diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml
index 3e7a98a..6f05430 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml
@@ -11,7 +11,7 @@ metadata:
spec:
type: "NevisAuth"
replicas: 1
- version: "7.2402.1"
+ version: "8.2405.1"
gitInitVersion: "1.3.0"
runAsNonRoot: true
ports:
@@ -27,20 +27,25 @@ spec:
livenessProbe:
soap:
tcpSocket: true
- initialDelaySeconds: 40
- periodSeconds: 20
+ periodSeconds: 5
timeoutSeconds: 4
readinessProbe:
management:
httpGet:
path: "/nevisauth/liveness"
- initialDelaySeconds: 40
- periodSeconds: 30
+ periodSeconds: 5
timeoutSeconds: 6
+ startupProbe:
+ management:
+ httpGet:
+ path: "/nevisauth/liveness"
+ periodSeconds: 5
+ timeoutSeconds: 6
+ failureThreshold: 50
podDisruptionBudget:
maxUnavailable: "50%"
git:
- tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486"
+ tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts"
credentials: "git-credentials"
keystores:
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf
index c7a71a4..5cd92a4 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf
@@ -1,8 +1,8 @@
RTENV_SECURITY_CHECK=no_shell
JAVA_OPTS=(
- "-Dfile.encoding=UTF-8"
"-XX:+UseContainerSupport"
+ "-Dfile.encoding=UTF-8"
"-XX:MaxRAMPercentage=80.0"
"-Djava.net.preferIPv4Stack=true"
"-Djava.net.connectionTimeout=10000"
@@ -12,7 +12,7 @@ JAVA_OPTS=(
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
- "-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME"
+ "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
"-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-sts-default-tls-trust/truststore.p12"
"-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-sts-default-tls-trust/keypass}"
)
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/otel.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/otel.properties
index 67787db..5ba3ee1 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/otel.properties
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/otel.properties
@@ -1,4 +1,4 @@
-otel.service.name=auth-sts
-otel.traces.exporter=none
-otel.metrics.exporter=none
-otel.logs.exporter=none
+otel.service.name = auth-sts
+otel.traces.exporter = none
+otel.metrics.exporter = none
+otel.logs.exporter = none
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
index 6af89b6..f69fb9f 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
@@ -11,7 +11,7 @@ metadata:
spec:
type: "NevisAuth"
replicas: 1
- version: "7.2402.1"
+ version: "8.2405.1"
gitInitVersion: "1.3.0"
runAsNonRoot: true
ports:
@@ -27,20 +27,25 @@ spec:
livenessProbe:
soap:
tcpSocket: true
- initialDelaySeconds: 40
- periodSeconds: 20
+ periodSeconds: 5
timeoutSeconds: 4
readinessProbe:
management:
httpGet:
path: "/nevisauth/liveness"
- initialDelaySeconds: 40
- periodSeconds: 30
+ periodSeconds: 5
timeoutSeconds: 6
+ startupProbe:
+ management:
+ httpGet:
+ path: "/nevisauth/liveness"
+ periodSeconds: 5
+ timeoutSeconds: 6
+ failureThreshold: 50
podDisruptionBudget:
maxUnavailable: "50%"
git:
- tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486"
+ tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
credentials: "git-credentials"
keystores:
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/cert.pem b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/cert.pem
index 2970f68..fc03136 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/cert.pem
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/cert.pem
@@ -1,17 +1,22 @@
-----BEGIN CERTIFICATE-----
-MIICwzCCAmigAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1zZWxmc2ln
-bmVkLWNhMB4XDTIzMDcyMDExMzcyNloXDTI0MDcxOTExMzcyNlowIDEeMBwGA1UE
-AwwVaWRwc2lnbmVyLnVhdC5hZ292LmNoMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A
-MIIBigKCAYEA28fXdfRLtrzS0F5Hp5zEzPFfpNXKpIrbJaWdqwiuY6VIrzAJW0Wo
-FMuV2IHnU7sO8+B05Z20wq3x5JAbgYlBFnfdub/CYmyykAf0Rxz9irc9qbXBmX0A
-G+JhQLxLcfyqlmFyLsjaxT3nUrytP+604LtzesnC3N7gfGtmSKgclym1s2ZVWkAK
-4VXAZsM5HBnW1feHxSv3UTzvorW7PWkbmy4LU8SDoSraHgB/pBaiJRG8SMTjBHho
-TTdFLPmH/N9dt5N1oJginnY9GvRJD8Qj1lrsTZOtv8ttKhnQkmymly+NCt7+wGIa
-7HQQawqBIvflGG+R1OdQx7Q20/y5EfO4V3zJgq3p+gz9AziGPHEy+2s+i5LME1AI
-D6vLfDN8cnTCdgqZGhAkRMBHtOydJd3dpJ0tgjnrdUpla2PoWp1B/v/Plneb9L5v
-aMNqtuQA852dR14lP7+EeRLe9vJvzm9eBdF0JrDUm1K2Xy66i5gdzOoJngnRpl5J
-nNSweT+A8dn9AgMBAAGjUDBOMAsGA1UdDwQEAwIDqDAdBgNVHSUEFjAUBggrBgEF
-BQcDAQYIKwYBBQUHAwIwIAYDVR0RBBkwF4IVaWRwc2lnbmVyLnVhdC5hZ292LmNo
-MAoGCCqGSM49BAMCA0kAMEYCIQCarOXKlJ0DVxVPGyj3oPMHWCJB+Xyee+j7k1gu
-OC93CQIhAICIzY/yCbST5V502Bt3vRCZMCmzhzXIGTol2PEoby6H
+MIIDlDCCAnwCCQC4xKJxfbSLBzANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMC
+Y2gxEDAOBgNVBAoMB2Fkbm92dW0xDTALBgNVBAsMBGFnb3YxJzAlBgNVBAMMHmph
+a29iLmFnb3YtZC5henVyZS5hZG5vdnVtLm5ldDEyMDAGCSqGSIb3DQEJARYjaW5m
+b0BqYWtvYi5hZ292LWQuYXp1cmUuYWRub3Z1bS5uZXQwHhcNMjMwMzIxMTUyMjI0
+WhcNMjgwMzE5MTUyMjI0WjCBizELMAkGA1UEBhMCY2gxEDAOBgNVBAoMB2Fkbm92
+dW0xDTALBgNVBAsMBGFnb3YxJzAlBgNVBAMMHmpha29iLmFnb3YtZC5henVyZS5h
+ZG5vdnVtLm5ldDEyMDAGCSqGSIb3DQEJARYjaW5mb0BqYWtvYi5hZ292LWQuYXp1
+cmUuYWRub3Z1bS5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB
+8LPO6Nack2z1whTratLxRD9KraO8QGrVTEa0p+23EKJH4WYE0QGzXbX4oFl2maXE
+QDeCBofTnrl8sL3yVxBy56qO8T3VxYtt9akjty6PujO48bgJr2VGjGgtPYPUeOEk
+lzCS616732Bnxc2iqo267G/tGooRIOOqefSyhEGmbI3KGv/zYZn/qxQo/A+5f+6y
+zEoKdmnBF6vnowvffKfdFKI8udd5eKmfyrc5iNYHXoVP/HmqKbkyrBw1U0ysihRJ
+3vyJVDtirQ5chLn0jOZ4UZ5SBck9+784yrVqpNbsWAe3NU+Vfx4wCk/rPWRDa1E2
+fk+gEVvEMUFt4UvU25BdAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIxToc9muu9z
+d4yycZCgZbDtzrq2Un+m/m3TrBNzLV7UBbGt7HW9/kxvdFJTKgNEj+ZD1cY6O6D7
+vrWV0Xb1XPgkaAfypc4Y7IOUTFDR/ib4siP9gPkHvr5WSIip3mFgX9yIV910N/hh
+ImE9/Jtf/q9MopBu8J6zRmL/J8mVewVdcU3xqz27OVMMSht0Du8FcpIrNQwqc1LN
+tCgdj+pw5vl7NH546WlyYNpLEkAeBpJ3XCBDDwcQftC+/cQ7GKJGtOJ4ODdxWMyX
+ThsHJ7MCTiN+MoW5CeioGSmngezh4Gs5SpGAGVvwNvXW2jiGdRDdHmyxDPjCQvYA
