new configuration version

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisAuth"
   replicas: 1
-  version: "7.2402.1"
+  version: "8.2405.1"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -27,20 +27,25 @@ spec:
   livenessProbe:
     soap:
       tcpSocket: true
-      initialDelaySeconds: 40
-      periodSeconds: 20
+      periodSeconds: 5
       timeoutSeconds: 4
   readinessProbe:
     management:
       httpGet:
         path: "/nevisauth/liveness"
-      initialDelaySeconds: 40
-      periodSeconds: 30
+      periodSeconds: 5
       timeoutSeconds: 6
+  startupProbe:
+    management:
+      httpGet:
+        path: "/nevisauth/liveness"
+      periodSeconds: 5
+      timeoutSeconds: 6
+      failureThreshold: 50
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486"
+    tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf

@@ -1,8 +1,8 @@
 RTENV_SECURITY_CHECK=no_shell
 
 JAVA_OPTS=(
-    "-Dfile.encoding=UTF-8"
     "-XX:+UseContainerSupport"
+    "-Dfile.encoding=UTF-8"
     "-XX:MaxRAMPercentage=80.0"
     "-Djava.net.preferIPv4Stack=true"
     "-Djava.net.connectionTimeout=10000"
@@ -12,7 +12,7 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
     "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-sts-default-tls-trust/truststore.p12"
     "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-sts-default-tls-trust/keypass}"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/otel.properties

@@ -1,4 +1,4 @@
-otel.service.name=auth-sts
-otel.traces.exporter=none
-otel.metrics.exporter=none
-otel.logs.exporter=none
+otel.service.name = auth-sts
+otel.traces.exporter = none
+otel.metrics.exporter = none
+otel.logs.exporter = none

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisAuth"
   replicas: 1
-  version: "7.2402.1"
+  version: "8.2405.1"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -27,20 +27,25 @@ spec:
   livenessProbe:
     soap:
       tcpSocket: true
-      initialDelaySeconds: 40
-      periodSeconds: 20
+      periodSeconds: 5
       timeoutSeconds: 4
   readinessProbe:
     management:
       httpGet:
         path: "/nevisauth/liveness"
-      initialDelaySeconds: 40
-      periodSeconds: 30
+      periodSeconds: 5
       timeoutSeconds: 6
+  startupProbe:
+    management:
+      httpGet:
+        path: "/nevisauth/liveness"
+      periodSeconds: 5
+      timeoutSeconds: 6
+      failureThreshold: 50
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486"
+    tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/cert.pem

@@ -1,17 +1,22 @@
 -----BEGIN CERTIFICATE-----
-MIICwzCCAmigAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1zZWxmc2ln
-bmVkLWNhMB4XDTIzMDcyMDExMzcyNloXDTI0MDcxOTExMzcyNlowIDEeMBwGA1UE
-AwwVaWRwc2lnbmVyLnVhdC5hZ292LmNoMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A
-MIIBigKCAYEA28fXdfRLtrzS0F5Hp5zEzPFfpNXKpIrbJaWdqwiuY6VIrzAJW0Wo
-FMuV2IHnU7sO8+B05Z20wq3x5JAbgYlBFnfdub/CYmyykAf0Rxz9irc9qbXBmX0A
-G+JhQLxLcfyqlmFyLsjaxT3nUrytP+604LtzesnC3N7gfGtmSKgclym1s2ZVWkAK
-4VXAZsM5HBnW1feHxSv3UTzvorW7PWkbmy4LU8SDoSraHgB/pBaiJRG8SMTjBHho
-TTdFLPmH/N9dt5N1oJginnY9GvRJD8Qj1lrsTZOtv8ttKhnQkmymly+NCt7+wGIa
-7HQQawqBIvflGG+R1OdQx7Q20/y5EfO4V3zJgq3p+gz9AziGPHEy+2s+i5LME1AI
-D6vLfDN8cnTCdgqZGhAkRMBHtOydJd3dpJ0tgjnrdUpla2PoWp1B/v/Plneb9L5v
-aMNqtuQA852dR14lP7+EeRLe9vJvzm9eBdF0JrDUm1K2Xy66i5gdzOoJngnRpl5J
-nNSweT+A8dn9AgMBAAGjUDBOMAsGA1UdDwQEAwIDqDAdBgNVHSUEFjAUBggrBgEF
-BQcDAQYIKwYBBQUHAwIwIAYDVR0RBBkwF4IVaWRwc2lnbmVyLnVhdC5hZ292LmNo
-MAoGCCqGSM49BAMCA0kAMEYCIQCarOXKlJ0DVxVPGyj3oPMHWCJB+Xyee+j7k1gu
-OC93CQIhAICIzY/yCbST5V502Bt3vRCZMCmzhzXIGTol2PEoby6H
+MIIDlDCCAnwCCQC4xKJxfbSLBzANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMC
+Y2gxEDAOBgNVBAoMB2Fkbm92dW0xDTALBgNVBAsMBGFnb3YxJzAlBgNVBAMMHmph
+a29iLmFnb3YtZC5henVyZS5hZG5vdnVtLm5ldDEyMDAGCSqGSIb3DQEJARYjaW5m
+b0BqYWtvYi5hZ292LWQuYXp1cmUuYWRub3Z1bS5uZXQwHhcNMjMwMzIxMTUyMjI0
+WhcNMjgwMzE5MTUyMjI0WjCBizELMAkGA1UEBhMCY2gxEDAOBgNVBAoMB2Fkbm92
+dW0xDTALBgNVBAsMBGFnb3YxJzAlBgNVBAMMHmpha29iLmFnb3YtZC5henVyZS5h
+ZG5vdnVtLm5ldDEyMDAGCSqGSIb3DQEJARYjaW5mb0BqYWtvYi5hZ292LWQuYXp1
+cmUuYWRub3Z1bS5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB
+8LPO6Nack2z1whTratLxRD9KraO8QGrVTEa0p+23EKJH4WYE0QGzXbX4oFl2maXE
+QDeCBofTnrl8sL3yVxBy56qO8T3VxYtt9akjty6PujO48bgJr2VGjGgtPYPUeOEk
+lzCS616732Bnxc2iqo267G/tGooRIOOqefSyhEGmbI3KGv/zYZn/qxQo/A+5f+6y
+zEoKdmnBF6vnowvffKfdFKI8udd5eKmfyrc5iNYHXoVP/HmqKbkyrBw1U0ysihRJ
+3vyJVDtirQ5chLn0jOZ4UZ5SBck9+784yrVqpNbsWAe3NU+Vfx4wCk/rPWRDa1E2
+fk+gEVvEMUFt4UvU25BdAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIxToc9muu9z
+d4yycZCgZbDtzrq2Un+m/m3TrBNzLV7UBbGt7HW9/kxvdFJTKgNEj+ZD1cY6O6D7
+vrWV0Xb1XPgkaAfypc4Y7IOUTFDR/ib4siP9gPkHvr5WSIip3mFgX9yIV910N/hh
+ImE9/Jtf/q9MopBu8J6zRmL/J8mVewVdcU3xqz27OVMMSht0Du8FcpIrNQwqc1LN
+tCgdj+pw5vl7NH546WlyYNpLEkAeBpJ3XCBDDwcQftC+/cQ7GKJGtOJ4ODdxWMyX
+ThsHJ7MCTiN+MoW5CeioGSmngezh4Gs5SpGAGVvwNvXW2jiGdRDdHmyxDPjCQvYA
+wwZrmgtpYE0=
 -----END CERTIFICATE-----

