DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisAuth"
   replicas: 1
-  version: "8.2411.3"
+  version: "8.2405.2"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -45,7 +45,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
+    tag: "r-6c62b8946330d7c4f2ed7d6bb4e18322c0a85ad9"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf

@@ -3,7 +3,6 @@ RTENV_SECURITY_CHECK=no_shell
 JAVA_OPTS=(
     "-XX:+UseContainerSupport"
     "-Dfile.encoding=UTF-8"
-    "-Dotel.instrumentation.metro.enabled=false"
     "-XX:MaxRAMPercentage=80.0"
     "-Djava.net.preferIPv4Stack=true"
     "-Djava.net.connectionTimeout=10000"
@@ -13,7 +12,7 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
     "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-sts-default-tls-trust/truststore.p12"
     "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-sts-default-tls-trust/keypass}"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/logging.yml

@@ -12,8 +12,6 @@ Configuration:
         onMismatch: "ACCEPT"
   Loggers:
     Logger:
-    - name: "ProductAnalytics"
-      level: "INFO"
     - name: "EsAuthStart"
       level: "INFO"
     - name: "org.apache.catalina.loader.WebappClassLoader"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/nevisauth.yml

@@ -3,7 +3,6 @@ server:
   protocol: "https"
   port: "8991"
   host: "0.0.0.0"
-  max-threads: "200"
   tls:
     keystore: "/var/opt/keys/own/auth-sts-default-identity/keystore.p12"
     keystore-passphrase: "${exec:/var/opt/keys/own/auth-sts-default-identity/keypass}"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-default-default-signer-trust-7022472ae407577ae604bbb8.yaml

@@ -1,7 +1,7 @@
 apiVersion: "operator.nevis-security.ch/v1"
 kind: "NevisTrustStore"
 metadata:
-  name: "auth-internal-idp-auth-signer-trust"
+  name: "auth-default-default-signer-trust"
   namespace: "adn-agov-nevisidm-01-uat"
   labels:
     deploymentTarget: "auth"
@@ -10,7 +10,5 @@ metadata:
     patternId: "7022472ae407577ae604bbb8"
 spec:
   keystores:
-  - name: "auth-sts-sh4r3d-internal-idp-auth-signer"
-    namespace: "adn-agov-nevisidm-01-uat"
   - name: "auth-sh4r3d-internal-idp-auth-signer"
     namespace: "adn-agov-nevisidm-01-uat"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-technical-trust-store-7022472ae407577ae604bbb8.yaml

@@ -12,8 +12,6 @@ spec:
   keystores:
   - name: "proxy-idp-notused-auth-realm-identity"
     namespace: "adn-agov-nevisidm-01-uat"
-  - name: "proxy-idp-auth-realm-main-idp-identity"
-    namespace: "adn-agov-nevisidm-01-uat"
   - name: "proxy-idp-auth-realm-mobile-fido-uaf-identity"
     namespace: "adn-agov-nevisidm-01-uat"
   - name: "proxy-idp-auth-realm-recovery-identity"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisAuth"
   replicas: 1
-  version: "8.2411.3"
+  version: "8.2405.2"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -45,7 +45,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
+    tag: "r-1e222408a8882dd7dd5d101b8071bf618c32760c"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
     credentials: "git-credentials"
   keystores:
@@ -55,7 +55,7 @@ spec:
   truststores:
   - "auth-default-tls-trust"
   - "auth-auth-realm-mobile-fido-uaf-tls-trust-nevisfido"
-  - "auth-internal-idp-auth-signer-trust"
+  - "auth-default-default-signer-trust"
   - "auth-technical-trust-store"
   podSecurity:
     policy: "baseline"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/key.pem

@@ -1,54 +1,54 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQU95KG57RacAYBmkeQ
-DIe1bZS0sbkCAggAMB0GCWCGSAFlAwQBKgQQyxdAya9Sd4oHLO1pzVWcYASCCVDT
-ozdXT3vjyqMzza4QKaMD4ywSAzGhQRM/TnxU5JbRLNMpdtq76Mfet2pv++UUjcof
-16EsdOOpDQdxdzQWmwGUNwjkX5YyWTaAefV8l9n6Bp8LV0XabS9We3g5Jr1KjuzP
-O/xJgB2o6BcD/WRPeOaANSGoyWce4rCkpDwqxrp+tY9EK19SoCZG9Zy2hnPPH2Hc
-QgtgCAzqaXIp49KIXHn/Uo532lIz3WqkkhzVakwgAKLKIvc/SwgP0eSXLvPjeJYS
-L8DngPP0YD7IPgIs7WmMNNE7or69e7mO0miUOl7xStNHzHpLmtLNbYI7Pk6NLT7N
-kWfh2+E21R7llsW57boMACXVr7N3CHOlZQhUNViyjPayo1njVnp6gGzuIxluhHJY
-CL070oqBeEYVfvE07HQ4Qd0BL5c02pdrKjdzBYyLwzSNKn2RzgS2R/XtEqdmOUo+
-iuRngv9D1UPSI2xlFhv84778ktEeSf8l1nLltqhPJAmJUjSAcu/zjN4Q+HXqMRaF
-IocDV4I7CaXDc2E0YdU8uHuzzUHLflJ2OZwU5N7tkoVOtAYHKUwCP4J/zpLSe2V2
-MIh40IVJK4gzb+iyBiOnsnKKQCKMPbS4lH8zC2S486MgjgbhlZeFg0nOF955c61l
-Sb4MBrexU4s1TUg/fDpYt6jPZoKivN72jzi60kV43gBFHmP3X4SRAUQ4Y3h5NFF8
-h2p4wvYRsYEexjJU/+WJG4Yi1wSi3oEqD161a6vPOsKBLBdLRo1vgnQdGFx/k83X
-vjPlI2eEUMPCntNBbrTy8eUSJz/0OH2phztZpHuh5cfy4ErUi19d9ywZUlhurGvX
-dC7ouTEqRZLkkSCfGTQM0q0O4JQJTLb5N4gWdZxQd2UwGv3jCK7m5eWx3bTdhhXi
-179DoSpYBCJF3msn0ROO6PxsccH0w/I6KMi3QNmsDlXhDr6XIBya8CU0lx9lp0pl
-5q62D26Ylr2fovd3qKKbwP6RaZarCzKLO6dWdyMqtUwVlX2FDCFd/SPGWc2TmuVS
-vLb981Zm13AfYtNUSfusroDp3TEuvl7cwozg7p33SQhuCmgKnxMd0iXd5QQZjrR0
-t+y22dHrD1agkkoFMLz/+d+930J0sY4odG/HbL2Bv8ZelVUjA8XSFoGBEA+rfQCg
-DGmLh5a+/yfzxCEKWVLqmwHWbSkub8bXdl6EKEyaO9qo1KCLAf3tArQx45sqw8bK
-8AYq2mrNIiMDhHub+XEEC0Aw2lZkJOrwwMEsTcZWfBvj56MdRNXuZMvPdarTbnDx
-zzxatqIwfvpOy/S2Poyrc6GuprbZCM6N+cDLdWQqAHVwAlx77NhiJ6s3vUnE3vB7
-aHgmXU+a8uPA64tKKaRNQJ31f7viCkWJXEbbEhVTzCvFcoqbKPPMm9w7nO8PMUTu
-BmwSFEKhd3BDKZavqTHKi66fF3A5ALFYAkMw/AlvinMitb9s+7WlWQrdvSFkqHsY
-wNQ1ankleYd24/8ZllvsQpleLMepDSxP6zUMpXSHbTKp5MZeoCaaY1RCkg7aOduz
-brnD7lRAfLp0H72nxVgC7n6VjidOSruF7k9WIN9VVbP0ZVL/QtkKRWd/hEmtMNaH
-ELg2ekdm3zvdBuvtr0jNiCxbhTr3j5OWQkT/BjZxHpZfA14XEROJC2Slo3PxUwBH
-0lE0cICWTeaeYcCX8ofawN+t1Qa6UD0sLl2670Kc7pozkJM4ul19rGA2KsHX89gE
-CaB1CkhFCqZhPbqX9yonv9XZtLb8Of8rBNVd/2QKN4/tOXcMYshzakSfSSIsyxxt
-QgMPRfz0nJTtP7v8ZbwIO+ayGoUeH7aYKhQ6Ku3qW9XuYiy+oMTIOToCSddnEI5t
-JNuPkT9kzA9stkRbFV5kBvrv5LWprWDXdA/wyAWG7txncWj6UzGlP8C3KhtMHLHv
-CiOXrE8UJdNNeT52dYI9slg+tzcCfz3sqMr9zXratvT6JMzrQZqCSis8vIx18TIK
-N5yDWHDFUOeNpo7aRqd5goW3qProwfZDjBXiqE4J+AJ5wc73PuftHt2l00zvLDWs
-SFIRvXbavNBA7GxpVtN8Qxmk6Lm0u0pBiastndowgAI5OIQVuwoA21vXyC5n9pMd
-bPJsmiPyme62OkCWmAjBNDLNVViwKMH8BxmLKJxX+6ysNsn0YY1+9YfI/zC3j4jM
-OYsK1c0NvFIv5aUxRQZLTJJt9C299jGNvdAJsfdp4LHejzZUjnx3nguz/l6RI1Vb
-vjQ1qDRPhkgErGXSHsCoCt+z5Y6mq17JWEX/FiXBWQbfSGoG/ZvoOqiBybCQ3HNl
-o9QM1sNQ5fUZDh0TgwkJB91rZXPwi828RklMW8VZszZir5gziTnndhw0ADLCZZ6z
-nA0vZAI7sjoEeIgiJq3egrsSLq2ZQRQsh5QF+Xo2QktleGvPrtMv//ZyGz4l59yc
-wX/7DtABurFhVs3KdYohcqXk2v5jJCMs+j9YDn6540QR6yXcbifp9ySqhm/PeH91
-UuL16YKxoV6QBZIGE0vjdUitGKNsS+H4ibD/0ZHYG+VcyL90eIrBq61CjfIO79O0
-L9+G4gKB91stXwtpqZWXTrlzrnjloZOPhqyQN/bs/liWQ6qy0a6Cd6nbWc141An1
-zEiOihbwLJ4ziCut+bq5lwyw6z/wWEhaVNnYspEEBr2URLMHbnBceS6zXoePT0ur
-9mQQLitmtlANlJ93vBDPhCaEjkK1v5J7MmIHQzyLSQGuLdXwz50piJukWru3aNax
-skloghJYeTMILEcGAszvyVtcvPqkrJnZXx4Qp7Luj5HK9THr78v3T4nWzirfqxPZ
-x70xRyhsC2lLcIrJ+3jkXj44edIqdh3Wvi30L2x2iUFyZ0ojQJQDo/+5b+p9k36L
-Dk8ktpeIa/BE3NsfcFaWn9bvRkQ6UAQcNn1zmkavfw5TLI4C1PnD/WUpPHZdhzNV
-K87CsUawxjEg0uCCaViShF6bD9mOWQxE3SM9yNizjTmotF6KrgkT16y/qZ17KGQM
-hJ5PraGu9jvg+L/MrQpr91eyJaeh9JFl9dM/SPM0mXo5q813bdMmqD4cc3YWCLee
-dHtmaKJ08KD1cJqHBz0DRLVV+zH00BMoYt5HZ5DmHFU1zhDekWZLhilbyWt8+z1E
-bzsoEAfZvyfvF7fJuxQ/HhYdR6TX5H+aNzZZivVc6g==
+MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUbPUZn/3VpMbderej
+CK2+IC16nwwCAggAMB0GCWCGSAFlAwQBKgQQvPO51vuHnkHznERAJ+mJngSCCVDI
+JlL/aK5MTWYntg5qFJ2L3w4GNTaKeVXrCE1Q/UrXo4/OnNVQdHnyWiuzOt0FoGow
+H22nWxbehwlykBPhPNw4719QOiMWQJqggR/61IUh8xOBrchqjQ2irIDjiXnTgD1N
+ADmtLHZC6duXncdFOtpeooHKMW61P6+KGBck0n8jM96+DuIKZKF2VO0hEzrUCF3d
+4ODXNX8EEc4l1UdGUU0l7r/SvxoDyprGnFW1Di+PZCRWwUkHbDrqOWEzs5UIzTRM
+2Tyt5osJB7v+0XB3f2PeBEHkQQhd9mvPIiSO5EwQF4JNQx7LMcnV1eFYXGF30pVb
+g9nG3UFbI68uH+uuuEU66yug/h/0RzMSBp8Le6eIck5/jaXBPzDstrc3VW5f1f+n
+I3LsVplUE5znK5okwcGNKr84Ppf6QJ0Hjmbx927j8/n5yMYAn8xa1X5XNeC0dmy8
+Fjbsz1YpiTx9uQ33thXWbpQXno3fJzXvTVJ258GciPwcwqUTiudkMz3eD/tk/Ehd
+SM2oxCKIFDjEUnTSJ89uj+vz9OlTAdaUr0uEfpM6vwq+610UviVRPrNpI2v/qiqJ
+SCeCsce4cN4eIjdpgPIt89H/ISDaOlpeCNQ8yLkkM4P89zXjir7Mt7jt3Uh58xoO
+rOHwQW8xUp+92BvES17PS072ywPS2jO/+hVQv6lf1LPHOmIlEWUln8no6KUBupMM
+ukaW+AmBxxYA1nycC+7IyXDUGiX8MU8GhT45xBpj6t5gKr5QwvJpGcH5oJ0qqq+s
+5B4bmIkaDUgbyAcnishANkHt8/wPvKLbefgRPkpRzaPFQqXu18nRr5GTa+dWfS1y
+GJOVtKcGEyMCHTWfvT9NQZryP3uSsVvl4unEcScWqUL12rDfe31EuTr8JD79I7US
+ssJoDtOKSsP/fFcUatUDcfsb+hkBGN19CdDb4LvPY23FhUc1ApYbWmU5HlY16uQx
+zjoVVZ3lCckJHojPlXpgv0y/CC6tOyEwKxC2u2voPunbR/D7rJ+5AIWDDc3pzzPZ
+KH1jfJPL8KbM8lBc+hpyLBtSnQpj/osN/jLY7El3ciFcux/NFSffeWKn/QuYYC8p
+LtJzWZiURZ6SWFZ4llPKbDeXsKhSOuroMt0aRUfQu2zHw++Ss94X+wJ3Tg64uP/9
+Bw9B5LFdTogChz7ObmGr9OnyJuQaj9/riWP6kowjXSQhku30RMpf6MQnxg8KLhI/
+99y4rGp+OLcxZcKbmENWIl9QcEVbyPfBq2yGSk/drT3xUJghCcPjObKToutHRs9r
+cN0IE6kzRiruRdm2bejgni+v5BhioiZRiSwr5om57G1N4e8BseTxY+zQrU2WwdJp
+ll1zqk5t2J+83uU/EQBmIkXpP+xqrod/uOUm84d5nYRXuO94DLUDwqU0KI7QKoHK
+W6XSU5TDzmynPrycl1IGW1l6ddb92h4FPYyYsppb+G78v2WfVFSsze2aBIDbDZUh
+QEaElJuNIOA+bOSctpTr0i70HXhGzVMXStXJMAIFgR9wKppxW+0IXdjYzhKVE8gx
+uXiJfwJx5pSDBWFDZqLM8uTH3hGOuvRX06iSHIFCsxjds7VWXBh91iGw9Xef9D50
+DVaIhF12dTRsrdi5AqYYkTb4AEzpUQXg7HPi678F6UnsOzCVYZqMWZaF3Ec1UHxu
+PZ9A27DvK1MsUm4QZ+7XrzWrRdkmRFXqhtfxCxHRpF+YlRPTyWSVmx0fEkGjLiAd
+uHU0D14lcqNvmusWOWXVYePOS44R3DrQFULgzfsly09bKFqRZdKGQavVjUbokP1S
++MDQOca4I6KSxo2358rUGDhq3A0xI5U24wjinNWHktTPXkJbvcJubx/sHb8QMxST
+qSXr5vYjJfms1sU3v2QYrORU42CBOvUAaZYTwLDq+PSN37IcyQoAhTU2ZgPSzSQe
+8aJvxgZWgWedsoeKpKK54yk7rG7b+Qhk6ZHrvFS6cI0YasYQ4GHZHfieG0dTGlVS
+FAAF+HF9/TI3vZPx5qzS6jhtpy6bI/MxjCachA1suShqHZNn4dGW13C6Kf6a6Ci8
+fOMVK/3t4H5oU+2fqoo41jU/1MmLuNUFt7F08X+3eRw/dmhGuf6Mcd46L9SMPtXp
+quSmX/q8kG1YUfj0vXfxBox9rQWYY8kNjp6OUkvAwBYoy6a1j0h420ZQhyNS0vzy
+w2d3UjTjoEdo3qOKCDKLGA9ILSJvK/jzDEoS0G23eiaQJ5DHDK6m++izm+2oCMwM
++5fcoRhn0SVzAgE63x80btbGuo52sMp57PcGZq50s8yeVYziyZEVPIb5I/vau8BH
+CxZ++8ENtvKmYWX84hXApR+2rX6hWWi/b34YIG4jtCr+aeaNumv5NT19G+g84BsL
+akcBUtt3px2icLZtUv+ck/JCG/7pUvIqZ2HMKLZgsSZan1pfdfdl1Q28xG97X/dR
+gCzr15ZjlX8bwtRNQs+xhv6lDQtFOv0wgYYW6rolZS3SOaGhWU4/E1a+RT16NUvS
+lajoYD1jFCk6Y2WWIB1tHxAlNC06EQB3oT+gPtzZ9upcM3Qv0X0RyXgPcLFcveiC
+aZZtBY6MElzXiRpRB8y6XNyvJz+1vB05DDlcCnx2ovztHAk74AiUp0VlSk6ylqDQ
+DKOaXHz5ZzFT+Ptaj3m1xBYc3m4Iyw98RXX7IGs7hOY2roaqO3rI/lmgTVuA3hv7
+m3CX8vbk3gqV1+Rt2ObuddnKtkrG07lP72HliZBLNRgEoaX1DSKdWq7A8G5uNWJj
+xvwWUDIu/PESII1x8D52pmZ0QH1VQmas17Ezme/4BGvOR5/0vwKUEXPYWhHvtB31
+4q/HMWpCCH5wF5DF0JfWmOhDpR3EvtG8HnNMzP8cdHbCLaG4SUz5uNKgJ6pI5cjV
+E+HS+McIN1wp5mFodR3qwjMdLoH2uJ4YOqP05qri1b40xXM/j6+p9tXXYuV/8d6K
++L8sZxNvORwf6z8yys2cAHC5xPYBC8c0qKE9a1GtYJRPpjXona+iHoM5KooGFmYx
+qZz2AvqbPYIwTHD5sV/K0wA3Zjlw6HOHBnZ6C7ZINAL/idY5uLOP6c3HCmVLRz3a
+KIZCBintlvOKVSlzfGh7MjAJpEkzqGBNQIFCkRflrJW13R4/fiRL2fqRm2UjbU7q
+QQo+ffs3emwCxkfxdOpubKUoANiFdXvQlKiC2BP/Yw==
 -----END ENCRYPTED PRIVATE KEY-----