+wwZrmgtpYE0=
-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/key.pem b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/key.pem
index 199759d..b1f8ff8 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/key.pem
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/key.pem
@@ -1,42 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIHazBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUXJ4RUaby0ltJyJMX
-fUO+2LAlu7cCAggAMB0GCWCGSAFlAwQBKgQQ0YfRZzwcjphTKuPQxktTuASCBxCG
-+b55W3IEKc/Yqf+zIRHBgvCY+w+l7vSMQqtDYOtiUBdxZWewy+IoV4Pw0X/ORT6k
-Jk8RXTG7hXb4GtuRmgVJeyxsf+8vhrtVpyelLLYkTalAjjvtT2YAukltALLpFMQm
-Zm42rW0HrVRtn6k7osbe5zL4whyhikohXamPJpTTrImP8fMzYyxfiHx2Y7Tnc66N
-SMxBaQ3m2HClE6+6rkcPv/oC9V74GGYpCk0EcH7gsRLQFj3IlJTVxQoCP44ldzhq
-fyWYe1DneH6IJLXID3Igca26ZXU9rTcfqAsBmVACq0GKdgXAFSUAhF6onqXjzpGQ
-/m7Vl3JbNPvrcgxzKBJsj9Z/Hv4qKz2yVpe3OMchTdxpI5k383y1F4rw8i4GSWIL
-+A+t5M26WJw2uHx/k2RL1jyeXH2gR3IA72AffDU+f3jqd9pOqxXKSIhGq/KOK5Vk
-SiJ4IesVz26bfwjXEKcQk5qIpDBGjfSkYgMXxlQwOwTIoRn+1FM7Txox6tsVj4/v
-RnaorVayq5W1fk3t5EfNLprSFDO9T6OxFKvfzKMghdrKFNa5a3oqr3RDZSCE0tca
-m9jQ9bp1ooD8/EUWsBxG4eJxe9B+yG3QAkudOoklJYTE9ysHBl2cPOIOksqrD76G
-agezGRazfqFVCmOtlye7bzQXv/AgDa/ve5E1f9jjueop2OwbvoEzCsrSYCWh3uiM
-C2IkvtSI6gW+9C8H1ofElKtDlRft/lMuviLCb3u7xsu2r7v/va2aYy4Lh6B5xARt
-G7A4ZX0cxoI2N/T2FgHwJ8p7lTXJ8KuTGv0jrno9MBdKqo+HBtRTbFoi63qZ7EtL
-MJS63MK4kSXcwyJ4+pnH0bI1wXf5qK7TVoWG6ZAWw385xaohXZZ6JK/z1WNbpfCU
-hlvjjdLxmNE5R/kmiKjp6zPhfR6+z73QXX9s3ZZv9fAV1mZcLwcucNnMRdJcYSVU
-bNwAqnxhIoIZZB5H0c+jLfpaGyzVeAUzI3ljCekUlvutXFNSur6TI2ZmViiwIhuw
-82A084eZ9qOBA+z64Xo9VJqWgdj99b45JNExcsmvbXG1REB8QAKzzGzadtwnc6VV
-iWuK9SPbIqOp2Sa6FEa/VxbgDOUiv20G5irs5Kp0iU+yRKerG/ejvBAn4o3M94wv
-hDwSmn80uu5NJtHuta+9u2jM6yyNl4ghXLxTl9gfbnpzI4wuX+4xhhdNm6HCNqcG
-IzPUFS207YKR0QTaHB5x3ItVpp6Rjpb5lOtEpmff7qO/69ljtNLRe+VEdqLrQoK7
-9IsIaXqBp719nyG3z90KwBigRGl1ljDF3plT1slERdfMsdVdT8duwHc8mevR/H+t
-VG0DkUmGAamyr2plyZiDtzfly/qhG9de4WCRLckVJvMkzwrpmtN+DIB26a1mQwrA
-OuKaCBrQj/1G7EnHuNDWOFOtbHUqitQ9OukNCTi5/7JMp6FY2bIyE58Hoj88m4Hy
-wMMzkFYkh5NJ82ysUdewX99vTJjgD0qKFoDBqB1REEOWi8J14vdGmejhq0A5rq0q
-2tBAyVSbK8gFfY7pQCGpHSerlR8YGpS01KBDct+MlkIout6SrvWxUhwnx9Lmi09f
-Kk/170DJXXhWlkTu8mylAF7A9vEzsST3GZgnaWkXIeFDKiXUD1w+io1K2ziZbiZZ
-Im3dSe6dxsWZkYF+wjpnTjS7op3Q6gOJ3mkkGpBWOtOzGiFNIP/7epSr3eVInHdo
-F4HgET5h2VknsXMKdzU0YDcXsDdWwwwyHqKIM9b37mqA6c3bMwTB1+ykrznudnAP
-8jpqPz6mUqvwzqPoi3e2bNxPwnYgguFrUIqYgiydfZQ3AZsQGTVTq6Jjp/+7K9xv
-yCuwjpuEtz5ZNchcwrJoj8Yet9saYSGBaUu10Ks0/PGIHKbznVQJHCBofAmE6WQb
-cIveRYphfVjbIa+VxpLJRaMj5ymZSViBtHx6Gwjsnq2NR5H1qBt79qXWzRk7ulJy
-cpVasv7Gi3W8SIEbcDvlWUgc8jJOXPmhQ63BS4+eyYNgrSxFY4XYhUZ2Cwi8wXvm
-w1MUisDiIIdTapE/rux+bjB5MnEJC/IICvk8NAH5PuSODm/DE34MdlxA/nUP7Cm4
-ssLvI9IK2hzhASqt71gxoOJUnEptPzabMOYm5hIOksfz+0vjO0grgrVXV4UgTmpz
-T3gvIRwg13vkvKxEfpvGJG5aEkCsZS15/MTsF9FPYiYPYeKOOdIGNzYoRbmqGjIg
-5KyeELDKiulsilGFeRnxM97xpVI3DtezQHTr/N37wsJBeCZyOxGa6j/1rf4ZvgGi
-lkHVmCZYqHYlow6qOS8/lIKpHdhBaEmr6ciZ8fiIA4GeYU0GwzdAd8YuNYqF0dxF
-zWupzSNScKSE1nmu0NIdbanhs78Z2q9vqm/B5ueFCQ==
+MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUKIdhme1LQ2vMonbp
+aes9/gRupIYCAggAMB0GCWCGSAFlAwQBKgQQeuo/hWDbfC4vCB3F5pfeKgSCBNAR
+HeV95Ar67bUkkWrHUC0jCRvnMjh9wyC6w1pFP2nW+++Qkl93v+gIjr4b9Rw9RBTd
+QsOVkaB7vvQ5qjvWya9HJ2aHZ6KwMb2GJdY0ouH16ga/YRZFKQ0aCfO9spezUJ7t
+2KesD78IxFbey5mRYXmvTW6+BeUt+d4TQbgR0/PdqC9WOg7H3iBvs61MQgro2Itc
+sxQ9SBHa358oyUkGuIz2XKo/enikX49LOjpwB5EdFKky+YhtvGx9NHQIzs8RZqfd
+Lpe6VsWXTTSSiXD8r7WEsCnfThpneOE1Pz58woeT3QHt6WscPsUGPx/coQNKzx+R
+0d+gt73kwqFbIbI9DkUoaruv6qsLcZ2yC36YNie7ggaqCC6dhan2tx3U+vRTn6I8
+dOCAuP7bx/iQDfHXsUC5Tatu91OkEbGA4Oz3WXpSyhmMXsSrRP7Rjivb0e7rLlde
+Q3TWYpa5KWqVeFpZhUFyrwJrtmMwzdu2tLfZDFKEriA/UbB3djHWM/O4/LvFqvpV
+VQfKtrD8OcnElGt5nJoFOGO8cXWD4opaZ5nGboLpuLuOtZN59EnZwtI1lyALdrB4
+MDENw0tVx7LBo13jvAtgx7vXgSPzNpJvp+A+0V2yeT+cHWeX1T1H79QcNE0vGkr/
+aURDUTAEIYO2TOp+14Ag1Y9T8j+z0m6lxqwO33Hf07wqzeVHaNBh3Ckv4+xUNl+U
+MDx/ZSmdPe07mvVrleb83XYvkC8rytS43mKxke912l+++GPWHLDl6wz1LwAQbI2b
+5S/iPJI08O3y9cylRMOSBGXnIh8Ml748zEJVeac+B32cqt3nQ16WwCxfF6UjEeEE
+aMKhPsdgB0pRRGFL8otK2bheqlJrtFk0FfFJ4B1gbO0oHPCygWvV5Cnz8UcNOMIS
+u5rIjD4wz8Gcclk3c5fvfKb9xhcpop3sAJy/srteKRDJrJNlHwleCDgkVE5PkuDP
+z0B6OyTsprupTVx3eLbiA1yRT8HzaaGo6xfc7dKwWZW7J+jmbKVsbjcxSo/ChsMg
+ZP+cWGh2SLQ04mNkWetOYHMODlSAfrYYRIPkMUyLJCDPgynLeOa0u8xWxpQsmt8x
+6bVhtJhf4NxyZpKYgNfdkYoerqyBOhbUlcfud1qdqRCfp6gq4rBhBktGbGkgaNk0
+bGLu+/uWm3pDPSWRWnhC8gXvEwMtr3kMzAe5f0yQ6L/nsBPGs+A8rGTGDg0wfoxW
+Pn+AX9ywY1DWHBCK02QooIJKfvVnwr8qnhHVrqOOJlP5GMIXpx5eYkSrUtDxGwR8
+JOgUMAJ9GVwvxqi3g8MFPrb76b6ZheofBU5MI8rzGsXN1qWf7Ml0UQc2PcShvyNX
+BW0xuX5dK1UZRKJcDGIWdeFjrnAhXayJCQse0wsXSRt9WUxSNUb/MxhO7BIWrEQf
+Famdx2jz/RlnXinUizdlRL+ws8KknA90JdSlT+j+pvsyTHuzJ+Xzex8R+1AmlT2O
+4ZVzzx2JLOcFu5j08t5U5CKbfitsINakPVATekJdov1bCo803dUExfT2OsTxrqR9
+mx6GJTWYE32tg/v4PASu1986ojVNLi2WjrX8NJzkqlUE+4xIeVWN0HE1SflJsL6x
+YXTHWodpQ9VTd0OliSFvzOjFtV768c1+ySV6QngCOQ==
-----END ENCRYPTED PRIVATE KEY-----
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.jks b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.jks
index 940bfe4..c6353e2 100644
Binary files a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.jks and b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.jks differ
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.p12 b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.p12
index f2ffa49..f2d6f08 100644
Binary files a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.p12 and b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.p12 differ
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.pem b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.pem
index d84391a..6971a3f 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.pem
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.pem
@@ -1,60 +1,53 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIHazBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUXJ4RUaby0ltJyJMX
