new configuration version

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/etc/nevis/k8s-auth-default-tls-client-trust-ac27dd7daad0ca2b7229bfaf.yaml

@@ -14,7 +14,7 @@ spec:
     namespace: "adn-agov-nevisidm-admin-01-uat"
   - name: "proxy-sp-op-onbrdng-authenticationrealm-identity"
     namespace: "adn-agov-nevisidm-admin-01-uat"
-  - name: "proxy-idm-saml-sp-nevisidm-admin-realm-identity"
-    namespace: "adn-agov-nevisidm-admin-01-uat"
   - name: "proxy-sp-ident-authenticationrealm-identity"
     namespace: "adn-agov-nevisidm-admin-01-uat"
+  - name: "proxy-idm-saml-sp-nevisidm-admin-realm-identity"
+    namespace: "adn-agov-nevisidm-admin-01-uat"

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/etc/nevis/k8s-nevisauth-ac27dd7daad0ca2b7229bfaf.yaml

@@ -11,8 +11,8 @@ metadata:
 spec:
   type: "NevisAuth"
   replicas: 1
-  version: "8.2411.3"
-  gitInitVersion: "1.3.0"
+  version: "8.2505.5"
+  gitInitVersion: "1.4.0"
   runAsNonRoot: true
   ports:
     management: 9000
@@ -39,13 +39,14 @@ spec:
     management:
       httpGet:
         path: "/nevisauth/liveness"
+      initialDelaySeconds: 50
       periodSeconds: 5
       timeoutSeconds: 6
-      failureThreshold: 50
+      failureThreshold: 30
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-d06bd972269492f0db33bc07396b5fe3c91cdaaf"
+    tag: "r-7e9f2304b72a07725abab4c27833af5cdd73ab53"
     dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/IdentProcessAndDispatch.groovy

@@ -1,78 +1,79 @@
-import groovy.json.JsonSlurper
-
-def cleanSession(boolean rpcodeToo) {
-  def s = request.getAuthSession(true)
-
-  if (rpcodeToo) {
-	s.removeAttribute('agov.ident.rpcode.backup')
-	s.removeAttribute('agov.ident.rpcode')
-	s.removeAttribute('agov.ident.entityId')
-  }
-  def sessionKeySet = new HashSet(session.keySet())
-  sessionKeySet.each { key ->
-    if ( key ==~ /ch.nevis.auth.saml..*/ ) {
-	  LOG.debug("Deleted session attribute '${key}'")
-	  s.removeAttribute(key)
-	}
-  }
-}
-
-// for auditing
-def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
-def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
-def referer = request.getLoginContext()['connection.HttpHeader.referer'] ?: request.getLoginContext()['connection.HttpHeader' +
-		'.Referer'] ?: '-'
-def origin = request.getLoginContext()['connection.HttpHeader.origin'] ?: request.getLoginContext()['connection.HttpHeader' +
-		'.Origin'] ?: '-'
-
-// 0) clean up, if we have a SAML Response in session
-if (session['ch.nevis.auth.saml.response.id']) {
-  // keep rpcode in session, if retrying after SAML error
-  def keepRpcode = session['ch.nevis.auth.saml.response.statusCode'] == 'urn:oasis:names:tc:SAML:2.0:status:Responder'
-  cleanSession(!keepRpcode)
-}
-
-// 1) we need to know the code of the RP
-def rpcode = inargs['rpcode'] ?: inargs['RelayState'] ?: session['agov.ident.rpcode']
-def rpcodeBackup = session['agov.ident.rpcode']
-def rpentity = '-'
-
-if (rpcode)
-{
-  if (rpcodeBackup) {
-    response.setSessionAttribute('agov.ident.rpcode.backup', rpcodeBackup)
-  }
-  response.setSessionAttribute('agov.ident.rpcode', rpcode)
-} else {
-  cleanSession(true)
-  LOG.info("Event='IDENT-INVALIDREQ', rpcode='missing', SourceIp=${sourceIp}, UserAgent='${userAgent}', Referer='${referer}', Origin='${origin}'")
-  response.setResult('inavlidurl')
-  return
-}
-
-// 2) load rp settings in session (if needed)
-if (rpcode != rpcodeBackup) {
-  def slurper = new JsonSlurper()
-  def rpMap = slurper.parseText(parameters['rpcode.list'])
-  LOG.debug(">>> rpMaP: ${rpMap}")
-  if (!rpMap[rpcode]) {
-	  cleanSession(true)
-	  LOG.info("Event='IDENT-INVALIDREQ', rpcode='${rpcode}', SourceIp=${sourceIp}, UserAgent='${userAgent}', Referer='${referer}', Origin='${origin}'")
-	  response.setResult('inavlidurl')
-	  return
-  }
-  rpentity=rpMap[rpcode]
-  response.setSessionAttribute('agov.ident.entityId', rpMap[rpcode])
-}
-
-// 3) if we have a response ...
-if (inargs['SAMLResponse']) {
-    response.setResult('processResponse')
-    return
-}
-
-// 4) otherwise
-LOG.info("Event='IDENT-INITREQ', rpcode='${rpcode}', rpentity='${rpentity}', SourceIp=${sourceIp}, UserAgent='${userAgent}', Referer='${referer}', " +
-		"Origin='${origin}'")
-response.setResult('sendAuthnRequest')
-return
+import groovy.json.JsonSlurper
+
+def cleanSession(boolean rpcodeToo) {
+  def s = request.getAuthSession(true)
+
+  if (rpcodeToo) {
+	s.removeAttribute('agov.ident.rpcode.backup')
+	s.removeAttribute('agov.ident.rpcode')
+	s.removeAttribute('agov.ident.entityId')
+  }
+  def sessionKeySet = new HashSet(session.keySet())
+  sessionKeySet.each { key ->
+    if ( key ==~ /ch.nevis.auth.saml..*/ ) {
+	  LOG.debug("Deleted session attribute '${key}'")
+	  s.removeAttribute(key)
+	}
+  }
+}
+
+// for auditing
+def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+def referer = request.getLoginContext()['connection.HttpHeader.referer'] ?: request.getLoginContext()['connection.HttpHeader' +
+		'.Referer'] ?: '-'
+def origin = request.getLoginContext()['connection.HttpHeader.origin'] ?: request.getLoginContext()['connection.HttpHeader' +
+		'.Origin'] ?: '-'
+
+// 0) clean up, if we have a SAML Response in session
+if (session['ch.nevis.auth.saml.response.id']) {
+  // keep rpcode in session, if retrying after SAML error
+  def keepRpcode = session['ch.nevis.auth.saml.response.statusCode'] == 'urn:oasis:names:tc:SAML:2.0:status:Responder'
+  cleanSession(!keepRpcode)
+}
+
+// 1) we need to know the code of the RP
+def rpcode = inargs['rpcode'] ?: inargs['RelayState'] ?: session['agov.ident.rpcode']
+def rpcodeBackup = session['agov.ident.rpcode']
+def rpentity = '-'
+
+if (rpcode)
+{
+  if (rpcodeBackup) {
+    response.setSessionAttribute('agov.ident.rpcode.backup', rpcodeBackup)
+  }
+  response.setSessionAttribute('agov.ident.rpcode', rpcode)
+} else {
+  cleanSession(true)
+  LOG.info("Event='IDENT-INVALIDREQ', rpcode='missing', SourceIp=${sourceIp}, UserAgent='${userAgent}', Referer='${referer}', Origin='${origin}'")
+  response.setResult('inavlidurl')
+  return
+}
+
+// 2) load rp settings in session (if needed)
+if (rpcode != rpcodeBackup) {
+  def slurper = new JsonSlurper()
+  def rpMap = slurper.parseText(parameters['rpcode.list'])
+  LOG.debug(">>> rpMaP: ${rpMap}")
+  if (!rpMap[rpcode]) {
+	  cleanSession(true)
+	  LOG.info("Event='IDENT-INVALIDREQ', rpcode='${rpcode}', SourceIp=${sourceIp}, UserAgent='${userAgent}', Referer='${referer}', Origin='${origin}'")
+	  response.setResult('inavlidurl')
+	  return
+  }
+  rpentity=rpMap[rpcode]
+  response.setSessionAttribute('agov.ident.entityId', rpMap[rpcode])
+}
+
+// 3) if we have a response ...
+if (inargs['SAMLResponse']) {
+    response.setResult('processResponse')
+    return
+}
+
+// 4) otherwise
+LOG.info("Event='IDENT-INITREQ', rpcode='${rpcode}', rpentity='${rpentity}', SourceIp=${sourceIp}, UserAgent='${userAgent}', Referer='${referer}', " +
+		"Origin='${origin}'")
+response.setResult('sendAuthnRequest')
+return
+

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/LitDict.properties

@@ -14,6 +14,7 @@ cancel.button.label=Cancel
 continue.button.label=Continue
 darkModeSwitch.aria.label=Dark mode toggle
 deputy.profile.label=(Deputy Profile)
+error.account.exists=Account already exists. Continue to log in.
 error.saml.failed=Please close your browser and try again.
 error_1=Please check your input.
 error_10=Please select the correct user account.
@@ -285,6 +286,8 @@ recovery_start_info.banner.warning=You will not be able to use your account unti
 recovery_start_info.instruction=During the recovery process you will register a new login factor. If  your account contains any verified information you might also have to go through a verification process to finish the recovery.
 recovery_start_info.title=You are about to start the recovery process
 reject.button.label=Deny
+signup.button.label=Signup
+skip.button.label=Skip
 submit.button.label=Submit
 tan.sent=Please enter the security code which has been sent to your mobile phone.
 title.login=Login
@@ -293,6 +296,7 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Client Authorization
 title.saml.failed=Error
+title.signup=Create account
 title.timeout.page=Logout
 user_input.invalid.email=Please enter a valid email address
 user_input.invalid.email.required=Field required

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/LitDict_de.properties

@@ -14,6 +14,7 @@ cancel.button.label=Abbrechen
 continue.button.label=Weiter
 darkModeSwitch.aria.label=Dark-Mode-Schalter
 deputy.profile.label=(Profil Stellvertreter)
+error.account.exists=Konto existiert bereits. Melden Sie sich an.
 error.saml.failed=Bitte schliessen Sie Ihren Browser und versuchen Sie es erneut.
 error_1=Bitte überprüfen Sie Ihre Eingaben.
 error_10=Bitte wählen Sie das richtige Benutzerkonto aus.
@@ -285,6 +286,8 @@ recovery_start_info.banner.warning=Sie können Ihr Konto nicht nutzen, bis d
 recovery_start_info.instruction=Während des Wiederherstellungsprozesses werden Sie einen neuen Login-Faktor registrieren. Wenn Ihr Konto verifizierte Informationen enthält, müssen Sie zum Abschluss des Wiederherstellungsprozesses möglicherweise auch einen Verifikationsprozess durchlaufen.
 recovery_start_info.title=Sie sind dabei, den Wiederherstellungsprozess zu starten
 reject.button.label=Ablehnen
+signup.button.label=Registrieren
+skip.button.label=Überspringen
 submit.button.label=Senden
 tan.sent=Bitte erfassen Sie den Sicherheitscode, welcher an Ihr Mobiltelefon gesendet wurde.
 title.login=Login
@@ -293,6 +296,7 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Client Authorisierung
 title.saml.failed=Error
+title.signup=Konto erstellen
 title.timeout.page=Logout
 user_input.invalid.email=Bitte geben Sie eine gültige E-Mail ein
 user_input.invalid.email.required=Erforderliches Feld

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/LitDict_en.properties

@@ -14,6 +14,7 @@ cancel.button.label=Cancel
 continue.button.label=Continue
 darkModeSwitch.aria.label=Dark mode toggle
 deputy.profile.label=(Deputy Profile)
+error.account.exists=Account already exists. Continue to log in.
 error.saml.failed=Please close your browser and try again.
 error_1=Please check your input.
 error_10=Please select the correct user account.
@@ -285,6 +286,8 @@ recovery_start_info.banner.warning=You will not be able to use your account unti
 recovery_start_info.instruction=During the recovery process you will register a new login factor. If  your account contains any verified information you might also have to go through a verification process to finish the recovery.
 recovery_start_info.title=You are about to start the recovery process
 reject.button.label=Deny
+signup.button.label=Signup
+skip.button.label=Skip
 submit.button.label=Submit
 tan.sent=Please enter the security code which has been sent to your mobile phone.
 title.login=Login
@@ -293,6 +296,7 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Client Authorization
 title.saml.failed=Error
+title.signup=Create account
 title.timeout.page=Logout
 user_input.invalid.email=Please enter a valid email address
 user_input.invalid.email.required=Field required

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/LitDict_fr.properties

@@ -14,6 +14,7 @@ cancel.button.label=Abandonner
 continue.button.label=Continuer
 darkModeSwitch.aria.label=Activer l'apparence sombre
 deputy.profile.label=(Profil du suppléant)
+error.account.exists=Le compte existe déjà. Continuez à vous connecter.
 error.saml.failed=Fermez votre navigateur et r;eacute;essayez.
 error_1=Veuillez vérifier votre saisie.
 error_10=Veuillez sélectionner le compte d’utilisateur correct.
@@ -285,6 +286,8 @@ recovery_start_info.banner.warning=Vous ne pourrez pas utiliser votre compte tan
 recovery_start_info.instruction=Le processus de récupération nécessitera l’enregistrement d’un nouveau facteur d’authentification. Si votre compte contient des informations ayant déjà été vérifiées, il se peut que vous deviez les faire vérifier à nouveau pour terminer la récupération.
 recovery_start_info.title=Vous êtes sur le point de démarrer le processus de récupération.
 reject.button.label=Refuser
+signup.button.label=Inscription
+skip.button.label=Passer
 submit.button.label=Envoyer
 tan.sent=Veuillez saisir le code de sécurité que vous avez reçu au votre téléphone mobile.
 title.login=Login
@@ -293,6 +296,7 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Autorisation du client
 title.saml.failed=Error
+title.signup=Créer un compte
 title.timeout.page=Logout
 user_input.invalid.email=Veuillez saisir un e-mail valable.
 user_input.invalid.email.required=Champ requis

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/LitDict_it.properties

@@ -1,5 +1,5 @@
 
-accept.button.label=Accettare
+accept.button.label=Accetta
 agov-ident.done.message=Il vostro conto AGOV è ora pronto per l'uso. Può chiudere questa pagina.
 agov-ident.done.title=Finito
 agov-ident.failed.instruction=Per completare la registrazione è necessario disporre di un account AGOV e superare la verifica dei dati suggerita. Riprova.
@@ -10,10 +10,11 @@ agov-ident.invalid-url.message=Il link non può essere elaborato
 agov-ident.invalid-url.title=Link non valido
 agov-ident.onboarding=Registrazione e verifica
 agov-ident.retry=Riprova
-cancel.button.label=Abortire
+cancel.button.label=Annulla
 continue.button.label=Continua
 darkModeSwitch.aria.label=Attivare la modalità scura
 deputy.profile.label=(profilo del delegato)
+error.account.exists=L'account esiste gi<67>. Prosegui col login.
 error.saml.failed=Chiudi il browser e riprova.
 error_1=Verificare i dati inseriti.
 error_10=Scegliere l&rsquo;account utente corretto.
@@ -284,7 +285,9 @@ recovery_questionnaire_reason_selection.instruction=Selezioni il motivo per cui
 recovery_start_info.banner.warning=Non &egrave; possibile utilizzare l&rsquo;account finch&eacute; il processo di ripristino non sar&agrave; concluso.
 recovery_start_info.instruction=Durante il processo di ripristino registrer&agrave; un nuovo fattore di login. Se il suo account contiene informazioni verificate, potrebbe dover effettuare anche un processo di verificazione per completare il ripristino.
 recovery_start_info.title=Sta per iniziare il processo di ripristino
-reject.button.label=Rifiuti
+reject.button.label=Rifiuta
+signup.button.label=Iscriviti
+skip.button.label=Salta
 submit.button.label=Continua
 tan.sent=Inserisci il codice di sicurezza che &egrave; stato inviato al tuo telefono cellulare.
 title.login=Login
@@ -293,6 +296,7 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Autorizzazione del client
 title.saml.failed=Error
+title.signup=Crea un account
 title.timeout.page=Logout
 user_input.invalid.email=Inserire un'e-mail valida.
 user_input.invalid.email.required=Campo obbligatorio

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/OpOnbrdng-PreProcessing.groovy

@@ -131,4 +131,4 @@ if (response.getNote('lasterror') != null) {
   cleanSession()
 }
 
-response.setStatus(AuthResponse.AUTH_CONTINUE)
+response.setStatus(AuthResponse.AUTH_CONTINUE)

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/env.conf

@@ -13,8 +13,9 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2505.5,service.instance.id=$HOSTNAME"
     "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-default-tls-trust/truststore.p12"
     "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-default-tls-trust/keypass}"
 )
 