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.pem

@@ -1,56 +1,56 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQU95KG57RacAYBmkeQ
-DIe1bZS0sbkCAggAMB0GCWCGSAFlAwQBKgQQyxdAya9Sd4oHLO1pzVWcYASCCVDT
-ozdXT3vjyqMzza4QKaMD4ywSAzGhQRM/TnxU5JbRLNMpdtq76Mfet2pv++UUjcof
-16EsdOOpDQdxdzQWmwGUNwjkX5YyWTaAefV8l9n6Bp8LV0XabS9We3g5Jr1KjuzP
-O/xJgB2o6BcD/WRPeOaANSGoyWce4rCkpDwqxrp+tY9EK19SoCZG9Zy2hnPPH2Hc
-QgtgCAzqaXIp49KIXHn/Uo532lIz3WqkkhzVakwgAKLKIvc/SwgP0eSXLvPjeJYS
-L8DngPP0YD7IPgIs7WmMNNE7or69e7mO0miUOl7xStNHzHpLmtLNbYI7Pk6NLT7N
-kWfh2+E21R7llsW57boMACXVr7N3CHOlZQhUNViyjPayo1njVnp6gGzuIxluhHJY
-CL070oqBeEYVfvE07HQ4Qd0BL5c02pdrKjdzBYyLwzSNKn2RzgS2R/XtEqdmOUo+
-iuRngv9D1UPSI2xlFhv84778ktEeSf8l1nLltqhPJAmJUjSAcu/zjN4Q+HXqMRaF
-IocDV4I7CaXDc2E0YdU8uHuzzUHLflJ2OZwU5N7tkoVOtAYHKUwCP4J/zpLSe2V2
-MIh40IVJK4gzb+iyBiOnsnKKQCKMPbS4lH8zC2S486MgjgbhlZeFg0nOF955c61l
-Sb4MBrexU4s1TUg/fDpYt6jPZoKivN72jzi60kV43gBFHmP3X4SRAUQ4Y3h5NFF8
-h2p4wvYRsYEexjJU/+WJG4Yi1wSi3oEqD161a6vPOsKBLBdLRo1vgnQdGFx/k83X
-vjPlI2eEUMPCntNBbrTy8eUSJz/0OH2phztZpHuh5cfy4ErUi19d9ywZUlhurGvX
-dC7ouTEqRZLkkSCfGTQM0q0O4JQJTLb5N4gWdZxQd2UwGv3jCK7m5eWx3bTdhhXi
-179DoSpYBCJF3msn0ROO6PxsccH0w/I6KMi3QNmsDlXhDr6XIBya8CU0lx9lp0pl
-5q62D26Ylr2fovd3qKKbwP6RaZarCzKLO6dWdyMqtUwVlX2FDCFd/SPGWc2TmuVS
-vLb981Zm13AfYtNUSfusroDp3TEuvl7cwozg7p33SQhuCmgKnxMd0iXd5QQZjrR0
-t+y22dHrD1agkkoFMLz/+d+930J0sY4odG/HbL2Bv8ZelVUjA8XSFoGBEA+rfQCg
-DGmLh5a+/yfzxCEKWVLqmwHWbSkub8bXdl6EKEyaO9qo1KCLAf3tArQx45sqw8bK
-8AYq2mrNIiMDhHub+XEEC0Aw2lZkJOrwwMEsTcZWfBvj56MdRNXuZMvPdarTbnDx
-zzxatqIwfvpOy/S2Poyrc6GuprbZCM6N+cDLdWQqAHVwAlx77NhiJ6s3vUnE3vB7
-aHgmXU+a8uPA64tKKaRNQJ31f7viCkWJXEbbEhVTzCvFcoqbKPPMm9w7nO8PMUTu
-BmwSFEKhd3BDKZavqTHKi66fF3A5ALFYAkMw/AlvinMitb9s+7WlWQrdvSFkqHsY
-wNQ1ankleYd24/8ZllvsQpleLMepDSxP6zUMpXSHbTKp5MZeoCaaY1RCkg7aOduz
-brnD7lRAfLp0H72nxVgC7n6VjidOSruF7k9WIN9VVbP0ZVL/QtkKRWd/hEmtMNaH
-ELg2ekdm3zvdBuvtr0jNiCxbhTr3j5OWQkT/BjZxHpZfA14XEROJC2Slo3PxUwBH
-0lE0cICWTeaeYcCX8ofawN+t1Qa6UD0sLl2670Kc7pozkJM4ul19rGA2KsHX89gE
-CaB1CkhFCqZhPbqX9yonv9XZtLb8Of8rBNVd/2QKN4/tOXcMYshzakSfSSIsyxxt
-QgMPRfz0nJTtP7v8ZbwIO+ayGoUeH7aYKhQ6Ku3qW9XuYiy+oMTIOToCSddnEI5t
-JNuPkT9kzA9stkRbFV5kBvrv5LWprWDXdA/wyAWG7txncWj6UzGlP8C3KhtMHLHv
-CiOXrE8UJdNNeT52dYI9slg+tzcCfz3sqMr9zXratvT6JMzrQZqCSis8vIx18TIK
-N5yDWHDFUOeNpo7aRqd5goW3qProwfZDjBXiqE4J+AJ5wc73PuftHt2l00zvLDWs
-SFIRvXbavNBA7GxpVtN8Qxmk6Lm0u0pBiastndowgAI5OIQVuwoA21vXyC5n9pMd
-bPJsmiPyme62OkCWmAjBNDLNVViwKMH8BxmLKJxX+6ysNsn0YY1+9YfI/zC3j4jM
-OYsK1c0NvFIv5aUxRQZLTJJt9C299jGNvdAJsfdp4LHejzZUjnx3nguz/l6RI1Vb
-vjQ1qDRPhkgErGXSHsCoCt+z5Y6mq17JWEX/FiXBWQbfSGoG/ZvoOqiBybCQ3HNl
-o9QM1sNQ5fUZDh0TgwkJB91rZXPwi828RklMW8VZszZir5gziTnndhw0ADLCZZ6z
-nA0vZAI7sjoEeIgiJq3egrsSLq2ZQRQsh5QF+Xo2QktleGvPrtMv//ZyGz4l59yc
-wX/7DtABurFhVs3KdYohcqXk2v5jJCMs+j9YDn6540QR6yXcbifp9ySqhm/PeH91
-UuL16YKxoV6QBZIGE0vjdUitGKNsS+H4ibD/0ZHYG+VcyL90eIrBq61CjfIO79O0
-L9+G4gKB91stXwtpqZWXTrlzrnjloZOPhqyQN/bs/liWQ6qy0a6Cd6nbWc141An1
-zEiOihbwLJ4ziCut+bq5lwyw6z/wWEhaVNnYspEEBr2URLMHbnBceS6zXoePT0ur
-9mQQLitmtlANlJ93vBDPhCaEjkK1v5J7MmIHQzyLSQGuLdXwz50piJukWru3aNax
-skloghJYeTMILEcGAszvyVtcvPqkrJnZXx4Qp7Luj5HK9THr78v3T4nWzirfqxPZ
-x70xRyhsC2lLcIrJ+3jkXj44edIqdh3Wvi30L2x2iUFyZ0ojQJQDo/+5b+p9k36L
-Dk8ktpeIa/BE3NsfcFaWn9bvRkQ6UAQcNn1zmkavfw5TLI4C1PnD/WUpPHZdhzNV
-K87CsUawxjEg0uCCaViShF6bD9mOWQxE3SM9yNizjTmotF6KrgkT16y/qZ17KGQM
-hJ5PraGu9jvg+L/MrQpr91eyJaeh9JFl9dM/SPM0mXo5q813bdMmqD4cc3YWCLee
-dHtmaKJ08KD1cJqHBz0DRLVV+zH00BMoYt5HZ5DmHFU1zhDekWZLhilbyWt8+z1E
-bzsoEAfZvyfvF7fJuxQ/HhYdR6TX5H+aNzZZivVc6g==
+MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUbPUZn/3VpMbderej
+CK2+IC16nwwCAggAMB0GCWCGSAFlAwQBKgQQvPO51vuHnkHznERAJ+mJngSCCVDI
+JlL/aK5MTWYntg5qFJ2L3w4GNTaKeVXrCE1Q/UrXo4/OnNVQdHnyWiuzOt0FoGow
+H22nWxbehwlykBPhPNw4719QOiMWQJqggR/61IUh8xOBrchqjQ2irIDjiXnTgD1N
+ADmtLHZC6duXncdFOtpeooHKMW61P6+KGBck0n8jM96+DuIKZKF2VO0hEzrUCF3d
+4ODXNX8EEc4l1UdGUU0l7r/SvxoDyprGnFW1Di+PZCRWwUkHbDrqOWEzs5UIzTRM
+2Tyt5osJB7v+0XB3f2PeBEHkQQhd9mvPIiSO5EwQF4JNQx7LMcnV1eFYXGF30pVb
+g9nG3UFbI68uH+uuuEU66yug/h/0RzMSBp8Le6eIck5/jaXBPzDstrc3VW5f1f+n
+I3LsVplUE5znK5okwcGNKr84Ppf6QJ0Hjmbx927j8/n5yMYAn8xa1X5XNeC0dmy8
+Fjbsz1YpiTx9uQ33thXWbpQXno3fJzXvTVJ258GciPwcwqUTiudkMz3eD/tk/Ehd
+SM2oxCKIFDjEUnTSJ89uj+vz9OlTAdaUr0uEfpM6vwq+610UviVRPrNpI2v/qiqJ
+SCeCsce4cN4eIjdpgPIt89H/ISDaOlpeCNQ8yLkkM4P89zXjir7Mt7jt3Uh58xoO
+rOHwQW8xUp+92BvES17PS072ywPS2jO/+hVQv6lf1LPHOmIlEWUln8no6KUBupMM
+ukaW+AmBxxYA1nycC+7IyXDUGiX8MU8GhT45xBpj6t5gKr5QwvJpGcH5oJ0qqq+s
+5B4bmIkaDUgbyAcnishANkHt8/wPvKLbefgRPkpRzaPFQqXu18nRr5GTa+dWfS1y
+GJOVtKcGEyMCHTWfvT9NQZryP3uSsVvl4unEcScWqUL12rDfe31EuTr8JD79I7US
+ssJoDtOKSsP/fFcUatUDcfsb+hkBGN19CdDb4LvPY23FhUc1ApYbWmU5HlY16uQx
+zjoVVZ3lCckJHojPlXpgv0y/CC6tOyEwKxC2u2voPunbR/D7rJ+5AIWDDc3pzzPZ
+KH1jfJPL8KbM8lBc+hpyLBtSnQpj/osN/jLY7El3ciFcux/NFSffeWKn/QuYYC8p
+LtJzWZiURZ6SWFZ4llPKbDeXsKhSOuroMt0aRUfQu2zHw++Ss94X+wJ3Tg64uP/9
+Bw9B5LFdTogChz7ObmGr9OnyJuQaj9/riWP6kowjXSQhku30RMpf6MQnxg8KLhI/
+99y4rGp+OLcxZcKbmENWIl9QcEVbyPfBq2yGSk/drT3xUJghCcPjObKToutHRs9r
+cN0IE6kzRiruRdm2bejgni+v5BhioiZRiSwr5om57G1N4e8BseTxY+zQrU2WwdJp
+ll1zqk5t2J+83uU/EQBmIkXpP+xqrod/uOUm84d5nYRXuO94DLUDwqU0KI7QKoHK
+W6XSU5TDzmynPrycl1IGW1l6ddb92h4FPYyYsppb+G78v2WfVFSsze2aBIDbDZUh
+QEaElJuNIOA+bOSctpTr0i70HXhGzVMXStXJMAIFgR9wKppxW+0IXdjYzhKVE8gx
+uXiJfwJx5pSDBWFDZqLM8uTH3hGOuvRX06iSHIFCsxjds7VWXBh91iGw9Xef9D50
+DVaIhF12dTRsrdi5AqYYkTb4AEzpUQXg7HPi678F6UnsOzCVYZqMWZaF3Ec1UHxu
+PZ9A27DvK1MsUm4QZ+7XrzWrRdkmRFXqhtfxCxHRpF+YlRPTyWSVmx0fEkGjLiAd
+uHU0D14lcqNvmusWOWXVYePOS44R3DrQFULgzfsly09bKFqRZdKGQavVjUbokP1S
++MDQOca4I6KSxo2358rUGDhq3A0xI5U24wjinNWHktTPXkJbvcJubx/sHb8QMxST
+qSXr5vYjJfms1sU3v2QYrORU42CBOvUAaZYTwLDq+PSN37IcyQoAhTU2ZgPSzSQe
+8aJvxgZWgWedsoeKpKK54yk7rG7b+Qhk6ZHrvFS6cI0YasYQ4GHZHfieG0dTGlVS
+FAAF+HF9/TI3vZPx5qzS6jhtpy6bI/MxjCachA1suShqHZNn4dGW13C6Kf6a6Ci8
+fOMVK/3t4H5oU+2fqoo41jU/1MmLuNUFt7F08X+3eRw/dmhGuf6Mcd46L9SMPtXp
+quSmX/q8kG1YUfj0vXfxBox9rQWYY8kNjp6OUkvAwBYoy6a1j0h420ZQhyNS0vzy
+w2d3UjTjoEdo3qOKCDKLGA9ILSJvK/jzDEoS0G23eiaQJ5DHDK6m++izm+2oCMwM
++5fcoRhn0SVzAgE63x80btbGuo52sMp57PcGZq50s8yeVYziyZEVPIb5I/vau8BH
+CxZ++8ENtvKmYWX84hXApR+2rX6hWWi/b34YIG4jtCr+aeaNumv5NT19G+g84BsL
+akcBUtt3px2icLZtUv+ck/JCG/7pUvIqZ2HMKLZgsSZan1pfdfdl1Q28xG97X/dR
+gCzr15ZjlX8bwtRNQs+xhv6lDQtFOv0wgYYW6rolZS3SOaGhWU4/E1a+RT16NUvS
+lajoYD1jFCk6Y2WWIB1tHxAlNC06EQB3oT+gPtzZ9upcM3Qv0X0RyXgPcLFcveiC
+aZZtBY6MElzXiRpRB8y6XNyvJz+1vB05DDlcCnx2ovztHAk74AiUp0VlSk6ylqDQ
+DKOaXHz5ZzFT+Ptaj3m1xBYc3m4Iyw98RXX7IGs7hOY2roaqO3rI/lmgTVuA3hv7
+m3CX8vbk3gqV1+Rt2ObuddnKtkrG07lP72HliZBLNRgEoaX1DSKdWq7A8G5uNWJj
+xvwWUDIu/PESII1x8D52pmZ0QH1VQmas17Ezme/4BGvOR5/0vwKUEXPYWhHvtB31
+4q/HMWpCCH5wF5DF0JfWmOhDpR3EvtG8HnNMzP8cdHbCLaG4SUz5uNKgJ6pI5cjV
+E+HS+McIN1wp5mFodR3qwjMdLoH2uJ4YOqP05qri1b40xXM/j6+p9tXXYuV/8d6K
++L8sZxNvORwf6z8yys2cAHC5xPYBC8c0qKE9a1GtYJRPpjXona+iHoM5KooGFmYx
+qZz2AvqbPYIwTHD5sV/K0wA3Zjlw6HOHBnZ6C7ZINAL/idY5uLOP6c3HCmVLRz3a
+KIZCBintlvOKVSlzfGh7MjAJpEkzqGBNQIFCkRflrJW13R4/fiRL2fqRm2UjbU7q
+QQo+ffs3emwCxkfxdOpubKUoANiFdXvQlKiC2BP/Yw==
 -----END ENCRYPTED PRIVATE KEY-----
 
 -----BEGIN CERTIFICATE-----

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict.properties

@@ -96,7 +96,7 @@ language.it=Italiano
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
 loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
-loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
+loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
 loainfo.startNow=Do you want to start the process now?
@@ -224,8 +224,6 @@ recovery_check_code.invalid.code.tooLong=The code is too long
 recovery_check_code.noAccess=I do not have access to my code
 recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
 recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
-recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
-recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
 recovery_check_noCode.banner.error=Too many attempts.
 recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
 recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -262,7 +260,7 @@ recovery_questionnaire_no_recovery.instruction2=If you have several login factor
 recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
 recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
 recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
-recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
+recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
 recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
 recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
 recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_de.properties

@@ -96,7 +96,7 @@ language.it=Italiano
 languageDropdown.aria.label=Sprache wählen
 loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
 loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen.
-loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
+loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben.
 loainfo.helper=Ihre persönlichen Daten müssen überprüft werden!
 loainfo.later=Später
 loainfo.startNow=Möchten Sie den Prozess jetzt starten?
@@ -213,7 +213,7 @@ pwreset.info.linktext=Passwort vergessen
 pwreset.noticket=Ihr Link ist nicht mehr gültig. Bitte generieren Sie ein Neuen.
 recovery_accessapp_auth.accessAppRegistered=AGOV access app schon registriert
 recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um sich zu identifizieren.
+recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um Sie zu identifizieren.
 recovery_check_code.banner.lockedError=Zu viele Fehlversuche. Bitte versuchen Sie es in ein paar Minuten noch einmal.
 recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut.
 recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben
@@ -224,8 +224,6 @@ recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang
 recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen
 recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen können?
 recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen können, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
-recovery_check_code.too_many_tries.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
-recovery_check_code.too_many_tries.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
 recovery_check_noCode.banner.error=Zu viele Versuche.
 recovery_check_noCode.instruction1=Möglicherweise haben Sie zu oft versucht, den Wiederherstellungscode einzugeben.
 recovery_check_noCode.instruction2=Bitte schliessen Sie den Webbrowser und starten Sie die Kontowiederherstellung in zehn Minuten erneut auf <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -236,7 +234,7 @@ recovery_code.validUntil=G&uuml;ltig bis:
 recovery_fidokey_auth.button=Schl&uuml;sselauthentifizierung starten
 recovery_fidokey_auth.fidoInstruction=Klicken Sie auf "Schl&uuml;sselauthentifizierung starten"
 recovery_fidokey_auth.instruction1=Sie haben bereits einen neuen Sicherheitsschl&uuml;ssel !!!SECURITY_KEY_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um sich zu identifizieren.
+recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um Sie zu identifizieren.
 recovery_fidokey_auth.keyRegistered=Sicherheitsschl&uuml;ssel schon registriert
 recovery_intro_email.banner.error=Der von Ihnen verwendete Link ist abgelaufen. Bitte geben Sie Ihre E-Mail-Adresse ein, um einen neuen Link zu erhalten.
 recovery_intro_email.banner.info=Bitte geben Sie Ihre E-Mail-Adresse ein, damit wir Ihnen einen Link schicken k&ouml;nnen, mit dem Sie den Wiederherstellungsprozess starten.
@@ -262,7 +260,7 @@ recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren r
 recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschl&uuml;ssel habe
 recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschl&uuml;ssel)
 recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen
-recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht, neu installiert oder zur&uuml;ckgesetzt
+recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht oder zur&uuml;ckgesetzt
 recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschl&uuml;ssel verloren
 recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu &uuml;bertragen
 recovery_questionnaire_reason_selection.answer6=Ich habe die PIN f&uuml;r meine AGOV access App vergessen

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_en.properties

@@ -96,7 +96,7 @@ language.it=Italiano
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
 loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
-loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
+loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
 loainfo.startNow=Do you want to start the process now?
@@ -224,8 +224,6 @@ recovery_check_code.invalid.code.tooLong=The code is too long
 recovery_check_code.noAccess=I do not have access to my code
 recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
 recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
-recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
-recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
 recovery_check_noCode.banner.error=Too many attempts.
 recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
 recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -262,7 +260,7 @@ recovery_questionnaire_no_recovery.instruction2=If you have several login factor
 recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
 recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
 recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
-recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
+recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
 recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
 recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
 recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_fr.properties

@@ -96,7 +96,7 @@ language.it=Italiano
 languageDropdown.aria.label=Sélectionner la langue
 loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours.
 loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante.
-loainfo.description.400=Veuillez saisir votre numéro AVS pour accéder à l'application.
+loainfo.description.400=Pour accéder à l'application, vous devez ajouter votre numéro AVS.
 loainfo.helper=Vos données doivent être vérifiées!
 loainfo.later=Plus tard
 loainfo.startNow=Voulez-vous commencer le processus maintenant?
@@ -224,8 +224,6 @@ recovery_check_code.invalid.code.tooLong=Le code est trop long
 recovery_check_code.noAccess=Je n’ai pas accès à mon code de récupération
 recovery_check_code.noCodeAccess=Êtes-vous sûr de ne pas avoir accès à votre code de récupération ?
 recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de récupération, veuillez vous rendre sur AGOV help et contacter le service d’assistance AGOV. Un agent pourra vous aider dans le processus de récupération.
-recovery_check_code.too_many_tries.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois.
-recovery_check_code.too_many_tries.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération.
 recovery_check_noCode.banner.error=Trop de tentatives.
 recovery_check_noCode.instruction1=Vous avez peut-être essayé de saisir le code de récupération trop de fois.
 recovery_check_noCode.instruction2=Veuillez fermer le navigateur web et recommencer la r&eacute;cup&eacute;ration du compte dans dix minutes &agrave; partir de <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -262,7 +260,7 @@ recovery_questionnaire_no_recovery.instruction2=Si vous avez enregistr&eacute; p
 recovery_questionnaire_reason_selection.answer1=Je n'arrive pas &agrave; me connecter, m&ecirc;me si j'ai mon application / ma cl&eacute; de s&eacute;curit&eacute;
 recovery_questionnaire_reason_selection.answer10=J'ai perdu l'un de mes facteurs d'authentification (application AGOV access ou cl&eacute; de s&eacute;curit&eacute;)
 recovery_questionnaire_reason_selection.answer2=Je n'ai pas pu terminer mon inscription
-recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute;, r&eacute;install&eacute; ou r&eacute;initialis&eacute; mon application d'acc&egrave;s AGOV
+recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute; ou r&eacute;initialis&eacute; mon application AGOV access
 recovery_questionnaire_reason_selection.answer4=J'ai perdu mon t&eacute;l&eacute;phone / cl&eacute; de s&eacute;curit&eacute;
 recovery_questionnaire_reason_selection.answer5=J'ai un nouveau t&eacute;l&eacute;phone et j'ai oubli&eacute; de transf&eacute;rer mon application AGOV access
 recovery_questionnaire_reason_selection.answer6=J'ai oubli&eacute; mon PIN pour l'application AGOV access

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_it.properties

@@ -96,7 +96,7 @@ language.it=Italiano
 languageDropdown.aria.label=Selezionare la lingua
 loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi.
 loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata.
-loainfo.description.400=Per accedere all'applicazione è necessario inserire il numero AVS.
+loainfo.description.400=Per acceddere all'applicazione deve inserire il numero AVS.
 loainfo.helper=I dati devono essere verificati!
 loainfo.later=Più tardi
 loainfo.startNow=Iniziare la procedura?
@@ -224,8 +224,6 @@ recovery_check_code.invalid.code.tooLong=Il codice è troppo lungo
 recovery_check_code.noAccess=Non ho il mio codice.
 recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino?
 recovery_check_code.noCodeAccessInstructions=Se non ha più il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assisterà nel processo di ripristino.
-recovery_check_code.too_many_tries.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte.
-recovery_check_code.too_many_tries.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
 recovery_check_noCode.banner.error=Troppi tentativi.
 recovery_check_noCode.instruction1=Potresti aver tentato di inserire il codice di ripristino troppe volte.
 recovery_check_noCode.instruction2=Chiudi il browser web e inizia nuovamente il processo di ripristino dell'account tra dieci minuti da <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -262,7 +260,7 @@ recovery_questionnaire_no_recovery.instruction2=Se ha registrato pi&ugrave; fatt
 recovery_questionnaire_reason_selection.answer1=Ho problemi ad accedere, anche se ho la mia app/chiave di sicurezza
 recovery_questionnaire_reason_selection.answer10=Ho perso uno dei miei fattori di accesso (app AGOV access o chiave di sicurezza)
 recovery_questionnaire_reason_selection.answer2=Non sono riuscito a completare la registrazione
-recovery_questionnaire_reason_selection.answer3=Ho eliminato, reinstallato o reimpostato la mia app AGOV access
+recovery_questionnaire_reason_selection.answer3=Ho eliminato o reimpostato la mia app AGOV access
 recovery_questionnaire_reason_selection.answer4=Ho perso il telefono/la chiave di sicurezza
 recovery_questionnaire_reason_selection.answer5=Ho un nuovo telefono e ho dimenticato di trasferire la mia app AGOV access
 recovery_questionnaire_reason_selection.answer6=Ho dimenticato il PIN dell'app AGOV access

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithAssertion.groovy

@@ -10,20 +10,6 @@ def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTi
 
 LOG.info("Event='AUTHENTICATION', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
 
-// BUNDBITBK-4824: Address was missing after bmid verification
-def session = request.getAuthSession(true)
-int loa = session.get('agov.actualRoleLevel') as int
-
-// Best Token Available only if account's AQlevel is high enough
-if ((session.getAttribute('agov.appAddressRequired') == 'true') && (loa < 200)) {
-    LOG.debug("Best Token: Address requested but account has to low AQ (${loa})")
-    session.setAttribute('agov.appAddressRequired', 'false')
-}
-if ((session.getAttribute('agov.appSvnrAllowed') == 'true') && (loa < 400)) {
-    LOG.debug("Best Token: SVNr requested but account has to low AQ (${loa})")
-    session.setAttribute('agov.appSvnrAllowed', 'false')
-}
-// BUNDBITBK-4824 END
 
 // delete the login cookie
 def agovLoginCookie = "agovLogin=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/askMobileNumber.groovy

@@ -60,19 +60,16 @@ if (!inargs['submit'] && (!inargs['mobile'] || !inargs['mobile'].isEmpty()) && i
     return
 }
 
-if (inargs['submit'] && (!inargs['mobile'] || inargs['mobile'].isEmpty()) && inargs['skip']) {
+if (inargs['submit'] && (!inargs['mobile'] || inargs['mobile'].isEmpty()) && inargs['skip'] && inargs['skip'] == 'true') {
     // no mobile, and user wants to skip it
 
-    LOG.info("Event='NOMOBILENUMBER', Requester='${requester}', RequestId='${requestId}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', Persistent='${ inargs['skip'] == 'persistent' ? true : false }'")
+    LOG.info("Event='NOMOBILENUMBER', Requester='${requester}', RequestId='${requestId}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
     
-    if (inargs['skip'] == 'persistent') {
-        // persistent cookie for 30d;
-        def agovSkipAskingMobileCookie = "agovSkipAskingMobile=true; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=2592000; SameSite=Strict; Secure; HttpOnly"
-        // setHeader doesn't support multiple headers with the same name, so we use
-        // a different one, and rewrite it in the proxy with Lua
-        response.setHeader('Set-Cookie2', agovSkipAskingMobileCookie)
-    }
-
+    // persistent cookie for 30d;
+    def agovSkipAskingMobileCookie = "agovSkipAskingMobile=true; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=2592000; SameSite=Strict; Secure; HttpOnly"
+    // setHeader doesn't support multiple headers with the same name, so we use
+    // a different one, and rewrite it in the proxy with Lua
+    response.setHeader('Set-Cookie2', agovSkipAskingMobileCookie)
     response.setResult('done')
     return
 }

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/checkloa.groovy

@@ -2,8 +2,9 @@ import org.codehaus.groovy.runtime.StackTraceUtils
 import groovy.xml.XmlSlurper
 
 def getUserAGOVLoiRoles() {
-  // we take the roles from actualRoles
-  return request.getActualRoles().findAll { role -> role.startsWith('AGOV-Loi.') }.collect({ role -> role.substring(9) })
+  // set attibutes from DTO: -> AGOVaq
+  def list = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto'))
+  return list.'**'.findAll { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-Loi' }.collect({ node -> node.name.text() })
 }
 
 def getUserAGOVRecoveryRoles() {
@@ -140,11 +141,6 @@ try {
     LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', errorMessage='Account without Profile', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
 
     session.setAttribute('contextClassRefToSet', 'urn:qa.agov.ch:names:tc:ac:classes:100')
-
-    // if the account has no profile, we must not return address or svnr
-    session.setAttribute('agov.appAddressRequired', 'false')
-    session.setAttribute('agov.appSvnrAllowed', 'false')
-
     response.setResult('ok')
     return
   }
@@ -165,14 +161,16 @@ try {
   if (role.startsWith('level')) {
     def roleLevel = role.substring(5)
     int roleLevelNumber = Integer.parseInt(roleLevel)
-    
+    if (highestRoleLevelNumber == 0) {
+      highestRoleLevelNumber = roleLevelNumber
+    }
     if (highestRoleLevelNumber< roleLevelNumber) { 
       highestRoleLevelNumber=roleLevelNumber 
     } 
   } 
   } 
-  LOG.debug('CheckLoa: Highest role Level ' + highestRoleLevelNumber.toString() +' contextclassref ' + requestedRoleLevelNumber.toString()) 
-  LOG.debug('CheckLoa: Compare ' + (highestRoleLevelNumber>=requestedRoleLevelNumber))  
+  LOG.debug('CheckLoa: Highest role Level' + highestRoleLevelNumber.toString() +' contextclassref' + requestedRoleLevelNumber.toString()) 
+  LOG.debug('CheckLoa: Compare' + (highestRoleLevelNumber>=requestedRoleLevelNumber)) 
 
   //set attribute Actual Role Level
   session.setAttribute('agov.actualRoleLevel', '' + highestRoleLevelNumber)
@@ -187,46 +185,42 @@ try {
   }
 
   // no login for users with a recovery role
-  def recoveryRoleList = getUserAGOVRecoveryRoles()
-  
-  if (recoveryRoleList.contains('mustRecover')) {
-    session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:mustRecover')
-    session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown' ) 
+  for (String role : getUserAGOVRecoveryRoles()) {
+    if (role == 'mustRecover') {
+      session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:mustRecover')
+      session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown' ) 
 
-    def origIdVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()) ?: 'None'
-    def idVerification = getUserIdVerificationForRecovery() ?: origIdVerification
-    session.setAttribute('agov.recovery.currentIdVerification', '' + idVerification )
+      def origIdVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()) ?: 'None'
 
-    // align currentAgovAq with the method selected for idVerification
-    def currentAgovAqForRecovery = getAqLevelBasedOnIdVerificationForRecovery(idVerification, highestRoleLevelNumber)
-    session.setAttribute('agov.recovery.currentAgovAq', '' + currentAgovAqForRecovery)
+      def idVerification = getUserIdVerificationForRecovery() ?: origIdVerification
+      session.setAttribute('agov.recovery.currentIdVerification', '' + idVerification )
 
-    def validFrom = getUserMustRecoverValidFrom() ?: ''
-    session.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', '' + validFrom ) 
+      // align currentAgovAq with the method selected for idVerification
+      def currentAgovAqForRecovery = getAqLevelBasedOnIdVerificationForRecovery(idVerification, highestRoleLevelNumber)
+      session.setAttribute('agov.recovery.currentAgovAq', '' + currentAgovAqForRecovery)
 
-    LOG.debug("CheckLoa: mustRecover: origIdVerification=${origIdVerification}, idVerification=${idVerification}, currentAgovAqForRecovery=${currentAgovAqForRecovery}")
+      def validFrom = getUserMustRecoverValidFrom() ?: ''
+      session.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', '' + validFrom ) 
 
-    response.setResult('exit.2')
-    return
+      LOG.debug("CheckLoa: mustRecover: origIdVerification=${origIdVerification}, idVerification=${idVerification}, currentAgovAqForRecovery=${currentAgovAqForRecovery}")
 
-  } else if (recoveryRoleList.contains('recovery')) {
-    if (recoveryRoleList.contains('recoveryCascade')) {
-      session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recoveryCascade')
-    } else {
+      response.setResult('exit.2')
+      return
+
+    } else if (role == 'recovery') {
       session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recovery')
-    }
-    session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown') 
-    session.setAttribute('agov.recovery.currentAgovAq', session.getAttribute('contextClassRefToSet') ?: 'urn:qa.agov.ch:names:tc:ac:classes:100' )
-    LOG.debug('CheckLoa: idVerification2= '+ getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()))
-    def idVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString())
-    session.setAttribute('agov.recovery.currentIdVerification', (idVerification.isEmpty() ? 'None' : idVerification.first()))
-    def validFrom = getUserAGOVLoiValidFrom('level'.concat(highestRoleLevelNumber.toString())) ?: ''
-    session.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', validFrom) 
-
-    response.setResult('exit.2')
-    return
-  } 
+      session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown') 
+      session.setAttribute('agov.recovery.currentAgovAq', session.getAttribute('contextClassRefToSet') ?: 'urn:qa.agov.ch:names:tc:ac:classes:100' )
+      LOG.debug('CheckLoa: idVerification2= '+ getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()))
+      def idVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString())
+      session.setAttribute('agov.recovery.currentIdVerification', (idVerification.isEmpty() ? 'None' : idVerification.first()))
+      def validFrom = getUserAGOVLoiValidFrom('level'.concat(highestRoleLevelNumber.toString())) ?: ''
+      session.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', validFrom) 
 
