new configuration version

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml

@@ -11,8 +11,8 @@ metadata:
 spec:
   type: "NevisAuth"
   replicas: 1
-  version: "8.2411.3"
+  version: "8.2505.5"
-  gitInitVersion: "1.3.0"
+  gitInitVersion: "1.4.0"
   runAsNonRoot: true
   ports:
     management: 9000
@@ -39,13 +39,14 @@ spec:
     management:
       httpGet:
         path: "/nevisauth/liveness"
+      initialDelaySeconds: 50
       periodSeconds: 5
       timeoutSeconds: 6
-      failureThreshold: 50
+      failureThreshold: 30
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-317ed268556b37656f27fb58fcffd4797cea27e4"
+    tag: "r-d6878093aefa2bfb8cc241b61fff5fe94bc95282"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict.properties

@@ -3,6 +3,7 @@ accept.button.label=Accept
 cancel.button.label=Cancel
 continue.button.label=Continue
 deputy.profile.label=(Deputy Profile)
+error.account.exists=Account already exists. Continue to log in.
 error.saml.failed=Please close your browser and try again.
 error_1=Please check your input.
 error_10=Please select the correct user account.
@@ -70,6 +71,8 @@ policyInfo.regex.numeric=▪ must contain at least {0} numeric characters.
 policyInfo.regex.upper=▪ must contain at least {0} upper case characters.
 policyInfo.title=The password has to comply with the following password policy:
 reject.button.label=Deny
+signup.button.label=Signup
+skip.button.label=Skip
 submit.button.label=Submit
 tan.sent=Please enter the security code which has been sent to your mobile phone.
 title.logout=Logout
@@ -77,4 +80,5 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Client Authorization
 title.saml.failed=Error
+title.signup=Create account
 title.timeout.page=Logout

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_de.properties

@@ -3,6 +3,7 @@ accept.button.label=Akzeptieren
 cancel.button.label=Abbrechen
 continue.button.label=Weiter
 deputy.profile.label=(Profil Stellvertreter)
+error.account.exists=Konto existiert bereits. Melden Sie sich an.
 error.saml.failed=Bitte schliessen Sie Ihren Browser und versuchen Sie es erneut.
 error_1=Bitte überprüfen Sie Ihre Eingabe.
 error_10=Bitte wählen Sie den gewünschten Benutzer.
@@ -70,6 +71,8 @@ policyInfo.regex.numeric=▪ muss mindestens {0} numerische Zeichen enthalte
 policyInfo.regex.upper=▪ muss mindestens {0} Grossbuchstaben enthalten.
 policyInfo.title=Das Passwort muss den folgenden Passwort-Richtlinien entsprechen:
 reject.button.label=Ablehnen
+signup.button.label=Registrieren
+skip.button.label=Überspringen
 submit.button.label=Senden
 tan.sent=Bitte erfassen Sie den Sicherheitscode, welcher an Ihr Mobiltelefon gesendet wurde.
 title.logout=Logout
@@ -77,4 +80,5 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Client Authorisierung
 title.saml.failed=Error
+title.signup=Konto erstellen
 title.timeout.page=Logout

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_en.properties

@@ -3,6 +3,7 @@ accept.button.label=Accept
 cancel.button.label=Cancel
 continue.button.label=Continue
 deputy.profile.label=(Deputy Profile)
+error.account.exists=Account already exists. Continue to log in.
 error.saml.failed=Please close your browser and try again.
 error_1=Please check your input.
 error_10=Please select the correct user account.
@@ -70,6 +71,8 @@ policyInfo.regex.numeric=▪ must contain at least {0} numeric characters.
 policyInfo.regex.upper=▪ must contain at least {0} upper case characters.
 policyInfo.title=The password has to comply with the following password policy:
 reject.button.label=Deny
+signup.button.label=Signup
+skip.button.label=Skip
 submit.button.label=Submit
 tan.sent=Please enter the security code which has been sent to your mobile phone.
 title.logout=Logout
@@ -77,4 +80,5 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Client Authorization
 title.saml.failed=Error
+title.signup=Create account
 title.timeout.page=Logout

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_fr.properties

@@ -3,6 +3,7 @@ accept.button.label=Accepter
 cancel.button.label=Abandonner
 continue.button.label=Continuer
 deputy.profile.label=(Profil du suppléant)
+error.account.exists=Le compte existe déjà. Continuez à vous connecter.
 error.saml.failed=Fermez votre navigateur et r;eacute;essayez.
 error_1=Veuillez vérifier vos données, s.v.p.
 error_10=Choisissez votre compte.
@@ -70,6 +71,8 @@ policyInfo.regex.numeric=▪ doit comprendre au minimum {0} caractères
 policyInfo.regex.upper=▪ doit contenir au moins {0} caractère(s) majuscule(s).
 policyInfo.title=Le mot de passe doit respecter les règles suivantes:
 reject.button.label=Refuser
+signup.button.label=Inscription
+skip.button.label=Passer
 submit.button.label=Envoyer
 tan.sent=Veuillez saisir le code de sécurité que vous avez reçu au votre téléphone mobile.
 title.logout=Logout
@@ -77,4 +80,5 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Autorisation du client
 title.saml.failed=Error
+title.signup=Créer un compte
 title.timeout.page=Logout

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_it.properties

@@ -1,8 +1,9 @@
 
-accept.button.label=Accettare
+accept.button.label=Accetta
-cancel.button.label=Abortire
+cancel.button.label=Annulla
 continue.button.label=Continua
 deputy.profile.label=(profilo del delegato)
+error.account.exists=L'account esiste gi<67>. Prosegui col login.
 error.saml.failed=Chiudi il browser e riprova.
 error_1=Verificare i dati immessi.
 error_10=Per favore selezionare il conto utente corretto.
@@ -69,7 +70,9 @@ policyInfo.regex.nonLetter=&#9642; non pu&ograve; contenere pi&ugrave; di {0} nu
 policyInfo.regex.numeric=&#9642; deve contenere un minimo di {0} carattere/i numerico/i.
 policyInfo.regex.upper=&#9642; deve conenere almeno {0} carattere/i maiuscolo/i.
 policyInfo.title=La password deve rispettare le seguenti direttive:
-reject.button.label=Rifiuti
+reject.button.label=Rifiuta
+signup.button.label=Iscriviti
+skip.button.label=Salta
 submit.button.label=Continua
 tan.sent=Inserisci il codice di sicurezza che &egrave; stato inviato al tuo telefono cellulare.
 title.logout=Logout
@@ -77,4 +80,5 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Autorizzazione del client
 title.saml.failed=Error
+title.signup=Crea un account
 title.timeout.page=Logout

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf

@@ -13,8 +13,9 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2505.5,service.instance.id=$HOSTNAME"
     "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-sts-idp-extended-truststore/truststore.p12"
     "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-sts-idp-extended-truststore/keypass}"
 )
 
+

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/esauth4.xml

@@ -431,4 +431,6 @@
         <!-- source: pattern://eaae1a7d4c4e0ce653074f22 -->
         <property name="secToken.binary" value="true"/>
     </WebService>
+    <!-- source: pattern://4bad2fe3ccc54716cc87138f -->
+    <RESTService name="ManagementService" class="ch.nevis.esauth.rest.service.session.ManagementService"/>
 </esauth-server>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/logging.yml