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/key.pem

@@ -1,42 +1,30 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIHazBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUXJ4RUaby0ltJyJMX
-fUO+2LAlu7cCAggAMB0GCWCGSAFlAwQBKgQQ0YfRZzwcjphTKuPQxktTuASCBxCG
-+b55W3IEKc/Yqf+zIRHBgvCY+w+l7vSMQqtDYOtiUBdxZWewy+IoV4Pw0X/ORT6k
-Jk8RXTG7hXb4GtuRmgVJeyxsf+8vhrtVpyelLLYkTalAjjvtT2YAukltALLpFMQm
-Zm42rW0HrVRtn6k7osbe5zL4whyhikohXamPJpTTrImP8fMzYyxfiHx2Y7Tnc66N
-SMxBaQ3m2HClE6+6rkcPv/oC9V74GGYpCk0EcH7gsRLQFj3IlJTVxQoCP44ldzhq
-fyWYe1DneH6IJLXID3Igca26ZXU9rTcfqAsBmVACq0GKdgXAFSUAhF6onqXjzpGQ
-/m7Vl3JbNPvrcgxzKBJsj9Z/Hv4qKz2yVpe3OMchTdxpI5k383y1F4rw8i4GSWIL
-+A+t5M26WJw2uHx/k2RL1jyeXH2gR3IA72AffDU+f3jqd9pOqxXKSIhGq/KOK5Vk
-SiJ4IesVz26bfwjXEKcQk5qIpDBGjfSkYgMXxlQwOwTIoRn+1FM7Txox6tsVj4/v
-RnaorVayq5W1fk3t5EfNLprSFDO9T6OxFKvfzKMghdrKFNa5a3oqr3RDZSCE0tca
-m9jQ9bp1ooD8/EUWsBxG4eJxe9B+yG3QAkudOoklJYTE9ysHBl2cPOIOksqrD76G
-agezGRazfqFVCmOtlye7bzQXv/AgDa/ve5E1f9jjueop2OwbvoEzCsrSYCWh3uiM
-C2IkvtSI6gW+9C8H1ofElKtDlRft/lMuviLCb3u7xsu2r7v/va2aYy4Lh6B5xARt
-G7A4ZX0cxoI2N/T2FgHwJ8p7lTXJ8KuTGv0jrno9MBdKqo+HBtRTbFoi63qZ7EtL
-MJS63MK4kSXcwyJ4+pnH0bI1wXf5qK7TVoWG6ZAWw385xaohXZZ6JK/z1WNbpfCU
-hlvjjdLxmNE5R/kmiKjp6zPhfR6+z73QXX9s3ZZv9fAV1mZcLwcucNnMRdJcYSVU
-bNwAqnxhIoIZZB5H0c+jLfpaGyzVeAUzI3ljCekUlvutXFNSur6TI2ZmViiwIhuw
-82A084eZ9qOBA+z64Xo9VJqWgdj99b45JNExcsmvbXG1REB8QAKzzGzadtwnc6VV
-iWuK9SPbIqOp2Sa6FEa/VxbgDOUiv20G5irs5Kp0iU+yRKerG/ejvBAn4o3M94wv
-hDwSmn80uu5NJtHuta+9u2jM6yyNl4ghXLxTl9gfbnpzI4wuX+4xhhdNm6HCNqcG
-IzPUFS207YKR0QTaHB5x3ItVpp6Rjpb5lOtEpmff7qO/69ljtNLRe+VEdqLrQoK7
-9IsIaXqBp719nyG3z90KwBigRGl1ljDF3plT1slERdfMsdVdT8duwHc8mevR/H+t
-VG0DkUmGAamyr2plyZiDtzfly/qhG9de4WCRLckVJvMkzwrpmtN+DIB26a1mQwrA
-OuKaCBrQj/1G7EnHuNDWOFOtbHUqitQ9OukNCTi5/7JMp6FY2bIyE58Hoj88m4Hy
-wMMzkFYkh5NJ82ysUdewX99vTJjgD0qKFoDBqB1REEOWi8J14vdGmejhq0A5rq0q
-2tBAyVSbK8gFfY7pQCGpHSerlR8YGpS01KBDct+MlkIout6SrvWxUhwnx9Lmi09f
-Kk/170DJXXhWlkTu8mylAF7A9vEzsST3GZgnaWkXIeFDKiXUD1w+io1K2ziZbiZZ
-Im3dSe6dxsWZkYF+wjpnTjS7op3Q6gOJ3mkkGpBWOtOzGiFNIP/7epSr3eVInHdo
-F4HgET5h2VknsXMKdzU0YDcXsDdWwwwyHqKIM9b37mqA6c3bMwTB1+ykrznudnAP
-8jpqPz6mUqvwzqPoi3e2bNxPwnYgguFrUIqYgiydfZQ3AZsQGTVTq6Jjp/+7K9xv
-yCuwjpuEtz5ZNchcwrJoj8Yet9saYSGBaUu10Ks0/PGIHKbznVQJHCBofAmE6WQb
-cIveRYphfVjbIa+VxpLJRaMj5ymZSViBtHx6Gwjsnq2NR5H1qBt79qXWzRk7ulJy