+      response.setResult('exit.2')
+      return
+    } 
+  }
 
   if (highestRoleLevelNumber>=requestedRoleLevelNumber) { 
 

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_verification_auth.groovy

@@ -1,326 +0,0 @@
-import ch.nevis.esauth.auth.engine.AuthResponse
-import ch.nevis.esauth.util.httpclient.api.HttpClient
-import groovy.json.JsonSlurper
-import io.opentelemetry.api.trace.Span
-
-def getHeader(String name) {
-	def inctx = request.getLoginContext()
-	// case-insensitive lookup of HTTP headers
-	def map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER)
-	map.putAll(inctx)
-	return map['connection.HttpHeader.' + name]
-}
-
-def verification_request_template = '''
-{ "presentation_definition": {
-    "id": "{{UUID}}",
-    "name": "AGOV Verification",
-    "purpose": "AGOV Login",
-    "format": {
-      "vc+sd-jwt": {
-        "sd-jwt_alg_values": [
-          "ES256"
-        ],
-        "kb-jwt_alg_values": [
-          "ES256"
-        ]
-      }
-    },
-    "input_descriptors": [
-      {
-        "id": "agov-all-attributes",
-        "name": "AGOV Identity Verification",
-        "purpose": "verification and authentication",
-        "format": {
-          "vc+sd-jwt": {
-            "sd-jwt_alg_values": [
-              "ES256"
-            ],
-            "kb-jwt_alg_values": [
-              "ES256"
-            ]
-          }
-        },
-        "constraints": {
-          "fields": [
-            {
-              "path": [
-                "$.family_name"
-              ]
-            },
-            {
-              "path": [
-                "$.given_name"
-              ]
-            },
-            {
-              "path": [
-                "$.birth_date"
-              ]
-            },
-            {
-              "path": [
-                "$.sex"
-              ]
-            },
-            {
-              "path": [
-                "$.place_of_origin"
-              ]
-            },
-            {
-              "path": [
-                "$.birth_place"
-              ]
-            },
-            {
-              "path": [
-                "$.nationality"
-              ]
-            },
-            {
-              "path": [
-                "$.personal_administrative_number"
-              ]
-            },
-            {
-              "path": [
-                "$.document_number"
-              ]
-            },
-            {
-              "path": [
-                "$.issuance_date"
-              ]
-            },
-            {
-              "path": [
-                "$.expiry_date"
-              ]
-            },
-            {
-              "path": [
-                "$.issuing_authority"
-              ]
-            },
-            {
-              "path": [
-                "$.issuing_country"
-              ]
-            }
-          ]
-        }
-      }
-    ]
-  }
-}
-'''
-
-def ERROR_CODE_TO_STATUS_MAPPER = [
-		'CREDENTIAL_INVALID'               : 'FAILED',
-		'JWT_EXPIRED'                      : 'ERROR',
-		'INVALID_FORMAT'                   : 'ERROR',
-		'CREDENTIAL_EXPIRED'               : 'FAILED',
-		'MISSING_NONCE'                    : 'ERROR',
-		'UNSUPPORTED_FORMAT'               : 'ERROR',
-		'CREDENTIAL_REVOKED'               : 'FAILED',
-		'CREDENTIAL_SUSPENDED'             : 'FAILED',
-		'HOLDER_BINDING_MISMATCH'          : 'ERROR',
-		'CREDENTIAL_MISSING_DATA'          : 'FAILED',
-		'UNRESOLVABLE_STATUS_LIST'         : 'ERROR',
-		'PUBLIC_KEY_OF_ISSUER_UNRESOLVABLE': 'ERROR',
-		'CLIENT_REJECTED'                  : 'CANCELED',
-		'ISSUER_NOT_ACCEPTED'              : 'ERROR'
-]
-
-// ---------------
-// check, whether we are still processing the correct AuthnRequest
-if (inargs.containsKey('authRequestId') && (inargs['authRequestId'] != session['ch.nevis.auth.saml.request.id'])) {
-	// wrong request, "force" a timeout
-	LOG.debug('authentication timeout enforced, due to concurrent requests -> return a 408')
-
-	response.setIsDirectResponse(true)
-	response.setContentType('text/html; charset=UTF-8')
-	response.setContent('Timeout')
-	response.setHttpStatusCode(205)
-	response.setHeader('IDP-AUTH', 'Timeout')
-
-	// CONTINUE to keep the other request beeing processed
-	response.setStatus(AuthResponse.AUTH_CONTINUE)
-	return
-}
-
-if (inargs['oid4vp'] == 'ERROR') {
-	response.setResult('error')
-	return
-}
-
-if (inargs['oid4vp'] == 'SUCCEEDED') {
-	response.setResult('ok')
-	return
-}
-
-
-def sess = request.getAuthSession(true)
-
-HttpClient httpClient = HttpClients.create(parameters)
-def spanCtxt = Span.current().getSpanContext()
-def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
-
-if (!session['agov.eid.verification']) {
-	// Initialize the verification session on the verifier
-	def endPoint = "${parameters.get('eidVerifierBaseUrl')}/api/v1/verifications"
-
-	try {
-		def httpResponse = Http.post()
-				.url(endPoint)
-				.header("Accept", "application/json")
-				.header("traceparent", traceparent)
-				.entity(Http.entity()
-						.content(verification_request_template.replaceAll("\\{\\{UUID}}", UUID.randomUUID().toString()))
-						.contentType("application/json")
-						.build())
-				.build()
-				.send(httpClient)
-
-
-		if (httpResponse.code() != 200) {
-			LOG.debug("Result: ${httpResponse}")
-			response.setResult('error')
-			return
-		}
-
-		def json = new JsonSlurper().parseText(httpResponse.bodyAsString())
-		LOG.debug("Result: ${json}")
-
-		sess.setAttribute('agov.eid.verification', 'true')
-		sess.setAttribute('agov.eid.verification.id', json.id)
-		sess.setAttribute('agov.eid.verification.link', json.verification_url)
-
-		if (json.state != 'PENDING') {
-			response.setResult('error')
-			return
-		}
-	}
-	catch (Exception e) {
-		LOG.error("Eid verification failed: $e")
-		response.setResult('error')
-		return
-	}
-}
-
-if (getHeader('Content-Type') == 'application/json' && inargs.containsKey('o.id.v')) {
-	// request for a status update from the verifier
-	def result
-
-	// TODO/haburger/2025-03-24: we should make sure, that we have an actual session on the verifier with id.v
-	// and that authRequestId is correct
-	def idvalue = (!inargs['o.id.v'] || inargs['o.id.v'] == 'NEW') ? session['agov.eid.verification.id'] : inargs['o.id.v']
-
-	try {
-		def endPoint = "${parameters.get('eidVerifierBaseUrl')}/api/v1/verifications/${idvalue}"
-
-		def httpResponse = Http.get()
-				.url(endPoint)
-				.header("Accept", "application/json")
-				.header("traceparent", traceparent)
-				.build()
-				.send(httpClient)
-
-		if (httpResponse.code() != 200) {
-			// TODO/haburger/2025-03-25: 404 we should create a new verification request
-			LOG.debug("Result: ${httpResponse}")
-			result = """{
-				"oid4vp": {
-					"status": "ERROR",
-					"verification_url": "${session['agov.eid.verification.link']}",
-					"id": "${idvalue}",
-					"error_code": "HTTP-ERROR",
-					"error_message": "failed to verify status of verification ${idvalue}, http status: ${httpResponse.code()}"
-				}}"""
-			LOG.warn("<== Response: ${responseCode}")
-		}
-		else {
-
-			def json = new JsonSlurper().parseText(httpResponse.bodyAsString())
-
-			if (json.state == 'SUCCESS') {
-				def claims = json.wallet_response.credential_subject_data
-
-				// TODO/haburger/2025-03-25: format changes to align with IDM read data
-				sess.setAttribute('ch.nevis.idm.User.firstName', claims.given_name)
-				sess.setAttribute('ch.nevis.idm.User.lastName', claims.family_name)
-				sess.setAttribute('ch.nevis.idm.User.birthDate', claims.birth_date)
-				sess.setAttribute('ch.nevis.idm.User.gender', claims.sex)
-				sess.setAttribute('ch.nevis.idm.User.prop.svnr', claims.personal_administrative_number)
-				sess.setAttribute('ch.nevis.idm.User.prop.placeOfBirth', claims.birth_place)
-				sess.setAttribute('ch.nevis.idm.User.prop.eIdNumber', claims.personal_administrative_number)
-				sess.setAttribute('ch.nevis.idm.User.prop.nationality', claims.nationality.toString())
-				sess.setAttribute('ValidFrom', claims.issuance_date)
-				sess.setAttribute('ValidTo', claims.expiry_date)
-				sess.setAttribute('authenticatedWith', "urn:qa.agov.ch:names:tc:authfactor:eid")
-				sess.setAttribute('idVerification', "Eid")
-				sess.setAttribute('contextClassRefToSet', "urn:qa.agov.ch:names:tc:ac:classes:600")
-
-				response.setUserId(claims.personal_administrative_number)
-				response.setLoginId(claims.document_number)
-				response.setAuthLevel("EID")
-
-				result = """{
-				"oid4vp": {
-					"status": "SUCCEEDED",
-					"verification_url": "${session['agov.eid.verification.link']}",
-					"id": "${idvalue}",
-					"error_code": "NONE"
-				}}"""
-			}
-			else if (json.state == 'FAILED') {
-				// TODO/haburger/2025-03-25: ERROR_CODE_TO_STATUS_MAPPER[json.wallet_response.error_code] == 'FAILED' we should
-				//  initiate a new verification and return the new id, url together with the message
-
-				LOG
-						.error("Eid verification failed: ${json.wallet_response.error_code} (${json.wallet_response.error_description})")
-				result = """{
-				"oid4vp": {
-					"status": "${ERROR_CODE_TO_STATUS_MAPPER[json.wallet_response.error_code] ?: 'ERROR'}",
-					"verification_url": "${session['agov.eid.verification.link']}",
-					"id": "${idvalue}",
-					"error_code": "${json.wallet_response.error_code}",
-					"error_message": "${json.wallet_response.error_description}"
-				}}"""
-			}
-			else {
-				result = """{
-				"oid4vp": {
-					"status": "${inargs['o.id.v'] == 'NEW' ? 'INITIATED' : 'PENDING'}",
-					"verification_url": "${session['agov.eid.verification.link']}",
-					"id": "${idvalue}",
-					"error_code": "NONE"
-				}}"""
-			}
-		}
-
-	}
-	catch (Exception e) {
-		LOG.error("Eid verification failed: ${e}")
-		result = """{
-				"oid4vp": {
-					"status": "ERROR",
-					"verification_url": "${session['agov.eid.verification.link']}",
-					"id": "${idvalue}",
-					"error_code": "HTTP-ERROR",
-					"error_message": "failed to verify status of verification ${idvalue}, http exception"
-				}}"""
-	}
-
-	response.setContent(result.toString())
-	response.setContentType('application/json')
-	response.setHttpStatusCode(200)
-	response.setIsDirectResponse(true)
-	response.setStatus(AuthResponse.AUTH_CONTINUE)
-	return
-}
-
-// if we reach this place, display GUI
-response.setStatus(AuthResponse.AUTH_CONTINUE)
-return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureRecoveryCode.groovy

@@ -1,7 +1,7 @@
 import ch.nevis.esauth.auth.engine.AuthResponse
-import ch.nevis.esauth.util.httpclient.api.HttpClient
-
-import io.opentelemetry.api.trace.Span
+import ch.nevis.idm.client.IdmRestClient
+import ch.nevis.idm.client.IdmRestClientFactory
+import ch.nevis.idm.client.HTTPRequestWrapper
 
 import groovy.json.JsonSlurper
 import groovy.xml.XmlSlurper
@@ -19,9 +19,7 @@ def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?:
 
 
 
-HttpClient httpClient = HttpClients.create(parameters)
-def spanCtxt = Span.current().getSpanContext()
-def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
+IdmRestClient idmRestClient = IdmRestClientFactory.get(parameters)
 
 String clientExtId = session.get('ch.adnovum.nevisidm.user.clientExtId')
 String userExtId = session.get('ch.adnovum.nevisidm.user.extId')
@@ -39,26 +37,21 @@ if (Arrays.stream(response.getActualRoles()).filter( r -> r.matches('^.*AGOV-Loi
 	return
 }
 
-// 1a) check if user has a credential
+
+// 1b) check if user has a credential
 if ( recoveryCredential != null ) {
 	LOG.debug("Account '${user}' has an active recovery code, no need to create new code")
 	response.setResult('done')
 	return
 }
 
-// 1b) check if a recovery is ongoing (nothing to do)
+// 1c) check if a recovery is ongoing (nothing to do)
 if (Arrays.stream(response.getActualRoles()).filter( r -> r.contains('AGOV-AccountStatus.recovery')).findAny().isPresent()) {
 	LOG.debug("Account '${user}' is in recovery, no need to create new code")
 	response.setResult('done')
 	return
 }
 
-// 1c) don't do it for mobile phones (BUNDBITBK-4445)
-if (userAgent =~ /(iPhone|Android)/ ) {
-	LOG.debug("User '${user}' used a mobile phone, recovery code creation skipped")
-	response.setResult('done')
-	return
-}
 
 // 2) set cookie for recoveryCode
 if (outargs.containsKey('out.JWTToken')) {
@@ -72,26 +65,21 @@ if (outargs.containsKey('out.JWTToken')) {
 if (!session['agov.new.recovery.code.generated']) {
 	inargs.remove('submit')
 	try {
-		def httpResponse = Http.post()
-			.url(endPoint)
-			.header("Accept", "application/json")
-			.header("traceparent", traceparent)
-			.entity(Http.entity()
-				.content("{\"userExtId\":\"$userExtId\",\"userSessionId\": \"$sessionId\"}")
-				.contentType("application/json")
-				.build())
-			.build()
-			.send(httpClient)
+		def postRequest = new HTTPRequestWrapper()
+		postRequest.addToHeaders('Content-Type',  ['application/json'])
 
-
-		if (httpResponse.code() != 200) {
-            LOG.debug("Result: ${httpResponse}")
-			LOG.warn("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create code (http status code ${httpResponse.code()})")
+		postRequest.setPayLoad("{\"userExtId\":\"$userExtId\",\"userSessionId\": \"$sessionId\"}".getBytes('UTF-8'))
+		
+        def result = idmRestClient.postWithResponse(endPoint, postRequest)
+		if (result.getStatusCode() != 200) {
+            LOG.debug("Payload: ${new String(postRequest.getPayLoad())}")
+            LOG.debug("Result: ${result}")
+			LOG.warn("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create code (http status code ${result.getStatusCode()})")
 			response.setResult('failed')
 			return
 		}
 
-		def json = new JsonSlurper().parseText(httpResponse.bodyAsString())
+		def json = new JsonSlurper().parseText(new String(result.getPayLoad(), 'UTF-8'))
 
 		notes.setProperty('agov.new.recovery.code', json['recoveryCode']['code'].replaceAll('^(....)(....)(.*)$', '$1-$2-$3'))
 		LOG.debug("agov.new.recovery.code: ${notes['agov.new.recovery.code']}")

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf

@@ -3,7 +3,6 @@ RTENV_SECURITY_CHECK=no_shell
 JAVA_OPTS=(
     "-XX:+UseContainerSupport"
     "-Dfile.encoding=UTF-8"
-    "-Dotel.instrumentation.metro.enabled=false"
     "-XX:MaxRAMPercentage=80.0"
     "-Djava.net.preferIPv4Stack=true"
     "-Djava.net.connectionTimeout=10000"
@@ -13,7 +12,7 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
     "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-default-tls-trust/truststore.p12"
     "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-default-tls-trust/keypass}"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_auth.groovy

@@ -98,12 +98,9 @@ if (path == '/nevisfido/fido2/attestation/options') {
     }
     post(connection, json)
     def responseCode = connection.responseCode
-    def responseText = responseCode == 200 ? connection.inputStream.text : '{"allowCredentials":[]}'
-    def jsonResponse = new JsonSlurper().parseText(responseText)
-    def numOfKeys = jsonResponse.allowCredentials ? jsonResponse.allowCredentials.size() : 0
 
-    // non existing account, account without FIDO2 key , or account with disabled FIDO2 key case
-    if (responseCode == 404 || responseCode == 400 || numOfKeys == 0) {
+    // non existing account, or account without FIDO2 key case
+    if (responseCode == 404 || responseCode == 400) {
 
       LOG.debug("Fido2Auth: <== Response: ${responseCode}")
 
@@ -116,36 +113,36 @@ if (path == '/nevisfido/fido2/attestation/options') {
       def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
       def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
       def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTime().getEpochSecond() * 1000)
-      def details = "no account (404)"
-      if (responseCode == 400 ) {
-        details = "no fido2 keys for account (400)"    
-      } else if (responseCode == 200) {
-        details = "no active fido2 key for account (200, empty allowCredentials array)"    
-      }
       
-      LOG.info("Event='NOACCOUNT', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${session['ch.nevis.idm.User.email']}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}', Details='${details}'")
-
+      LOG.info("Event='NOACCOUNT', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${session['ch.nevis.idm.User.email']}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
       // returning a fake options structure, which shouldn't leak whether the user account exists or not
       // keyId is unique per environment and email, fido2SessionId and challenge are renewed each time
       def keyId = UUID.nameUUIDFromBytes("${parameters['rpId']}.${session['ch.nevis.idm.User.email']}".getBytes())
-      responseText = """{"status": "ok",
-                         "errorMessage": "",
-                         "fido2SessionId": "${UUID.randomUUID()}",
-                         "challenge": "${base64url(UUID.randomUUID())}",
-                         "timeout": 300000,
-                         "rpId": "${parameters['rpId']}",
-                         "allowCredentials": [
-                           {
-                              "type": "public-key",
-                              "id": "${base64url(keyId)}",
-                              "transports": []
-                           }
-                         ],
-                         "userVerification": "required"}"""
+      def responseText = """{"status": "ok",
+                             "errorMessage": "",
+                             "fido2SessionId": "${UUID.randomUUID()}",
+                             "challenge": "${base64url(UUID.randomUUID())}",
+                             "timeout": 300000,
+                             "rpId": "${parameters['rpId']}",
+                             "allowCredentials": [
+                             {
+                                "type": "public-key",
+                                "id": "${base64url(keyId)}",
+                                "transports": []
+                             }
+                                                 ],
+                             "userVerification": "required"}"""
+
+      response.setContent(responseText) // return response from nevisFIDO "as-is"
+      response.setContentType('application/json')
+      response.setHttpStatusCode(200)
+      response.setIsDirectResponse(true)
+      return
     }
 
+    def responseText = connection.inputStream.text
     LOG.debug("Fido2Auth: <== Response: ${responseCode} : ${responseText}")
-    response.setContent(responseText)
+    response.setContent(responseText) // return response from nevisFIDO "as-is"
     response.setContentType('application/json')
     response.setHttpStatusCode(200)
     response.setIsDirectResponse(true)

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/logging.yml

@@ -12,8 +12,6 @@ Configuration:
         onMismatch: "ACCEPT"
   Loggers:
     Logger:
-    - name: "ProductAnalytics"
-      level: "INFO"
     - name: "EsAuthStart"
       level: "INFO"
     - name: "org.apache.catalina.loader.WebappClassLoader"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/mobile_nless_auth.groovy

@@ -82,9 +82,8 @@ if (inargs['fidoUafDone'] == 'true' ||
 if (inargs['fallback'] == 'fallback') {
     response.setResult('fido2')
 }
-
-// dispatch to recovery
-if (inargs['fallback'] == 'recovery') {
+    // dispatch to recovery
+    if (inargs['fallback'] == 'recovery') {
     response.addOutArg('nevis.transfer.destination', parameters.get('recoveryurl'))
     response.setStatus(ch.nevis.esauth.auth.engine.AuthResponse.AUTH_CONTINUE) 
     response.setIsRedirectTransfer(true)

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/nevisauth.yml

@@ -3,7 +3,6 @@ server:
   protocol: "https"
   port: "8991"
   host: "0.0.0.0"
-  max-threads: "200"
   tls:
     keystore: "/var/opt/keys/own/auth-default-identity/keystore.p12"
     keystore-passphrase: "${exec:/var/opt/keys/own/auth-default-identity/keypass}"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/questionnaireLfProcessing.groovy

@@ -1,25 +0,0 @@
-import ch.nevis.esauth.auth.engine.AuthResponse
-
-if (inargs['cancel'] && inargs['cancel'] == 'cancel') {
-  def s = request.getAuthSession(true)
-  s.removeAttribute('agov.recovery.moreThanOneLf')
-
-  response.setResult('doCancel')
-  return
-}
-
-if (inargs['continue'] && inargs['continue'] == 'yes') {
-  response.setSessionAttribute('agov.recovery.moreThanOneLf', 'yes')
-  response.setResult('loginFactorYes')
-  return
-}
-
-if (inargs['continue'] && inargs['continue'] == 'no') {
-  response.setSessionAttribute('agov.recovery.moreThanOneLf', 'no')
-  response.setResult('loginFactorNo')
-  return
-}
-
-// if we reach this, display the GUI again
-response.setStatus(AuthResponse.AUTH_CONTINUE)
-return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/questionnaireReasonProcessing.groovy

@@ -1,28 +0,0 @@
-import ch.nevis.esauth.auth.engine.AuthResponse
-
-if (inargs['reason']) {
-  response.setSessionAttribute('agov.recovery.reason', '' + inargs['reason'])
-}
-
-if (inargs['cancel'] && inargs['cancel'] == 'cancel') {
-  def s = request.getAuthSession(true)
-  s.removeAttribute('agov.recovery.moreThanOneLf')
-  s.removeAttribute('agov.recovery.reason')
-
-  response.setResult('doCancel')
-  return
-}
-
-if (inargs['continue'] && inargs['continue'] == 'yes') {
-  response.setResult('validReasons')
-  return
-}
-
-if (inargs['continue'] && inargs['continue'] == 'no') {
-  response.setResult('invalidReasons')
-  return
-}
-
-// if we reach this, display the GUI again
-response.setStatus(AuthResponse.AUTH_CONTINUE)
-return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery-prepareRedirect.groovy

@@ -1,22 +0,0 @@
-if (session['agov.recovery.redirectDone']) {
-  // user navigated back from AGOV.me, go again for the code
-
-  // clean up SAML state first, 
-  // IdentityProviderState sets session attributes as follows
-  //   <IDP-State-Name>-session-participants.<SAML-RP-ISSUER> = <ACS-URL>
-  // State name contains the name of the pattern 'Recovery_redirectAgovMe'
-  def s = request.getAuthSession(true)
-  def sessionKeySet = new HashSet(session.keySet()) 
-  sessionKeySet.each { key -> 
-    if ( key ==~ /.*Recovery_redirectAgovMe-session-participants.*/ ) {
-      LOG.debug("Deleted session attribute '${key}'")
-      s.removeAttribute(key)
-    }
-  }
-  s.removeAttribute('agov.recovery.redirectDone')
-  response.setResult('back')
-} else {
-  // redirect
-  response.setSessionAttribute('agov.recovery.redirectDone', 'true')
-  response.setResult('redirect')
-}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery-processing.groovy

@@ -16,7 +16,7 @@ def maxLoiRoleToCtxClssConvertorMap = [
 ]
 
 // https://docs.nevis.net/nevisidm/Developer-Guide/SOAP-Interface/Interface-specification/Value-types#enum-value-types
-def blockingCredentialStates = ['DISABLED', 'EXPIRED', 'LOCKED', 'ARCHIVED', 'RESET_CODE']
+def blockingCredentialStates = ['DISABLED', 'EXPIRED', 'LOCKED_TEMPORARY', 'LOCKED', 'ARCHIVED', 'RESET_CODE']
 
 def getUserIdVerificationForRecovery(currentLoaRole) {
   // application is AGOV-AccountStatus
@@ -164,8 +164,6 @@ if (session['ch.adnovum.nevisidm.userDto'] != null && notes['lasterror'] == null
 
       def hasRecoveryRole = userDto.'**'.find { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-AccountStatus' && node.name.text() == 'recovery' }
 
-      def hasRecoveryCascadeRole = userDto.'**'.find { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-AccountStatus' && node.name.text() == 'recoveryCascade' }
-
       def hasNewLoginFactor = hasRecoveryRole && userHasNewLoginFactor()
 
       if (mustRecover) {
@@ -178,8 +176,6 @@ if (session['ch.adnovum.nevisidm.userDto'] != null && notes['lasterror'] == null
         agovAqValidFrom = getUserMustRecoverValidFrom()
 
         maxLoi = getAqLevelBasedOnIdVerificationForRecovery(idVerification, maxLoi)
-      } else if (hasRecoveryCascadeRole && hasNewLoginFactor) {
-        response.setSessionAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recoveryCascade')
       }
 
       LOG.debug("Recovery: MaxLoi is '${maxLoi}'")