+

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml

@@ -45,6 +45,8 @@
                 <!-- source: pattern://271d024334021208b71ac80a -->
                 <field src="session" key="ch.adnovum.nevisidm.clientId" as="clientId"/>
                 <!-- source: pattern://271d024334021208b71ac80a -->
+                <field src="session" key="ch.nevis.session.domain" as="domain"/>
+                <!-- source: pattern://271d024334021208b71ac80a -->
                 <field src="request" key="ActualRoles" as="roles"/>
             </TokenSpec>
             <!-- source: pattern://271d024334021208b71ac80a -->
@@ -65,6 +67,8 @@
                 <!-- source: pattern://271d024334021208b71ac80a -->
                 <field src="session" key="ch.adnovum.nevisidm.clientId" as="clientId"/>
                 <!-- source: pattern://271d024334021208b71ac80a -->
+                <field src="session" key="ch.nevis.session.domain" as="domain"/>
+                <!-- source: pattern://271d024334021208b71ac80a -->
                 <field src="request" key="ActualRoles" as="roles"/>
             </TokenSpec>
             <!-- source: pattern://271d024334021208b71ac80a -->
@@ -1137,8 +1141,6 @@
             <!-- source: pattern://12c979b6af0f15f1328656a4 -->
             <ResultCond name="SOAP:showGui" next="SAML_SP_nevisidm_admin_Realm_Log_Login_User"/>
             <!-- source: pattern://12c979b6af0f15f1328656a4 -->
-            <ResultCond name="default" next="SAML_SP_nevisidm_admin_Realm_Log_Login_User"/>
-            <!-- source: pattern://12c979b6af0f15f1328656a4 -->
             <ResultCond name="ok" next="SAML_SP_nevisidm_admin_Realm_Log_Login_User" startOver="true"/>
             <!-- source: pattern://12c979b6af0f15f1328656a4 -->
             <ResultCond name="showGui" next="SAML_SP_nevisidm_admin_Realm_admin_nevisIDM_Password_Login-IdmPostProcessing"/>
@@ -1157,6 +1159,12 @@
             <property name="detaillevel.default" value="EXCLUDE"/>
             <!-- source: pattern://12c979b6af0f15f1328656a4 -->
             <property name="detaillevel.user" value="MEDIUM"/>
+            <!-- source: pattern://12c979b6af0f15f1328656a4 -->
+            <property name="detaillevel.profile" value="MEDIUM"/>
+            <!-- source: pattern://12c979b6af0f15f1328656a4 -->
+            <property name="detaillevel.role" value="LOW"/>
+            <!-- source: pattern://12c979b6af0f15f1328656a4 -->
+            <property name="forceDataReload" value="true"/>
         </AuthState>
         <AuthState name="SAML_SP_nevisidm_admin_Realm_admin_nevisIDM_Password_Login-IdmPasswordChange" class="ch.nevis.idm.authstate.IdmChangePasswordState" final="false">
             <!-- source: pattern://12c979b6af0f15f1328656a4 -->
@@ -1234,7 +1242,7 @@
                     <!-- source: pattern://12c979b6af0f15f1328656a4 -->
                     <GuiElem name="isiwebnewpw2" type="pw-text" label="prompt.newpassword.confirm"/>
                     <!-- source: pattern://12c979b6af0f15f1328656a4 -->
-                    <GuiElem name="submit" type="submit" label="button.submit"/>
+                    <GuiElem name="submit" type="submit" label="submit.button.label"/>
                 </Gui>
             </Response>
             <propertyRef name="nevisIDM_Connector"/>
@@ -1342,4 +1350,6 @@
             <property name="generateNow" value="true"/>
         </AuthState>
     </AuthEngine>
+    <!-- source: pattern://ac27dd7daad0ca2b7229bfaf -->
+    <RESTService name="ManagementService" class="ch.nevis.esauth.rest.service.session.ManagementService"/>
 </esauth-server>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/log_login_user.groovy

@@ -12,4 +12,4 @@ try {
 } catch(Exception ex) {
    LOG.error("Exception in logLoginUser groovy script: " + ex)
    response.setResult('error');
-}
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/logging.yml

@@ -16,12 +16,6 @@ Configuration:
       level: "INFO"
     - name: "EsAuthStart"
       level: "INFO"
-    - name: "org.apache.catalina.loader.WebappClassLoader"
-      level: "FATAL"
-    - name: "org.apache.catalina.startup.HostConfig"
-      level: "ERROR"
-    - name: "ch.nevis.esauth.events"
-      level: "FATAL"
     - name: "AGOVOP-ACCT"
       level: "INFO"
     - name: "AGOVOP-IDENT"

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/otel.properties

@@ -1,4 +1,5 @@
 otel.service.name = auth
+otel.traces.sampler = always_on
 otel.traces.exporter = none
 otel.metrics.exporter = none
 otel.logs.exporter = none

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/saml_sp_nevisidm_admin_realm_extract_issuer.groovy

@@ -59,4 +59,4 @@ else { // no incoming message.
     }
 }
 
-response.setResult('ok')
+response.setResult('ok')

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/saml_sp_nevisidm_operations_realm_extract_issuer.groovy

@@ -59,4 +59,4 @@ else { // no incoming message.
     }
 }
 
-response.setResult('ok')
+response.setResult('ok')

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/set_userextid_groovy_script_step.groovy

@@ -56,4 +56,4 @@ try {
 } catch(Exception ex) {
    LOG.warn("Exception in selectProfile groovy script: " + ex)
    response.setResult('error');
-}
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm-job/etc/nevis/k8s-idm-job-nevisidm-sectoken-truststore-641ac4edf0c17383d3c0ea38.yaml

@@ -16,3 +16,4 @@ spec:
   - "-----BEGIN CERTIFICATE-----\nMIICwzCCAmigAwIBAgIQD2rG9y4zmGttpC7TICcclzAKBggqhkjOPQQDAjAYMRYw\nFAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTI1MDUxNzE0NTEyN1oXDTI2MDUxNzE0\nNTEyN1owVjELMAkGA1UEBhMCQ0gxDDAKBgNVBAgTA0s4UzEMMAoGA1UEBxMDSzhT\nMQwwCgYDVQQKEwNLOFMxDDAKBgNVBAsTA0s4UzEPMA0GA1UEAxMGc2lnbmVyMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKBPRMnOhPbVwYUNgEt5ZaC+\nUqqCEqr8EsFfvespgBUpNYByoZWCT1K/iCoG9I7DLzNsrHIJ+HSy2hTXD15naOmb\nQout/E0Lh8sMaA7vx0oWJs9YKkQY3TnHqL8CEU3s/Ko3cylYBhsyjxJv/qqpJIsk\nVSMPmr8A1zh55sOmGzsb09aV0rxe4Z6/N0GH9lHyWsIXFRxSIpmtnYmXc1VKE0a5\n8Nxi4sVePN3phhM7YpW9E/XhCgZ2bie832K99A92Ui9qF7ZVKIrqNt4rfvbUWqch\nKFSsk3prslkAC4fmJ8U+DgpkfG0ihgw7u8BSlu9R/tTVT6eCQiBgoK+U3dZKMwID\nAQABo4GKMIGHMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI\nKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBT7YRoWIjHwkvFicwvk\n0Tx/yA4uUTAnBgNVHREEIDAeggZzaWduZXKBFG5vcmVwbHlAbG9jYWwuZG9tYWlu\nMAoGCCqGSM49BAMCA0kAMEYCIQCJJwGCbarhhgJ10hQxup5l6VTVa8S5orf1kUQX\nkGYLqgIhANYdMwH8gPzck432bomVRXRVHqbvUIny7/mIRFJGvlne\n-----END CERTIFICATE-----\n"
   - "-----BEGIN CERTIFICATE-----\nMIIBcTCCARagAwIBAgIQWRl1eifIt8yohQYzh6yr/jAKBggqhkjOPQQDAjAYMRYw\nFAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTIzMDYyODE0MzI0MFoXDTQzMDYyODE0\nMzI0MFowGDEWMBQGA1UEAxMNc2VsZnNpZ25lZC1jYTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABEwcjsIhSyyh0i9zP1G7ReOkFt/djzlGoUtSd5v3ZEk5QoZYjfl9\n04HdaZzrmveB2aRppbXgW7//s2Ma8wTd5uejQjBAMA4GA1UdDwEB/wQEAwICpDAP\nBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBT7YRoWIjHwkvFicwvk0Tx/yA4uUTAK\nBggqhkjOPQQDAgNJADBGAiEAgyg9t0qgb+czuscs07pNGI+12BedrD+y71psIlqx\nt2UCIQC/85UXyjYI9zg7Mg7rROTbGNCU3Jq/KIC3VzbbD+68VA==\n-----END CERTIFICATE-----\n"
   - "-----BEGIN CERTIFICATE-----\nMIICwjCCAmigAwIBAgIQQ5naR3IENaVymFpP7DHo3DAKBggqhkjOPQQDAjAYMRYw\nFAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTI1MDUxNzE0NTExOVoXDTI2MDUxNzE0\nNTExOVowVjELMAkGA1UEBhMCQ0gxDDAKBgNVBAgTA0s4UzEMMAoGA1UEBxMDSzhT\nMQwwCgYDVQQKEwNLOFMxDDAKBgNVBAsTA0s4UzEPMA0GA1UEAxMGc2lnbmVyMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5WQDdm5K7sjpnUGVeWU7MkuN\nfpzGoMBpzgrF0qyOInN0sE7WLuOmbrqQ94hPNcdX5wQ1m+UGj0TCsay+un/vPBWT\nNpj68WUnRD6rIbs14bTGAHZkQ+mYbWfidTUg4cw8WzmSpyTMwAxDEVmUneQjTkDK\nTD8N8kNrYG42ZH6tkRakuYX5gXE26eH2NaAAMFP6b5kfX8idV1WbVjFHdq7PdfQg\njwtVNCn74RbMT8cBBAww/C2K3RAogTuWe8dloItmpK5y8boYyKsOiFFg1OzV9p+L\ndN5tLoiUHnPvRRbGcOua4fvJJXgFEB943Wo1EGRlDEmYQ1YpvGvgukm3LPvbCwID\nAQABo4GKMIGHMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI\nKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBT7YRoWIjHwkvFicwvk\n0Tx/yA4uUTAnBgNVHREEIDAeggZzaWduZXKBFG5vcmVwbHlAbG9jYWwuZG9tYWlu\nMAoGCCqGSM49BAMCA0gAMEUCIFJuHTAtp3mPsEk3G90t6PCY46Kc1AejyqcCP4Gt\nan3CAiEA9inWU6SwPd9pWf7hs9FUIGMZonwHgx66Q9qKdeTnjy0=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICwzCCAmigAwIBAgIQR+vh743RGzZUW3EDMUTNgTAKBggqhkjOPQQDAjAYMRYw\nFAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTI1MDgxOTE1MTgwNVoXDTI2MDgxOTE1\nMTgwNVowVjELMAkGA1UEBhMCQ0gxDDAKBgNVBAgTA0s4UzEMMAoGA1UEBxMDSzhT\nMQwwCgYDVQQKEwNLOFMxDDAKBgNVBAsTA0s4UzEPMA0GA1UEAxMGc2lnbmVyMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp888RapeMLXk0KBw27rckQlV\nK8dnz0RRTooWyhVjPBwH/lPsiGb/bpxZ9zSqCy7H2jBIoWjVADHEuUSh9xPqT2gp\n29+PXYkH5YzKrWHe+dAIyjWmgJo3DTkQcvDU9K2HwwHHd1EtKtJopm3v8cTITRZH\ncjXIW7AXj6m1x21SV4juGuRK4w3e32Ry+VQJ3EcfT6B91PicyzYVKXCkRr2eUATd\n35dZOsHZj+KROZRuHNTMo8W9/Z1u5DD4/uDd2bFAgcTKcho136ZR4jQ9M8fA78Qt\nkv5rhmLa2fM7/jQTDGDDwWomJlue10FX1ArtKfQq9+XTlnN1rqDuNmKWjbcfRwID\nAQABo4GKMIGHMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI\nKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBT7YRoWIjHwkvFicwvk\n0Tx/yA4uUTAnBgNVHREEIDAeggZzaWduZXKBFG5vcmVwbHlAbG9jYWwuZG9tYWlu\nMAoGCCqGSM49BAMCA0kAMEYCIQDHc1LJPHlQddb7zGfh7ALDBvNXkQfP3CgC+HGk\npykc3QIhAKqikhVid7okULyD5xHtoWN0G1OFKML9tKhLwqe5aJo+\n-----END CERTIFICATE-----\n"

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm-job/etc/nevis/k8s-nevisidm-batch-641ac4edf0c17383d3c0ea38.yaml

@@ -11,8 +11,8 @@ metadata:
 spec:
   type: "NevisIDM"
   replicas: 1
-  version: "8.2411.3"
-  gitInitVersion: "1.3.0"
+  version: "8.2505.5"
+  gitInitVersion: "1.4.0"
   runAsNonRoot: true
   ports:
     management: 8998
@@ -40,13 +40,14 @@ spec:
     management:
       httpGet:
         path: "/health"
+      initialDelaySeconds: 60
       periodSeconds: 5
       timeoutSeconds: 6
-      failureThreshold: 50
+      failureThreshold: 30
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-3944ffd65b942f8ce7cea4316e8f0ebdd3fd083a"
+    tag: "r-7e9f2304b72a07725abab4c27833af5cdd73ab53"
     dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm-job"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm-job/var/opt/nevisidm/default/conf/env.conf

@@ -4,5 +4,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
-)
+    "-Dotel.resource.attributes=service.version=8.2505.5,service.instance.id=$HOSTNAME"
+)

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm-job/var/opt/nevisidm/default/conf/nevisidm-prod.properties

@@ -2,6 +2,14 @@
 web.gui.languages.default=de
 # source: pattern://0d4bbba28a4a76094d41df81
 database.connection.url=jdbc:mariadb://mariadb-agov-uat.mariadb.database.azure.com:3306/nevisidm_uat?pinGlobalTxToPhysicalConnection=1&useMysqlMetadata=true&cachePrepStmts=true&prepStmtCacheSize=1000&useSSL=true&trustStore=/var/opt/keys/trust/idm-db-tls-truststore/truststore.jks
+# source: pattern://0116b3002d0e713e23e6be72
+database.connection.pool.size.min=5
+# source: pattern://0116b3002d0e713e23e6be72
+database.connection.pool.size.max=10
+# source: pattern://0d4bbba28a4a76094d41df81
+database.connection.max.lifetime=1800
+# source: pattern://0d4bbba28a4a76094d41df81
+database.connection.max.idle.time=600
 # source: pattern://0d4bbba28a4a76094d41df81
 database.connection.username=adndbadmin
 # source: pattern://0d4bbba28a4a76094d41df81
@@ -53,10 +61,6 @@ application.modules.event.repeat.count=-1
 # source: pattern://0116b3002d0e713e23e6be72
 application.modules.provisioning.enabled=false
 # source: pattern://0116b3002d0e713e23e6be72
-database.connection.pool.size.max=10
-# source: pattern://0116b3002d0e713e23e6be72
-database.connection.pool.size.min=5
-# source: pattern://0116b3002d0e713e23e6be72
 database.connection.xa.enabled=false
 # source: pattern://0116b3002d0e713e23e6be72
 database.transaction.timeout=60

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm-job/var/opt/nevisidm/default/conf/otel.properties

@@ -1,4 +1,5 @@
 otel.service.name = idm-job
+otel.traces.sampler = always_on
 otel.traces.exporter = none
 otel.metrics.exporter = none
 otel.logs.exporter = none

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm/etc/nevis/k8s-idm-db-ca0629d86201d4c4ac857d60.yaml

@@ -0,0 +1,27 @@
+apiVersion: "operator.nevis-security.ch/v1"
+kind: "NevisDatabase"
+metadata:
+  name: "idm"
+  namespace: "adn-agov-nevisidm-admin-01-uat"
+  labels:
+    deploymentTarget: "idm"
+  annotations:
+    projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
+    patternId: "ca0629d86201d4c4ac857d60"
+spec:
+  type: "NevisIDM"
+  databaseType: "MariaDB"
+  version: "8.2505.5"
+  url: "mariadb-agov-uat.mariadb.database.azure.com"
+  port: 3306
+  ssl: true
+  database: "nevisidm_uat"
+  bootstrap: true
+  migrate: true
+  rootCredentials:
+    name: "root-adn-agov-nevisidm-admin-01-uat-idm"
+    namespace: "adn-agov-nevisidm-admin-01-uat"
+  podSecurity:
+    policy: "baseline"
+    automountServiceAccountToken: false
+  timeZone: "Europe/Zurich"