@@ -16,16 +16,12 @@ Configuration:
       level: "INFO"
     - name: "EsAuthStart"
       level: "INFO"
-    - name: "org.apache.catalina.loader.WebappClassLoader"
-      level: "FATAL"
-    - name: "org.apache.catalina.startup.HostConfig"
-      level: "ERROR"
-    - name: "ch.nevis.esauth.events"
-      level: "FATAL"
     - name: "AGOV-ACCT"
       level: "DEBUG"
     - name: "AgovCaptcha"
       level: "DEBUG"
+    - name: "ArtifactResolutionService"
+      level: "DEBUG"
     - name: "AuthEngine"
       level: "INFO"
     - name: "AuthPerf"
@@ -33,9 +29,11 @@ Configuration:
     - name: "IdmAuth"
       level: "DEBUG"
     - name: "OpTrace"
-      level: "DEBUG"
+      level: "INFO"
     - name: "Recovery"
       level: "DEBUG"
+    - name: "Saml"
+      level: "DEBUG"
     - name: "Script"
       level: "DEBUG"
     - name: "SessCoord"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/otel.properties

@@ -1,4 +1,5 @@
 otel.service.name = auth-sts
+otel.traces.sampler = always_on
 otel.traces.exporter = none
 otel.metrics.exporter = none
 otel.logs.exporter = none

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-internal-idp-auth-signer-trust-7022472ae407577ae604bbb8.yaml

@@ -10,7 +10,7 @@ metadata:
     patternId: "7022472ae407577ae604bbb8"
 spec:
   keystores:
-  - name: "auth-sh4r3d-internal-idp-auth-signer"
-    namespace: "adn-agov-nevisidm-01-uat"
   - name: "auth-sts-sh4r3d-internal-idp-auth-signer"
     namespace: "adn-agov-nevisidm-01-uat"
+  - name: "auth-sh4r3d-internal-idp-auth-signer"
+    namespace: "adn-agov-nevisidm-01-uat"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml

@@ -11,8 +11,8 @@ metadata:
 spec:
   type: "NevisAuth"
   replicas: 1
-  version: "8.2411.3"
+  version: "8.2505.5"
-  gitInitVersion: "1.3.0"
+  gitInitVersion: "1.4.0"
   runAsNonRoot: true
   ports:
     management: 9000
@@ -39,15 +39,19 @@ spec:
     management:
       httpGet:
         path: "/nevisauth/liveness"
+      initialDelaySeconds: 50
       periodSeconds: 5
       timeoutSeconds: 6
-      failureThreshold: 50
+      failureThreshold: 30
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-0a95034444af9c2e5b4a8c12cc3a0f444f6b0447"
+    tag: "r-53c09bd6632aebeda2b892197a01a8f7f185561d"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
     credentials: "git-credentials"
+  database:
+    name: "auth"
+    requiredVersion: "8.2505.5"
   keystores:
   - "auth-sh4r3d-internal-idp-auth-signer"
   - "auth-auth-realm-mobile-fido-uaf-tls-client-nevisfido"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-database-b7b59e97b3fd18bb60178573.yaml

@@ -0,0 +1,26 @@
+apiVersion: "operator.nevis-security.ch/v1"
+kind: "NevisDatabase"
+metadata:
+  name: "auth"
+  namespace: "adn-agov-nevisidm-01-uat"
+  labels:
+    deploymentTarget: "auth"
+  annotations:
+    projectKey: "DEFAULT-ADN-AGOV-PROJECT"
+    patternId: "b7b59e97b3fd18bb60178573"
+spec:
+  type: "NevisAuth"
+  databaseType: "MariaDB"
+  version: "8.2505.5"
+  url: "mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat"
+  port: 3306
+  database: "nevisauth"
+  bootstrap: true
+  migrate: true
+  rootCredentials:
+    name: "root-mariadb-session-store"
+    namespace: "adn-agov-nevisidm-ob-01-uat"
+  podSecurity:
+    policy: "baseline"
+    automountServiceAccountToken: false
+  timeZone: "Europe/Zurich"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/key.pem

