 +2,14 @@
 web.gui.languages.default=de
 # source: pattern://0d4bbba28a4a76094d41df81
 database.connection.url=jdbc:mariadb://mariadb-agov-uat.mariadb.database.azure.com:3306/nevisidm_uat?pinGlobalTxToPhysicalConnection=1&useMysqlMetadata=true&cachePrepStmts=true&prepStmtCacheSize=1000&useSSL=true&trustStore=/var/opt/keys/trust/idm-db-tls-truststore/truststore.jks
+# source: pattern://0116b3002d0e713e23e6be72
+database.connection.pool.size.min=5
+# source: pattern://0116b3002d0e713e23e6be72
+database.connection.pool.size.max=10
+# source: pattern://0d4bbba28a4a76094d41df81
+database.connection.max.lifetime=1800
+# source: pattern://0d4bbba28a4a76094d41df81
+database.connection.max.idle.time=600
 # source: pattern://0d4bbba28a4a76094d41df81
 database.connection.username=adndbadmin
 # source: pattern://0d4bbba28a4a76094d41df81
@@ -53,10 +61,6 @@ application.modules.event.repeat.count=-1
 # source: pattern://0116b3002d0e713e23e6be72
 application.modules.provisioning.enabled=false
 # source: pattern://0116b3002d0e713e23e6be72
-database.connection.pool.size.max=10
-# source: pattern://0116b3002d0e713e23e6be72
-database.connection.pool.size.min=5
-# source: pattern://0116b3002d0e713e23e6be72
 database.connection.xa.enabled=false
 # source: pattern://0116b3002d0e713e23e6be72
 database.transaction.timeout=60

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm-job/var/opt/nevisidm/default/conf/otel.properties

@@ -1,4 +1,5 @@
 otel.service.name = idm-job
+otel.traces.sampler = always_on
 otel.traces.exporter = none
 otel.metrics.exporter = none
 otel.logs.exporter = none

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm/etc/nevis/k8s-idm-db-ca0629d86201d4c4ac857d60.yaml

@@ -0,0 +1,27 @@
+apiVersion: "operator.nevis-security.ch/v1"
+kind: "NevisDatabase"
+metadata:
+  name: "idm"
+  namespace: "adn-agov-nevisidm-admin-01-uat"
+  labels:
+    deploymentTarget: "idm"
+  annotations:
+    projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
+    patternId: "ca0629d86201d4c4ac857d60"
+spec:
+  type: "NevisIDM"
+  databaseType: "MariaDB"
+  version: "8.2505.5"
+  url: "mariadb-agov-uat.mariadb.database.azure.com"
+  port: 3306
+  ssl: true
+  database: "nevisidm_uat"
+  bootstrap: true
+  migrate: true
+  rootCredentials:
+    name: "root-adn-agov-nevisidm-admin-01-uat-idm"
+    namespace: "adn-agov-nevisidm-admin-01-uat"
+  podSecurity:
+    policy: "baseline"
+    automountServiceAccountToken: false
+  timeZone: "Europe/Zurich"

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm/etc/nevis/k8s-nevisidm-ba7c7a3b091df0c4b8ba0bb2.yaml

@@ -11,8 +11,8 @@ metadata:
 spec:
   type: "NevisIDM"
   replicas: 1
-  version: "8.2411.3"
+  version: "8.2505.5"
-  gitInitVersion: "1.3.0"
+  gitInitVersion: "1.4.0"
   runAsNonRoot: true
   ports:
     management: 8998
@@ -40,15 +40,19 @@ spec:
     management:
       httpGet:
         path: "/health"
+      initialDelaySeconds: 60
       periodSeconds: 5
       timeoutSeconds: 6
-      failureThreshold: 50
+      failureThreshold: 30
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-209bf374662c383a97fa9f48eab356e6e7ded80a"
+    tag: "r-535a1c58f3e972bdefb25ae1db1c6e392665da01"
     dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm"
     credentials: "git-credentials"
+  database:
+    name: "idm"
+    requiredVersion: "8.2505.5"
   keystores:
   - "idm-default-identity"
   truststores:
@@ -60,5 +64,4 @@ spec:
   timeZone: "Europe/Zurich"
   secrets:
     secret:
-    - "a2068eb83a60702322c13949-27ed70d3"
     - "c418560f50e0332d087e85bf-89ec31e5"

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm/var/opt/nevisidm/default/conf/env.conf

@@ -4,5 +4,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2505.5,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm/var/opt/nevisidm/default/conf/nevisidm-prod.properties

@@ -2,10 +2,18 @@
 web.gui.languages.default=de
 # source: pattern://ca0629d86201d4c4ac857d60
 database.connection.url=jdbc:mariadb://mariadb-agov-uat.mariadb.database.azure.com:3306/nevisidm_uat?pinGlobalTxToPhysicalConnection=1&useMysqlMetadata=true&cachePrepStmts=true&prepStmtCacheSize=1000&useSSL=true&trustStore=/var/opt/keys/trust/idm-db-tls-truststore/truststore.jks
+# source: pattern://fe4a248ac7b092a6a80624f1
+database.connection.pool.size.min=5
+# source: pattern://fe4a248ac7b092a6a80624f1
+database.connection.pool.size.max=10
 # source: pattern://ca0629d86201d4c4ac857d60
-database.connection.username=adndbadmin
+database.connection.max.lifetime=1800
 # source: pattern://ca0629d86201d4c4ac857d60
-database.connection.password=secret://a2068eb83a60702322c13949-27ed70d3
+database.connection.max.idle.time=600
+# source: pattern://ca0629d86201d4c4ac857d60
+database.connection.username=${exec:/var/opt/nevisidm/default/conf/credentials/dbUser}
+# source: pattern://ca0629d86201d4c4ac857d60
+database.connection.password=${exec:/var/opt/nevisidm/default/conf/credentials/dbPassword}
 # source: pattern://ba7c7a3b091df0c4b8ba0bb2
 application.mail.smtp.host=greenmail.adn-agov-mail-01-uat.svc
 # source: pattern://ba7c7a3b091df0c4b8ba0bb2
@@ -59,10 +67,6 @@ application.modules.reporting.characterencoding=ISO-8859-1
 # source: pattern://fe4a248ac7b092a6a80624f1
 application.modules.reporting.separator=;
 # source: pattern://fe4a248ac7b092a6a80624f1
-database.connection.pool.size.max=10
-# source: pattern://fe4a248ac7b092a6a80624f1
-database.connection.pool.size.min=5
-# source: pattern://fe4a248ac7b092a6a80624f1
 database.connection.xa.enabled=false
 # source: pattern://fe4a248ac7b092a6a80624f1
 web.gui.facing.cache.size=10000

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm/var/opt/nevisidm/default/conf/otel.properties

@@ -1,4 +1,5 @@
 otel.service.name = idm
+otel.traces.sampler = always_on
 otel.traces.exporter = none
 otel.metrics.exporter = none
 otel.logs.exporter = none

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/etc/nevis/k8s-nevislogrend-8401da6318c6915d689cdfc9.yaml

@@ -11,8 +11,8 @@ metadata:
 spec:
   type: "NevisLogrend"
   replicas: 1
-  version: "8.2411.2"
+  version: "8.2505.5"
-  gitInitVersion: "1.3.0"
+  gitInitVersion: "1.4.0"
   runAsNonRoot: true
   ports:
     server: 8988
@@ -38,13 +38,14 @@ spec:
   startupProbe:
     server:
       tcpSocket: true
+      initialDelaySeconds: 30
       periodSeconds: 5
       timeoutSeconds: 4
-      failureThreshold: 50
+      failureThreshold: 30
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-d06bd972269492f0db33bc07396b5fe3c91cdaaf"
+    tag: "r-7e9f2304b72a07725abab4c27833af5cdd73ab53"
     dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend"
     credentials: "git-credentials"
   podSecurity:

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/conf/env.conf

@@ -10,5 +10,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevislogrend/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2505.5,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/conf/mimetype.properties

@@ -1,3 +1,5 @@
+
 ico=image/x-icon
+json=application/json
 woff=font/woff
 woff2=font/woff2

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/conf/otel.properties

@@ -1,4 +1,5 @@
 otel.service.name = logrend
+otel.traces.sampler = always_on
 otel.traces.exporter = none
 otel.metrics.exporter = none
 otel.logs.exporter = none

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/apple.svg

@@ -0,0 +1,10 @@
+<svg width="19" height="18" viewBox="0 0 19 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0)">
+<path d="M13.9697 17.2808C12.9941 18.2276 11.9177 18.08 10.8917 17.6336C9.80091 17.1782 8.80371 17.1494 7.65171 17.6336C6.21711 18.2528 5.45571 18.0728 4.59171 17.2808C-0.28628 12.2588 0.433719 4.60879 5.97771 4.32079C7.32231 4.39279 8.26371 5.06419 9.05571 5.11999C10.2329 4.88059 11.3597 4.19479 12.6197 4.28479C14.1335 4.40719 15.2657 5.00479 16.0217 6.07938C12.9077 7.95138 13.6457 12.0554 16.5059 13.2074C15.9335 14.7104 15.1991 16.1954 13.9679 17.2934L13.9697 17.2808ZM8.94771 4.26679C8.80191 2.03479 10.6109 0.198798 12.6917 0.0187988C12.9779 2.59279 10.3517 4.51879 8.94771 4.26679Z" fill="#1F2F33"/>
+</g>
+<defs>
+<clipPath id="clip0">
+<rect width="15.156" height="18" fill="white" transform="translate(1.3335)"/>
+</clipPath>
+</defs>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/authcloud_login.js

@@ -66,7 +66,7 @@ const Status = {
 };
 
 function setDeepLinkLabel(button) {
-    const text = document.getElementsByName('info.deeplink')[0].value;
+    const text = document.getElementById('info.login.access_app').innerText;
     button.innerHTML = text;
 }
 
@@ -80,7 +80,13 @@ function messageCheckPhone() {
     infoElement.innerHTML = text;
 }
 
-const Element = {
+function showError() {
+    const text = document.getElementsByName('error.authcloud.login')[0].value;
+    errorElement.innerHTML = text;
+    infoElement.style.display = "none";
+}
+
+const AccessAppElement = {
 
     _elem: null, // QR code or deep link depending on device
 
@@ -91,8 +97,11 @@ const Element = {
         if (isAndroid || isIphone) {
             this._elem = document.createElement('a');
             this._elem.setAttribute('href', appLink);
-            this._elem.setAttribute('class', 'btn btn-primary');
+            this._elem.setAttribute('class', 'btn btn-primary w-100 mt-4');
             this._elem.setAttribute('target', '_blank');
+            // distinguishes style for platforms
+            dispatcherElement.classList.add('mobile-platform');
+
             dispatcherElement.appendChild(this._elem);
             setDeepLinkLabel(this._elem);
         }
@@ -103,13 +112,23 @@ const Element = {
             }
             else {
                 messageScanQR();
+                const qrSize = 280;
+                // Element to render the QR code
                 this._elem = document.createElement('canvas');
-                dispatcherElement.appendChild(this._elem);
+                // Wrapper div to render corners
-                var qrcode = new QRious({
+                const qrCodeWrapper = document.createElement('div');
+                qrCodeWrapper.setAttribute('id','qr-code-wrapper');
+                qrCodeWrapper.style.width = `${qrSize}px`;
+                qrCodeWrapper.style.height = `${qrSize}px`;
+                qrCodeWrapper.appendChild(this._elem)
+                dispatcherElement.style.height = `${qrSize}px`;
+                dispatcherElement.appendChild(qrCodeWrapper);
+                const qrcode = new QRious({
                   element: this._elem,
-                  foreground: "#168CA9",
+                  // use --nevis-gray-900 CSS variable value
+                  foreground: getComputedStyle(document.body).getPropertyValue('--nevis-gray-900'),
                   level: "M",
-                  size: 280,
+                  size: qrSize,
                   value: appLink
                 });
             }
@@ -125,20 +144,31 @@ const Element = {
 };
 
 function authenticateUser(appLink) {
-    Element.show(appLink);
+
-    console.log('Starting Authentication Cloud status polling...');
+    AccessAppElement.show(appLink);
+
+    console.log('Starting Auth Cloud status polling...');
+
     Status.startPolling(statusToken, (st, done) => {
+
         if (st.status === 'succeeded') {
-            console.log('Authentication Cloud login done.');
+
+            console.log('Auth Cloud success.');
+
+            // auto submit form with outcome
             submitStatus('succeeded')
         }
         else if (st.status === 'failed') {
+
             // failed: The transaction failed, either by timeout or because the user did not accept.
-            console.warn('Authentication Cloud login failed. User abort or timeout.');
+            console.warn('Auth Cloud login failed. User abort or timeout.');
+
             submitStatus('failed')
         }
         else if (st.status === 'unknown') {
-            console.error('Authentication Cloud login failed. Unknown status.');
+
+            console.error('Auth Cloud login failed. Unknown status.');
+
             submitStatus('unknown')
         }
     });

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/authcloud_onboard.js

@@ -75,7 +75,12 @@ function messageScanQR() {
     infoElement.innerHTML = text;
 }
 
-const Element = {
+function messageInstalledAccessApp() {
+  const text = document.getElementById('info.access_app.installed').innerText;
+  infoElement.innerHTML = text;
+}
+
+const AccessAppElement = {
 
     _elem: null, // QR code or deep link depending on device
 
@@ -84,22 +89,47 @@ const Element = {
         const isIphone = 'iPhone' === navigator.platform;
         const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent);
         if (isAndroid || isIphone) {
+            if (isAndroid) {
+                document.getElementById('install_apple').style.display = 'none';
+            }
+            if (isIphone) {
+                document.getElementById('install_google').style.display = 'none';
+            }
             this._elem = document.createElement('a');
             this._elem.setAttribute('href', appLink);
-            this._elem.setAttribute('class', 'btn btn-primary');
+            this._elem.setAttribute('class', 'btn btn-primary w-100');
             this._elem.setAttribute('target', '_blank');
+            // distinguishes style for platforms
+            dispatcherElement.classList.add('mobile-platform');
+            const accessApplinks = document.getElementById('access-app-download-link');
+            accessApplinks.classList.add('access-app-download-link-mobile-spacing');
+
             dispatcherElement.appendChild(this._elem);
             setDeepLinkLabel(this._elem);
+
+            // info text is displayed before access app links
+            accessApplinks.parentNode.insertBefore(infoElement.parentNode, accessApplinks);
+            messageInstalledAccessApp();
         }
         else {
             messageScanQR();
+            const qrSize = 280;
+            // Element to render the QR code
             this._elem = document.createElement('canvas');
-            dispatcherElement.appendChild(this._elem);
+            // Wrapper div to render corners
-            var qrcode = new QRious({
+            const qrCodeWrapper = document.createElement('div');
+            qrCodeWrapper.setAttribute('id','qr-code-wrapper');
+            qrCodeWrapper.style.width = `${qrSize}px`;
+            qrCodeWrapper.style.height = `${qrSize}px`;
+            qrCodeWrapper.appendChild(this._elem)
+            dispatcherElement.style.height = `${qrSize}px`;
+            dispatcherElement.appendChild(qrCodeWrapper);
+            const qrcode = new QRious({
               element: this._elem,
-              foreground: "#168CA9",
+              // use --nevis-gray-900 CSS variable value
+              foreground: getComputedStyle(document.body).getPropertyValue('--nevis-gray-900'),
               level: "M",
-              size: 280,
+              size: qrSize,
               value: appLink
             });
         }
@@ -114,25 +144,47 @@ const Element = {
 };
 
 function onboardUser(appLink) {
-    Element.show(appLink);
+
-    console.log('Starting Authentication Cloud status polling...');
+    AccessAppElement.show(appLink);
+
+    console.log('Starting Auth Cloud status polling...');
+
     Status.startPolling(statusToken, (st, done) => {
+
         if (st.status === 'succeeded') {
-            console.log('Authentication Cloud onboarding done.');
+
+            console.log('Auth Cloud success.');
+
+            // auto submit form with outcome
             submitStatus('succeeded')
         }
         else if (st.status === 'failed') {
+
             // failed: The transaction failed, either by timeout or because the user did not accept.
             console.warn('Authentication Cloud onboarding failed. User abort or timeout.');
+
             submitStatus('failed')
         }
         else if (st.status === 'unknown') {
+
             console.error('Authentication Cloud onboarding failed. Unknown status.');
+
             submitStatus('unknown')
         }
     });
 }
 
+const swap = function (nodeA, nodeB) {
+    const parentA = nodeA.parentNode;
+    const siblingA = nodeA.nextSibling === nodeB ? nodeA : nodeA.nextSibling;
+
+    // Move `nodeA` to before the `nodeB`
+    nodeB.parentNode.insertBefore(nodeA, nodeB);
+
+    // Move `nodeB` to before the sibling of `nodeA`
+    parentA.insertBefore(nodeB, siblingA);
+};
+
 function init() {
 
     const form = document.getElementById('authcloud_onboard');
@@ -145,6 +197,9 @@ function init() {
 
     dispatcherElement = document.getElementById('authcloud_dispatch');
 
+    // info texts are displayed underneath QR code
+    swap(infoElement.parentNode, dispatcherElement.parentNode);
+
     const appLink = form.appLink.value;
     onboardUser(appLink);
 }

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/chevron-down.svg

@@ -0,0 +1,3 @@
+<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M12.6667 6L8 10.6667L3.33333 6" stroke="#1F2F33" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/chevron-right.svg

@@ -0,0 +1,3 @@
+<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path d="M6 3.33332L10.6667 7.99999L6 12.6667" stroke="#1F2F33" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/copy-to-clipboard.js

@@ -0,0 +1,27 @@
+function copyToClipboard(containerid) {
+  if (document.selection) {
+    var range = document.body.createTextRange();
+    range.moveToElementText(document.getElementById(containerid));
+    range.select().createTextRange();
+    document.execCommand("copy");
+  } else if (window.getSelection) {
+    var range = document.createRange();
+    range.selectNode(document.getElementById(containerid));
+    window.getSelection().addRange(range);
+    document.execCommand("copy");
+  }
+
+  // clear selection
+  if (window.getSelection) {
+    if (window.getSelection().empty) {
+      // Chrome
+      window.getSelection().empty();
+    } else if (window.getSelection().removeAllRanges) {
+      // Firefox
+      window.getSelection().removeAllRanges();
+    }
+  } else if (document.selection) {
+    // IE
+    document.selection.empty();
+  }
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/customized-bootstrap.css