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm/etc/nevis/k8s-idm-nevisidm-sectoken-truststore-ba7c7a3b091df0c4b8ba0bb2.yaml

@@ -16,3 +16,4 @@ spec:
   - "-----BEGIN CERTIFICATE-----\nMIICwzCCAmigAwIBAgIQD2rG9y4zmGttpC7TICcclzAKBggqhkjOPQQDAjAYMRYw\nFAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTI1MDUxNzE0NTEyN1oXDTI2MDUxNzE0\nNTEyN1owVjELMAkGA1UEBhMCQ0gxDDAKBgNVBAgTA0s4UzEMMAoGA1UEBxMDSzhT\nMQwwCgYDVQQKEwNLOFMxDDAKBgNVBAsTA0s4UzEPMA0GA1UEAxMGc2lnbmVyMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKBPRMnOhPbVwYUNgEt5ZaC+\nUqqCEqr8EsFfvespgBUpNYByoZWCT1K/iCoG9I7DLzNsrHIJ+HSy2hTXD15naOmb\nQout/E0Lh8sMaA7vx0oWJs9YKkQY3TnHqL8CEU3s/Ko3cylYBhsyjxJv/qqpJIsk\nVSMPmr8A1zh55sOmGzsb09aV0rxe4Z6/N0GH9lHyWsIXFRxSIpmtnYmXc1VKE0a5\n8Nxi4sVePN3phhM7YpW9E/XhCgZ2bie832K99A92Ui9qF7ZVKIrqNt4rfvbUWqch\nKFSsk3prslkAC4fmJ8U+DgpkfG0ihgw7u8BSlu9R/tTVT6eCQiBgoK+U3dZKMwID\nAQABo4GKMIGHMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI\nKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBT7YRoWIjHwkvFicwvk\n0Tx/yA4uUTAnBgNVHREEIDAeggZzaWduZXKBFG5vcmVwbHlAbG9jYWwuZG9tYWlu\nMAoGCCqGSM49BAMCA0kAMEYCIQCJJwGCbarhhgJ10hQxup5l6VTVa8S5orf1kUQX\nkGYLqgIhANYdMwH8gPzck432bomVRXRVHqbvUIny7/mIRFJGvlne\n-----END CERTIFICATE-----\n"
   - "-----BEGIN CERTIFICATE-----\nMIIBcTCCARagAwIBAgIQWRl1eifIt8yohQYzh6yr/jAKBggqhkjOPQQDAjAYMRYw\nFAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTIzMDYyODE0MzI0MFoXDTQzMDYyODE0\nMzI0MFowGDEWMBQGA1UEAxMNc2VsZnNpZ25lZC1jYTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABEwcjsIhSyyh0i9zP1G7ReOkFt/djzlGoUtSd5v3ZEk5QoZYjfl9\n04HdaZzrmveB2aRppbXgW7//s2Ma8wTd5uejQjBAMA4GA1UdDwEB/wQEAwICpDAP\nBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBT7YRoWIjHwkvFicwvk0Tx/yA4uUTAK\nBggqhkjOPQQDAgNJADBGAiEAgyg9t0qgb+czuscs07pNGI+12BedrD+y71psIlqx\nt2UCIQC/85UXyjYI9zg7Mg7rROTbGNCU3Jq/KIC3VzbbD+68VA==\n-----END CERTIFICATE-----\n"
   - "-----BEGIN CERTIFICATE-----\nMIICwjCCAmigAwIBAgIQQ5naR3IENaVymFpP7DHo3DAKBggqhkjOPQQDAjAYMRYw\nFAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTI1MDUxNzE0NTExOVoXDTI2MDUxNzE0\nNTExOVowVjELMAkGA1UEBhMCQ0gxDDAKBgNVBAgTA0s4UzEMMAoGA1UEBxMDSzhT\nMQwwCgYDVQQKEwNLOFMxDDAKBgNVBAsTA0s4UzEPMA0GA1UEAxMGc2lnbmVyMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5WQDdm5K7sjpnUGVeWU7MkuN\nfpzGoMBpzgrF0qyOInN0sE7WLuOmbrqQ94hPNcdX5wQ1m+UGj0TCsay+un/vPBWT\nNpj68WUnRD6rIbs14bTGAHZkQ+mYbWfidTUg4cw8WzmSpyTMwAxDEVmUneQjTkDK\nTD8N8kNrYG42ZH6tkRakuYX5gXE26eH2NaAAMFP6b5kfX8idV1WbVjFHdq7PdfQg\njwtVNCn74RbMT8cBBAww/C2K3RAogTuWe8dloItmpK5y8boYyKsOiFFg1OzV9p+L\ndN5tLoiUHnPvRRbGcOua4fvJJXgFEB943Wo1EGRlDEmYQ1YpvGvgukm3LPvbCwID\nAQABo4GKMIGHMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI\nKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBT7YRoWIjHwkvFicwvk\n0Tx/yA4uUTAnBgNVHREEIDAeggZzaWduZXKBFG5vcmVwbHlAbG9jYWwuZG9tYWlu\nMAoGCCqGSM49BAMCA0gAMEUCIFJuHTAtp3mPsEk3G90t6PCY46Kc1AejyqcCP4Gt\nan3CAiEA9inWU6SwPd9pWf7hs9FUIGMZonwHgx66Q9qKdeTnjy0=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICwzCCAmigAwIBAgIQR+vh743RGzZUW3EDMUTNgTAKBggqhkjOPQQDAjAYMRYw\nFAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTI1MDgxOTE1MTgwNVoXDTI2MDgxOTE1\nMTgwNVowVjELMAkGA1UEBhMCQ0gxDDAKBgNVBAgTA0s4UzEMMAoGA1UEBxMDSzhT\nMQwwCgYDVQQKEwNLOFMxDDAKBgNVBAsTA0s4UzEPMA0GA1UEAxMGc2lnbmVyMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp888RapeMLXk0KBw27rckQlV\nK8dnz0RRTooWyhVjPBwH/lPsiGb/bpxZ9zSqCy7H2jBIoWjVADHEuUSh9xPqT2gp\n29+PXYkH5YzKrWHe+dAIyjWmgJo3DTkQcvDU9K2HwwHHd1EtKtJopm3v8cTITRZH\ncjXIW7AXj6m1x21SV4juGuRK4w3e32Ry+VQJ3EcfT6B91PicyzYVKXCkRr2eUATd\n35dZOsHZj+KROZRuHNTMo8W9/Z1u5DD4/uDd2bFAgcTKcho136ZR4jQ9M8fA78Qt\nkv5rhmLa2fM7/jQTDGDDwWomJlue10FX1ArtKfQq9+XTlnN1rqDuNmKWjbcfRwID\nAQABo4GKMIGHMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI\nKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBT7YRoWIjHwkvFicwvk\n0Tx/yA4uUTAnBgNVHREEIDAeggZzaWduZXKBFG5vcmVwbHlAbG9jYWwuZG9tYWlu\nMAoGCCqGSM49BAMCA0kAMEYCIQDHc1LJPHlQddb7zGfh7ALDBvNXkQfP3CgC+HGk\npykc3QIhAKqikhVid7okULyD5xHtoWN0G1OFKML9tKhLwqe5aJo+\n-----END CERTIFICATE-----\n"

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm/etc/nevis/k8s-nevisidm-ba7c7a3b091df0c4b8ba0bb2.yaml

@@ -11,8 +11,8 @@ metadata:
 spec:
   type: "NevisIDM"
   replicas: 1
-  version: "8.2411.3"
-  gitInitVersion: "1.3.0"
+  version: "8.2505.5"
+  gitInitVersion: "1.4.0"
   runAsNonRoot: true
   ports:
     management: 8998
@@ -40,15 +40,19 @@ spec:
     management:
       httpGet:
         path: "/health"
+      initialDelaySeconds: 60
       periodSeconds: 5
       timeoutSeconds: 6
-      failureThreshold: 50
+      failureThreshold: 30
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-3944ffd65b942f8ce7cea4316e8f0ebdd3fd083a"
+    tag: "r-535a1c58f3e972bdefb25ae1db1c6e392665da01"
     dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm"
     credentials: "git-credentials"
+  database:
+    name: "idm"
+    requiredVersion: "8.2505.5"
   keystores:
   - "idm-default-identity"
   truststores:
@@ -60,5 +64,4 @@ spec:
   timeZone: "Europe/Zurich"
   secrets:
     secret:
-    - "a2068eb83a60702322c13949-27ed70d3"
     - "c418560f50e0332d087e85bf-89ec31e5"

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm/var/opt/nevisidm/default/conf/env.conf

@@ -4,5 +4,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
-)
+    "-Dotel.resource.attributes=service.version=8.2505.5,service.instance.id=$HOSTNAME"
+)

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm/var/opt/nevisidm/default/conf/nevisidm-prod.properties

@@ -2,10 +2,18 @@
 web.gui.languages.default=de
 # source: pattern://ca0629d86201d4c4ac857d60
 database.connection.url=jdbc:mariadb://mariadb-agov-uat.mariadb.database.azure.com:3306/nevisidm_uat?pinGlobalTxToPhysicalConnection=1&useMysqlMetadata=true&cachePrepStmts=true&prepStmtCacheSize=1000&useSSL=true&trustStore=/var/opt/keys/trust/idm-db-tls-truststore/truststore.jks
+# source: pattern://fe4a248ac7b092a6a80624f1
+database.connection.pool.size.min=5
+# source: pattern://fe4a248ac7b092a6a80624f1
+database.connection.pool.size.max=10
 # source: pattern://ca0629d86201d4c4ac857d60
-database.connection.username=adndbadmin
+database.connection.max.lifetime=1800
 # source: pattern://ca0629d86201d4c4ac857d60
-database.connection.password=secret://a2068eb83a60702322c13949-27ed70d3
+database.connection.max.idle.time=600
+# source: pattern://ca0629d86201d4c4ac857d60
+database.connection.username=${exec:/var/opt/nevisidm/default/conf/credentials/dbUser}
+# source: pattern://ca0629d86201d4c4ac857d60
+database.connection.password=${exec:/var/opt/nevisidm/default/conf/credentials/dbPassword}
 # source: pattern://ba7c7a3b091df0c4b8ba0bb2
 application.mail.smtp.host=greenmail.adn-agov-mail-01-uat.svc
 # source: pattern://ba7c7a3b091df0c4b8ba0bb2
@@ -59,10 +67,6 @@ application.modules.reporting.characterencoding=ISO-8859-1
 # source: pattern://fe4a248ac7b092a6a80624f1
 application.modules.reporting.separator=;
 # source: pattern://fe4a248ac7b092a6a80624f1
-database.connection.pool.size.max=10
-# source: pattern://fe4a248ac7b092a6a80624f1
-database.connection.pool.size.min=5
-# source: pattern://fe4a248ac7b092a6a80624f1
 database.connection.xa.enabled=false
 # source: pattern://fe4a248ac7b092a6a80624f1
 web.gui.facing.cache.size=10000

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm/var/opt/nevisidm/default/conf/otel.properties

@@ -1,4 +1,5 @@
 otel.service.name = idm
+otel.traces.sampler = always_on
 otel.traces.exporter = none
 otel.metrics.exporter = none
 otel.logs.exporter = none

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/etc/nevis/k8s-nevislogrend-8401da6318c6915d689cdfc9.yaml

@@ -11,8 +11,8 @@ metadata:
 spec:
   type: "NevisLogrend"
   replicas: 1
-  version: "8.2411.2"
-  gitInitVersion: "1.3.0"
+  version: "8.2505.5"
+  gitInitVersion: "1.4.0"
   runAsNonRoot: true
   ports:
     server: 8988
@@ -38,13 +38,14 @@ spec:
   startupProbe:
     server:
       tcpSocket: true
+      initialDelaySeconds: 30
       periodSeconds: 5
       timeoutSeconds: 4
-      failureThreshold: 50
+      failureThreshold: 30
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-d06bd972269492f0db33bc07396b5fe3c91cdaaf"
+    tag: "r-7e9f2304b72a07725abab4c27833af5cdd73ab53"
     dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend"
     credentials: "git-credentials"
   podSecurity:

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/conf/env.conf

@@ -10,5 +10,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevislogrend/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
-)
+    "-Dotel.resource.attributes=service.version=8.2505.5,service.instance.id=$HOSTNAME"
+)

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/conf/mimetype.properties

@@ -1,3 +1,5 @@
+
 ico=image/x-icon
+json=application/json
 woff=font/woff
-woff2=font/woff2
+woff2=font/woff2

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/conf/otel.properties

@@ -1,4 +1,5 @@
 otel.service.name = logrend
+otel.traces.sampler = always_on
 otel.traces.exporter = none
 otel.metrics.exporter = none
 otel.logs.exporter = none

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/apple.svg

@@ -0,0 +1,10 @@
+<svg width="19" height="18" viewBox="0 0 19 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0)">
+<path d="M13.9697 17.2808C12.9941 18.2276 11.9177 18.08 10.8917 17.6336C9.80091 17.1782 8.80371 17.1494 7.65171 17.6336C6.21711 18.2528 5.45571 18.0728 4.59171 17.2808C-0.28628 12.2588 0.433719 4.60879 5.97771 4.32079C7.32231 4.39279 8.26371 5.06419 9.05571 5.11999C10.2329 4.88059 11.3597 4.19479 12.6197 4.28479C14.1335 4.40719 15.2657 5.00479 16.0217 6.07938C12.9077 7.95138 13.6457 12.0554 16.5059 13.2074C15.9335 14.7104 15.1991 16.1954 13.9679 17.2934L13.9697 17.2808ZM8.94771 4.26679C8.80191 2.03479 10.6109 0.198798 12.6917 0.0187988C12.9779 2.59279 10.3517 4.51879 8.94771 4.26679Z" fill="#1F2F33"/>
+</g>
+<defs>
+<clipPath id="clip0">
+<rect width="15.156" height="18" fill="white" transform="translate(1.3335)"/>
+</clipPath>
+</defs>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/authcloud_login.js

@@ -66,7 +66,7 @@ const Status = {
 };
 
 function setDeepLinkLabel(button) {
-    const text = document.getElementsByName('info.deeplink')[0].value;
+    const text = document.getElementById('info.login.access_app').innerText;
     button.innerHTML = text;
 }
 
@@ -80,7 +80,13 @@ function messageCheckPhone() {
     infoElement.innerHTML = text;
 }
 
-const Element = {
+function showError() {
+    const text = document.getElementsByName('error.authcloud.login')[0].value;
+    errorElement.innerHTML = text;
+    infoElement.style.display = "none";
+}
+
+const AccessAppElement = {
 
     _elem: null, // QR code or deep link depending on device
 
@@ -91,8 +97,11 @@ const Element = {
         if (isAndroid || isIphone) {
             this._elem = document.createElement('a');
             this._elem.setAttribute('href', appLink);
-            this._elem.setAttribute('class', 'btn btn-primary');
+            this._elem.setAttribute('class', 'btn btn-primary w-100 mt-4');
             this._elem.setAttribute('target', '_blank');
+            // distinguishes style for platforms
+            dispatcherElement.classList.add('mobile-platform');
+
             dispatcherElement.appendChild(this._elem);
             setDeepLinkLabel(this._elem);
         }
@@ -103,13 +112,23 @@ const Element = {
             }
             else {
                 messageScanQR();
+                const qrSize = 280;
+                // Element to render the QR code
                 this._elem = document.createElement('canvas');
-                dispatcherElement.appendChild(this._elem);
-                var qrcode = new QRious({
+                // Wrapper div to render corners
+                const qrCodeWrapper = document.createElement('div');
+                qrCodeWrapper.setAttribute('id','qr-code-wrapper');
+                qrCodeWrapper.style.width = `${qrSize}px`;
+                qrCodeWrapper.style.height = `${qrSize}px`;
+                qrCodeWrapper.appendChild(this._elem)
+                dispatcherElement.style.height = `${qrSize}px`;
+                dispatcherElement.appendChild(qrCodeWrapper);
+                const qrcode = new QRious({
                   element: this._elem,
-                  foreground: "#168CA9",
+                  // use --nevis-gray-900 CSS variable value
+                  foreground: getComputedStyle(document.body).getPropertyValue('--nevis-gray-900'),
                   level: "M",
-                  size: 280,
+                  size: qrSize,
                   value: appLink
                 });
             }
@@ -125,20 +144,31 @@ const Element = {
 };
 
 function authenticateUser(appLink) {
-    Element.show(appLink);
-    console.log('Starting Authentication Cloud status polling...');
+
+    AccessAppElement.show(appLink);
+
+    console.log('Starting Auth Cloud status polling...');
+
     Status.startPolling(statusToken, (st, done) => {
+
         if (st.status === 'succeeded') {
-            console.log('Authentication Cloud login done.');
+
+            console.log('Auth Cloud success.');
+
+            // auto submit form with outcome
             submitStatus('succeeded')
         }
         else if (st.status === 'failed') {
+
             // failed: The transaction failed, either by timeout or because the user did not accept.
-            console.warn('Authentication Cloud login failed. User abort or timeout.');
+            console.warn('Auth Cloud login failed. User abort or timeout.');
+
             submitStatus('failed')
         }
         else if (st.status === 'unknown') {
-            console.error('Authentication Cloud login failed. Unknown status.');
+
+            console.error('Auth Cloud login failed. Unknown status.');
+
             submitStatus('unknown')
         }
     });