-cpVasv7Gi3W8SIEbcDvlWUgc8jJOXPmhQ63BS4+eyYNgrSxFY4XYhUZ2Cwi8wXvm
-w1MUisDiIIdTapE/rux+bjB5MnEJC/IICvk8NAH5PuSODm/DE34MdlxA/nUP7Cm4
-ssLvI9IK2hzhASqt71gxoOJUnEptPzabMOYm5hIOksfz+0vjO0grgrVXV4UgTmpz
-T3gvIRwg13vkvKxEfpvGJG5aEkCsZS15/MTsF9FPYiYPYeKOOdIGNzYoRbmqGjIg
-5KyeELDKiulsilGFeRnxM97xpVI3DtezQHTr/N37wsJBeCZyOxGa6j/1rf4ZvgGi
-lkHVmCZYqHYlow6qOS8/lIKpHdhBaEmr6ciZ8fiIA4GeYU0GwzdAd8YuNYqF0dxF
-zWupzSNScKSE1nmu0NIdbanhs78Z2q9vqm/B5ueFCQ==
+MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUKIdhme1LQ2vMonbp
+aes9/gRupIYCAggAMB0GCWCGSAFlAwQBKgQQeuo/hWDbfC4vCB3F5pfeKgSCBNAR
+HeV95Ar67bUkkWrHUC0jCRvnMjh9wyC6w1pFP2nW+++Qkl93v+gIjr4b9Rw9RBTd
+QsOVkaB7vvQ5qjvWya9HJ2aHZ6KwMb2GJdY0ouH16ga/YRZFKQ0aCfO9spezUJ7t
+2KesD78IxFbey5mRYXmvTW6+BeUt+d4TQbgR0/PdqC9WOg7H3iBvs61MQgro2Itc
+sxQ9SBHa358oyUkGuIz2XKo/enikX49LOjpwB5EdFKky+YhtvGx9NHQIzs8RZqfd
+Lpe6VsWXTTSSiXD8r7WEsCnfThpneOE1Pz58woeT3QHt6WscPsUGPx/coQNKzx+R
+0d+gt73kwqFbIbI9DkUoaruv6qsLcZ2yC36YNie7ggaqCC6dhan2tx3U+vRTn6I8
+dOCAuP7bx/iQDfHXsUC5Tatu91OkEbGA4Oz3WXpSyhmMXsSrRP7Rjivb0e7rLlde
+Q3TWYpa5KWqVeFpZhUFyrwJrtmMwzdu2tLfZDFKEriA/UbB3djHWM/O4/LvFqvpV
+VQfKtrD8OcnElGt5nJoFOGO8cXWD4opaZ5nGboLpuLuOtZN59EnZwtI1lyALdrB4
+MDENw0tVx7LBo13jvAtgx7vXgSPzNpJvp+A+0V2yeT+cHWeX1T1H79QcNE0vGkr/
+aURDUTAEIYO2TOp+14Ag1Y9T8j+z0m6lxqwO33Hf07wqzeVHaNBh3Ckv4+xUNl+U
+MDx/ZSmdPe07mvVrleb83XYvkC8rytS43mKxke912l+++GPWHLDl6wz1LwAQbI2b
+5S/iPJI08O3y9cylRMOSBGXnIh8Ml748zEJVeac+B32cqt3nQ16WwCxfF6UjEeEE
+aMKhPsdgB0pRRGFL8otK2bheqlJrtFk0FfFJ4B1gbO0oHPCygWvV5Cnz8UcNOMIS
+u5rIjD4wz8Gcclk3c5fvfKb9xhcpop3sAJy/srteKRDJrJNlHwleCDgkVE5PkuDP
+z0B6OyTsprupTVx3eLbiA1yRT8HzaaGo6xfc7dKwWZW7J+jmbKVsbjcxSo/ChsMg
+ZP+cWGh2SLQ04mNkWetOYHMODlSAfrYYRIPkMUyLJCDPgynLeOa0u8xWxpQsmt8x
+6bVhtJhf4NxyZpKYgNfdkYoerqyBOhbUlcfud1qdqRCfp6gq4rBhBktGbGkgaNk0
+bGLu+/uWm3pDPSWRWnhC8gXvEwMtr3kMzAe5f0yQ6L/nsBPGs+A8rGTGDg0wfoxW
+Pn+AX9ywY1DWHBCK02QooIJKfvVnwr8qnhHVrqOOJlP5GMIXpx5eYkSrUtDxGwR8
+JOgUMAJ9GVwvxqi3g8MFPrb76b6ZheofBU5MI8rzGsXN1qWf7Ml0UQc2PcShvyNX
+BW0xuX5dK1UZRKJcDGIWdeFjrnAhXayJCQse0wsXSRt9WUxSNUb/MxhO7BIWrEQf
+Famdx2jz/RlnXinUizdlRL+ws8KknA90JdSlT+j+pvsyTHuzJ+Xzex8R+1AmlT2O
+4ZVzzx2JLOcFu5j08t5U5CKbfitsINakPVATekJdov1bCo803dUExfT2OsTxrqR9
+mx6GJTWYE32tg/v4PASu1986ojVNLi2WjrX8NJzkqlUE+4xIeVWN0HE1SflJsL6x
+YXTHWodpQ9VTd0OliSFvzOjFtV768c1+ySV6QngCOQ==
 -----END ENCRYPTED PRIVATE KEY-----