@@ -1,54 +1,54 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQU95KG57RacAYBmkeQ
+MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUvdFHAj0YggoFr07l
-DIe1bZS0sbkCAggAMB0GCWCGSAFlAwQBKgQQyxdAya9Sd4oHLO1pzVWcYASCCVDT
+OCEjWZAMT1oCAggAMB0GCWCGSAFlAwQBKgQQc0LHn1pUPI8PXXos61VpwgSCCVBh
-ozdXT3vjyqMzza4QKaMD4ywSAzGhQRM/TnxU5JbRLNMpdtq76Mfet2pv++UUjcof
+wA/Ghkde2sb3r+cGG6k7iyM3UWPWu0f0Ac+i4uoKoQhGWlbsMVj/GRgDCcfr5D+C
-16EsdOOpDQdxdzQWmwGUNwjkX5YyWTaAefV8l9n6Bp8LV0XabS9We3g5Jr1KjuzP
+2DOvjttdX17UIbEpSC8qbUsplrlSnZGZrizQN5oS7iKNegFQENUpj7uNjZ7ASJy3
-O/xJgB2o6BcD/WRPeOaANSGoyWce4rCkpDwqxrp+tY9EK19SoCZG9Zy2hnPPH2Hc
+ZOIOsCvuNau+7teDrlIfcUe/A7M9Pm+ZkVFhCDEys1igRb9Sv0EBwQ6aYeei2BtF
-QgtgCAzqaXIp49KIXHn/Uo532lIz3WqkkhzVakwgAKLKIvc/SwgP0eSXLvPjeJYS
+KbnVuEJTi38uGj1VB1E6z8YswlqRIPjcs2UnOUuQ3GBMDLnd4hYGvYOs6Sh8p3kh
-L8DngPP0YD7IPgIs7WmMNNE7or69e7mO0miUOl7xStNHzHpLmtLNbYI7Pk6NLT7N
+ELP/vZ7zNtSdKVjmsTLyk7BVFkOI5sdBS6igon1aqDqTsY3POgLoqtqi3fF4BKIZ
-kWfh2+E21R7llsW57boMACXVr7N3CHOlZQhUNViyjPayo1njVnp6gGzuIxluhHJY
+mhsU7CfF++AutxHaDWXj+0qLcKkA3SSnYdKOJmOBeBEnqqFv5SQ2YZe/DCetfhjS
-CL070oqBeEYVfvE07HQ4Qd0BL5c02pdrKjdzBYyLwzSNKn2RzgS2R/XtEqdmOUo+
+SpY4aST2aCfSAWzK6Amo2/TH7bLqgqwqs+RICcQLpOVD9OLSDX+7vqqo+xWzdONw
-iuRngv9D1UPSI2xlFhv84778ktEeSf8l1nLltqhPJAmJUjSAcu/zjN4Q+HXqMRaF
+pm+l/x/9NEgTSEwZv7gJxPg8omBub7HR/SHR7BSb8dsld8wUdgNFeixY6NXTLxHv
-IocDV4I7CaXDc2E0YdU8uHuzzUHLflJ2OZwU5N7tkoVOtAYHKUwCP4J/zpLSe2V2
+92HKR6Cw5vFd0OaDGlQL1ay3UAc2SPNE2/0oHEAbwoRPKcNhhHGXl8skhuKHgupp
-MIh40IVJK4gzb+iyBiOnsnKKQCKMPbS4lH8zC2S486MgjgbhlZeFg0nOF955c61l
+6gWRpsQeKechQCysP/wRMm7v0przBCUm+PSUpbT5aV3j+iQYXGdme9E01TaRaKKb
-Sb4MBrexU4s1TUg/fDpYt6jPZoKivN72jzi60kV43gBFHmP3X4SRAUQ4Y3h5NFF8
+BhiuyzDBPwXeUktBpvpq7d/pOp3eTbF8cbXXDP+DqRl6KcHK5wB+wEavqVo06RGZ
-h2p4wvYRsYEexjJU/+WJG4Yi1wSi3oEqD161a6vPOsKBLBdLRo1vgnQdGFx/k83X
+NtdHzOJTT1V0cUMobsI7hC0TcB0YeeZBRX66tMIrjCl4QuS2nv8Kn0oz2nZ8htfm
-vjPlI2eEUMPCntNBbrTy8eUSJz/0OH2phztZpHuh5cfy4ErUi19d9ywZUlhurGvX
+5M6cwBd/NymfGIEI2RR53fv5dN917WsagY5n0lQzNV4VAK1WrxfxtbUuQVKK5S02
-dC7ouTEqRZLkkSCfGTQM0q0O4JQJTLb5N4gWdZxQd2UwGv3jCK7m5eWx3bTdhhXi
+zqGxriMQ9CA1tU86Ec0Gk4mbiEwExArD1YprHl0p8HhEV34J9VjG+GhSXpKp/1zL
-179DoSpYBCJF3msn0ROO6PxsccH0w/I6KMi3QNmsDlXhDr6XIBya8CU0lx9lp0pl
+wl+LChF/GxW6INFxH0qo7ecFodoJPTNdTxFHhzdMBoXf2sXpR9nFMuvuRdlS6rKy
-5q62D26Ylr2fovd3qKKbwP6RaZarCzKLO6dWdyMqtUwVlX2FDCFd/SPGWc2TmuVS
+zytxZLwT8EF7f4x0BgxCDFD+/1WonSSWahgMWfmthrt9MSFH17ZMd3/aVkJwDxrk
-vLb981Zm13AfYtNUSfusroDp3TEuvl7cwozg7p33SQhuCmgKnxMd0iXd5QQZjrR0
+61IBEgJI/DhGniNnzK171XiG7cpunwd7TV4RV1i8munPMi4Za1w4rwTzhnLzZ1/R
-t+y22dHrD1agkkoFMLz/+d+930J0sY4odG/HbL2Bv8ZelVUjA8XSFoGBEA+rfQCg
+jK5AO5waKqecmrMFOhWrcekwn43Tx0PpOeAA9iDlfGPGrY0mCgKTmlccqgrFKtn6
-DGmLh5a+/yfzxCEKWVLqmwHWbSkub8bXdl6EKEyaO9qo1KCLAf3tArQx45sqw8bK
+sjNRsRQ8/77cBRbX8Acrc4wG1814ggLMp1RxRgoHLnzIz0tSbay6eE/TuUMqRalQ
-8AYq2mrNIiMDhHub+XEEC0Aw2lZkJOrwwMEsTcZWfBvj56MdRNXuZMvPdarTbnDx
+HAurDKHOJEjS3Kv5SKli0MzsTwGxyoycF6er76CYiIo+n1CBBRrIg/iDaLkKV4TK
-zzxatqIwfvpOy/S2Poyrc6GuprbZCM6N+cDLdWQqAHVwAlx77NhiJ6s3vUnE3vB7
+E56rxVfVKmN1yg5lNYTg+F7DDudY4/R6RGmORi9dsmgGS/qeKcX/ggdXrgt1Hd07
-aHgmXU+a8uPA64tKKaRNQJ31f7viCkWJXEbbEhVTzCvFcoqbKPPMm9w7nO8PMUTu
+0xOQmR1rdKnmNoqJXoYhSmMHvCRBc1Yf4xkfvOsE8LQoG91lpucsWjAJM6FnHZRU
-BmwSFEKhd3BDKZavqTHKi66fF3A5ALFYAkMw/AlvinMitb9s+7WlWQrdvSFkqHsY
+TlOXa/Z3DDtbr17arJdFtOSsaYodhZcG42diamhbMvKyoYYTwwXubFKOZCQplrin
-wNQ1ankleYd24/8ZllvsQpleLMepDSxP6zUMpXSHbTKp5MZeoCaaY1RCkg7aOduz
+343cmbhpGfIyhSMerWOsULDffhizfkH8cyXjb2bJZk1zX8/CUtPegAjv0L0zdtv+