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/authcloud_onboard.js

@@ -75,7 +75,12 @@ function messageScanQR() {
     infoElement.innerHTML = text;
 }
 
-const Element = {
+function messageInstalledAccessApp() {
+  const text = document.getElementById('info.access_app.installed').innerText;
+  infoElement.innerHTML = text;
+}
+
+const AccessAppElement = {
 
     _elem: null, // QR code or deep link depending on device
 
@@ -84,22 +89,47 @@ const Element = {
         const isIphone = 'iPhone' === navigator.platform;
         const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent);
         if (isAndroid || isIphone) {
+            if (isAndroid) {
+                document.getElementById('install_apple').style.display = 'none';
+            }
+            if (isIphone) {
+                document.getElementById('install_google').style.display = 'none';
+            }
             this._elem = document.createElement('a');
             this._elem.setAttribute('href', appLink);
-            this._elem.setAttribute('class', 'btn btn-primary');
+            this._elem.setAttribute('class', 'btn btn-primary w-100');
             this._elem.setAttribute('target', '_blank');
+            // distinguishes style for platforms
+            dispatcherElement.classList.add('mobile-platform');
+            const accessApplinks = document.getElementById('access-app-download-link');
+            accessApplinks.classList.add('access-app-download-link-mobile-spacing');
+
             dispatcherElement.appendChild(this._elem);
             setDeepLinkLabel(this._elem);
+
+            // info text is displayed before access app links
+            accessApplinks.parentNode.insertBefore(infoElement.parentNode, accessApplinks);
+            messageInstalledAccessApp();
         }
         else {
             messageScanQR();
+            const qrSize = 280;
+            // Element to render the QR code
             this._elem = document.createElement('canvas');
-            dispatcherElement.appendChild(this._elem);
-            var qrcode = new QRious({
+            // Wrapper div to render corners
+            const qrCodeWrapper = document.createElement('div');
+            qrCodeWrapper.setAttribute('id','qr-code-wrapper');
+            qrCodeWrapper.style.width = `${qrSize}px`;
+            qrCodeWrapper.style.height = `${qrSize}px`;
+            qrCodeWrapper.appendChild(this._elem)
+            dispatcherElement.style.height = `${qrSize}px`;
+            dispatcherElement.appendChild(qrCodeWrapper);
+            const qrcode = new QRious({
               element: this._elem,
-              foreground: "#168CA9",
+              // use --nevis-gray-900 CSS variable value
+              foreground: getComputedStyle(document.body).getPropertyValue('--nevis-gray-900'),
               level: "M",
-              size: 280,
+              size: qrSize,
               value: appLink
             });
         }
@@ -114,25 +144,47 @@ const Element = {
 };
 
 function onboardUser(appLink) {
-    Element.show(appLink);
-    console.log('Starting Authentication Cloud status polling...');
+
+    AccessAppElement.show(appLink);
+
+    console.log('Starting Auth Cloud status polling...');
+
     Status.startPolling(statusToken, (st, done) => {
+
         if (st.status === 'succeeded') {
-            console.log('Authentication Cloud onboarding done.');
+
+            console.log('Auth Cloud success.');
+
+            // auto submit form with outcome
             submitStatus('succeeded')
         }
         else if (st.status === 'failed') {
+
             // failed: The transaction failed, either by timeout or because the user did not accept.
             console.warn('Authentication Cloud onboarding failed. User abort or timeout.');
+
             submitStatus('failed')
         }
         else if (st.status === 'unknown') {
+
             console.error('Authentication Cloud onboarding failed. Unknown status.');
+
             submitStatus('unknown')
         }
     });
 }
 
+const swap = function (nodeA, nodeB) {
+    const parentA = nodeA.parentNode;
+    const siblingA = nodeA.nextSibling === nodeB ? nodeA : nodeA.nextSibling;
+
+    // Move `nodeA` to before the `nodeB`
+    nodeB.parentNode.insertBefore(nodeA, nodeB);
+
+    // Move `nodeB` to before the sibling of `nodeA`
+    parentA.insertBefore(nodeB, siblingA);
+};
+
 function init() {
 
     const form = document.getElementById('authcloud_onboard');
@@ -145,6 +197,9 @@ function init() {
 
     dispatcherElement = document.getElementById('authcloud_dispatch');
 
+    // info texts are displayed underneath QR code
+    swap(infoElement.parentNode, dispatcherElement.parentNode);
+
     const appLink = form.appLink.value;
     onboardUser(appLink);
 }

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/chevron-down.svg

@@ -0,0 +1,3 @@
+<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M12.6667 6L8 10.6667L3.33333 6" stroke="#1F2F33" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/chevron-right.svg

@@ -0,0 +1,3 @@
+<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path d="M6 3.33332L10.6667 7.99999L6 12.6667" stroke="#1F2F33" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/copy-to-clipboard.js

@@ -0,0 +1,27 @@
+function copyToClipboard(containerid) {
+  if (document.selection) {
+    var range = document.body.createTextRange();
+    range.moveToElementText(document.getElementById(containerid));
+    range.select().createTextRange();
+    document.execCommand("copy");
+  } else if (window.getSelection) {
+    var range = document.createRange();
+    range.selectNode(document.getElementById(containerid));
+    window.getSelection().addRange(range);
+    document.execCommand("copy");
+  }
+
+  // clear selection
+  if (window.getSelection) {
+    if (window.getSelection().empty) {
+      // Chrome
+      window.getSelection().empty();
+    } else if (window.getSelection().removeAllRanges) {
+      // Firefox
+      window.getSelection().removeAllRanges();
+    }
+  } else if (document.selection) {
+    // IE
+    document.selection.empty();
+  }
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/customized-bootstrap.css

@@ -0,0 +1,755 @@
+/*!
+ * Bootstrap v5.1.3 (https://getbootstrap.com/)
+ * Copyright 2011-2021 The Bootstrap Authors
+ * Copyright 2011-2021 Twitter, Inc.
+ * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE)
+*/
+
+/*
+ * This file contains customized bootstrap classes which are in the same name, however differ in the implementation.
+ * Classes use CSS custom properties from :root to be runtime modifiable.
+ * Used a portion of bootstrap classes which satisfy the requirements without to include the whole bootstrap bundle.
+ * If you would like to add new classes as "override" or extension please use the bootstrap naming convention.
+*/
+
+/* Form controls */
+.form-label {
+  margin-bottom: 0.25rem;
+}
+
+.form-check:has(.form-check-label) {
+  padding: 1em 1em 1em 1.6em;
+  border-top: solid 1px lightgray;
+  margin: 0 1em 0 1em;
+}
+
+.form-check-label {
+  font-size: 0.875rem !important;
+}
+
+.form-group {}
+
+.form-control {
+  display: block;
+  width: 100%;
+  padding: 0.5625rem 0.75rem;
+  font-size: 1rem;
+  font-weight: 400;
+  line-height: 1.25rem;
+  color: var(--nevis-black);
+  background-color: var(--nevis-white);
+  background-clip: padding-box;
+  border: 0.0625rem solid var(--nevis-form-control-border-color);
+  border-radius: var(--nevis-border-radius);
+  -webkit-appearance: none;
+  -moz-appearance: none;
+  appearance: none;
+  transition: border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
+}
+
+@media (prefers-reduced-motion: reduce) {
+  .form-control {
+    transition: none;
+  }
+}
+
+.form-control:focus {
+  color: var(--nevis-black);
+  background-color: var(--nevis-white);
+  border-color: var(--nevis-primary);
+  outline: 0;
+  box-shadow: 0 0 0 0.0625rem var(--nevis-primary);
+}
+
+.form-control::-webkit-date-and-time-value {
+  height: 1.5em;
+}
+
+.form-control::-moz-placeholder {
+  color: var(--nevis-secondary);
+  opacity: 1;
+}
+
+.form-control::placeholder {
+  color: var(--nevis-secondary);
+  opacity: 1;
+}
+
+.form-control:disabled {
+  font-size: 0.875rem;
+  background-color: #e9ecef;
+  opacity: 1;
+}
+
+.form-control[readonly] {
+  background: var(--nevis-readonly-bg-color);
+  border-color: var(--nevis-readonly-border-color);
+  border-radius: var(--nevis-border-radius);
+  color: var(--nevis-gray-900);
+  font-size: 0.875rem;
+}
+
+.form-control[readonly]:focus {
+  box-shadow: 0 0 0 0.0625rem var(--nevis-readonly-box-shadow-color);
+}
+
+/* Valdiation */
+.invalid-feedback {
+  display: none;
+  width: 100%;
+  margin-top: 0.25rem;
+  font-size: 0.875em;
+  color: var(--nevis-danger);
+}
+
+.was-validated :invalid~.invalid-feedback,
+.was-validated :invalid~.invalid-tooltip,
+.is-invalid~.invalid-feedback,
+.is-invalid~.invalid-tooltip {
+  display: block;
+}
+
+/* Added for 3rd party International Telephone Input */
+.was-validated .iti~.invalid-feedback.invalid-feedback-ready,
+.was-validated .iti~.invalid-tooltip.invalid-feedback-ready {
+  display: block;
+}
+
+.was-validated .form-control:invalid,
+.form-control.is-invalid {
+  border-color: var(--nevis-danger);
+  border-width: 0.125rem;
+  padding-right: inherit;
+  background-image: none;
+  background-repeat: no-repeat;
+  background-position: inherit;
+  background-size: inherit;
+}
+
+.was-validated .form-control:invalid:focus,
+.form-control.is-invalid:focus {
+  border-color: var(--nevis-danger);
+  box-shadow: none;
+}
+
+.form-control:valid,
+.form-control.is-valid {
+  background-image: none;
+}
+
+/* remove valid feedback classes */
+.was-validated .form-control:valid,
+.form-control.is-valid {
+  border-color: var(--nevis-gray-400);
+  padding-right: inherit;
+  background-image: inherit;
+  background-repeat: no-repeat;
+  background-position: inherit;
+  background-size: inherit;
+}
+
+.was-validated .form-control:valid:focus,
+.form-control.is-valid:focus {
+  border-color: var(--nevis-gray-400);
+  box-shadow: unset;
+}
+
+.was-validated textarea.form-control:valid,
+textarea.form-control.is-valid {
+  padding-right: inherit;
+  background-position: inherit;
+}
+
+.was-validated .form-select:valid,
+.form-select.is-valid {
+  border-color: var(--nevis-gray-400);
+}
+
+.was-validated .form-select:valid:not([multiple]):not([size]),
+.was-validated .form-select:valid:not([multiple])[size="1"],
+.form-select.is-valid:not([multiple]):not([size]),
+.form-select.is-valid:not([multiple])[size="1"] {
+  padding-right: inherit;
+  background-image: none;
+  background-position: inherit;
+  background-size: inherit;
+}
+
+.was-validated .form-select:valid:focus,
+.form-select.is-valid:focus {
+  border-color: var(--nevis-gray-400);
+  box-shadow: unset;
+}
+
+.was-validated .form-check-input:valid,
+.form-check-input.is-valid {
+  border-color: var(--nevis-gray-400);
+}
+
+.was-validated .form-check-input:valid:checked,
+.form-check-input.is-valid:checked {
+  background-color: inherit;
+}
+
+.was-validated .form-check-input:valid:focus,
+.form-check-input.is-valid:focus {
+  box-shadow: unset;
+}
+
+.was-validated .form-check-input:valid~.form-check-label,
+.form-check-input.is-valid~.form-check-label {
+  color: inherit;
+}
+
+/* Buttons */
+.btn {
+  display: inline-block;
+  font-weight: 500;
+  line-height: 1.5rem;
+  color: var(--nevis-black);
+  text-align: center;
+  text-decoration: none;
+  vertical-align: middle;
+  cursor: pointer;
+  -webkit-user-select: none;
+  -moz-user-select: none;
+  user-select: none;
+  background-color: transparent;
+  border: 0.0625rem solid transparent;
+  padding: 0.75rem 1.25rem;
+  font-size: 1rem;
+  border-radius: var(--nevis-border-radius);
+  transition: color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
+}
+
+@media (prefers-reduced-motion: reduce) {
+  .btn {
+    transition: none;
+  }
+}
+
+.btn:hover {
+  color: var(--nevis-black);
+}
+
+.btn:disabled,
+.btn.disabled,
+fieldset:disabled .btn {
+  pointer-events: none;
+  opacity: 0.65;
+}
+
+/* remove box-shadows by default, enable later by colors */
+.btn:focus {
+  box-shadow: unset;
+}
+
+.btn-check:checked+.btn-primary:focus,
+.btn-check:active+.btn-primary:focus,
+.btn-primary:active:focus,
+.btn-primary.active:focus,
+.show>.btn-primary.dropdown-toggle:focus {
+  box-shadow: unset;
+}
+
+/* Primary Button */
+.btn-primary {
+  color: var(--nevis-white);
+  background-color: var(--nevis-primary);
+  border-color: var(--nevis-primary);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-primary);
+}
+
+.btn-primary:hover {
+  color: var(--nevis-white);
+  filter: brightness(110%);
+  background-color: var(--nevis-primary);
+  border-color: var(--nevis-primary);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-primary);
+}
+
+.btn-primary:focus {
+  color: var(--nevis-white);
+  background-color: var(--nevis-primary);
+  border-color: var(--nevis-primary);
+  filter: brightness(110%);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-primary);
+}
+
+.btn-primary:active,
+.btn-primary.active {
+  color: var(--nevis-white);
+  background-color: var(--nevis-primary);
+  border-color: var(--nevis-primary);
+  filter: brightness(90%);
+}
+
+.btn-primary:active:focus,
+.btn-primary.active:focus {
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-primary);
+}
+
+.btn-primary:disabled,
+.btn-primary.disabled {
+  color: var(--nevis-secondary);
+  background-color: var(--nevis-gray-100);
+  border-color: var(--nevis-gray-100);
+  box-shadow: none;
+  filter: brightness(1);
+}
+
+/* Secondary Button */
+.btn-secondary {
+  color: var(--nevis-gray-900);
+  background-color: var(--nevis-gray-200);
+  border-color: var(--nevis-gray-200);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-gray-200);
+}
+
+.btn-secondary:hover {
+  color: var(--nevis-gray-900);
+  filter: brightness(110%);
+  background-color: var(--nevis-gray-200);
+  border-color: var(--nevis-gray-200);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-gray-200);
+}
+
+.btn-secondary:focus {
+  color: var(--nevis-gray-900);
+  background-color: var(--nevis-gray-200);
+  border-color: var(--nevis-gray-200);
+  filter: brightness(110%);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-gray-200);
+}
+
+.btn-secondary:active,
+.btn-secondary.active {
+  color: var(--nevis-gray-900);
+  background-color: var(--nevis-gray-200);
+  border-color: var(--nevis-gray-200);
+  filter: brightness(90%);
+}
+
+.btn-secondary:active:focus,
+.btn-secondary.active:focus {
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-gray-200);
+}
+
+.btn-secondary:disabled,
+.btn-secondary.disabled {
+  color: var(--nevis-secondary);
+  background-color: var(--nevis-gray-100);
+  border-color: var(--nevis-gray-100);
+  box-shadow: none;
+  filter: brightness(1);
+}
+
+.btn-link {
+  font-size: 0.875rem !important;
+  vertical-align: baseline;
+  border: none;
+  color: var(--nevis-primary);
+  background: none;
+  text-decoration: none;
+  padding: 0;
+}
+
+/* Componentes */
+.dropdown-toggle::after {
+  display: none !important;
+}
+
+/* Utilities */
+h6,
+.h6,
+h5,
+.h5,
+h4,
+.h4,
+h3,
+.h3,
+h2,
+.h2,
+h1,
+.h1 {
+  margin-top: 0;
+  font-weight: 500;
+  line-height: 1.2;
+}
+
+h1,
+.h1 {
+  font-size: calc(1.375rem + 1.5vw);
+}
+
+@media (min-width: 1200px) {
+
+  h1,
+  .h1 {
+    font-size: 2.5rem;
+  }
+}
+
+h2,
+.h2 {
+  font-size: calc(1.325rem + 0.9vw);
+}
+
+@media (min-width: 1200px) {
+
+  h2,
+  .h2 {
+    font-size: 2rem;
+  }
+}
+
+h3,
+.h3 {
+  font-size: calc(1.3rem + 0.6vw);
+}
+
+@media (min-width: 1200px) {
+
+  h3,
+  .h3 {
+    font-size: 1.75rem;
+  }
+}
+
+h4,
+.h4 {
+  font-size: calc(1.275rem + 0.3vw);
+}
+
+@media (min-width: 1200px) {
+
+  h4,
+  .h4 {
+    font-size: 1.5rem;
+  }
+}
+
+h5,
+.h5 {
+  font-size: 1.25rem;
+}
+
+h6,
+.h6 {
+  font-size: 1rem;
+}
+
+small,
+.small {
+  font-size: 0.875rem !important;
+}
+
+.text-primary {
+  color: var(--nevis-primary) !important;
+}
+
+.text-secondary {
+  color: var(--nevis-secondary) !important;
+}
+
+.text-success {
+  color: var(--nevis-success) !important;
+}
+
+.text-info {
+  color: var(--nevis-info) !important;
+}
+
+.text-warning {
+  color: var(--nevis-warning) !important;
+}
+
+.text-danger {
+  color: var(--nevis-danger) !important;
+}
+
+.text-light {
+  color: var(--nevis-light) !important;
+}
+
+.text-dark {
+  color: var(--nevis-dark) !important;
+}
+
+.text-white {
+  color: var(--nevis-white) !important;
+}
+
+.bg-primary {
+  background-color: var(--nevis-primary) !important;
+}
+
+.bg-secondary {
+  background-color: var(--nevis-secondary) !important;
+}
+
+.bg-success {
+  background-color: var(--nevis-success) !important;
+}
+
+.bg-info {
+  background-color: var(--nevis-info) !important;
+}
+
+.bg-warning {
+  background-color: var(--nevis-warning) !important;
+}
+
+.bg-danger {
+  background-color: var(--nevis-danger) !important;
+}
+
+.bg-light {
+  background-color: var(--nevis-light) !important;
+}
+
+.bg-dark {
+  background-color: var(--nevis-dark) !important;
+}
+
+.bg-body {
+  background-color: var(--nevis-white) !important;
+}
+
+.bg-white {
+  background-color: var(--nevis-white) !important;
+}
+
+.link-primary {
+  color: var(--nevis-primary);
+}
+
+.link-primary:hover,
+.link-primary:focus {
+  color: var(--nevis-primary);
+  filter: brightness(80%);
+}
+
+.link-secondary {
+  color: var(--nevis-secondary);
+}
+
+.link-secondary:hover,
+.link-secondary:focus {
+  color: var(--nevis-secondary);
+  filter: brightness(80%);
+}
+
+.link-success {
+  color: var(--nevis-success);
+}
+
+.link-success:hover,
+.link-success:focus {
+  color: var(--nevis-success);
+  filter: brightness(80%);
+}
+
+.link-info {
+  color: var(--nevis-info);
+}
+
+.link-info:hover,
+.link-info:focus {
+  color: var(--nevis-info);
+  filter: brightness(80%);
+}
+
+.link-warning {
+  color: var(--nevis-warning);
+}
+
+.link-warning:hover,
+.link-warning:focus {
+  color: var(--nevis-warning);
+  filter: brightness(80%);
+}
+
+.link-danger {
+  color: var(--nevis-danger);
+}
+
+.link-danger:hover,
+.link-danger:focus {
+  color: var(--nevis-danger);
+  filter: brightness(80%);
+}
+
+.link-light {
+  color: var(--nevis-light);
+}
+
+.link-light:hover,
+.link-light:focus {
+  color: var(--nevis-light);
+  filter: brightness(80%);
+}
+
+.link-dark {
+  color: var(--nevis-dark);
+}
+
+.link-dark:hover,
+.link-dark:focus {
+  color: var(--nevis-dark);
+  filter: brightness(80%);
+}
+
+.border-primary {
+  border-color: var(--nevis-primary) !important;
+}
+
+.border-secondary {
+  border-color: var(--nevis-secondary) !important;
+}
+
+.border-success {
+  border-color: var(--nevis-success) !important;
+}
+
+.border-info {
+  border-color: var(--nevis-info) !important;
+}
+
+.border-warning {
+  border-color: var(--nevis-warning) !important;
+}
+
+.border-danger {
+  border-color: var(--nevis-danger) !important;
+  border-width: 0.125rem;
+}
+
+.border-light {
+  border-color: var(--nevis-light) !important;
+}
+
+.border-dark {
+  border-color: var(--nevis-dark) !important;
+}
+
+.border-white {
+  border-color: var(--nevis-white) !important;
+}
+
+
+/* EXTENSION PART */
+
+/* Spacing */
+.mt-20 {
+  margin-top: 1.25rem;
+}
+
+.me-5px {
+  margin-right: 0.3125rem;
+}
+
+.my-40 {
+  margin: 2.5rem 0;
+}
+
+.mb-40 {
+  margin-bottom: 2.5rem;
+}
+
+/* Colors */
+
+.text-nevis-blue {
+  color: var(--nevis-blue-600) !important;
+}
+
+.bg-nevis-blue {
+  background-color: var(--nevis-blue-600) !important;
+}
+
+.border-nevis-blue {
+  border-color: var(--nevis-blue-600) !important;
+}
+
+.link-nevis-blue {
+  color: var(--nevis-blue-600);
+}
+
+.link-nevis-blue:hover,
+.link-nevis-blue:focus {
+  color: var(--nevis-blue-600);
+  filter: brightness(80%);
+}
+
+.btn-language-selector {
+  display: inline-flex;
+  justify-content: center;
+  align-items: center;
+  flex-shrink: 0;
+  padding: 0;
+  min-width: 0;
+  box-sizing: border-box;
+  box-shadow: none;
+  font-size: 0.875rem !important;
+  line-height: 1.25rem;
+  font-weight: normal;
+  outline: none;
+  border: none;
+  vertical-align: baseline;
+  text-align: center;
+  background-color: initial;
+  color: var(--nevis-gray-900);
+}
+
+.btn-language-selector:hover {
+  background: initial;
+}
+
+.btn-language-selector:active {
+  background: initial;
+}
+
+.btn-language-selector:focus {
+  box-shadow: none;
+}
+
+.btn-language-selector+.dropdown-menu {
+  min-width: 0;
+  width: 10rem;
+  padding: 0.25rem 0;
+  /* centering the dropdown */
+  margin-left: -0.5rem !important;
+  margin-top: 0.5rem !important;
+  overflow: hidden;
+  box-shadow: 0rem 0rem 0rem 0.0625rem var(--nevis-gray-200),
+    0rem 0.1875rem 1.25rem -0.625rem var(--nevis-gray-900);
+  border-radius: var(--nevis-border-radius);
+  border: 0;
+}
+
+.btn-language-selector+.dropdown-menu>li {
+  overflow: hidden;
+}
+
+.btn-language-selector+.dropdown-menu .dropdown-item {
+  font-style: normal;
+  font-weight: normal;
+  font-size: 0.875rem;
+  line-height: 1.25rem;
+  padding: 0.5rem 1rem;
+  color: var(--nevis-gray-900);
+}
+
+.btn-language-selector+.dropdown-menu .dropdown-item:hover {
+  background: var(--nevis-blue-100);
+}
+
+.btn-language-selector+.dropdown-menu .dropdown-item:focus {
+  background: none;
+}
+
+.btn-language-selector+.dropdown-menu .dropdown-item:active,
+.btn-language-selector+.dropdown-menu .dropdown-item.active {
+  background: var(--nevis-blue-100);
+  filter: brightness(90%);
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/default.css