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_ongoing.groovy

@@ -1,22 +1,4 @@
-import ch.nevis.esauth.auth.engine.AuthResponse
-
 if (inargs['recovery'] != null && inargs['recovery'] == 'recovery' ) {
-  // clean up SAML state, to make sure the redirect will really be processed 
-  // IdentityProviderState sets session attributes as follows
-  //   <IDP-State-Name>-session-participants.<SAML-RP-ISSUER> = <ACS-URL>
-  // State name contains the name of the pattern 'Recovery_redirectAgovMe'
-  def s = request.getAuthSession(true)
-  def sessionKeySet = new HashSet(session.keySet()) 
-  sessionKeySet.each { key -> 
-    if ( key ==~ /.*Recovery_redirectAgovMe-session-participants.*/ ) {
-      LOG.debug("Deleted session attribute '${key}'")
-      s.removeAttribute(key)
-    }
-  }
-  response.setResult('ok')
-  return
-}
-
-// if we reach this, display the GUI again
-response.setStatus(AuthResponse.AUTH_CONTINUE)
-return
+   response.setResult('ok')
+   return
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/requestedrolelevel.groovy

@@ -26,7 +26,7 @@ int getRequestedLevel(String authnContextClassRef, def roleList){
 
 def session = request.getAuthSession(true)
 def context = session.get('ch.nevis.auth.saml.request.authnContextClassRef')
-def roleLevels = [100,200,300,400,500,600]
+def roleLevels = [100,200,300,400]
 def requestedRoleLevelNumber = getRequestedLevel(context, roleLevels)
 
 //set attribute Requested Role Level
@@ -44,27 +44,17 @@ def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown'
 def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
 def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
 
-def bestTokenAddressWhitelist = ',' + (parameters.get('bestTokenAddressWhitelist') ?: '').replaceAll('\\s','') + ','
-def appRequiresBestTokenWithAddress = bestTokenAddressWhitelist.contains(','+requester+',')
+LOG.info("Event='AUTHREQUEST', Requester='${requester}', RequestId='${requestId}', ReplacedRequestId='${replacedRequestId}', RequestedAq=${requestedAq}, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
 
-def bestTokenSvnrWhitelist = ',' + (parameters.get('bestTokenSvnrWhitelist') ?: '').replaceAll('\\s','') + ','
-def appRequiresBestTokenWithSvnr = bestTokenSvnrWhitelist.contains(','+requester+',')
-
-LOG.info("Event='AUTHREQUEST', Requester='${requester}', RequestId='${requestId}', ReplacedRequestId='${replacedRequestId}', RequestedAq=${requestedAq}, BestTokenRequired='svnr: ${appRequiresBestTokenWithSvnr}; address: ${appRequiresBestTokenWithAddress}', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
 
+def appAddressRequiredWhitelist = ',' + (parameters.get('appAddressRequired.whitelist') ?: '').replaceAll('\\s','') + ','
+def appIsOnappAddressRequiredWhitelist = appAddressRequiredWhitelist.contains(','+requester+',')
 
 if (requestedRoleLevelNumber == 0 || session.get('ch.nevis.auth.saml.request.scoping.requesterId') == null) {
   response.setResult('error');
   return
 }
 
-// TODO/haburger/2024-03-21: move this later, now here for a simple start
-if (requestedRoleLevelNumber == 600 || session.get('ch.nevis.auth.saml.request.scoping.requesterId') == 'OidcPlaygroundWork') {
-  session.setAttribute('agov.appSvnrAllowed', 'true')
-  response.setResult('exit.1');
-  return
-}
-
 try {
       def spanCtxt = Span.current().getSpanContext()
       def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
@@ -81,18 +71,16 @@ try {
         def json = jsonSlurper.parseText(httpResponse.bodyAsString())
         LOG.debug('AdressRequired: ' + json.addrRequired)
         LOG.debug('SvnrAllowed: ' + json.svnrAllowed)
-        LOG.debug('appRequiresBestTokenWithAddress: ' + appRequiresBestTokenWithAddress)
-        LOG.debug('appRequiresBestTokenWithSvnr: ' + appRequiresBestTokenWithSvnr)
+        LOG.debug('appAddressRequiredWhitelist applies: ' + appIsOnappAddressRequiredWhitelist)
 
         // address will be returned to the application if allowed by connect (json.addrRequired) 
         // and the authRequest was done with at least AGOVaq 200
-        // BUNDBITBK-4307: or best token for address is enabled
-        session.setAttribute('agov.appAddressRequired', '' + (json.addrRequired && ((requestedRoleLevelNumber >= 200) || appRequiresBestTokenWithAddress)))
+        // BITBKAGOVSUP-362: or whitelisted to receive the address
+        session.setAttribute('agov.appAddressRequired', '' + (json.addrRequired && ((requestedRoleLevelNumber >= 200) || appIsOnappAddressRequiredWhitelist)))
 
         // address will be returned to the application if allowed by connect (json.svnrAllowed) 
         // and the authRequest was done with at least AGOVaq 300
-        // BUNDBITBK-4307: or best token for svnr is enabled
-        session.setAttribute('agov.appSvnrAllowed', '' + (json.svnrAllowed && ((requestedRoleLevelNumber >= 300) || appRequiresBestTokenWithSvnr)))
+        session.setAttribute('agov.appSvnrAllowed', '' + (json.svnrAllowed && requestedRoleLevelNumber >= 300))
 
         session.setAttribute('agov.appDisplayNameDE', '' + json.displayNameDe)
         session.setAttribute('agov.appDisplayNameFR', '' + json.displayNameFr)
@@ -105,7 +93,7 @@ try {
         LOG.warn('Unexcpected HTTP response code: ' + httpResponse.code())
 
         if ( requestedRoleLevelNumber == 100) {
-           session.setAttribute('agov.appAddressRequired', '' + appRequiresBestTokenWithAddress)
+           session.setAttribute('agov.appAddressRequired', '' + appIsOnappAddressRequiredWhitelist)
            session.setAttribute('agov.appSvnrAllowed', 'false')
            response.setResult('ok')
         }
@@ -124,7 +112,7 @@ try {
 } catch (Exception e) {
   LOG.error("Failed to fetch connect meta data for relying party '${session.get('ch.nevis.auth.saml.request.scoping.requesterId')}'", e)
   if ( requestedRoleLevelNumber == 100) {
-     session.setAttribute('agov.appAddressRequired', '' + appRequiresBestTokenWithAddress)
+     session.setAttribute('agov.appAddressRequired', '' + appIsOnappAddressRequiredWhitelist)
      session.setAttribute('agov.appSvnrAllowed', 'false')
      response.setResult('ok')
   }

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/saml_idp_agov_authorization.groovy

@@ -167,8 +167,7 @@ def i2r = [:]
 
 // issuer to ResultCond name
 def i2e = [:]
-i2e.put('https://trustbroker.agov-epr-lab.azure.adnovum.net', 'forbidden_0')
-i2e.put('https://trustbroker-idp.agov-epr-lab.azure.adnovum.net', 'forbidden_1')
+i2e.put('https://trustbroker.agov-d.azure.adnovum.net', 'forbidden_0')
 
 
 if (!i2r.isEmpty() && !hasAnyRequiredRole(i2r, issuer)) {

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/saml_idp_agov_dispatcher.groovy

@@ -75,18 +75,9 @@ def dispatchIssuer(i2s, String issuer) {
     if (result == null) {
         LOG.info("No SP found for issuer '$issuer'. Hint: check SAML SP Connector patterns.")
     }
-    
-    // dispatch different idp if artifact binding is enabled
-    if(parameters.get('epdMode') == 'artifact' && result == 'epd'){
-        LOG.debug("EPD: Artifact mode")
-        result = result + "_artifact"
-    }else{
-        LOG.debug("EPD: POST mode")
-    }
     response.setResult(result)
     session.put("saml.inbound.issuer", issuer)
     session.put('saml.idp.result', result) // remember decision for sub-sequent requests without a SAML message
-    
 }
 
 def dispatchMessage(i2s, String message) {
@@ -117,8 +108,7 @@ if (request.getSession(false) == null) {
 def i2s = new TreeMap<String, String>(String.CASE_INSENSITIVE_ORDER)
 
 
-i2s.put(parameters.get('atb'), 'main')
-i2s.put(parameters.get('epd_atb'), 'epd')
+i2s.put('https://trustbroker.agov-d.azure.adnovum.net', 'state0')
 
 if (parameters.get('spInitiated') == 'true' && inargs.containsKey('SAMLRequest')) { // SP-initiated authentication
     LOG.debug("found SAMLRequest parameter for SP-initiated authentication")

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisFIDO"
   replicas: 1
-  version: "8.2411.2"
+  version: "8.2405.2"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -46,12 +46,12 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
+    tag: "r-3a33cc8960643d6afc30bade3f2d225bea96681a"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf"
     credentials: "git-credentials"
   database:
     name: "fido-uaf"
-    requiredVersion: "8.2411.1"
+    requiredVersion: "8.2405.0"
   keystores:
   - "fido-uaf-default-server-identity"
   - "fido-uaf-default-client-identity"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-nevisfido-uaf-database-9385d1b33aefe975fb1c5914.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisFIDO"
   databaseType: "MariaDB"
-  version: "8.2411.1"
+  version: "8.2405.2"
   url: "mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat"
   port: 3306
   database: "nevisfido_uaf"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf

@@ -7,5 +7,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/logging.yml

@@ -12,8 +12,6 @@ Configuration:
         onMismatch: "ACCEPT"
   Loggers:
     Logger:
-    - name: "ProductAnalytics"
-      level: "INFO"
     - name: "ch.nevis.auth.fido.application.Application"
       level: "INFO"
     - name: "ch.nevis.auth.fido.api.uaf"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json

@@ -3,16 +3,8 @@
     "aaid" : "F1D0#0001",
     "description" : "Android NEVIS Mobile Authentication PIN Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [
-      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
-      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
-      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
-      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
-      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
-      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
-      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
-    ],
-    "attestationTypes" : [ 15879, 15880 ],
+    "attestationRootCertificates" : [],
+    "attestationTypes" : [ 15880 ],
     "upv" : [ {
       "major" : 1,
       "minor" : 1
@@ -21,12 +13,12 @@
       "userVerification" : 4
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithms" : [ 2, 9 ],
+    "authenticationAlgorithm" : 9,
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 1,
     "matcherProtection" : 1,
-    "publicKeyAlgAndEncodings" : [ 257, 259 ],
+    "publicKeyAlgAndEncoding" : 256,
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -34,16 +26,8 @@
     "aaid" : "F1D0#0002",
     "description" : "Android NEVIS Mobile Authentication Fingerprint Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [
-      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
-      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
-      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
-      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
-      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
-      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
-      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
-    ],
-    "attestationTypes" : [ 15879, 15880 ],
+    "attestationRootCertificates" : [],
+    "attestationTypes" : [ 15880 ],
     "upv" : [ {
       "major" : 1,
       "minor" : 1
@@ -52,12 +36,12 @@
       "userVerification" : 2
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithms" : [ 2, 9 ],
+    "authenticationAlgorithm" : 9,
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 4,
     "matcherProtection" : 2,
-    "publicKeyAlgAndEncodings" : [ 257, 259 ],
+    "publicKeyAlgAndEncoding" : 256,
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -65,16 +49,8 @@
     "aaid" : "F1D0#0003",
     "description" : "Android NEVIS Mobile Authentication Biometric Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [
-      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
-      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
-      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
-      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
-      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
-      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
-      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
-    ],
-    "attestationTypes" : [ 15879, 15880 ],
+    "attestationRootCertificates" : [],
+    "attestationTypes" : [ 15880 ],
     "upv" : [ {
       "major" : 1,
       "minor" : 1
@@ -83,12 +59,12 @@
       "userVerification" : 346
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithms" : [ 2, 9 ],
+    "authenticationAlgorithm" : 9,
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 4,
     "matcherProtection" : 2,
-    "publicKeyAlgAndEncodings" : [ 257, 259 ],
+    "publicKeyAlgAndEncoding" : 256,
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -96,16 +72,8 @@
     "aaid" : "F1D0#0004",
     "description" : "Android NEVIS Mobile Authentication Device Passcode Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [
-      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
-      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
-      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
-      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
-      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
-      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
-      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
-    ],
-    "attestationTypes" : [ 15879, 15880 ],
+    "attestationRootCertificates" : [],
+    "attestationTypes" : [ 15880 ],
     "upv" : [ {
       "major" : 1,
       "minor" : 1
@@ -114,12 +82,12 @@
       "userVerification" : 132
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithms" : [ 2, 9 ],
+    "authenticationAlgorithm" : 9,
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 4,
     "matcherProtection" : 2,
-    "publicKeyAlgAndEncodings" : [ 257, 259 ],
+    "publicKeyAlgAndEncoding" : 259,
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -127,16 +95,8 @@
     "aaid" : "F1D0#0005",
     "description" : "Android NEVIS Mobile Authentication Password Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [
-      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
-      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
-      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
-      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
-      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
-      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
-      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
-    ],
-    "attestationTypes" : [ 15879, 15880 ],
+    "attestationRootCertificates" : [],
+    "attestationTypes" : [ 15880 ],
     "upv" : [ {
       "major" : 1,
       "minor" : 1
@@ -145,12 +105,12 @@
       "userVerification" : 4
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithms" : [ 2, 9 ],
+    "authenticationAlgorithm" : 9,
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 1,
     "matcherProtection" : 1,
-    "publicKeyAlgAndEncodings" : [ 257, 259 ],
+    "publicKeyAlgAndEncoding" : 256,
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -168,12 +128,12 @@
       "userVerification" : 4
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithms" : [ 2 ],
+    "authenticationAlgorithm" : 2,
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 1,
     "matcherProtection" : 1,
-    "publicKeyAlgAndEncodings" : [ 257 ],
+    "publicKeyAlgAndEncoding" : 257,
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -191,12 +151,12 @@
       "userVerification" : 2
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithms" : [ 2 ],
+    "authenticationAlgorithm" : 2,
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 6,
     "matcherProtection" : 2,
-    "publicKeyAlgAndEncodings" : [ 257 ],
+    "publicKeyAlgAndEncoding" : 257,
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -214,12 +174,12 @@
       "userVerification" : 16
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithms" : [ 2 ],
+    "authenticationAlgorithm" : 2,
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 6,
     "matcherProtection" : 2,
-    "publicKeyAlgAndEncodings" : [ 257 ],
+    "publicKeyAlgAndEncoding" : 257,
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -237,12 +197,12 @@
       "userVerification" : 4
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithms" : [ 2 ],
+    "authenticationAlgorithm" : 2,
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 6,
     "matcherProtection" : 2,
-    "publicKeyAlgAndEncodings" : [ 257 ],
+    "publicKeyAlgAndEncoding" : 257,
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -260,12 +220,12 @@
       "userVerification" : 4
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithms" : [ 2 ],
+    "authenticationAlgorithm" : 2,
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 1,
     "matcherProtection" : 1,
-    "publicKeyAlgAndEncodings" : [ 257 ],
+    "publicKeyAlgAndEncoding" : 257,
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   }]

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/nevisfido.yml

@@ -1,116 +1,116 @@
 server:
   port: 9443
-  host: "0.0.0.0"
-  protocol: "https"
+  host: 0.0.0.0
+  protocol: https
   tls:
-    keystore: "/var/opt/keys/own/fido-uaf-default-server-identity/keystore.p12"
-    keystore-type: "pkcs12"
-    keystore-passphrase: "${exec:/var/opt/keys/own/fido-uaf-default-server-identity/keypass}"
-    truststore: "/var/opt/keys/trust/fido-uaf-fido-uaf-extended-frontent-truststore/truststore.p12"
-    truststore-type: "pkcs12"
-    truststore-passphrase: "${exec:/var/opt/keys/trust/fido-uaf-fido-uaf-extended-frontent-truststore/keypass}"
+    keystore: /var/opt/keys/own/fido-uaf-default-server-identity/keystore.p12
+    keystore-passphrase: ${exec:/var/opt/keys/own/fido-uaf-default-server-identity/keypass}
+    keystore-type: pkcs12
+    truststore: /var/opt/keys/trust/fido-uaf-fido-uaf-extended-frontent-truststore/truststore.p12
+    truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-fido-uaf-extended-frontent-truststore/keypass}
+    truststore-type: pkcs12
+
 management:
   server:
     port: 9089
   healthchecks:
     enabled: true
+
+credential-repository:
+  type: nevisidm
+  rest-url: https://idm:8989/nevisidm
+  administration-url: https://idm:8989/nevisidm/services/v1_46/AdminService
+  keystore: /var/opt/keys/own/fido-uaf-default-client-identity/keystore.p12
+  keystore-passphrase: ${exec:/var/opt/keys/own/fido-uaf-default-client-identity/keypass}
+  keystore-type: pkcs12
+  truststore: /var/opt/keys/trust/fido-uaf-default-server-trust/truststore.p12
+  truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-default-server-trust/keypass}
+  truststore-type: pkcs12
+  admin-service-version: v1_46
+  client-id: cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720
+  user-attribute: extId
+
+session-repository:
+  type: sql
+  jdbc-url: jdbc:mariadb://mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat:3306/nevisfido_uaf?sslMode=disable&autocommit=true
+  max-connection-lifetime: 10m
+  user: ${exec:/var/opt/nevisfido/default/conf/credentials/dbUser}
+  password: ${exec:/var/opt/nevisfido/default/conf/credentials/dbPassword}
+  schema-user: 
+  schema-user-password: 
+  automatic-db-schema-setup: false
+
 fido-uaf:
   enabled: true
-  app-id: "https://auth.agov-w.azure.adnovum.net/nevisfido/uaf/1.1/facets"
+  app-id: https://auth.agov-w.azure.adnovum.net/nevisfido/uaf/1.1/facets
   facets:
-  - "android:apk-key-hash:kb0yJ345nFUmt4nOYK5Li7KvwDDobMKPosY48Uwb0QI"
-  - "ios:bundle-id:ch.agov.accessapp.t"
-  - "android:apk-key-hash:msmxrDDoIcxmazyIf9aj8uIvRXdH/wX668OQYaYdXpE"
-  - "ios:bundle-id:ch.agov.accessapp"
-  - "android:apk-key-hash:BFZz7gpBpUUk8rLis19LKpR6ZcIZkdxxFPYOwBSKKQk"
-  - "android:apk-key-hash:xoRd0kamp4TSJcvzfWzNoivuNldp+GKI7fjnwX+VEFg"
+    - android:apk-key-hash:kb0yJ345nFUmt4nOYK5Li7KvwDDobMKPosY48Uwb0QI
+    - ios:bundle-id:ch.agov.accessapp.t
+    - android:apk-key-hash:msmxrDDoIcxmazyIf9aj8uIvRXdH/wX668OQYaYdXpE
+    - ios:bundle-id:ch.agov.accessapp
+    - android:apk-key-hash:BFZz7gpBpUUk8rLis19LKpR6ZcIZkdxxFPYOwBSKKQk
+    - android:apk-key-hash:xoRd0kamp4TSJcvzfWzNoivuNldp+GKI7fjnwX+VEFg
+  metadata:
+    path: conf/metadata/metadata.json
   policy:
-    path: "conf/policy/"
+    path: conf/policy/
   timeout:
-    registration: "300s"
-    authentication: "300s"
-    token-registration: "180s"
-    token-deregistration: "180s"
-    token-authentication: "180s"
-    device-request: "600s"
+    registration: 600s
+    authentication: 600s
+    token-registration: 180s
+    token-authentication: 180s
+    token-deregistration: 600s
   transaction-confirmation:
     max-text-length: 2000
-  metadata:
-    path: "conf/metadata/metadata.json"
-  idm-connection-type: "soap"
-  dispatchers:
-  - type: "firebase-cloud-messaging"
-    dry-run: false
-    service-account-json: "inv-res-secret://a78926e06a159811ee15c224-bdd107d2"
-    registration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/registration"
-    authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
-    deregistration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/deregistration"
-  - type: "png-qr-code"
-    registration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/registration"
-    authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
-    deregistration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/deregistration"
-  - type: "link"
-    registration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/registration"
-    authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
-    deregistration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/deregistration"
-    base-url: "ch.agov.access-t://x-callback-url/authenticate"
-  basic-full-attestation:
-    android-verification-level: "default"
   authorization:
     registration:
-      type: "sectoken"
-      truststore: "/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12"
-      truststore-type: "pkcs12"
-      truststore-passphrase: "${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}"
+      type: sectoken
+      truststore: /var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12
+      truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}
+      truststore-type: pkcs12
       username-attribute-names:
-      - "loginId"
-      - "userid"
+        - loginId
+        - userid
     authentication:
-      type: "none"
+      type: none
     deregistration:
-      type: "sectoken"
-      truststore: "/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12"
-      truststore-type: "pkcs12"
-      truststore-passphrase: "${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}"
+      type: sectoken
+      truststore: /var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12
+      truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}
+      truststore-type: pkcs12
       username-attribute-names:
-      - "loginId"
-      - "userid"
+        - loginId
+        - userid
     create-dispatch-target:
-      type: "sectoken"
-      truststore: "/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12"
-      truststore-type: "pkcs12"
-      truststore-passphrase: "${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}"
+      type: sectoken
+      truststore: /var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12
+      truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}
+      truststore-type: pkcs12
       username-attribute-names:
-      - "loginId"
-      - "userid"
+        - loginId
+        - userid
     query-dispatch-target:
-      type: "none"
+      type: none
     delete-dispatch-target:
-      type: "sectoken"
-      truststore: "/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12"
-      truststore-type: "pkcs12"
-      truststore-passphrase: "${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}"
+      type: sectoken
+      truststore: /var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12
+      truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}
+      truststore-type: pkcs12
       username-attribute-names:
-      - "userid"
-session-repository:
-  type: "sql"
-  jdbc-url: "jdbc:mariadb://mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat:3306/nevisfido_uaf?sslMode=disable&autocommit=true"
-  max-connection-lifetime: "10m"
-  user: "${exec:/var/opt/nevisfido/default/conf/credentials/dbUser}"
-  password: "${exec:/var/opt/nevisfido/default/conf/credentials/dbPassword}"
-  schema-user: ""
-  schema-user-password: ""
-  automatic-db-schema-setup: false
-credential-repository:
-  type: "nevisidm"
-  client-id: "cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720"
-  user-attribute: "extId"
-  administration-url: "https://idm:8989/nevisidm/services/v1_46/AdminService"
-  admin-service-version: "v1_46"
-  rest-url: "https://idm:8989/nevisidm"
-  keystore: "/var/opt/keys/own/fido-uaf-default-client-identity/keystore.p12"
-  keystore-type: "pkcs12"
-  keystore-passphrase: "${exec:/var/opt/keys/own/fido-uaf-default-client-identity/keypass}"
-  truststore: "/var/opt/keys/trust/fido-uaf-default-server-trust/truststore.p12"
-  truststore-type: "pkcs12"
-  truststore-passphrase: "${exec:/var/opt/keys/trust/fido-uaf-default-server-trust/keypass}"
+        - userid
+  dispatchers:
+    - type: "firebase-cloud-messaging"
+      dry-run: false
+      service-account-json: "inv-res-secret://a78926e06a159811ee15c224-bdd107d2"
+      registration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/registration"
+      authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
+      deregistration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/deregistration"
+    - type: "png-qr-code"
+      registration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/registration"
+      authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
+      deregistration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/deregistration"
+    - type: "link"
+      registration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/registration"
+      authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
+      deregistration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/deregistration"
+      base-url: "ch.agov.access-t://x-callback-url/authenticate"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-signer-trust-087f275433f3973a1421318f.yaml

@@ -0,0 +1,12 @@
+apiVersion: "operator.nevis-security.ch/v1"
+kind: "NevisTrustStore"
+metadata:
+  name: "fido2-default-signer-trust"
+  namespace: "adn-agov-nevisidm-01-uat"
+  labels:
+    deploymentTarget: "fido2"
+  annotations:
+    projectKey: "DEFAULT-ADN-AGOV-PROJECT"
+    patternId: "087f275433f3973a1421318f"
+spec:
+  keystores: []

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisFIDO"
   replicas: 1
-  version: "8.2411.2"
+  version: "8.2405.2"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -46,7 +46,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
+    tag: "r-2f8a215769d731c34e6278cbfb370e06e976f51f"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2"
     credentials: "git-credentials"
   keystores:
@@ -54,6 +54,7 @@ spec:
   - "fido2-default-client-identity"
   truststores:
   - "fido2-default-tls-client-trust"
+  - "fido2-default-signer-trust"
   - "fido2-default-server-trust"
   podSecurity:
     policy: "baseline"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf

@@ -6,5 +6,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/logging.yml

@@ -12,8 +12,6 @@ Configuration:
         onMismatch: "ACCEPT"
   Loggers:
     Logger:
-    - name: "ProductAnalytics"
-      level: "INFO"
     - name: "ch.nevis.auth.fido.application.Application"
       level: "INFO"
     Root:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/nevisfido.yml