@@ -0,0 +1,755 @@
+/*!
+ * Bootstrap v5.1.3 (https://getbootstrap.com/)
+ * Copyright 2011-2021 The Bootstrap Authors
+ * Copyright 2011-2021 Twitter, Inc.
+ * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE)
+*/
+
+/*
+ * This file contains customized bootstrap classes which are in the same name, however differ in the implementation.
+ * Classes use CSS custom properties from :root to be runtime modifiable.
+ * Used a portion of bootstrap classes which satisfy the requirements without to include the whole bootstrap bundle.
+ * If you would like to add new classes as "override" or extension please use the bootstrap naming convention.
+*/
+
+/* Form controls */
+.form-label {
+  margin-bottom: 0.25rem;
+}
+
+.form-check:has(.form-check-label) {
+  padding: 1em 1em 1em 1.6em;
+  border-top: solid 1px lightgray;
+  margin: 0 1em 0 1em;
+}
+
+.form-check-label {
+  font-size: 0.875rem !important;
+}
+
+.form-group {}
+
+.form-control {
+  display: block;
+  width: 100%;
+  padding: 0.5625rem 0.75rem;
+  font-size: 1rem;
+  font-weight: 400;
+  line-height: 1.25rem;
+  color: var(--nevis-black);
+  background-color: var(--nevis-white);
+  background-clip: padding-box;
+  border: 0.0625rem solid var(--nevis-form-control-border-color);
+  border-radius: var(--nevis-border-radius);
+  -webkit-appearance: none;
+  -moz-appearance: none;
+  appearance: none;
+  transition: border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
+}
+
+@media (prefers-reduced-motion: reduce) {
+  .form-control {
+    transition: none;
+  }
+}
+
+.form-control:focus {
+  color: var(--nevis-black);
+  background-color: var(--nevis-white);
+  border-color: var(--nevis-primary);
+  outline: 0;
+  box-shadow: 0 0 0 0.0625rem var(--nevis-primary);
+}
+
+.form-control::-webkit-date-and-time-value {
+  height: 1.5em;
+}
+
+.form-control::-moz-placeholder {
+  color: var(--nevis-secondary);
+  opacity: 1;
+}
+
+.form-control::placeholder {
+  color: var(--nevis-secondary);
+  opacity: 1;
+}
+
+.form-control:disabled {
+  font-size: 0.875rem;
+  background-color: #e9ecef;
+  opacity: 1;
+}
+
+.form-control[readonly] {
+  background: var(--nevis-readonly-bg-color);
+  border-color: var(--nevis-readonly-border-color);
+  border-radius: var(--nevis-border-radius);
+  color: var(--nevis-gray-900);
+  font-size: 0.875rem;
+}
+
+.form-control[readonly]:focus {
+  box-shadow: 0 0 0 0.0625rem var(--nevis-readonly-box-shadow-color);
+}
+
+/* Valdiation */
+.invalid-feedback {
+  display: none;
+  width: 100%;
+  margin-top: 0.25rem;
+  font-size: 0.875em;
+  color: var(--nevis-danger);
+}
+
+.was-validated :invalid~.invalid-feedback,
+.was-validated :invalid~.invalid-tooltip,
+.is-invalid~.invalid-feedback,
+.is-invalid~.invalid-tooltip {
+  display: block;
+}
+
+/* Added for 3rd party International Telephone Input */
+.was-validated .iti~.invalid-feedback.invalid-feedback-ready,
+.was-validated .iti~.invalid-tooltip.invalid-feedback-ready {
+  display: block;
+}
+
+.was-validated .form-control:invalid,
+.form-control.is-invalid {
+  border-color: var(--nevis-danger);
+  border-width: 0.125rem;
+  padding-right: inherit;
+  background-image: none;
+  background-repeat: no-repeat;
+  background-position: inherit;
+  background-size: inherit;
+}
+
+.was-validated .form-control:invalid:focus,
+.form-control.is-invalid:focus {
+  border-color: var(--nevis-danger);
+  box-shadow: none;
+}
+
+.form-control:valid,
+.form-control.is-valid {
+  background-image: none;
+}
+
+/* remove valid feedback classes */
+.was-validated .form-control:valid,
+.form-control.is-valid {
+  border-color: var(--nevis-gray-400);
+  padding-right: inherit;
+  background-image: inherit;
+  background-repeat: no-repeat;
+  background-position: inherit;
+  background-size: inherit;
+}
+
+.was-validated .form-control:valid:focus,
+.form-control.is-valid:focus {
+  border-color: var(--nevis-gray-400);
+  box-shadow: unset;
+}
+
+.was-validated textarea.form-control:valid,
+textarea.form-control.is-valid {
+  padding-right: inherit;
+  background-position: inherit;
+}
+
+.was-validated .form-select:valid,
+.form-select.is-valid {
+  border-color: var(--nevis-gray-400);
+}
+
+.was-validated .form-select:valid:not([multiple]):not([size]),
+.was-validated .form-select:valid:not([multiple])[size="1"],
+.form-select.is-valid:not([multiple]):not([size]),
+.form-select.is-valid:not([multiple])[size="1"] {
+  padding-right: inherit;
+  background-image: none;
+  background-position: inherit;
+  background-size: inherit;
+}
+
+.was-validated .form-select:valid:focus,
+.form-select.is-valid:focus {
+  border-color: var(--nevis-gray-400);
+  box-shadow: unset;
+}
+
+.was-validated .form-check-input:valid,
+.form-check-input.is-valid {
+  border-color: var(--nevis-gray-400);
+}
+
+.was-validated .form-check-input:valid:checked,
+.form-check-input.is-valid:checked {
+  background-color: inherit;
+}
+
+.was-validated .form-check-input:valid:focus,
+.form-check-input.is-valid:focus {
+  box-shadow: unset;
+}
+
+.was-validated .form-check-input:valid~.form-check-label,
+.form-check-input.is-valid~.form-check-label {
+  color: inherit;
+}
+
+/* Buttons */
+.btn {
+  display: inline-block;
+  font-weight: 500;
+  line-height: 1.5rem;
+  color: var(--nevis-black);
+  text-align: center;
+  text-decoration: none;
+  vertical-align: middle;
+  cursor: pointer;
+  -webkit-user-select: none;
+  -moz-user-select: none;
+  user-select: none;
+  background-color: transparent;
+  border: 0.0625rem solid transparent;
+  padding: 0.75rem 1.25rem;
+  font-size: 1rem;
+  border-radius: var(--nevis-border-radius);
+  transition: color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
+}
+
+@media (prefers-reduced-motion: reduce) {
+  .btn {
+    transition: none;
+  }
+}
+
+.btn:hover {
+  color: var(--nevis-black);
+}
+
+.btn:disabled,
+.btn.disabled,
+fieldset:disabled .btn {
+  pointer-events: none;
+  opacity: 0.65;
+}
+
+/* remove box-shadows by default, enable later by colors */
+.btn:focus {
+  box-shadow: unset;
+}
+
+.btn-check:checked+.btn-primary:focus,
+.btn-check:active+.btn-primary:focus,
+.btn-primary:active:focus,
+.btn-primary.active:focus,
+.show>.btn-primary.dropdown-toggle:focus {
+  box-shadow: unset;
+}
+
+/* Primary Button */
+.btn-primary {
+  color: var(--nevis-white);
+  background-color: var(--nevis-primary);
+  border-color: var(--nevis-primary);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-primary);
+}
+
+.btn-primary:hover {
+  color: var(--nevis-white);
+  filter: brightness(110%);
+  background-color: var(--nevis-primary);
+  border-color: var(--nevis-primary);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-primary);
+}
+
+.btn-primary:focus {
+  color: var(--nevis-white);
+  background-color: var(--nevis-primary);
+  border-color: var(--nevis-primary);
+  filter: brightness(110%);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-primary);
+}
+
+.btn-primary:active,
+.btn-primary.active {
+  color: var(--nevis-white);
+  background-color: var(--nevis-primary);
+  border-color: var(--nevis-primary);
+  filter: brightness(90%);
+}
+
+.btn-primary:active:focus,
+.btn-primary.active:focus {
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-primary);
+}
+
+.btn-primary:disabled,
+.btn-primary.disabled {
+  color: var(--nevis-secondary);
+  background-color: var(--nevis-gray-100);
+  border-color: var(--nevis-gray-100);
+  box-shadow: none;
+  filter: brightness(1);
+}
+
+/* Secondary Button */
+.btn-secondary {
+  color: var(--nevis-gray-900);
+  background-color: var(--nevis-gray-200);
+  border-color: var(--nevis-gray-200);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-gray-200);
+}
+
+.btn-secondary:hover {
+  color: var(--nevis-gray-900);
+  filter: brightness(110%);
+  background-color: var(--nevis-gray-200);
+  border-color: var(--nevis-gray-200);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-gray-200);
+}
+
+.btn-secondary:focus {
+  color: var(--nevis-gray-900);
+  background-color: var(--nevis-gray-200);
+  border-color: var(--nevis-gray-200);
+  filter: brightness(110%);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-gray-200);
+}
+
+.btn-secondary:active,
+.btn-secondary.active {
+  color: var(--nevis-gray-900);
+  background-color: var(--nevis-gray-200);
+  border-color: var(--nevis-gray-200);
+  filter: brightness(90%);
+}
+
+.btn-secondary:active:focus,
+.btn-secondary.active:focus {
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-gray-200);
+}
+
+.btn-secondary:disabled,
+.btn-secondary.disabled {
+  color: var(--nevis-secondary);
+  background-color: var(--nevis-gray-100);
+  border-color: var(--nevis-gray-100);
+  box-shadow: none;
+  filter: brightness(1);
+}
+
+.btn-link {
+  font-size: 0.875rem !important;
+  vertical-align: baseline;
+  border: none;
+  color: var(--nevis-primary);
+  background: none;
+  text-decoration: none;
+  padding: 0;
+}
+
+/* Componentes */
+.dropdown-toggle::after {
+  display: none !important;
+}
+
+/* Utilities */
+h6,
+.h6,
+h5,
+.h5,
+h4,
+.h4,
+h3,
+.h3,
+h2,
+.h2,
+h1,
+.h1 {
+  margin-top: 0;
+  font-weight: 500;
+  line-height: 1.2;
+}
+
+h1,
+.h1 {
+  font-size: calc(1.375rem + 1.5vw);
+}
+
+@media (min-width: 1200px) {
+
+  h1,
+  .h1 {
+    font-size: 2.5rem;
+  }
+}
+
+h2,
+.h2 {
+  font-size: calc(1.325rem + 0.9vw);
+}
+
+@media (min-width: 1200px) {
+
+  h2,
+  .h2 {
+    font-size: 2rem;
+  }
+}
+
+h3,
+.h3 {
+  font-size: calc(1.3rem + 0.6vw);
+}
+
+@media (min-width: 1200px) {
+
+  h3,
+  .h3 {
+    font-size: 1.75rem;
+  }
+}
+
+h4,
+.h4 {
+  font-size: calc(1.275rem + 0.3vw);
+}
+
+@media (min-width: 1200px) {
+
+  h4,
+  .h4 {
+    font-size: 1.5rem;
+  }
+}
+
+h5,
+.h5 {
+  font-size: 1.25rem;
+}
+
+h6,
+.h6 {
+  font-size: 1rem;
+}
+
+small,
+.small {
+  font-size: 0.875rem !important;
+}
+
+.text-primary {
+  color: var(--nevis-primary) !important;
+}
+
+.text-secondary {
+  color: var(--nevis-secondary) !important;
+}
+
+.text-success {
+  color: var(--nevis-success) !important;
+}
+
+.text-info {
+  color: var(--nevis-info) !important;
+}
+
+.text-warning {
+  color: var(--nevis-warning) !important;
+}
+
+.text-danger {
+  color: var(--nevis-danger) !important;
+}
+
+.text-light {
+  color: var(--nevis-light) !important;
+}
+
+.text-dark {
+  color: var(--nevis-dark) !important;
+}
+
+.text-white {
+  color: var(--nevis-white) !important;
+}
+
+.bg-primary {
+  background-color: var(--nevis-primary) !important;
+}
+
+.bg-secondary {
+  background-color: var(--nevis-secondary) !important;
+}
+
+.bg-success {
+  background-color: var(--nevis-success) !important;
+}
+
+.bg-info {
+  background-color: var(--nevis-info) !important;
+}
+
+.bg-warning {
+  background-color: var(--nevis-warning) !important;
+}
+
+.bg-danger {
+  background-color: var(--nevis-danger) !important;
+}
+
+.bg-light {
+  background-color: var(--nevis-light) !important;
+}
+
+.bg-dark {
+  background-color: var(--nevis-dark) !important;
+}
+
+.bg-body {
+  background-color: var(--nevis-white) !important;
+}
+
+.bg-white {
+  background-color: var(--nevis-white) !important;
+}
+
+.link-primary {
+  color: var(--nevis-primary);
+}
+
+.link-primary:hover,
+.link-primary:focus {
+  color: var(--nevis-primary);
+  filter: brightness(80%);
+}
+
+.link-secondary {
+  color: var(--nevis-secondary);
+}
+
+.link-secondary:hover,
+.link-secondary:focus {
+  color: var(--nevis-secondary);
+  filter: brightness(80%);
+}
+
+.link-success {
+  color: var(--nevis-success);
+}
+
+.link-success:hover,
+.link-success:focus {
+  color: var(--nevis-success);
+  filter: brightness(80%);
+}
+
+.link-info {
+  color: var(--nevis-info);
+}
+
+.link-info:hover,
+.link-info:focus {
+  color: var(--nevis-info);
+  filter: brightness(80%);
+}
+
+.link-warning {
+  color: var(--nevis-warning);
+}
+
+.link-warning:hover,
+.link-warning:focus {
+  color: var(--nevis-warning);
+  filter: brightness(80%);
+}
+
+.link-danger {
+  color: var(--nevis-danger);
+}
+
+.link-danger:hover,
+.link-danger:focus {
+  color: var(--nevis-danger);
+  filter: brightness(80%);
+}
+
+.link-light {
+  color: var(--nevis-light);
+}
+
+.link-light:hover,
+.link-light:focus {
+  color: var(--nevis-light);
+  filter: brightness(80%);
+}
+
+.link-dark {
+  color: var(--nevis-dark);
+}
+
+.link-dark:hover,
+.link-dark:focus {
+  color: var(--nevis-dark);
+  filter: brightness(80%);
+}
+
+.border-primary {
+  border-color: var(--nevis-primary) !important;
+}
+
+.border-secondary {
+  border-color: var(--nevis-secondary) !important;
+}
+
+.border-success {
+  border-color: var(--nevis-success) !important;
+}
+
+.border-info {
+  border-color: var(--nevis-info) !important;
+}
+
+.border-warning {
+  border-color: var(--nevis-warning) !important;
+}
+
+.border-danger {
+  border-color: var(--nevis-danger) !important;
+  border-width: 0.125rem;
+}
+
+.border-light {
+  border-color: var(--nevis-light) !important;
+}
+
+.border-dark {
+  border-color: var(--nevis-dark) !important;
+}
+
+.border-white {
+  border-color: var(--nevis-white) !important;
+}
+
+
+/* EXTENSION PART */
+
+/* Spacing */
+.mt-20 {
+  margin-top: 1.25rem;
+}
+
+.me-5px {
+  margin-right: 0.3125rem;
+}
+
+.my-40 {
+  margin: 2.5rem 0;
+}
+
+.mb-40 {
+  margin-bottom: 2.5rem;
+}
+
+/* Colors */
+
+.text-nevis-blue {
+  color: var(--nevis-blue-600) !important;
+}
+
+.bg-nevis-blue {
+  background-color: var(--nevis-blue-600) !important;
+}
+
+.border-nevis-blue {
+  border-color: var(--nevis-blue-600) !important;
+}
+
+.link-nevis-blue {
+  color: var(--nevis-blue-600);
+}
+
+.link-nevis-blue:hover,
+.link-nevis-blue:focus {
+  color: var(--nevis-blue-600);
+  filter: brightness(80%);
+}
+
+.btn-language-selector {
+  display: inline-flex;
+  justify-content: center;
+  align-items: center;
+  flex-shrink: 0;
+  padding: 0;
+  min-width: 0;
+  box-sizing: border-box;
+  box-shadow: none;
+  font-size: 0.875rem !important;
+  line-height: 1.25rem;
+  font-weight: normal;
+  outline: none;
+  border: none;
+  vertical-align: baseline;
+  text-align: center;
+  background-color: initial;
+  color: var(--nevis-gray-900);
+}
+
+.btn-language-selector:hover {
+  background: initial;
+}
+
+.btn-language-selector:active {
+  background: initial;
+}
+
+.btn-language-selector:focus {
+  box-shadow: none;
+}
+
+.btn-language-selector+.dropdown-menu {
+  min-width: 0;
+  width: 10rem;
+  padding: 0.25rem 0;
+  /* centering the dropdown */
+  margin-left: -0.5rem !important;
+  margin-top: 0.5rem !important;
+  overflow: hidden;
+  box-shadow: 0rem 0rem 0rem 0.0625rem var(--nevis-gray-200),
+    0rem 0.1875rem 1.25rem -0.625rem var(--nevis-gray-900);
+  border-radius: var(--nevis-border-radius);
+  border: 0;
+}
+
+.btn-language-selector+.dropdown-menu>li {
+  overflow: hidden;
+}
+
+.btn-language-selector+.dropdown-menu .dropdown-item {
+  font-style: normal;
+  font-weight: normal;
+  font-size: 0.875rem;
+  line-height: 1.25rem;
+  padding: 0.5rem 1rem;
+  color: var(--nevis-gray-900);
+}
+
+.btn-language-selector+.dropdown-menu .dropdown-item:hover {
+  background: var(--nevis-blue-100);
+}
+
+.btn-language-selector+.dropdown-menu .dropdown-item:focus {
+  background: none;
+}
+
+.btn-language-selector+.dropdown-menu .dropdown-item:active,
+.btn-language-selector+.dropdown-menu .dropdown-item.active {
+  background: var(--nevis-blue-100);
+  filter: brightness(90%);
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/default.css

@@ -1,222 +0,0 @@
-/********************************************************
- * Layout
- ********************************************************/
-
-html { /* magic to position footer */
-	position: relative;
-	min-height: 100%;
-}
-
-body {
-	margin-bottom: 76px; /* == footer height */
-}
-
-.container, .container-fluid {
- 	padding-left: 36px;
-	padding-right: 36px;
-}
-
-nav {
-	min-height: 100px;
-	padding: 36px;
-}
-
-header {
-	margin-bottom: 16px; /* h1.logintitle adds 20px => 36px */
-}
-
-.container {
- 	min-width: 260px;
- 	max-width: 700px;
-}
-
-h1 {
-	margin-bottom: 50px;
-}
-
-footer {
-	width: 100%;
-	position: absolute;
-	bottom: 0;
-	padding: 0 36px;
-}
-
-img {
-	width: 100%;
-}
-
-/********************************************************
- * Header
- ********************************************************/
-
-header .logo {
-	/* width: 20%;*/
-	/*max-width: 600px;*/
-	max-height: 150px;
-	width: auto;
-}
-
-/********************************************************
- * Dropdown
- ********************************************************/
-a.dropdown-toggle {
-	text-decoration: none;
-}
-
-a.dropdown-toggle:hover {
-	color: #168CA9;
-	border-bottom: 3px solid #168CA9;
-}
-
-.dropdown-menu {
-	padding: 5px 0;
-}
-
-.dropdown-menu li > a {
-	padding: 6px 28px;
-}
-
-.dropdown-menu a > .prefix {
-	display: inline-block;
-	min-width: 22px;
-	margin-right: 28px;
-	text-align: right;
-}
-
-/********************************************************
- * Form
- ********************************************************/
-
-/* Labels should not be bold */
-label {
-	font-weight: normal;
-}
-
-/* Make error messages bold */
-.has-error .help-block {
-	font-weight: bold;
-}
-
-/* Change button size, by default 116px in width */
-.btn {
-	min-width: 116px;
-	padding: 3px 12px;
-}
-
-/* Disable gradient in buttons, ughhhh */
-.btn.btn-primary {
-	border-color: transparent;
-	background-image: none;
-	text-shadow: none;
-	box-shadow: none;
-	-webkit-box-shadow: none;
-}
-
-.help-block a, .help-block a:visited {
-	color: #168CA9;
-  font-weight: bold;
-  text-decoration: none;
-}
-
-.help-block a:hover {
-	color: #168CA9;
-  text-decoration: underline;
-}
-
-/********************************************************
- * Footer
- ********************************************************/
-footer .row {
-	margin: 36px 0 0 0;
-	height: 40px;
-	padding-top: 14px;
-	line-height: 26px; /* to center text: height - padding-top = 26px */
-	border-top: 1px solid #168CA9;
-}
-
-footer .row > div { /* Fix alignment between border + text on Bootstrap grid */
-	padding: 0;
-}
-
-footer .logo-round-container {
-	position: relative;
-}
-
-footer .logo-round {
-	position: absolute;
-	left: 0;
-	right: 0;
-	top: -33px; /* found visually with Chrome Dev Tools */
-	height: 36px;
-	width: 36px;
-	border: 1px solid #00868c;
-	border-radius: 18px;
-	background: #fff;
-	padding: 8px;
-}
-
-footer .logo-round > img {
-	display: block;
-}
-
-#dispatchTargets {
-	margin-top: 20px;
-}
-
-/********************************************************
- * Social login
- ********************************************************/
-.btn.line {
-    background-color: transparent;
-    display: block;
-    width: 100%;
-    padding: 0;
-    margin: 1.5em 0 1em;
-    border: 0.5px solid #ccc;
-    pointer-events: none;
-}
-
-.btn.socialLogin {
-    background-color: #fff;
-    border: thin solid #ccc;
-    color: #000;
-    font-weight: 600;
-    position: relative;
-    margin: 5px;
-    min-width: 140px;
-    width: 210px;
-    border-radius: 8px;
-    padding: 8px 12px;
-    text-align: left;
-}
-
-.socialLogin img {
-    width: 1.5em;
-    height: 108%;
-    margin-right: 0.5em;
-}
-
-.btn.apple img {
-    width: 1.2em;
-}
-
-/********************************************************
- * Show password
- ********************************************************/
-.icon-inside {
-  position: relative;
-}
-
-.icon-inside input {
-  padding-right: calc(0.75rem + 1.25rem + 0.75rem);
-}
-
-.icon-inside button {
-  position: absolute;
-  right: 0;
-  top: 0;
-  margin-top: 0.45rem;
-  margin-right: 0.45rem;
-  background: #FFFFFF;
-  border: #FFFFFF;
-}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/display-recovery-codes.js

@@ -0,0 +1,23 @@
+function displayRecoveryCodes() {
+  const recoverCodes = document.getElementById("recovery-codes-raw");
+  // early return if recoverCodes not found
+  if (!recoverCodes) {
+    return;
+  }
+
+  var recoveryCodesContent = recoverCodes.innerHTML;
+  recoveryCodesContent = recoveryCodesContent.replace("[", "");
+  recoveryCodesContent = recoveryCodesContent.replace("]", "");
+  recoveryCodesContent = recoveryCodesContent.split(",");
+  for (let i = 0; i < recoveryCodesContent.length; i++) {
+    if (i % 2 == 0) {
+      document.getElementById("recovery-codes").innerHTML += "<div class=\"recovery-code-gray printable\">" + recoveryCodesContent[i] + "</div>";
+    }
+    else {
+      document.getElementById("recovery-codes").innerHTML += "<div class=\"recovery-code-white printable\">" + recoveryCodesContent[i] + "</div>";
+    }
+  }
+  recoverCodes.remove();
+}
+
+displayRecoveryCodes();

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/download-recovery-codes.js

@@ -0,0 +1,26 @@
+function downloadRecoveryCodes(contentContainerId) {
+  const textToDownload = document.getElementById(contentContainerId).innerText;
+  // It is necessary to create a new blob object with mime-type explicitly set
+  // otherwise only Chrome works like it should
+  const newBlob = new Blob([textToDownload], { type: "text/plain" });
+
+  // IE doesn't allow using a blob object directly as link href
+  // instead it is necessary to use msSaveOrOpenBlob
+  if (window.navigator && window.navigator.msSaveOrOpenBlob) {
+    window.navigator.msSaveOrOpenBlob(newBlob, "recovery-codes.txt");
+    return;
+  }
+
+  // For other browsers:
+  // Create a link pointing to the ObjectURL containing the blob.
+  const data = window.URL.createObjectURL(newBlob);
+  const link = document.createElement("a");
+  link.href = data;
+  link.download = "recovery-codes.txt";
+  link.click();
+  setTimeout(() => {
+    // For Firefox it is necessary to delay revoking the ObjectURL
+    window.URL.revokeObjectURL(data);
+  }, 400);
+  link.remove();
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/dropdown.js

@@ -1,36 +0,0 @@
-(function() {
-  var closeDropdownTimeout;
-
-  function closeDropdown(event) {
-    var dropdowns = document.querySelectorAll('.dropdown');
-    for (var i = 0; i < dropdowns.length; i++) {
-      var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu');
-      if (dropdownMenu.style.display !== 'none' && !dropdowns[i].contains(event.target)) {
-        dropdownMenu.style.display = 'none';
-      }
-    }
-
-    // remove event listener till we have a new dropdown menu open
-    if (document.querySelector('.dropdown-menu:not([style*="display: none"])') === null) {
-      document.removeEventListener('click', closeDropdown);
-    }
-  }
-
-  var dropdowns = document.querySelectorAll('.dropdown');
-  for (var i = 0; i < dropdowns.length; i++) {
-    var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu');
-    dropdownMenu.style.display = 'none'; // ensure menu is initially hidden
-
-    dropdowns[i].addEventListener('click', function(e) {
-      // show dropdown menu
-      var dropdownMenu = this.querySelector('.dropdown-menu');
-      dropdownMenu.style.display = 'block';
-
-      // handle clicking away
-      clearTimeout(closeDropdownTimeout);
-      closeDropdownTimeout = setTimeout(function() {
-        document.addEventListener('click', closeDropdown);
-      }, 10);
-    });
-  }
-}());