-fUO+2LAlu7cCAggAMB0GCWCGSAFlAwQBKgQQ0YfRZzwcjphTKuPQxktTuASCBxCG
-+b55W3IEKc/Yqf+zIRHBgvCY+w+l7vSMQqtDYOtiUBdxZWewy+IoV4Pw0X/ORT6k
-Jk8RXTG7hXb4GtuRmgVJeyxsf+8vhrtVpyelLLYkTalAjjvtT2YAukltALLpFMQm
-Zm42rW0HrVRtn6k7osbe5zL4whyhikohXamPJpTTrImP8fMzYyxfiHx2Y7Tnc66N
-SMxBaQ3m2HClE6+6rkcPv/oC9V74GGYpCk0EcH7gsRLQFj3IlJTVxQoCP44ldzhq
-fyWYe1DneH6IJLXID3Igca26ZXU9rTcfqAsBmVACq0GKdgXAFSUAhF6onqXjzpGQ
-/m7Vl3JbNPvrcgxzKBJsj9Z/Hv4qKz2yVpe3OMchTdxpI5k383y1F4rw8i4GSWIL
-+A+t5M26WJw2uHx/k2RL1jyeXH2gR3IA72AffDU+f3jqd9pOqxXKSIhGq/KOK5Vk
-SiJ4IesVz26bfwjXEKcQk5qIpDBGjfSkYgMXxlQwOwTIoRn+1FM7Txox6tsVj4/v
-RnaorVayq5W1fk3t5EfNLprSFDO9T6OxFKvfzKMghdrKFNa5a3oqr3RDZSCE0tca
-m9jQ9bp1ooD8/EUWsBxG4eJxe9B+yG3QAkudOoklJYTE9ysHBl2cPOIOksqrD76G
-agezGRazfqFVCmOtlye7bzQXv/AgDa/ve5E1f9jjueop2OwbvoEzCsrSYCWh3uiM
-C2IkvtSI6gW+9C8H1ofElKtDlRft/lMuviLCb3u7xsu2r7v/va2aYy4Lh6B5xARt
-G7A4ZX0cxoI2N/T2FgHwJ8p7lTXJ8KuTGv0jrno9MBdKqo+HBtRTbFoi63qZ7EtL
-MJS63MK4kSXcwyJ4+pnH0bI1wXf5qK7TVoWG6ZAWw385xaohXZZ6JK/z1WNbpfCU
-hlvjjdLxmNE5R/kmiKjp6zPhfR6+z73QXX9s3ZZv9fAV1mZcLwcucNnMRdJcYSVU
-bNwAqnxhIoIZZB5H0c+jLfpaGyzVeAUzI3ljCekUlvutXFNSur6TI2ZmViiwIhuw
-82A084eZ9qOBA+z64Xo9VJqWgdj99b45JNExcsmvbXG1REB8QAKzzGzadtwnc6VV
-iWuK9SPbIqOp2Sa6FEa/VxbgDOUiv20G5irs5Kp0iU+yRKerG/ejvBAn4o3M94wv
-hDwSmn80uu5NJtHuta+9u2jM6yyNl4ghXLxTl9gfbnpzI4wuX+4xhhdNm6HCNqcG
-IzPUFS207YKR0QTaHB5x3ItVpp6Rjpb5lOtEpmff7qO/69ljtNLRe+VEdqLrQoK7
-9IsIaXqBp719nyG3z90KwBigRGl1ljDF3plT1slERdfMsdVdT8duwHc8mevR/H+t
-VG0DkUmGAamyr2plyZiDtzfly/qhG9de4WCRLckVJvMkzwrpmtN+DIB26a1mQwrA
-OuKaCBrQj/1G7EnHuNDWOFOtbHUqitQ9OukNCTi5/7JMp6FY2bIyE58Hoj88m4Hy
-wMMzkFYkh5NJ82ysUdewX99vTJjgD0qKFoDBqB1REEOWi8J14vdGmejhq0A5rq0q
-2tBAyVSbK8gFfY7pQCGpHSerlR8YGpS01KBDct+MlkIout6SrvWxUhwnx9Lmi09f
-Kk/170DJXXhWlkTu8mylAF7A9vEzsST3GZgnaWkXIeFDKiXUD1w+io1K2ziZbiZZ
-Im3dSe6dxsWZkYF+wjpnTjS7op3Q6gOJ3mkkGpBWOtOzGiFNIP/7epSr3eVInHdo
-F4HgET5h2VknsXMKdzU0YDcXsDdWwwwyHqKIM9b37mqA6c3bMwTB1+ykrznudnAP
-8jpqPz6mUqvwzqPoi3e2bNxPwnYgguFrUIqYgiydfZQ3AZsQGTVTq6Jjp/+7K9xv
-yCuwjpuEtz5ZNchcwrJoj8Yet9saYSGBaUu10Ks0/PGIHKbznVQJHCBofAmE6WQb
-cIveRYphfVjbIa+VxpLJRaMj5ymZSViBtHx6Gwjsnq2NR5H1qBt79qXWzRk7ulJy
-cpVasv7Gi3W8SIEbcDvlWUgc8jJOXPmhQ63BS4+eyYNgrSxFY4XYhUZ2Cwi8wXvm
-w1MUisDiIIdTapE/rux+bjB5MnEJC/IICvk8NAH5PuSODm/DE34MdlxA/nUP7Cm4
-ssLvI9IK2hzhASqt71gxoOJUnEptPzabMOYm5hIOksfz+0vjO0grgrVXV4UgTmpz
-T3gvIRwg13vkvKxEfpvGJG5aEkCsZS15/MTsF9FPYiYPYeKOOdIGNzYoRbmqGjIg
-5KyeELDKiulsilGFeRnxM97xpVI3DtezQHTr/N37wsJBeCZyOxGa6j/1rf4ZvgGi
-lkHVmCZYqHYlow6qOS8/lIKpHdhBaEmr6ciZ8fiIA4GeYU0GwzdAd8YuNYqF0dxF
-zWupzSNScKSE1nmu0NIdbanhs78Z2q9vqm/B5ueFCQ==
+MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUKIdhme1LQ2vMonbp
+aes9/gRupIYCAggAMB0GCWCGSAFlAwQBKgQQeuo/hWDbfC4vCB3F5pfeKgSCBNAR
+HeV95Ar67bUkkWrHUC0jCRvnMjh9wyC6w1pFP2nW+++Qkl93v+gIjr4b9Rw9RBTd
+QsOVkaB7vvQ5qjvWya9HJ2aHZ6KwMb2GJdY0ouH16ga/YRZFKQ0aCfO9spezUJ7t
+2KesD78IxFbey5mRYXmvTW6+BeUt+d4TQbgR0/PdqC9WOg7H3iBvs61MQgro2Itc
+sxQ9SBHa358oyUkGuIz2XKo/enikX49LOjpwB5EdFKky+YhtvGx9NHQIzs8RZqfd
+Lpe6VsWXTTSSiXD8r7WEsCnfThpneOE1Pz58woeT3QHt6WscPsUGPx/coQNKzx+R
+0d+gt73kwqFbIbI9DkUoaruv6qsLcZ2yC36YNie7ggaqCC6dhan2tx3U+vRTn6I8
+dOCAuP7bx/iQDfHXsUC5Tatu91OkEbGA4Oz3WXpSyhmMXsSrRP7Rjivb0e7rLlde
+Q3TWYpa5KWqVeFpZhUFyrwJrtmMwzdu2tLfZDFKEriA/UbB3djHWM/O4/LvFqvpV
+VQfKtrD8OcnElGt5nJoFOGO8cXWD4opaZ5nGboLpuLuOtZN59EnZwtI1lyALdrB4
+MDENw0tVx7LBo13jvAtgx7vXgSPzNpJvp+A+0V2yeT+cHWeX1T1H79QcNE0vGkr/
+aURDUTAEIYO2TOp+14Ag1Y9T8j+z0m6lxqwO33Hf07wqzeVHaNBh3Ckv4+xUNl+U
+MDx/ZSmdPe07mvVrleb83XYvkC8rytS43mKxke912l+++GPWHLDl6wz1LwAQbI2b
+5S/iPJI08O3y9cylRMOSBGXnIh8Ml748zEJVeac+B32cqt3nQ16WwCxfF6UjEeEE
+aMKhPsdgB0pRRGFL8otK2bheqlJrtFk0FfFJ4B1gbO0oHPCygWvV5Cnz8UcNOMIS
+u5rIjD4wz8Gcclk3c5fvfKb9xhcpop3sAJy/srteKRDJrJNlHwleCDgkVE5PkuDP
+z0B6OyTsprupTVx3eLbiA1yRT8HzaaGo6xfc7dKwWZW7J+jmbKVsbjcxSo/ChsMg
+ZP+cWGh2SLQ04mNkWetOYHMODlSAfrYYRIPkMUyLJCDPgynLeOa0u8xWxpQsmt8x
+6bVhtJhf4NxyZpKYgNfdkYoerqyBOhbUlcfud1qdqRCfp6gq4rBhBktGbGkgaNk0
+bGLu+/uWm3pDPSWRWnhC8gXvEwMtr3kMzAe5f0yQ6L/nsBPGs+A8rGTGDg0wfoxW
+Pn+AX9ywY1DWHBCK02QooIJKfvVnwr8qnhHVrqOOJlP5GMIXpx5eYkSrUtDxGwR8
+JOgUMAJ9GVwvxqi3g8MFPrb76b6ZheofBU5MI8rzGsXN1qWf7Ml0UQc2PcShvyNX
+BW0xuX5dK1UZRKJcDGIWdeFjrnAhXayJCQse0wsXSRt9WUxSNUb/MxhO7BIWrEQf
+Famdx2jz/RlnXinUizdlRL+ws8KknA90JdSlT+j+pvsyTHuzJ+Xzex8R+1AmlT2O
+4ZVzzx2JLOcFu5j08t5U5CKbfitsINakPVATekJdov1bCo803dUExfT2OsTxrqR9
+mx6GJTWYE32tg/v4PASu1986ojVNLi2WjrX8NJzkqlUE+4xIeVWN0HE1SflJsL6x
+YXTHWodpQ9VTd0OliSFvzOjFtV768c1+ySV6QngCOQ==
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIICwzCCAmigAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1zZWxmc2ln
-bmVkLWNhMB4XDTIzMDcyMDExMzcyNloXDTI0MDcxOTExMzcyNlowIDEeMBwGA1UE
-AwwVaWRwc2lnbmVyLnVhdC5hZ292LmNoMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A
-MIIBigKCAYEA28fXdfRLtrzS0F5Hp5zEzPFfpNXKpIrbJaWdqwiuY6VIrzAJW0Wo
-FMuV2IHnU7sO8+B05Z20wq3x5JAbgYlBFnfdub/CYmyykAf0Rxz9irc9qbXBmX0A
-G+JhQLxLcfyqlmFyLsjaxT3nUrytP+604LtzesnC3N7gfGtmSKgclym1s2ZVWkAK
-4VXAZsM5HBnW1feHxSv3UTzvorW7PWkbmy4LU8SDoSraHgB/pBaiJRG8SMTjBHho
-TTdFLPmH/N9dt5N1oJginnY9GvRJD8Qj1lrsTZOtv8ttKhnQkmymly+NCt7+wGIa
-7HQQawqBIvflGG+R1OdQx7Q20/y5EfO4V3zJgq3p+gz9AziGPHEy+2s+i5LME1AI
-D6vLfDN8cnTCdgqZGhAkRMBHtOydJd3dpJ0tgjnrdUpla2PoWp1B/v/Plneb9L5v
-aMNqtuQA852dR14lP7+EeRLe9vJvzm9eBdF0JrDUm1K2Xy66i5gdzOoJngnRpl5J
-nNSweT+A8dn9AgMBAAGjUDBOMAsGA1UdDwQEAwIDqDAdBgNVHSUEFjAUBggrBgEF
-BQcDAQYIKwYBBQUHAwIwIAYDVR0RBBkwF4IVaWRwc2lnbmVyLnVhdC5hZ292LmNo
-MAoGCCqGSM49BAMCA0kAMEYCIQCarOXKlJ0DVxVPGyj3oPMHWCJB+Xyee+j7k1gu
-OC93CQIhAICIzY/yCbST5V502Bt3vRCZMCmzhzXIGTol2PEoby6H
+MIIDlDCCAnwCCQC4xKJxfbSLBzANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMC
+Y2gxEDAOBgNVBAoMB2Fkbm92dW0xDTALBgNVBAsMBGFnb3YxJzAlBgNVBAMMHmph
+a29iLmFnb3YtZC5henVyZS5hZG5vdnVtLm5ldDEyMDAGCSqGSIb3DQEJARYjaW5m
+b0BqYWtvYi5hZ292LWQuYXp1cmUuYWRub3Z1bS5uZXQwHhcNMjMwMzIxMTUyMjI0