-brnD7lRAfLp0H72nxVgC7n6VjidOSruF7k9WIN9VVbP0ZVL/QtkKRWd/hEmtMNaH
+6A8UZqGDSbzzGuksUtcNLpnaQeDoLm2GlF8r6JCGRt/31ROI2Eqf71hve55s2DE1
-ELg2ekdm3zvdBuvtr0jNiCxbhTr3j5OWQkT/BjZxHpZfA14XEROJC2Slo3PxUwBH
+whdv+YxmphNgnCn095p8gnOZMmYz2tQMEtslKr+TmYWNxSoB9MCtTDAbtRNxkfnn
-0lE0cICWTeaeYcCX8ofawN+t1Qa6UD0sLl2670Kc7pozkJM4ul19rGA2KsHX89gE
+rjZxe2vHNapJ6VmIfDDuyNxz3323Z9sAzLkqGAe83Zx7XLpXjs0HUaG2EQnMffT8
-CaB1CkhFCqZhPbqX9yonv9XZtLb8Of8rBNVd/2QKN4/tOXcMYshzakSfSSIsyxxt
+Frfr9ptczfav1tkmFQMBmCL5xS4/1gkQyNwB2wy8Kdez0T6Oxm31D63HgwKT9pmE
-QgMPRfz0nJTtP7v8ZbwIO+ayGoUeH7aYKhQ6Ku3qW9XuYiy+oMTIOToCSddnEI5t
+6EGnxUOBvNk3MEeiaC10plR3cl2PxANqfbtwPuor/a2IQq2zABnjaPgrQn1zexB5
-JNuPkT9kzA9stkRbFV5kBvrv5LWprWDXdA/wyAWG7txncWj6UzGlP8C3KhtMHLHv
+0ncTjv3OcQLAH0di7V0vKpTIQpUL8QM+Sor5YRSO36CgJxVrS7aKo8W0QRSUwgy9
-CiOXrE8UJdNNeT52dYI9slg+tzcCfz3sqMr9zXratvT6JMzrQZqCSis8vIx18TIK
+PGEHu3tagqs05ryIcyU0KaO3KJzkGA/in/OGtm2x3/lFogsvTajleIDcqO6rHYGV
-N5yDWHDFUOeNpo7aRqd5goW3qProwfZDjBXiqE4J+AJ5wc73PuftHt2l00zvLDWs
+JYtXn8drG31cbmTtak+N/VfmAVpQ6PJG8b3YevW1W1ySxriTm4jGMvtunDtreyEB
-SFIRvXbavNBA7GxpVtN8Qxmk6Lm0u0pBiastndowgAI5OIQVuwoA21vXyC5n9pMd
+MXzSeWhtWot6IBWDMNqh9JIghmG+gwI1xD2AK1BR9ifSgjQ8ZA8mc2C2kinka9wl
-bPJsmiPyme62OkCWmAjBNDLNVViwKMH8BxmLKJxX+6ysNsn0YY1+9YfI/zC3j4jM
+Sl7/9/rdsQQRJs7inNUvJ8W4eY62ILlRyAe0xaUlo08JUhlK3Xf3LWD4frRfHoBx
-OYsK1c0NvFIv5aUxRQZLTJJt9C299jGNvdAJsfdp4LHejzZUjnx3nguz/l6RI1Vb
+hCxfOAnlSzaRksatd0N72LiVLIL864peScyMpvS1EaE1aUGhfnFemb5wXIewyY1g
-vjQ1qDRPhkgErGXSHsCoCt+z5Y6mq17JWEX/FiXBWQbfSGoG/ZvoOqiBybCQ3HNl
+Hj6bKTQlt0iB+aVj1EWSfGrZ8sshWB91dBNCssu0q+DHHzAX1wkE0i8eNlLlFcmm
-o9QM1sNQ5fUZDh0TgwkJB91rZXPwi828RklMW8VZszZir5gziTnndhw0ADLCZZ6z
+aDReRJSS+7qAVGdksEyzE+IGAzbXnYKyWudpdB/WwR+6kDEKsqFv52z0i0JH83Tj
-nA0vZAI7sjoEeIgiJq3egrsSLq2ZQRQsh5QF+Xo2QktleGvPrtMv//ZyGz4l59yc
+QvinHcyh3nLfXf+GV9LYjLhZEOkHm8diHgYdRMsY2d21jd0q6Eo7hiQzF3pSutj2
-wX/7DtABurFhVs3KdYohcqXk2v5jJCMs+j9YDn6540QR6yXcbifp9ySqhm/PeH91
+GxDya0+rDK8LP9LboYOUTyJaNZPcqlTrQjQQls55kTnHinImYgiT91w6GhFS4GU4
-UuL16YKxoV6QBZIGE0vjdUitGKNsS+H4ibD/0ZHYG+VcyL90eIrBq61CjfIO79O0
+E3KSIsYzBo64HjHl0vLwcfJ6ghvUMu4cTW1z1L0+ieKqiajIMuvQmIxhS9fO2qVg
-L9+G4gKB91stXwtpqZWXTrlzrnjloZOPhqyQN/bs/liWQ6qy0a6Cd6nbWc141An1
+FbsihnJKq/EbeU7uMGq/3FJWJk0D0G8SiJsgP85mbY90qePW3CvnoRnH6PemYCeF
-zEiOihbwLJ4ziCut+bq5lwyw6z/wWEhaVNnYspEEBr2URLMHbnBceS6zXoePT0ur
+T3qJMPFgT2ncLhIrC5cR7F27DCU/CH1jJW4GRx7PeNBeLErWpDghzeJS5IJFW5q8
-9mQQLitmtlANlJ93vBDPhCaEjkK1v5J7MmIHQzyLSQGuLdXwz50piJukWru3aNax
+RIw/HJaLd6TmPNnjQ7XXpU6J519EHRmFDnANXooLDFnwDqam0sokdg9ix4yQYw+e
-skloghJYeTMILEcGAszvyVtcvPqkrJnZXx4Qp7Luj5HK9THr78v3T4nWzirfqxPZ
+jh3mOQJ5lwtccSFpcgGvzApA+xd62//qFixqe0zoq9ThEvPB9wKQe8aAtCsDxrvw
-x70xRyhsC2lLcIrJ+3jkXj44edIqdh3Wvi30L2x2iUFyZ0ojQJQDo/+5b+p9k36L
+PKLbsdy9OdqM1h3TWh+ioWZJb69LRA9MoArAZ8ntpHluQ1amL1wiV8wJReXD4kua
-Dk8ktpeIa/BE3NsfcFaWn9bvRkQ6UAQcNn1zmkavfw5TLI4C1PnD/WUpPHZdhzNV
+fGbf+S1wnUlH4lTkJa0ApTIM0OsWzYFb2F8VDdgvfmtCSYlbS37Qy4+TKJFNtMEA
-K87CsUawxjEg0uCCaViShF6bD9mOWQxE3SM9yNizjTmotF6KrgkT16y/qZ17KGQM
+FQyLUmAlgCdgAiBLVrrV9uDYeRnPVUShlsyZCwBUm92cjDiQkSWhDjro7NQTBMfo
-hJ5PraGu9jvg+L/MrQpr91eyJaeh9JFl9dM/SPM0mXo5q813bdMmqD4cc3YWCLee
+I4A+5OhaX61eNJYFqXv0KWBTGjRnW/dhAilNlc0QWKO+p4mwtTUlwVe0EMb3naxh
-dHtmaKJ08KD1cJqHBz0DRLVV+zH00BMoYt5HZ5DmHFU1zhDekWZLhilbyWt8+z1E
+9ioJUHlwkcfJWBQAVAR/pbslzlpND8wE8NnH5P6z0H95ft3Q6v+JYD2zdhTTfTlw
-bzsoEAfZvyfvF7fJuxQ/HhYdR6TX5H+aNzZZivVc6g==
+X/YlQuf14Vuey6B9bnAPHKh2zE5x53MwVL0OvnfVnw==
 -----END ENCRYPTED PRIVATE KEY-----