@@ -1,222 +0,0 @@
-/********************************************************
- * Layout
- ********************************************************/
-
-html { /* magic to position footer */
-	position: relative;
-	min-height: 100%;
-}
-
-body {
-	margin-bottom: 76px; /* == footer height */
-}
-
-.container, .container-fluid {
- 	padding-left: 36px;
-	padding-right: 36px;
-}
-
-nav {
-	min-height: 100px;
-	padding: 36px;
-}
-
-header {
-	margin-bottom: 16px; /* h1.logintitle adds 20px => 36px */
-}
-
-.container {
- 	min-width: 260px;
- 	max-width: 700px;
-}
-
-h1 {
-	margin-bottom: 50px;
-}
-
-footer {
-	width: 100%;
-	position: absolute;
-	bottom: 0;
-	padding: 0 36px;
-}
-
-img {
-	width: 100%;
-}
-
-/********************************************************
- * Header
- ********************************************************/
-
-header .logo {
-	/* width: 20%;*/
-	/*max-width: 600px;*/
-	max-height: 150px;
-	width: auto;
-}
-
-/********************************************************
- * Dropdown
- ********************************************************/
-a.dropdown-toggle {
-	text-decoration: none;
-}
-
-a.dropdown-toggle:hover {
-	color: #168CA9;
-	border-bottom: 3px solid #168CA9;
-}
-
-.dropdown-menu {
-	padding: 5px 0;
-}
-
-.dropdown-menu li > a {
-	padding: 6px 28px;
-}
-
-.dropdown-menu a > .prefix {
-	display: inline-block;
-	min-width: 22px;
-	margin-right: 28px;
-	text-align: right;
-}
-
-/********************************************************
- * Form
- ********************************************************/
-
-/* Labels should not be bold */
-label {
-	font-weight: normal;
-}
-
-/* Make error messages bold */
-.has-error .help-block {
-	font-weight: bold;
-}
-
-/* Change button size, by default 116px in width */
-.btn {
-	min-width: 116px;
-	padding: 3px 12px;
-}
-
-/* Disable gradient in buttons, ughhhh */
-.btn.btn-primary {
-	border-color: transparent;
-	background-image: none;
-	text-shadow: none;
-	box-shadow: none;
-	-webkit-box-shadow: none;
-}
-
-.help-block a, .help-block a:visited {
-	color: #168CA9;
-  font-weight: bold;
-  text-decoration: none;
-}
-
-.help-block a:hover {
-	color: #168CA9;
-  text-decoration: underline;
-}
-
-/********************************************************
- * Footer
- ********************************************************/
-footer .row {
-	margin: 36px 0 0 0;
-	height: 40px;
-	padding-top: 14px;
-	line-height: 26px; /* to center text: height - padding-top = 26px */
-	border-top: 1px solid #168CA9;
-}
-
-footer .row > div { /* Fix alignment between border + text on Bootstrap grid */
-	padding: 0;
-}
-
-footer .logo-round-container {
-	position: relative;
-}
-
-footer .logo-round {
-	position: absolute;
-	left: 0;
-	right: 0;
-	top: -33px; /* found visually with Chrome Dev Tools */
-	height: 36px;
-	width: 36px;
-	border: 1px solid #00868c;
-	border-radius: 18px;
-	background: #fff;
-	padding: 8px;
-}
-
-footer .logo-round > img {
-	display: block;
-}
-
-#dispatchTargets {
-	margin-top: 20px;
-}
-
-/********************************************************
- * Social login
- ********************************************************/
-.btn.line {
-    background-color: transparent;
-    display: block;
-    width: 100%;
-    padding: 0;
-    margin: 1.5em 0 1em;
-    border: 0.5px solid #ccc;
-    pointer-events: none;
-}
-
-.btn.socialLogin {
-    background-color: #fff;
-    border: thin solid #ccc;
-    color: #000;
-    font-weight: 600;
-    position: relative;
-    margin: 5px;
-    min-width: 140px;
-    width: 210px;
-    border-radius: 8px;
-    padding: 8px 12px;
-    text-align: left;
-}
-
-.socialLogin img {
-    width: 1.5em;
-    height: 108%;
-    margin-right: 0.5em;
-}
-
-.btn.apple img {
-    width: 1.2em;
-}
-
-/********************************************************
- * Show password
- ********************************************************/
-.icon-inside {
-  position: relative;
-}
-
-.icon-inside input {
-  padding-right: calc(0.75rem + 1.25rem + 0.75rem);
-}
-
-.icon-inside button {
-  position: absolute;
-  right: 0;
-  top: 0;
-  margin-top: 0.45rem;
-  margin-right: 0.45rem;
-  background: #FFFFFF;
-  border: #FFFFFF;
-}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/display-recovery-codes.js

@@ -0,0 +1,23 @@
+function displayRecoveryCodes() {
+  const recoverCodes = document.getElementById("recovery-codes-raw");
+  // early return if recoverCodes not found
+  if (!recoverCodes) {
+    return;
+  }
+
+  var recoveryCodesContent = recoverCodes.innerHTML;
+  recoveryCodesContent = recoveryCodesContent.replace("[", "");
+  recoveryCodesContent = recoveryCodesContent.replace("]", "");
+  recoveryCodesContent = recoveryCodesContent.split(",");
+  for (let i = 0; i < recoveryCodesContent.length; i++) {
+    if (i % 2 == 0) {
+      document.getElementById("recovery-codes").innerHTML += "<div class=\"recovery-code-gray printable\">" + recoveryCodesContent[i] + "</div>";
+    }
+    else {
+      document.getElementById("recovery-codes").innerHTML += "<div class=\"recovery-code-white printable\">" + recoveryCodesContent[i] + "</div>";
+    }
+  }
+  recoverCodes.remove();
+}
+
+displayRecoveryCodes();

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/download-recovery-codes.js

@@ -0,0 +1,26 @@
+function downloadRecoveryCodes(contentContainerId) {
+  const textToDownload = document.getElementById(contentContainerId).innerText;
+  // It is necessary to create a new blob object with mime-type explicitly set
+  // otherwise only Chrome works like it should
+  const newBlob = new Blob([textToDownload], { type: "text/plain" });
+
+  // IE doesn't allow using a blob object directly as link href
+  // instead it is necessary to use msSaveOrOpenBlob
+  if (window.navigator && window.navigator.msSaveOrOpenBlob) {
+    window.navigator.msSaveOrOpenBlob(newBlob, "recovery-codes.txt");
+    return;
+  }
+
+  // For other browsers:
+  // Create a link pointing to the ObjectURL containing the blob.
+  const data = window.URL.createObjectURL(newBlob);
+  const link = document.createElement("a");
+  link.href = data;
+  link.download = "recovery-codes.txt";
+  link.click();
+  setTimeout(() => {
+    // For Firefox it is necessary to delay revoking the ObjectURL
+    window.URL.revokeObjectURL(data);
+  }, 400);
+  link.remove();
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/dropdown.js

@@ -1,36 +0,0 @@
-(function() {
-  var closeDropdownTimeout;
-
-  function closeDropdown(event) {
-    var dropdowns = document.querySelectorAll('.dropdown');
-    for (var i = 0; i < dropdowns.length; i++) {
-      var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu');
-      if (dropdownMenu.style.display !== 'none' && !dropdowns[i].contains(event.target)) {
-        dropdownMenu.style.display = 'none';
-      }
-    }
-
-    // remove event listener till we have a new dropdown menu open
-    if (document.querySelector('.dropdown-menu:not([style*="display: none"])') === null) {
-      document.removeEventListener('click', closeDropdown);
-    }
-  }
-
-  var dropdowns = document.querySelectorAll('.dropdown');
-  for (var i = 0; i < dropdowns.length; i++) {
-    var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu');
-    dropdownMenu.style.display = 'none'; // ensure menu is initially hidden
-
-    dropdowns[i].addEventListener('click', function(e) {
-      // show dropdown menu
-      var dropdownMenu = this.querySelector('.dropdown-menu');
-      dropdownMenu.style.display = 'block';
-
-      // handle clicking away
-      clearTimeout(closeDropdownTimeout);
-      closeDropdownTimeout = setTimeout(function() {
-        document.addEventListener('click', closeDropdown);
-      }, 10);
-    });
-  }
-}());