@@ -1,50 +1,51 @@
 server:
   port: 9443
-  protocol: "https"
+  protocol: https
   tls:
-    keystore: "/var/opt/keys/own/fido2-default-identity/keystore.p12"
-    keystore-passphrase: "${exec:/var/opt/keys/own/fido2-default-identity/keypass}"
-    keystore-type: "pkcs12"
-    truststore: "/var/opt/keys/trust/fido2-default-tls-client-trust/truststore.p12"
-    truststore-passphrase: "${exec:/var/opt/keys/trust/fido2-default-tls-client-trust/keypass}"
-    truststore-type: "pkcs12"
+    keystore: /var/opt/keys/own/fido2-default-identity/keystore.p12
+    keystore-passphrase: ${exec:/var/opt/keys/own/fido2-default-identity/keypass}
+    keystore-type: pkcs12
+
 management:
   server:
     port: 9089
   healthchecks:
     enabled: true
+
 credential-repository:
-  type: "nevisidm"
-  client-id: "cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720"
-  rest-url: "https://idm:8989/nevisidm"
-  keystore: "/var/opt/keys/own/fido2-default-client-identity/keystore.p12"
-  keystore-passphrase: "${exec:/var/opt/keys/own/fido2-default-client-identity/keypass}"
-  keystore-type: "pkcs12"
-  truststore: "/var/opt/keys/trust/fido2-default-server-trust/truststore.p12"
-  truststore-passphrase: "${exec:/var/opt/keys/trust/fido2-default-server-trust/keypass}"
-  truststore-type: "pkcs12"
-  user-attribute: "extId"
+  type: nevisidm
+  client-id: cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720
+  rest-url: https://idm:8989/nevisidm
+  keystore: /var/opt/keys/own/fido2-default-client-identity/keystore.p12
+  keystore-passphrase: ${exec:/var/opt/keys/own/fido2-default-client-identity/keypass}
+  truststore: /var/opt/keys/trust/fido2-default-server-trust/truststore.p12
+  truststore-passphrase: ${exec:/var/opt/keys/trust/fido2-default-server-trust/keypass}
+  user-attribute: extId
+
+session-repository:
+  type: in-memory
+  jdbc-url: 
+  max-connection-lifetime: 
+  user: 
+  password: 
+  schema-user: 
+  schema-user-password: 
+  automatic-db-schema-setup: true
+
 fido2:
   enabled: true
-  rp-name: "AGOV-RelPartName"
-  rp-id: "adnovum.net"
+  rp-name: AGOV-RelPartName
+  rp-id: adnovum.net
   origins:
-  - "https://ob.agov-w.azure.adnovum.net"
-  - "https://nevisidm.agov-w.azure.adnovum.net"
-  - "https://auth.agov-w.azure.adnovum.net"
+    - https://me.agov-w.azure.adnovum.net
+    - https://nevisidm.agov-w.azure.adnovum.net
+    - https://auth.agov-w.azure.adnovum.net
   signature-algorithms:
-  - "RS1"
-  - "RS256"
-  - "RS384"
-  - "RS512"
-  - "ES256"
-  - "ES384"
-  - "ES512"
-  display-name-source: "email"
-  metadata:
-    allow-listing-enabled: false
-  timeout:
-    user-verification: "300s"
-    no-user-verification: "120s"
-session-repository:
-  type: "in-memory"
+    - RS1
+    - RS256
+    - RS384
+    - RS512
+    - ES256
+    - ES384
+    - ES512
+  display-name-source: email

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-idm-db-2951ead44a7a9362a4545094.yaml

@@ -1,28 +0,0 @@
-apiVersion: "operator.nevis-security.ch/v1"
-kind: "NevisDatabase"
-metadata:
-  name: "idm"
-  namespace: "adn-agov-nevisidm-01-uat"
-  labels:
-    deploymentTarget: "idm"
-    trustImport: "idm-technical-trust-store-1058498828"
-  annotations:
-    projectKey: "DEFAULT-ADN-AGOV-PROJECT"
-    patternId: "2951ead44a7a9362a4545094"
-spec:
-  type: "NevisIDM"
-  databaseType: "MariaDB"
-  version: "8.2411.1"
-  url: "mariadb-agov-uat.mariadb.database.azure.com"
-  port: 3306
-  ssl: true
-  database: "nevisidm_uat"
-  bootstrap: true
-  migrate: true
-  rootCredentials:
-    name: "root-adn-agov-nevisidm-admin-01-uat-idm"
-    namespace: "adn-agov-nevisidm-admin-01-uat"
-  podSecurity:
-    policy: "baseline"
-    automountServiceAccountToken: false
-  timeZone: "Europe/Zurich"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisIDM"
   replicas: 1
-  version: "8.2411.2"
+  version: "8.2405.2"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -28,30 +28,27 @@ spec:
     management:
       httpGet:
         path: "/liveness"
-      periodSeconds: 5
+      periodSeconds: 30
       timeoutSeconds: 6
   readinessProbe:
     management:
       httpGet:
         path: "/health"
-      periodSeconds: 5
+      periodSeconds: 30
       timeoutSeconds: 6
   startupProbe:
     management:
       httpGet:
         path: "/health"
-      periodSeconds: 5
+      periodSeconds: 30
       timeoutSeconds: 6
-      failureThreshold: 50
+      failureThreshold: 10
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
+    tag: "r-3a33cc8960643d6afc30bade3f2d225bea96681a"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm"
     credentials: "git-credentials"
-  database:
-    name: "idm"
-    requiredVersion: "8.2411.1"
   keystores:
   - "idm-default-identity"
   truststores:
@@ -64,3 +61,4 @@ spec:
   secrets:
     secret:
     - "0eb37a5f44023ef0ad1013b6-89ec31e5"
+    - "a2068eb83a60702322c13949-27ed70d3"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/env.conf

@@ -4,5 +4,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/logging.yml

@@ -20,8 +20,6 @@ Configuration:
         onMismatch: "ACCEPT"
   Loggers:
     Logger:
-    - name: "ProductAnalytics"
-      level: "INFO"
     - name: "ch.nevis.idm.batch.jobs"
       level: "INFO"
       additivity: "false"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/nevisidm-prod.properties

@@ -3,9 +3,9 @@ web.gui.languages.default=de
 # source: pattern://2951ead44a7a9362a4545094
 database.connection.url=jdbc:mariadb://mariadb-agov-uat.mariadb.database.azure.com:3306/nevisidm_uat?pinGlobalTxToPhysicalConnection=1&useMysqlMetadata=true&cachePrepStmts=true&prepStmtCacheSize=1000&useSSL=true&trustStore=/var/opt/keys/trust/idm-db-tls-truststore/truststore.jks
 # source: pattern://2951ead44a7a9362a4545094
-database.connection.username=${exec:/var/opt/nevisidm/default/conf/credentials/dbUser}
+database.connection.username=adndbadmin
 # source: pattern://2951ead44a7a9362a4545094
-database.connection.password=${exec:/var/opt/nevisidm/default/conf/credentials/dbPassword}
+database.connection.password=secret://a2068eb83a60702322c13949-27ed70d3
 # source: pattern://b8a36646f81c3247cdb5d90b
 application.mail.smtp.host=greenmail.adn-agov-mail-01-uat.svc
 # source: pattern://b8a36646f81c3247cdb5d90b
@@ -13,8 +13,6 @@ application.mail.smtp.port=3025
 # source: pattern://b8a36646f81c3247cdb5d90b
 application.mail.sender=noreply-agov-uat@adnovum.ch
 # source: pattern://71411a755a625f9b850c6cf5
-application.config.credentialTypesToBeLockedInDatabase=URLTICKET,SAMLFEDERATION,CONTEXTPASSWORD
-# source: pattern://71411a755a625f9b850c6cf5
 application.feature.email.validation.enabled=false
 # source: pattern://71411a755a625f9b850c6cf5, pattern://b8a36646f81c3247cdb5d90b
 application.feature.multiclientmode.enabled=true

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisLogrend"
   replicas: 1
-  version: "8.2411.2"
+  version: "8.2405.0"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -44,7 +44,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
+    tag: "r-b8f96732441c62b6b91fcaa08ebc22e957092c19"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend"
     credentials: "git-credentials"
   podSecurity:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/env.conf

@@ -10,5 +10,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevislogrend/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2405.0,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/logging.yml

@@ -11,9 +11,7 @@ Configuration:
         onMatch: "DENY"
         onMismatch: "ACCEPT"
   Loggers:
-    Logger:
-    - name: "ProductAnalytics"
-      level: "INFO"
+    Logger: []
     Root:
       level: "WARN"
       additivity: "false"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
 loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
-loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
+loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
 loainfo.startNow=Do you want to start the process now?
@@ -174,8 +174,6 @@ recovery_check_code.invalid.code.tooLong=The code is too long
 recovery_check_code.noAccess=I do not have access to my code
 recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
 recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
-recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
-recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
 recovery_check_noCode.banner.error=Too many attempts.
 recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
 recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -212,7 +210,7 @@ recovery_questionnaire_no_recovery.instruction2=If you have several login factor
 recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
 recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
 recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
-recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
+recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
 recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
 recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
 recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_de.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Sprache wählen
 loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
 loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen.
-loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
+loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben.
 loainfo.helper=Ihre persönlichen Daten müssen überprüft werden!
 loainfo.later=Später
 loainfo.startNow=Möchten Sie den Prozess jetzt starten?
@@ -163,7 +163,7 @@ pwreset.info.linktext=Passwort vergessen
 pwreset.noticket=Ihr Link ist nicht mehr gültig. Bitte generieren Sie ein Neuen.
 recovery_accessapp_auth.accessAppRegistered=AGOV access app schon registriert
 recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um sich zu identifizieren.
+recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um Sie zu identifizieren.
 recovery_check_code.banner.lockedError=Zu viele Fehlversuche. Bitte versuchen Sie es in ein paar Minuten noch einmal.
 recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut.
 recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben
@@ -174,8 +174,6 @@ recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang
 recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen
 recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen können?
 recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen können, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
-recovery_check_code.too_many_tries.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
-recovery_check_code.too_many_tries.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
 recovery_check_noCode.banner.error=Zu viele Versuche.
 recovery_check_noCode.instruction1=Möglicherweise haben Sie zu oft versucht, den Wiederherstellungscode einzugeben.
 recovery_check_noCode.instruction2=Bitte schliessen Sie den Webbrowser und starten Sie die Kontowiederherstellung in zehn Minuten erneut auf <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -186,7 +184,7 @@ recovery_code.validUntil=G&uuml;ltig bis:
 recovery_fidokey_auth.button=Schl&uuml;sselauthentifizierung starten
 recovery_fidokey_auth.fidoInstruction=Klicken Sie auf "Schl&uuml;sselauthentifizierung starten"
 recovery_fidokey_auth.instruction1=Sie haben bereits einen neuen Sicherheitsschl&uuml;ssel !!!SECURITY_KEY_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um sich zu identifizieren.
+recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um Sie zu identifizieren.
 recovery_fidokey_auth.keyRegistered=Sicherheitsschl&uuml;ssel schon registriert
 recovery_intro_email.banner.error=Der von Ihnen verwendete Link ist abgelaufen. Bitte geben Sie Ihre E-Mail-Adresse ein, um einen neuen Link zu erhalten.
 recovery_intro_email.banner.info=Bitte geben Sie Ihre E-Mail-Adresse ein, damit wir Ihnen einen Link schicken k&ouml;nnen, mit dem Sie den Wiederherstellungsprozess starten.
@@ -212,7 +210,7 @@ recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren r
 recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschl&uuml;ssel habe
 recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschl&uuml;ssel)
 recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen
-recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht, neu installiert oder zur&uuml;ckgesetzt
+recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht oder zur&uuml;ckgesetzt
 recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschl&uuml;ssel verloren
 recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu &uuml;bertragen
 recovery_questionnaire_reason_selection.answer6=Ich habe die PIN f&uuml;r meine AGOV access App vergessen

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_en.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
 loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
-loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
+loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
 loainfo.startNow=Do you want to start the process now?
@@ -174,8 +174,6 @@ recovery_check_code.invalid.code.tooLong=The code is too long
 recovery_check_code.noAccess=I do not have access to my code
 recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
 recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
-recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
-recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
 recovery_check_noCode.banner.error=Too many attempts.
 recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
 recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -212,7 +210,7 @@ recovery_questionnaire_no_recovery.instruction2=If you have several login factor
 recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
 recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
 recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
-recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
+recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
 recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
 recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
 recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_fr.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Sélectionner la langue
 loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours.
 loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante.
-loainfo.description.400=Veuillez saisir votre numéro AVS pour accéder à l'application.
+loainfo.description.400=Pour accéder à l'application, vous devez ajouter votre numéro AVS.
 loainfo.helper=Vos données doivent être vérifiées!
 loainfo.later=Plus tard
 loainfo.startNow=Voulez-vous commencer le processus maintenant?
@@ -174,8 +174,6 @@ recovery_check_code.invalid.code.tooLong=Le code est trop long
 recovery_check_code.noAccess=Je n’ai pas accès à mon code de récupération
 recovery_check_code.noCodeAccess=Êtes-vous sûr de ne pas avoir accès à votre code de récupération ?
 recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de récupération, veuillez vous rendre sur AGOV help et contacter le service d’assistance AGOV. Un agent pourra vous aider dans le processus de récupération.
-recovery_check_code.too_many_tries.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois.
-recovery_check_code.too_many_tries.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération.
 recovery_check_noCode.banner.error=Trop de tentatives.
 recovery_check_noCode.instruction1=Vous avez peut-être essayé de saisir le code de récupération trop de fois.
 recovery_check_noCode.instruction2=Veuillez fermer le navigateur web et recommencer la r&eacute;cup&eacute;ration du compte dans dix minutes &agrave; partir de <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -212,7 +210,7 @@ recovery_questionnaire_no_recovery.instruction2=Si vous avez enregistr&eacute; p
 recovery_questionnaire_reason_selection.answer1=Je n'arrive pas &agrave; me connecter, m&ecirc;me si j'ai mon application / ma cl&eacute; de s&eacute;curit&eacute;
 recovery_questionnaire_reason_selection.answer10=J'ai perdu l'un de mes facteurs d'authentification (application AGOV access ou cl&eacute; de s&eacute;curit&eacute;)
 recovery_questionnaire_reason_selection.answer2=Je n'ai pas pu terminer mon inscription
-recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute;, r&eacute;install&eacute; ou r&eacute;initialis&eacute; mon application d'acc&egrave;s AGOV
+recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute; ou r&eacute;initialis&eacute; mon application AGOV access
 recovery_questionnaire_reason_selection.answer4=J'ai perdu mon t&eacute;l&eacute;phone / cl&eacute; de s&eacute;curit&eacute;
 recovery_questionnaire_reason_selection.answer5=J'ai un nouveau t&eacute;l&eacute;phone et j'ai oubli&eacute; de transf&eacute;rer mon application AGOV access
 recovery_questionnaire_reason_selection.answer6=J'ai oubli&eacute; mon PIN pour l'application AGOV access

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_it.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Selezionare la lingua
 loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi.
 loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata.
-loainfo.description.400=Per accedere all'applicazione è necessario inserire il numero AVS.
+loainfo.description.400=Per acceddere all'applicazione deve inserire il numero AVS.
 loainfo.helper=I dati devono essere verificati!
 loainfo.later=Più tardi
 loainfo.startNow=Iniziare la procedura?
@@ -174,8 +174,6 @@ recovery_check_code.invalid.code.tooLong=Il codice è troppo lungo
 recovery_check_code.noAccess=Non ho il mio codice.
 recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino?
 recovery_check_code.noCodeAccessInstructions=Se non ha più il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assisterà nel processo di ripristino.
-recovery_check_code.too_many_tries.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte.
-recovery_check_code.too_many_tries.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
 recovery_check_noCode.banner.error=Troppi tentativi.
 recovery_check_noCode.instruction1=Potresti aver tentato di inserire il codice di ripristino troppe volte.
 recovery_check_noCode.instruction2=Chiudi il browser web e inizia nuovamente il processo di ripristino dell'account tra dieci minuti da <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -212,7 +210,7 @@ recovery_questionnaire_no_recovery.instruction2=Se ha registrato pi&ugrave; fatt
 recovery_questionnaire_reason_selection.answer1=Ho problemi ad accedere, anche se ho la mia app/chiave di sicurezza
 recovery_questionnaire_reason_selection.answer10=Ho perso uno dei miei fattori di accesso (app AGOV access o chiave di sicurezza)
 recovery_questionnaire_reason_selection.answer2=Non sono riuscito a completare la registrazione
-recovery_questionnaire_reason_selection.answer3=Ho eliminato, reinstallato o reimpostato la mia app AGOV access
+recovery_questionnaire_reason_selection.answer3=Ho eliminato o reimpostato la mia app AGOV access
 recovery_questionnaire_reason_selection.answer4=Ho perso il telefono/la chiave di sicurezza
 recovery_questionnaire_reason_selection.answer5=Ho un nuovo telefono e ho dimenticato di trasferire la mia app AGOV access
 recovery_questionnaire_reason_selection.answer6=Ho dimenticato il PIN dell'app AGOV access

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/mauth_link_qr.js

@@ -16,12 +16,6 @@
 
     let statusPolling;
 
-    let isPolling = false;
-    let pollingTimeout = null;
-
-    const POLLING_INTERVAL = 2000;
-    const REQUEST_TIMEOUT = 3000;
-
     function dispatchLink() {
 
         document.getElementById("mauth_started").style.display = "block"; // show
@@ -61,7 +55,9 @@
                     });
                     var sessionId = o.sessionId;
                     console.log("started polling for session ID: " + sessionId);
-                    poll(sessionId);
+                    statusPolling = window.setInterval(function () {
+                        poll(sessionId);
+                    }, 2000);
                 }
                 else {
                     console.log("authentication failed: " + o.dispatchResult);
@@ -74,36 +70,21 @@
     }
 
     function poll(sessionId) {
-        if (isPolling) {
-            return; // Exit if a polling request is already ongoing
-        }
 
-        isPolling = true;
+        const request = {};
+        request.fidoUafSessionId = sessionId;
 
-        const request = { fidoUafSessionId: sessionId };
-
-        const fetchRequest = fetch("", {
+        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        });
-
-        // Set up the timeout for the fetch request
-        const timeoutPromise = new Promise((_, reject) => {
-            pollingTimeout = setTimeout(() => {
-                reject(new Error('Request timed out'));
-            }, REQUEST_TIMEOUT);
-        });
-
-        Promise.race([fetchRequest, timeoutPromise])
-            .then(res => res.json())
-            .then(o => {
-                clearTimeout(pollingTimeout);
+        }).then(res => {
+            res.json().then(o => {
                 var status = o.status;
                 console.log("status: " + status);
-
                 if (status == 'clientAuthenticating') {
                     // show process icon
                     document.getElementById("mauth_loading").style.display = 'block';
@@ -118,24 +99,20 @@
                     addInput(form, "continue", "true"); // required for custom dispatching in usernameless
                     document.body.appendChild(form);
                     form.submit();
-                } else if (status == 'failed' || status == 'unknown') {
+                }
+                else if (status == 'failed' || status == 'unknown') {
+
                     clearInterval(statusPolling);
                     console.error("authentication failed with status: " + status);
+
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     addInput(form, "fidoUafSessionId", sessionId);
                     document.body.appendChild(form);
                     form.submit();
                 }
-            })
-            .catch((err) => {
-                console.error("error:", err);
-            })
-            .finally(() => {
-                isPolling = false;
-                // Schedule the next poll if needed
-                setTimeout(() => poll(sessionId), POLLING_INTERVAL);
             });
+        }).catch((err) => console.error("error: ", err));
     }
 
     dispatchLink();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/mauth_onboard.js

@@ -16,12 +16,6 @@
 
     let statusPolling;
 
-    let isPolling = false;
-    let pollingTimeout = null;
-
-    const POLLING_INTERVAL = 2000;
-    const REQUEST_TIMEOUT = 3000;
-
     function renderEnrollment() {
 
         // link is provided by a hidden GuiElem
@@ -58,53 +52,44 @@
     }
 
     function poll() {
-        if (isPolling) {
-            return; // Exit if a polling request is already ongoing
-        }
-
-        isPolling = true;
 
         // state is held on backend side
         const request = {};
 
-        const fetchRequest = fetch("", {
+        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        });
+        }).then(res => {
+            res.json().then(o => {
 
-        // Set up the timeout for the fetch request
-        const timeoutPromise = new Promise((_, reject) => {
-            pollingTimeout = setTimeout(() => {
-                reject(new Error('Request timed out'));
-            }, REQUEST_TIMEOUT);
-        });
-
-        Promise.race([fetchRequest, timeoutPromise])
-            .then(res => res.json())
-            .then(o => {
-                clearTimeout(pollingTimeout);
                 var status = o.status;
                 console.log("status: " + status);
 
                 if (status == 'clientRegistering') {
+
                     // show process icon
                     document.getElementById("mauth_loading").style.display = 'block';
 
                     // hide QR-code and information
                     document.getElementById("mauth_qrcode").style.display = 'none';
                     document.getElementById("mauth_qrcode_info").style.display = 'none';
-                } else if (status == 'succeeded') {
+                }
+                else if (status == 'succeeded') {
+
                     clearInterval(statusPolling);
-                    console.log("onboarding successful");
+                    console.error("onboarding successful");
 
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     document.body.appendChild(form);
                     form.submit();
-                } else if (status == 'failed' || status == 'unknown') {
+                }
+                else if (status == 'failed' || status == 'unknown') {
+
                     clearInterval(statusPolling);
                     console.error("onboarding failed with status: " + status);
 
@@ -113,15 +98,8 @@
                     document.body.appendChild(form);
                     form.submit();
                 }
-            })
-            .catch((err) => {
-                console.error("error:", err);
-            })
-            .finally(() => {
-                isPolling = false;
-                // Schedule the next poll if needed
-                setTimeout(() => poll(), POLLING_INTERVAL);
             });
+        }).catch((err) => console.error("error: ", err));
     }
 
     renderEnrollment();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/mauth_push_qr.js

@@ -16,12 +16,6 @@
 
     let statusPolling;
 
-    let isPolling = false;
-    let pollingTimeout = null;
-
-    const POLLING_INTERVAL = 2000;
-    const REQUEST_TIMEOUT = 3000;
-
     function dispatch(id) {
 
         document.getElementById("mauth_devices").style.display = "none"; // hide selection menu
@@ -76,7 +70,9 @@
                     });
                     var sessionId = o.sessionId;
                     console.log("started polling for session ID: " + sessionId);
-                    poll(sessionId);
+                    statusPolling = window.setInterval(function () {
+                        poll(sessionId);
+                    }, 2000);
                 }
                 else {
                     console.log("authentication failed: " + o.dispatchResult);
@@ -129,64 +125,47 @@
     }
 
     function poll(sessionId) {
-        if (isPolling) {
-            return; // Exit if a polling request is already ongoing
-        }
-        isPolling = true;
 
-        const request = { fidoUafSessionId: sessionId };
+        const request = {};
+        request.fidoUafSessionId = sessionId;
 
-        const fetchRequest = fetch("", {
+        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        });
-
-        // Set up the timeout for the fetch request
-        const timeoutPromise = new Promise((_, reject) => {
-            pollingTimeout = setTimeout(() => {
-                reject(new Error('Request timed out'));
-            }, REQUEST_TIMEOUT);
-        });
-
-        Promise.race([fetchRequest, timeoutPromise])
-            .then(res => res.json())
-            .then(o => {
-                clearTimeout(pollingTimeout);
+        }).then(res => {
+            res.json().then(o => {
                 var status = o.status;
                 console.log("status: " + status);
-
                 if (status == 'clientAuthenticating') {
                     document.getElementById("mauth_qrcode").style.display = 'none';
                     document.getElementById("mauth_qrcode_info").style.display = 'none';
                     document.getElementById("mauth_match_numbers").style.display = 'block';
                     document.getElementById("mauth_loading").style.display = 'block';
                 }
-
                 if (status == 'succeeded') {
                     clearInterval(statusPolling);
+                    // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     document.body.appendChild(form);
                     form.submit();
-                } else if (status == 'failed' || status == 'unknown') {
+                }
+                else if (status == 'failed' || status == 'unknown') {
+
                     clearInterval(statusPolling);
                     console.error("authentication failed with status: " + status);
+
+                    // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     addInput(form, "fidoUafSessionId", sessionId);
                     document.body.appendChild(form);
                     form.submit();
                 }
-            })
-            .catch((err) => {
-                console.error("error:", err);
-            })
-            .finally(() => {
-                isPolling = false;
-                // Schedule the next poll if needed
-                setTimeout(() => poll(sessionId), POLLING_INTERVAL);
             });
+        }).catch((err) => console.error("error: ", err));
     }
 
     renderDeviceList();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/mauth_usernameless.js

@@ -16,12 +16,6 @@
 
     let statusPolling;
 
-    let isPolling = false;
-    let pollingTimeout = null;
-
-    const POLLING_INTERVAL = 2000;
-    const REQUEST_TIMEOUT = 3000;
-
     function dispatch() {
 
         console.log("initiating usernameless mobile authentication...");
@@ -64,7 +58,9 @@
                     });
                     var sessionId = o.sessionId;
                     console.log("started polling for session ID: " + sessionId);
-                    poll(sessionId);
+                    statusPolling = window.setInterval(function () {
+                        poll(sessionId);
+                    }, 2000);
                 }
                 else {
                     console.log("authentication failed: " + o.dispatchResult);
@@ -77,66 +73,46 @@
     }
 
     function poll(sessionId) {
-        if (isPolling) {
-            return; // Exit if a polling request is already ongoing
-        }
 
-        isPolling = true;
+        const request = {};
+        request.fidoUafSessionId = sessionId;
 
-        const request = { fidoUafSessionId: sessionId };
-
-        const fetchRequest = fetch("", {
+        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        });
-
-        // Set up the timeout for the fetch request
-        const timeoutPromise = new Promise((_, reject) => {
-            pollingTimeout = setTimeout(() => {
-                reject(new Error('Request timed out'));
-            }, REQUEST_TIMEOUT);
-        });
-
-        Promise.race([fetchRequest, timeoutPromise])
-            .then(res => res.json())
-            .then(o => {
-                clearTimeout(pollingTimeout);
+        }).then(res => {
+            res.json().then(o => {
                 var status = o.status;
                 console.log("status: " + status);
-
                 if (status == 'clientAuthenticating') {
-                    // show process icon
-                    document.getElementById("mauth_loading").style.display = 'block';
                     document.getElementById("mauth_qrcode").style.display = 'none';
+                    document.getElementById("mauth_loading").style.display = 'block';
                 }
                 if (status == 'succeeded') {
                     clearInterval(statusPolling);
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
-                    addInput(form, "continue", "true"); // required for custom dispatching in usernameless
-                    document.body.appendChild(form);
-                    form.submit();
-                } else if (status == 'failed' || status == 'unknown') {
-                    clearInterval(statusPolling);
-                    console.error("authentication failed with status: " + status);
-                    // as this is the last call we have to do a top-level request instead of AJAX
-                    const form = createForm();
-                    addInput(form, "fidoUafSessionId", sessionId);
+                    addInput(form, "fidoUafDone", "true"); // checked by Groovy script
+                    document.body.appendChild(form);
+                    form.submit();
+                }
+                else if (status == 'failed' || status == 'unknown') {
+
+                    clearInterval(statusPolling);
+                    console.error("authentication failed with status: " + status);
+
+                    // as this is the last call we have to do a top-level request instead of AJAX
+                    const form = createForm();
+                    addInput(form, "fidoUafSessionId", sessionId); // checked by Groovy script
                     document.body.appendChild(form);
                     form.submit();
                 }
-            })
-            .catch((err) => {
-                console.error("error:", err);
-            })
-            .finally(() => {
-                isPolling = false;
-                // Schedule the next poll if needed
-                setTimeout(() => poll(sessionId), POLLING_INTERVAL);
             });
+        }).catch((err) => console.error("error: ", err));
     }
 
     dispatch();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/js-code/ask_mobile.js