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.pem

@@ -1,56 +1,56 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQU95KG57RacAYBmkeQ
+MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUvdFHAj0YggoFr07l
-DIe1bZS0sbkCAggAMB0GCWCGSAFlAwQBKgQQyxdAya9Sd4oHLO1pzVWcYASCCVDT
+OCEjWZAMT1oCAggAMB0GCWCGSAFlAwQBKgQQc0LHn1pUPI8PXXos61VpwgSCCVBh
-ozdXT3vjyqMzza4QKaMD4ywSAzGhQRM/TnxU5JbRLNMpdtq76Mfet2pv++UUjcof
+wA/Ghkde2sb3r+cGG6k7iyM3UWPWu0f0Ac+i4uoKoQhGWlbsMVj/GRgDCcfr5D+C
-16EsdOOpDQdxdzQWmwGUNwjkX5YyWTaAefV8l9n6Bp8LV0XabS9We3g5Jr1KjuzP
+2DOvjttdX17UIbEpSC8qbUsplrlSnZGZrizQN5oS7iKNegFQENUpj7uNjZ7ASJy3
-O/xJgB2o6BcD/WRPeOaANSGoyWce4rCkpDwqxrp+tY9EK19SoCZG9Zy2hnPPH2Hc
+ZOIOsCvuNau+7teDrlIfcUe/A7M9Pm+ZkVFhCDEys1igRb9Sv0EBwQ6aYeei2BtF
-QgtgCAzqaXIp49KIXHn/Uo532lIz3WqkkhzVakwgAKLKIvc/SwgP0eSXLvPjeJYS
+KbnVuEJTi38uGj1VB1E6z8YswlqRIPjcs2UnOUuQ3GBMDLnd4hYGvYOs6Sh8p3kh
-L8DngPP0YD7IPgIs7WmMNNE7or69e7mO0miUOl7xStNHzHpLmtLNbYI7Pk6NLT7N
+ELP/vZ7zNtSdKVjmsTLyk7BVFkOI5sdBS6igon1aqDqTsY3POgLoqtqi3fF4BKIZ
-kWfh2+E21R7llsW57boMACXVr7N3CHOlZQhUNViyjPayo1njVnp6gGzuIxluhHJY
+mhsU7CfF++AutxHaDWXj+0qLcKkA3SSnYdKOJmOBeBEnqqFv5SQ2YZe/DCetfhjS
-CL070oqBeEYVfvE07HQ4Qd0BL5c02pdrKjdzBYyLwzSNKn2RzgS2R/XtEqdmOUo+
+SpY4aST2aCfSAWzK6Amo2/TH7bLqgqwqs+RICcQLpOVD9OLSDX+7vqqo+xWzdONw
-iuRngv9D1UPSI2xlFhv84778ktEeSf8l1nLltqhPJAmJUjSAcu/zjN4Q+HXqMRaF
+pm+l/x/9NEgTSEwZv7gJxPg8omBub7HR/SHR7BSb8dsld8wUdgNFeixY6NXTLxHv
-IocDV4I7CaXDc2E0YdU8uHuzzUHLflJ2OZwU5N7tkoVOtAYHKUwCP4J/zpLSe2V2
+92HKR6Cw5vFd0OaDGlQL1ay3UAc2SPNE2/0oHEAbwoRPKcNhhHGXl8skhuKHgupp
-MIh40IVJK4gzb+iyBiOnsnKKQCKMPbS4lH8zC2S486MgjgbhlZeFg0nOF955c61l
+6gWRpsQeKechQCysP/wRMm7v0przBCUm+PSUpbT5aV3j+iQYXGdme9E01TaRaKKb
-Sb4MBrexU4s1TUg/fDpYt6jPZoKivN72jzi60kV43gBFHmP3X4SRAUQ4Y3h5NFF8
+BhiuyzDBPwXeUktBpvpq7d/pOp3eTbF8cbXXDP+DqRl6KcHK5wB+wEavqVo06RGZ
-h2p4wvYRsYEexjJU/+WJG4Yi1wSi3oEqD161a6vPOsKBLBdLRo1vgnQdGFx/k83X
+NtdHzOJTT1V0cUMobsI7hC0TcB0YeeZBRX66tMIrjCl4QuS2nv8Kn0oz2nZ8htfm
-vjPlI2eEUMPCntNBbrTy8eUSJz/0OH2phztZpHuh5cfy4ErUi19d9ywZUlhurGvX
+5M6cwBd/NymfGIEI2RR53fv5dN917WsagY5n0lQzNV4VAK1WrxfxtbUuQVKK5S02
-dC7ouTEqRZLkkSCfGTQM0q0O4JQJTLb5N4gWdZxQd2UwGv3jCK7m5eWx3bTdhhXi
+zqGxriMQ9CA1tU86Ec0Gk4mbiEwExArD1YprHl0p8HhEV34J9VjG+GhSXpKp/1zL
-179DoSpYBCJF3msn0ROO6PxsccH0w/I6KMi3QNmsDlXhDr6XIBya8CU0lx9lp0pl
+wl+LChF/GxW6INFxH0qo7ecFodoJPTNdTxFHhzdMBoXf2sXpR9nFMuvuRdlS6rKy
-5q62D26Ylr2fovd3qKKbwP6RaZarCzKLO6dWdyMqtUwVlX2FDCFd/SPGWc2TmuVS
+zytxZLwT8EF7f4x0BgxCDFD+/1WonSSWahgMWfmthrt9MSFH17ZMd3/aVkJwDxrk
-vLb981Zm13AfYtNUSfusroDp3TEuvl7cwozg7p33SQhuCmgKnxMd0iXd5QQZjrR0
+61IBEgJI/DhGniNnzK171XiG7cpunwd7TV4RV1i8munPMi4Za1w4rwTzhnLzZ1/R
-t+y22dHrD1agkkoFMLz/+d+930J0sY4odG/HbL2Bv8ZelVUjA8XSFoGBEA+rfQCg
+jK5AO5waKqecmrMFOhWrcekwn43Tx0PpOeAA9iDlfGPGrY0mCgKTmlccqgrFKtn6
-DGmLh5a+/yfzxCEKWVLqmwHWbSkub8bXdl6EKEyaO9qo1KCLAf3tArQx45sqw8bK
+sjNRsRQ8/77cBRbX8Acrc4wG1814ggLMp1RxRgoHLnzIz0tSbay6eE/TuUMqRalQ
-8AYq2mrNIiMDhHub+XEEC0Aw2lZkJOrwwMEsTcZWfBvj56MdRNXuZMvPdarTbnDx
+HAurDKHOJEjS3Kv5SKli0MzsTwGxyoycF6er76CYiIo+n1CBBRrIg/iDaLkKV4TK
-zzxatqIwfvpOy/S2Poyrc6GuprbZCM6N+cDLdWQqAHVwAlx77NhiJ6s3vUnE3vB7
+E56rxVfVKmN1yg5lNYTg+F7DDudY4/R6RGmORi9dsmgGS/qeKcX/ggdXrgt1Hd07
-aHgmXU+a8uPA64tKKaRNQJ31f7viCkWJXEbbEhVTzCvFcoqbKPPMm9w7nO8PMUTu
+0xOQmR1rdKnmNoqJXoYhSmMHvCRBc1Yf4xkfvOsE8LQoG91lpucsWjAJM6FnHZRU
-BmwSFEKhd3BDKZavqTHKi66fF3A5ALFYAkMw/AlvinMitb9s+7WlWQrdvSFkqHsY
+TlOXa/Z3DDtbr17arJdFtOSsaYodhZcG42diamhbMvKyoYYTwwXubFKOZCQplrin
-wNQ1ankleYd24/8ZllvsQpleLMepDSxP6zUMpXSHbTKp5MZeoCaaY1RCkg7aOduz