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/e2eenc.js

@@ -1,98 +0,0 @@
-var e2eenc = function() {
-
-	this.encryptForm = function(algoString, formId) {
-		// TODO: in case of an error we should return false, to prevent the for to be submitted
-		//       or replace the fields with dummy values, just to prevent the the transmission
-		//       of unencrypted values
-		
-
-		// create the array of input fields to encrypt (needs to be done before setting the form
-		// invisible
-		var fieldsToEncrypt = new Array();
-		$.each($("form input:visible"), function(index, _inputField) { fieldsToEncrypt.push($(_inputField));});
-
-		// hide the form, and display the splash screen
-		$('#loginform').css('display','none');
-		$('#e2eeSplashScreen').css('display','block');
-
-		// encryption logic
-		var pubKey = $("input[name='e2eenc.publicKey']").val();
-
-		var kemSessionKey = readPublicKeyAndGenerateSessionKey(pubKey)
-		var iv = forge.random.getBytesSync(16);
-		keyB64 = forge.util.encode64(kemSessionKey.key);
-		encapsulationB64 = forge.util.encode64(kemSessionKey.encapsulation);
-		ivB64 = forge.util.encode64(iv);
-
-		//console.log("Encrypting form " + formId + " (" + algoString + ")");
-		var fields = "";
-		$.each(fieldsToEncrypt, function(index, _inputField) {
-			var inputField = $(_inputField);
-			if (inputField.attr("type") == "text" || inputField.attr("type") == "password") {
-				//console.log("Encrypting field " + JSON.stringify(inputField));
-				var plainValue = inputField.val();
-
-				var encryptedValueB64 = encrypt(kemSessionKey, iv, plainValue);
-				//console.log("Setting encrypted value in b64: " + encryptedValueB64);
-				inputField.val(encryptedValueB64);
-				if (fields.length > 0) {
-					fields = fields + ","
-				}
-				fields = fields + inputField.attr("name");
-			}
-		});
-		$("input[name='e2eenc.iv']").val(ivB64);
-		$("input[name='e2eenc.encapsulation']").val(encapsulationB64);
-		$("input[name='e2eenc.fields']").val(fields);
-	}
-
-	function getRSApublicKey(pem) {
-	    //console.log("PEM: " + pem);
-
-	    var msg = forge.pem.decode(pem)[0];
-
-	    //console.log("msg type: " + msg.type);
-
-	    if(msg.procType && msg.procType.type === 'ENCRYPTED') {
-		throw new Error('Could not retrieve RSA public key from PEM; PEM is encrypted.');
-	    }
-
-	    // convert DER to ASN.1 object
-	    var asn1obj = forge.asn1.fromDer(msg.body);
-	    //console.log("ASN.1 obj: " + JSON.stringify(asn1obj))
-
-	    var pubKey = forge.pki.publicKeyFromAsn1(asn1obj)
-	    //console.log("PubKey: " + JSON.stringify(pubKey))
-	    return pubKey;
-	}
-
-	function generateKEMSessionKey(rsaPublicKey) {
-	    // generate key-derivation-function and initializes it with sha1
-	    var kdf1 = new forge.kem.kdf1(forge.md.sha1.create());
-	    // creates a KEM function based on the key-derivation-function created above
-	    var kem = forge.kem.rsa.create(kdf1);
-	    // generate and encapsulate a 16-byte secret key. 
-	    // The secret key is generated using the kdf defined above.
-	    var kemSessionKey = kem.encrypt(rsaPublicKey, 16);
-	    // kemSessionKey has 'encapsulation' (= pub key) and 'key' (= generated secret key)
-	    return kemSessionKey;
-	}
-
-	function readPublicKeyAndGenerateSessionKey(pem) {
-	    var rsaPublicKey = getRSApublicKey(pem);
-	    //console.log("PubKey: " + JSON.stringify(rsaPublicKey))
-	    var kemSessionKey = generateKEMSessionKey(rsaPublicKey);
-	    //console.log("KEM session key: " + JSON.stringify(kemSessionKey))
-	    return kemSessionKey;
-	}
-
-	function encrypt(kemSessionKey, iv, msg) {
-		var cipher = forge.cipher.createCipher('AES-CBC', kemSessionKey.key);
-		cipher.start({iv: iv});
-		cipher.update(forge.util.createBuffer(msg, 'utf-8'));
-		cipher.finish();
-		var encrypted = cipher.output.getBytes();
-		encryptedB64 = forge.util.encode64(encrypted);
-		return encryptedB64;
-	}
-};

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/exclamation.svg

@@ -0,0 +1,3 @@
+<svg width="10" height="9" viewBox="0 0 10 9" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M3.95423 0.859245C4.413 0.0436633 5.58725 0.0436629 6.04602 0.859245L9.3942 6.81157C9.84416 7.61149 9.2661 8.59988 8.34831 8.59988H1.65194C0.734151 8.59988 0.156094 7.61149 0.606052 6.81157L3.95423 0.859245ZM5.60007 6.79995C5.60007 7.13132 5.33144 7.39995 5.00007 7.39995C4.6687 7.39995 4.40007 7.13132 4.40007 6.79995C4.40007 6.46858 4.6687 6.19995 5.00007 6.19995C5.33144 6.19995 5.60007 6.46858 5.60007 6.79995ZM5.00007 1.99995C4.6687 1.99995 4.40007 2.26858 4.40007 2.59995V4.39995C4.40007 4.73132 4.6687 4.99995 5.00007 4.99995C5.33144 4.99995 5.60007 4.73132 5.60007 4.39995V2.59995C5.60007 2.26858 5.33144 1.99995 5.00007 1.99995Z" fill="#F25562"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/eye-off.svg

@@ -1,3 +1,3 @@
 <svg width="22" height="20" viewBox="0 0 22 20" fill="none" xmlns="http://www.w3.org/2000/svg">
-    <path d="M2 1L5.58916 4.58916M20 19L16.4112 15.4112M12.8749 16.8246C12.2677 16.9398 11.6411 17 11.0005 17C6.52281 17 2.73251 14.0571 1.45825 9.99997C1.80515 8.8955 2.33851 7.87361 3.02143 6.97118M8.87868 7.87868C9.42157 7.33579 10.1716 7 11 7C12.6569 7 14 8.34315 14 10C14 10.8284 13.6642 11.5784 13.1213 12.1213M8.87868 7.87868L13.1213 12.1213M8.87868 7.87868L5.58916 4.58916M13.1213 12.1213L5.58916 4.58916M13.1213 12.1213L16.4112 15.4112M5.58916 4.58916C7.14898 3.58354 9.00656 3 11.0004 3C15.4781 3 19.2684 5.94291 20.5426 10C19.8357 12.2507 18.3545 14.1585 16.4112 15.4112" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M2 1L5.58916 4.58916M20 19L16.4112 15.4112M12.8749 16.8246C12.2677 16.9398 11.6411 17 11.0005 17C6.52281 17 2.73251 14.0571 1.45825 9.99997C1.80515 8.8955 2.33851 7.87361 3.02143 6.97118M8.87868 7.87868C9.42157 7.33579 10.1716 7 11 7C12.6569 7 14 8.34315 14 10C14 10.8284 13.6642 11.5784 13.1213 12.1213M8.87868 7.87868L13.1213 12.1213M8.87868 7.87868L5.58916 4.58916M13.1213 12.1213L5.58916 4.58916M13.1213 12.1213L16.4112 15.4112M5.58916 4.58916C7.14898 3.58354 9.00656 3 11.0004 3C15.4781 3 19.2684 5.94291 20.5426 10C19.8357 12.2507 18.3545 14.1585 16.4112 15.4112" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
 </svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/eye.svg

@@ -1,4 +1,4 @@
 <svg width="22" height="16" viewBox="0 0 22 16" fill="none" xmlns="http://www.w3.org/2000/svg">
-    <path d="M14 8C14 9.65685 12.6569 11 11 11C9.34315 11 8 9.65685 8 8C8 6.34315 9.34315 5 11 5C12.6569 5 14 6.34315 14 8Z" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
-    <path d="M1.45825 7.99997C2.73253 3.94288 6.52281 1 11.0004 1C15.4781 1 19.2684 3.94291 20.5426 8.00004C19.2684 12.0571 15.4781 15 11.0005 15C6.52281 15 2.73251 12.0571 1.45825 7.99997Z" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M14 8C14 9.65685 12.6569 11 11 11C9.34315 11 8 9.65685 8 8C8 6.34315 9.34315 5 11 5C12.6569 5 14 6.34315 14 8Z" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M1.45825 7.99997C2.73253 3.94288 6.52281 1 11.0004 1C15.4781 1 19.2684 3.94291 20.5426 8.00004C19.2684 12.0571 15.4781 15 11.0005 15C6.52281 15 2.73251 12.0571 1.45825 7.99997Z" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
 </svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/face.svg

@@ -0,0 +1,10 @@
+<svg width="80" height="80" viewBox="0 0 80 80" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M54 10H62C66.4183 10 70 13.5817 70 18V26" stroke="#168CA9" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M10 26L10 18C10 13.5817 13.5817 10 18 10L26 10" stroke="#168CA9" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M26 70L18 70C13.5817 70 10 66.4183 10 62L10 54" stroke="#168CA9" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M70 54L70 62C70 66.4183 66.4183 70 62 70L54 70" stroke="#168CA9" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<circle cx="40" cy="40" r="22" stroke="#168CA9" stroke-width="4"/>
+<path d="M48 48.5C43.5817 53.8333 36.4183 53.8333 32 48.5" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<rect x="49" y="35" width="1" height="4" rx="0.5" stroke="#168CA9" stroke-width="4"/>
+<rect x="30" y="35" width="1" height="4" rx="0.5" stroke="#168CA9" stroke-width="4"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/facebook.svg

@@ -0,0 +1,4 @@
+<svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M18 9.00002C18 4.02945 13.9706 2.09808e-05 9 2.09808e-05C4.02943 2.09808e-05 0 4.02945 0 9.00002C0 13.4922 3.29117 17.2155 7.59375 17.8907V11.6016H5.30859V9.00002H7.59375V7.01721C7.59375 4.76158 8.93739 3.51565 10.9932 3.51565C11.9779 3.51565 13.0078 3.69143 13.0078 3.69143V5.90627H11.8729C10.7549 5.90627 10.4062 6.60003 10.4062 7.31176V9.00002H12.9023L12.5033 11.6016H10.4062V17.8907C14.7088 17.2155 18 13.4922 18 9.00002Z" fill="#1877F2"/>
+<path d="M12.5033 11.6016L12.9024 9.00006H10.4063V7.3118C10.4063 6.60007 10.7549 5.90631 11.873 5.90631H13.0078V3.69147C13.0078 3.69147 11.9779 3.51569 10.9932 3.51569C8.9374 3.51569 7.59376 4.76162 7.59376 7.01725V9.00006H5.30859V11.6016H7.59376V17.8907C8.05197 17.9626 8.52161 18.0001 9.00001 18.0001C9.47842 18.0001 9.94806 17.9626 10.4063 17.8907V11.6016H12.5033Z" fill="white"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/fido2_auth.js

@@ -2,13 +2,13 @@
   'use strict'
 
   async function assertion(options) {
-    let credential;
+    let assertion;
     try {
-      credential = await navigator.credentials.get({ "publicKey": options });
-    }
+      assertion = await navigator.credentials.get({ "publicKey": options });
+    } 
     // Cancel and timeout can occur besides error
     catch (error) {
-      console.error(`Failed to get WebAuthn credential: ${error}`);
+      console.error(`Error while trying to collect WebAuthn credential. ${error}`);
       throw error;
     }
     // as this is the last call we have to do a top-level request instead of AJAX
@@ -16,18 +16,19 @@
     form.method = "POST";
     form.style.display = "none";
     addInput(form, "path", "/nevisfido/fido2/assertion/result")
-    addInput(form, "id", credential.id);
-    addInput(form, "type", credential.type);
-    addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON));
-    addInput(form, "response.authenticatorData", base64url.encode(credential.response.authenticatorData));
-    addInput(form, "response.signature", base64url.encode(credential.response.signature));
+    addInput(form, "id", assertion.id);
+    addInput(form, "type", assertion.type);
+    addInput(form, "response.clientDataJSON", base64url.encode(assertion.response.clientDataJSON));
+    addInput(form, "response.authenticatorData", base64url.encode(assertion.response.authenticatorData));
+    addInput(form, "response.signature", base64url.encode(assertion.response.signature));
     document.body.appendChild(form);
     form.submit();
   }
-
+  
   function authenticate() {
     // WebAuthn feature detection
-    if (!isWebAuthnSupportedByTheBrowser()) {
+    if(!isWebAuthnSupportedByTheBrowser()) {
+      // Trigger `Login Passwordless Fallback` pattern
       cancelFido2();
       return;
     };
@@ -50,9 +51,11 @@
         c.id = base64url.decode(c.id);
         return c;
       });
+        
       return assertion(options);
     }).catch((error) => {
-      console.error(`Error during FIDO2 authentication: ${error}`);
+      console.error(`Error at fido2 authentication: ${error}`);
+      // Trigger `Login Passwordless Fallback` pattern
       cancelFido2();
     });
   }

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/fido2_check.js

@@ -0,0 +1,25 @@
+function submit(result) {
+    // we have to do a top-level request instead of AJAX
+    const form = document.createElement("form");
+    form.method = "POST";
+    form.style.display = "none";
+
+    addInput(form, "result", result)
+
+    document.body.appendChild(form);
+
+    form.submit();
+}
+
+function check() {
+  if (isWebAuthnSupportedByTheBrowser()) {
+    submit("ok");
+  }
+  else {
+    submit("error");
+  }
+}
+
+window.onload = () => {
+  check();
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/fido2_onboard.js

@@ -31,7 +31,7 @@ async function attestation(options) {
   form.submit();
 }
 
-function start() {
+function startFido2() {
 
   if (!isWebAuthnSupportedByTheBrowser()) {
     dispatch("unsupported");

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/fido2_utils.js

@@ -1,10 +1,3 @@
-function addInput(form, name, value) {
-    const input = document.createElement("input");
-    input.name = name;
-    input.value = value;
-    form.appendChild(input);
-}
-
 /**
  * Checks whether WebAuthn is supported by the browser or not.
  * @return true if supported, false if it is not supported or not in secure context
@@ -23,7 +16,7 @@ function isWebAuthnSupportedByTheBrowser() {
 }
 
 /**
- * Trigger on cancel pattern of the FIDO2 authentication step.
+ * Trigger on cancel pattern at the FIDO2 authentication flow.
  * 
  * Provides an alternative when the user decides to 
  * cancel the fido2 credential operation(create or fetch) or
@@ -34,7 +27,10 @@ function cancelFido2() {
   const form = document.createElement("form");
   form.method = "POST";
   form.style.display = "none";
+
   addInput(form, "cancel_fido2", "true");
+
   document.body.appendChild(form);
+
   form.submit();
 }

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/finger.svg

@@ -0,0 +1,9 @@
+<svg width="80" height="80" viewBox="0 0 80 80" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M56.2789 49.5761C56.2789 40.4331 48.8671 33.0213 39.7242 33.0213C30.5813 33.0213 23.1694 40.4331 23.1694 49.5761C23.1694 62.2356 32.2583 70.0261 32.2583 70.0261" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<path d="M47.8393 49.5763C47.8393 45.0945 44.206 41.4612 39.7242 41.4612C35.2424 41.4612 31.6091 45.0945 31.6091 49.5763C31.6091 62.5604 41.6718 68.7279 48.8131 71.0001" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<path d="M64.7191 49.5748C64.7191 35.7707 53.5287 24.5803 39.7247 24.5803C25.9206 24.5803 14.7302 35.7707 14.7302 49.5748C14.7302 55.093 17.0024 60.6113 17.0024 60.6113" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<path d="M66.4485 31.0739C60.6836 22.4617 50.8661 16.7914 39.7242 16.7914C28.5824 16.7914 18.7649 22.4617 13 31.0739" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<path d="M58.1132 13.5444C52.623 10.6428 46.3652 9 39.724 9C33.0827 9 26.825 10.6428 21.3347 13.5444" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<path d="M64.7185 49.2502C64.7185 53.5527 60.9399 57.0407 56.2788 57.0407C51.6177 57.0407 47.8391 53.5527 47.8391 49.2502" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<path d="M58.8764 63.8706C57.8276 64.075 56.7421 64.1823 55.6304 64.1823C47.1222 64.1823 40.1431 57.8973 39.4558 49.8997" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/icons/apple/black.svg

@@ -1 +0,0 @@
-<svg width="842" height="1e3" xmlns="http://www.w3.org/2000/svg"><path d="M702 960c-54.2 52.6-114 44.4-171 19.6-60.6-25.3-116-26.9-180 0-79.7 34.4-122 24.4-170-19.6-271-279-231-704 77-720 74.7 4 127 41.3 171 44.4 65.4-13.3 128-51.4 198-46.4 84.1 6.8 147 40 189 99.7-173 104-132 332 26.9 396-31.8 83.5-72.6 166-141 227zM423 237C414.9 113 515.4 11 631 1c15.9 143-130 250-208 236z"/></svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/icons/microsoft/microsoft.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" aria-label="Microsoft" role="img" viewBox="0 0 512 512"><rect width="512" height="512" rx="15%" fill="#fff"/><path d="M75 75v171h171v-171z" fill="#f25022"/><path d="M266 75v171h171v-171z" fill="#7fba00"/><path d="M75 266v171h171v-171z" fill="#00a4ef"/><path d="M266 266v171h171v-171z" fill="#ffb900"/></svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/info.svg

@@ -0,0 +1,3 @@
+<svg width="64" height="64" viewBox="0 0 64 64" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M32 18.6667V32M32 45.3333H32.0333M62 32C62 48.5685 48.5685 62 32 62C15.4315 62 2 48.5685 2 32C2 15.4315 15.4315 2 32 2C48.5685 2 62 15.4315 62 32Z" stroke="#EFBA00" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/link.svg