+WhcNMjgwMzE5MTUyMjI0WjCBizELMAkGA1UEBhMCY2gxEDAOBgNVBAoMB2Fkbm92
+dW0xDTALBgNVBAsMBGFnb3YxJzAlBgNVBAMMHmpha29iLmFnb3YtZC5henVyZS5h
+ZG5vdnVtLm5ldDEyMDAGCSqGSIb3DQEJARYjaW5mb0BqYWtvYi5hZ292LWQuYXp1
+cmUuYWRub3Z1bS5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB
+8LPO6Nack2z1whTratLxRD9KraO8QGrVTEa0p+23EKJH4WYE0QGzXbX4oFl2maXE
+QDeCBofTnrl8sL3yVxBy56qO8T3VxYtt9akjty6PujO48bgJr2VGjGgtPYPUeOEk
+lzCS616732Bnxc2iqo267G/tGooRIOOqefSyhEGmbI3KGv/zYZn/qxQo/A+5f+6y
+zEoKdmnBF6vnowvffKfdFKI8udd5eKmfyrc5iNYHXoVP/HmqKbkyrBw1U0ysihRJ
+3vyJVDtirQ5chLn0jOZ4UZ5SBck9+784yrVqpNbsWAe3NU+Vfx4wCk/rPWRDa1E2
+fk+gEVvEMUFt4UvU25BdAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIxToc9muu9z
+d4yycZCgZbDtzrq2Un+m/m3TrBNzLV7UBbGt7HW9/kxvdFJTKgNEj+ZD1cY6O6D7
+vrWV0Xb1XPgkaAfypc4Y7IOUTFDR/ib4siP9gPkHvr5WSIip3mFgX9yIV910N/hh
+ImE9/Jtf/q9MopBu8J6zRmL/J8mVewVdcU3xqz27OVMMSht0Du8FcpIrNQwqc1LN
+tCgdj+pw5vl7NH546WlyYNpLEkAeBpJ3XCBDDwcQftC+/cQ7GKJGtOJ4ODdxWMyX
+ThsHJ7MCTiN+MoW5CeioGSmngezh4Gs5SpGAGVvwNvXW2jiGdRDdHmyxDPjCQvYA
+wwZrmgtpYE0=
-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_it.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_it.properties
index 0ac0b70..8753bf3 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_it.properties
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_it.properties
@@ -185,10 +185,10 @@ prompt.newpassword=Nuova Password
prompt.newpassword.confirm=Conferma password
prompt.password=Password
prompt.userid=Nome utente
-pwreset.done.info=Your password was successfully changed. Please click on continue to log in.
+pwreset.done.info=La password è stata modificata con successo. Fare clic su continua per accedere.
pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password.
-pwreset.info.linktext=Password forgotten
-pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one.
+pwreset.info.linktext=Password dimenticata
+pwreset.noticket=Il biglietto per la reimpostazione della password non è più valido. Si prega di generarne uno nuovo.
recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata
recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
@@ -260,7 +260,7 @@ title.logout.confirmation=Logout
title.logout.reminder=Logout
title.oauth.consent=Autorizzazione del client
title.pwchange.label=Cambiare Password
-title.pwreset=Password Forgotten
+title.pwreset=Password Dimenticata
title.saml.failed=Error
title.timeout.page=Logout
user_input.invalid.email=Inserire un'e-mail valida.
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureAccountState.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureAccountState.groovy
index 391afdb..2388610 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureAccountState.groovy
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureAccountState.groovy
@@ -4,6 +4,7 @@ import ch.nevis.idm.client.IdmRestClientFactory
import ch.nevis.idm.client.HTTPRequestWrapper
import groovy.json.JsonSlurper
+import groovy.xml.XmlSlurper
// Accounting
def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown'
@@ -14,112 +15,91 @@ def credentialType = session['authenticatedWith'] ?: 'unknown'
def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+
+
+
+
IdmRestClient idmRestClient = IdmRestClientFactory.get(parameters)
String clientExtId = session.get('ch.adnovum.nevisidm.user.clientExtId')
String userExtId = session.get('ch.adnovum.nevisidm.user.extId')
-String loginId = session.get('ch.adnovum.nevisidm.user.loginId')
-String profileExtId = session.get('ch.adnovum.nevisidm.profileExtId')
+String sessionId = session.get('ch.nevis.session.conversationId')
-String unitExtid= parameters.get('unitExtid')
-String level100RoleExtid = parameters.get('level100.roleExtid')
+String endPoint = "${parameters.get('utility-service.baseUrl')}/api/v1/recovery/code"
-String baseUrl = "${parameters.get('idm.baseUrl')}/core/v1/$clientExtId"
-boolean audited = false
-String agovAq100AuthEndpoint = null
-String endpoint = null
+def userDto = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto'))
+def recoveryCredential = userDto.'**'.find {node -> node.name() == 'credentials' && node.type.text() == 'CONTEXT_PASSWORD' && node.state.text() == 'ACTIVE' && node.context.text() == 'RECOVERY'}
-// 1) create the profile if needed
-if (profileExtId == null || profileExtId.isEmpty()) {
-
- endpoint = "${baseUrl}/users/${userExtId}/profiles"
- profileExtId = UUID.randomUUID().toString()
-
- def postRequest = new HTTPRequestWrapper()
- postRequest.addToHeaders('Content-Type', ['application/json'])
-
- def dto = "{\"extId\":\"${profileExtId}\",\"unitExtId\":\"${unitExtid}\",\"profileState\":\"active\",\"name\":\"Profile-${loginId}\",\"isDefaultProfile\":true,\"modificationComment\":\"Repaired for request ${requestId}\"}"
- postRequest.setPayLoad(dto.getBytes('UTF-8'))
-
- def result = idmRestClient.postWithResponse(endpoint, postRequest)
- if (result.getStatusCode() != 201) {
- LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create the missing profile (http status code ${result.getStatusCode()})'")
-
- response.setNote('saml.errorCode', 'Responder')
- response.setNote('saml.errorMessage', "account of the user with agovId ${userExtId} is in a corrupt state, should contact agov help")
-
- response.setResult('failed')
- return
- } else {
- LOG.warn("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='created missing profile'")
- audited = true
- }
-}
-
-
-// 2) add level 100 role if needed
-if (!Arrays.stream(response.getActualRoles()).filter( r -> r.contains('AGOV-Loi.level100')).findAny().isPresent()) {
- endpoint = "${baseUrl}/profiles/${profileExtId}/authorizations"
- def postRequest = new HTTPRequestWrapper()
- postRequest.addToHeaders('Content-Type', ['application/json'])
-