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.pem

@@ -1,60 +1,53 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIHazBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUXJ4RUaby0ltJyJMX
-fUO+2LAlu7cCAggAMB0GCWCGSAFlAwQBKgQQ0YfRZzwcjphTKuPQxktTuASCBxCG
-+b55W3IEKc/Yqf+zIRHBgvCY+w+l7vSMQqtDYOtiUBdxZWewy+IoV4Pw0X/ORT6k
-Jk8RXTG7hXb4GtuRmgVJeyxsf+8vhrtVpyelLLYkTalAjjvtT2YAukltALLpFMQm
-Zm42rW0HrVRtn6k7osbe5zL4whyhikohXamPJpTTrImP8fMzYyxfiHx2Y7Tnc66N
-SMxBaQ3m2HClE6+6rkcPv/oC9V74GGYpCk0EcH7gsRLQFj3IlJTVxQoCP44ldzhq
-fyWYe1DneH6IJLXID3Igca26ZXU9rTcfqAsBmVACq0GKdgXAFSUAhF6onqXjzpGQ
-/m7Vl3JbNPvrcgxzKBJsj9Z/Hv4qKz2yVpe3OMchTdxpI5k383y1F4rw8i4GSWIL
-+A+t5M26WJw2uHx/k2RL1jyeXH2gR3IA72AffDU+f3jqd9pOqxXKSIhGq/KOK5Vk
-SiJ4IesVz26bfwjXEKcQk5qIpDBGjfSkYgMXxlQwOwTIoRn+1FM7Txox6tsVj4/v
-RnaorVayq5W1fk3t5EfNLprSFDO9T6OxFKvfzKMghdrKFNa5a3oqr3RDZSCE0tca
-m9jQ9bp1ooD8/EUWsBxG4eJxe9B+yG3QAkudOoklJYTE9ysHBl2cPOIOksqrD76G
-agezGRazfqFVCmOtlye7bzQXv/AgDa/ve5E1f9jjueop2OwbvoEzCsrSYCWh3uiM
-C2IkvtSI6gW+9C8H1ofElKtDlRft/lMuviLCb3u7xsu2r7v/va2aYy4Lh6B5xARt
-G7A4ZX0cxoI2N/T2FgHwJ8p7lTXJ8KuTGv0jrno9MBdKqo+HBtRTbFoi63qZ7EtL
-MJS63MK4kSXcwyJ4+pnH0bI1wXf5qK7TVoWG6ZAWw385xaohXZZ6JK/z1WNbpfCU
-hlvjjdLxmNE5R/kmiKjp6zPhfR6+z73QXX9s3ZZv9fAV1mZcLwcucNnMRdJcYSVU
-bNwAqnxhIoIZZB5H0c+jLfpaGyzVeAUzI3ljCekUlvutXFNSur6TI2ZmViiwIhuw
-82A084eZ9qOBA+z64Xo9VJqWgdj99b45JNExcsmvbXG1REB8QAKzzGzadtwnc6VV
-iWuK9SPbIqOp2Sa6FEa/VxbgDOUiv20G5irs5Kp0iU+yRKerG/ejvBAn4o3M94wv
-hDwSmn80uu5NJtHuta+9u2jM6yyNl4ghXLxTl9gfbnpzI4wuX+4xhhdNm6HCNqcG
-IzPUFS207YKR0QTaHB5x3ItVpp6Rjpb5lOtEpmff7qO/69ljtNLRe+VEdqLrQoK7
-9IsIaXqBp719nyG3z90KwBigRGl1ljDF3plT1slERdfMsdVdT8duwHc8mevR/H+t
-VG0DkUmGAamyr2plyZiDtzfly/qhG9de4WCRLckVJvMkzwrpmtN+DIB26a1mQwrA
-OuKaCBrQj/1G7EnHuNDWOFOtbHUqitQ9OukNCTi5/7JMp6FY2bIyE58Hoj88m4Hy
-wMMzkFYkh5NJ82ysUdewX99vTJjgD0qKFoDBqB1REEOWi8J14vdGmejhq0A5rq0q
-2tBAyVSbK8gFfY7pQCGpHSerlR8YGpS01KBDct+MlkIout6SrvWxUhwnx9Lmi09f
-Kk/170DJXXhWlkTu8mylAF7A9vEzsST3GZgnaWkXIeFDKiXUD1w+io1K2ziZbiZZ
-Im3dSe6dxsWZkYF+wjpnTjS7op3Q6gOJ3mkkGpBWOtOzGiFNIP/7epSr3eVInHdo
-F4HgET5h2VknsXMKdzU0YDcXsDdWwwwyHqKIM9b37mqA6c3bMwTB1+ykrznudnAP
-8jpqPz6mUqvwzqPoi3e2bNxPwnYgguFrUIqYgiydfZQ3AZsQGTVTq6Jjp/+7K9xv
-yCuwjpuEtz5ZNchcwrJoj8Yet9saYSGBaUu10Ks0/PGIHKbznVQJHCBofAmE6WQb
-cIveRYphfVjbIa+VxpLJRaMj5ymZSViBtHx6Gwjsnq2NR5H1qBt79qXWzRk7ulJy
-cpVasv7Gi3W8SIEbcDvlWUgc8jJOXPmhQ63BS4+eyYNgrSxFY4XYhUZ2Cwi8wXvm
-w1MUisDiIIdTapE/rux+bjB5MnEJC/IICvk8NAH5PuSODm/DE34MdlxA/nUP7Cm4
-ssLvI9IK2hzhASqt71gxoOJUnEptPzabMOYm5hIOksfz+0vjO0grgrVXV4UgTmpz
-T3gvIRwg13vkvKxEfpvGJG5aEkCsZS15/MTsF9FPYiYPYeKOOdIGNzYoRbmqGjIg
-5KyeELDKiulsilGFeRnxM97xpVI3DtezQHTr/N37wsJBeCZyOxGa6j/1rf4ZvgGi
-lkHVmCZYqHYlow6qOS8/lIKpHdhBaEmr6ciZ8fiIA4GeYU0GwzdAd8YuNYqF0dxF
-zWupzSNScKSE1nmu0NIdbanhs78Z2q9vqm/B5ueFCQ==
+MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUKIdhme1LQ2vMonbp
+aes9/gRupIYCAggAMB0GCWCGSAFlAwQBKgQQeuo/hWDbfC4vCB3F5pfeKgSCBNAR
+HeV95Ar67bUkkWrHUC0jCRvnMjh9wyC6w1pFP2nW+++Qkl93v+gIjr4b9Rw9RBTd
+QsOVkaB7vvQ5qjvWya9HJ2aHZ6KwMb2GJdY0ouH16ga/YRZFKQ0aCfO9spezUJ7t
+2KesD78IxFbey5mRYXmvTW6+BeUt+d4TQbgR0/PdqC9WOg7H3iBvs61MQgro2Itc
+sxQ9SBHa358oyUkGuIz2XKo/enikX49LOjpwB5EdFKky+YhtvGx9NHQIzs8RZqfd
+Lpe6VsWXTTSSiXD8r7WEsCnfThpneOE1Pz58woeT3QHt6WscPsUGPx/coQNKzx+R
+0d+gt73kwqFbIbI9DkUoaruv6qsLcZ2yC36YNie7ggaqCC6dhan2tx3U+vRTn6I8
+dOCAuP7bx/iQDfHXsUC5Tatu91OkEbGA4Oz3WXpSyhmMXsSrRP7Rjivb0e7rLlde
+Q3TWYpa5KWqVeFpZhUFyrwJrtmMwzdu2tLfZDFKEriA/UbB3djHWM/O4/LvFqvpV
+VQfKtrD8OcnElGt5nJoFOGO8cXWD4opaZ5nGboLpuLuOtZN59EnZwtI1lyALdrB4
+MDENw0tVx7LBo13jvAtgx7vXgSPzNpJvp+A+0V2yeT+cHWeX1T1H79QcNE0vGkr/
+aURDUTAEIYO2TOp+14Ag1Y9T8j+z0m6lxqwO33Hf07wqzeVHaNBh3Ckv4+xUNl+U
+MDx/ZSmdPe07mvVrleb83XYvkC8rytS43mKxke912l+++GPWHLDl6wz1LwAQbI2b
+5S/iPJI08O3y9cylRMOSBGXnIh8Ml748zEJVeac+B32cqt3nQ16WwCxfF6UjEeEE
+aMKhPsdgB0pRRGFL8otK2bheqlJrtFk0FfFJ4B1gbO0oHPCygWvV5Cnz8UcNOMIS
+u5rIjD4wz8Gcclk3c5fvfKb9xhcpop3sAJy/srteKRDJrJNlHwleCDgkVE5PkuDP
+z0B6OyTsprupTVx3eLbiA1yRT8HzaaGo6xfc7dKwWZW7J+jmbKVsbjcxSo/ChsMg
+ZP+cWGh2SLQ04mNkWetOYHMODlSAfrYYRIPkMUyLJCDPgynLeOa0u8xWxpQsmt8x
+6bVhtJhf4NxyZpKYgNfdkYoerqyBOhbUlcfud1qdqRCfp6gq4rBhBktGbGkgaNk0
+bGLu+/uWm3pDPSWRWnhC8gXvEwMtr3kMzAe5f0yQ6L/nsBPGs+A8rGTGDg0wfoxW
+Pn+AX9ywY1DWHBCK02QooIJKfvVnwr8qnhHVrqOOJlP5GMIXpx5eYkSrUtDxGwR8
+JOgUMAJ9GVwvxqi3g8MFPrb76b6ZheofBU5MI8rzGsXN1qWf7Ml0UQc2PcShvyNX
+BW0xuX5dK1UZRKJcDGIWdeFjrnAhXayJCQse0wsXSRt9WUxSNUb/MxhO7BIWrEQf
+Famdx2jz/RlnXinUizdlRL+ws8KknA90JdSlT+j+pvsyTHuzJ+Xzex8R+1AmlT2O
+4ZVzzx2JLOcFu5j08t5U5CKbfitsINakPVATekJdov1bCo803dUExfT2OsTxrqR9
+mx6GJTWYE32tg/v4PASu1986ojVNLi2WjrX8NJzkqlUE+4xIeVWN0HE1SflJsL6x
+YXTHWodpQ9VTd0OliSFvzOjFtV768c1+ySV6QngCOQ==
 -----END ENCRYPTED PRIVATE KEY-----
 