@@ -1,6 +1,6 @@
 class ProvidePhoneNumber {
 	modal;
-	declineModal;
+	laterModal;
 	providePhoneNumberLaterButton;
 	phoneNumberInput;
 	agovInputPhoneNumberInput;
@@ -9,20 +9,24 @@ class ProvidePhoneNumber {
 
 	constructor() {
 		this.modal = document.querySelector('#modal');
-		this.declineModal = document.querySelector('#declineModal');
+		this.laterModal = document.querySelector('#laterModal');
 		this.providePhoneNumberLaterButton = document.querySelector('#providePhoneNumberLaterButton');
 		this.phoneNumberInput = document.querySelector('#phoneNumberInput');
 		this.agovInputPhoneNumberInput = document.querySelector('#agovInputPhoneNumberInput');
 		this.agovInputRepeatPhoneNumberInput = document.querySelector('#agovInputRepeatPhoneNumberInput');
 		this.repeatPhoneNumberInput = document.querySelector('#repeatPhoneNumberInput');
 
+		document.querySelector('#laterCheckbox').checked = true;
 		this.initializePhoneInput(this.phoneNumberInput);
 		this.addPhoneInputEventHandlers(this.phoneNumberInput);
 		this.addPhoneInputEventHandlers(this.repeatPhoneNumberInput);
 
-		document.querySelector('#declineModalBack').addEventListener('click', () => {
+		this.providePhoneNumberLaterButton.addEventListener('click', () => {
+			this.setVisible(this.laterModal);
+		});
+		document.querySelector('#laterModalBack').addEventListener('click', () => {
 			this.resetValidation(this.agovInputPhoneNumberInput);
-			this.setInvisible(this.declineModal);
+			this.setInvisible(this.laterModal);
 		});
 		document.querySelector('#repeatPhoneNumberModalBack').addEventListener('click', () => {
 			this.initializePhoneInput(this.phoneNumberInput);
@@ -35,7 +39,6 @@ class ProvidePhoneNumber {
 			}
 		});
 		document.querySelector('#providePhoneNumberContinueButton').addEventListener('click', () => {
-			const dialCode = `+${window.phoneNumberUtils.getDialCode()}`;
 			if (this.validateInput(this.agovInputPhoneNumberInput)) {
 				this.repeatPhoneNumberInput.value = '';
 				this.initializePhoneInput(this.repeatPhoneNumberInput);
@@ -43,10 +46,6 @@ class ProvidePhoneNumber {
 				this.showErrorBanner(false);
 				this.setVisible(this.modal);
 			}
-			else if (this.phoneNumberInput.value.trim() === '' ||
-				this.phoneNumberInput.value.trim() === dialCode) {
-				this.setVisible(this.declineModal);
-			}
 		});
 	}
 
@@ -119,12 +118,7 @@ class ProvidePhoneNumber {
 	evaluatePhoneNumbersAndSubmit() {
 		if (this.arePhoneNumbersEqual()) {
 			document.querySelector('#mobile').value = this.repeatPhoneNumberInput.value.trim().replaceAll(' ', '');
-			// Some other 'click' listeners from gsap (used in drawer.js) seem to interfere with the trigger click on
-			// submitPhoneNumber button. It happens only on mobile devices, where the drawer is used. setTimeout seems to help
-			// to avoid the issue (although it is just a workaround).
-			setTimeout(() => {
-				document.querySelector('#submitPhoneNumber').click();
-			}, 100);
+			document.querySelector('#submit').click();
 		}
 		else {
 			this.setInvisible(this.modal);

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/js-code/eid_verification.js

@@ -1,4 +0,0 @@
-document.addEventListener('DOMContentLoaded', function() {
-	document.dispatchEvent(new Event('initEidVerification'));
-	document.dispatchEvent(new Event('initCantonalBranding'));
-});

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/ask_mobile_number.vm

@@ -47,20 +47,14 @@
                 </div>
                 <div class="w-full sm:static mt-auto">
                     <div class="flex flex-col-reverse sm:flex-row gap-4">
-                        <form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
-                              class="w-full"
-                              accept-charset="UTF-8">
-                            <agov-button
-                                    data-name="submit"
-                                    data-value="submit"
-                                    data-style="secondary"
-                                    data-label="$text.get("loainfo.later")"
-                                    data-type="submit"
-                                    data-fullwidth="true">
-                            </agov-button>
-                            <input class="hidden" name="skip" value="later">
-                            <input class="hidden" name="authRequestId" type="hidden" value="$gui.getGuiElem('authRequestId').value"/>
-                        </form>
+                        <agov-button
+                                id="providePhoneNumberLaterButton"
+                                class="w-full"
+                                data-style="secondary"
+                                data-label="$text.get("loainfo.later")"
+                                data-type="button"
+                                data-fullwidth="true">
+                        </agov-button>
                         <agov-button
                                 id="providePhoneNumberContinueButton"
                                 class="w-full"
@@ -128,7 +122,7 @@
                     <agov-button
                             class="basis-full"
                             data-name="submit"
-                            data-id="submitPhoneNumber"
+                            data-id="submit"
                             data-value="submit"
                             data-type="submit"
                             data-label="$text.get("general.continue")"
@@ -161,7 +155,7 @@
     </div>
 </div>
 
-<div id="declineModal" class="fixed top-0 bottom-0 left-0 right-0 pb-20 z-50 hidden">
+<div id="laterModal" class="fixed top-0 bottom-0 left-0 right-0 pb-20 z-50 hidden">
     <div class="fixed top-0 bottom-0 left-0 right-0 backdrop-blur-[10px]" id="modal_light"></div>
     <div class="fixed top-0 bottom-0 left-0 right-0 bg-[#E2E2E2E5]/80 dark:bg-[#111111]/90" id="modal_dark"></div>
     <div id="drawer"
@@ -187,7 +181,7 @@
             <div class="w-full sm:static mt-auto sm:justify-items-end">
                 <div class="flex justify-end flex-col-reverse sm:flex-row gap-4">
                     <agov-button
-                            id="declineModalBack"
+                            id="laterModalBack"
                             data-style="secondary"
                             data-label="$text.get("general.back")"
                             data-type="button"
@@ -195,15 +189,17 @@
                     </agov-button>
                     <form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
                           accept-charset="UTF-8"
-                          class="flex flex-col flex-auto block">
+                          class="flex flex-col flex-auto block ">
                         <agov-button
+                                id="ask_mobile_continue"
                                 data-name="submit"
                                 data-value="submit"
+                                data-id="submit"
                                 data-label="$text.get("general.continue")"
                                 data-type="submit"
                                 data-fullwidth="true">
                         </agov-button>
-                        <input class="hidden" name="skip" value="persistent">
+                        <input id="laterCheckbox" class="hidden" type="checkbox" name="skip" value="true">
                         <input class="hidden" name="authRequestId" type="hidden" value="$gui.getGuiElem('authRequestId').value"/>
                     </form>
                 </div>
@@ -215,4 +211,5 @@
 <script src="${login.appDataPath}/static/js-code/ask_mobile.js">
 </script>
 
+
 #parse("${templatePath}/footer.vm")

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/eid_verification.mock.js

@@ -1,3 +0,0 @@
-module.exports = {
-	...require('./mock-defaults')
-};

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/eid_verification.vm

@@ -1,224 +0,0 @@
-#parse("${templatePath}/header.vm")
-#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
-
-<agov-backdrop></agov-backdrop>
-<div id="mainContent" class="container mx-auto sm:mt-2 sm:max-w-full flex h-full sm:h-auto">
-	<div class="flex flex-col items-start gap-4 w-full rounded-[36px] sm:p-6 mx-auto
-	 max-w-[600px] md:max-w-[1200px] sm:bg-lily-blue dark:sm:bg-purple-black">
-
-		<div id="cantonalBranding"
-			 class="flex items-center rounded-xl gap-5 p-2 sm:p-0 sm:w-auto w-full hidden bg-pale-blue dark:bg-purple-black sm:bg-transparent">
-			<div class="flex items-center p-2 bg-white rounded sm:rounded-xl w-16 h-16" id="logo"></div>
-			<h1 class="font-header text-h6 sm:text-h4 text-space-blue dark:text-white">
-                #if ($login.language =="en")
-						$utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameEN').value)
-				#elseif ($login.language =="de")
-                    $utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameDE').value)
-                #elseif ($login.language =="fr")
-                    $utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameFR').value)
-                #else
-                    $utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameIT').value)
-                #end
-			</h1>
-		</div>
-
-		<div class="flex flex-col md:flex-row w-full gap-6">
-			<div id="registerCard" class="w-full md:min-h-[689px] flex flex-col justify-between">
-				<div id="swiyuLoginImage"
-					 class="relative md:max-w-[520px] max-w-[350px] sm:max-w-[300px] mb-10 w-full mx-auto hidden md:block">
-					<img alt="" src="${login.appDataPath}/static/images/login.svg"
-						 class="hidden md:block dark:hidden w-full">
-					<img alt="" src="${login.appDataPath}/static/images/login-dark.svg"
-						 class="hidden md:hidden dark:md:block w-full">
-				</div>
-			</div>
-
-			<div id="loginModal"
-				 class="flex flex-col bg-white dark:bg-surface-black rounded-[20px] sm:min-h-[700px] p-6 sm:pb-8 sm:pt-10 sm:px-10
-				 max-w-[550px] w-full">
-
-				<div class="flex mb-4 sm:mb-6 items-baseline">
-					<h1 class="font-header text-h4 text-space-blue dark:text-white mr-3">$text.get("eid_verification.login")</h1>
-				</div>
-
-				<div id="cantonalBrandingMobile"
-					 class="flex items-center rounded-xl gap-5 mb-4 p-2 sm:p-0 sm:w-auto w-full hidden bg-pale-blue dark:bg-purple-black sm:bg-transparent">
-					<div class="flex items-center p-2 bg-white dark:bg-black rounded sm:rounded-xl w-16 h-16"
-						 id="logoMobile"></div>
-					<h1 class="font-header text-h6 sm:text-h4 text-space-blue dark:text-white">
-                        #if ($login.language =="en")
-							$utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameEN').value)
-						#elseif ($login.language =="de")
-                            $utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameDE').value)
-                        #elseif ($login.language =="fr")
-                            $utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameFR').value)
-                        #else
-                            $utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameIT').value)
-                        #end
-					</h1>
-				</div>
-
-				<div id="swiyuWalletAppModal" class="h-full">
-
-					<div class="desktopBanner" aria-live="assertive">
-						<div class="hidden info flex rounded-xl bg-info-background dark:bg-dark-info-background items-center p-4
-						mb-4">
-							<i class="fa-regular fa-info-circle rounded-full p-3 text-info dark:text-dark-info bg-info/10 dark:bg-dark-info-icon mr-4 text-xl leading-none"></i>
-							<p class="font-body text-body-l text-space-blue dark:text-white">
-                                $text.get("eid_verification.banner.info")
-							</p>
-						</div>
-
-						<div class="hidden success flex rounded-xl bg-success-background dark:bg-dark-success-background
-						items-center p-4 mb-4">
-							<i class="fa-regular fa-check-circle rounded-full p-3 text-success dark:text-dark-success bg-success/10 dark:bg-dark-success-icon mr-4 text-xl leading-none"></i>
-							<div>
-								<p class="font-body text-body-l text-space-blue dark:text-white">
-                                    $text.get("eid_verification.banner.success")
-								</p>
-							</div>
-						</div>
-
-						<div class="hidden error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center
-						p-4 mb-4">
-							<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
-							<p class="font-body text-body-l text-space-blue dark:text-white">
-                                $text.get("eid_verification.banner.error")
-							</p>
-						</div>
-					</div>
-
-					<div class="relative flex flex-col h-full">
-						<div id="blurBackdrop" class="hidden absolute backdrop-blur-sm -top-1 -bottom-8 -left-4 -right-4
-						z-10"></div>
-						<div class="mobileBanner relative z-20" aria-live="assertive">
-							<div class="hidden info flex rounded-xl bg-info-background dark:bg-dark-info-background items-center
-							p-4 mb-4">
-								<i class="fa-regular fa-info-circle rounded-full p-3 text-info dark:text-dark-info bg-info/10 dark:bg-dark-info-icon mr-4 text-xl leading-none"></i>
-								<p class="font-body text-body-l text-space-blue dark:text-white">
-                                    $text.get("eid_verification.banner.info")
-								</p>
-							</div>
-
-							<div class="hidden success flex rounded-xl bg-success-background dark:bg-dark-success-background
-								 items-center p-4 mb-4">
-								<i class="fa-regular fa-check-circle rounded-full p-3 text-success dark:text-dark-success bg-success/10 dark:bg-dark-success-icon mr-4 text-xl leading-none"></i>
-								<div>
-									<p class="font-body text-body-l text-space-blue dark:text-white">
-                                        $text.get("eid_verification.banner.success")
-									</p>
-								</div>
-							</div>
-
-							<div class="hidden error flex rounded-xl bg-error-background dark:bg-dark-error-background
-							items-center p-4 mb-4">
-								<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
-								<p class="font-body text-body-l text-space-blue dark:text-white">
-                                    $text.get("eid_verification.banner.error")
-								</p>
-							</div>
-						</div>
-						<div id="swiyuLoginImageMobile"
-							 class="hidden max-w-[200px] sm:max-w-full sm:w-full basis-1/2 mx-auto mb-6">
-							<img alt=""
-								 src="${login.appDataPath}/static/images/login.svg"
-								 class="block dark:hidden w-full">
-
-							<img alt=""
-								 src="${login.appDataPath}/static/images/login-dark.svg"
-								 class="hidden dark:block w-full">
-						</div>
-						<div id="QRCodeHolder">
-							<div class="relative">
-								<canvas role="img" aria-labelledby="labelQRCodeInstructions" id="swiyu_qrcode"
-										class="mb-6 mx-auto"></canvas>
-								<div class="hidden" id="QRcodeHiddenLink"></div>
-								<span id="spinner" class="hidden absolute left-1/2 top-1/2 -translate-x-1/2 -translate-y-1/2
-								z-20">
-								<img src="${login.appDataPath}/static/images/spinner.svg" class="animate-spin block dark:hidden">
-								<img src="${login.appDataPath}/static/images/spinner-dark.svg"
-									 class="animate-spin hidden dark:block">
-								</span>
-							</div>
-
-							<a id="swiyuWalletAppLinkIpad" href="" class="hidden">
-								<agov-button
-										class="block basis-full mb-6"
-										data-name="swiyuWalletApp"
-										data-value="swiyuWalletApp"
-										data-id="swiyuWalletAppIpad"
-										data-label="$text.get("general.goSwiyuWalletApp")"
-										data-type="button"
-										data-fullwidth="true">
-								</agov-button>
-							</a>
-
-							<div class="swiyuWalletAppInstructions flex bg-indigo-light rounded-xl p-4 mb-2 items-center
-							dark:bg-purple-black">
-								<img alt="" src="${login.appDataPath}/static/images/access-app.svg" class="h-12 mr-4">
-								<p id="labelQRCodeInstructions" class="font-header text-h5 text-space-blue dark:text-white">
-                                    $text.get("eid_verification.instructions")
-								</p>
-							</div>
-						</div>
-
-						<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
-							  accept-charset="UTF-8" class="w-full sm:static mt-auto mb-20 sm:mb-0">
-
-							<div id="mobileButtons" class="hidden w-full">
-								<div class="flex flex-col">
-									<a id="swiyuWalletAppLink" href="">
-										<agov-button
-												class="block basis-full mb-4"
-												data-name="swiyuWalletApp"
-												data-value="swiyuWalletApp"
-												data-id="swiyuWalletApp"
-												data-label="$text.get("general.goSwiyuWalletApp")"
-												data-type="button"
-												data-fullwidth="true">
-										</agov-button>
-									</a>
-									<agov-button
-											id="showQR"
-											class="block basis-full"
-											data-style="frameless"
-											data-name="EID"
-											data-value="EID"
-											data-id="EID"
-											data-label="<i class='fa-regular fa-eye align-middle text-xl text-indigo dark:text-lilac mr-2'></i>$text.get(
-                                                "eid_verification.showQR")"
-											data-type="button"
-											data-fullwidth="true">
-									</agov-button>
-
-									<agov-button
-											id="hideQR"
-											class="hidden basis-full"
-											data-style="frameless"
-											data-name="EID"
-											data-value="EID"
-											data-id="EID"
-											data-label="<i class='fa-regular fa-eye-slash align-middle text-xl text-indigo dark:text-lilac mr-2'></i>$text.get(
-                                                "eid_verification.hideQR")"
-											data-type="button"
-											data-fullwidth="true">
-									</agov-button>
-								</div>
-							</div>
-							<input class="hidden" name="authRequestId" type="hidden"
-								   value="$gui.getGuiElem('authRequestId').value"/>
-						</form>
-					</div>
-				</div>
-			</div>
-		</div>
-	</div>
-</div>
-
-<script src="${login.appDataPath}/static/js-code/eid_verification.js" defer>
-</script>
-<div id="appSamlRpEntityId" class="hidden" data-value="$gui.getGuiElem('agov.appSamlRpEntityId').value"
-	data-language="$login.language">
-</div>
-
-#parse("${templatePath}/footer.vm")

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/footer.vm

@@ -3,7 +3,7 @@
 			$text.get("footer.text")
 			<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
 		</div>
-		<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
+		<p>1.8.x.local-20250113T070249Z-haburger: Mon Jan 13 12:11:47 CET 2025</p>
 	</footer>
 	<script src="${login.appDataPath}/static/bundle.js"></script>
 </body>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/mauth_usernameless.vm

@@ -150,15 +150,15 @@
 								</p>
 							</div>
 						</div>
-						<div id="agovLoginImageMobile"
-							 class="hidden max-w-[200px] sm:max-w-full sm:w-full basis-1/2 mx-auto mb-6">
+						<div id="agovLoginImageMobile" class="hidden md:max-w-[520px] max-w-[350px] sm:max-w-[300px] w-full
+						mx-auto mb-6">
 							<img alt=""
 								 src="${login.appDataPath}/static/images/login.svg"
-								 class="block dark:hidden w-full">
+								 class="block sm:hidden md:block dark:hidden w-full">
 
 							<img alt=""
 								 src="${login.appDataPath}/static/images/login-dark.svg"
-								 class="hidden dark:block w-full">
+								 class="dark:sm:hidden dark:md:block hidden dark:block w-full">
 						</div>
 						<div id="QRCodeHolder">
 							<div class="relative">
@@ -242,7 +242,7 @@
 						</form>
 					</div>
 				</div>
-				<div id="securityKeyModal" class="hidden sm:mt-16">
+				<div id="securityKeyModal" class="hidden mt-16">
 
 					<h2 class="font-header text-h5 text-space-blue dark:text-white mt-4 text-center">
                         $text.get("mauth_usernameless.useSecurityKey")
@@ -253,7 +253,7 @@
 					</p>
 
 					<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
-						  accept-charset="UTF-8" class="mb-20 sm:mb-0">
+						  accept-charset="UTF-8">
 						<agov-button
 								class="mb-4 block"
 								data-name="fallback"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_accessapp_auth.vm

@@ -82,14 +82,14 @@
 						</div>
 					</div>
 					<div id="agovLoginImageMobile"
-						 class="hidden max-w-[200px] sm:max-w-full sm:w-full basis-1/2 mx-auto mb-4">
+						 class="hidden md:max-w-[520px] max-w-[350px] sm:max-w-[300px] w-full basis-1/2 mx-auto mb-4">
 						<img alt=""
 							 src="${login.appDataPath}/static/images/recovery.svg"
-							 class="block w-full">
+							 class="block sm:hidden md:block dark:hidden w-full">
 
 						<img alt=""
 							 src="${login.appDataPath}/static/images/recovery_dark.svg"
-							 class="hidden dark:block w-full">
+							 class="dark:sm:hidden dark:md:block hidden dark:block w-full">
 					</div>
 					<div id="QRCodeHolder">
 						<div class="relative">