- def dto = "{\"extId\":\"${UUID.randomUUID().toString()}\",\"roleExtId\":\"${level100RoleExtid}\"}"
- postRequest.setPayLoad(dto.getBytes('UTF-8'))
-
- def result = idmRestClient.postWithResponse(endpoint, postRequest)
- if (result.getStatusCode() != 201) {
- LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create the missing AGOVaq 100 role (http status code ${result.getStatusCode()})'")
-
- response.setNote('saml.errorCode', 'Responder')
- response.setNote('saml.errorMessage', "account of the user with agovId ${userExtId} is in a corrupt state, should contact agov help")
-
- response.setResult('failed')
- return
- } else if (!audited) {
- LOG.warn("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='created missing AGOVaq 100 role'")
- audited = true
- }
- agovAq100AuthEndpoint = result.getLocation()
-}
-
-
-// 3) set the AQ level 100 verification to None
-if (!session['ch.adnovum.nevisidm.userDto'].contains("idVerificationNoneAGOV-Loi,level100")) {
-
- if (agovAq100AuthEndpoint == null) {
- endpoint = "${baseUrl}/profiles/${profileExtId}/authorizations"
-
- def result = idmRestClient.get(endpoint)
- def json = new JsonSlurper().parseText(result)
-
- json['items'].eachWithIndex { az, i ->
- if (az.roleExtId == level100RoleExtid) {
- agovAq100AuthEndpoint = "${endpoint}/${az.extId}"
- }
- }
- }
-
- endpoint = "${agovAq100AuthEndpoint}/properties"
-
- def patchRequest = new HTTPRequestWrapper()
- patchRequest.addToHeaders('Content-Type', ['application/json'])
-
- patchRequest.setPayLoad('{"idVerification":"None"}'.getBytes('UTF-8'))
-
- def result = idmRestClient.patchWithResponse(endpoint, patchRequest)
-
- if (result.getStatusCode() != 200) {
- LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to patch the AGOVaq 100 role (http status code ${result.getStatusCode()})'")
-
- } else if (!audited) {
- LOG.warn("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='patched AGOVaq 100 role with idVerification'")
- audited = true
- }
-}
-
-
-if (audited) {
- response.setResult('reload')
-} else {
+// 1a) check if user has a credential
+if ( recoveryCredential != null ) {
+ LOG.debug("Account '${user}' has an active recovery code, no need to create new code")
response.setResult('done')
-}
\ No newline at end of file
+ return
+}
+
+// 1b) check if a recovery is ongoing (nothing to do)
+if (Arrays.stream(response.getActualRoles()).filter( r -> r.contains('AGOV-AccountStatus.recovery')).findAny().isPresent()) {
+ LOG.debug("Account '${user}' is in recovery, no need to create new code")
+ response.setResult('done')
+ return
+}
+
+
+// 2) set cookie for recoveryCode
+if (outargs.containsKey('out.JWTToken')) {
+ def token = outargs.getProperty('out.JWTToken').bytes.encodeBase64().toString()
+ def agovRecoveryCodeCookie = "agovRecoveryCode=${token }; Domain=${parameters.get('cookie.domain')}; Path=/; SameSite=Strict; Secure; HttpOnly"
+ response.setHeader('Set-Cookie', agovRecoveryCodeCookie)
+ outargs.remove('out.JWTToken')
+}
+
+// 3) generate code if not yet done
+if (!session['agov.new.recovery.code.generated']) {
+ inargs.remove('submit')
+ try {
+ def postRequest = new HTTPRequestWrapper()
+ postRequest.addToHeaders('Content-Type', ['application/json'])
+
+ postRequest.setPayLoad("{\"userExtId\":\"$userExtId\",\"userSessionId\": \"$sessionId\"}".getBytes('UTF-8'))
+
+ def result = idmRestClient.postWithResponse(endPoint, postRequest)
+ if (result.getStatusCode() != 200) {
+ LOG.debug("Payload: ${new String(postRequest.getPayLoad())}")
+ LOG.debug("Result: ${result}")
+ LOG.warn("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create code (http status code ${result.getStatusCode()})")
+ response.setResult('failed')
+ return
+ }
+
+ def json = new JsonSlurper().parseText(new String(result.getPayLoad(), 'UTF-8'))
+
+ notes.setProperty('agov.new.recovery.code', json['recoveryCode']['code'].replaceAll('^(....)(....)(.*)$', '$1-$2-$3'))
+ LOG.debug("agov.new.recovery.code: ${notes['agov.new.recovery.code']}")
+
+ response.setSessionAttribute('agov.new.recovery.code.generated', 'true')
+ def validTil = "${json['recoveryCode']['validUntil'][2]}.${json['recoveryCode']['validUntil'][1]}.${json['recoveryCode']['validUntil'][0]}"
+ response.setSessionAttribute('agov.new.recovery.code.validTil', validTil)
+ response.setSessionAttribute('agov.new.recovery.code.pdfAuthToken', json['authToken'])
+
+ LOG.info("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
+
+ } catch(Exception e) {
+ LOG.warn("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create code (http status code ${e.getMessage()})")
+ LOG.error("Recoverycode processing failed: $e")
+ response.setResult('failed')
+ return
+ }
+
+ response.setResult('encryptCode')
+ return
+}
+
+if (inargs['submit']) {
+ def agovRecoveryCodeCookie = "agovRecoveryCode=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly"
+ response.setHeader('Set-Cookie', agovRecoveryCodeCookie)
+ response.setResult('done')
+ return
+}
+
+// show the GUI
+response.setStatus(AuthResponse.AUTH_CONTINUE)
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf
index c77ba59..000317d 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf
@@ -1,8 +1,8 @@
RTENV_SECURITY_CHECK=no_shell
JAVA_OPTS=(
- "-Dfile.encoding=UTF-8"
"-XX:+UseContainerSupport"
+ "-Dfile.encoding=UTF-8"
"-XX:MaxRAMPercentage=80.0"
"-Djava.net.preferIPv4Stack=true"
"-Djava.net.connectionTimeout=10000"
@@ -12,7 +12,7 @@ JAVA_OPTS=(
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
- "-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME"
+ "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
"-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-default-tls-trust/truststore.p12"
"-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-default-tls-trust/keypass}"
)