+343cmbhpGfIyhSMerWOsULDffhizfkH8cyXjb2bJZk1zX8/CUtPegAjv0L0zdtv+
-brnD7lRAfLp0H72nxVgC7n6VjidOSruF7k9WIN9VVbP0ZVL/QtkKRWd/hEmtMNaH
+6A8UZqGDSbzzGuksUtcNLpnaQeDoLm2GlF8r6JCGRt/31ROI2Eqf71hve55s2DE1
-ELg2ekdm3zvdBuvtr0jNiCxbhTr3j5OWQkT/BjZxHpZfA14XEROJC2Slo3PxUwBH
+whdv+YxmphNgnCn095p8gnOZMmYz2tQMEtslKr+TmYWNxSoB9MCtTDAbtRNxkfnn
-0lE0cICWTeaeYcCX8ofawN+t1Qa6UD0sLl2670Kc7pozkJM4ul19rGA2KsHX89gE
+rjZxe2vHNapJ6VmIfDDuyNxz3323Z9sAzLkqGAe83Zx7XLpXjs0HUaG2EQnMffT8
-CaB1CkhFCqZhPbqX9yonv9XZtLb8Of8rBNVd/2QKN4/tOXcMYshzakSfSSIsyxxt
+Frfr9ptczfav1tkmFQMBmCL5xS4/1gkQyNwB2wy8Kdez0T6Oxm31D63HgwKT9pmE
-QgMPRfz0nJTtP7v8ZbwIO+ayGoUeH7aYKhQ6Ku3qW9XuYiy+oMTIOToCSddnEI5t
+6EGnxUOBvNk3MEeiaC10plR3cl2PxANqfbtwPuor/a2IQq2zABnjaPgrQn1zexB5
-JNuPkT9kzA9stkRbFV5kBvrv5LWprWDXdA/wyAWG7txncWj6UzGlP8C3KhtMHLHv
+0ncTjv3OcQLAH0di7V0vKpTIQpUL8QM+Sor5YRSO36CgJxVrS7aKo8W0QRSUwgy9
-CiOXrE8UJdNNeT52dYI9slg+tzcCfz3sqMr9zXratvT6JMzrQZqCSis8vIx18TIK
+PGEHu3tagqs05ryIcyU0KaO3KJzkGA/in/OGtm2x3/lFogsvTajleIDcqO6rHYGV
-N5yDWHDFUOeNpo7aRqd5goW3qProwfZDjBXiqE4J+AJ5wc73PuftHt2l00zvLDWs
+JYtXn8drG31cbmTtak+N/VfmAVpQ6PJG8b3YevW1W1ySxriTm4jGMvtunDtreyEB
-SFIRvXbavNBA7GxpVtN8Qxmk6Lm0u0pBiastndowgAI5OIQVuwoA21vXyC5n9pMd
+MXzSeWhtWot6IBWDMNqh9JIghmG+gwI1xD2AK1BR9ifSgjQ8ZA8mc2C2kinka9wl
-bPJsmiPyme62OkCWmAjBNDLNVViwKMH8BxmLKJxX+6ysNsn0YY1+9YfI/zC3j4jM
+Sl7/9/rdsQQRJs7inNUvJ8W4eY62ILlRyAe0xaUlo08JUhlK3Xf3LWD4frRfHoBx
-OYsK1c0NvFIv5aUxRQZLTJJt9C299jGNvdAJsfdp4LHejzZUjnx3nguz/l6RI1Vb
+hCxfOAnlSzaRksatd0N72LiVLIL864peScyMpvS1EaE1aUGhfnFemb5wXIewyY1g
-vjQ1qDRPhkgErGXSHsCoCt+z5Y6mq17JWEX/FiXBWQbfSGoG/ZvoOqiBybCQ3HNl
+Hj6bKTQlt0iB+aVj1EWSfGrZ8sshWB91dBNCssu0q+DHHzAX1wkE0i8eNlLlFcmm
-o9QM1sNQ5fUZDh0TgwkJB91rZXPwi828RklMW8VZszZir5gziTnndhw0ADLCZZ6z
+aDReRJSS+7qAVGdksEyzE+IGAzbXnYKyWudpdB/WwR+6kDEKsqFv52z0i0JH83Tj
-nA0vZAI7sjoEeIgiJq3egrsSLq2ZQRQsh5QF+Xo2QktleGvPrtMv//ZyGz4l59yc
+QvinHcyh3nLfXf+GV9LYjLhZEOkHm8diHgYdRMsY2d21jd0q6Eo7hiQzF3pSutj2
-wX/7DtABurFhVs3KdYohcqXk2v5jJCMs+j9YDn6540QR6yXcbifp9ySqhm/PeH91
+GxDya0+rDK8LP9LboYOUTyJaNZPcqlTrQjQQls55kTnHinImYgiT91w6GhFS4GU4
-UuL16YKxoV6QBZIGE0vjdUitGKNsS+H4ibD/0ZHYG+VcyL90eIrBq61CjfIO79O0
+E3KSIsYzBo64HjHl0vLwcfJ6ghvUMu4cTW1z1L0+ieKqiajIMuvQmIxhS9fO2qVg
-L9+G4gKB91stXwtpqZWXTrlzrnjloZOPhqyQN/bs/liWQ6qy0a6Cd6nbWc141An1
+FbsihnJKq/EbeU7uMGq/3FJWJk0D0G8SiJsgP85mbY90qePW3CvnoRnH6PemYCeF
-zEiOihbwLJ4ziCut+bq5lwyw6z/wWEhaVNnYspEEBr2URLMHbnBceS6zXoePT0ur
+T3qJMPFgT2ncLhIrC5cR7F27DCU/CH1jJW4GRx7PeNBeLErWpDghzeJS5IJFW5q8
-9mQQLitmtlANlJ93vBDPhCaEjkK1v5J7MmIHQzyLSQGuLdXwz50piJukWru3aNax
+RIw/HJaLd6TmPNnjQ7XXpU6J519EHRmFDnANXooLDFnwDqam0sokdg9ix4yQYw+e
-skloghJYeTMILEcGAszvyVtcvPqkrJnZXx4Qp7Luj5HK9THr78v3T4nWzirfqxPZ
+jh3mOQJ5lwtccSFpcgGvzApA+xd62//qFixqe0zoq9ThEvPB9wKQe8aAtCsDxrvw
-x70xRyhsC2lLcIrJ+3jkXj44edIqdh3Wvi30L2x2iUFyZ0ojQJQDo/+5b+p9k36L
+PKLbsdy9OdqM1h3TWh+ioWZJb69LRA9MoArAZ8ntpHluQ1amL1wiV8wJReXD4kua
-Dk8ktpeIa/BE3NsfcFaWn9bvRkQ6UAQcNn1zmkavfw5TLI4C1PnD/WUpPHZdhzNV
+fGbf+S1wnUlH4lTkJa0ApTIM0OsWzYFb2F8VDdgvfmtCSYlbS37Qy4+TKJFNtMEA
-K87CsUawxjEg0uCCaViShF6bD9mOWQxE3SM9yNizjTmotF6KrgkT16y/qZ17KGQM
+FQyLUmAlgCdgAiBLVrrV9uDYeRnPVUShlsyZCwBUm92cjDiQkSWhDjro7NQTBMfo
-hJ5PraGu9jvg+L/MrQpr91eyJaeh9JFl9dM/SPM0mXo5q813bdMmqD4cc3YWCLee
+I4A+5OhaX61eNJYFqXv0KWBTGjRnW/dhAilNlc0QWKO+p4mwtTUlwVe0EMb3naxh
-dHtmaKJ08KD1cJqHBz0DRLVV+zH00BMoYt5HZ5DmHFU1zhDekWZLhilbyWt8+z1E
+9ioJUHlwkcfJWBQAVAR/pbslzlpND8wE8NnH5P6z0H95ft3Q6v+JYD2zdhTTfTlw
-bzsoEAfZvyfvF7fJuxQ/HhYdR6TX5H+aNzZZivVc6g==
+X/YlQuf14Vuey6B9bnAPHKh2zE5x53MwVL0OvnfVnw==
 -----END ENCRYPTED PRIVATE KEY-----
 