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_check_code.vm

@@ -2,151 +2,116 @@
 
 <agov-backdrop></agov-backdrop>
 <div id="mainContent" class="container mx-auto sm:mt-32 sm:max-w-full flex flex-auto sm:block">
-	<div class="flex flex-col-reverse sm:flex-row justify-evenly items-center gap-5 w-full">
-		<div class="flex flex-col sm:bg-white sm:dark:bg-surface-black rounded-[20px] sm:px-10 sm:py-10 max-w-[550px] w-full
+    <div class="flex flex-col-reverse sm:flex-row justify-evenly items-center gap-5 w-full">
+        <div class="flex flex-col sm:bg-white sm:dark:bg-surface-black rounded-[20px] sm:px-10 sm:py-10 max-w-[550px] w-full
 		basis-full md:basis-1/2 min-h-[535px]">
-	<span id="spinner" class="hidden absolute left-1/2 top-1/2 -translate-x-1/2 -translate-y-1/2 z-30">
+			<span id="spinner" class="hidden absolute left-1/2 top-1/2 -translate-x-1/2 -translate-y-1/2 z-30">
 				<img src="${login.appDataPath}/static/images/spinner.svg" class="animate-spin block dark:hidden">
 				<img src="${login.appDataPath}/static/images/spinner-dark.svg" class="animate-spin hidden dark:block">
 			</span>
-			<div id="blurBackdrop" class="hidden absolute backdrop-blur-sm -top-1 -bottom-96 -left-4 -right-4 z-20"></div>
-			<div class="flex flex-col gap-8">
-				<div class="flex items-baseline">
+            <div id="blurBackdrop" class="hidden absolute backdrop-blur-sm -top-1 -bottom-96 -left-4 -right-4 z-20"></div>
+            <div class="flex flex-col gap-8">
+                <div class="flex items-baseline">
 					#set($error = $gui.getGuiElem("lasterror"))
-					<h3 class="font-header text-h3 text-space-blue dark:text-white mr-3">
+                    <h3 class="font-header text-h3 text-space-blue dark:text-white mr-3">
 						$text.get("general.recovery")
-					</h3>
-					<h4 class="font-header text-h4 text-disabled-grey dark:text-silver">
+                    </h3>
+                    <h4 class="font-header text-h4 text-disabled-grey dark:text-silver">
 						$text.get("general.entryCode")
-					</h4>
-				</div>
+                    </h4>
+                </div>
 				#if (($error.value && $error.value != ""))
 					#if (($error.value == "locked"))
-						<div class="error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4">
-							<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
-							<p class="font-body text-body-l text-space-blue dark:text-white">
+                        <div class="error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4">
+                            <i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
+                            <p class="font-body text-body-l text-space-blue dark:text-white">
 								$text.get("recovery_check_code.banner.lockedError")
-							</p>
-						</div>
-						<p class="font-body text-body-l text-space-blue dark:text-white">
-							$text.get("recovery_check_code.too_many_tries.instruction1")
-						</p>
-						<p class="font-body text-body-l text-space-blue dark:text-white">
-							$text.get("recovery_check_code.too_many_tries.instruction2")
-						</p>
+                            </p>
+                        </div>
 					#else
-						<div class="error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4">
-							<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
-							<p class="font-body text-body-l text-space-blue dark:text-white">
+                        <div class="error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4">
+                            <i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
+                            <p class="font-body text-body-l text-space-blue dark:text-white">
 								$text.get("recovery_check_code.codeIncorrect")
-							</p>
-						</div>
-						<p class="font-body text-body-l text-space-blue dark:text-white">
-							$text.get("recovery_check_code.instruction")
-						</p>
+                            </p>
+                        </div>
 					#end
-				#else
-					<p class="font-body text-body-l text-space-blue dark:text-white">
-						$text.get("recovery_check_code.instruction")
-					</p>
 				#end
-			</div>
+                <p class="font-body text-body-l text-space-blue dark:text-white">
+					$text.get("recovery_check_code.instruction")
+                </p>
+            </div>
 			#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
-			#if (($error.value && $error.value != "locked") || !($error.value))
-				<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
-					  accept-charset="UTF-8"
-					  class="flex flex-col flex-auto block">
-					<agov-input
-							id="recovery_code_input"
-							class="py-16"
-							data-label="$text.get("recovery_check_code.enterRecoveryCode")"
-							data-isLabelHidden="true"
-							data-placeholder=""
-							data-id="code"
-							data-name="code"
-							data-value=""
-							data-type="text"
-							data-autofocus="true"
-							data-email_invalid="$text.get("recovery_check_code.invalid.code")"
-							data-email_too_long="$text.get("recovery_check_code.invalid.code.tooLong")"
-							data-email_required="$text.get("recovery_check_code.invalid.code.required")">
-					</agov-input>
-					<div class="w-full sm:static mt-auto mb-6 sm:mb-0">
-						<div class="flex flex-col flex-row-reverse gap-4">
-							<agov-button
-									id="recovery_code_btn"
-									class="block basis-full"
-									data-name="confirm"
-									data-value="confirm"
-									data-id="confirm"
-									data-label="$text.get("general.confirm")"
-									data-type="submit"
-									data-fullwidth="true">
-							</agov-button>
-							<agov-button
-									id="recovery_code_btn_cancel"
-									class="block basis-full"
-									data-style="frameless"
-									data-name="cancelFido2"
-									data-value="cancelFido2"
-									data-id="cancelFido2"
-									data-label="$text.get("recovery_check_code.noAccess")"
-									data-type="button"
-									data-fullwidth="true"
-									data-validate="false">
-							</agov-button>
-							<input class="hidden" name="authRequestId" type="hidden"
-								   value="$gui.getGuiElem('authRequestId').value"/>
-						</div>
-					</div>
-				</form>
-			#else
-				<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
-					  accept-charset="UTF-8"
-					  class="flex flex-col flex-auto block">
-					<div class="w-full sm:static mt-auto mb-6 sm:mb-0">
-						<div class="flex flex-col flex-row-reverse gap-4">
-							<agov-button
-									id="recovery_code_btn_cancel"
-									class="block basis-full"
-									data-name="cancelFido2"
-									data-value="cancelFido2"
-									data-id="cancelFido2"
-									data-label="$text.get("recovery_check_code.noAccess")"
-									data-type="button"
-									data-fullwidth="true"
-									data-validate="false">
-							</agov-button>
-							<input class="hidden" name="authRequestId" type="hidden"
-								   value="$gui.getGuiElem('authRequestId').value"/>
-						</div>
-					</div>
-				</form>
-			#end
-		</div>
-		<form class="hidden"
-			  id="$gui.name"
-			  name="$gui.name"
-			  method="POST"
-			  target="_self"
-			  action="$formTarget"
-			  autocomplete="off"
-			  accept-charset="UTF-8">
-			<agov-button
-					data-name="submit"
-					data-id="submitFormButton"
-					data-value="submit"
-					data-type="submit"
-					data-fullwidth="true">
-			</agov-button>
-			<input class="hidden" name="no_code" id="noCodeCheckbox" type="checkbox" value="true">
-			<input class="hidden" name="authRequestId" type="hidden" value="$gui.getGuiElem('authRequestId').value"/>
-		</form>
-		<img alt="" src="${login.appDataPath}/static/images/recovery.svg"
-			 class="md:max-w-[520px] max-w-[350px] sm:max-w-[300px] w-full md:basis-1/2 dark:hidden hidden md:block">
-		<img alt="" src="${login.appDataPath}/static/images/recovery_dark.svg"
-			 class="md:max-w-[520px] max-w-[350px] sm:max-w-[300px] w-full md:basis-1/2 hidden dark:md:block">
-	</div>
+            <form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
+                  accept-charset="UTF-8"
+                  class="flex flex-col flex-auto block">
+                <agov-input
+                        id="recovery_code_input"
+                        class="py-16"
+                        data-label="$text.get("recovery_check_code.enterRecoveryCode")"
+                        data-isLabelHidden="true"
+                        data-placeholder=""
+                        data-id="code"
+                        data-name="code"
+                        data-value=""
+                        data-type="text"
+                        data-autofocus="true"
+                        data-email_invalid="$text.get("recovery_check_code.invalid.code")"
+                        data-email_too_long="$text.get("recovery_check_code.invalid.code.tooLong")"
+                        data-email_required="$text.get("recovery_check_code.invalid.code.required")">
+                </agov-input>
+                <div class="w-full sm:static mt-auto mb-6 sm:mb-0">
+                    <div class="flex flex-col flex-row-reverse gap-4">
+                        <agov-button
+                                id="recovery_code_btn"
+                                class="block basis-full"
+                                data-name="confirm"
+                                data-value="confirm"
+                                data-id="confirm"
+                                data-label="$text.get("general.confirm")"
+                                data-type="submit"
+                                data-fullwidth="true">
+                        </agov-button>
+                        <agov-button
+                                id="recovery_code_btn_cancel"
+                                class="block basis-full"
+                                data-style="frameless"
+                                data-name="cancelFido2"
+                                data-value="cancelFido2"
+                                data-id="cancelFido2"
+                                data-label="$text.get("recovery_check_code.noAccess")"
+                                data-type="button"
+                                data-fullwidth="true"
+                                data-validate="false">
+                        </agov-button>
+                    </div>
+                </div>
+                <input class="hidden" name="authRequestId" type="hidden" value="$gui.getGuiElem('authRequestId').value"/>
+            </form>
+        </div>
+        <form class="hidden"
+              id="$gui.name"
+              name="$gui.name"
+              method="POST"
+              target="_self"
+              action="$formTarget"
+              autocomplete="off"
+              accept-charset="UTF-8">
+            <agov-button
+                    data-name="submit"
+                    data-id="submitFormButton"
+                    data-value="submit"
+                    data-type="submit"
+                    data-fullwidth="true">
+            </agov-button>
+            <input class="hidden" name="no_code" id="noCodeCheckbox" type="checkbox" value="true">
+            <input class="hidden" name="authRequestId" type="hidden" value="$gui.getGuiElem('authRequestId').value"/>
+        </form>
+        <img alt="" src="${login.appDataPath}/static/images/recovery.svg"
+             class="md:max-w-[520px] max-w-[350px] sm:max-w-[300px] w-full md:basis-1/2 dark:hidden hidden md:block">
+        <img alt="" src="${login.appDataPath}/static/images/recovery_dark.svg"
+             class="md:max-w-[520px] max-w-[350px] sm:max-w-[300px] w-full md:basis-1/2 hidden dark:md:block">
+    </div>
 </div>
 
 <script src="${login.appDataPath}/static/js-code/recovery_check_code.js">

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
 loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
-loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
+loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
 loainfo.startNow=Do you want to start the process now?
@@ -174,8 +174,6 @@ recovery_check_code.invalid.code.tooLong=The code is too long
 recovery_check_code.noAccess=I do not have access to my code
 recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
 recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
-recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
-recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
 recovery_check_noCode.banner.error=Too many attempts.
 recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
 recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -212,7 +210,7 @@ recovery_questionnaire_no_recovery.instruction2=If you have several login factor
 recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
 recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
 recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
-recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
+recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
 recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
 recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
 recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_de.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Sprache wählen
 loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
 loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen.
-loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
+loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben.
 loainfo.helper=Ihre persönlichen Daten müssen überprüft werden!
 loainfo.later=Später
 loainfo.startNow=Möchten Sie den Prozess jetzt starten?
@@ -163,7 +163,7 @@ pwreset.info.linktext=Passwort vergessen
 pwreset.noticket=Ihr Link ist nicht mehr gültig. Bitte generieren Sie ein Neuen.
 recovery_accessapp_auth.accessAppRegistered=AGOV access app schon registriert
 recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um sich zu identifizieren.
+recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um Sie zu identifizieren.
 recovery_check_code.banner.lockedError=Zu viele Fehlversuche. Bitte versuchen Sie es in ein paar Minuten noch einmal.
 recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut.
 recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben
@@ -174,8 +174,6 @@ recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang
 recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen
 recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen können?
 recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen können, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
-recovery_check_code.too_many_tries.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
-recovery_check_code.too_many_tries.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
 recovery_check_noCode.banner.error=Zu viele Versuche.
 recovery_check_noCode.instruction1=Möglicherweise haben Sie zu oft versucht, den Wiederherstellungscode einzugeben.
 recovery_check_noCode.instruction2=Bitte schliessen Sie den Webbrowser und starten Sie die Kontowiederherstellung in zehn Minuten erneut auf <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -186,7 +184,7 @@ recovery_code.validUntil=G&uuml;ltig bis:
 recovery_fidokey_auth.button=Schl&uuml;sselauthentifizierung starten
 recovery_fidokey_auth.fidoInstruction=Klicken Sie auf "Schl&uuml;sselauthentifizierung starten"
 recovery_fidokey_auth.instruction1=Sie haben bereits einen neuen Sicherheitsschl&uuml;ssel !!!SECURITY_KEY_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um sich zu identifizieren.
+recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um Sie zu identifizieren.
 recovery_fidokey_auth.keyRegistered=Sicherheitsschl&uuml;ssel schon registriert
 recovery_intro_email.banner.error=Der von Ihnen verwendete Link ist abgelaufen. Bitte geben Sie Ihre E-Mail-Adresse ein, um einen neuen Link zu erhalten.
 recovery_intro_email.banner.info=Bitte geben Sie Ihre E-Mail-Adresse ein, damit wir Ihnen einen Link schicken k&ouml;nnen, mit dem Sie den Wiederherstellungsprozess starten.
@@ -212,7 +210,7 @@ recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren r
 recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschl&uuml;ssel habe
 recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschl&uuml;ssel)
 recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen
-recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht, neu installiert oder zur&uuml;ckgesetzt
+recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht oder zur&uuml;ckgesetzt
 recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschl&uuml;ssel verloren
 recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu &uuml;bertragen
 recovery_questionnaire_reason_selection.answer6=Ich habe die PIN f&uuml;r meine AGOV access App vergessen

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_en.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
 loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
-loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
+loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
 loainfo.startNow=Do you want to start the process now?
@@ -174,8 +174,6 @@ recovery_check_code.invalid.code.tooLong=The code is too long
 recovery_check_code.noAccess=I do not have access to my code
 recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
 recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
-recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
-recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
 recovery_check_noCode.banner.error=Too many attempts.
 recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
 recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -212,7 +210,7 @@ recovery_questionnaire_no_recovery.instruction2=If you have several login factor
 recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
 recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
 recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
-recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
+recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
 recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
 recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
 recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_fr.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Sélectionner la langue
 loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours.
 loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante.
-loainfo.description.400=Veuillez saisir votre numéro AVS pour accéder à l'application.
+loainfo.description.400=Pour accéder à l'application, vous devez ajouter votre numéro AVS.
 loainfo.helper=Vos données doivent être vérifiées!
 loainfo.later=Plus tard
 loainfo.startNow=Voulez-vous commencer le processus maintenant?
@@ -174,8 +174,6 @@ recovery_check_code.invalid.code.tooLong=Le code est trop long
 recovery_check_code.noAccess=Je n’ai pas accès à mon code de récupération
 recovery_check_code.noCodeAccess=Êtes-vous sûr de ne pas avoir accès à votre code de récupération ?
 recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de récupération, veuillez vous rendre sur AGOV help et contacter le service d’assistance AGOV. Un agent pourra vous aider dans le processus de récupération.
-recovery_check_code.too_many_tries.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois.
-recovery_check_code.too_many_tries.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération.
 recovery_check_noCode.banner.error=Trop de tentatives.
 recovery_check_noCode.instruction1=Vous avez peut-être essayé de saisir le code de récupération trop de fois.
 recovery_check_noCode.instruction2=Veuillez fermer le navigateur web et recommencer la r&eacute;cup&eacute;ration du compte dans dix minutes &agrave; partir de <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -212,7 +210,7 @@ recovery_questionnaire_no_recovery.instruction2=Si vous avez enregistr&eacute; p
 recovery_questionnaire_reason_selection.answer1=Je n'arrive pas &agrave; me connecter, m&ecirc;me si j'ai mon application / ma cl&eacute; de s&eacute;curit&eacute;
 recovery_questionnaire_reason_selection.answer10=J'ai perdu l'un de mes facteurs d'authentification (application AGOV access ou cl&eacute; de s&eacute;curit&eacute;)
 recovery_questionnaire_reason_selection.answer2=Je n'ai pas pu terminer mon inscription
-recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute;, r&eacute;install&eacute; ou r&eacute;initialis&eacute; mon application d'acc&egrave;s AGOV
+recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute; ou r&eacute;initialis&eacute; mon application AGOV access
 recovery_questionnaire_reason_selection.answer4=J'ai perdu mon t&eacute;l&eacute;phone / cl&eacute; de s&eacute;curit&eacute;
 recovery_questionnaire_reason_selection.answer5=J'ai un nouveau t&eacute;l&eacute;phone et j'ai oubli&eacute; de transf&eacute;rer mon application AGOV access
 recovery_questionnaire_reason_selection.answer6=J'ai oubli&eacute; mon PIN pour l'application AGOV access

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_it.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Selezionare la lingua
 loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi.
 loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata.
-loainfo.description.400=Per accedere all'applicazione è necessario inserire il numero AVS.
+loainfo.description.400=Per acceddere all'applicazione deve inserire il numero AVS.
 loainfo.helper=I dati devono essere verificati!
 loainfo.later=Più tardi
 loainfo.startNow=Iniziare la procedura?
@@ -174,8 +174,6 @@ recovery_check_code.invalid.code.tooLong=Il codice è troppo lungo
 recovery_check_code.noAccess=Non ho il mio codice.
 recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino?
 recovery_check_code.noCodeAccessInstructions=Se non ha più il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assisterà nel processo di ripristino.
-recovery_check_code.too_many_tries.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte.
-recovery_check_code.too_many_tries.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
 recovery_check_noCode.banner.error=Troppi tentativi.
 recovery_check_noCode.instruction1=Potresti aver tentato di inserire il codice di ripristino troppe volte.
 recovery_check_noCode.instruction2=Chiudi il browser web e inizia nuovamente il processo di ripristino dell'account tra dieci minuti da <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -212,7 +210,7 @@ recovery_questionnaire_no_recovery.instruction2=Se ha registrato pi&ugrave; fatt
 recovery_questionnaire_reason_selection.answer1=Ho problemi ad accedere, anche se ho la mia app/chiave di sicurezza
 recovery_questionnaire_reason_selection.answer10=Ho perso uno dei miei fattori di accesso (app AGOV access o chiave di sicurezza)
 recovery_questionnaire_reason_selection.answer2=Non sono riuscito a completare la registrazione
-recovery_questionnaire_reason_selection.answer3=Ho eliminato, reinstallato o reimpostato la mia app AGOV access
+recovery_questionnaire_reason_selection.answer3=Ho eliminato o reimpostato la mia app AGOV access
 recovery_questionnaire_reason_selection.answer4=Ho perso il telefono/la chiave di sicurezza
 recovery_questionnaire_reason_selection.answer5=Ho un nuovo telefono e ho dimenticato di trasferire la mia app AGOV access
 recovery_questionnaire_reason_selection.answer6=Ho dimenticato il PIN dell'app AGOV access

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/mauth_link_qr.js

@@ -16,12 +16,6 @@
 
     let statusPolling;
 
-    let isPolling = false;
-    let pollingTimeout = null;
-
-    const POLLING_INTERVAL = 2000;
-    const REQUEST_TIMEOUT = 3000;
-
     function dispatchLink() {
 
         document.getElementById("mauth_started").style.display = "block"; // show
@@ -61,7 +55,9 @@
                     });
                     var sessionId = o.sessionId;
                     console.log("started polling for session ID: " + sessionId);
-                    poll(sessionId);
+                    statusPolling = window.setInterval(function () {
+                        poll(sessionId);
+                    }, 2000);
                 }
                 else {
                     console.log("authentication failed: " + o.dispatchResult);
@@ -74,36 +70,21 @@
     }
 
     function poll(sessionId) {
-        if (isPolling) {
-            return; // Exit if a polling request is already ongoing
-        }
 
-        isPolling = true;
+        const request = {};
+        request.fidoUafSessionId = sessionId;
 
-        const request = { fidoUafSessionId: sessionId };
-
-        const fetchRequest = fetch("", {
+        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        });
-
-        // Set up the timeout for the fetch request
-        const timeoutPromise = new Promise((_, reject) => {
-            pollingTimeout = setTimeout(() => {
-                reject(new Error('Request timed out'));
-            }, REQUEST_TIMEOUT);
-        });
-
-        Promise.race([fetchRequest, timeoutPromise])
-            .then(res => res.json())
-            .then(o => {
-                clearTimeout(pollingTimeout);
+        }).then(res => {
+            res.json().then(o => {
                 var status = o.status;
                 console.log("status: " + status);
-
                 if (status == 'clientAuthenticating') {
                     // show process icon
                     document.getElementById("mauth_loading").style.display = 'block';
@@ -118,24 +99,20 @@
                     addInput(form, "continue", "true"); // required for custom dispatching in usernameless
                     document.body.appendChild(form);
                     form.submit();
-                } else if (status == 'failed' || status == 'unknown') {
+                }
+                else if (status == 'failed' || status == 'unknown') {
+
                     clearInterval(statusPolling);
                     console.error("authentication failed with status: " + status);
+
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     addInput(form, "fidoUafSessionId", sessionId);
                     document.body.appendChild(form);
                     form.submit();
                 }
-            })
-            .catch((err) => {
-                console.error("error:", err);
-            })
-            .finally(() => {
-                isPolling = false;
-                // Schedule the next poll if needed
-                setTimeout(() => poll(sessionId), POLLING_INTERVAL);
             });
+        }).catch((err) => console.error("error: ", err));
     }
 
     dispatchLink();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/mauth_onboard.js

@@ -16,12 +16,6 @@
 
     let statusPolling;
 
-    let isPolling = false;
-    let pollingTimeout = null;
-
-    const POLLING_INTERVAL = 2000;
-    const REQUEST_TIMEOUT = 3000;
-
     function renderEnrollment() {
 
         // link is provided by a hidden GuiElem
@@ -58,53 +52,44 @@
     }
 
     function poll() {
-        if (isPolling) {
-            return; // Exit if a polling request is already ongoing
-        }
-
-        isPolling = true;
 
         // state is held on backend side
         const request = {};
 
-        const fetchRequest = fetch("", {
+        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        });
+        }).then(res => {
+            res.json().then(o => {
 
-        // Set up the timeout for the fetch request
-        const timeoutPromise = new Promise((_, reject) => {
-            pollingTimeout = setTimeout(() => {
-                reject(new Error('Request timed out'));
-            }, REQUEST_TIMEOUT);
-        });
-
-        Promise.race([fetchRequest, timeoutPromise])
-            .then(res => res.json())
-            .then(o => {
-                clearTimeout(pollingTimeout);
                 var status = o.status;
                 console.log("status: " + status);
 
                 if (status == 'clientRegistering') {
+
                     // show process icon
                     document.getElementById("mauth_loading").style.display = 'block';
 
                     // hide QR-code and information
                     document.getElementById("mauth_qrcode").style.display = 'none';
                     document.getElementById("mauth_qrcode_info").style.display = 'none';
-                } else if (status == 'succeeded') {
+                }
+                else if (status == 'succeeded') {
+
                     clearInterval(statusPolling);
-                    console.log("onboarding successful");
+                    console.error("onboarding successful");
 
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     document.body.appendChild(form);
                     form.submit();
-                } else if (status == 'failed' || status == 'unknown') {
+                }
+                else if (status == 'failed' || status == 'unknown') {
+
                     clearInterval(statusPolling);
                     console.error("onboarding failed with status: " + status);
 
@@ -113,15 +98,8 @@
                     document.body.appendChild(form);
                     form.submit();
                 }
-            })
-            .catch((err) => {
-                console.error("error:", err);
-            })
-            .finally(() => {
-                isPolling = false;
-                // Schedule the next poll if needed
-                setTimeout(() => poll(), POLLING_INTERVAL);
             });
+        }).catch((err) => console.error("error: ", err));
     }
 
     renderEnrollment();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/mauth_push_qr.js

@@ -16,12 +16,6 @@
 
     let statusPolling;
 
-    let isPolling = false;
-    let pollingTimeout = null;
-
-    const POLLING_INTERVAL = 2000;
-    const REQUEST_TIMEOUT = 3000;
-
     function dispatch(id) {
 
         document.getElementById("mauth_devices").style.display = "none"; // hide selection menu
@@ -76,7 +70,9 @@
                     });
                     var sessionId = o.sessionId;
                     console.log("started polling for session ID: " + sessionId);
-                    poll(sessionId);
+                    statusPolling = window.setInterval(function () {
+                        poll(sessionId);
+                    }, 2000);
                 }
                 else {
                     console.log("authentication failed: " + o.dispatchResult);
@@ -129,64 +125,47 @@
     }
 
     function poll(sessionId) {
-        if (isPolling) {
-            return; // Exit if a polling request is already ongoing
-        }
-        isPolling = true;
 
-        const request = { fidoUafSessionId: sessionId };
+        const request = {};
+        request.fidoUafSessionId = sessionId;
 
-        const fetchRequest = fetch("", {
+        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        });
-
-        // Set up the timeout for the fetch request
-        const timeoutPromise = new Promise((_, reject) => {
-            pollingTimeout = setTimeout(() => {
-                reject(new Error('Request timed out'));
-            }, REQUEST_TIMEOUT);
-        });
-
-        Promise.race([fetchRequest, timeoutPromise])
-            .then(res => res.json())
-            .then(o => {
-                clearTimeout(pollingTimeout);
+        }).then(res => {
+            res.json().then(o => {
                 var status = o.status;
                 console.log("status: " + status);
-
                 if (status == 'clientAuthenticating') {
                     document.getElementById("mauth_qrcode").style.display = 'none';
                     document.getElementById("mauth_qrcode_info").style.display = 'none';
                     document.getElementById("mauth_match_numbers").style.display = 'block';
                     document.getElementById("mauth_loading").style.display = 'block';
                 }
-
                 if (status == 'succeeded') {
                     clearInterval(statusPolling);
+                    // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     document.body.appendChild(form);
                     form.submit();
-                } else if (status == 'failed' || status == 'unknown') {
+                }
+                else if (status == 'failed' || status == 'unknown') {
+
                     clearInterval(statusPolling);
                     console.error("authentication failed with status: " + status);
+
+                    // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     addInput(form, "fidoUafSessionId", sessionId);
                     document.body.appendChild(form);
                     form.submit();
                 }
-            })
-            .catch((err) => {
-                console.error("error:", err);
-            })
-            .finally(() => {
-                isPolling = false;
-                // Schedule the next poll if needed
-                setTimeout(() => poll(sessionId), POLLING_INTERVAL);
             });
+        }).catch((err) => console.error("error: ", err));
     }
 
     renderDeviceList();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/mauth_usernameless.js

@@ -16,12 +16,6 @@
 
     let statusPolling;
 
-    let isPolling = false;
-    let pollingTimeout = null;
-
-    const POLLING_INTERVAL = 2000;
-    const REQUEST_TIMEOUT = 3000;
-
     function dispatch() {
 
         console.log("initiating usernameless mobile authentication...");
@@ -64,7 +58,9 @@
                     });
                     var sessionId = o.sessionId;
                     console.log("started polling for session ID: " + sessionId);
-                    poll(sessionId);
+                    statusPolling = window.setInterval(function () {
+                        poll(sessionId);
+                    }, 2000);
                 }
                 else {
                     console.log("authentication failed: " + o.dispatchResult);
@@ -77,66 +73,46 @@
     }
 
     function poll(sessionId) {
-        if (isPolling) {
-            return; // Exit if a polling request is already ongoing
-        }
 
-        isPolling = true;
+        const request = {};
+        request.fidoUafSessionId = sessionId;
 
-        const request = { fidoUafSessionId: sessionId };
-
-        const fetchRequest = fetch("", {
+        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        });
-
-        // Set up the timeout for the fetch request
-        const timeoutPromise = new Promise((_, reject) => {
-            pollingTimeout = setTimeout(() => {
-                reject(new Error('Request timed out'));
-            }, REQUEST_TIMEOUT);
-        });
-
-        Promise.race([fetchRequest, timeoutPromise])
-            .then(res => res.json())
-            .then(o => {
-                clearTimeout(pollingTimeout);
+        }).then(res => {
+            res.json().then(o => {
                 var status = o.status;
                 console.log("status: " + status);
-
                 if (status == 'clientAuthenticating') {
-                    // show process icon
-                    document.getElementById("mauth_loading").style.display = 'block';
                     document.getElementById("mauth_qrcode").style.display = 'none';
+                    document.getElementById("mauth_loading").style.display = 'block';
                 }
                 if (status == 'succeeded') {
                     clearInterval(statusPolling);
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
-                    addInput(form, "continue", "true"); // required for custom dispatching in usernameless
-                    document.body.appendChild(form);
-                    form.submit();
-                } else if (status == 'failed' || status == 'unknown') {
-                    clearInterval(statusPolling);
-                    console.error("authentication failed with status: " + status);
-                    // as this is the last call we have to do a top-level request instead of AJAX
-                    const form = createForm();
-                    addInput(form, "fidoUafSessionId", sessionId);
+                    addInput(form, "fidoUafDone", "true"); // checked by Groovy script
+                    document.body.appendChild(form);
+                    form.submit();
+                }
+                else if (status == 'failed' || status == 'unknown') {
+
+                    clearInterval(statusPolling);
+                    console.error("authentication failed with status: " + status);
+
+                    // as this is the last call we have to do a top-level request instead of AJAX
+                    const form = createForm();
+                    addInput(form, "fidoUafSessionId", sessionId); // checked by Groovy script
                     document.body.appendChild(form);
                     form.submit();
                 }
-            })
-            .catch((err) => {
-                console.error("error:", err);
-            })
-            .finally(() => {
-                isPolling = false;
-                // Schedule the next poll if needed
-                setTimeout(() => poll(sessionId), POLLING_INTERVAL);
             });
+        }).catch((err) => console.error("error: ", err));
     }
 
     dispatch();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
 loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
-loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
+loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
 loainfo.startNow=Do you want to start the process now?
@@ -174,8 +174,6 @@ recovery_check_code.invalid.code.tooLong=The code is too long
 recovery_check_code.noAccess=I do not have access to my code
 recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
 recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
-recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
-recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
 recovery_check_noCode.banner.error=Too many attempts.
 recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
 recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -212,7 +210,7 @@ recovery_questionnaire_no_recovery.instruction2=If you have several login factor
 recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
 recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
 recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
-recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
+recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
 recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
 recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
 recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_de.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Sprache wählen
 loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
 loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen.
-loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
+loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben.
 loainfo.helper=Ihre persönlichen Daten müssen überprüft werden!
 loainfo.later=Später
 loainfo.startNow=Möchten Sie den Prozess jetzt starten?
@@ -163,7 +163,7 @@ pwreset.info.linktext=Passwort vergessen
 pwreset.noticket=Ihr Link ist nicht mehr gültig. Bitte generieren Sie ein Neuen.
 recovery_accessapp_auth.accessAppRegistered=AGOV access app schon registriert
 recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um sich zu identifizieren.
+recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um Sie zu identifizieren.
 recovery_check_code.banner.lockedError=Zu viele Fehlversuche. Bitte versuchen Sie es in ein paar Minuten noch einmal.
 recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut.
 recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben
@@ -174,8 +174,6 @@ recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang
 recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen
 recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen können?
 recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen können, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
-recovery_check_code.too_many_tries.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
-recovery_check_code.too_many_tries.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
 recovery_check_noCode.banner.error=Zu viele Versuche.
 recovery_check_noCode.instruction1=Möglicherweise haben Sie zu oft versucht, den Wiederherstellungscode einzugeben.
 recovery_check_noCode.instruction2=Bitte schliessen Sie den Webbrowser und starten Sie die Kontowiederherstellung in zehn Minuten erneut auf <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -186,7 +184,7 @@ recovery_code.validUntil=G&uuml;ltig bis:
 recovery_fidokey_auth.button=Schl&uuml;sselauthentifizierung starten
 recovery_fidokey_auth.fidoInstruction=Klicken Sie auf "Schl&uuml;sselauthentifizierung starten"
 recovery_fidokey_auth.instruction1=Sie haben bereits einen neuen Sicherheitsschl&uuml;ssel !!!SECURITY_KEY_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um sich zu identifizieren.
+recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um Sie zu identifizieren.
 recovery_fidokey_auth.keyRegistered=Sicherheitsschl&uuml;ssel schon registriert
 recovery_intro_email.banner.error=Der von Ihnen verwendete Link ist abgelaufen. Bitte geben Sie Ihre E-Mail-Adresse ein, um einen neuen Link zu erhalten.
 recovery_intro_email.banner.info=Bitte geben Sie Ihre E-Mail-Adresse ein, damit wir Ihnen einen Link schicken k&ouml;nnen, mit dem Sie den Wiederherstellungsprozess starten.
@@ -212,7 +210,7 @@ recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren r
 recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschl&uuml;ssel habe
 recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschl&uuml;ssel)
 recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen
-recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht, neu installiert oder zur&uuml;ckgesetzt
+recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht oder zur&uuml;ckgesetzt
 recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschl&uuml;ssel verloren
 recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu &uuml;bertragen
 recovery_questionnaire_reason_selection.answer6=Ich habe die PIN f&uuml;r meine AGOV access App vergessen