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/otel.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/otel.properties
index db61b17..87fd6ba 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/otel.properties
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/otel.properties
@@ -1,4 +1,4 @@
-otel.service.name=auth
-otel.traces.exporter=none
-otel.metrics.exporter=none
-otel.logs.exporter=none
+otel.service.name = auth
+otel.traces.exporter = none
+otel.metrics.exporter = none
+otel.logs.exporter = none
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml
index 0346408..656fc26 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml
@@ -11,7 +11,7 @@ metadata:
spec:
type: "NevisFIDO"
replicas: 1
- version: "7.2402.1"
+ version: "8.2405.1"
gitInitVersion: "1.3.0"
runAsNonRoot: true
ports:
@@ -28,20 +28,25 @@ spec:
management:
httpGet:
path: "/nevisfido/liveness"
- initialDelaySeconds: 40
- periodSeconds: 30
+ periodSeconds: 5
timeoutSeconds: 6
readinessProbe:
management:
httpGet:
path: "/nevisfido/health"
- initialDelaySeconds: 40
- periodSeconds: 30
+ periodSeconds: 5
timeoutSeconds: 6
+ startupProbe:
+ management:
+ httpGet:
+ path: "/nevisfido/health"
+ periodSeconds: 5
+ timeoutSeconds: 6
+ failureThreshold: 50
podDisruptionBudget:
maxUnavailable: "50%"
git:
- tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486"
+ tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf"
credentials: "git-credentials"
keystores:
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf
index 6986fb2..573b4f2 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf
@@ -2,10 +2,10 @@ RUN_ARGS="--config conf/nevisfido.yml --log-config conf/logging.yml"
JAVA_OPTS=(
"-XX:+UseContainerSupport"
- "-XX:MaxRAMPercentage=80.0"
"-Dignore.me"
+ "-XX:MaxRAMPercentage=80.0"
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
- "-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME"
+ "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
)
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json
index eedb085..7a83c28 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json
@@ -91,6 +91,29 @@
"tcDisplay" : 1,
"tcDisplayContentType" : "text/plain"
},
+ {
+ "aaid" : "F1D0#0005",
+ "description" : "Android NEVIS Mobile Authentication Password Authenticator",
+ "assertionScheme" : "UAFV1TLV",
+ "attestationRootCertificates" : [],
+ "attestationTypes" : [ 15880 ],
+ "upv" : [ {
+ "major" : 1,
+ "minor" : 1
+ } ],
+ "userVerificationDetails" : [ [ {
+ "userVerification" : 4
+ } ] ],
+ "attachmentHint" : 1,
+ "authenticationAlgorithm" : 9,
+ "authenticatorVersion" : 1,
+ "isSecondFactorOnly" : false,
+ "keyProtection" : 1,
+ "matcherProtection" : 1,
+ "publicKeyAlgAndEncoding" : 256,
+ "tcDisplay" : 1,
+ "tcDisplayContentType" : "text/plain"
+ },
{
"aaid" : "F1D0#1001",
"description" : "iOS NEVIS Mobile Authentication PIN Authenticator",
@@ -182,5 +205,27 @@
"publicKeyAlgAndEncoding" : 257,
"tcDisplay" : 1,
"tcDisplayContentType" : "text/plain"
- }
-]
\ No newline at end of file
+ },
+ {
+ "aaid" : "F1D0#1005",
+ "description" : "iOS NEVIS Mobile Authentication Password Authenticator",
+ "assertionScheme" : "UAFV1TLV",
+ "attestationRootCertificates" : [],
+ "attestationTypes" : [ 15880 ],
+ "upv" : [ {
+ "major" : 1,
+ "minor" : 1
+ } ],
+ "userVerificationDetails" : [ [ {
+ "userVerification" : 4
+ } ] ],
+ "attachmentHint" : 1,
+ "authenticationAlgorithm" : 2,
+ "authenticatorVersion" : 1,
+ "isSecondFactorOnly" : false,
+ "keyProtection" : 1,
+ "matcherProtection" : 1,
+ "publicKeyAlgAndEncoding" : 257,
+ "tcDisplay" : 1,
+ "tcDisplayContentType" : "text/plain"
+ }]
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/otel.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/otel.properties
index 3fd0432..b7036e4 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/otel.properties
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/otel.properties
@@ -1,4 +1,4 @@
-otel.service.name=fido-uaf
-otel.traces.exporter=none
-otel.metrics.exporter=none
-otel.logs.exporter=none
+otel.service.name = fido-uaf
+otel.traces.exporter = none
+otel.metrics.exporter = none
+otel.logs.exporter = none
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml
index 0164e1c..ec459b7 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml
@@ -11,7 +11,7 @@ metadata:
spec:
type: "NevisFIDO"
replicas: 1
- version: "7.2402.1"
+ version: "8.2405.1"
gitInitVersion: "1.3.0"
runAsNonRoot: true
ports:
@@ -28,20 +28,25 @@ spec:
management:
httpGet:
path: "/nevisfido/liveness"
- initialDelaySeconds: 40
- periodSeconds: 30
+ periodSeconds: 5
timeoutSeconds: 6
readinessProbe:
management:
httpGet:
path: "/nevisfido/health"
- initialDelaySeconds: 40
- periodSeconds: 30
+ periodSeconds: 5
timeoutSeconds: 6
+ startupProbe:
+ management:
+ httpGet:
+ path: "/nevisfido/health"
+ periodSeconds: 5
+ timeoutSeconds: 6
+ failureThreshold: 50
podDisruptionBudget:
maxUnavailable: "50%"
git:
- tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486"
+ tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2"
credentials: "git-credentials"
keystores:
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf
index 38a74f2..2ec24e8 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf
@@ -6,5 +6,5 @@ JAVA_OPTS=(
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
- "-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME"
+ "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
)
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/otel.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/otel.properties
index 4c09cf3..dad8976 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/otel.properties
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/otel.properties
@@ -1,4 +1,4 @@
-otel.service.name=fido2
-otel.traces.exporter=none
-otel.metrics.exporter=none