@@ -0,0 +1,3 @@
+<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+    <path d="M6.3335 2.99992H3.00016C2.07969 2.99992 1.3335 3.74611 1.3335 4.66659V12.9999C1.3335 13.9204 2.07969 14.6666 3.00016 14.6666H11.3335C12.254 14.6666 13.0002 13.9204 13.0002 12.9999V9.66659M9.66683 1.33325H14.6668M14.6668 1.33325V6.33325M14.6668 1.33325L6.3335 9.66659" stroke="#168CA9" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/main.css

@@ -0,0 +1,429 @@
+html,
+body {
+  height: 100%;
+}
+
+body {
+  font-family: var(--nevis-font-sans-serif);
+  font-size: 0.875rem;
+  color: var(--nevis-gray-900);
+  display: flex;
+  align-items: center;
+  padding-top: 2.5rem;
+  padding-bottom: 2.5rem;
+  background-color: #d1d5d6;
+}
+
+a {
+  text-decoration: none;
+  color: var(--nevis-primary);
+}
+
+/* add icon for links to external sites */
+a[rel~="external"]::after {
+  content: url("link.svg");
+  padding-left: 7px;
+  vertical-align: -2px;
+}
+
+/* Chrome, Safari, Edge, Opera */
+input::-webkit-outer-spin-button,
+input::-webkit-inner-spin-button {
+  -webkit-appearance: none;
+  margin: 0;
+}
+
+/* Firefox */
+input[type="number"] {
+  -moz-appearance: textfield;
+}
+
+button:disabled {
+  cursor: not-allowed;
+  pointer-events: all !important;
+}
+
+label {
+  font-size: 0.75rem;
+}
+
+span.text-secondary>div {
+  display: inline-block;
+}
+
+/* Screen specific CSS */
+.login-container {
+  width: 100%;
+  max-width: 22.5rem;
+  margin: auto;
+  background-color: var(--nevis-gray-100);
+  box-shadow: 0rem 0.625rem 2.5rem rgba(31, 47, 51, 0.2);
+  border-radius: 1.25rem;
+}
+
+.login-container-header {
+  padding: 1.25rem;
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+}
+
+.login-container-minimal-header {
+  padding: 1.25rem;
+}
+
+.login-container-body {
+  background: #ffffff;
+  box-shadow: 0rem 0.625rem 2.5rem rgba(31, 47, 51, 0.2);
+  border-radius: 1.25rem;
+  min-height: 31.25rem;
+}
+
+.login-container-body-content {
+  padding: 2.5rem;
+}
+
+.login-container-body-content>.input-error~.input-error {
+  margin-top: 0;
+}
+
+.brand-name {
+  font-size: 1rem;
+  word-wrap: break-word;
+}
+
+.sub-title {
+  font-style: normal;
+  font-weight: 400;
+  font-size: 1rem;
+  line-height: 1.375rem;
+  text-align: center;
+}
+
+.sub-icon {
+  font-style: normal;
+  font-weight: 400;
+  font-size: 1rem;
+  margin-top: 1rem;
+  text-align: center;
+}
+
+.horizontal-line {
+  display: flex;
+  flex-direction: row;
+}
+
+.horizontal-line:before,
+.horizontal-line:after {
+  content: "";
+  flex: 1 1;
+  border-bottom: 0.0625rem solid var(--nevis-gray-200);
+  margin: auto;
+}
+
+.horizontal-line:before {
+  margin-right: 0.625rem;
+  margin-left: -2.5rem;
+}
+
+.horizontal-line:after {
+  margin-left: 0.625rem;
+  margin-right: -2.5rem;
+}
+
+.register-spacing {
+  margin-top: 2rem;
+  margin-bottom: 2.75rem;
+}
+
+.social-login-buttons {
+  display: flex;
+  flex-direction: column;
+  gap: 0.75rem;
+}
+
+.social-login-button {
+  background: none;
+  flex-grow: 1;
+  display: flex;
+  flex-direction: row;
+  justify-content: center;
+  align-items: center;
+  padding: 0.375rem 1.125rem;
+  width: 100%;
+  height: 2.5rem;
+  border: 0.0625rem solid var(--nevis-gray-200);
+  box-sizing: border-box;
+  border-radius: 0.625rem;
+  gap: 0.625rem;
+}
+
+.icon-inside {
+  position: relative;
+}
+
+.icon-inside input {
+  padding-right: calc(0.75rem + 1.25rem + 0.75rem);
+}
+
+.icon-inside button {
+  position: absolute;
+  right: 0;
+  top: 0;
+  margin-top: 0.3125rem;
+  margin-right: 0.75rem;
+}
+
+.icon-button {
+  display: inline-flex;
+  justify-content: center;
+  align-items: center;
+  flex-shrink: 0;
+  width: 1.875rem;
+  height: 1.875rem;
+  padding: 0;
+  margin: 0;
+  min-width: 0;
+  border-radius: 50%;
+  box-sizing: border-box;
+  box-shadow: none;
+  font-size: inherit;
+  font-weight: 500;
+  cursor: pointer;
+  outline: none;
+  border: none;
+  vertical-align: baseline;
+  text-align: center;
+  background-color: initial;
+}
+
+.icon-button:hover {
+  background: var(--nevis-gray-200);
+}
+
+.icon-button:active {
+  background: var(--nevis-gray-300);
+}
+
+.icon-button.nevis-blue-icon:hover {
+  background: var(--nevis-blue-icon-hover-bg-color);
+}
+
+.icon-button.nevis-blue-icon:active {
+  background: var(--nevis-blue-icon-active-bg-color);
+}
+
+.h-icon-button {
+  min-height: 1.875rem;
+}
+
+.max-w-full {
+  max-width: 100%;
+}
+
+.verification-code-wrapper {
+  display: flex;
+  flex-direction: row;
+  align-items: center;
+  justify-content: center;
+}
+
+.verification-code-label {
+  font-size: 1.125rem;
+  line-height: 1.5rem;
+  margin-right: 0.25rem;
+}
+
+.verification-code-input {
+  text-align: center;
+  max-width: 8.75rem;
+  letter-spacing: 0.5rem;
+  text-indent: 0.25rem;
+}
+
+.hidden-verification-code-submit-button {
+  overflow: visible !important;
+  height: 0 !important;
+  width: 0 !important;
+  margin: 0 !important;
+  border: 0 !important;
+  padding: 0 !important;
+  display: block !important;
+}
+
+.totp-code-wrapper {
+  display: flex;
+  flex-direction: row;
+  align-items: center;
+  justify-content: center;
+  margin: 2.5rem 0;
+}
+
+.totp-code-input {
+  text-align: left;
+  max-width: 8.75rem;
+  letter-spacing: 0.5rem;
+  text-indent: 0.25rem;
+}
+
+.hidden {
+  display: none !important;
+}
+
+.success-icon {
+  text-align: center !important;
+  margin-top: 5.625rem;
+  margin-bottom: 11.75rem;
+}
+
+.btn-selection-item {
+  display: flex;
+  flex-direction: row;
+  align-items: center;
+  justify-content: space-between;
+  padding: 0.5rem 0rem;
+  gap: 0.5rem;
+
+  border: 0.0625rem solid var(--nevis-gray-200);
+  border-left-width: 0;
+  border-right-width: 0;
+}
+
+.btn-selection-item+.btn-selection-item {
+  border-top-width: 0;
+}
+
+.btn-selection-item:first-of-type {
+  margin-top: 1.5rem;
+}
+
+.btn-selection-item:last-of-type {
+  margin-bottom: 1.5rem;
+}
+
+.btn-selection-item .selection-label {
+  color: var(--nevis-dark) !important;
+  font-weight: 500;
+  font-size: 0.875rem;
+  line-height: 1.25rem;
+}
+
+.btn-selection-item .selection-description {
+  color: var(--nevis-gray-500) !important;
+  font-weight: 400;
+  font-size: 0.75rem;
+  line-height: 1.125rem;
+}
+
+/* Passwordless */
+
+/* Access App*/
+.access-app-download-link-mobile-spacing {
+  margin-top: 5rem;
+  margin-bottom: 5rem;
+}
+
+/* add rounded border corners around QR code */
+#authcloud_dispatch,
+#authcloud_dispatch>#qr-code-wrapper {
+  position: relative;
+  display: block;
+}
+
+#authcloud_dispatch:not(.mobile-platform):before,
+#authcloud_dispatch:not(.mobile-platform):after,
+#authcloud_dispatch>#qr-code-wrapper:before,
+#authcloud_dispatch>#qr-code-wrapper:after {
+  position: absolute;
+  width: 1.875rem;
+  height: 1.875rem;
+  border-color: var(--nevis-primary);
+  border-style: solid;
+  z-index: 1;
+  content: " ";
+}
+
+#authcloud_dispatch:before {
+  top: 0.5rem;
+  left: 0.5rem;
+  border-width: 0.1875rem 0 0 0.1875rem;
+  border-top-left-radius: 1rem;
+}
+
+#authcloud_dispatch:after {
+  top: 0.5rem;
+  right: 0.5rem;
+  border-width: 0.1875rem 0.1875rem 0 0;
+  border-top-right-radius: 1rem;
+}
+
+#authcloud_dispatch>#qr-code-wrapper:before {
+  bottom: 0.5rem;
+  right: 0.5rem;
+  border-width: 0 0.1875rem 0.1875rem 0;
+  border-bottom-right-radius: 1rem;
+}
+
+#authcloud_dispatch>#qr-code-wrapper:after {
+  bottom: 0.5rem;
+  left: 0.5rem;
+  border-width: 0 0 0.1875rem 0.1875rem;
+  border-bottom-left-radius: 1rem;
+}
+
+.recovery-code-input {
+  text-align: left;
+  letter-spacing: 0.1875rem;
+  font-family: monospace;
+}
+
+.recovery-codes-wrapper {
+  height: 9rem;
+  text-align: center;
+  overflow-y: auto;
+  margin-bottom: 1rem;
+  /* Firefox */
+  scrollbar-color: var(--nevis-gray-300) #ffffff;
+  scrollbar-width: thin;
+  border: 1px solid lightgray;
+  border-radius: 0.5rem;
+}
+
+.recovery-codes-wrapper::-webkit-scrollbar {
+  width: 0.25rem;
+}
+
+.recovery-codes-wrapper::-webkit-scrollbar-track {
+  background: #ffffff;
+}
+
+.recovery-codes-wrapper::-webkit-scrollbar-thumb {
+  background: var(--nevis-gray-300);
+  border-radius: 0.125rem;
+}
+
+.recovery-codes-wrapper::-webkit-scrollbar-thumb:hover {
+  background: var(--nevis-gray-400);
+}
+
+.recovery-code-gray {
+  background: var(--nevis-gray-100);
+  font-size: 0.875rem;
+  line-height: 1.25rem;
+  font-family: monospace;
+  letter-spacing: 0.1875rem;
+}
+
+.recovery-code-white {
+  background: #ffffff;
+  font-size: 0.875rem;
+  line-height: 1.25rem;
+  font-family: monospace;
+  letter-spacing: 0.1875rem;
+}
+
+button.btn-recovery-code {
+  line-height: 0.75rem;
+  margin-top: 0.7rem;
+  width: 100%;
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/mauth_usernameless.js

@@ -110,13 +110,15 @@
                 if (status == 'clientAuthenticating') {
                     // show process icon
                     document.getElementById("mauth_loading").style.display = 'block';
+                    // hide QR code and info message
                     document.getElementById("mauth_qrcode").style.display = 'none';
+                    document.getElementById("mauth_qrcode_info").style.display = 'none';
                 }
                 if (status == 'succeeded') {
                     clearInterval(statusPolling);
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
-                    addInput(form, "continue", "true"); // required for custom dispatching in usernameless
+                    addInput(form, "fidoUafDone", "true"); // required for custom dispatching in usernameless
                     document.body.appendChild(form);
                     form.submit();
                 } else if (status == 'failed' || status == 'unknown') {

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/microsoft.svg

@@ -0,0 +1,7 @@
+<svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+    <path fill="#f3f3f3" d="M0 0h18v18H0z"/>
+    <path fill="#f35325" d="M1 1h8v8H1z"/>
+    <path fill="#81bc06" d="M10 1h8v8H10z"/>
+    <path fill="#05a6f0" d="M1 10h8v8H1z"/>
+    <path fill="#ffba08" d="M10 10h8v8H10z"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/oauth_consent.js

@@ -1,43 +1,50 @@
-// display oauth scopes listed in input field 'consentInformation'
-// change 'consentInformation' and 'scope_name' to the values used in your configuration.
-$(function() {
-
-    var consentInformationFieldName = "consentInformation"; // name of the input field from which to parse the value as the consent information JSON
-    var scopeDescriptionSource = "scope_name";              // key of the field in the consent information JSON of which to get the value as the scope description
+document.addEventListener("DOMContentLoaded", function () {
+    const consentInformationFieldName = "consentInformation"; // Input field name
+    const scopeDescriptionSource = "scope_name"; // JSON key for scope description
 
     function displayOAuthScopesConsent() {
-        var jsonData = parseJson();
+        const jsonData = parseJson();
         if (jsonData !== undefined) {
-            mapJsonToHtml(jsonData)
+            mapJsonToHtml(jsonData);
         }
     }
 
     function mapJsonToHtml(jsonData) {
         mapJsonToHtmlScopeList("listOfRequestedScopesWithExistingConsent", jsonData.requestedScopesWithExistingConsent, "Already accepted scopes:");
-        mapJsonToHtmlScopeList("listOfRequestedScopes", jsonData.requestedScopesRequiringConsent, "Requested scopes that require a consent:");
+        mapJsonToHtmlScopeList("listOfRequestedScopes", jsonData.requestedScopesRequiringConsent, "Requested scopes that require consent:");
     }
 
     function mapJsonToHtmlScopeList(elementId, scopeInformation, title) {
-        if (scopeInformation !== undefined && Object.keys(scopeInformation).length > 0) {
-            $("input[name=" + consentInformationFieldName +"]").after("<p style='margin-top: 0.5em'>" + title + "</p><div class='scopeinfobox'><ul id='" + elementId + "' /> </div>");
-            jQuery.each(scopeInformation, function(key,value) {
-                var scopeDescription = value[scopeDescriptionSource];
-                if (scopeDescription) {
-                    $("#" + elementId).append('<li>' + scopeDescription + '</li>');
-                } else {
-                    $("#" + elementId).append('<li>' + key + '</li>');
+        if (scopeInformation && Object.keys(scopeInformation).length > 0) {
+            const consentInput = document.querySelector(`input[name="${consentInformationFieldName}"]`);
+            if (consentInput) {
+                const container = document.createElement("div");
+                container.innerHTML = `<p style='margin-top: 0.5em'>${title}</p><div class='scopeinfobox'><ul id='${elementId}'></ul></div>`;
+                consentInput.insertAdjacentElement("afterend", container);
+
+                const ulElement = document.getElementById(elementId);
+                for (const key in scopeInformation) {
+                    if (scopeInformation.hasOwnProperty(key)) {
+                        const scopeDescription = scopeInformation[key][scopeDescriptionSource] || key;
+                        const li = document.createElement("li");
+                        li.textContent = scopeDescription;
+                        ulElement.appendChild(li);
+                    }
                 }
-            });
+            }
         }
     }
 
     function parseJson() {
-        var consentInformationField = $("input[name=" +consentInformationFieldName +"]");
-        if (consentInformationField.length > 0) {
-            return JSON.parse(consentInformationField.val());
+        const consentInformationField = document.querySelector(`input[name="${consentInformationFieldName}"]`);
+        if (consentInformationField) {
+            try {
+                return JSON.parse(consentInformationField.value);
+            } catch (e) {
+                console.error("Invalid JSON in consent information field:", e);
+            }
         }
     }
 
     displayOAuthScopesConsent();
 });
-

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/passkey_autofill.js

@@ -0,0 +1,44 @@
+(function() {
+  'use strict'
+
+  async function submit(assertion) {
+    // as this is the last call we have to do a top-level request instead of AJAX
+    const form = document.createElement("form");
+    form.method = "POST";
+    form.style.display = "none";
+    addInput(form, "path", "/nevisfido/fido2/assertion/result")
+    addInput(form, "id", assertion.id);
+    addInput(form, "type", assertion.type);
+    console.log("assertion response:", assertion.response);
+    addInput(form, "response.clientDataJSON", assertion.response.clientDataJSON);
+    addInput(form, "response.authenticatorData", assertion.response.authenticatorData);
+    addInput(form, "response.signature", assertion.response.signature);
+    addInput(form, "response.userHandle", assertion.response.userHandle);
+    document.body.appendChild(form);
+    form.submit();
+  }
+
+  function authenticate() {
+    const hiddenField = document.querySelector("input[name='fido2_attestation_options']");
+    if (hiddenField && hiddenField.value) {
+        try {
+            const options = JSON.parse(hiddenField.value);
+            console.log("parsed attestation options:", JSON.stringify(options));
+
+            SimpleWebAuthnBrowser.startAuthentication({ optionsJSON: options, useBrowserAutofill: true })
+                .then(assertionResponse => {
+                    console.log("Authentication successful:", JSON.stringify(assertionResponse));
+                    submit(assertionResponse);
+                })
+                .catch(error => {
+                    console.log(`Passkey autofill skipped: ${error}`);
+                });
+        } catch (error) {
+            console.error("Error parsing fido2_attestation_options:", error);
+        }
+    } else {
+        console.log("Passkey autofill is disabled.");
+    }
+  }
+  authenticate();
+})();