 -----BEGIN CERTIFICATE-----
-MIICwzCCAmigAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1zZWxmc2ln
-bmVkLWNhMB4XDTIzMDcyMDExMzcyNloXDTI0MDcxOTExMzcyNlowIDEeMBwGA1UE
-AwwVaWRwc2lnbmVyLnVhdC5hZ292LmNoMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A
-MIIBigKCAYEA28fXdfRLtrzS0F5Hp5zEzPFfpNXKpIrbJaWdqwiuY6VIrzAJW0Wo
-FMuV2IHnU7sO8+B05Z20wq3x5JAbgYlBFnfdub/CYmyykAf0Rxz9irc9qbXBmX0A
-G+JhQLxLcfyqlmFyLsjaxT3nUrytP+604LtzesnC3N7gfGtmSKgclym1s2ZVWkAK
-4VXAZsM5HBnW1feHxSv3UTzvorW7PWkbmy4LU8SDoSraHgB/pBaiJRG8SMTjBHho
-TTdFLPmH/N9dt5N1oJginnY9GvRJD8Qj1lrsTZOtv8ttKhnQkmymly+NCt7+wGIa
-7HQQawqBIvflGG+R1OdQx7Q20/y5EfO4V3zJgq3p+gz9AziGPHEy+2s+i5LME1AI
-D6vLfDN8cnTCdgqZGhAkRMBHtOydJd3dpJ0tgjnrdUpla2PoWp1B/v/Plneb9L5v
-aMNqtuQA852dR14lP7+EeRLe9vJvzm9eBdF0JrDUm1K2Xy66i5gdzOoJngnRpl5J
-nNSweT+A8dn9AgMBAAGjUDBOMAsGA1UdDwQEAwIDqDAdBgNVHSUEFjAUBggrBgEF
-BQcDAQYIKwYBBQUHAwIwIAYDVR0RBBkwF4IVaWRwc2lnbmVyLnVhdC5hZ292LmNo
-MAoGCCqGSM49BAMCA0kAMEYCIQCarOXKlJ0DVxVPGyj3oPMHWCJB+Xyee+j7k1gu
-OC93CQIhAICIzY/yCbST5V502Bt3vRCZMCmzhzXIGTol2PEoby6H
+MIIDlDCCAnwCCQC4xKJxfbSLBzANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMC
+Y2gxEDAOBgNVBAoMB2Fkbm92dW0xDTALBgNVBAsMBGFnb3YxJzAlBgNVBAMMHmph
+a29iLmFnb3YtZC5henVyZS5hZG5vdnVtLm5ldDEyMDAGCSqGSIb3DQEJARYjaW5m
+b0BqYWtvYi5hZ292LWQuYXp1cmUuYWRub3Z1bS5uZXQwHhcNMjMwMzIxMTUyMjI0
+WhcNMjgwMzE5MTUyMjI0WjCBizELMAkGA1UEBhMCY2gxEDAOBgNVBAoMB2Fkbm92
+dW0xDTALBgNVBAsMBGFnb3YxJzAlBgNVBAMMHmpha29iLmFnb3YtZC5henVyZS5h
+ZG5vdnVtLm5ldDEyMDAGCSqGSIb3DQEJARYjaW5mb0BqYWtvYi5hZ292LWQuYXp1
+cmUuYWRub3Z1bS5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB
+8LPO6Nack2z1whTratLxRD9KraO8QGrVTEa0p+23EKJH4WYE0QGzXbX4oFl2maXE
+QDeCBofTnrl8sL3yVxBy56qO8T3VxYtt9akjty6PujO48bgJr2VGjGgtPYPUeOEk
+lzCS616732Bnxc2iqo267G/tGooRIOOqefSyhEGmbI3KGv/zYZn/qxQo/A+5f+6y
+zEoKdmnBF6vnowvffKfdFKI8udd5eKmfyrc5iNYHXoVP/HmqKbkyrBw1U0ysihRJ
+3vyJVDtirQ5chLn0jOZ4UZ5SBck9+784yrVqpNbsWAe3NU+Vfx4wCk/rPWRDa1E2
+fk+gEVvEMUFt4UvU25BdAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIxToc9muu9z
+d4yycZCgZbDtzrq2Un+m/m3TrBNzLV7UBbGt7HW9/kxvdFJTKgNEj+ZD1cY6O6D7
+vrWV0Xb1XPgkaAfypc4Y7IOUTFDR/ib4siP9gPkHvr5WSIip3mFgX9yIV910N/hh
+ImE9/Jtf/q9MopBu8J6zRmL/J8mVewVdcU3xqz27OVMMSht0Du8FcpIrNQwqc1LN
+tCgdj+pw5vl7NH546WlyYNpLEkAeBpJ3XCBDDwcQftC+/cQ7GKJGtOJ4ODdxWMyX
+ThsHJ7MCTiN+MoW5CeioGSmngezh4Gs5SpGAGVvwNvXW2jiGdRDdHmyxDPjCQvYA
+wwZrmgtpYE0=
 -----END CERTIFICATE-----

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_it.properties

@@ -185,10 +185,10 @@ prompt.newpassword=Nuova Password
 prompt.newpassword.confirm=Conferma password
 prompt.password=Password
 prompt.userid=Nome utente
-pwreset.done.info=Your password was successfully changed. Please click on continue to log in.
+pwreset.done.info=La password è stata modificata con successo. Fare clic su continua per accedere.
 pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password.
-pwreset.info.linktext=Password forgotten
-pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one.
+pwreset.info.linktext=Password dimenticata
+pwreset.noticket=Il biglietto per la reimpostazione della password non è più valido. Si prega di generarne uno nuovo.
 recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata 
 recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. 
 recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
@@ -260,7 +260,7 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Autorizzazione del client
 title.pwchange.label=Cambiare Password
-title.pwreset=Password Forgotten
+title.pwreset=Password Dimenticata
 title.saml.failed=Error
 title.timeout.page=Logout
 user_input.invalid.email=Inserire un'e-mail valida.

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureAccountState.groovy

@@ -4,6 +4,7 @@ import ch.nevis.idm.client.IdmRestClientFactory
 import ch.nevis.idm.client.HTTPRequestWrapper
 
 import groovy.json.JsonSlurper
+import groovy.xml.XmlSlurper
 
 // Accounting
 def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown'
@@ -14,112 +15,91 @@ def credentialType = session['authenticatedWith'] ?: 'unknown'
 def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
 def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
 
+
+
+
+
 IdmRestClient idmRestClient = IdmRestClientFactory.get(parameters)
 
 String clientExtId = session.get('ch.adnovum.nevisidm.user.clientExtId')
 String userExtId = session.get('ch.adnovum.nevisidm.user.extId')
-String loginId = session.get('ch.adnovum.nevisidm.user.loginId')
-String profileExtId = session.get('ch.adnovum.nevisidm.profileExtId')
+String sessionId = session.get('ch.nevis.session.conversationId')
 
-String unitExtid= parameters.get('unitExtid')
-String level100RoleExtid = parameters.get('level100.roleExtid')
+String endPoint = "${parameters.get('utility-service.baseUrl')}/api/v1/recovery/code"
 
-String baseUrl = "${parameters.get('idm.baseUrl')}/core/v1/$clientExtId"
-boolean audited = false
-String agovAq100AuthEndpoint = null
-String endpoint = null
+def userDto = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto'))
+def recoveryCredential = userDto.'**'.find {node -> node.name() == 'credentials' && node.type.text() == 'CONTEXT_PASSWORD' && node.state.text() == 'ACTIVE' && node.context.text() == 'RECOVERY'}
 