-otel.logs.exporter=none
+otel.service.name = fido2
+otel.traces.exporter = none
+otel.metrics.exporter = none
+otel.logs.exporter = none
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml
index 80ee006..3cd5b9e 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml
@@ -11,7 +11,7 @@ metadata:
spec:
type: "NevisIDM"
replicas: 1
- version: "7.2402.2"
+ version: "8.2405.1"
gitInitVersion: "1.3.0"
runAsNonRoot: true
ports:
@@ -28,20 +28,25 @@ spec:
management:
httpGet:
path: "/liveness"
- initialDelaySeconds: 40
periodSeconds: 30
timeoutSeconds: 6
readinessProbe:
management:
httpGet:
path: "/health"
- initialDelaySeconds: 40
periodSeconds: 30
timeoutSeconds: 6
+ startupProbe:
+ management:
+ httpGet:
+ path: "/health"
+ periodSeconds: 30
+ timeoutSeconds: 6
+ failureThreshold: 10
podDisruptionBudget:
maxUnavailable: "50%"
git:
- tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486"
+ tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm"
credentials: "git-credentials"
keystores:
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/env.conf
index b4f49aa..13dfb9b 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/env.conf
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/env.conf
@@ -1 +1,8 @@
-JAVA_OPTS="-XX:+UseContainerSupport -XX:MaxRAMPercentage=80.0 -javaagent:/opt/agent/opentelemetry-javaagent.jar -Dotel.javaagent.logging=application -Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties -Dotel.resource.attributes=service.version=7.2402.2,service.instance.id=$HOSTNAME"
\ No newline at end of file
+JAVA_OPTS=(
+ "-XX:+UseContainerSupport"
+ "-XX:MaxRAMPercentage=80.0"
+ "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
+ "-Dotel.javaagent.logging=application"
+ "-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
+ "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
+)
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/nevisidm-prod.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/nevisidm-prod.properties
index 348948d..9efba64 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/nevisidm-prod.properties
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/nevisidm-prod.properties
@@ -89,6 +89,8 @@ server.host=0.0.0.0
# source: pattern://b8a36646f81c3247cdb5d90b
server.tls.enabled=true
# source: pattern://b8a36646f81c3247cdb5d90b
+server.tls.client-auth=requested
+# source: pattern://b8a36646f81c3247cdb5d90b
server.tls.keystore=/var/opt/keys/own/idm-default-identity/keystore.p12
# source: pattern://b8a36646f81c3247cdb5d90b
server.tls.keystore-passphrase=${exec:/var/opt/keys/own/idm-default-identity/keypass}
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/otel.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/otel.properties
index 73cea86..ae663a6 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/otel.properties
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/otel.properties
@@ -1,4 +1,4 @@
-otel.service.name=idm
-otel.traces.exporter=none
-otel.metrics.exporter=none
-otel.logs.exporter=none
+otel.service.name = idm
+otel.traces.exporter = none
+otel.metrics.exporter = none
+otel.logs.exporter = none
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml
index e2e8306..c926517 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml
@@ -11,7 +11,7 @@ metadata:
spec:
type: "NevisLogrend"
replicas: 1
- version: "7.2402.0"
+ version: "8.2405.0"
gitInitVersion: "1.3.0"
runAsNonRoot: true
ports:
@@ -28,19 +28,23 @@ spec:
management:
httpGet:
path: "/nevislogrend/liveness"
- initialDelaySeconds: 40
- periodSeconds: 30
+ periodSeconds: 5
timeoutSeconds: 6
readinessProbe:
server:
tcpSocket: true
- initialDelaySeconds: 40
- periodSeconds: 20
+ periodSeconds: 5
timeoutSeconds: 4
+ startupProbe:
+ server:
+ tcpSocket: true
+ periodSeconds: 5
+ timeoutSeconds: 4
+ failureThreshold: 50
podDisruptionBudget:
maxUnavailable: "50%"
git:
- tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486"
+ tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend"
credentials: "git-credentials"
podSecurity:
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/env.conf
index bca2aec..1e7049e 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/env.conf
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/env.conf
@@ -4,11 +4,11 @@ RTENV_SECURITY_CHECK=no_shell
LOGREND_DEPLOY_TYPE=standalone
JAVA_OPTS=(
- "-Dfile.encoding=UTF-8"
"-XX:+UseContainerSupport"
+ "-Dfile.encoding=UTF-8"
"-XX:MaxRAMPercentage=80.0"
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevislogrend/default/conf/otel.properties"
- "-Dotel.resource.attributes=service.version=7.2402.0,service.instance.id=$HOSTNAME"
+ "-Dotel.resource.attributes=service.version=8.2405.0,service.instance.id=$HOSTNAME"
)
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/otel.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/otel.properties
index 010a13d..38c0aa7 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/otel.properties
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/otel.properties
@@ -1,4 +1,4 @@
-otel.service.name=logrend
-otel.traces.exporter=none
-otel.metrics.exporter=none
-otel.logs.exporter=none
+otel.service.name = logrend
+otel.traces.exporter = none
+otel.metrics.exporter = none
+otel.logs.exporter = none
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_it.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_it.properties
index 3535726..8ab2dd7 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_it.properties
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_it.properties
@@ -135,10 +135,10 @@ prompt.newpassword=Nuova Password
prompt.newpassword.confirm=Conferma password
prompt.password=Password
prompt.userid=Nome utente
-pwreset.done.info=Your password was successfully changed. Please click on continue to log in.