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/e2eenc.js

@@ -1,98 +0,0 @@
-var e2eenc = function() {
-
-	this.encryptForm = function(algoString, formId) {
-		// TODO: in case of an error we should return false, to prevent the for to be submitted
-		//       or replace the fields with dummy values, just to prevent the the transmission
-		//       of unencrypted values
-		
-
-		// create the array of input fields to encrypt (needs to be done before setting the form
-		// invisible
-		var fieldsToEncrypt = new Array();
-		$.each($("form input:visible"), function(index, _inputField) { fieldsToEncrypt.push($(_inputField));});
-
-		// hide the form, and display the splash screen
-		$('#loginform').css('display','none');
-		$('#e2eeSplashScreen').css('display','block');
-
-		// encryption logic
-		var pubKey = $("input[name='e2eenc.publicKey']").val();
-
-		var kemSessionKey = readPublicKeyAndGenerateSessionKey(pubKey)
-		var iv = forge.random.getBytesSync(16);
-		keyB64 = forge.util.encode64(kemSessionKey.key);
-		encapsulationB64 = forge.util.encode64(kemSessionKey.encapsulation);
-		ivB64 = forge.util.encode64(iv);
-
-		//console.log("Encrypting form " + formId + " (" + algoString + ")");
-		var fields = "";
-		$.each(fieldsToEncrypt, function(index, _inputField) {
-			var inputField = $(_inputField);
-			if (inputField.attr("type") == "text" || inputField.attr("type") == "password") {
-				//console.log("Encrypting field " + JSON.stringify(inputField));
-				var plainValue = inputField.val();
-
-				var encryptedValueB64 = encrypt(kemSessionKey, iv, plainValue);
-				//console.log("Setting encrypted value in b64: " + encryptedValueB64);
-				inputField.val(encryptedValueB64);
-				if (fields.length > 0) {
-					fields = fields + ","
-				}
-				fields = fields + inputField.attr("name");
-			}
-		});
-		$("input[name='e2eenc.iv']").val(ivB64);
-		$("input[name='e2eenc.encapsulation']").val(encapsulationB64);
-		$("input[name='e2eenc.fields']").val(fields);
-	}
-
-	function getRSApublicKey(pem) {
-	    //console.log("PEM: " + pem);
-
-	    var msg = forge.pem.decode(pem)[0];
-
-	    //console.log("msg type: " + msg.type);
-
-	    if(msg.procType && msg.procType.type === 'ENCRYPTED') {
-		throw new Error('Could not retrieve RSA public key from PEM; PEM is encrypted.');
-	    }
-
-	    // convert DER to ASN.1 object
-	    var asn1obj = forge.asn1.fromDer(msg.body);
-	    //console.log("ASN.1 obj: " + JSON.stringify(asn1obj))
-
-	    var pubKey = forge.pki.publicKeyFromAsn1(asn1obj)
-	    //console.log("PubKey: " + JSON.stringify(pubKey))
-	    return pubKey;
-	}
-
-	function generateKEMSessionKey(rsaPublicKey) {
-	    // generate key-derivation-function and initializes it with sha1
-	    var kdf1 = new forge.kem.kdf1(forge.md.sha1.create());
-	    // creates a KEM function based on the key-derivation-function created above
-	    var kem = forge.kem.rsa.create(kdf1);
-	    // generate and encapsulate a 16-byte secret key. 
-	    // The secret key is generated using the kdf defined above.
-	    var kemSessionKey = kem.encrypt(rsaPublicKey, 16);
-	    // kemSessionKey has 'encapsulation' (= pub key) and 'key' (= generated secret key)
-	    return kemSessionKey;
-	}
-
-	function readPublicKeyAndGenerateSessionKey(pem) {
-	    var rsaPublicKey = getRSApublicKey(pem);
-	    //console.log("PubKey: " + JSON.stringify(rsaPublicKey))
-	    var kemSessionKey = generateKEMSessionKey(rsaPublicKey);
-	    //console.log("KEM session key: " + JSON.stringify(kemSessionKey))
-	    return kemSessionKey;
-	}
-
-	function encrypt(kemSessionKey, iv, msg) {
-		var cipher = forge.cipher.createCipher('AES-CBC', kemSessionKey.key);
-		cipher.start({iv: iv});
-		cipher.update(forge.util.createBuffer(msg, 'utf-8'));
-		cipher.finish();
-		var encrypted = cipher.output.getBytes();
-		encryptedB64 = forge.util.encode64(encrypted);
-		return encryptedB64;
-	}
-};

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/exclamation.svg

@@ -0,0 +1,3 @@
+<svg width="10" height="9" viewBox="0 0 10 9" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M3.95423 0.859245C4.413 0.0436633 5.58725 0.0436629 6.04602 0.859245L9.3942 6.81157C9.84416 7.61149 9.2661 8.59988 8.34831 8.59988H1.65194C0.734151 8.59988 0.156094 7.61149 0.606052 6.81157L3.95423 0.859245ZM5.60007 6.79995C5.60007 7.13132 5.33144 7.39995 5.00007 7.39995C4.6687 7.39995 4.40007 7.13132 4.40007 6.79995C4.40007 6.46858 4.6687 6.19995 5.00007 6.19995C5.33144 6.19995 5.60007 6.46858 5.60007 6.79995ZM5.00007 1.99995C4.6687 1.99995 4.40007 2.26858 4.40007 2.59995V4.39995C4.40007 4.73132 4.6687 4.99995 5.00007 4.99995C5.33144 4.99995 5.60007 4.73132 5.60007 4.39995V2.59995C5.60007 2.26858 5.33144 1.99995 5.00007 1.99995Z" fill="#F25562"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/face.svg

@@ -0,0 +1,10 @@
+<svg width="80" height="80" viewBox="0 0 80 80" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M54 10H62C66.4183 10 70 13.5817 70 18V26" stroke="#168CA9" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M10 26L10 18C10 13.5817 13.5817 10 18 10L26 10" stroke="#168CA9" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M26 70L18 70C13.5817 70 10 66.4183 10 62L10 54" stroke="#168CA9" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M70 54L70 62C70 66.4183 66.4183 70 62 70L54 70" stroke="#168CA9" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<circle cx="40" cy="40" r="22" stroke="#168CA9" stroke-width="4"/>
+<path d="M48 48.5C43.5817 53.8333 36.4183 53.8333 32 48.5" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<rect x="49" y="35" width="1" height="4" rx="0.5" stroke="#168CA9" stroke-width="4"/>
+<rect x="30" y="35" width="1" height="4" rx="0.5" stroke="#168CA9" stroke-width="4"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/facebook.svg

@@ -0,0 +1,4 @@
+<svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M18 9.00002C18 4.02945 13.9706 2.09808e-05 9 2.09808e-05C4.02943 2.09808e-05 0 4.02945 0 9.00002C0 13.4922 3.29117 17.2155 7.59375 17.8907V11.6016H5.30859V9.00002H7.59375V7.01721C7.59375 4.76158 8.93739 3.51565 10.9932 3.51565C11.9779 3.51565 13.0078 3.69143 13.0078 3.69143V5.90627H11.8729C10.7549 5.90627 10.4062 6.60003 10.4062 7.31176V9.00002H12.9023L12.5033 11.6016H10.4062V17.8907C14.7088 17.2155 18 13.4922 18 9.00002Z" fill="#1877F2"/>
+<path d="M12.5033 11.6016L12.9024 9.00006H10.4063V7.3118C10.4063 6.60007 10.7549 5.90631 11.873 5.90631H13.0078V3.69147C13.0078 3.69147 11.9779 3.51569 10.9932 3.51569C8.9374 3.51569 7.59376 4.76162 7.59376 7.01725V9.00006H5.30859V11.6016H7.59376V17.8907C8.05197 17.9626 8.52161 18.0001 9.00001 18.0001C9.47842 18.0001 9.94806 17.9626 10.4063 17.8907V11.6016H12.5033Z" fill="white"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/fido2_auth.js

@@ -2,13 +2,13 @@
   'use strict'
 
   async function assertion(options) {
-    let credential;
+    let assertion;
     try {
-      credential = await navigator.credentials.get({ "publicKey": options });
+      assertion = await navigator.credentials.get({ "publicKey": options });
     } 
     // Cancel and timeout can occur besides error
     catch (error) {
-      console.error(`Failed to get WebAuthn credential: ${error}`);
+      console.error(`Error while trying to collect WebAuthn credential. ${error}`);
       throw error;
     }
     // as this is the last call we have to do a top-level request instead of AJAX
@@ -16,11 +16,11 @@
     form.method = "POST";
     form.style.display = "none";
     addInput(form, "path", "/nevisfido/fido2/assertion/result")
-    addInput(form, "id", credential.id);
+    addInput(form, "id", assertion.id);
-    addInput(form, "type", credential.type);
+    addInput(form, "type", assertion.type);
-    addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON));
+    addInput(form, "response.clientDataJSON", base64url.encode(assertion.response.clientDataJSON));
-    addInput(form, "response.authenticatorData", base64url.encode(credential.response.authenticatorData));
+    addInput(form, "response.authenticatorData", base64url.encode(assertion.response.authenticatorData));
-    addInput(form, "response.signature", base64url.encode(credential.response.signature));
+    addInput(form, "response.signature", base64url.encode(assertion.response.signature));
     document.body.appendChild(form);
     form.submit();
   }
@@ -28,6 +28,7 @@
   function authenticate() {
     // WebAuthn feature detection
     if(!isWebAuthnSupportedByTheBrowser()) {
+      // Trigger `Login Passwordless Fallback` pattern
       cancelFido2();
       return;
     };
@@ -50,9 +51,11 @@
         c.id = base64url.decode(c.id);
         return c;
       });
+        
       return assertion(options);
     }).catch((error) => {
-      console.error(`Error during FIDO2 authentication: ${error}`);
+      console.error(`Error at fido2 authentication: ${error}`);
+      // Trigger `Login Passwordless Fallback` pattern
       cancelFido2();
     });
   }

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/fido2_check.js

@@ -0,0 +1,25 @@
+function submit(result) {
+    // we have to do a top-level request instead of AJAX
+    const form = document.createElement("form");
+    form.method = "POST";
+    form.style.display = "none";
+
+    addInput(form, "result", result)
+
+    document.body.appendChild(form);
+
+    form.submit();
+}
+
+function check() {
+  if (isWebAuthnSupportedByTheBrowser()) {
+    submit("ok");
+  }
+  else {
+    submit("error");
+  }
+}
+
+window.onload = () => {
+  check();
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/fido2_onboard.js

@@ -31,7 +31,7 @@ async function attestation(options) {
   form.submit();
 }
 
-function start() {
+function startFido2() {
 
   if (!isWebAuthnSupportedByTheBrowser()) {
     dispatch("unsupported");

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/fido2_utils.js

@@ -1,10 +1,3 @@
-function addInput(form, name, value) {
-    const input = document.createElement("input");
-    input.name = name;
-    input.value = value;
-    form.appendChild(input);
-}
-
 /**
  * Checks whether WebAuthn is supported by the browser or not.
  * @return true if supported, false if it is not supported or not in secure context
@@ -23,7 +16,7 @@ function isWebAuthnSupportedByTheBrowser() {
 }
 
 /**
- * Trigger on cancel pattern of the FIDO2 authentication step.
+ * Trigger on cancel pattern at the FIDO2 authentication flow.
  * 
  * Provides an alternative when the user decides to 
  * cancel the fido2 credential operation(create or fetch) or
@@ -34,7 +27,10 @@ function cancelFido2() {
   const form = document.createElement("form");
   form.method = "POST";
   form.style.display = "none";
+
   addInput(form, "cancel_fido2", "true");
+
   document.body.appendChild(form);
+
   form.submit();
 }

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/finger.svg

@@ -0,0 +1,9 @@
+<svg width="80" height="80" viewBox="0 0 80 80" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M56.2789 49.5761C56.2789 40.4331 48.8671 33.0213 39.7242 33.0213C30.5813 33.0213 23.1694 40.4331 23.1694 49.5761C23.1694 62.2356 32.2583 70.0261 32.2583 70.0261" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<path d="M47.8393 49.5763C47.8393 45.0945 44.206 41.4612 39.7242 41.4612C35.2424 41.4612 31.6091 45.0945 31.6091 49.5763C31.6091 62.5604 41.6718 68.7279 48.8131 71.0001" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<path d="M64.7191 49.5748C64.7191 35.7707 53.5287 24.5803 39.7247 24.5803C25.9206 24.5803 14.7302 35.7707 14.7302 49.5748C14.7302 55.093 17.0024 60.6113 17.0024 60.6113" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<path d="M66.4485 31.0739C60.6836 22.4617 50.8661 16.7914 39.7242 16.7914C28.5824 16.7914 18.7649 22.4617 13 31.0739" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<path d="M58.1132 13.5444C52.623 10.6428 46.3652 9 39.724 9C33.0827 9 26.825 10.6428 21.3347 13.5444" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<path d="M64.7185 49.2502C64.7185 53.5527 60.9399 57.0407 56.2788 57.0407C51.6177 57.0407 47.8391 53.5527 47.8391 49.2502" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<path d="M58.8764 63.8706C57.8276 64.075 56.7421 64.1823 55.6304 64.1823C47.1222 64.1823 40.1431 57.8973 39.4558 49.8997" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/icons/apple/black.svg

@@ -1 +0,0 @@
-<svg width="842" height="1e3" xmlns="http://www.w3.org/2000/svg"><path d="M702 960c-54.2 52.6-114 44.4-171 19.6-60.6-25.3-116-26.9-180 0-79.7 34.4-122 24.4-170-19.6-271-279-231-704 77-720 74.7 4 127 41.3 171 44.4 65.4-13.3 128-51.4 198-46.4 84.1 6.8 147 40 189 99.7-173 104-132 332 26.9 396-31.8 83.5-72.6 166-141 227zM423 237C414.9 113 515.4 11 631 1c15.9 143-130 250-208 236z"/></svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/icons/microsoft/microsoft.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" aria-label="Microsoft" role="img" viewBox="0 0 512 512"><rect width="512" height="512" rx="15%" fill="#fff"/><path d="M75 75v171h171v-171z" fill="#f25022"/><path d="M266 75v171h171v-171z" fill="#7fba00"/><path d="M75 266v171h171v-171z" fill="#00a4ef"/><path d="M266 266v171h171v-171z" fill="#ffb900"/></svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/info.svg

@@ -0,0 +1,3 @@
+<svg width="64" height="64" viewBox="0 0 64 64" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M32 18.6667V32M32 45.3333H32.0333M62 32C62 48.5685 48.5685 62 32 62C15.4315 62 2 48.5685 2 32C2 15.4315 15.4315 2 32 2C48.5685 2 62 15.4315 62 32Z" stroke="#EFBA00" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/link.svg

@@ -0,0 +1,3 @@
+<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+    <path d="M6.3335 2.99992H3.00016C2.07969 2.99992 1.3335 3.74611 1.3335 4.66659V12.9999C1.3335 13.9204 2.07969 14.6666 3.00016 14.6666H11.3335C12.254 14.6666 13.0002 13.9204 13.0002 12.9999V9.66659M9.66683 1.33325H14.6668M14.6668 1.33325V6.33325M14.6668 1.33325L6.3335 9.66659" stroke="#168CA9" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/main.css

@@ -0,0 +1,429 @@
+html,
+body {
+  height: 100%;
+}
+
+body {
+  font-family: var(--nevis-font-sans-serif);
+  font-size: 0.875rem;
+  color: var(--nevis-gray-900);
+  display: flex;
+  align-items: center;
+  padding-top: 2.5rem;
+  padding-bottom: 2.5rem;
+  background-color: #d1d5d6;
+}
+
+a {
+  text-decoration: none;
+  color: var(--nevis-primary);
+}
+
+/* add icon for links to external sites */
+a[rel~="external"]::after {
+  content: url("link.svg");
+  padding-left: 7px;
+  vertical-align: -2px;
+}
+
+/* Chrome, Safari, Edge, Opera */
+input::-webkit-outer-spin-button,
+input::-webkit-inner-spin-button {
+  -webkit-appearance: none;
+  margin: 0;
+}
+
+/* Firefox */
+input[type="number"] {
+  -moz-appearance: textfield;
+}
+
+button:disabled {
+  cursor: not-allowed;
+  pointer-events: all !important;
+}
+
+label {
+  font-size: 0.75rem;
+}
+
+span.text-secondary>div {
+  display: inline-block;
+}
+
+/* Screen specific CSS */
+.login-container {
+  width: 100%;
+  max-width: 22.5rem;
+  margin: auto;
+  background-color: var(--nevis-gray-100);
+  box-shadow: 0rem 0.625rem 2.5rem rgba(31, 47, 51, 0.2);
+  border-radius: 1.25rem;
+}
+
+.login-container-header {
+  padding: 1.25rem;
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+}
+
+.login-container-minimal-header {
+  padding: 1.25rem;
+}
+
+.login-container-body {
+  background: #ffffff;
+  box-shadow: 0rem 0.625rem 2.5rem rgba(31, 47, 51, 0.2);
+  border-radius: 1.25rem;
+  min-height: 31.25rem;
+}
+
+.login-container-body-content {
+  padding: 2.5rem;
+}
+
+.login-container-body-content>.input-error~.input-error {
+  margin-top: 0;
+}
+
+.brand-name {
+  font-size: 1rem;
+  word-wrap: break-word;
+}
+
+.sub-title {
+  font-style: normal;
+  font-weight: 400;
+  font-size: 1rem;
+  line-height: 1.375rem;
+  text-align: center;
+}
+
+.sub-icon {
+  font-style: normal;
+  font-weight: 400;
+  font-size: 1rem;
+  margin-top: 1rem;
+  text-align: center;
+}
+
+.horizontal-line {
+  display: flex;
+  flex-direction: row;
+}
+
+.horizontal-line:before,
+.horizontal-line:after {
+  content: "";
+  flex: 1 1;
+  border-bottom: 0.0625rem solid var(--nevis-gray-200);
+  margin: auto;
+}
+
+.horizontal-line:before {
+  margin-right: 0.625rem;
+  margin-left: -2.5rem;
+}
+
+.horizontal-line:after {
+  margin-left: 0.625rem;
+  margin-right: -2.5rem;
+}
+
+.register-spacing {
+  margin-top: 2rem;
+  margin-bottom: 2.75rem;
+}
+
+.social-login-buttons {
+  display: flex;
+  flex-direction: column;
+  gap: 0.75rem;
+}
+
+.social-login-button {
+  background: none;
+  flex-grow: 1;
+  display: flex;
+  flex-direction: row;
+  justify-content: center;
+  align-items: center;
+  padding: 0.375rem 1.125rem;
+  width: 100%;
+  height: 2.5rem;
+  border: 0.0625rem solid var(--nevis-gray-200);
+  box-sizing: border-box;
+  border-radius: 0.625rem;
+  gap: 0.625rem;
+}
+
+.icon-inside {
+  position: relative;
+}
+
+.icon-inside input {
+  padding-right: calc(0.75rem + 1.25rem + 0.75rem);
+}
+
+.icon-inside button {
+  position: absolute;
+  right: 0;
+  top: 0;
+  margin-top: 0.3125rem;
+  margin-right: 0.75rem;
+}
+
+.icon-button {
+  display: inline-flex;
+  justify-content: center;
+  align-items: center;
+  flex-shrink: 0;
+  width: 1.875rem;
+  height: 1.875rem;
+  padding: 0;
+  margin: 0;
+  min-width: 0;
+  border-radius: 50%;
+  box-sizing: border-box;
+  box-shadow: none;
+  font-size: inherit;
+  font-weight: 500;
+  cursor: pointer;
+  outline: none;
+  border: none;
+  vertical-align: baseline;
+  text-align: center;
+  background-color: initial;
+}
+
+.icon-button:hover {
+  background: var(--nevis-gray-200);
+}
+
+.icon-button:active {
+  background: var(--nevis-gray-300);
+}
+
+.icon-button.nevis-blue-icon:hover {
+  background: var(--nevis-blue-icon-hover-bg-color);
+}
+
+.icon-button.nevis-blue-icon:active {
+  background: var(--nevis-blue-icon-active-bg-color);
+}
+
+.h-icon-button {
+  min-height: 1.875rem;
+}
+
+.max-w-full {
+  max-width: 100%;
+}
+
+.verification-code-wrapper {
+  display: flex;
+  flex-direction: row;
+  align-items: center;
+  justify-content: center;
+}
+
+.verification-code-label {
+  font-size: 1.125rem;
+  line-height: 1.5rem;
+  margin-right: 0.25rem;
+}
+
+.verification-code-input {
+  text-align: center;
+  max-width: 8.75rem;
+  letter-spacing: 0.5rem;
+  text-indent: 0.25rem;
+}
+
+.hidden-verification-code-submit-button {
+  overflow: visible !important;
+  height: 0 !important;
+  width: 0 !important;
+  margin: 0 !important;
+  border: 0 !important;
+  padding: 0 !important;
+  display: block !important;
+}
+
+.totp-code-wrapper {
+  display: flex;
+  flex-direction: row;
+  align-items: center;
+  justify-content: center;
+  margin: 2.5rem 0;
+}
+
+.totp-code-input {
+  text-align: left;
+  max-width: 8.75rem;
+  letter-spacing: 0.5rem;
+  text-indent: 0.25rem;
+}
+
+.hidden {
+  display: none !important;
+}
+
+.success-icon {
+  text-align: center !important;
+  margin-top: 5.625rem;
+  margin-bottom: 11.75rem;
+}
+
+.btn-selection-item {
+  display: flex;
+  flex-direction: row;
+  align-items: center;
+  justify-content: space-between;
+  padding: 0.5rem 0rem;
+  gap: 0.5rem;
+
+  border: 0.0625rem solid var(--nevis-gray-200);
+  border-left-width: 0;
+  border-right-width: 0;
+}
+
+.btn-selection-item+.btn-selection-item {
+  border-top-width: 0;
+}
+
+.btn-selection-item:first-of-type {
+  margin-top: 1.5rem;
+}
+
+.btn-selection-item:last-of-type {
+  margin-bottom: 1.5rem;
+}
+
+.btn-selection-item .selection-label {
+  color: var(--nevis-dark) !important;
+  font-weight: 500;
+  font-size: 0.875rem;
+  line-height: 1.25rem;
+}
+
+.btn-selection-item .selection-description {
+  color: var(--nevis-gray-500) !important;
+  font-weight: 400;
+  font-size: 0.75rem;
+  line-height: 1.125rem;
+}
+
+/* Passwordless */
+
+/* Access App*/
+.access-app-download-link-mobile-spacing {
+  margin-top: 5rem;
+  margin-bottom: 5rem;
+}
+
+/* add rounded border corners around QR code */
+#authcloud_dispatch,
+#authcloud_dispatch>#qr-code-wrapper {
+  position: relative;
+  display: block;
+}
+
+#authcloud_dispatch:not(.mobile-platform):before,
+#authcloud_dispatch:not(.mobile-platform):after,
+#authcloud_dispatch>#qr-code-wrapper:before,
+#authcloud_dispatch>#qr-code-wrapper:after {
+  position: absolute;
+  width: 1.875rem;
+  height: 1.875rem;
+  border-color: var(--nevis-primary);
+  border-style: solid;
+  z-index: 1;
+  content: " ";
+}
+
+#authcloud_dispatch:before {
+  top: 0.5rem;
+  left: 0.5rem;
+  border-width: 0.1875rem 0 0 0.1875rem;
+  border-top-left-radius: 1rem;
+}
+
+#authcloud_dispatch:after {
+  top: 0.5rem;
+  right: 0.5rem;
+  border-width: 0.1875rem 0.1875rem 0 0;
+  border-top-right-radius: 1rem;
+}
+
+#authcloud_dispatch>#qr-code-wrapper:before {
+  bottom: 0.5rem;
+  right: 0.5rem;
+  border-width: 0 0.1875rem 0.1875rem 0;
+  border-bottom-right-radius: 1rem;
+}
+
+#authcloud_dispatch>#qr-code-wrapper:after {
+  bottom: 0.5rem;
+  left: 0.5rem;
+  border-width: 0 0 0.1875rem 0.1875rem;
+  border-bottom-left-radius: 1rem;
+}
+
+.recovery-code-input {
+  text-align: left;
+  letter-spacing: 0.1875rem;
+  font-family: monospace;
+}
+
+.recovery-codes-wrapper {
+  height: 9rem;
+  text-align: center;
+  overflow-y: auto;
+  margin-bottom: 1rem;
+  /* Firefox */
+  scrollbar-color: var(--nevis-gray-300) #ffffff;
+  scrollbar-width: thin;
+  border: 1px solid lightgray;
+  border-radius: 0.5rem;
+}
+
+.recovery-codes-wrapper::-webkit-scrollbar {
+  width: 0.25rem;
+}
+
+.recovery-codes-wrapper::-webkit-scrollbar-track {
+  background: #ffffff;
+}
+
+.recovery-codes-wrapper::-webkit-scrollbar-thumb {
+  background: var(--nevis-gray-300);
+  border-radius: 0.125rem;
+}
+
+.recovery-codes-wrapper::-webkit-scrollbar-thumb:hover {
+  background: var(--nevis-gray-400);
+}
+
+.recovery-code-gray {
+  background: var(--nevis-gray-100);
+  font-size: 0.875rem;
+  line-height: 1.25rem;
+  font-family: monospace;
+  letter-spacing: 0.1875rem;
+}
+
+.recovery-code-white {
+  background: #ffffff;
+  font-size: 0.875rem;
+  line-height: 1.25rem;
+  font-family: monospace;
+  letter-spacing: 0.1875rem;
+}
+
+button.btn-recovery-code {
+  line-height: 0.75rem;
+  margin-top: 0.7rem;
+  width: 100%;
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/mauth_usernameless.js