 -----BEGIN CERTIFICATE-----

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/idp-pem-atb-enc/keypass

@@ -0,0 +1,2 @@
+#!/bin/bash
+echo 'password'

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/idp-pem-atb-enc/truststore.pem

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFdzCCA1+gAwIBAgIUdL2pr5w+jKA9HF9llVbMRTK4MO8wDQYJKoZIhvcNAQEL
+BQAwSzELMAkGA1UEBhMCQ0gxDTALBgNVBAcMBEJlcm4xEjAQBgNVBAoMCUFHT1Yg
+V29yazEZMBcGA1UEAwwQYXRiLXdvcmstaWRwLWtleTAeFw0yNTA5MDMwNjQ2Mjha
+Fw0zNTA5MDEwNjQ2MjhaMEsxCzAJBgNVBAYTAkNIMQ0wCwYDVQQHDARCZXJuMRIw
+EAYDVQQKDAlBR09WIFdvcmsxGTAXBgNVBAMMEGF0Yi13b3JrLWlkcC1rZXkwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2s6fPlpWv/1zEnail7TCUphEQ
+A/dr/uY+qQqA/okB+Okd5hGDow7zBe/zICn7PJlGXzkq87o4Q3ZFvOFLqvlhwprp
+OQquIviN6VBss2F3c174Zkk7ksciLQzPYjGBgw+l/ZeZY/AOYBeConsrHobTbjPd
+StI8FZr8zVnamMWd/nBnryA5mZy9+vKz3iPJXPXZmyhBnOJfPZjMmkLvY9wEfGfc
+rGrbqh6f7grleVNU16Rt46TtJRIqWEAdqi1I81d3kEWuqHkYCZf1ZJpDtprJPVko
+fWViFzMz7zuAK5kdaGVwu0R7zeKz6FCHWWQ5bqScQbZ53zX6D3sP6ZNnZXdo6n0L
+i+x17sgZa6VJtWF6s/UUxl8jPteprfRHrgIT3yKK9ewpXEhcc4aNJyCTiXpicOOn
+QUBkkxyT7MtG1j51GPFcoFsBn4X9A1BXUmz2+YrDfFKtj0LwKZe6naI5v+FGtqeQ
+/GeRpaFISwg/L5ewHe3NTH//8ZyWQsbJ2FEIff3LM+0+ivrORJs45GW12ny6MDY1
+Q8PTEsPL/9nhY1Mf99qpB9ivouVF/vGDWont16PhaZ2N31Osbbok3Emfbk0MVfvh
+MuY0PPX/eWfn+5WlxBegS9PXbrcNW7MV0vsow8Js9+B29nao/VeFOQDfrU9p//xu
+nDkeh9z5vqRP7clgMQIDAQABo1MwUTAdBgNVHQ4EFgQUqqmWA9MTwbzRFOfxZbu8
+nIyk4dEwHwYDVR0jBBgwFoAUqqmWA9MTwbzRFOfxZbu8nIyk4dEwDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAnh1nayZy7CjTDvXjht0jNEyCPahL
+/gzcfx173FWnDbG3DMqjKB0u7bbpWIdStvTHpvs4NOg7H1/3Xc3cu3vtw6PF3Tkt
+ZGJrMgZ5H9BUPW7BeNPqylh0Xj9vWUhxOdRfthzHcuSg2H6k5GBe+ROVIWLcc5g2
+vIuEEnpL9H5mlt4MofodPJjDrOvbJ5eDOGnNlcSKgPy8ZxrvyesmjFquu9/941p5
+wOpGhfVRH6U9GBIy1wWjjO4y2oRtgdgV0Dm57VNaxNi4R0cRW+eg7H7jED2gWVdS
+Zftkrq44/lXFnWZDXWq8JJs0QPPD30i8fbGvZjRbrVQus5wW+dlirSkljQD8WpiY
+N7PS2y+Io9WDetabxDSkHQGduldlHqnjvvR7TtLBT73fbmrra7nLrxbwAyQs/lp9
+r2904tzgBfhHb5GCrYE1s3h339eb/HXZlPqG1EcYimsAIyyBQ7WyHOgXq5RqwgbW
+9O8aQUWPQrdtWrv8BkYSjjgDSxj9Pu7yBFnSdyI879uvBZDYovm/MmgcguAaJ8UC
+PUcchbvgdLJHnbBA5aFm/Fkhb2WKi3Q0vExUHM3sXazJAAjIplbunHkqf8Wc7lva
+94y3AXN9dg5LEjcwkjQbyGmmuSFq0Hse0b1KE+4INYUigECUcXuKYWrP0RuPzCKU
+4g4p3ZpFGmoq4lM=
+-----END CERTIFICATE-----

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict.properties

@@ -10,11 +10,11 @@ agov-ident.invalid-url.message=Link can't be processed
 agov-ident.invalid-url.title=Invalid Link
 agov-ident.onboarding=Registration & Verification
 agov-ident.retry=Try again
-button.submit=Submit
 cancel.button.label=Cancel
 continue.button.label=Continue
 darkModeSwitch.aria.label=Dark mode toggle
 deputy.profile.label=(Deputy Profile)
+error.account.exists=Account already exists. Continue to log in.
 error.policy.failed=The new password does not comply with the policy.
 error.saml.failed=Please close your browser and try again.
 error_1=Please check your input.
@@ -65,7 +65,7 @@ general.edit=Edit
 general.email=Email
 general.email.address=Email address
 general.entryCode=Code entry
-general.fieldRequired=Field required.
+general.fieldRequired=Field required
 general.getStarted=Get started
 general.goAGOVHelp=Go to AGOV help
 general.goAccessApp=Login with AGOV access
@@ -83,8 +83,8 @@ general.recovery=Recovery
 general.recovery.help.link=https://help.agov.ch/?c=100recovery
 general.recoveryCode.downloadPdf=Download as PDF
 general.recoveryCode.inputLabel=Recovery code
-general.recoveryCode.repeatCodeError=The code you entered was incorrect. Please ensure you have stored it correctly, then continue to resubmit.
+general.recoveryCode.repeatCodeError=The code you entered was incorrect. Please ensure you have stored it correctly and try again.
-general.recoveryCode.repeatCodeModal.description=A lost or incorrectly stored recovery code can make it more difficult to recover your account. To ensure you have recorded your code correctly, please repeat it below.
+general.recoveryCode.repeatCodeModal.description=To ensure you have recorded your code correctly, please repeat it below. A lost or incorrectly stored recovery code can make it more difficult to recover your account.
 general.recoveryCode.repeatCodeModal.title=Repeat recovery code
 general.recoveryCode.reveal=Reveal recovery code
 general.recoveryOngoing=Ongoing recovery
@@ -112,7 +112,7 @@ language.it=Italiano
 language.rm=Rumantsch
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2-3 days.
-loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
+loainfo.description.300=To access the application we need to verify your data. You can choose your preferred process in the next step.
 loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
@@ -124,8 +124,8 @@ logout.label=Logout
 logout.text=You have successfully logged out.
 mauth_usernameless.EID=Continue with CH E-ID
 mauth_usernameless.banner.error=Authentication interrupted.<br>Please try again when the page reloads.
-mauth_usernameless.banner.info=Scan successful.<br>Please continue in the AGOV access app.
+mauth_usernameless.banner.info=Scan successful. Please continue in the AGOV access app.
-mauth_usernameless.banner.success=Authentication successful!<br>Please wait to be logged in.
+mauth_usernameless.banner.success=Authentication successful.<br>Please wait to be logged in.
 mauth_usernameless.cannotLogin=Lost access to your app / security key?
 mauth_usernameless.cannotLogin.accessApp=Lost access to your app?
 mauth_usernameless.cannotLogin.securityKey=Lost access to your security key?
@@ -214,7 +214,7 @@ prompt.newpassword=New Password
 prompt.newpassword.confirm=Confirm Password
 prompt.password=Password
 prompt.userid=User-ID
-providePhoneNumber.banner=Phone number must be able to receive SMS.<br>This phone number will not be used to contact you.
+providePhoneNumber.banner=Phone number must be able to receive SMS. It will not be used to contact you.
 providePhoneNumber.description=AGOV now supports recovery with your phone number. This will allow you to continue with an SMS during recovery if you have lost access to your recovery code.
 providePhoneNumber.errorBanner=Phone numbers do not match. Please try again.
 providePhoneNumber.inputLabel=Phone number (optional)
@@ -222,7 +222,7 @@ providePhoneNumber.laterModal.description1=Without a phone number, a recovery of
 providePhoneNumber.laterModal.description2=Adding a phone number helps you to recover your account in a matter of minutes.
 providePhoneNumber.laterModal.description3=This phone number will not be used to contact you.
 providePhoneNumber.laterModal.title=Continue without a phone number?
-providePhoneNumber.modal.description=An incorrectly stored phone number can make it more difficult to recover your account. To ensure you have recorded your phone number correctly, please repeat it below.
+providePhoneNumber.modal.description=To ensure you have recorded your phone number correctly, please repeat it below. An incorrectly stored phone number can make it more difficult to recover your account.
 providePhoneNumber.modal.inputLabel=Phone number
 providePhoneNumber.modal.title=Repeat phone number
 providePhoneNumber.saveButtonText=Save
@@ -231,12 +231,14 @@ pwreset.done.info=Your password was successfully changed. Please click on contin
 pwreset.email.sent=If your user ID exists, an email to reset your password has been sent to you.
 pwreset.info.linktext=Password forgotten
 pwreset.noticket=Your password reset link is no longer valid. Please generate a new one.
+qrCode.label=Click to open QR code in pop-up window.
 recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered
 recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process.
 recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you.
 recovery_check_code.banner.lockedError=Too many invalid input attempts. Please try again in a few minutes.
 recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again.
-recovery_check_code.enterRecoveryCode=Enter recovery code
+recovery_check_code.enterRecoveryCode=Recovery code
+recovery_check_code.expired=Too many attempts or your recovery code has expired.
 recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me.
 recovery_check_code.invalid.code=The code is invalid
 recovery_check_code.invalid.code.required=Code required
@@ -249,9 +251,9 @@ recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order
 recovery_check_noCode.banner.error=Too many attempts.
 recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
 recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
-recovery_code.banner.error=Please reveal your new code to be able to continue.
+recovery_code.banner.error=Please reveal your recovery code to be able to continue.
 recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place.
-recovery_code.newRecoveryCode=Introducing Recovery Code
+recovery_code.newRecoveryCode=Introducing recovery code
 recovery_code.validUntil=Valid until:
 recovery_fidokey_auth.button=Start key authentication
 recovery_fidokey_auth.fidoInstruction=Click on "Start key authentication"
@@ -295,6 +297,8 @@ recovery_start_info.banner.warning=You will not be able to use your account unti
 recovery_start_info.instruction=During the recovery process you will register a new login factor. If  your account contains any verified information you might also have to go through a verification process to finish the recovery.
 recovery_start_info.title=You are about to start the recovery process
 reject.button.label=Deny
+signup.button.label=Signup
+skip.button.label=Skip
 submit.button.label=Submit
 tan.sent=Please enter the security code which has been sent to your mobile phone.
 title.login=Login
@@ -305,6 +309,7 @@ title.oauth.consent=Client Authorization
 title.pwchange.label=Password Change
 title.pwreset=Password Forgotten
 title.saml.failed=Error
+title.signup=Create account
 title.timeout.page=Logout
 user_input.invalid.email=Please enter a valid email address
 user_input.invalid.email.required=Field required