+pwreset.done.info=La password è stata modificata con successo. Fare clic su continua per accedere.
pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password.
-pwreset.info.linktext=Password forgotten
-pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one.
+pwreset.info.linktext=Password dimenticata
+pwreset.noticket=Il biglietto per la reimpostazione della password non è più valido. Si prega di generarne uno nuovo.
recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata
recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
@@ -204,7 +204,7 @@ recovery_start_info.title=Il processo di ripristino sta per iniziare.
title=NEVIS SSO Portal
title.login=Login
title.pwchange.label=Cambiare Password
-title.pwreset=Password Forgotten
+title.pwreset=Password Dimenticata
user_input.invalid.email=Inserire un'e-mail valida.
user_input.invalid.email.required=Campo obbligatorio
user_input.invalid.email.tooLong=Il testo inserito è troppo lungo.
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_it.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_it.properties
index 3535726..8ab2dd7 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_it.properties
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_it.properties
@@ -135,10 +135,10 @@ prompt.newpassword=Nuova Password
prompt.newpassword.confirm=Conferma password
prompt.password=Password
prompt.userid=Nome utente
-pwreset.done.info=Your password was successfully changed. Please click on continue to log in.
+pwreset.done.info=La password è stata modificata con successo. Fare clic su continua per accedere.
pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password.
-pwreset.info.linktext=Password forgotten
-pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one.
+pwreset.info.linktext=Password dimenticata
+pwreset.noticket=Il biglietto per la reimpostazione della password non è più valido. Si prega di generarne uno nuovo.
recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata
recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
@@ -204,7 +204,7 @@ recovery_start_info.title=Il processo di ripristino sta per iniziare.
title=NEVIS SSO Portal
title.login=Login
title.pwchange.label=Cambiare Password
-title.pwreset=Password Forgotten
+title.pwreset=Password Dimenticata
user_input.invalid.email=Inserire un'e-mail valida.
user_input.invalid.email.required=Campo obbligatorio
user_input.invalid.email.tooLong=Il testo inserito è troppo lungo.
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_it.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_it.properties
index 3535726..8ab2dd7 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_it.properties
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_it.properties
@@ -135,10 +135,10 @@ prompt.newpassword=Nuova Password
prompt.newpassword.confirm=Conferma password
prompt.password=Password
prompt.userid=Nome utente
-pwreset.done.info=Your password was successfully changed. Please click on continue to log in.
+pwreset.done.info=La password è stata modificata con successo. Fare clic su continua per accedere.
pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password.
-pwreset.info.linktext=Password forgotten
-pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one.
+pwreset.info.linktext=Password dimenticata
+pwreset.noticket=Il biglietto per la reimpostazione della password non è più valido. Si prega di generarne uno nuovo.
recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata
recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
@@ -204,7 +204,7 @@ recovery_start_info.title=Il processo di ripristino sta per iniziare.
title=NEVIS SSO Portal
title.login=Login
title.pwchange.label=Cambiare Password
-title.pwreset=Password Forgotten
+title.pwreset=Password Dimenticata
user_input.invalid.email=Inserire un'e-mail valida.
user_input.invalid.email.required=Campo obbligatorio
user_input.invalid.email.tooLong=Il testo inserito è troppo lungo.
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_it.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_it.properties
index 3535726..8ab2dd7 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_it.properties
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_it.properties
@@ -135,10 +135,10 @@ prompt.newpassword=Nuova Password
prompt.newpassword.confirm=Conferma password
prompt.password=Password
prompt.userid=Nome utente
-pwreset.done.info=Your password was successfully changed. Please click on continue to log in.
+pwreset.done.info=La password è stata modificata con successo. Fare clic su continua per accedere.
pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password.
-pwreset.info.linktext=Password forgotten
-pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one.
+pwreset.info.linktext=Password dimenticata
+pwreset.noticket=Il biglietto per la reimpostazione della password non è più valido. Si prega di generarne uno nuovo.
recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata
recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
@@ -204,7 +204,7 @@ recovery_start_info.title=Il processo di ripristino sta per iniziare.
title=NEVIS SSO Portal
title.login=Login
title.pwchange.label=Cambiare Password
-title.pwreset=Password Forgotten
+title.pwreset=Password Dimenticata
user_input.invalid.email=Inserire un'e-mail valida.
user_input.invalid.email.required=Campo obbligatorio
user_input.invalid.email.tooLong=Il testo inserito è troppo lungo.
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml
index 0964206..04beca8 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml
@@ -11,7 +11,7 @@ metadata:
spec:
type: "NevisProxy"
replicas: 1
- version: "7.2402.1"
+ version: "8.2405.0"
gitInitVersion: "1.3.0"
runAsNonRoot: true
ports:
@@ -28,20 +28,25 @@ spec:
management:
httpGet:
path: "/liveness"
- initialDelaySeconds: 40
- periodSeconds: 30
+ periodSeconds: 5
timeoutSeconds: 6
readinessProbe:
management:
httpGet:
path: "/readiness"
- initialDelaySeconds: 40
- periodSeconds: 30
+ periodSeconds: 5
timeoutSeconds: 6
+ startupProbe:
+ management:
+ httpGet:
+ path: "/readiness"
+ periodSeconds: 5
+ timeoutSeconds: 6
+ failureThreshold: 50
podDisruptionBudget:
maxUnavailable: "50%"
git:
- tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486"
+ tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp"
credentials: "git-credentials"
keystores:
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/navajo.xml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/navajo.xml
index 5247c3a..a7cd351 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/navajo.xml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/navajo.xml
@@ -8,7 +8,7 @@
-
+
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml
index 47331e0..f047523 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml
@@ -652,8 +652,8 @@
- StateKey
- Auth_Realm_Mobile_FIDO_UAF
+ StoreInterceptedRequest
+ false
@@ -692,8 +692,8 @@
- StateKey
- NotUsed_Auth_Realm
+ StoreInterceptedRequest
+ false