@@ -110,13 +110,15 @@
                 if (status == 'clientAuthenticating') {
                     // show process icon
                     document.getElementById("mauth_loading").style.display = 'block';
+                    // hide QR code and info message
                     document.getElementById("mauth_qrcode").style.display = 'none';
+                    document.getElementById("mauth_qrcode_info").style.display = 'none';
                 }
                 if (status == 'succeeded') {
                     clearInterval(statusPolling);
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
-                    addInput(form, "continue", "true"); // required for custom dispatching in usernameless
+                    addInput(form, "fidoUafDone", "true"); // required for custom dispatching in usernameless
                     document.body.appendChild(form);
                     form.submit();
                 } else if (status == 'failed' || status == 'unknown') {

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/microsoft.svg

@@ -0,0 +1,7 @@
+<svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+    <path fill="#f3f3f3" d="M0 0h18v18H0z"/>
+    <path fill="#f35325" d="M1 1h8v8H1z"/>
+    <path fill="#81bc06" d="M10 1h8v8H10z"/>
+    <path fill="#05a6f0" d="M1 10h8v8H1z"/>
+    <path fill="#ffba08" d="M10 10h8v8H10z"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/oauth_consent.js

@@ -1,43 +1,50 @@
-// display oauth scopes listed in input field 'consentInformation'
+document.addEventListener("DOMContentLoaded", function () {
-// change 'consentInformation' and 'scope_name' to the values used in your configuration.
+    const consentInformationFieldName = "consentInformation"; // Input field name
-$(function() {
+    const scopeDescriptionSource = "scope_name"; // JSON key for scope description
-
-    var consentInformationFieldName = "consentInformation"; // name of the input field from which to parse the value as the consent information JSON
-    var scopeDescriptionSource = "scope_name";              // key of the field in the consent information JSON of which to get the value as the scope description
 
     function displayOAuthScopesConsent() {
-        var jsonData = parseJson();
+        const jsonData = parseJson();
         if (jsonData !== undefined) {
-            mapJsonToHtml(jsonData)
+            mapJsonToHtml(jsonData);
         }
     }
 
     function mapJsonToHtml(jsonData) {
         mapJsonToHtmlScopeList("listOfRequestedScopesWithExistingConsent", jsonData.requestedScopesWithExistingConsent, "Already accepted scopes:");
-        mapJsonToHtmlScopeList("listOfRequestedScopes", jsonData.requestedScopesRequiringConsent, "Requested scopes that require a consent:");
+        mapJsonToHtmlScopeList("listOfRequestedScopes", jsonData.requestedScopesRequiringConsent, "Requested scopes that require consent:");
     }
 
     function mapJsonToHtmlScopeList(elementId, scopeInformation, title) {
-        if (scopeInformation !== undefined && Object.keys(scopeInformation).length > 0) {
+        if (scopeInformation && Object.keys(scopeInformation).length > 0) {
-            $("input[name=" + consentInformationFieldName +"]").after("<p style='margin-top: 0.5em'>" + title + "</p><div class='scopeinfobox'><ul id='" + elementId + "' /> </div>");
+            const consentInput = document.querySelector(`input[name="${consentInformationFieldName}"]`);
-            jQuery.each(scopeInformation, function(key,value) {
+            if (consentInput) {
-                var scopeDescription = value[scopeDescriptionSource];
+                const container = document.createElement("div");
-                if (scopeDescription) {
+                container.innerHTML = `<p style='margin-top: 0.5em'>${title}</p><div class='scopeinfobox'><ul id='${elementId}'></ul></div>`;
-                    $("#" + elementId).append('<li>' + scopeDescription + '</li>');
+                consentInput.insertAdjacentElement("afterend", container);
-                } else {
+
-                    $("#" + elementId).append('<li>' + key + '</li>');
+                const ulElement = document.getElementById(elementId);
+                for (const key in scopeInformation) {
+                    if (scopeInformation.hasOwnProperty(key)) {
+                        const scopeDescription = scopeInformation[key][scopeDescriptionSource] || key;
+                        const li = document.createElement("li");
+                        li.textContent = scopeDescription;
+                        ulElement.appendChild(li);
+                    }
+                }
             }
-            });
         }
     }
 
     function parseJson() {
-        var consentInformationField = $("input[name=" +consentInformationFieldName +"]");
+        const consentInformationField = document.querySelector(`input[name="${consentInformationFieldName}"]`);
-        if (consentInformationField.length > 0) {
+        if (consentInformationField) {
-            return JSON.parse(consentInformationField.val());
+            try {
+                return JSON.parse(consentInformationField.value);
+            } catch (e) {
+                console.error("Invalid JSON in consent information field:", e);
+            }
         }
     }
 
     displayOAuthScopesConsent();
 });
-

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/passkey_autofill.js

@@ -0,0 +1,44 @@
+(function() {
+  'use strict'
+
+  async function submit(assertion) {
+    // as this is the last call we have to do a top-level request instead of AJAX
+    const form = document.createElement("form");
+    form.method = "POST";
+    form.style.display = "none";
+    addInput(form, "path", "/nevisfido/fido2/assertion/result")
+    addInput(form, "id", assertion.id);
+    addInput(form, "type", assertion.type);
+    console.log("assertion response:", assertion.response);
+    addInput(form, "response.clientDataJSON", assertion.response.clientDataJSON);
+    addInput(form, "response.authenticatorData", assertion.response.authenticatorData);
+    addInput(form, "response.signature", assertion.response.signature);
+    addInput(form, "response.userHandle", assertion.response.userHandle);
+    document.body.appendChild(form);
+    form.submit();
+  }
+
+  function authenticate() {
+    const hiddenField = document.querySelector("input[name='fido2_attestation_options']");
+    if (hiddenField && hiddenField.value) {
+        try {
+            const options = JSON.parse(hiddenField.value);
+            console.log("parsed attestation options:", JSON.stringify(options));
+
+            SimpleWebAuthnBrowser.startAuthentication({ optionsJSON: options, useBrowserAutofill: true })
+                .then(assertionResponse => {
+                    console.log("Authentication successful:", JSON.stringify(assertionResponse));
+                    submit(assertionResponse);
+                })
+                .catch(error => {
+                    console.log(`Passkey autofill skipped: ${error}`);
+                });
+        } catch (error) {
+            console.error("Error parsing fido2_attestation_options:", error);
+        }
+    } else {
+        console.log("Passkey autofill is disabled.");
+    }
+  }
+  authenticate();
+})();

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/print.css

@@ -0,0 +1,67 @@
+@media print {
+   /* general printing rules */
+
+    body {
+      margin: 0;
+      color: #000000 !important;
+      background-color: #ffffff !important;
+
+      font-size: 12pt;
+      font-family: georgia, times, serif;
+
+      box-shadow: none !important;
+    }
+
+    header, footer, aside, nav, button, h1, h2, h3, h4, h5, h6 {
+      display: none;
+    }
+
+    main {
+      max-width: 100%;
+      box-shadow: none !important;
+    }
+
+    .printable {
+      display: block;
+    }
+
+    div:not(.printable) {
+      display: none;
+    }
+
+    .btn { 
+      display: none;
+    }
+
+    /* screen specific rules */
+
+    .login-container-body {
+      color: #000000 !important;
+      background-color: #ffffff !important;
+      box-shadow: none !important;
+      border-radius: unset;
+    }
+
+    .recovery-codes-wrapper {
+      overflow: unset !important;
+      height: unset !important;
+    }
+
+    #recovery-codes::before {
+      content: "Recovery Codes";
+      font-size: 16pt;
+    }
+
+    .recovery-code-white,
+    .recovery-code-gray {
+      color: #000000 !important;
+      background-color: #ffffff !important;
+
+      font-size: 14pt;
+      margin-top: 5pt;
+    }
+
+    .recovery-code-gray:first-child {
+      margin-top: 15pt;
+    }
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/saml_idp_logout.js

@@ -0,0 +1,63 @@
+function handleLogout(sp_urls, final_url) {
+
+    const request_urls = sp_urls.filter(function(current_url) {
+        return current_url.indexOf('SAMLRequest') > 0;
+    });
+
+    const response_urls = sp_urls.filter(function(current_url) {
+        return current_url.indexOf('SAMLResponse') > 0;
+    });
+
+    function kill_session() {
+        const current_url = window.location.href;
+        if (current_url.indexOf('?logout') == -1 && current_url.indexOf('&logout') == -1) {
+            console.log("current URL does not terminate the IDP session");
+            let logout_url = '';
+            if (current_url.indexOf('?') > 0) {
+                logout_url = current_url + "&logout";
+            } else {
+            }
+            fetch(logout_url, {
+                method: 'GET',
+                credentials: 'include'
+            }).then(response => {
+                if (!response.ok) {
+                    console.error('Logout request failed');
+                }
+            }).catch(error => {
+                console.error('Logout request error', error);
+            });
+        }
+    }
+
+    const requests = request_urls.map(current_url => {
+        return fetch(current_url, {
+            method: 'GET',
+            credentials: 'include',
+            mode: 'cors'
+        }).then(response => {
+            if (!response.ok) {
+                console.error('Request failed', current_url);
+            }
+        }).catch(error => {
+            console.error('Request error', current_url, error);
+        });
+    });
+
+    // send out the requests in parallel
+    // in any case we then terminate the IDP session and redirect to the correct destination
+    // we have to complete the logout no matter if the requests were successful or if there were failed requests
+    Promise.allSettled(requests).then(() => {
+        kill_session(); // required to terminate IDP session
+    }).finally(() => {
+        if (response_urls.length == 0) {
+            // redirect to root location on the IDP
+            console.log('Finish IDP-initiated SAML logout - redirecting to: ' + final_url);
+            window.location.href = final_url;
+        } else {
+            // only 1 such URL allowed. process ends on SP side
+            console.log('Finish SP-initiated SAML logout - redirecting to: ' + response_urls[0]);
+            window.location.href = response_urls[0];
+        }
+    })
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/show-password.js

@@ -1,11 +0,0 @@
-function toggleInputType(passwordInputId, eyeIconId, resourcePath) {
-    const passwordInput = document.getElementById(passwordInputId);
-    const eyeIcon = document.getElementById(eyeIconId);
-    if (passwordInput.type === 'text') {
-        passwordInput.type = 'password';
-        eyeIcon.src = resourcePath + '/resources/eye.svg';
-        return;
-    }
-    passwordInput.type = 'text';
-    eyeIcon.src = resourcePath + '/resources/eye-off.svg';
-}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/success-solid.svg

@@ -0,0 +1,3 @@
+<svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path fill-rule="evenodd" clip-rule="evenodd" d="M9.00005 16.2C12.9765 16.2 16.2 12.9764 16.2 8.99999C16.2 5.02354 12.9765 1.79999 9.00005 1.79999C5.0236 1.79999 1.80005 5.02354 1.80005 8.99999C1.80005 12.9764 5.0236 16.2 9.00005 16.2ZM12.3364 7.83638C12.6879 7.48491 12.6879 6.91506 12.3364 6.56359C11.985 6.21212 11.4151 6.21212 11.0636 6.56359L8.10005 9.5272L6.93644 8.36359C6.58497 8.01212 6.01512 8.01212 5.66365 8.36359C5.31218 8.71506 5.31218 9.28491 5.66365 9.63638L7.46365 11.4364C7.81512 11.7879 8.38497 11.7879 8.73644 11.4364L12.3364 7.83638Z" fill="#52CC65"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/success.svg

@@ -0,0 +1,3 @@
+<svg width="64" height="64" viewBox="0 0 64 64" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M22 32L28.6667 38.6667L42 25.3333M62 32C62 48.5685 48.5685 62 32 62C15.4315 62 2 48.5685 2 32C2 15.4315 15.4315 2 32 2C48.5685 2 62 15.4315 62 32Z" stroke="#52CC65" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/utils.js

@@ -0,0 +1,41 @@
+function addInput(form, name, value, type = "text") {
+  if (!form) throw new Error("Form element is required");
+  const input = document.createElement("input");
+  input.name = name;
+  input.type = type;
+  input.value = value;
+  form.appendChild(input);
+}
+
+function getSubmitButton() {
+  const submitButtons = [...document.querySelectorAll('button[name^="submit"]')];
+  if (submitButtons.length === 0) {
+    return null;
+  }
+  if (submitButtons.length > 1) {
+    throw new Error('There should be exactly 1 button on the screen with a name starting with "submit". Check the AuthState configuration.');
+  }
+  return submitButtons[0] || null;
+}
+
+function toggleEye(passwordInputId, eyeIconId, resourcePath) {
+  const passwordInput = document.getElementById(passwordInputId);
+  const eyeIcon = document.getElementById(eyeIconId);
+  if (!passwordInput || !eyeIcon) return;
+  const isPassword = passwordInput.type === 'password';
+  passwordInput.type = isPassword ? 'text' : 'password';
+  // Ensure correct path format
+  const normalizedPath = resourcePath.endsWith('/') ? resourcePath.slice(0, -1) : resourcePath;
+  eyeIcon.src = `${normalizedPath}/resources/eye${isPassword ? '-off' : ''}.svg`;
+}
+
+function formatNumberInput(numberInputId) {
+  const numberInput = document.getElementById(numberInputId);
+  if (!numberInput) return;
+  let value = numberInput.value || ''; // Handle potential null/undefined
+  value = value.replace(/[-e]/gi, '');
+  if (numberInput.maxLength > 0 && value.length > numberInput.maxLength) {
+    value = value.slice(0, numberInput.maxLength);
+  }
+  numberInput.value = value;
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/variables.css

@@ -0,0 +1,52 @@
+:root {
+    /* Default Colors */
+    --nevis-blue: #0d6efd;
+    --nevis-indigo: #6610f2;
+    --nevis-purple: #6f42c1;
+    --nevis-pink: #d63384;
+    --nevis-red: #F25562;
+    --nevis-orange: #fd7e14;
+    --nevis-yellow: #EFBA00;
+    --nevis-green: #151615;
+    --nevis-teal: #20c997;
+    --nevis-cyan: #0dcaf0;
+    --nevis-blue-100: #E1F5FB;
+    --nevis-blue-300: #A6DFED;
+    --nevis-blue-400: #75C3D7;
+    --nevis-blue-600: #168CA9;
+    --nevis-white: #ffffff;
+    --nevis-black: #000000;
+    --nevis-gray-100: #EDF1F2;
+    --nevis-gray-200: #DADFE0;
+    --nevis-gray-300: #C2CACC;
+    --nevis-gray-400: #A4AFB2;
+    --nevis-gray-500: #8A9699;
+    --nevis-gray-900: #1F2F33;
+
+    /* Theme */
+    --nevis-primary: var(--primary-color);
+    --nevis-secondary: var(--nevis-gray-400);
+    --nevis-success: var(--nevis-green);
+    --nevis-info: var(--nevis-cyan);
+    --nevis-warning: var(--nevis-yellow);
+    --nevis-danger: var(--nevis-red);
+    --nevis-light: var(--nevis-gray-100);
+    --nevis-dark: var(--nevis-gray-900);
+
+    /* Font */
+    --nevis-font-sans-serif: var(--font-family), system-ui, -apple-system, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", "Liberation Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";
+
+    /* Common */
+    --nevis-border-radius: var(--border-radius);
+    --nevis-form-control-border-color: var(--nevis-gray-300);
+
+    --nevis-blue-icon-color: var(--nevis-blue-600);
+    --nevis-blue-icon-hover-bg-color: var(--nevis-blue-300);
+    --nevis-blue-icon-active-bg-color: var(--nevis-blue-400);
+
+    /* Components */
+    /* Readonly field*/
+    --nevis-readonly-bg-color: var(--nevis-blue-100);
+    --nevis-readonly-border-color: var(--nevis-blue-300);
+    --nevis-readonly-box-shadow-color: var(--nevis-blue-600);
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/window-onload.js

@@ -0,0 +1,101 @@
+// this js should run last
+
+// DOM is ready (stylesheets, images, and subframes may not have been loaded yet)
+window.addEventListener('DOMContentLoaded', () => {
+    'use strict'
+    handleLogoutButton();
+    onSubmitWithEnter();
+    onFormSubmit();
+});
+
+function handleLogoutButton() {
+    const logoutButton = document.getElementById("logout-btn");
+    if (logoutButton) {
+        logoutButton.addEventListener("click", function (event) {
+            event.preventDefault();
+            event.stopPropagation();
+
+            const url = new URL(window.location.href);
+
+            // Parse raw query string, split into key=value or key-only
+            const rawParams = window.location.search.substring(1).split("&").filter(Boolean);
+
+            // Keep only params that are not 'login' or 'logout'
+            const remainingParams = rawParams.filter(p => {
+                const key = p.split("=")[0];
+                return key !== "login" && key !== "logout";
+            });
+
+            // Add 'logout' first
+            const finalParams = ["logout", ...remainingParams];
+
+            const newQuery = finalParams.length ? `?${finalParams.join("&")}` : "";
+
+            // Redirect
+            window.location.href = url.origin + url.pathname + newQuery;
+        });
+    }
+}
+
+/**
+ * Trigger to submit the button with name 'submit' and prevent other buttons to submission on 'Enter' keypress
+ */
+function onSubmitWithEnter() {
+    'use strict'
+
+    document.addEventListener('keypress', function (event) {
+        if (event.key === 'Enter') {
+            if (['TEXTAREA', 'INPUT'].includes(event.target.tagName) && event.target.type !== 'submit') {
+                return; // allow pressing Enter inside text fields
+            }
+
+            event.preventDefault();
+            event.stopPropagation();
+
+            const submitButton = getSubmitButton();
+            if (submitButton !== null) {
+                submitButton.click();
+            }
+        }
+    });
+}
+
+/*
+ * Setup form submit event handler for form with a required input.
+ * Manages the submission in case triggered by:
+ *   - non-genuine submit button: clear invalid required inputs and proceed the submission
+ *   - real submit button: if there is an invalid field prevent submission and trigger validation class addition
+ */
+function onFormSubmit() {
+    'use strict';
+
+    const form = document.querySelector('form');
+    if (!form) return;
+
+    form.addEventListener('submit', function onSubmit(event) {
+        const submitter = event.submitter || event.target;
+
+        // Check form validity once at the beginning
+        const isValid = form.checkValidity();
+
+        if (!submitter || !submitter.name.startsWith('submit')) {
+            // Clear invalid required inputs before submit
+            if (!isValid) {
+                document.querySelectorAll('input[required]:invalid').forEach(input => {
+                    if (input.value.length) {
+                        input.value = '';
+                    }
+                });
+            }
+            return event;
+        }
+
+        if (!isValid) {
+            console.log('Form is invalid');
+            event.preventDefault();
+            event.stopPropagation();
+        }
+
+        form.classList.add('was-validated'); // Add validation styling
+    }, false);
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/default.vm

@@ -1,3 +1,5 @@
+## modern login template
+
 #set($jsValidation = 1) ## enable JS validation, client-side
 
 #set($useFormEncryption = $gui.encryption && ($gui.encryption.length() > 0))

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/form.vm

@@ -4,62 +4,56 @@
 #end
 
 #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
+<form id="$gui.name" name="$gui.name" method="POST" action="$formTarget" novalidate>
 
-#if ($useFormEncryption)
+  ## "Hidden" button which is triggered when clicking on a received SMS notification on a mobile phone to paste it automatically. Otherwise, the first submit button found (back arrow) is clicked.
-    <div id="e2eeSplashScreen" style="display:none;">
+  <button class="hidden-verification-code-submit-button" type="submit" value="true" tabindex="-1"></button>
-        <h2 class="logintitle text-center">$gui.label</h2>
+
-        <div class="field info" id="info">$text.get("e2ee.splashscreen.msg")</div>
+  ## Common header with logo above the content.
+  #if (!$minimalHeader)
+    <div class="login-container-header">
+      #renderHeader($gui)
+      <img class="mb-1 max-w-full" src="${login.appDataPath}/resources/logo.png?v=1b26ec26" alt="Company Logo">
+      <span class="brand-name">$text.get("title")</span>
     </div>
   #end
 
-<div id="loginform">
+  <div class="login-container-body printable">
+    #set($topPaddingModifier = '')
 