-// 1) create the profile if needed
-if (profileExtId == null || profileExtId.isEmpty()) {
-
-	endpoint = "${baseUrl}/users/${userExtId}/profiles"
-	profileExtId = UUID.randomUUID().toString()
-
-	def postRequest = new HTTPRequestWrapper()
-	postRequest.addToHeaders('Content-Type',  ['application/json'])
-
-	def dto = "{\"extId\":\"${profileExtId}\",\"unitExtId\":\"${unitExtid}\",\"profileState\":\"active\",\"name\":\"Profile-${loginId}\",\"isDefaultProfile\":true,\"modificationComment\":\"Repaired for request ${requestId}\"}"
-	postRequest.setPayLoad(dto.getBytes('UTF-8'))
-
-	def result = idmRestClient.postWithResponse(endpoint, postRequest)
-	if (result.getStatusCode() != 201) {
-		LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create the missing profile (http status code ${result.getStatusCode()})'")
-
-		response.setNote('saml.errorCode', 'Responder')
-		response.setNote('saml.errorMessage', "account of the user with agovId ${userExtId} is in a corrupt state, should contact agov help")
-
-		response.setResult('failed')
-		return
-	} else {
-		LOG.warn("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='created missing profile'")
-		audited = true
-	}
-}
-
-
-// 2) add level 100 role if needed
-if (!Arrays.stream(response.getActualRoles()).filter( r -> r.contains('AGOV-Loi.level100')).findAny().isPresent()) {
-	endpoint = "${baseUrl}/profiles/${profileExtId}/authorizations"
-	def postRequest = new HTTPRequestWrapper()
-	postRequest.addToHeaders('Content-Type',  ['application/json'])
-
-	def dto = "{\"extId\":\"${UUID.randomUUID().toString()}\",\"roleExtId\":\"${level100RoleExtid}\"}"
-	postRequest.setPayLoad(dto.getBytes('UTF-8'))
-
-	def result = idmRestClient.postWithResponse(endpoint, postRequest)
-	if (result.getStatusCode() != 201) {
-		LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create the missing AGOVaq 100 role (http status code ${result.getStatusCode()})'")
-
-		response.setNote('saml.errorCode', 'Responder')
-		response.setNote('saml.errorMessage', "account of the user with agovId ${userExtId} is in a corrupt state, should contact agov help")
-
-		response.setResult('failed')
-		return
-	} else if (!audited) {
-		LOG.warn("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='created missing AGOVaq 100 role'")
-		audited = true
-	}
-	agovAq100AuthEndpoint = result.getLocation()
-}
-
-
-// 3) set the AQ level 100 verification to None
-if (!session['ch.adnovum.nevisidm.userDto'].contains("<properties><name>idVerification</name><value>None</value><scopeName>AGOV-Loi,level100</scopeName></properties>")) {
-
-	if (agovAq100AuthEndpoint == null) {
-		endpoint = "${baseUrl}/profiles/${profileExtId}/authorizations"
-
-		def result = idmRestClient.get(endpoint)
-		def json = new JsonSlurper().parseText(result)
-
-		json['items'].eachWithIndex { az, i ->
-			if (az.roleExtId == level100RoleExtid) {
-				agovAq100AuthEndpoint = "${endpoint}/${az.extId}"
-			}
-		}
-	}
-
-	endpoint = "${agovAq100AuthEndpoint}/properties"
-
-	def patchRequest = new HTTPRequestWrapper()
-	patchRequest.addToHeaders('Content-Type',  ['application/json'])
-
-	patchRequest.setPayLoad('{"idVerification":"None"}'.getBytes('UTF-8'))
-
-	def result = idmRestClient.patchWithResponse(endpoint, patchRequest)
-
-	if (result.getStatusCode() != 200) {
-		LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to patch the AGOVaq 100 role (http status code ${result.getStatusCode()})'")
-
-	} else if (!audited) {
-		LOG.warn("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='patched AGOVaq 100 role with idVerification'")
-		audited = true
-	}
-}
-
-
-if (audited) {
-	response.setResult('reload')
-} else {
+// 1a) check if user has a credential
+if ( recoveryCredential != null ) {
+	LOG.debug("Account '${user}' has an active recovery code, no need to create new code")
 	response.setResult('done')
-}
+	return
+}
+
+// 1b) check if a recovery is ongoing (nothing to do)
+if (Arrays.stream(response.getActualRoles()).filter( r -> r.contains('AGOV-AccountStatus.recovery')).findAny().isPresent()) {
+	LOG.debug("Account '${user}' is in recovery, no need to create new code")
+	response.setResult('done')
+	return
+}
+
+
+// 2) set cookie for recoveryCode
+if (outargs.containsKey('out.JWTToken')) {
+  def token = outargs.getProperty('out.JWTToken').bytes.encodeBase64().toString()
+  def agovRecoveryCodeCookie = "agovRecoveryCode=${token }; Domain=${parameters.get('cookie.domain')}; Path=/; SameSite=Strict; Secure; HttpOnly"
+  response.setHeader('Set-Cookie', agovRecoveryCodeCookie)
+  outargs.remove('out.JWTToken')
+}
+
+// 3) generate code if not yet done
+if (!session['agov.new.recovery.code.generated']) {
+	inargs.remove('submit')
+	try {
+		def postRequest = new HTTPRequestWrapper()
+		postRequest.addToHeaders('Content-Type',  ['application/json'])
+
+		postRequest.setPayLoad("{\"userExtId\":\"$userExtId\",\"userSessionId\": \"$sessionId\"}".getBytes('UTF-8'))
+		
+        def result = idmRestClient.postWithResponse(endPoint, postRequest)
+		if (result.getStatusCode() != 200) {
+            LOG.debug("Payload: ${new String(postRequest.getPayLoad())}")
+            LOG.debug("Result: ${result}")
+			LOG.warn("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create code (http status code ${result.getStatusCode()})")
+			response.setResult('failed')
+			return
+		}
+
+		def json = new JsonSlurper().parseText(new String(result.getPayLoad(), 'UTF-8'))
+
+		notes.setProperty('agov.new.recovery.code', json['recoveryCode']['code'].replaceAll('^(....)(....)(.*)$', '$1-$2-$3'))
+		LOG.debug("agov.new.recovery.code: ${notes['agov.new.recovery.code']}")
+
+		response.setSessionAttribute('agov.new.recovery.code.generated', 'true')
+		def validTil = "${json['recoveryCode']['validUntil'][2]}.${json['recoveryCode']['validUntil'][1]}.${json['recoveryCode']['validUntil'][0]}"
+		response.setSessionAttribute('agov.new.recovery.code.validTil', validTil)
+		response.setSessionAttribute('agov.new.recovery.code.pdfAuthToken', json['authToken'])
+
+		LOG.info("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
+
+	} catch(Exception e) {
+		LOG.warn("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create code (http status code ${e.getMessage()})")
+		LOG.error("Recoverycode processing failed: $e")
+		response.setResult('failed')
+		return
+	}
+
+	response.setResult('encryptCode')
+	return
+}
+
+if (inargs['submit']) {
+	def agovRecoveryCodeCookie = "agovRecoveryCode=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly"
+	response.setHeader('Set-Cookie', agovRecoveryCodeCookie)
+	response.setResult('done')
+	return
+}
+
+// show the GUI
+response.setStatus(AuthResponse.AUTH_CONTINUE)

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf

@@ -1,8 +1,8 @@
 RTENV_SECURITY_CHECK=no_shell
 
 JAVA_OPTS=(
-    "-Dfile.encoding=UTF-8"
     "-XX:+UseContainerSupport"
+    "-Dfile.encoding=UTF-8"
     "-XX:MaxRAMPercentage=80.0"
     "-Djava.net.preferIPv4Stack=true"
     "-Djava.net.connectionTimeout=10000"
@@ -12,7 +12,7 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
     "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-default-tls-trust/truststore.p12"
     "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-default-tls-trust/keypass}"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/otel.properties

@@ -1,4 +1,4 @@
-otel.service.name=auth
-otel.traces.exporter=none
-otel.metrics.exporter=none
-otel.logs.exporter=none
+otel.service.name = auth
+otel.traces.exporter = none
+otel.metrics.exporter = none
+otel.logs.exporter = none

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisFIDO"
   replicas: 1
-  version: "7.2402.1"
+  version: "8.2405.1"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -28,20 +28,25 @@ spec:
     management:
       httpGet:
         path: "/nevisfido/liveness"
-      initialDelaySeconds: 40
-      periodSeconds: 30
+      periodSeconds: 5
       timeoutSeconds: 6
   readinessProbe:
     management:
       httpGet:
         path: "/nevisfido/health"
-      initialDelaySeconds: 40
-      periodSeconds: 30
+      periodSeconds: 5
       timeoutSeconds: 6
+  startupProbe:
+    management:
+      httpGet:
+        path: "/nevisfido/health"
+      periodSeconds: 5
+      timeoutSeconds: 6
+      failureThreshold: 50
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486"
+    tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf

@@ -2,10 +2,10 @@ RUN_ARGS="--config conf/nevisfido.yml --log-config conf/logging.yml"
 
 JAVA_OPTS=(
     "-XX:+UseContainerSupport"
-    "-XX:MaxRAMPercentage=80.0"
     "-Dignore.me"
+    "-XX:MaxRAMPercentage=80.0"
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json