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_en.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
 loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
-loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
+loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
 loainfo.startNow=Do you want to start the process now?
@@ -174,8 +174,6 @@ recovery_check_code.invalid.code.tooLong=The code is too long
 recovery_check_code.noAccess=I do not have access to my code
 recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
 recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
-recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
-recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
 recovery_check_noCode.banner.error=Too many attempts.
 recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
 recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -212,7 +210,7 @@ recovery_questionnaire_no_recovery.instruction2=If you have several login factor
 recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
 recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
 recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
-recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
+recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
 recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
 recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
 recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_fr.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Sélectionner la langue
 loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours.
 loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante.
-loainfo.description.400=Veuillez saisir votre numéro AVS pour accéder à l'application.
+loainfo.description.400=Pour accéder à l'application, vous devez ajouter votre numéro AVS.
 loainfo.helper=Vos données doivent être vérifiées!
 loainfo.later=Plus tard
 loainfo.startNow=Voulez-vous commencer le processus maintenant?
@@ -174,8 +174,6 @@ recovery_check_code.invalid.code.tooLong=Le code est trop long
 recovery_check_code.noAccess=Je n’ai pas accès à mon code de récupération
 recovery_check_code.noCodeAccess=Êtes-vous sûr de ne pas avoir accès à votre code de récupération ?
 recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de récupération, veuillez vous rendre sur AGOV help et contacter le service d’assistance AGOV. Un agent pourra vous aider dans le processus de récupération.
-recovery_check_code.too_many_tries.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois.
-recovery_check_code.too_many_tries.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération.
 recovery_check_noCode.banner.error=Trop de tentatives.
 recovery_check_noCode.instruction1=Vous avez peut-être essayé de saisir le code de récupération trop de fois.
 recovery_check_noCode.instruction2=Veuillez fermer le navigateur web et recommencer la r&eacute;cup&eacute;ration du compte dans dix minutes &agrave; partir de <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -212,7 +210,7 @@ recovery_questionnaire_no_recovery.instruction2=Si vous avez enregistr&eacute; p
 recovery_questionnaire_reason_selection.answer1=Je n'arrive pas &agrave; me connecter, m&ecirc;me si j'ai mon application / ma cl&eacute; de s&eacute;curit&eacute;
 recovery_questionnaire_reason_selection.answer10=J'ai perdu l'un de mes facteurs d'authentification (application AGOV access ou cl&eacute; de s&eacute;curit&eacute;)
 recovery_questionnaire_reason_selection.answer2=Je n'ai pas pu terminer mon inscription
-recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute;, r&eacute;install&eacute; ou r&eacute;initialis&eacute; mon application d'acc&egrave;s AGOV
+recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute; ou r&eacute;initialis&eacute; mon application AGOV access
 recovery_questionnaire_reason_selection.answer4=J'ai perdu mon t&eacute;l&eacute;phone / cl&eacute; de s&eacute;curit&eacute;
 recovery_questionnaire_reason_selection.answer5=J'ai un nouveau t&eacute;l&eacute;phone et j'ai oubli&eacute; de transf&eacute;rer mon application AGOV access
 recovery_questionnaire_reason_selection.answer6=J'ai oubli&eacute; mon PIN pour l'application AGOV access

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_it.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Selezionare la lingua
 loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi.
 loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata.
-loainfo.description.400=Per accedere all'applicazione è necessario inserire il numero AVS.
+loainfo.description.400=Per acceddere all'applicazione deve inserire il numero AVS.
 loainfo.helper=I dati devono essere verificati!
 loainfo.later=Più tardi
 loainfo.startNow=Iniziare la procedura?
@@ -174,8 +174,6 @@ recovery_check_code.invalid.code.tooLong=Il codice è troppo lungo
 recovery_check_code.noAccess=Non ho il mio codice.
 recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino?
 recovery_check_code.noCodeAccessInstructions=Se non ha più il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assisterà nel processo di ripristino.
-recovery_check_code.too_many_tries.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte.
-recovery_check_code.too_many_tries.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
 recovery_check_noCode.banner.error=Troppi tentativi.
 recovery_check_noCode.instruction1=Potresti aver tentato di inserire il codice di ripristino troppe volte.
 recovery_check_noCode.instruction2=Chiudi il browser web e inizia nuovamente il processo di ripristino dell'account tra dieci minuti da <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -212,7 +210,7 @@ recovery_questionnaire_no_recovery.instruction2=Se ha registrato pi&ugrave; fatt
 recovery_questionnaire_reason_selection.answer1=Ho problemi ad accedere, anche se ho la mia app/chiave di sicurezza
 recovery_questionnaire_reason_selection.answer10=Ho perso uno dei miei fattori di accesso (app AGOV access o chiave di sicurezza)
 recovery_questionnaire_reason_selection.answer2=Non sono riuscito a completare la registrazione
-recovery_questionnaire_reason_selection.answer3=Ho eliminato, reinstallato o reimpostato la mia app AGOV access
+recovery_questionnaire_reason_selection.answer3=Ho eliminato o reimpostato la mia app AGOV access
 recovery_questionnaire_reason_selection.answer4=Ho perso il telefono/la chiave di sicurezza
 recovery_questionnaire_reason_selection.answer5=Ho un nuovo telefono e ho dimenticato di trasferire la mia app AGOV access
 recovery_questionnaire_reason_selection.answer6=Ho dimenticato il PIN dell'app AGOV access

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/mauth_link_qr.js

@@ -16,12 +16,6 @@
 
     let statusPolling;
 
-    let isPolling = false;
-    let pollingTimeout = null;
-
-    const POLLING_INTERVAL = 2000;
-    const REQUEST_TIMEOUT = 3000;
-
     function dispatchLink() {
 
         document.getElementById("mauth_started").style.display = "block"; // show
@@ -61,7 +55,9 @@
                     });
                     var sessionId = o.sessionId;
                     console.log("started polling for session ID: " + sessionId);
-                    poll(sessionId);
+                    statusPolling = window.setInterval(function () {
+                        poll(sessionId);
+                    }, 2000);
                 }
                 else {
                     console.log("authentication failed: " + o.dispatchResult);
@@ -74,36 +70,21 @@
     }
 
     function poll(sessionId) {
-        if (isPolling) {
-            return; // Exit if a polling request is already ongoing
-        }
 
-        isPolling = true;
+        const request = {};
+        request.fidoUafSessionId = sessionId;
 
-        const request = { fidoUafSessionId: sessionId };
-
-        const fetchRequest = fetch("", {
+        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        });
-
-        // Set up the timeout for the fetch request
-        const timeoutPromise = new Promise((_, reject) => {
-            pollingTimeout = setTimeout(() => {
-                reject(new Error('Request timed out'));
-            }, REQUEST_TIMEOUT);
-        });
-
-        Promise.race([fetchRequest, timeoutPromise])
-            .then(res => res.json())
-            .then(o => {
-                clearTimeout(pollingTimeout);
+        }).then(res => {
+            res.json().then(o => {
                 var status = o.status;
                 console.log("status: " + status);
-
                 if (status == 'clientAuthenticating') {
                     // show process icon
                     document.getElementById("mauth_loading").style.display = 'block';
@@ -118,24 +99,20 @@
                     addInput(form, "continue", "true"); // required for custom dispatching in usernameless
                     document.body.appendChild(form);
                     form.submit();
-                } else if (status == 'failed' || status == 'unknown') {
+                }
+                else if (status == 'failed' || status == 'unknown') {
+
                     clearInterval(statusPolling);
                     console.error("authentication failed with status: " + status);
+
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     addInput(form, "fidoUafSessionId", sessionId);
                     document.body.appendChild(form);
                     form.submit();
                 }
-            })
-            .catch((err) => {
-                console.error("error:", err);
-            })
-            .finally(() => {
-                isPolling = false;
-                // Schedule the next poll if needed
-                setTimeout(() => poll(sessionId), POLLING_INTERVAL);
             });
+        }).catch((err) => console.error("error: ", err));
     }
 
     dispatchLink();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/mauth_onboard.js

@@ -16,12 +16,6 @@
 
     let statusPolling;
 
-    let isPolling = false;
-    let pollingTimeout = null;
-
-    const POLLING_INTERVAL = 2000;
-    const REQUEST_TIMEOUT = 3000;
-
     function renderEnrollment() {
 
         // link is provided by a hidden GuiElem
@@ -58,53 +52,44 @@
     }
 
     function poll() {
-        if (isPolling) {
-            return; // Exit if a polling request is already ongoing
-        }
-
-        isPolling = true;
 
         // state is held on backend side
         const request = {};
 
-        const fetchRequest = fetch("", {
+        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        });
+        }).then(res => {
+            res.json().then(o => {
 
-        // Set up the timeout for the fetch request
-        const timeoutPromise = new Promise((_, reject) => {
-            pollingTimeout = setTimeout(() => {
-                reject(new Error('Request timed out'));
-            }, REQUEST_TIMEOUT);
-        });
-
-        Promise.race([fetchRequest, timeoutPromise])
-            .then(res => res.json())
-            .then(o => {
-                clearTimeout(pollingTimeout);
                 var status = o.status;
                 console.log("status: " + status);
 
                 if (status == 'clientRegistering') {
+
                     // show process icon
                     document.getElementById("mauth_loading").style.display = 'block';
 
                     // hide QR-code and information
                     document.getElementById("mauth_qrcode").style.display = 'none';
                     document.getElementById("mauth_qrcode_info").style.display = 'none';
-                } else if (status == 'succeeded') {
+                }
+                else if (status == 'succeeded') {
+
                     clearInterval(statusPolling);
-                    console.log("onboarding successful");
+                    console.error("onboarding successful");
 
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     document.body.appendChild(form);
                     form.submit();
-                } else if (status == 'failed' || status == 'unknown') {
+                }
+                else if (status == 'failed' || status == 'unknown') {
+
                     clearInterval(statusPolling);
                     console.error("onboarding failed with status: " + status);
 
@@ -113,15 +98,8 @@
                     document.body.appendChild(form);
                     form.submit();
                 }
-            })
-            .catch((err) => {
-                console.error("error:", err);
-            })
-            .finally(() => {
-                isPolling = false;
-                // Schedule the next poll if needed
-                setTimeout(() => poll(), POLLING_INTERVAL);
             });
+        }).catch((err) => console.error("error: ", err));
     }
 
     renderEnrollment();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/mauth_push_qr.js

@@ -16,12 +16,6 @@
 
     let statusPolling;
 
-    let isPolling = false;
-    let pollingTimeout = null;
-
-    const POLLING_INTERVAL = 2000;
-    const REQUEST_TIMEOUT = 3000;
-
     function dispatch(id) {
 
         document.getElementById("mauth_devices").style.display = "none"; // hide selection menu
@@ -76,7 +70,9 @@
                     });
                     var sessionId = o.sessionId;
                     console.log("started polling for session ID: " + sessionId);
-                    poll(sessionId);
+                    statusPolling = window.setInterval(function () {
+                        poll(sessionId);
+                    }, 2000);
                 }
                 else {
                     console.log("authentication failed: " + o.dispatchResult);
@@ -129,64 +125,47 @@
     }
 
     function poll(sessionId) {
-        if (isPolling) {
-            return; // Exit if a polling request is already ongoing
-        }
-        isPolling = true;
 
-        const request = { fidoUafSessionId: sessionId };
+        const request = {};
+        request.fidoUafSessionId = sessionId;
 
-        const fetchRequest = fetch("", {
+        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        });
-
-        // Set up the timeout for the fetch request
-        const timeoutPromise = new Promise((_, reject) => {
-            pollingTimeout = setTimeout(() => {
-                reject(new Error('Request timed out'));
-            }, REQUEST_TIMEOUT);
-        });
-
-        Promise.race([fetchRequest, timeoutPromise])
-            .then(res => res.json())
-            .then(o => {
-                clearTimeout(pollingTimeout);
+        }).then(res => {
+            res.json().then(o => {
                 var status = o.status;
                 console.log("status: " + status);
-
                 if (status == 'clientAuthenticating') {
                     document.getElementById("mauth_qrcode").style.display = 'none';
                     document.getElementById("mauth_qrcode_info").style.display = 'none';
                     document.getElementById("mauth_match_numbers").style.display = 'block';
                     document.getElementById("mauth_loading").style.display = 'block';
                 }
-
                 if (status == 'succeeded') {
                     clearInterval(statusPolling);
+                    // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     document.body.appendChild(form);
                     form.submit();
-                } else if (status == 'failed' || status == 'unknown') {
+                }
+                else if (status == 'failed' || status == 'unknown') {
+
                     clearInterval(statusPolling);
                     console.error("authentication failed with status: " + status);
+
+                    // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     addInput(form, "fidoUafSessionId", sessionId);
                     document.body.appendChild(form);
                     form.submit();
                 }
-            })
-            .catch((err) => {
-                console.error("error:", err);
-            })
-            .finally(() => {
-                isPolling = false;
-                // Schedule the next poll if needed
-                setTimeout(() => poll(sessionId), POLLING_INTERVAL);
             });
+        }).catch((err) => console.error("error: ", err));
     }
 
     renderDeviceList();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/mauth_usernameless.js

@@ -16,12 +16,6 @@
 
     let statusPolling;
 
-    let isPolling = false;
-    let pollingTimeout = null;
-
-    const POLLING_INTERVAL = 2000;
-    const REQUEST_TIMEOUT = 3000;
-
     function dispatch() {
 
         console.log("initiating usernameless mobile authentication...");
@@ -64,7 +58,9 @@
                     });
                     var sessionId = o.sessionId;
                     console.log("started polling for session ID: " + sessionId);
-                    poll(sessionId);
+                    statusPolling = window.setInterval(function () {
+                        poll(sessionId);
+                    }, 2000);
                 }
                 else {
                     console.log("authentication failed: " + o.dispatchResult);
@@ -77,66 +73,46 @@
     }
 
     function poll(sessionId) {
-        if (isPolling) {
-            return; // Exit if a polling request is already ongoing
-        }
 
-        isPolling = true;
+        const request = {};
+        request.fidoUafSessionId = sessionId;
 
-        const request = { fidoUafSessionId: sessionId };
-
-        const fetchRequest = fetch("", {
+        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        });
-
-        // Set up the timeout for the fetch request
-        const timeoutPromise = new Promise((_, reject) => {
-            pollingTimeout = setTimeout(() => {
-                reject(new Error('Request timed out'));
-            }, REQUEST_TIMEOUT);
-        });
-
-        Promise.race([fetchRequest, timeoutPromise])
-            .then(res => res.json())
-            .then(o => {
-                clearTimeout(pollingTimeout);
+        }).then(res => {
+            res.json().then(o => {
                 var status = o.status;
                 console.log("status: " + status);
-
                 if (status == 'clientAuthenticating') {
-                    // show process icon
-                    document.getElementById("mauth_loading").style.display = 'block';
                     document.getElementById("mauth_qrcode").style.display = 'none';
+                    document.getElementById("mauth_loading").style.display = 'block';
                 }
                 if (status == 'succeeded') {
                     clearInterval(statusPolling);
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
-                    addInput(form, "continue", "true"); // required for custom dispatching in usernameless
-                    document.body.appendChild(form);
-                    form.submit();
-                } else if (status == 'failed' || status == 'unknown') {
-                    clearInterval(statusPolling);
-                    console.error("authentication failed with status: " + status);
-                    // as this is the last call we have to do a top-level request instead of AJAX
-                    const form = createForm();
-                    addInput(form, "fidoUafSessionId", sessionId);
+                    addInput(form, "fidoUafDone", "true"); // checked by Groovy script
+                    document.body.appendChild(form);
+                    form.submit();
+                }
+                else if (status == 'failed' || status == 'unknown') {
+
+                    clearInterval(statusPolling);
+                    console.error("authentication failed with status: " + status);
+
+                    // as this is the last call we have to do a top-level request instead of AJAX
+                    const form = createForm();
+                    addInput(form, "fidoUafSessionId", sessionId); // checked by Groovy script
                     document.body.appendChild(form);
                     form.submit();
                 }
-            })
-            .catch((err) => {
-                console.error("error:", err);
-            })
-            .finally(() => {
-                isPolling = false;
-                // Schedule the next poll if needed
-                setTimeout(() => poll(sessionId), POLLING_INTERVAL);
             });
+        }).catch((err) => console.error("error: ", err));
     }
 
     dispatch();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/js-code/ask_mobile.js

@@ -1,6 +1,6 @@
 class ProvidePhoneNumber {
 	modal;
-	declineModal;
+	laterModal;
 	providePhoneNumberLaterButton;
 	phoneNumberInput;
 	agovInputPhoneNumberInput;
@@ -9,20 +9,24 @@ class ProvidePhoneNumber {
 
 	constructor() {
 		this.modal = document.querySelector('#modal');
-		this.declineModal = document.querySelector('#declineModal');
+		this.laterModal = document.querySelector('#laterModal');
 		this.providePhoneNumberLaterButton = document.querySelector('#providePhoneNumberLaterButton');
 		this.phoneNumberInput = document.querySelector('#phoneNumberInput');
 		this.agovInputPhoneNumberInput = document.querySelector('#agovInputPhoneNumberInput');
 		this.agovInputRepeatPhoneNumberInput = document.querySelector('#agovInputRepeatPhoneNumberInput');
 		this.repeatPhoneNumberInput = document.querySelector('#repeatPhoneNumberInput');
 
+		document.querySelector('#laterCheckbox').checked = true;
 		this.initializePhoneInput(this.phoneNumberInput);
 		this.addPhoneInputEventHandlers(this.phoneNumberInput);
 		this.addPhoneInputEventHandlers(this.repeatPhoneNumberInput);
 
-		document.querySelector('#declineModalBack').addEventListener('click', () => {
+		this.providePhoneNumberLaterButton.addEventListener('click', () => {
+			this.setVisible(this.laterModal);
+		});
+		document.querySelector('#laterModalBack').addEventListener('click', () => {
 			this.resetValidation(this.agovInputPhoneNumberInput);
-			this.setInvisible(this.declineModal);
+			this.setInvisible(this.laterModal);
 		});
 		document.querySelector('#repeatPhoneNumberModalBack').addEventListener('click', () => {
 			this.initializePhoneInput(this.phoneNumberInput);
@@ -35,7 +39,6 @@ class ProvidePhoneNumber {
 			}
 		});
 		document.querySelector('#providePhoneNumberContinueButton').addEventListener('click', () => {
-			const dialCode = `+${window.phoneNumberUtils.getDialCode()}`;
 			if (this.validateInput(this.agovInputPhoneNumberInput)) {
 				this.repeatPhoneNumberInput.value = '';
 				this.initializePhoneInput(this.repeatPhoneNumberInput);
@@ -43,10 +46,6 @@ class ProvidePhoneNumber {
 				this.showErrorBanner(false);
 				this.setVisible(this.modal);
 			}
-			else if (this.phoneNumberInput.value.trim() === '' ||
-				this.phoneNumberInput.value.trim() === dialCode) {
-				this.setVisible(this.declineModal);
-			}
 		});
 	}
 
@@ -119,12 +118,7 @@ class ProvidePhoneNumber {
 	evaluatePhoneNumbersAndSubmit() {
 		if (this.arePhoneNumbersEqual()) {
 			document.querySelector('#mobile').value = this.repeatPhoneNumberInput.value.trim().replaceAll(' ', '');
-			// Some other 'click' listeners from gsap (used in drawer.js) seem to interfere with the trigger click on
-			// submitPhoneNumber button. It happens only on mobile devices, where the drawer is used. setTimeout seems to help
-			// to avoid the issue (although it is just a workaround).
-			setTimeout(() => {
-				document.querySelector('#submitPhoneNumber').click();
-			}, 100);
+			document.querySelector('#submit').click();
 		}
 		else {
 			this.setInvisible(this.modal);

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/js-code/eid_verification.js

@@ -1,4 +0,0 @@
-document.addEventListener('DOMContentLoaded', function() {
-	document.dispatchEvent(new Event('initEidVerification'));
-	document.dispatchEvent(new Event('initCantonalBranding'));
-});

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/ask_mobile_number.vm

@@ -47,20 +47,14 @@
                 </div>
                 <div class="w-full sm:static mt-auto">
                     <div class="flex flex-col-reverse sm:flex-row gap-4">
-                        <form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
-                              class="w-full"
-                              accept-charset="UTF-8">
-                            <agov-button
-                                    data-name="submit"
-                                    data-value="submit"
-                                    data-style="secondary"
-                                    data-label="$text.get("loainfo.later")"
-                                    data-type="submit"
-                                    data-fullwidth="true">
-                            </agov-button>
-                            <input class="hidden" name="skip" value="later">
-                            <input class="hidden" name="authRequestId" type="hidden" value="$gui.getGuiElem('authRequestId').value"/>
-                        </form>
+                        <agov-button
+                                id="providePhoneNumberLaterButton"
+                                class="w-full"
+                                data-style="secondary"
+                                data-label="$text.get("loainfo.later")"
+                                data-type="button"
+                                data-fullwidth="true">
+                        </agov-button>
                         <agov-button
                                 id="providePhoneNumberContinueButton"
                                 class="w-full"
@@ -128,7 +122,7 @@
                     <agov-button
                             class="basis-full"
                             data-name="submit"
-                            data-id="submitPhoneNumber"
+                            data-id="submit"
                             data-value="submit"
                             data-type="submit"
                             data-label="$text.get("general.continue")"
@@ -161,7 +155,7 @@
     </div>
 </div>
 
-<div id="declineModal" class="fixed top-0 bottom-0 left-0 right-0 pb-20 z-50 hidden">
+<div id="laterModal" class="fixed top-0 bottom-0 left-0 right-0 pb-20 z-50 hidden">
     <div class="fixed top-0 bottom-0 left-0 right-0 backdrop-blur-[10px]" id="modal_light"></div>
     <div class="fixed top-0 bottom-0 left-0 right-0 bg-[#E2E2E2E5]/80 dark:bg-[#111111]/90" id="modal_dark"></div>
     <div id="drawer"
@@ -187,7 +181,7 @@
             <div class="w-full sm:static mt-auto sm:justify-items-end">
                 <div class="flex justify-end flex-col-reverse sm:flex-row gap-4">
                     <agov-button
-                            id="declineModalBack"
+                            id="laterModalBack"
                             data-style="secondary"
                             data-label="$text.get("general.back")"
                             data-type="button"
@@ -195,15 +189,17 @@
                     </agov-button>
                     <form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
                           accept-charset="UTF-8"
-                          class="flex flex-col flex-auto block">
+                          class="flex flex-col flex-auto block ">
                         <agov-button
+                                id="ask_mobile_continue"
                                 data-name="submit"
                                 data-value="submit"
+                                data-id="submit"
                                 data-label="$text.get("general.continue")"
                                 data-type="submit"
                                 data-fullwidth="true">
                         </agov-button>
-                        <input class="hidden" name="skip" value="persistent">
+                        <input id="laterCheckbox" class="hidden" type="checkbox" name="skip" value="true">
                         <input class="hidden" name="authRequestId" type="hidden" value="$gui.getGuiElem('authRequestId').value"/>
                     </form>
                 </div>
@@ -215,4 +211,5 @@
 <script src="${login.appDataPath}/static/js-code/ask_mobile.js">
 </script>
 
+
 #parse("${templatePath}/footer.vm")