-    <form id="$gui.name" name="$gui.name"
+    ## Setting cancel button and language selection dropdown as part of the body, as minimal header.
-    #if ($useFormEncryption) onsubmit="new e2eenc().encryptForm('$gui.encryption','$gui.name')" #end
+    #if ($minimalHeader)
-    method="POST" target="_self" action="$formTarget" autocomplete="off" accept-charset="UTF-8" class="form-horizontal">
+      #set($topPaddingModifier = 'pt-0') ## Removing padding from top of content.
+      <div class="login-container-minimal-header">
+        #renderHeader($gui)
+      </div>
+    #end
 
-		<h1 class="logintitle text-center">$gui.label</h1>
+    <div class="login-container-body-content printable $topPaddingModifier form-group">
 
-        #set ($tabindex = 0)
+      #renderTitle($gui)
-        #set ($policyFailureOpen = false)
-	    #set ($policyInfoOpen = false)
 
-	    #foreach ($guiElem in $gui.getGuiElems())
+      ## this block applies for usernameless mobile authentication
-	        #set ($tabindex = $tabindex+1)
+      #if ($gui.name == "mauth_usernameless")
-            #if ($guiElem.name.startsWith("policyInfo") && $guiElem.label && $guiElem.label.length() > 0)
+        <center id="mauth_started" style="display: none">
-                #if (!$policyInfoOpen)
+            <img id="mauth_loading" style="width: 60px; height: 60px; display: none;" src="${login.appDataPath}/resources/loading.svg?v=1af10281"/>
-                    <div class="form-group">
+            <br><br>
-                        <div class="col-sm-offset-3 col-sm-6">
+              <p id="mauth_qrcode_info">$text.get("mobile_auth.scan")</p>
-                    #set ($policyInfoOpen = true)
+              <canvas id="mauth_qrcode" style="width: 256px; height: 256px;">
-                #end
+              </canvas>
-                <span class="help-block small" id="$guiElem.name">$guiElem.label</span>
+              <div id="mauth_link_parent" class="form-group" style="display: none">
-            #elseif ($guiElem.name.startsWith("policyFailure") && $guiElem.label && $guiElem.label.length() > 0)
+                  <a href="" id="mauth_link">$text.get("mobile_auth.link")</a>
-                #if (!$policyFailureOpen)
-                    <div class="form-group has-error">
-                        <div class="col-sm-offset-3 col-sm-6">
-                    #set ($policyFailureOpen = true)
-                #end
-                <span class="help-block small" id="$guiElem.name">$guiElem.label</span>
-            #else
-                #if (!$guiElem.name.startsWith("policyInfo") && $policyInfoOpen) ## close
               </div>
-                    </div>
+        </center>
-                    #set ($policyInfoOpen = false)
-                #end
-                #if (!$guiElem.name.startsWith("policyFailure") && $policyFailureOpen) ## close
-                        </div>
-                    </div>
-                    #set ($policyFailureOpen = false)
-                #end
-                #renderFormField($guiElem, $gui, $tabindex)
-            #end
       #end
 
+      #renderGeneric($gui)
+
       ## this block applies when Channel is set to Push / Link
       #if ($gui.name == "mauth_link_qr" || $gui.name == "mauth_onboard")
         <!-- shown after dispatching -->
         <center id="mauth_started">
-	            <img id="mauth_loading" style="width: 60px; height: 60px; display: none;" src="${login.appDataPath}/resources/loading.svg"/>
+            <img id="mauth_loading" style="width: 60px; height: 60px; display: none;" src="${login.appDataPath}/resources/loading.svg?v=1af10281"/>
             <br><br>
             <p id="mauth_qrcode_info">$text.get("mobile_auth.scan")</p>
             <canvas id="mauth_qrcode" style="width: 256px; height: 256px;">
@@ -77,7 +71,7 @@
         </ul>
         <!-- shown after selecting the device -->
         <center id="mauth_started" style="display: none">
-                <img id="mauth_loading" style="width: 60px; height: 60px; display: none;" src="${login.appDataPath}/resources/loading.svg"/>
+            <img id="mauth_loading" style="width: 60px; height: 60px; display: none;" src="${login.appDataPath}/resources/loading.svg?v=1af10281"/>
             <p id="mauth_match_numbers" style="font-size: 64px; display: none;"></p>
             <p id="mauth_qrcode_info">$text.get("mobile_auth.push-or-scan")</p>
             <canvas id="mauth_qrcode" style="width: 256px; height: 256px;">
@@ -85,43 +79,13 @@
         </center>
       #end
 
-        ## this block applies for usernameless mobile authentication
+      #renderSocialLoginButtons($gui)
-        #if ($gui.name == "mauth_usernameless")
-	        <center id="mauth_started" style="display: none">
-	            <img id="mauth_loading" style="width: 60px; height: 60px; display: none;" src="${login.appDataPath}/resources/loading.svg"/>
-	            <br><br>
-                <p id="mauth_qrcode_info">$text.get("mobile_auth.scan")</p>
-                <canvas id="mauth_qrcode" style="width: 256px; height: 256px;">
-                </canvas>
-                <div id="mauth_link_parent" class="form-group" style="display: none">
-                    <a href="" id="mauth_link">$text.get("mobile_auth.link")</a>
-                </div>
-	        </center>
-        #end
-
-        #if ($useFormEncryption)
-            <input type="hidden" name="e2eenc.fields" value="not-set">
-            <input type="hidden" name="e2eenc.iv" value="not-set">
-            <input type="hidden" name="e2eenc.encapsulation" value="not-set">
-        #end
-
-        #renderFormControls($gui)
       #renderFormLinks($gui)
+    </div>
+  </div>
 </form>
 
-    <!-- position input focus into first element of form -->
-    <script type="text/javascript">
-        const form = document.forms['$gui.name'];
-        if (form) {
-          const input = form.elements[0];
-          if (input) {
-            input.focus();
-          }
-        }
-    </script>
-
 ## if only form, then we include javascript here (end of body)
 #if ($isFormRequest)
   #parse("${templatePath}/js_end.vm")
 #end
-</div>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/generic_auth_error.vm

@@ -36,3 +36,4 @@
 
 	</div>
 </div>
+

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/html.vm

@@ -2,14 +2,26 @@
 <html lang="${utils.escapeHtml($login.localeCode)}">
 
   <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+
     <title>$text.get('title')</title>
 
-		<meta charset="utf-8">
+    <link href="${login.appDataPath}/resources/variables.css?v=475bfae4" rel="stylesheet">
-		<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
+    <link href="${login.appDataPath}/resources/bootstrap.min.css?v=3f1c72e8" rel="stylesheet">
+    <link href="${login.appDataPath}/resources/customized-bootstrap.css?v=cd0eaec2" rel="stylesheet">
+    <link href="${login.appDataPath}/resources/main.css?v=e8e5f18f" rel="stylesheet">
+    <link href="${login.appDataPath}/resources/print.css?v=8df37d2d" rel="stylesheet" media="print">
 
-        <link href="${login.appDataPath}/resources/bootstrap.min.css" rel="stylesheet" type="text/css">
+    <style>
-        <link href="${login.appDataPath}/resources/bootstrap-theme.min.css" rel="stylesheet" type="text/css" media="all">
+      :root {
-        <link href="${login.appDataPath}/resources/default.css" rel="stylesheet" type="text/css" media="all">
+        /* Configurable CSS custom properties START */
+        --primary-color: #168CA9;
+        --border-radius: 0.5rem;
+        --font-family: Roboto;
+        /* Configurable CSS custom properties END*/
+      }
+    </style>
 
     <link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">
 
@@ -17,16 +29,19 @@
   </head>
 
   <body>
-	    #parse("${templatePath}/lang.vm")
+    ## show header without brand logo and name for some GUIs
+    #if ($gui.name == "authcloud_onboard")
+      #set ($minimalHeader = true)
+    #end
 
-        #parse("${templatePath}/header.vm")
+    #set($loginContainerDisplay = 'd-block') ## Default display behavior
-
+    #if ($loginContainerHidden)
-		<main id="content" class="container">
+      #set($loginContainerDisplay = 'd-none') ## Display none
+    #end
+    <main class="login-container $loginContainerDisplay">
       #parse("${templatePath}/form.vm")
     </main>
 
-        #parse("${templatePath}/footer.vm")
-
     #parse("${templatePath}/js_end.vm")
   </body>
 </html>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/js_end.vm

@@ -1,49 +1,37 @@
-<script src="${login.appDataPath}/resources/dropdown.js"></script>
+<script src="${login.appDataPath}/resources/bootstrap.bundle.min.js?v=50efbf3d"></script>
-<script src="${login.appDataPath}/resources/show-password.js"></script>
+<script src="${login.appDataPath}/resources/window-onload.js?v=0e43b633"></script>
 
 #if ($gui.name == "oauth_consent")
-    <script src="${login.appDataPath}/resources/oauth_consent.js"></script>
+    <script src="${login.appDataPath}/resources/oauth_consent.js?v=339b6d0d"></script>
-#end
-
-#if ($gui.name == "authcloud")
-    <script src="${login.appDataPath}/resources/qrious.min.js"></script>
-    <script src="${login.appDataPath}/resources/authcloud.js"></script>
-#end
-
-#if ($gui.name == "authcloud_onboard")
-    <script src="${login.appDataPath}/resources/qrious.min.js"></script>
-    <script src="${login.appDataPath}/resources/authcloud_onboard.js"></script>
-#end
-
-#if ($gui.name == "authcloud_login")
-    <script src="${login.appDataPath}/resources/qrious.min.js"></script>
-    <script src="${login.appDataPath}/resources/authcloud_login.js"></script>
 #end
 
 #if ($gui.name == "mauth_onboard")
-    <script src="${login.appDataPath}/resources/qrious.min.js"></script>
+    <script src="${login.appDataPath}/resources/qrious.min.js?v=db99dcaf"></script>
-    <script src="${login.appDataPath}/resources/mauth_onboard.js"></script>
+    <script src="${login.appDataPath}/resources/mauth_onboard.js?v=38723856"></script>
 #end
 
 #if ($gui.name == "mauth_link_qr")
-    <script src="${login.appDataPath}/resources/qrious.min.js"></script>
+    <script src="${login.appDataPath}/resources/qrious.min.js?v=db99dcaf"></script>
-    <script src="${login.appDataPath}/resources/mauth_link_qr.js"></script>
+    <script src="${login.appDataPath}/resources/mauth_link_qr.js?v=fd5fd826"></script>
 #end
 
 #if ($gui.name == "mauth_push_qr")
-    <script src="${login.appDataPath}/resources/qrious.min.js"></script>
+    <script src="${login.appDataPath}/resources/qrious.min.js?v=db99dcaf"></script>
-    <script src="${login.appDataPath}/resources/mauth_push_qr.js"></script>
+    <script src="${login.appDataPath}/resources/mauth_push_qr.js?v=3c6a82b5"></script>
 #end
 
 #if ($gui.name == "mauth_usernameless")
-    <script src="${login.appDataPath}/resources/qrious.min.js"></script>
+    <script src="${login.appDataPath}/resources/qrious.min.js?v=db99dcaf"></script>
-    <script src="${login.appDataPath}/resources/mauth_usernameless.js"></script>
+    <script src="${login.appDataPath}/resources/mauth_usernameless.js?v=f7614de6"></script>
+#end
+
+#if ($gui.name.startsWith("fido2"))
+  <script src="${login.appDataPath}/resources/fido2_utils.js?v=e32b17fe"></script>
 #end
 
 #if ($gui.name == "fido2_auth")
-    <script src="${login.appDataPath}/resources/base64.js"></script>
+  <script src="${login.appDataPath}/resources/base64.js?v=eee75ab4"></script>
-    <script src="${login.appDataPath}/resources/fido2_utils.js"></script>
+  <script src="${login.appDataPath}/resources/fido2_auth.js?v=67c408f6"></script>
-    <script src="${login.appDataPath}/resources/fido2_auth.js"></script>
 #end
 
 #if ($gui.name == "fido2_auth_std")
@@ -59,18 +47,43 @@
             userVerification: "$userVerification",
        };
     </script>
-    <script src="${login.appDataPath}/resources/simplewebauthn-browser@7.1.0.min.js"></script>
+    <script src="${login.appDataPath}/resources/simplewebauthn-browser@7.1.0.min.js?v=2178ec68"></script>
-    <script src="${login.appDataPath}/resources/fido2_utils.js"></script>
+    <script src="${login.appDataPath}/resources/fido2_utils.js?v=e32b17fe"></script>
-    <script src="${login.appDataPath}/resources/fido2_auth_std.js"></script>
+    <script src="${login.appDataPath}/resources/fido2_auth_std.js?v=576c17e9"></script>
 #end
 
 #if ($gui.name == "fido2_onboard")
-    <script src="${login.appDataPath}/resources/base64.js"></script>
+  <script src="${login.appDataPath}/resources/base64.js?v=eee75ab4"></script>
-    <script src="${login.appDataPath}/resources/fido2_utils.js"></script>
+  <script src="${login.appDataPath}/resources/fido2_onboard.js?v=701888a8"></script>
-    <script src="${login.appDataPath}/resources/fido2_onboard.js"></script>
 #end
 
-#if ($useFormEncryption)
+#if ($gui.name == "fido2_check")
-    <script src="${login.appDataPath}/resources/forge.bundle.js"></script>
+  <script src="${login.appDataPath}/resources/fido2_check.js?v=41e0e891"></script>
-    <script src="${login.appDataPath}/resources/e2eenc.js"></script>
+  ## Hide the login container while check in progress
+  #set ($loginContainerHidden = true)
+#end
+
+#if ($gui.name == "authcloud_onboard")
+  <script src="${login.appDataPath}/resources/qrious.min.js?v=db99dcaf"></script>
+  <script src="${login.appDataPath}/resources/authcloud_onboard.js?v=58fe635a"></script>
+#end
+
+#if ($gui.name == "authcloud_login")
+  <script src="${login.appDataPath}/resources/qrious.min.js?v=db99dcaf"></script>
+  <script src="${login.appDataPath}/resources/authcloud_login.js?v=999ceb11"></script>
+#end
+
+#if ($gui.getGuiElem("fido2_attestation_options"))
+  <script src="${login.appDataPath}/resources/simplewebauthn-browser@13.1.0.min.js?v=1127fa91"></script>
+  <script src="${login.appDataPath}/resources/passkey_autofill.js?v=b694a7c4"></script>
+#end
+
+#if ($gui.name == "recovery_code_onboarding")
+  <script src="${login.appDataPath}/resources/display-recovery-codes.js?v=7b02cbaa"></script>
+  <script src="${login.appDataPath}/resources/download-recovery-codes.js?v=d48fb5c1"></script>
+  <script src="${login.appDataPath}/resources/copy-to-clipboard.js?v=8169a8e6"></script>
+#end
+
+#if ($gui.name == "OATH_Share")
+  <script src="${login.appDataPath}/resources/copy-to-clipboard.js?v=8169a8e6"></script>
 #end

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/js_start.vm

@@ -1 +1,2 @@
-<script src="${login.appDataPath}/resources/jquery-3.6.0.min.js"></script>
+<!-- functions used in the template and in window-onload.js -->
+<script src="${login.appDataPath}/resources/utils.js?v=e4345865"></script>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/json.vm

@@ -23,11 +23,11 @@
         "name" : "$guiElem.name",
         "type" : "$guiElem.type",
         "optional" : "$guiElem.optional", 
-        "label" : "$guiElem.label" #if ($guiElem['validation-failed'] || $guiElem.value || $guiElem.length || $guiElem.format), #end
+        "label" : "$utils.escapeJson($guiElem.label)" #if ($guiElem['validation-failed'] || $guiElem.value || $guiElem.length || $guiElem.format), #end
        #if ($guiElem['validation-failed']) "validation-failed" : "$guiGroup.validationFailed" #if ($guiElem.value || $guiElem.length || $guiElem.format), #end
        #end ## if ($guiElem['validation-failed'])
 
-       #if ($guiElem.value) "value" : "$guiElem.value.replaceAll('\\\\','_ESCAPED_BACKSLASH_').replaceAll('\\"','_ESCAPED_QUOTE_').replaceAll('\\','\\\\').replaceAll('"','\\"').replaceAll('_ESCAPED_BACKSLASH_','\\\\').replaceAll('_ESCAPED_QUOTE_','\\"')" #if ($guiElem.length || $guiElem.format), #end
+       #if ($guiElem.value) "value" : "$utils.escapeJson($guiElem.value)" #if ($guiElem.length || $guiElem.format), #end
        #end ## if ($guiElem.value)
 
        #if ($guiElem.length) "max-length" : "$guiElem.length" #if ($guiElem.format), #end
@@ -49,7 +49,7 @@
 	#foreach ($guiGroup in $gui.getGuiGroup())
 	    "name" : "$guiGroup.name",
 	    "type" : "$guiGroup.type",
-	    "label" : "$guiGroup.label",
+	    "label" : "$utils.escapeJson($guiGroup.label)",
 	    "multiple"  : "$guiGroup.multiple",
 	    "format" : "$guiGroup.format",
 	    "optional" : "$guiGroup.optional",
@@ -63,9 +63,9 @@
             "type" : "$guiElem.type",
             "optional" : "$guiElem.optional",
             "validation-failed" : "$guiGroup.validationFailed",
-            "label" : "$guiElem.label" #if ($guiElem.value || $guiElem.length || $guiElem.format), #end
+            "label" : "$utils.escapeJson($guiElem.label)" #if ($guiElem.value || $guiElem.length || $guiElem.format), #end
             #if ($guiElem.value)
-            "value" : "$guiElem.value.replaceAll('\\\\','_ESCAPED_BACKSLASH_').replaceAll('\\"','_ESCAPED_QUOTE_').replaceAll('\\','\\\\').replaceAll('"','\\"').replaceAll('_ESCAPED_BACKSLASH_','\\\\').replaceAll('_ESCAPED_QUOTE_','\\"')" #if ($guiElem.length || $guiElem.format), #end
+            "value" : "$utils.escapeJson($guiElem.value)" #if ($guiElem.length || $guiElem.format), #end
             #end ## if ($guiElem.value)
             #if ($guiElem.length)
             "max-length" : "$guiElem.length" #if ($guiElem.format), #end
@@ -86,3 +86,4 @@
     ]
  #end ## if ($gui.getGuiGroup() && $gui.getGuiGroup().length() > 0)
 }
+

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/lang.vm

@@ -1,32 +0,0 @@
-## Nav =================================================================
-<nav id="language-switch" class="container-fluid">
-	<div class="dropdown pull-right">
-		<a id="language-switch-btn" class="dropdown-toggle text-uppercase small" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
-			<strong id="language">$login.localeCode</strong>
-			<span class="caret"></span>
-		</a>
-		<ul class="dropdown-menu" aria-labelledby="language-switch-btn">
-			## loop over all defined languages/locales....
-			#foreach ($locale in $login.locales)
-				## find translated label of current locale
-				#if ($text.contains("language.$locale"))
-					#set ($langLabel = $text.get("language.$locale"))
-				#elseif ($locale.length() > 2)
-					#set ($langLabel = $text.get("language.${locale.substring(0,2).toLowercase()}"))
-				#else
-					#set ($langLabel = $locale)
-				#end
-				## emit link or text for each language
-				#if ($login.localeCode != $locale && $login.language != $locale)
-					#set ($langTarget = $utils.escapeHtmlAttribute($gui.target('language', $locale)))
-					<li>
-						<a class="lang" href="$langTarget">
-							<strong class="prefix text-primary text-uppercase">$locale</strong>
-							<span>$langLabel</span>
-						</a>
-					</li>
-				#end
-			#end ## end foreach
-		</ul>
-	</div>
-</nav>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/macros.vm

@@ -1,252 +1,30 @@
-
+#macro(renderTitle $gui)
-#macro(renderFormField $guiElem, $gui, $tabindex)
+  <h1 class="h4 mb-3 text-center">$gui.label</h1>
-
-#if ($guiElem.type == "submit" || $guiElem.type == "button"  ||  $guiElem.type == "reset" ||  $guiElem.type == "link")
-## do nothing, will be rendered in renderFormControls  nd renderFormLinks
-
-
-#elseif ($guiElem.type == "info" || $guiElem.type == "error")
-	#if ($guiElem.label && $guiElem.label.length() > 0)
-		## special fields: display some text only
-		#set ($class = "form-group")
-		#if ($guiElem.type == "error")
-			#set ($class = "$class has-error")
 #end
-		<div class="$class">
+
-			<div class="col-sm-offset-3 col-sm-6">
+#macro(renderInfoIcon)
-				<span class="help-block small" id="$guiElem.name">
+<div class="text-center">
-					$guiElem.label
+  <img src="${login.appDataPath}/resources/info.svg?v=cde656f1" alt="Info icon">
-				</span>
-			</div>
 </div>
 #end
 