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/print.css

@@ -0,0 +1,67 @@
+@media print {
+   /* general printing rules */
+
+    body {
+      margin: 0;
+      color: #000000 !important;
+      background-color: #ffffff !important;
+
+      font-size: 12pt;
+      font-family: georgia, times, serif;
+
+      box-shadow: none !important;
+    }
+
+    header, footer, aside, nav, button, h1, h2, h3, h4, h5, h6 {
+      display: none;
+    }
+
+    main {
+      max-width: 100%;
+      box-shadow: none !important;
+    }
+
+    .printable {
+      display: block;
+    }
+
+    div:not(.printable) {
+      display: none;
+    }
+
+    .btn { 
+      display: none;
+    }
+
+    /* screen specific rules */
+
+    .login-container-body {
+      color: #000000 !important;
+      background-color: #ffffff !important;
+      box-shadow: none !important;
+      border-radius: unset;
+    }
+
+    .recovery-codes-wrapper {
+      overflow: unset !important;
+      height: unset !important;
+    }
+
+    #recovery-codes::before {
+      content: "Recovery Codes";
+      font-size: 16pt;
+    }
+
+    .recovery-code-white,
+    .recovery-code-gray {
+      color: #000000 !important;
+      background-color: #ffffff !important;
+
+      font-size: 14pt;
+      margin-top: 5pt;
+    }
+
+    .recovery-code-gray:first-child {
+      margin-top: 15pt;
+    }
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/saml_idp_logout.js

@@ -0,0 +1,63 @@
+function handleLogout(sp_urls, final_url) {
+
+    const request_urls = sp_urls.filter(function(current_url) {
+        return current_url.indexOf('SAMLRequest') > 0;
+    });
+
+    const response_urls = sp_urls.filter(function(current_url) {
+        return current_url.indexOf('SAMLResponse') > 0;
+    });
+
+    function kill_session() {
+        const current_url = window.location.href;
+        if (current_url.indexOf('?logout') == -1 && current_url.indexOf('&logout') == -1) {
+            console.log("current URL does not terminate the IDP session");
+            let logout_url = '';
+            if (current_url.indexOf('?') > 0) {
+                logout_url = current_url + "&logout";
+            } else {
+            }
+            fetch(logout_url, {
+                method: 'GET',
+                credentials: 'include'
+            }).then(response => {
+                if (!response.ok) {
+                    console.error('Logout request failed');
+                }
+            }).catch(error => {
+                console.error('Logout request error', error);
+            });
+        }
+    }
+
+    const requests = request_urls.map(current_url => {
+        return fetch(current_url, {
+            method: 'GET',
+            credentials: 'include',
+            mode: 'cors'
+        }).then(response => {
+            if (!response.ok) {
+                console.error('Request failed', current_url);
+            }
+        }).catch(error => {
+            console.error('Request error', current_url, error);
+        });
+    });
+
+    // send out the requests in parallel
+    // in any case we then terminate the IDP session and redirect to the correct destination
+    // we have to complete the logout no matter if the requests were successful or if there were failed requests
+    Promise.allSettled(requests).then(() => {
+        kill_session(); // required to terminate IDP session
+    }).finally(() => {
+        if (response_urls.length == 0) {
+            // redirect to root location on the IDP
+            console.log('Finish IDP-initiated SAML logout - redirecting to: ' + final_url);
+            window.location.href = final_url;
+        } else {
+            // only 1 such URL allowed. process ends on SP side
+            console.log('Finish SP-initiated SAML logout - redirecting to: ' + response_urls[0]);
+            window.location.href = response_urls[0];
+        }
+    })
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/show-password.js

@@ -1,11 +0,0 @@
-function toggleInputType(passwordInputId, eyeIconId, resourcePath) {
-    const passwordInput = document.getElementById(passwordInputId);
-    const eyeIcon = document.getElementById(eyeIconId);
-    if (passwordInput.type === 'text') {
-        passwordInput.type = 'password';
-        eyeIcon.src = resourcePath + '/resources/eye.svg';
-        return;
-    }
-    passwordInput.type = 'text';
-    eyeIcon.src = resourcePath + '/resources/eye-off.svg';
-}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/success-solid.svg

@@ -0,0 +1,3 @@
+<svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path fill-rule="evenodd" clip-rule="evenodd" d="M9.00005 16.2C12.9765 16.2 16.2 12.9764 16.2 8.99999C16.2 5.02354 12.9765 1.79999 9.00005 1.79999C5.0236 1.79999 1.80005 5.02354 1.80005 8.99999C1.80005 12.9764 5.0236 16.2 9.00005 16.2ZM12.3364 7.83638C12.6879 7.48491 12.6879 6.91506 12.3364 6.56359C11.985 6.21212 11.4151 6.21212 11.0636 6.56359L8.10005 9.5272L6.93644 8.36359C6.58497 8.01212 6.01512 8.01212 5.66365 8.36359C5.31218 8.71506 5.31218 9.28491 5.66365 9.63638L7.46365 11.4364C7.81512 11.7879 8.38497 11.7879 8.73644 11.4364L12.3364 7.83638Z" fill="#52CC65"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/success.svg

@@ -0,0 +1,3 @@
+<svg width="64" height="64" viewBox="0 0 64 64" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M22 32L28.6667 38.6667L42 25.3333M62 32C62 48.5685 48.5685 62 32 62C15.4315 62 2 48.5685 2 32C2 15.4315 15.4315 2 32 2C48.5685 2 62 15.4315 62 32Z" stroke="#52CC65" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/utils.js

@@ -0,0 +1,41 @@
+function addInput(form, name, value, type = "text") {
+  if (!form) throw new Error("Form element is required");
+  const input = document.createElement("input");
+  input.name = name;
+  input.type = type;
+  input.value = value;
+  form.appendChild(input);
+}
+
+function getSubmitButton() {
+  const submitButtons = [...document.querySelectorAll('button[name^="submit"]')];
+  if (submitButtons.length === 0) {
+    return null;
+  }
+  if (submitButtons.length > 1) {
+    throw new Error('There should be exactly 1 button on the screen with a name starting with "submit". Check the AuthState configuration.');
+  }
+  return submitButtons[0] || null;
+}
+
+function toggleEye(passwordInputId, eyeIconId, resourcePath) {
+  const passwordInput = document.getElementById(passwordInputId);
+  const eyeIcon = document.getElementById(eyeIconId);
+  if (!passwordInput || !eyeIcon) return;
+  const isPassword = passwordInput.type === 'password';
+  passwordInput.type = isPassword ? 'text' : 'password';
+  // Ensure correct path format
+  const normalizedPath = resourcePath.endsWith('/') ? resourcePath.slice(0, -1) : resourcePath;
+  eyeIcon.src = `${normalizedPath}/resources/eye${isPassword ? '-off' : ''}.svg`;
+}
+
+function formatNumberInput(numberInputId) {
+  const numberInput = document.getElementById(numberInputId);
+  if (!numberInput) return;
+  let value = numberInput.value || ''; // Handle potential null/undefined
+  value = value.replace(/[-e]/gi, '');
+  if (numberInput.maxLength > 0 && value.length > numberInput.maxLength) {
+    value = value.slice(0, numberInput.maxLength);
+  }
+  numberInput.value = value;
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/variables.css

@@ -0,0 +1,52 @@
+:root {
+    /* Default Colors */
+    --nevis-blue: #0d6efd;
+    --nevis-indigo: #6610f2;
+    --nevis-purple: #6f42c1;
+    --nevis-pink: #d63384;
+    --nevis-red: #F25562;
+    --nevis-orange: #fd7e14;
+    --nevis-yellow: #EFBA00;
+    --nevis-green: #151615;
+    --nevis-teal: #20c997;
+    --nevis-cyan: #0dcaf0;
+    --nevis-blue-100: #E1F5FB;
+    --nevis-blue-300: #A6DFED;
+    --nevis-blue-400: #75C3D7;
+    --nevis-blue-600: #168CA9;
+    --nevis-white: #ffffff;
+    --nevis-black: #000000;
+    --nevis-gray-100: #EDF1F2;
+    --nevis-gray-200: #DADFE0;
+    --nevis-gray-300: #C2CACC;
+    --nevis-gray-400: #A4AFB2;
+    --nevis-gray-500: #8A9699;
+    --nevis-gray-900: #1F2F33;
+
+    /* Theme */
+    --nevis-primary: var(--primary-color);
+    --nevis-secondary: var(--nevis-gray-400);
+    --nevis-success: var(--nevis-green);
+    --nevis-info: var(--nevis-cyan);
+    --nevis-warning: var(--nevis-yellow);
+    --nevis-danger: var(--nevis-red);
+    --nevis-light: var(--nevis-gray-100);
+    --nevis-dark: var(--nevis-gray-900);
+
+    /* Font */
+    --nevis-font-sans-serif: var(--font-family), system-ui, -apple-system, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", "Liberation Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";
+
+    /* Common */
+    --nevis-border-radius: var(--border-radius);
+    --nevis-form-control-border-color: var(--nevis-gray-300);
+
+    --nevis-blue-icon-color: var(--nevis-blue-600);
+    --nevis-blue-icon-hover-bg-color: var(--nevis-blue-300);
+    --nevis-blue-icon-active-bg-color: var(--nevis-blue-400);
+
+    /* Components */
+    /* Readonly field*/
+    --nevis-readonly-bg-color: var(--nevis-blue-100);
+    --nevis-readonly-border-color: var(--nevis-blue-300);
+    --nevis-readonly-box-shadow-color: var(--nevis-blue-600);
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/resources/window-onload.js

@@ -0,0 +1,101 @@
+// this js should run last
+
+// DOM is ready (stylesheets, images, and subframes may not have been loaded yet)
+window.addEventListener('DOMContentLoaded', () => {
+    'use strict'
+    handleLogoutButton();
+    onSubmitWithEnter();
+    onFormSubmit();
+});
+
+function handleLogoutButton() {
+    const logoutButton = document.getElementById("logout-btn");
+    if (logoutButton) {
+        logoutButton.addEventListener("click", function (event) {
+            event.preventDefault();
+            event.stopPropagation();
+
+            const url = new URL(window.location.href);
+
+            // Parse raw query string, split into key=value or key-only
+            const rawParams = window.location.search.substring(1).split("&").filter(Boolean);
+
+            // Keep only params that are not 'login' or 'logout'
+            const remainingParams = rawParams.filter(p => {
+                const key = p.split("=")[0];
+                return key !== "login" && key !== "logout";
+            });
+
+            // Add 'logout' first
+            const finalParams = ["logout", ...remainingParams];
+
+            const newQuery = finalParams.length ? `?${finalParams.join("&")}` : "";
+
+            // Redirect
+            window.location.href = url.origin + url.pathname + newQuery;
+        });
+    }
+}
+
+/**
+ * Trigger to submit the button with name 'submit' and prevent other buttons to submission on 'Enter' keypress
+ */
+function onSubmitWithEnter() {
+    'use strict'
+
+    document.addEventListener('keypress', function (event) {
+        if (event.key === 'Enter') {
+            if (['TEXTAREA', 'INPUT'].includes(event.target.tagName) && event.target.type !== 'submit') {
+                return; // allow pressing Enter inside text fields
+            }
+
+            event.preventDefault();
+            event.stopPropagation();
+
+            const submitButton = getSubmitButton();
+            if (submitButton !== null) {
+                submitButton.click();
+            }
+        }
+    });
+}
+
+/*
+ * Setup form submit event handler for form with a required input.
+ * Manages the submission in case triggered by:
+ *   - non-genuine submit button: clear invalid required inputs and proceed the submission
+ *   - real submit button: if there is an invalid field prevent submission and trigger validation class addition
+ */
+function onFormSubmit() {
+    'use strict';
+
+    const form = document.querySelector('form');
+    if (!form) return;
+
+    form.addEventListener('submit', function onSubmit(event) {
+        const submitter = event.submitter || event.target;
+
+        // Check form validity once at the beginning
+        const isValid = form.checkValidity();
+
+        if (!submitter || !submitter.name.startsWith('submit')) {
+            // Clear invalid required inputs before submit
+            if (!isValid) {
+                document.querySelectorAll('input[required]:invalid').forEach(input => {
+                    if (input.value.length) {
+                        input.value = '';
+                    }
+                });
+            }
+            return event;
+        }
+
+        if (!isValid) {
+            console.log('Form is invalid');
+            event.preventDefault();
+            event.stopPropagation();
+        }
+
+        form.classList.add('was-validated'); // Add validation styling
+    }, false);
+}

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/403.vm

@@ -67,4 +67,4 @@
 			application.</p>
 	</div>
 </div>
-#parse("${templatePath}/footer.vm")
+#parse("${templatePath}/footer.vm")

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/404.vm

@@ -65,4 +65,4 @@
 			exist.</p>
 	</div>
 </div>
-#parse("${templatePath}/footer.vm")
+#parse("${templatePath}/footer.vm")

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/500.vm

@@ -66,4 +66,4 @@
 			later.</p>
 	</div>
 </div>
-#parse("${templatePath}/footer.vm")
+#parse("${templatePath}/footer.vm")

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/502.vm

@@ -66,4 +66,4 @@
 			later.</p>
 	</div>
 </div>
-#parse("${templatePath}/footer.vm")
+#parse("${templatePath}/footer.vm")

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/AuthFailDialog.vm

@@ -2,4 +2,4 @@
 
 #parse("${templatePath}/generic_auth_error.vm")
 
-#parse("${templatePath}/footer.vm")
+#parse("${templatePath}/footer.vm")

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/AuthUidPwDialog.vm

@@ -141,4 +141,4 @@
 </div>
 
 
-#parse("${templatePath}/footer.vm")
+#parse("${templatePath}/footer.vm")

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/Error.vm

@@ -2,4 +2,4 @@
 
 #parse("${templatePath}/generic_auth_error.vm")
 
-#parse("${templatePath}/footer.vm")
+#parse("${templatePath}/footer.vm")

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/IDENT-Failed-WithRetry.vm

@@ -51,4 +51,4 @@
 </div>
 
 
-#parse("${templatePath}/footer.vm")
+#parse("${templatePath}/footer.vm")

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/IDENT-Failed.vm

@@ -36,4 +36,4 @@
 </div>
 
 
-#parse("${templatePath}/footer.vm")
+#parse("${templatePath}/footer.vm")

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/IDENT-Succeeded.vm

@@ -35,4 +35,4 @@
 </div>
 
 
-#parse("${templatePath}/footer.vm")
+#parse("${templatePath}/footer.vm")

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/Loggedout.vm

@@ -94,4 +94,4 @@
 		}
 	}
 </script>
-</html>
+</html>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/LogoutDialog.vm

@@ -42,4 +42,4 @@
 </div>
 
 
-#parse("${templatePath}/footer.vm")
+#parse("${templatePath}/footer.vm")

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/NoGui.vm

@@ -2,4 +2,4 @@
 
 #parse("${templatePath}/generic_auth_error.vm")
 
-#parse("${templatePath}/footer.vm")
+#parse("${templatePath}/footer.vm")

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/accessAppLogin.vm

@@ -128,4 +128,4 @@
 				   value="$gui.getGuiElem('authRequestId').value"/>
 		</form>
 	</div>
-</div>
+</div>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/ask_mobile_number.vm

@@ -162,4 +162,4 @@
 <script src="${login.appDataPath}/static/js-code/ask_mobile.js">
 </script>
 
-#parse("${templatePath}/footer.vm")
+#parse("${templatePath}/footer.vm")

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/backdrop.vm

@@ -40,4 +40,4 @@
 			</svg>
 		</div>
 	</div>
-</div>
+</div>

DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/logrend/var/opt/nevislogrend/default/data/applications/IDENT-AuthenticationRealm/webdata/template/default.vm

@@ -1,3 +1,5 @@
+## modern login template
+
 #set($jsValidation = 1) ## enable JS validation, client-side
 
 #set($useFormEncryption = $gui.encryption && ($gui.encryption.length() > 0))
@@ -62,4 +64,4 @@
         #parse("${templatePath}/json.vm")
         ## emit custom JSON here, use $utils.escapeJs to sanitize values coming from clients
     #end
-#end
+#end