@@ -91,6 +91,29 @@
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
+  {
+    "aaid" : "F1D0#0005",
+    "description" : "Android NEVIS Mobile Authentication Password Authenticator",
+    "assertionScheme" : "UAFV1TLV",
+    "attestationRootCertificates" : [],
+    "attestationTypes" : [ 15880 ],
+    "upv" : [ {
+      "major" : 1,
+      "minor" : 1
+    } ],
+    "userVerificationDetails" : [ [ {
+      "userVerification" : 4
+    } ] ],
+    "attachmentHint" : 1,
+    "authenticationAlgorithm" : 9,
+    "authenticatorVersion" : 1,
+    "isSecondFactorOnly" : false,
+    "keyProtection" : 1,
+    "matcherProtection" : 1,
+    "publicKeyAlgAndEncoding" : 256,
+    "tcDisplay" : 1,
+    "tcDisplayContentType" : "text/plain"
+  },
   {
     "aaid" : "F1D0#1001",
     "description" : "iOS NEVIS Mobile Authentication PIN Authenticator",
@@ -182,5 +205,27 @@
     "publicKeyAlgAndEncoding" : 257,
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
-  }
-]
+  },
+  {
+    "aaid" : "F1D0#1005",
+    "description" : "iOS NEVIS Mobile Authentication Password Authenticator",
+    "assertionScheme" : "UAFV1TLV",
+    "attestationRootCertificates" : [],
+    "attestationTypes" : [ 15880 ],
+    "upv" : [ {
+      "major" : 1,
+      "minor" : 1
+    } ],
+    "userVerificationDetails" : [ [ {
+      "userVerification" : 4
+    } ] ],
+    "attachmentHint" : 1,
+    "authenticationAlgorithm" : 2,
+    "authenticatorVersion" : 1,
+    "isSecondFactorOnly" : false,
+    "keyProtection" : 1,
+    "matcherProtection" : 1,
+    "publicKeyAlgAndEncoding" : 257,
+    "tcDisplay" : 1,
+    "tcDisplayContentType" : "text/plain"
+  }]

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/otel.properties

@@ -1,4 +1,4 @@
-otel.service.name=fido-uaf
-otel.traces.exporter=none
-otel.metrics.exporter=none
-otel.logs.exporter=none
+otel.service.name = fido-uaf
+otel.traces.exporter = none
+otel.metrics.exporter = none
+otel.logs.exporter = none

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisFIDO"
   replicas: 1
-  version: "7.2402.1"
+  version: "8.2405.1"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -28,20 +28,25 @@ spec:
     management:
       httpGet:
         path: "/nevisfido/liveness"
-      initialDelaySeconds: 40
-      periodSeconds: 30
+      periodSeconds: 5
       timeoutSeconds: 6
   readinessProbe:
     management:
       httpGet:
         path: "/nevisfido/health"
-      initialDelaySeconds: 40
-      periodSeconds: 30
+      periodSeconds: 5
       timeoutSeconds: 6
+  startupProbe:
+    management:
+      httpGet:
+        path: "/nevisfido/health"
+      periodSeconds: 5
+      timeoutSeconds: 6
+      failureThreshold: 50
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486"
+    tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf

@@ -6,5 +6,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/otel.properties

@@ -1,4 +1,4 @@
-otel.service.name=fido2
-otel.traces.exporter=none
-otel.metrics.exporter=none
-otel.logs.exporter=none
+otel.service.name = fido2
+otel.traces.exporter = none
+otel.metrics.exporter = none
+otel.logs.exporter = none

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisIDM"
   replicas: 1
-  version: "7.2402.2"
+  version: "8.2405.1"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -28,20 +28,25 @@ spec:
     management:
       httpGet:
         path: "/liveness"
-      initialDelaySeconds: 40
       periodSeconds: 30
       timeoutSeconds: 6
   readinessProbe:
     management:
       httpGet:
         path: "/health"
-      initialDelaySeconds: 40
       periodSeconds: 30
       timeoutSeconds: 6
+  startupProbe:
+    management:
+      httpGet:
+        path: "/health"
+      periodSeconds: 30
+      timeoutSeconds: 6
+      failureThreshold: 10
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486"
+    tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/env.conf

@@ -1 +1,8 @@
-JAVA_OPTS="-XX:+UseContainerSupport -XX:MaxRAMPercentage=80.0 -javaagent:/opt/agent/opentelemetry-javaagent.jar -Dotel.javaagent.logging=application -Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties -Dotel.resource.attributes=service.version=7.2402.2,service.instance.id=$HOSTNAME"
+JAVA_OPTS=(
+    "-XX:+UseContainerSupport"
+    "-XX:MaxRAMPercentage=80.0"
+    "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
+    "-Dotel.javaagent.logging=application"
+    "-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
+    "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
+)

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/nevisidm-prod.properties

@@ -89,6 +89,8 @@ server.host=0.0.0.0
 # source: pattern://b8a36646f81c3247cdb5d90b
 server.tls.enabled=true
 # source: pattern://b8a36646f81c3247cdb5d90b
+server.tls.client-auth=requested
+# source: pattern://b8a36646f81c3247cdb5d90b
 server.tls.keystore=/var/opt/keys/own/idm-default-identity/keystore.p12
 # source: pattern://b8a36646f81c3247cdb5d90b
 server.tls.keystore-passphrase=${exec:/var/opt/keys/own/idm-default-identity/keypass}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/otel.properties

@@ -1,4 +1,4 @@
-otel.service.name=idm
-otel.traces.exporter=none
-otel.metrics.exporter=none
-otel.logs.exporter=none
+otel.service.name = idm
+otel.traces.exporter = none
+otel.metrics.exporter = none
+otel.logs.exporter = none

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisLogrend"
   replicas: 1
-  version: "7.2402.0"
+  version: "8.2405.0"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -28,19 +28,23 @@ spec:
     management:
       httpGet:
         path: "/nevislogrend/liveness"
-      initialDelaySeconds: 40
-      periodSeconds: 30
+      periodSeconds: 5
       timeoutSeconds: 6
   readinessProbe:
     server:
       tcpSocket: true
-      initialDelaySeconds: 40
-      periodSeconds: 20
+      periodSeconds: 5
       timeoutSeconds: 4
+  startupProbe:
+    server:
+      tcpSocket: true
+      periodSeconds: 5
+      timeoutSeconds: 4
+      failureThreshold: 50
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486"
+    tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend"
     credentials: "git-credentials"
   podSecurity:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/env.conf

@@ -4,11 +4,11 @@ RTENV_SECURITY_CHECK=no_shell
 LOGREND_DEPLOY_TYPE=standalone
 
 JAVA_OPTS=(
-    "-Dfile.encoding=UTF-8"
     "-XX:+UseContainerSupport"
+    "-Dfile.encoding=UTF-8"
     "-XX:MaxRAMPercentage=80.0"
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevislogrend/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=7.2402.0,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2405.0,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/otel.properties

@@ -1,4 +1,4 @@
-otel.service.name=logrend
-otel.traces.exporter=none
-otel.metrics.exporter=none
-otel.logs.exporter=none
+otel.service.name = logrend
+otel.traces.exporter = none
+otel.metrics.exporter = none
+otel.logs.exporter = none

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_it.properties

@@ -135,10 +135,10 @@ prompt.newpassword=Nuova Password
 prompt.newpassword.confirm=Conferma password
 prompt.password=Password
 prompt.userid=Nome utente
-pwreset.done.info=Your password was successfully changed. Please click on continue to log in.
+pwreset.done.info=La password è stata modificata con successo. Fare clic su continua per accedere.
 pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password.
-pwreset.info.linktext=Password forgotten
-pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one.
+pwreset.info.linktext=Password dimenticata
+pwreset.noticket=Il biglietto per la reimpostazione della password non è più valido. Si prega di generarne uno nuovo.
 recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata 
 recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. 
 recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
@@ -204,7 +204,7 @@ recovery_start_info.title=Il processo di ripristino sta per iniziare.
 title=NEVIS SSO Portal
 title.login=Login
 title.pwchange.label=Cambiare Password
-title.pwreset=Password Forgotten
+title.pwreset=Password Dimenticata
 user_input.invalid.email=Inserire un'e-mail valida.
 user_input.invalid.email.required=Campo obbligatorio
 user_input.invalid.email.tooLong=Il testo inserito è troppo lungo. 