-#elseif ($guiElem.type == "hidden" && $guiElem.name == "saml.logoutURLs")
+#macro(renderSuccessIcon)
-<script>
+<div class="success-icon">
-var sp_urls = '$guiElem.value'.split(',');
+  <img src="${login.appDataPath}/resources/success.svg?v=45e1a941" alt="Success icon">
-var final_url = '$gui.getGuiElem("saml.logoutURL").value';
-function kill_session() {
-    var current_url = window.location.href;
-    if (current_url.indexOf('?logout') == -1 && current_url.indexOf('&logout') == -1) {
-      console.log("current URL does not terminate the IDP session");
-      var logout_url = '';
-      if (current_url.indexOf('?') > 0) {
-        logout_url = current_url + "&logout";
-      }
-      else {
-        logout_url = current_url + "?logout";
-      }
-      $.ajax({
-        type: "GET",
-        url: logout_url,
-        async: false,
-        xhrFields: {
-          withCredentials: true
-        },
-        dataType: "text",
-        success: function() {},
-        error: function() {}
-      });
-    }
-}
-var request_urls = sp_urls.filter(function(current_url) {
-    return current_url.indexOf('SAMLRequest') > 0;
-});
-var response_urls = sp_urls.filter(function(current_url) {
-    return current_url.indexOf('SAMLResponse') > 0;
-});
-function end_logout() {
-  if (response_urls.length == 0) {
-    console.log('IDP-initiated SAML logout detected');
-    kill_session(); // required to terminate IDP session
-    window.location.href = final_url;
-  }
-  else {
-    console.log('SP-initiated SAML logout detected');
-    kill_session(); // required to terminate IDP session
-    window.location.href = response_urls[0]; // only 1 such URL allowed. process ends on SP
-  }
-}
-var requests = [];
-for (var i = 0; i < request_urls.length; i++) {
-    var current_url = request_urls[i];
-    requests.push($.ajax({
-      type: "GET",
-      url: current_url,
-      xhrFields: {
-         withCredentials: true
-      },
-      crossDomain: true,
-      dataType: 'jsonp',
-      error: function() {}
-      })
-    );
-}
-// send out the requests in parallel and afterwards terminate the logout process
-// we have to terminate the logout no mather if the requests were successful or if there were failed requests
-$.when.apply($, requests).then(function() { end_logout(); }, function() { end_logout(); });
-</script>
-
-#elseif ($guiElem.type == "hidden")
-    <input type="hidden" name="$guiElem.name" value="$utils.escapeHtml($guiElem.value)">
-
-
-#else ## not info, error, button, submit, reset or hidden -> normal visual element
-
-## define CSS class of representation in form
-#set ($class = "form-group")
-#if ($guiElem.optional)
-#set ($class = "$class optional")
-#else
-#set ($class = "$class required")
-#end
-
-## highlight failed input validation, if flagged
-
-#if ($guiElem.validationFailed && $guiElem.value && $guiElem.value.length() > 0)
-#set ($class = "$class has-error")
-#end
-
-#if ($guiElem.validationFailed && (!$guiElem.value || $guiElem.value.length() == 0))
-#set ($class = "$class has-error")
-#end
-
-
-## the form field's container, a label, and optionally a validation-related message
-
-<div class="$class">
-	## Special handling required for radios + checkboxes
-	#if ($guiElem.type != "radio" && $guiElem.type != "checkbox")
-
-		<label class="col-sm-3 control-label" for="$guiElem.name">
-			#if ($guiElem.name.startsWith("inputField") && !$guiElem.optional)
-				$guiElem.label<span style="color: red">*</span>
-			#else
-				$guiElem.label
-			#end
-		</label>
-
-		<div class="col-sm-6">
-			#if ($guiElem.type == "text")
-		        <input class="form-control" type="text" name="$guiElem.name" id="$guiElem.name"
-		            maxlength="$guiElem.length"
-		            value="$utils.escapeHtml($guiElem.value)" tabindex="$tabindex">
-
-			#elseif ($guiElem.type == "pw-text")
-                <div class="icon-inside">
-                  <input name="${guiElem.name}" type="password" class="form-control" id="${guiElem.name}" value="$utils.escapeHtml($guiElem.value)" tabindex="$tabindex">
-                  <button class="icon-button" type="button" onclick="toggleInputType('${guiElem.name}', '${guiElem.name}eye-icon', '${login.appDataPath}')">
-                    <img id="${guiElem.name}eye-icon" src="${login.appDataPath}/resources/eye.svg">
-                  </button>
-                </div>
-
-			#elseif ($guiElem.type == "select")
-				#set ($scrollSize = $guiElem.getGuiElems().size())
-				#set ($scrollSize = $math.min($scrollSize,4))
-				#if ($guiElem.multiple)
-		        <select name="$guiElem.name" class="form-control" size="$scrollSize" multiple>
-				#else
-		        <select name="$guiElem.name" class="form-control">
-				#end
-				#foreach ($option in $guiElem.getGuiElems())
-					#if ($option.selected)
-		                <option value="$utils.escapeHtml($option.value)" selected>$option.label</option>
-					#else
-		                <option value="$utils.escapeHtml($option.value)">$option.label</option>
-					#end
-				#end ## foreach option
-		    </select>
-
-			#elseif ($guiElem.type == "image" )
-		    <img src="$utils.escapeHtml($guiElem.value)" alt="$guiElem.label" />
-			#end
-
-			#if ($guiElem.validationMessage && $guiElem.validationMessage.length() > 0)
-				<span class="help-block small">$guiElem.validationMessage</span>
-			#end
-
-			#if ($jsValidation)
-				#renderElementValidation($guiElem, $gui)
-			#end
-		</div>
-	#else
-	## Special handling for checkboxes and radios
-		<div class="col-sm-offset-3 col-sm-6">
-			<label>
-				<input type="$guiElem.type" name="$guiElem.name"
-								value="$utils.escapeHtml($guiElem.value)"
-								#if ($guiElem.checked || $guiElem.value == 'true')
-								checked
-								#end
-								tabindex="$tabindex">
-				$guiElem.label
-			</label>
-
-			#if ($guiElem.validationMessage && $guiElem.validationMessage.length() > 0)
-				<span class="help-block small">$guiElem.validationMessage</span>
-			#end
-
-			#if ($jsValidation)
-				#renderElementValidation($guiElem, $gui)
-			#end
-		</div>
-	#end
 </div>
 #end
 
-#end ## end macro
+#macro(renderPasswordlessIcon)
-
+<div class="text-center">
-
+  <img src="${login.appDataPath}/resources/face.svg?v=a17cbb96" alt="Paswordless first icon">
-
+  <img src="${login.appDataPath}/resources/finger.svg?v=08a4a146" alt="Paswordless second icon">
-
+</div>
-#macro(renderElementValidation $guiElem, $gui)
-#if (($guiElem.validation && $guiElem.validation.length() > 0)||($guiElem.format && $guiElem.format.length() > 0))
-
-
-<script type="text/javascript">
-
-#if ($guiElem.validation && $guiElem.validation.length() > 0)
-#if ($guiElem.validation.indexof('return ') > 0)
-#set ($validationFunc="function () { $guiElem.validation }")
-#else
-#set ($validationFunc="function () { return $guiElem.validation ; }")
 #end
-#else
-#set ($validationFunc="function () { return true; }")
-#end
-
-	var form = document.getElementById('${gui.name}');
-	var formInput = form.elements["${guiElem.name}"];
-	formInput.onchange = function () {
-		var valid = ${validationFunc}.call(this);
-#if ($guiElem.format && $guiElem.format.length() > 0)
-		valid = valid && (/${guiElem.format}/).test(this.value);
-#end
-		var parent = this.parentNode;
-		if (!valid) {
-			parent.className += " has-error";
-		} else {
-			parent.className = parent.className.replace(/ has-error/g, '');
-		}
-
-#if (!$guiElem.optional)
-		if (!this.value) {
-			parent.className += " has-warning";
-		} else {
-			parent.className = parent.className.replace(/ has-warning/g,'');
-		}
-#end
-	};
-</script>
-
-#end
-#end ## macro
-
 
 #macro(renderFormLinks $gui)
   #set ($noLinks = true)
   #foreach ($guiElem in $gui.getGuiElems())
-   #if ($guiElem.type == "link")
+    #if ($guiElem.type == "link" && $guiElem.value != "")
       #if ($noLinks)
       <div class="form-group text-center">
         #set ($noLinks = false)
@@ -259,37 +37,349 @@ $.when.apply($, requests).then(function() { end_logout(); }, function() { end_lo
   #end
 #end
 
-#macro(renderFormControls $gui)
+#macro(renderInfo $guiElem)
-<div class="form-group text-center">
+  #set($cssClass = "text-primary")
-#set ($buttonClass = "btn")
+  #if ($renderInfoCalled)
-#if ($isFormRequest)
+    #set($cssClass = "text-secondary")
-	#set ($buttonClass = "$buttonClass btn-default")
+  #end
+  #if ($guiElem.name.endsWith('sub-icon'))
+    <div class="sub-icon mb-3">
+      <span class="text-dark">$guiElem.label</span>
+    </div>
+  #elseif ($guiElem.name.endsWith('bottom'))
+    <div class="text-center mt-4 mb-0">
+      <span class="text-secondary">$guiElem.label</span>
+    </div>
+  #elseif($guiElem.name == "selection")
+    #set($methodName=$guiElem.value.replace("-registered", ""))
+    #set($methodLabel=$text.get("info.method.$methodName"))
+    #if($guiElem.value.endsWith('registered'))
+      <button type="button" class="list-group-item list-group-item-action btn-selection-item disabled" value="$guiElem.value">
+        <div>
+          <span class="d-flex align-items-center gap-1">
+            <img src="${login.appDataPath}/resources/${methodName}.svg" alt="${methodLabel}">
+            <span class="selection-label">$utils.escapeHtml($methodLabel)</span>
+          </span>
+          <span class="d-flex selection-description">$utils.escapeHtml($guiElem.label)</span>
+        </div>
+        <img src="${login.appDataPath}/resources/success-solid.svg?v=d4a18981" alt="${methodLabel} registered">
+      </button>
     #else
-	#set ($buttonClass = "$buttonClass btn-primary")
+      <button name="selection" type="submit" class="list-group-item list-group-item-action btn-selection-item" value="$guiElem.value">
-#end
+        <div>
-#foreach ($guiElem in $gui.getGuiElems())
+          <span class="d-flex align-items-center gap-1">
-	#if ($guiElem.type == "submit" || $guiElem.type == "button" || $guiElem.type == "reset")
+            <img src="${login.appDataPath}/resources/${methodName}.svg" alt="${methodLabel}">
-    <button class="$buttonClass $guiElem.cssClass"
+            <span class="selection-label">$utils.escapeHtml($methodLabel)</span>
-        ## special handling for button which execute a JS
+          </span>
-        #if ($guiElem.name == 'onclick')
+          <span class="d-flex selection-description">$utils.escapeHtml($guiElem.label)</span>
-            type="button"
+        </div>
-            onClick="start()"
+        <img src="${login.appDataPath}/resources/chevron-right.svg?v=597ebf66" alt="Select ${methodLabel}">
-        #else
-            name="$guiElem.name"
-            value="$utils.escapeHtml($guiElem.value)"
-        #end
-        >
-        #if ($guiElem.icon != "")
-            #if ($guiElem.icon.contains("http"))
-                <img src="$guiElem.icon" class="$guiElem.iconCssClass" />
-            #else
-                <img src="${login.appDataPath}/resources/$guiElem.icon" class="$guiElem.iconCssClass" />
-            #end
-        #end
-        $utils.escapeHtml($guiElem.label)
       </button>
     #end
-#end ## foreach
+  ## special FIDO2 case
+  #elseif(($gui.name == "fido2_onboard" || $gui.name == "fido2_auth") && $guiElem.name == "info")
+    <div class="sub-title mb-40">
+      <span class="text-dark">$guiElem.label</span>
     </div>
+  ## special case: recovery codes
+  #elseif ($guiElem.name == "displayrecoverycodes")
+    <span class="hidden" id="recovery-codes-raw">$guiElem.label</span>
+    <div id="recovery-codes" class="recovery-codes-wrapper printable"></div>
+  ## special case: OATH copyable secret key
+  #elseif ($guiElem.name.endsWith('readonly-copyable'))
+    <div class="icon-inside mb-4">
+      ## skip name to prevent submitting
+      <input readonly type="text" class="form-control text-truncate" id="${guiElem.name}" value="$utils.escapeHtml($guiElem.label)" title="${guiElem.label}">
+      <button class="icon-button nevis-blue-icon text-nevis-blue" type="button" onclick="copyToClipboard('${guiElem.name}')">
+        ## Use inline svg due to color changing
+        <svg width="20" height="21" viewBox="0 0 20 21" fill="none" xmlns="http://www.w3.org/2000/svg" aria-labelledby="copyTitle">
+          <title id="copyTitle">Copy setup key icon</title>
+          <path d="M6.66683 13.8333H5.00016C4.07969 13.8333 3.3335 13.0871 3.3335 12.1666V5.49992C3.3335 4.57944 4.07969 3.83325 5.00016 3.83325H11.6668C12.5873 3.83325 13.3335 4.57944 13.3335 5.49992V7.16659M8.3335 17.1666H15.0002C15.9206 17.1666 16.6668 16.4204 16.6668 15.4999V8.83325C16.6668 7.91278 15.9206 7.16659 15.0002 7.16659H8.3335C7.41302 7.16659 6.66683 7.91278 6.66683 8.83325V15.4999C6.66683 16.4204 7.41302 17.1666 8.3335 17.1666Z" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+        </svg>
+      </button>
+    </div>
+  #elseif($guiElem.name == "authcloud_info") ## special Access App case
+    <div class="sub-icon my-4">
+      <span class="text-dark" id="$guiElem.name">$guiElem.label</span>
+    </div>
+    #if($gui.name == "authcloud_onboard") ## prepare hidden access app installed info for mobile platform
+      <span id="info.access_app.installed" class="d-none">$utils.escapeHtml($text.get("info.access_app.installed"))</span>
+    #end
+  #elseif(($gui.name == "authcloud_onboard" || $gui.name == "authcloud_login") && $guiElem.name == "abort") ## special Access App case
+    <div class="text-center mt-4">
+      <span id="$guiElem.name" class="text-secondary">$guiElem.label</span>
+    </div>
+  #elseif($guiElem.name != "policyInfo.title" && $guiElem.name.startsWith('policy'))
+    <div class="my-2">
+      <span class="text-secondary" id="$guiElem.name">$guiElem.label</span>
+    </div>
+  #else
+    <div class="text-center my-3">
+      <span class="$cssClass" id="$guiElem.name">$guiElem.label</span>
+    </div>
+  #end
+  #set($renderInfoCalled = true)
+#end
 
-#end ## end macro
+#macro(renderHidden $guiElem)
+  ## prepare hidden deep link label for mobile app
+  #if ($guiElem.name == "info.deeplink")
+    ## patched by authcloud_login.js
+    <span id="info.login.access_app" class="d-none">$utils.escapeHtml($guiElem.value)</span>
+  #elseif ($guiElem.name == "saml.logoutURLs")
+    <script src="${login.appDataPath}/resources/saml_idp_logout.js?v=3a0c7b23"></script>
+    <script>
+      var sp_urls = '$guiElem.value'.split(',');
+      var final_url = '$gui.getGuiElem("saml.logoutURL").value';
+      handleLogout(sp_urls, final_url);
+    </script>
+  #else
+    <input type="hidden" name="$guiElem.name" value="$utils.escapeHtml($guiElem.value)">
+  #end
+#end
+
+#macro(renderText $guiElem)
+  #set ($extraClass = "")
+  ## highlight failed input validation
+  #if ($guiElem.validationFailed)
+    #set ($extraClass = "border-danger")
+  #end
+  ## special case email/SMS verification
+  #if ($guiElem.name == "isiwebotp")
+    <div class="verification-code-wrapper my-4">
+      <label for="${guiElem.name}" class="verification-code-label form-label">${guiElem.label}</label>
+      <input id="${guiElem.name}" name="${guiElem.name}" type="text" placeholder="______" maxlength="6"
+             class="verification-code-input form-control $extraClass"
+             value="$utils.escapeHtml($guiElem.value)" autofocus autocomplete="one-time-code">
+    </div>
+  #else
+    #set ($autocomplete = "username")
+    #if ($gui.getGuiElem("fido2_attestation_options"))
+      #set ($autocomplete = "username webauthn")
+    #end
+    #set ($inputWrapperClass = "my-4") ## default spacing around the input: 24px top and bottom
+    <div class="$inputWrapperClass">
+      #if ($guiElem.label && $guiElem.label.length() > 0)
+        <label for="${guiElem.name}" class="form-label $extraClass">${guiElem.label}</label>
+      #end
+
+    #if ($guiElem.name == "isiwebuserid") ## loginId or email
+      <input name="isiwebuserid" type="text" class="form-control $extraClass"
+             id="isiwebuserid" value="$utils.escapeHtml($guiElem.value)" required autofocus autocomplete="$autocomplete">
+      <div class="invalid-feedback" id="isiwebuserid-invalid-feedback">
+        <span>$guiElem.validationMessage</span>
+      </div>
+    #elseif($guiElem.name == "isiwebrecovery") ## special case recovery code input
+      <input name="${guiElem.name}" type="${guiElem.type}"
+             placeholder="____-____-____-____"  maxlength="19"
+             class="recovery-code-input form-control"
+             id="${guiElem.name}"
+             value="$utils.escapeHtml($guiElem.value)" autofocus>
+    #elseif($gui.name.endsWith("OATH_Authentication") && $guiElem.name == "response") ## special case time based one time password code input
+      <div class="totp-code-wrapper">
+        <input name="${guiElem.name}" type="number" inputmode="numeric" pattern="[0-9]{6}"
+               placeholder="______" maxlength="6"
+               class="totp-code-input form-control $extraClass"
+               id="${guiElem.name}"
+               value="$utils.escapeHtml($guiElem.value)" autofocus autocomplete="one-time-code" oninput="formatNumberInput('${guiElem.name}')">
+      </div>
+    #elseif ($guiElem.type == "pw-text")
+      <div class="icon-inside">
+        <input name="${guiElem.name}" type="password" class="form-control $extraClass" id="${guiElem.name}" autofocus autocomplete="current-password">
+        <button class="icon-button" type="button" onclick="toggleEye('${guiElem.name}', '${guiElem.name}-eye', '${login.appDataPath}')">
+          <img id="${guiElem.name}-eye" src="${login.appDataPath}/resources/eye.svg?v=d43998e8">
+        </button>
+      </div>
+    #else
+      <input name="${guiElem.name}" type="${guiElem.type}"
+             class="form-control $extraClass" id="${guiElem.name}" value="$utils.escapeHtml($guiElem.value)" autofocus>
+    #end
+    </div>
+  #end
+#end
+
+#macro(renderButton $guiElem)
+
+  ## special cases: FIDO2
+  #if ($guiElem.name == "onclick")
+    <button class="btn btn-primary w-100" type="button" onclick="startFido2();">
+      $utils.escapeHtml($guiElem.label)
+    </button>
+
+  ## special cases: recovery codes
+  #elseif ($guiElem.name == "copyrecoverycode")
+    <button class="btn btn-secondary btn-recovery-code" type="button" onclick="copyToClipboard('recovery-codes')">
+      $utils.escapeHtml($guiElem.label)
+    </button>
+    #set ($btnPrimaryUsed = false)
+  #elseif ($guiElem.name == "downloadrecoverycode")
+    <button class="btn btn-secondary btn-recovery-code" type="button" onclick="downloadRecoveryCodes('recovery-codes')">
+      $utils.escapeHtml($guiElem.label)
+    </button>
+  #elseif ($guiElem.name == "printrecoverycode")
+    <button class="btn btn-secondary btn-recovery-code" type="button" onclick="window.print();">
+      $utils.escapeHtml($guiElem.label)
+    </button>
+
+  ## default rendering
+  #elseif ($guiElem.value != "disabled") ## do not show button if the value is disabled
+
+    #set ($btnWrapperClass = "text-center mt-4")
+    #if ($guiElem.name.endsWith('bottom'))
+      #set ($btnWrapperClass = "${btnWrapperClass} mb-0")
+    #else
+      #set ($btnWrapperClass = "${btnWrapperClass} mb-4")
+    #end
+
+    #set ($btnClass = "btn w-100")
+    #if ($guiElem.cssClass && !$guiElem.cssClass.isEmpty())
+      #set ($btnClass = "${btnClass} ${guiElem.cssClass}")
+    #else
+      #if (!$btnPrimaryUsed)
+        #set ($btnClass = "${btnClass} btn-primary")
+        #set ($btnPrimaryUsed = true)
+      #else
+        #set ($btnClass = "${btnClass} btn-secondary")
+      #end
+    #end
+
+    <div class="$btnWrapperClass">
+      <button name="$guiElem.name" type="submit" class="$btnClass"
+              value="$utils.escapeHtml($guiElem.value)">$guiElem.label</button>
+    </div>
+  #end
+#end
+
+#macro(renderError $guiElem)
+  #if($guiElem.name.startsWith('policy'))
+    <div class="my-2">
+      <span class="text-danger" id="$guiElem.name">$guiElem.label</span>
+    </div>
+  #else
+    <div class="text-center my-4">
+      <span class="text-danger" id="$guiElem.name">$guiElem.label</span>
+    </div>
+  #end
+#end
+
+#macro(renderRadio $guiElem)
+  <div class="form-check">
+    <input id="${guiElem.name}" name="${guiElem.name}" type="radio" class="form-check-input" value="$utils.escapeHtml($guiElem.value)" autofocus>
+    <label for="${guiElem.name}" class="form-check-label">${guiElem.label}</label>
+  </div>
+#end
+
+#macro(renderCheckbox $guiElem)
+  <div class="form-check">
+    <label for="${guiElem.name}" class="form-check-label">${guiElem.label}</label>
+    <input id="${guiElem.name}" name="${guiElem.name}" type="checkbox" class="form-check-input" value="$utils.escapeHtml($guiElem.value)"
+      #if ($guiElem.checked)
+        checked
+      #end
+    >
+  </div>
+#end
+
+#macro(renderImage $guiElem)
+  <div class="text-center">
+    <img src="${guiElem.value}" alt="${guiElem.name}" class="img-fluid">
+  </div>
+#end
+
+#macro(renderGuiElem $guiElem)
+  #if ($guiElem.name.startsWith('social_') || $guiElem.type == "link")
+    ## do nothing, will be rendered later
+  #elseif ($guiElem.name == "info-icon")
+    #renderInfoIcon()
+  #elseif ($guiElem.name == "passwordless-icon")
+    #renderPasswordlessIcon()
+  #elseif ($guiElem.name == "success-icon")
+    #renderSuccessIcon()
+  #elseif ($guiElem.type == "error" && $guiElem.label && $guiElem.label.length() > 0)
+    #renderError($guiElem)
+  #elseif ($guiElem.type == "info" && $guiElem.label && $guiElem.label.length() > 0)
+    #renderInfo($guiElem)
+  #elseif ($guiElem.type == "text" || $guiElem.type == "pw-text")
+    #renderText($guiElem)
+  #elseif ($guiElem.type == "submit" || $guiElem.type == "button" || $guiElem.type == "reset")
+    #renderButton($guiElem)
+    ## after buttons were rendered, we enforce usage of the secondary color for subsequent info elements
+    #set($renderInfoCalled = true)
+  #elseif ($guiElem.type == "radio")
+    #renderRadio($guiElem)
+  #elseif ($guiElem.type == "checkbox")
+    #renderCheckbox($guiElem)
+  #elseif ($guiElem.type == "image" && $guiElem.value != "")
+    #renderImage($guiElem)
+  #elseif ($guiElem.type == "hidden")
+    #renderHidden($guiElem)
+  #end
+#end
+
+#macro(renderGeneric $gui)
+  #foreach ($guiElem in $gui.getGuiElems())
+    #renderGuiElem($guiElem)
+  #end
+#end
+
+#macro(renderSocialLoginButton $button)
+  #if ($button.name != "")
+    <button name="$button.name" class="btn social-login-button" value="true">
+      #if ($button.name.startsWith('social_generic_'))
+        ## the generic social login pattern allows to customize the icon
+        #if ($button.icon != "")
+          <img src="${login.appDataPath}/$button.icon" alt="social login logo" width="18" height="18">
+        #else
+          $button.label
+        #end
+      #else
+        #set ($logoName = $button.name.substring(7))
+        <img src="${login.appDataPath}/resources/${logoName}.svg" alt="${logoName} logo" width="18" height="18">
+      #end
+    </button>
+  #end
+#end
+
+#macro(renderSocialLoginButtons $gui)
+  #set ($socialLoginButtonFound = false) 
+  #foreach ($guiElem in $gui.getGuiElems())
+    #if ($guiElem.name.startsWith('social_'))
+      #set ($socialLoginButtonFound = true)
+    #end
+  #end
+  #if ($socialLoginButtonFound)
+    <p class="horizontal-line mt-5 mb-3">$text.get('info.continue.social')</p>
+    <div class="social-login-buttons">
+      ## loop again to respect order
+      #foreach ($guiElem in $gui.getGuiElems())
+        #if ($guiElem.name.startsWith('social_'))
+          #renderSocialLoginButton($guiElem)
+        #end
+      #end
+    </div>
+  #end
+#end
+
+#macro(renderHeader $gui)
+  <div class="d-flex justify-content-between w-100 h-icon-button">
+    <button id="logout-btn" class="btn p-0" aria-label="Close">X</button>
+    #set ($languages = $login.defaultsBundle.getString("application.languages").split("[,\\s]+"))
+    #if ($languages.size() > 1)
+      #set ($activeLangLabel = $text.get("language.$login.localeCode"))
+      <button class="btn btn-language-selector dropdown-toggle ms-auto" type="button" id="language-switch-btn" data-bs-toggle="dropdown" aria-expanded="false">
+        <span class="lang-label">$activeLangLabel</span>
+        <img src="${login.appDataPath}/resources/chevron-down.svg?v=cfb90b1c" class="ms-2" alt="Down">
+      </button>
+      <ul class="dropdown-menu dropdown-menu-end" aria-labelledby="language-switch-btn">
+        #foreach ($lang in $languages)
+          #set ($langLabelPropertyName = "language." + $lang) ## Strings can't be concatenated in the text.get below, had to outsource.
+          #set ($langLabel = $text.get($langLabelPropertyName))
+          #set ($langTarget = $utils.escapeHtmlAttribute($gui.target('language', $lang)))
+          <li>
+            <a class="dropdown-item" href="$langTarget">$langLabel</a>
+          </li>
+      #end
+    </ul>
+    #end
+  </div>
+#end

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/OP-ONBRDNG-AuthenticationRealm/webdata/resources/apple.svg

@@ -0,0 +1,10 @@
+<svg width="19" height="18" viewBox="0 0 19 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0)">
+<path d="M13.9697 17.2808C12.9941 18.2276 11.9177 18.08 10.8917 17.6336C9.80091 17.1782 8.80371 17.1494 7.65171 17.6336C6.21711 18.2528 5.45571 18.0728 4.59171 17.2808C-0.28628 12.2588 0.433719 4.60879 5.97771 4.32079C7.32231 4.39279 8.26371 5.06419 9.05571 5.11999C10.2329 4.88059 11.3597 4.19479 12.6197 4.28479C14.1335 4.40719 15.2657 5.00479 16.0217 6.07938C12.9077 7.95138 13.6457 12.0554 16.5059 13.2074C15.9335 14.7104 15.1991 16.1954 13.9679 17.2934L13.9697 17.2808ZM8.94771 4.26679C8.80191 2.03479 10.6109 0.198798 12.6917 0.0187988C12.9779 2.59279 10.3517 4.51879 8.94771 4.26679Z" fill="#1F2F33"/>
+</g>
+<defs>
+<clipPath id="clip0">
+<rect width="15.156" height="18" fill="white" transform="translate(1.3335)"/>
+</clipPath>
+</defs>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/OP-ONBRDNG-AuthenticationRealm/webdata/resources/authcloud_login.js

@@ -66,7 +66,7 @@ const Status = {
 };
 
 function setDeepLinkLabel(button) {
-    const text = document.getElementsByName('info.deeplink')[0].value;
+    const text = document.getElementById('info.login.access_app').innerText;
     button.innerHTML = text;
 }
 
@@ -80,7 +80,13 @@ function messageCheckPhone() {
     infoElement.innerHTML = text;
 }
 
-const Element = {
+function showError() {
+    const text = document.getElementsByName('error.authcloud.login')[0].value;
+    errorElement.innerHTML = text;
+    infoElement.style.display = "none";
+}
+
+const AccessAppElement = {
 
     _elem: null, // QR code or deep link depending on device
 
@@ -91,8 +97,11 @@ const Element = {
         if (isAndroid || isIphone) {
             this._elem = document.createElement('a');
             this._elem.setAttribute('href', appLink);
-            this._elem.setAttribute('class', 'btn btn-primary');
+            this._elem.setAttribute('class', 'btn btn-primary w-100 mt-4');
             this._elem.setAttribute('target', '_blank');
+            // distinguishes style for platforms
+            dispatcherElement.classList.add('mobile-platform');
+
             dispatcherElement.appendChild(this._elem);
             setDeepLinkLabel(this._elem);
         }
@@ -103,13 +112,23 @@ const Element = {
             }
             else {
                 messageScanQR();
+                const qrSize = 280;
+                // Element to render the QR code
                 this._elem = document.createElement('canvas');
-                dispatcherElement.appendChild(this._elem);
+                // Wrapper div to render corners
-                var qrcode = new QRious({
+                const qrCodeWrapper = document.createElement('div');
+                qrCodeWrapper.setAttribute('id','qr-code-wrapper');
+                qrCodeWrapper.style.width = `${qrSize}px`;
+                qrCodeWrapper.style.height = `${qrSize}px`;
+                qrCodeWrapper.appendChild(this._elem)
+                dispatcherElement.style.height = `${qrSize}px`;
+                dispatcherElement.appendChild(qrCodeWrapper);
+                const qrcode = new QRious({
                   element: this._elem,
-                  foreground: "#168CA9",
+                  // use --nevis-gray-900 CSS variable value
+                  foreground: getComputedStyle(document.body).getPropertyValue('--nevis-gray-900'),
                   level: "M",
-                  size: 280,
+                  size: qrSize,
                   value: appLink
                 });
             }
@@ -125,20 +144,31 @@ const Element = {
 };
 
 function authenticateUser(appLink) {
-    Element.show(appLink);
+
-    console.log('Starting Authentication Cloud status polling...');
+    AccessAppElement.show(appLink);
+
+    console.log('Starting Auth Cloud status polling...');
+
     Status.startPolling(statusToken, (st, done) => {
+
         if (st.status === 'succeeded') {
-            console.log('Authentication Cloud login done.');
+
+            console.log('Auth Cloud success.');
+
+            // auto submit form with outcome
             submitStatus('succeeded')
         }
         else if (st.status === 'failed') {
+
             // failed: The transaction failed, either by timeout or because the user did not accept.
-            console.warn('Authentication Cloud login failed. User abort or timeout.');
+            console.warn('Auth Cloud login failed. User abort or timeout.');
+
             submitStatus('failed')
         }
         else if (st.status === 'unknown') {
-            console.error('Authentication Cloud login failed. Unknown status.');
+
+            console.error('Auth Cloud login failed. Unknown status.');
+
             submitStatus('unknown')
         }
     });

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/OP-ONBRDNG-AuthenticationRealm/webdata/resources/authcloud_onboard.js

@@ -75,7 +75,12 @@ function messageScanQR() {
     infoElement.innerHTML = text;
 }
 
-const Element = {
+function messageInstalledAccessApp() {
+  const text = document.getElementById('info.access_app.installed').innerText;
+  infoElement.innerHTML = text;
+}
+
+const AccessAppElement = {
 
     _elem: null, // QR code or deep link depending on device
 
@@ -84,22 +89,47 @@ const Element = {
         const isIphone = 'iPhone' === navigator.platform;
         const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent);
         if (isAndroid || isIphone) {
+            if (isAndroid) {
+                document.getElementById('install_apple').style.display = 'none';
+            }
+            if (isIphone) {
+                document.getElementById('install_google').style.display = 'none';
+            }
             this._elem = document.createElement('a');
             this._elem.setAttribute('href', appLink);
-            this._elem.setAttribute('class', 'btn btn-primary');
+            this._elem.setAttribute('class', 'btn btn-primary w-100');
             this._elem.setAttribute('target', '_blank');
+            // distinguishes style for platforms
+            dispatcherElement.classList.add('mobile-platform');
+            const accessApplinks = document.getElementById('access-app-download-link');
+            accessApplinks.classList.add('access-app-download-link-mobile-spacing');
+
             dispatcherElement.appendChild(this._elem);
             setDeepLinkLabel(this._elem);
+
+            // info text is displayed before access app links
+            accessApplinks.parentNode.insertBefore(infoElement.parentNode, accessApplinks);
+            messageInstalledAccessApp();
         }
         else {
             messageScanQR();
+            const qrSize = 280;
+            // Element to render the QR code
             this._elem = document.createElement('canvas');
-            dispatcherElement.appendChild(this._elem);
+            // Wrapper div to render corners
-            var qrcode = new QRious({
+            const qrCodeWrapper = document.createElement('div');
+            qrCodeWrapper.setAttribute('id','qr-code-wrapper');
+            qrCodeWrapper.style.width = `${qrSize}px`;
+            qrCodeWrapper.style.height = `${qrSize}px`;
+            qrCodeWrapper.appendChild(this._elem)
+            dispatcherElement.style.height = `${qrSize}px`;
+            dispatcherElement.appendChild(qrCodeWrapper);
+            const qrcode = new QRious({
               element: this._elem,
-              foreground: "#168CA9",
+              // use --nevis-gray-900 CSS variable value
+              foreground: getComputedStyle(document.body).getPropertyValue('--nevis-gray-900'),
               level: "M",
-              size: 280,
+              size: qrSize,
               value: appLink
             });
         }
@@ -114,25 +144,47 @@ const Element = {
 };
 
 function onboardUser(appLink) {
-    Element.show(appLink);
+
-    console.log('Starting Authentication Cloud status polling...');
+    AccessAppElement.show(appLink);
+
+    console.log('Starting Auth Cloud status polling...');
+
     Status.startPolling(statusToken, (st, done) => {
+
         if (st.status === 'succeeded') {
-            console.log('Authentication Cloud onboarding done.');
+
+            console.log('Auth Cloud success.');
+
+            // auto submit form with outcome
             submitStatus('succeeded')
         }
         else if (st.status === 'failed') {
+
             // failed: The transaction failed, either by timeout or because the user did not accept.
             console.warn('Authentication Cloud onboarding failed. User abort or timeout.');
+
             submitStatus('failed')
         }
         else if (st.status === 'unknown') {
+
             console.error('Authentication Cloud onboarding failed. Unknown status.');
+
             submitStatus('unknown')
         }
     });
 }
 
+const swap = function (nodeA, nodeB) {
+    const parentA = nodeA.parentNode;
+    const siblingA = nodeA.nextSibling === nodeB ? nodeA : nodeA.nextSibling;
+
+    // Move `nodeA` to before the `nodeB`
+    nodeB.parentNode.insertBefore(nodeA, nodeB);
+
+    // Move `nodeB` to before the sibling of `nodeA`
+    parentA.insertBefore(nodeB, siblingA);
+};
+
 function init() {
 
     const form = document.getElementById('authcloud_onboard');
@@ -145,6 +197,9 @@ function init() {
 
     dispatcherElement = document.getElementById('authcloud_dispatch');
 
+    // info texts are displayed underneath QR code
+    swap(infoElement.parentNode, dispatcherElement.parentNode);
+
     const appLink = form.appLink.value;
     onboardUser(appLink);
 }

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/OP-ONBRDNG-AuthenticationRealm/webdata/resources/chevron-down.svg

@@ -0,0 +1,3 @@
+<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M12.6667 6L8 10.6667L3.33333 6" stroke="#1F2F33" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/OP-ONBRDNG-AuthenticationRealm/webdata/resources/chevron-right.svg

@@ -0,0 +1,3 @@
+<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path d="M6 3.33332L10.6667 7.99999L6 12.6667" stroke="#1F2F33" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/OP-ONBRDNG-AuthenticationRealm/webdata/resources/copy-to-clipboard.js

@@ -0,0 +1,27 @@
+function copyToClipboard(containerid) {
+  if (document.selection) {
+    var range = document.body.createTextRange();
+    range.moveToElementText(document.getElementById(containerid));
+    range.select().createTextRange();
+    document.execCommand("copy");
+  } else if (window.getSelection) {
+    var range = document.createRange();
+    range.selectNode(document.getElementById(containerid));
+    window.getSelection().addRange(range);
+    document.execCommand("copy");
+  }
+
+  // clear selection
+  if (window.getSelection) {
+    if (window.getSelection().empty) {
+      // Chrome
+      window.getSelection().empty();
+    } else if (window.getSelection().removeAllRanges) {
+      // Firefox
+      window.getSelection().removeAllRanges();
+    }
+  } else if (document.selection) {
+    // IE
+    document.selection.empty();
+  }
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/OP-ONBRDNG-AuthenticationRealm/webdata/resources/customized-bootstrap.css

@@ -0,0 +1,755 @@
+/*!
+ * Bootstrap v5.1.3 (https://getbootstrap.com/)
+ * Copyright 2011-2021 The Bootstrap Authors
+ * Copyright 2011-2021 Twitter, Inc.
+ * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE)
+*/
+
+/*
+ * This file contains customized bootstrap classes which are in the same name, however differ in the implementation.
+ * Classes use CSS custom properties from :root to be runtime modifiable.
+ * Used a portion of bootstrap classes which satisfy the requirements without to include the whole bootstrap bundle.
+ * If you would like to add new classes as "override" or extension please use the bootstrap naming convention.
+*/
+
+/* Form controls */
+.form-label {
+  margin-bottom: 0.25rem;
+}
+
+.form-check:has(.form-check-label) {
+  padding: 1em 1em 1em 1.6em;
+  border-top: solid 1px lightgray;
+  margin: 0 1em 0 1em;
+}
+
+.form-check-label {
+  font-size: 0.875rem !important;
+}
+
+.form-group {}
+
+.form-control {
+  display: block;
+  width: 100%;
+  padding: 0.5625rem 0.75rem;
+  font-size: 1rem;
+  font-weight: 400;
+  line-height: 1.25rem;
+  color: var(--nevis-black);
+  background-color: var(--nevis-white);
+  background-clip: padding-box;
+  border: 0.0625rem solid var(--nevis-form-control-border-color);
+  border-radius: var(--nevis-border-radius);
+  -webkit-appearance: none;
+  -moz-appearance: none;
+  appearance: none;
+  transition: border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
+}
+
+@media (prefers-reduced-motion: reduce) {
+  .form-control {
+    transition: none;
+  }
+}
+
+.form-control:focus {
+  color: var(--nevis-black);
+  background-color: var(--nevis-white);
+  border-color: var(--nevis-primary);
+  outline: 0;
+  box-shadow: 0 0 0 0.0625rem var(--nevis-primary);
+}
+
+.form-control::-webkit-date-and-time-value {
+  height: 1.5em;
+}
+
+.form-control::-moz-placeholder {
+  color: var(--nevis-secondary);
+  opacity: 1;
+}
+
+.form-control::placeholder {
+  color: var(--nevis-secondary);
+  opacity: 1;
+}
+
+.form-control:disabled {
+  font-size: 0.875rem;
+  background-color: #e9ecef;
+  opacity: 1;
+}
+
+.form-control[readonly] {
+  background: var(--nevis-readonly-bg-color);
+  border-color: var(--nevis-readonly-border-color);
+  border-radius: var(--nevis-border-radius);
+  color: var(--nevis-gray-900);
+  font-size: 0.875rem;
+}
+
+.form-control[readonly]:focus {
+  box-shadow: 0 0 0 0.0625rem var(--nevis-readonly-box-shadow-color);
+}
+
+/* Valdiation */
+.invalid-feedback {
+  display: none;
+  width: 100%;
+  margin-top: 0.25rem;
+  font-size: 0.875em;
+  color: var(--nevis-danger);
+}
+
+.was-validated :invalid~.invalid-feedback,
+.was-validated :invalid~.invalid-tooltip,
+.is-invalid~.invalid-feedback,
+.is-invalid~.invalid-tooltip {
+  display: block;
+}
+
+/* Added for 3rd party International Telephone Input */
+.was-validated .iti~.invalid-feedback.invalid-feedback-ready,
+.was-validated .iti~.invalid-tooltip.invalid-feedback-ready {
+  display: block;
+}
+
+.was-validated .form-control:invalid,
+.form-control.is-invalid {
+  border-color: var(--nevis-danger);
+  border-width: 0.125rem;
+  padding-right: inherit;
+  background-image: none;
+  background-repeat: no-repeat;
+  background-position: inherit;
+  background-size: inherit;
+}
+
+.was-validated .form-control:invalid:focus,
+.form-control.is-invalid:focus {
+  border-color: var(--nevis-danger);
+  box-shadow: none;
+}
+
+.form-control:valid,
+.form-control.is-valid {
+  background-image: none;
+}
+
+/* remove valid feedback classes */
+.was-validated .form-control:valid,
+.form-control.is-valid {
+  border-color: var(--nevis-gray-400);
+  padding-right: inherit;
+  background-image: inherit;
+  background-repeat: no-repeat;
+  background-position: inherit;
+  background-size: inherit;
+}
+
+.was-validated .form-control:valid:focus,
+.form-control.is-valid:focus {
+  border-color: var(--nevis-gray-400);
+  box-shadow: unset;
+}
+
+.was-validated textarea.form-control:valid,
+textarea.form-control.is-valid {
+  padding-right: inherit;
+  background-position: inherit;
+}
+
+.was-validated .form-select:valid,
+.form-select.is-valid {
+  border-color: var(--nevis-gray-400);
+}
+
+.was-validated .form-select:valid:not([multiple]):not([size]),
+.was-validated .form-select:valid:not([multiple])[size="1"],
+.form-select.is-valid:not([multiple]):not([size]),
+.form-select.is-valid:not([multiple])[size="1"] {
+  padding-right: inherit;
+  background-image: none;
+  background-position: inherit;
+  background-size: inherit;
+}
+
+.was-validated .form-select:valid:focus,
+.form-select.is-valid:focus {
+  border-color: var(--nevis-gray-400);
+  box-shadow: unset;
+}
+
+.was-validated .form-check-input:valid,
+.form-check-input.is-valid {
+  border-color: var(--nevis-gray-400);
+}
+
+.was-validated .form-check-input:valid:checked,
+.form-check-input.is-valid:checked {
+  background-color: inherit;
+}
+
+.was-validated .form-check-input:valid:focus,
+.form-check-input.is-valid:focus {
+  box-shadow: unset;
+}
+
+.was-validated .form-check-input:valid~.form-check-label,
+.form-check-input.is-valid~.form-check-label {
+  color: inherit;
+}
+
+/* Buttons */
+.btn {
+  display: inline-block;
+  font-weight: 500;
+  line-height: 1.5rem;
+  color: var(--nevis-black);
+  text-align: center;
+  text-decoration: none;
+  vertical-align: middle;
+  cursor: pointer;
+  -webkit-user-select: none;
+  -moz-user-select: none;
+  user-select: none;
+  background-color: transparent;
+  border: 0.0625rem solid transparent;
+  padding: 0.75rem 1.25rem;
+  font-size: 1rem;
+  border-radius: var(--nevis-border-radius);
+  transition: color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
+}
+
+@media (prefers-reduced-motion: reduce) {
+  .btn {
+    transition: none;
+  }
+}
+
+.btn:hover {
+  color: var(--nevis-black);
+}
+
+.btn:disabled,
+.btn.disabled,
+fieldset:disabled .btn {
+  pointer-events: none;
+  opacity: 0.65;
+}
+
+/* remove box-shadows by default, enable later by colors */
+.btn:focus {
+  box-shadow: unset;
+}
+
+.btn-check:checked+.btn-primary:focus,
+.btn-check:active+.btn-primary:focus,
+.btn-primary:active:focus,
+.btn-primary.active:focus,
+.show>.btn-primary.dropdown-toggle:focus {
+  box-shadow: unset;
+}
+
+/* Primary Button */
+.btn-primary {
+  color: var(--nevis-white);
+  background-color: var(--nevis-primary);
+  border-color: var(--nevis-primary);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-primary);
+}
+
+.btn-primary:hover {
+  color: var(--nevis-white);
+  filter: brightness(110%);
+  background-color: var(--nevis-primary);
+  border-color: var(--nevis-primary);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-primary);
+}
+
+.btn-primary:focus {
+  color: var(--nevis-white);
+  background-color: var(--nevis-primary);
+  border-color: var(--nevis-primary);
+  filter: brightness(110%);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-primary);
+}
+
+.btn-primary:active,
+.btn-primary.active {
+  color: var(--nevis-white);
+  background-color: var(--nevis-primary);
+  border-color: var(--nevis-primary);
+  filter: brightness(90%);
+}
+
+.btn-primary:active:focus,
+.btn-primary.active:focus {
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-primary);
+}
+
+.btn-primary:disabled,
+.btn-primary.disabled {
+  color: var(--nevis-secondary);
+  background-color: var(--nevis-gray-100);
+  border-color: var(--nevis-gray-100);
+  box-shadow: none;
+  filter: brightness(1);
+}
+
+/* Secondary Button */
+.btn-secondary {
+  color: var(--nevis-gray-900);
+  background-color: var(--nevis-gray-200);
+  border-color: var(--nevis-gray-200);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-gray-200);
+}
+
+.btn-secondary:hover {
+  color: var(--nevis-gray-900);
+  filter: brightness(110%);
+  background-color: var(--nevis-gray-200);
+  border-color: var(--nevis-gray-200);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-gray-200);
+}
+
+.btn-secondary:focus {
+  color: var(--nevis-gray-900);
+  background-color: var(--nevis-gray-200);
+  border-color: var(--nevis-gray-200);
+  filter: brightness(110%);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-gray-200);
+}
+
+.btn-secondary:active,
+.btn-secondary.active {
+  color: var(--nevis-gray-900);
+  background-color: var(--nevis-gray-200);
+  border-color: var(--nevis-gray-200);
+  filter: brightness(90%);
+}
+
+.btn-secondary:active:focus,
+.btn-secondary.active:focus {
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-gray-200);
+}
+
+.btn-secondary:disabled,
+.btn-secondary.disabled {
+  color: var(--nevis-secondary);
+  background-color: var(--nevis-gray-100);
+  border-color: var(--nevis-gray-100);
+  box-shadow: none;
+  filter: brightness(1);
+}
+
+.btn-link {
+  font-size: 0.875rem !important;
+  vertical-align: baseline;
+  border: none;
+  color: var(--nevis-primary);
+  background: none;
+  text-decoration: none;
+  padding: 0;
+}
+
+/* Componentes */
+.dropdown-toggle::after {
+  display: none !important;
+}
+
+/* Utilities */
+h6,
+.h6,
+h5,
+.h5,
+h4,
+.h4,
+h3,
+.h3,
+h2,
+.h2,
+h1,
+.h1 {
+  margin-top: 0;
+  font-weight: 500;
+  line-height: 1.2;
+}
+
+h1,
+.h1 {
+  font-size: calc(1.375rem + 1.5vw);
+}
+
+@media (min-width: 1200px) {
+
+  h1,
+  .h1 {
+    font-size: 2.5rem;
+  }
+}
+
+h2,
+.h2 {
+  font-size: calc(1.325rem + 0.9vw);
+}
+
+@media (min-width: 1200px) {
+
+  h2,
+  .h2 {
+    font-size: 2rem;
+  }
+}
+
+h3,
+.h3 {
+  font-size: calc(1.3rem + 0.6vw);
+}
+
+@media (min-width: 1200px) {
+
+  h3,
+  .h3 {
+    font-size: 1.75rem;
+  }
+}
+
+h4,
+.h4 {
+  font-size: calc(1.275rem + 0.3vw);
+}
+
+@media (min-width: 1200px) {
+
+  h4,
+  .h4 {
+    font-size: 1.5rem;
+  }
+}
+
+h5,
+.h5 {
+  font-size: 1.25rem;
+}
+
+h6,
+.h6 {
+  font-size: 1rem;
+}
+
+small,
+.small {
+  font-size: 0.875rem !important;
+}
+
+.text-primary {
+  color: var(--nevis-primary) !important;
+}
+
+.text-secondary {
+  color: var(--nevis-secondary) !important;
+}
+
+.text-success {
+  color: var(--nevis-success) !important;
+}
+
+.text-info {
+  color: var(--nevis-info) !important;
+}
+
+.text-warning {
+  color: var(--nevis-warning) !important;
+}
+
+.text-danger {
+  color: var(--nevis-danger) !important;
+}
+
+.text-light {
+  color: var(--nevis-light) !important;
+}
+
+.text-dark {
+  color: var(--nevis-dark) !important;
+}
+
+.text-white {
+  color: var(--nevis-white) !important;
+}
+
+.bg-primary {
+  background-color: var(--nevis-primary) !important;
+}
+
+.bg-secondary {
+  background-color: var(--nevis-secondary) !important;
+}
+
+.bg-success {
+  background-color: var(--nevis-success) !important;
+}
+
+.bg-info {
+  background-color: var(--nevis-info) !important;
+}
+
+.bg-warning {
+  background-color: var(--nevis-warning) !important;
+}
+
+.bg-danger {
+  background-color: var(--nevis-danger) !important;
+}
+
+.bg-light {
+  background-color: var(--nevis-light) !important;
+}
+
+.bg-dark {
+  background-color: var(--nevis-dark) !important;
+}
+
+.bg-body {
+  background-color: var(--nevis-white) !important;
+}
+
+.bg-white {
+  background-color: var(--nevis-white) !important;
+}
+
+.link-primary {
+  color: var(--nevis-primary);
+}
+
+.link-primary:hover,
+.link-primary:focus {
+  color: var(--nevis-primary);
+  filter: brightness(80%);
+}
+
+.link-secondary {
+  color: var(--nevis-secondary);
+}
+
+.link-secondary:hover,
+.link-secondary:focus {
+  color: var(--nevis-secondary);
+  filter: brightness(80%);
+}
+
+.link-success {
+  color: var(--nevis-success);
+}
+
+.link-success:hover,
+.link-success:focus {
+  color: var(--nevis-success);
+  filter: brightness(80%);
+}
+
+.link-info {
+  color: var(--nevis-info);
+}
+
+.link-info:hover,
+.link-info:focus {
+  color: var(--nevis-info);
+  filter: brightness(80%);
+}
+
+.link-warning {
+  color: var(--nevis-warning);
+}
+
+.link-warning:hover,
+.link-warning:focus {
+  color: var(--nevis-warning);
+  filter: brightness(80%);
+}
+
+.link-danger {
+  color: var(--nevis-danger);
+}
+
+.link-danger:hover,
+.link-danger:focus {
+  color: var(--nevis-danger);
+  filter: brightness(80%);
+}
+
+.link-light {
+  color: var(--nevis-light);
+}
+
+.link-light:hover,
+.link-light:focus {
+  color: var(--nevis-light);
+  filter: brightness(80%);
+}
+
+.link-dark {
+  color: var(--nevis-dark);
+}
+
+.link-dark:hover,
+.link-dark:focus {
+  color: var(--nevis-dark);
+  filter: brightness(80%);
+}
+
+.border-primary {
+  border-color: var(--nevis-primary) !important;
+}
+
+.border-secondary {
+  border-color: var(--nevis-secondary) !important;
+}
+
+.border-success {
+  border-color: var(--nevis-success) !important;
+}
+
+.border-info {
+  border-color: var(--nevis-info) !important;
+}
+
+.border-warning {
+  border-color: var(--nevis-warning) !important;
+}
+
+.border-danger {
+  border-color: var(--nevis-danger) !important;
+  border-width: 0.125rem;
+}
+
+.border-light {
+  border-color: var(--nevis-light) !important;
+}
+
+.border-dark {
+  border-color: var(--nevis-dark) !important;
+}
+
+.border-white {
+  border-color: var(--nevis-white) !important;
+}
+
+
+/* EXTENSION PART */
+
+/* Spacing */
+.mt-20 {
+  margin-top: 1.25rem;
+}
+
+.me-5px {
+  margin-right: 0.3125rem;
+}
+
+.my-40 {
+  margin: 2.5rem 0;
+}
+
+.mb-40 {
+  margin-bottom: 2.5rem;
+}
+
+/* Colors */
+
+.text-nevis-blue {
+  color: var(--nevis-blue-600) !important;
+}
+
+.bg-nevis-blue {
+  background-color: var(--nevis-blue-600) !important;
+}
+
+.border-nevis-blue {
+  border-color: var(--nevis-blue-600) !important;
+}
+
+.link-nevis-blue {
+  color: var(--nevis-blue-600);
+}
+
+.link-nevis-blue:hover,
+.link-nevis-blue:focus {
+  color: var(--nevis-blue-600);
+  filter: brightness(80%);
+}
+
+.btn-language-selector {
+  display: inline-flex;
+  justify-content: center;
+  align-items: center;
+  flex-shrink: 0;
+  padding: 0;
+  min-width: 0;
+  box-sizing: border-box;
+  box-shadow: none;
+  font-size: 0.875rem !important;
+  line-height: 1.25rem;
+  font-weight: normal;
+  outline: none;
+  border: none;
+  vertical-align: baseline;
+  text-align: center;
+  background-color: initial;
+  color: var(--nevis-gray-900);
+}
+
+.btn-language-selector:hover {
+  background: initial;
+}
+
+.btn-language-selector:active {
+  background: initial;
+}
+
+.btn-language-selector:focus {
+  box-shadow: none;
+}
+
+.btn-language-selector+.dropdown-menu {
+  min-width: 0;
+  width: 10rem;
+  padding: 0.25rem 0;
+  /* centering the dropdown */
+  margin-left: -0.5rem !important;
+  margin-top: 0.5rem !important;
+  overflow: hidden;
+  box-shadow: 0rem 0rem 0rem 0.0625rem var(--nevis-gray-200),
+    0rem 0.1875rem 1.25rem -0.625rem var(--nevis-gray-900);
+  border-radius: var(--nevis-border-radius);
+  border: 0;
+}
+
+.btn-language-selector+.dropdown-menu>li {
+  overflow: hidden;
+}
+
+.btn-language-selector+.dropdown-menu .dropdown-item {
+  font-style: normal;
+  font-weight: normal;
+  font-size: 0.875rem;
+  line-height: 1.25rem;
+  padding: 0.5rem 1rem;
+  color: var(--nevis-gray-900);
+}
+
+.btn-language-selector+.dropdown-menu .dropdown-item:hover {
+  background: var(--nevis-blue-100);
+}
+
+.btn-language-selector+.dropdown-menu .dropdown-item:focus {
+  background: none;
+}
+
+.btn-language-selector+.dropdown-menu .dropdown-item:active,
+.btn-language-selector+.dropdown-menu .dropdown-item.active {
+  background: var(--nevis-blue-100);
+  filter: brightness(90%);
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/OP-ONBRDNG-AuthenticationRealm/webdata/resources/default.css