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_it.properties

@@ -135,10 +135,10 @@ prompt.newpassword=Nuova Password
 prompt.newpassword.confirm=Conferma password
 prompt.password=Password
 prompt.userid=Nome utente
-pwreset.done.info=Your password was successfully changed. Please click on continue to log in.
+pwreset.done.info=La password è stata modificata con successo. Fare clic su continua per accedere.
 pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password.
-pwreset.info.linktext=Password forgotten
-pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one.
+pwreset.info.linktext=Password dimenticata
+pwreset.noticket=Il biglietto per la reimpostazione della password non è più valido. Si prega di generarne uno nuovo.
 recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata 
 recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. 
 recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
@@ -204,7 +204,7 @@ recovery_start_info.title=Il processo di ripristino sta per iniziare.
 title=NEVIS SSO Portal
 title.login=Login
 title.pwchange.label=Cambiare Password
-title.pwreset=Password Forgotten
+title.pwreset=Password Dimenticata
 user_input.invalid.email=Inserire un'e-mail valida.
 user_input.invalid.email.required=Campo obbligatorio
 user_input.invalid.email.tooLong=Il testo inserito è troppo lungo. 

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_it.properties

@@ -135,10 +135,10 @@ prompt.newpassword=Nuova Password
 prompt.newpassword.confirm=Conferma password
 prompt.password=Password
 prompt.userid=Nome utente
-pwreset.done.info=Your password was successfully changed. Please click on continue to log in.
+pwreset.done.info=La password è stata modificata con successo. Fare clic su continua per accedere.
 pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password.
-pwreset.info.linktext=Password forgotten
-pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one.
+pwreset.info.linktext=Password dimenticata
+pwreset.noticket=Il biglietto per la reimpostazione della password non è più valido. Si prega di generarne uno nuovo.
 recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata 
 recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. 
 recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
@@ -204,7 +204,7 @@ recovery_start_info.title=Il processo di ripristino sta per iniziare.
 title=NEVIS SSO Portal
 title.login=Login
 title.pwchange.label=Cambiare Password
-title.pwreset=Password Forgotten
+title.pwreset=Password Dimenticata
 user_input.invalid.email=Inserire un'e-mail valida.
 user_input.invalid.email.required=Campo obbligatorio
 user_input.invalid.email.tooLong=Il testo inserito è troppo lungo. 

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_it.properties

@@ -135,10 +135,10 @@ prompt.newpassword=Nuova Password
 prompt.newpassword.confirm=Conferma password
 prompt.password=Password
 prompt.userid=Nome utente
-pwreset.done.info=Your password was successfully changed. Please click on continue to log in.
+pwreset.done.info=La password è stata modificata con successo. Fare clic su continua per accedere.
 pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password.
-pwreset.info.linktext=Password forgotten
-pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one.
+pwreset.info.linktext=Password dimenticata
+pwreset.noticket=Il biglietto per la reimpostazione della password non è più valido. Si prega di generarne uno nuovo.
 recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata 
 recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. 
 recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
@@ -204,7 +204,7 @@ recovery_start_info.title=Il processo di ripristino sta per iniziare.
 title=NEVIS SSO Portal
 title.login=Login
 title.pwchange.label=Cambiare Password
-title.pwreset=Password Forgotten
+title.pwreset=Password Dimenticata
 user_input.invalid.email=Inserire un'e-mail valida.
 user_input.invalid.email.required=Campo obbligatorio
 user_input.invalid.email.tooLong=Il testo inserito è troppo lungo. 

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisProxy"
   replicas: 1
-  version: "7.2402.1"
+  version: "8.2405.0"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -28,20 +28,25 @@ spec:
     management:
       httpGet:
         path: "/liveness"
-      initialDelaySeconds: 40
-      periodSeconds: 30
+      periodSeconds: 5
       timeoutSeconds: 6
   readinessProbe:
     management:
       httpGet:
         path: "/readiness"
-      initialDelaySeconds: 40
-      periodSeconds: 30
+      periodSeconds: 5
       timeoutSeconds: 6
+  startupProbe:
+    management:
+      httpGet:
+        path: "/readiness"
+      periodSeconds: 5
+      timeoutSeconds: 6
+      failureThreshold: 50
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486"
+    tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/navajo.xml

@@ -8,7 +8,7 @@
         <!-- source: pattern://0ceb05c56644a59d648c13b9 -->
         <Timer periodicity="60"/>
         <!-- source: pattern://0ceb05c56644a59d648c13b9 -->
-        <Server User="nevis" Group="root" ServerAdmin="admin@company.com" ServerName="proxy-idp" Timeout="30" MaxClients="600" MaxRequestsPerChild="0" KeepAlive="on" KeepAliveTimeout="5" MaxKeepAliveRequests="100" LimitRequestLine="5120" LimitRequestBody="512000" LimitRequestFields="50" LimitRequestFieldsize="5120" ServerRoot="/var/opt/nevisproxy/default" CoreDumpDirectory="" ErrorLog="&quot;|/bin/sed -u s/^/[apache.log]\ /g&quot;" Loglevel="notice" TransferLog="&quot;|/bin/stdbuf -oL /bin/egrep -v GET./.....?ness&quot;" LogFormat="&quot;[access.log] %h %l %u %t \&quot;%r\&quot; %&gt;s %b %{content-length}i %T %v \&quot;%{Referer}i\&quot; \&quot;%{User-Agent}i\&quot; trID=%{UNIQUE_ID}e&quot;" SSLPassPhraseDialog="builtin" SSLSessionCache="shmcb:/var/opt/nevisproxy/default/run/apache_shmcb"/>
+        <Server User="nevis" Group="root" ServerName="proxy-idp" Timeout="30" MaxClients="600" MaxRequestsPerChild="0" KeepAlive="on" KeepAliveTimeout="5" MaxKeepAliveRequests="100" LimitRequestLine="5120" LimitRequestBody="512000" LimitRequestFields="50" LimitRequestFieldsize="5120" ServerRoot="/var/opt/nevisproxy/default" CoreDumpDirectory="" ErrorLog="&quot;|/bin/sed -u s/^/[apache.log]\ /g&quot;" LogLevel="notice" TransferLog="&quot;|/bin/stdbuf -oL /bin/egrep -v GET./.....?ness&quot;" LogFormat="&quot;[access.log] %h %l %u %t \&quot;%r\&quot; %&gt;s %b %{content-length}i %T %v \&quot;%{Referer}i\&quot; \&quot;%{User-Agent}i\&quot; trID=%{UNIQUE_ID}e&quot;" SSLPassPhraseDialog="builtin" SSLSessionCache="shmcb:/var/opt/nevisproxy/default/run/apache_shmcb"/>
         <!-- source: pattern://0ceb05c56644a59d648c13b9 -->
         <Connector port="11080" name="management" listen="0.0.0.0:11080"/>
         <!-- source: pattern://1f0702aaabef60a615abf41f -->

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml

@@ -652,8 +652,8 @@
         </init-param>
         <!-- source: pattern://cb8c63274fe346280de0ffd5 -->
         <init-param>
-            <param-name>StateKey</param-name>
-            <param-value>Auth_Realm_Mobile_FIDO_UAF</param-value>
+            <param-name>StoreInterceptedRequest</param-name>
+            <param-value>false</param-value>
         </init-param>
     </filter>
     <!-- source: pattern://06aeae2d799e492f5580d03b -->
@@ -692,8 +692,8 @@
         </init-param>
         <!-- source: pattern://06aeae2d799e492f5580d03b -->
         <init-param>
-            <param-name>StateKey</param-name>
-            <param-value>NotUsed_Auth_Realm</param-value>
+            <param-name>StoreInterceptedRequest</param-name>
+            <param-value>false</param-value>
         </init-param>
     </filter>
     <!-- source: pattern://0d3511bed6798a78cc3237f6 -->