@@ -1,222 +0,0 @@
-/********************************************************
- * Layout
- ********************************************************/
-
-html { /* magic to position footer */
-	position: relative;
-	min-height: 100%;
-}
-
-body {
-	margin-bottom: 76px; /* == footer height */
-}
-
-.container, .container-fluid {
- 	padding-left: 36px;
-	padding-right: 36px;
-}
-
-nav {
-	min-height: 100px;
-	padding: 36px;
-}
-
-header {
-	margin-bottom: 16px; /* h1.logintitle adds 20px => 36px */
-}
-
-.container {
- 	min-width: 260px;
- 	max-width: 700px;
-}
-
-h1 {
-	margin-bottom: 50px;
-}
-
-footer {
-	width: 100%;
-	position: absolute;
-	bottom: 0;
-	padding: 0 36px;
-}
-
-img {
-	width: 100%;
-}
-
-/********************************************************
- * Header
- ********************************************************/
-
-header .logo {
-	/* width: 20%;*/
-	/*max-width: 600px;*/
-	max-height: 150px;
-	width: auto;
-}
-
-/********************************************************
- * Dropdown
- ********************************************************/
-a.dropdown-toggle {
-	text-decoration: none;
-}
-
-a.dropdown-toggle:hover {
-	color: #168CA9;
-	border-bottom: 3px solid #168CA9;
-}
-
-.dropdown-menu {
-	padding: 5px 0;
-}
-
-.dropdown-menu li > a {
-	padding: 6px 28px;
-}
-
-.dropdown-menu a > .prefix {
-	display: inline-block;
-	min-width: 22px;
-	margin-right: 28px;
-	text-align: right;
-}
-
-/********************************************************
- * Form
- ********************************************************/
-
-/* Labels should not be bold */
-label {
-	font-weight: normal;
-}
-
-/* Make error messages bold */
-.has-error .help-block {
-	font-weight: bold;
-}
-
-/* Change button size, by default 116px in width */
-.btn {
-	min-width: 116px;
-	padding: 3px 12px;
-}
-
-/* Disable gradient in buttons, ughhhh */
-.btn.btn-primary {
-	border-color: transparent;
-	background-image: none;
-	text-shadow: none;
-	box-shadow: none;
-	-webkit-box-shadow: none;
-}
-
-.help-block a, .help-block a:visited {
-	color: #168CA9;
-  font-weight: bold;
-  text-decoration: none;
-}
-
-.help-block a:hover {
-	color: #168CA9;
-  text-decoration: underline;
-}
-
-/********************************************************
- * Footer
- ********************************************************/
-footer .row {
-	margin: 36px 0 0 0;
-	height: 40px;
-	padding-top: 14px;
-	line-height: 26px; /* to center text: height - padding-top = 26px */
-	border-top: 1px solid #168CA9;
-}
-
-footer .row > div { /* Fix alignment between border + text on Bootstrap grid */
-	padding: 0;
-}
-
-footer .logo-round-container {
-	position: relative;
-}
-
-footer .logo-round {
-	position: absolute;
-	left: 0;
-	right: 0;
-	top: -33px; /* found visually with Chrome Dev Tools */
-	height: 36px;
-	width: 36px;
-	border: 1px solid #00868c;
-	border-radius: 18px;
-	background: #fff;
-	padding: 8px;
-}
-
-footer .logo-round > img {
-	display: block;
-}
-
-#dispatchTargets {
-	margin-top: 20px;
-}
-
-/********************************************************
- * Social login
- ********************************************************/
-.btn.line {
-    background-color: transparent;
-    display: block;
-    width: 100%;
-    padding: 0;
-    margin: 1.5em 0 1em;
-    border: 0.5px solid #ccc;
-    pointer-events: none;
-}
-
-.btn.socialLogin {
-    background-color: #fff;
-    border: thin solid #ccc;
-    color: #000;
-    font-weight: 600;
-    position: relative;
-    margin: 5px;
-    min-width: 140px;
-    width: 210px;
-    border-radius: 8px;
-    padding: 8px 12px;
-    text-align: left;
-}
-
-.socialLogin img {
-    width: 1.5em;
-    height: 108%;
-    margin-right: 0.5em;
-}
-
-.btn.apple img {
-    width: 1.2em;
-}
-
-/********************************************************
- * Show password
- ********************************************************/
-.icon-inside {
-  position: relative;
-}
-
-.icon-inside input {
-  padding-right: calc(0.75rem + 1.25rem + 0.75rem);
-}
-
-.icon-inside button {
-  position: absolute;
-  right: 0;
-  top: 0;
-  margin-top: 0.45rem;
-  margin-right: 0.45rem;
-  background: #FFFFFF;
-  border: #FFFFFF;
-}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/OP-ONBRDNG-AuthenticationRealm/webdata/resources/display-recovery-codes.js

@@ -0,0 +1,23 @@
+function displayRecoveryCodes() {
+  const recoverCodes = document.getElementById("recovery-codes-raw");
+  // early return if recoverCodes not found
+  if (!recoverCodes) {
+    return;
+  }
+
+  var recoveryCodesContent = recoverCodes.innerHTML;
+  recoveryCodesContent = recoveryCodesContent.replace("[", "");
+  recoveryCodesContent = recoveryCodesContent.replace("]", "");
+  recoveryCodesContent = recoveryCodesContent.split(",");
+  for (let i = 0; i < recoveryCodesContent.length; i++) {
+    if (i % 2 == 0) {
+      document.getElementById("recovery-codes").innerHTML += "<div class=\"recovery-code-gray printable\">" + recoveryCodesContent[i] + "</div>";
+    }
+    else {
+      document.getElementById("recovery-codes").innerHTML += "<div class=\"recovery-code-white printable\">" + recoveryCodesContent[i] + "</div>";
+    }
+  }
+  recoverCodes.remove();
+}
+
+displayRecoveryCodes();

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/OP-ONBRDNG-AuthenticationRealm/webdata/resources/download-recovery-codes.js

@@ -0,0 +1,26 @@
+function downloadRecoveryCodes(contentContainerId) {
+  const textToDownload = document.getElementById(contentContainerId).innerText;
+  // It is necessary to create a new blob object with mime-type explicitly set
+  // otherwise only Chrome works like it should
+  const newBlob = new Blob([textToDownload], { type: "text/plain" });
+
+  // IE doesn't allow using a blob object directly as link href
+  // instead it is necessary to use msSaveOrOpenBlob
+  if (window.navigator && window.navigator.msSaveOrOpenBlob) {
+    window.navigator.msSaveOrOpenBlob(newBlob, "recovery-codes.txt");
+    return;
+  }
+
+  // For other browsers:
+  // Create a link pointing to the ObjectURL containing the blob.
+  const data = window.URL.createObjectURL(newBlob);
+  const link = document.createElement("a");
+  link.href = data;
+  link.download = "recovery-codes.txt";
+  link.click();
+  setTimeout(() => {
+    // For Firefox it is necessary to delay revoking the ObjectURL
+    window.URL.revokeObjectURL(data);
+  }, 400);
+  link.remove();
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/OP-ONBRDNG-AuthenticationRealm/webdata/resources/dropdown.js

@@ -1,36 +0,0 @@
-(function() {
-  var closeDropdownTimeout;
-
-  function closeDropdown(event) {
-    var dropdowns = document.querySelectorAll('.dropdown');
-    for (var i = 0; i < dropdowns.length; i++) {
-      var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu');
-      if (dropdownMenu.style.display !== 'none' && !dropdowns[i].contains(event.target)) {
-        dropdownMenu.style.display = 'none';
-      }
-    }
-
-    // remove event listener till we have a new dropdown menu open
-    if (document.querySelector('.dropdown-menu:not([style*="display: none"])') === null) {
-      document.removeEventListener('click', closeDropdown);
-    }
-  }
-
-  var dropdowns = document.querySelectorAll('.dropdown');
-  for (var i = 0; i < dropdowns.length; i++) {
-    var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu');
-    dropdownMenu.style.display = 'none'; // ensure menu is initially hidden
-
-    dropdowns[i].addEventListener('click', function(e) {
-      // show dropdown menu
-      var dropdownMenu = this.querySelector('.dropdown-menu');
-      dropdownMenu.style.display = 'block';
-
-      // handle clicking away
-      clearTimeout(closeDropdownTimeout);
-      closeDropdownTimeout = setTimeout(function() {
-        document.addEventListener('click', closeDropdown);
-      }, 10);
-    });
-  }
-}());

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/OP-ONBRDNG-AuthenticationRealm/webdata/resources/e2eenc.js

@@ -1,98 +0,0 @@
-var e2eenc = function() {
-
-	this.encryptForm = function(algoString, formId) {
-		// TODO: in case of an error we should return false, to prevent the for to be submitted
-		//       or replace the fields with dummy values, just to prevent the the transmission
-		//       of unencrypted values
-		
-
-		// create the array of input fields to encrypt (needs to be done before setting the form
-		// invisible
-		var fieldsToEncrypt = new Array();
-		$.each($("form input:visible"), function(index, _inputField) { fieldsToEncrypt.push($(_inputField));});
-
-		// hide the form, and display the splash screen
-		$('#loginform').css('display','none');
-		$('#e2eeSplashScreen').css('display','block');
-
-		// encryption logic
-		var pubKey = $("input[name='e2eenc.publicKey']").val();
-
-		var kemSessionKey = readPublicKeyAndGenerateSessionKey(pubKey)
-		var iv = forge.random.getBytesSync(16);
-		keyB64 = forge.util.encode64(kemSessionKey.key);
-		encapsulationB64 = forge.util.encode64(kemSessionKey.encapsulation);
-		ivB64 = forge.util.encode64(iv);
-
-		//console.log("Encrypting form " + formId + " (" + algoString + ")");
-		var fields = "";
-		$.each(fieldsToEncrypt, function(index, _inputField) {
-			var inputField = $(_inputField);
-			if (inputField.attr("type") == "text" || inputField.attr("type") == "password") {
-				//console.log("Encrypting field " + JSON.stringify(inputField));
-				var plainValue = inputField.val();
-
-				var encryptedValueB64 = encrypt(kemSessionKey, iv, plainValue);
-				//console.log("Setting encrypted value in b64: " + encryptedValueB64);
-				inputField.val(encryptedValueB64);
-				if (fields.length > 0) {
-					fields = fields + ","
-				}
-				fields = fields + inputField.attr("name");
-			}
-		});
-		$("input[name='e2eenc.iv']").val(ivB64);
-		$("input[name='e2eenc.encapsulation']").val(encapsulationB64);
-		$("input[name='e2eenc.fields']").val(fields);
-	}
-
-	function getRSApublicKey(pem) {
-	    //console.log("PEM: " + pem);
-
-	    var msg = forge.pem.decode(pem)[0];
-
-	    //console.log("msg type: " + msg.type);
-
-	    if(msg.procType && msg.procType.type === 'ENCRYPTED') {
-		throw new Error('Could not retrieve RSA public key from PEM; PEM is encrypted.');
-	    }
-
-	    // convert DER to ASN.1 object
-	    var asn1obj = forge.asn1.fromDer(msg.body);
-	    //console.log("ASN.1 obj: " + JSON.stringify(asn1obj))
-
-	    var pubKey = forge.pki.publicKeyFromAsn1(asn1obj)
-	    //console.log("PubKey: " + JSON.stringify(pubKey))
-	    return pubKey;
-	}
-
-	function generateKEMSessionKey(rsaPublicKey) {
-	    // generate key-derivation-function and initializes it with sha1
-	    var kdf1 = new forge.kem.kdf1(forge.md.sha1.create());
-	    // creates a KEM function based on the key-derivation-function created above
-	    var kem = forge.kem.rsa.create(kdf1);
-	    // generate and encapsulate a 16-byte secret key. 
-	    // The secret key is generated using the kdf defined above.
-	    var kemSessionKey = kem.encrypt(rsaPublicKey, 16);
-	    // kemSessionKey has 'encapsulation' (= pub key) and 'key' (= generated secret key)
-	    return kemSessionKey;
-	}
-
-	function readPublicKeyAndGenerateSessionKey(pem) {
-	    var rsaPublicKey = getRSApublicKey(pem);
-	    //console.log("PubKey: " + JSON.stringify(rsaPublicKey))
-	    var kemSessionKey = generateKEMSessionKey(rsaPublicKey);
-	    //console.log("KEM session key: " + JSON.stringify(kemSessionKey))
-	    return kemSessionKey;
-	}
-
-	function encrypt(kemSessionKey, iv, msg) {
-		var cipher = forge.cipher.createCipher('AES-CBC', kemSessionKey.key);
-		cipher.start({iv: iv});
-		cipher.update(forge.util.createBuffer(msg, 'utf-8'));
-		cipher.finish();
-		var encrypted = cipher.output.getBytes();
-		encryptedB64 = forge.util.encode64(encrypted);
-		return encryptedB64;
-	}
-};

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/OP-ONBRDNG-AuthenticationRealm/webdata/resources/exclamation.svg

@@ -0,0 +1,3 @@
+<svg width="10" height="9" viewBox="0 0 10 9" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M3.95423 0.859245C4.413 0.0436633 5.58725 0.0436629 6.04602 0.859245L9.3942 6.81157C9.84416 7.61149 9.2661 8.59988 8.34831 8.59988H1.65194C0.734151 8.59988 0.156094 7.61149 0.606052 6.81157L3.95423 0.859245ZM5.60007 6.79995C5.60007 7.13132 5.33144 7.39995 5.00007 7.39995C4.6687 7.39995 4.40007 7.13132 4.40007 6.79995C4.40007 6.46858 4.6687 6.19995 5.00007 6.19995C5.33144 6.19995 5.60007 6.46858 5.60007 6.79995ZM5.00007 1.99995C4.6687 1.99995 4.40007 2.26858 4.40007 2.59995V4.39995C4.40007 4.73132 4.6687 4.99995 5.00007 4.99995C5.33144 4.99995 5.60007 4.73132 5.60007 4.39995V2.59995C5.60007 2.26858 5.33144 1.99995 5.00007 1.99995Z" fill="#F25562"/>
+</svg>