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_de.properties

@@ -10,11 +10,11 @@ agov-ident.invalid-url.message=Link kann nicht verarbeitet werden
 agov-ident.invalid-url.title=Ungültiger Link
 agov-ident.onboarding=Registrierung & Verifikation
 agov-ident.retry=Versuchen Sie es erneut
-button.submit=Senden
 cancel.button.label=Abbrechen
 continue.button.label=Weiter
 darkModeSwitch.aria.label=Dark-Mode-Schalter
 deputy.profile.label=(Profil Stellvertreter)
+error.account.exists=Konto existiert bereits. Melden Sie sich an.
 error.policy.failed=Das neue Passwort stimmt nicht mit der Richtlinie überein.
 error.saml.failed=Bitte schliessen Sie Ihren Browser und versuchen Sie es erneut.
 error_1=Bitte überprüfen Sie Ihre Eingaben.
@@ -65,7 +65,7 @@ general.edit=Ändern
 general.email=E-Mail
 general.email.address=E-Mail-Adresse
 general.entryCode=Code-Eingabe
-general.fieldRequired=Erforderliches Feld.
+general.fieldRequired=Erforderliches Feld
 general.getStarted=Los geht's
 general.goAGOVHelp=Weiter zur AGOV help
 general.goAccessApp=Login mit AGOV access
@@ -83,8 +83,8 @@ general.recovery=Wiederherstellung
 general.recovery.help.link=https://help.agov.ch/?c=100recovery
 general.recoveryCode.downloadPdf=Als PDF herunterladen
 general.recoveryCode.inputLabel=Wiederherstellungscode
-general.recoveryCode.repeatCodeError=Der von Ihnen eingegebene Code war nicht korrekt. Bitte vergewissern Sie sich, dass Sie ihn richtig abgespeichert haben, und fahren Sie dann mit der erneuten Eingabe fort.
+general.recoveryCode.repeatCodeError=Der von Ihnen eingegebene Code war nicht korrekt. Bitte vergewissern Sie sich, dass Sie ihn richtig abgespeichert haben, und versuchen Sie es erneut.
-general.recoveryCode.repeatCodeModal.description=Ein verlorener oder falsch gespeicherter Wiederherstellungscode kann die Wiederherstellung Ihres Kontos erschweren. Um sicherzustellen, dass Sie Ihren Code richtig gespeichert haben, wiederholen Sie ihn bitte unten.
+general.recoveryCode.repeatCodeModal.description=Um sicherzustellen, dass Sie Ihren Code richtig gespeichert haben, wiederholen Sie ihn bitte unten. Ein verlorener oder falsch gespeicherter Wiederherstellungscode kann die Wiederherstellung Ihres Kontos erschweren.
 general.recoveryCode.repeatCodeModal.title=Wiederherstellungscode wiederholen
 general.recoveryCode.reveal=Wiederherstellungscode enthüllen
 general.recoveryOngoing=Wiederherstellung nicht abgeschlossen
@@ -111,8 +111,8 @@ language.fr=Français
 language.it=Italiano
 language.rm=Rumantsch
 languageDropdown.aria.label=Sprache wählen
-loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
+loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2–3 Tage dauern.
-loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen.
+loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Sie können Ihre bevorzugte Methode im nächsten Schritt auswählen.
 loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
 loainfo.helper=Ihre persönlichen Daten müssen überprüft werden!
 loainfo.later=Später
@@ -124,8 +124,8 @@ logout.label=Logout
 logout.text=Sie haben sich erfolgreich abgemeldet.
 mauth_usernameless.EID=Mit Schweizer E-ID fortfahren
 mauth_usernameless.banner.error=Authentifizierung unterbrochen.<br>Bitte versuchen Sie es erneut, nachdem die Seite neu geladen wurde.
-mauth_usernameless.banner.info=Scan erfolgreich.<br>Bitte fahren Sie in der AGOV access App fort.
+mauth_usernameless.banner.info=Scan erfolgreich. Bitte fahren Sie in der AGOV access App fort.
-mauth_usernameless.banner.success=Authentifizierung erfolgreich!<br>Bitte warten Sie, bis Sie eingeloggt werden.
+mauth_usernameless.banner.success=Authentifizierung erfolgreich.<br>Bitte warten Sie, bis Sie eingeloggt werden.
 mauth_usernameless.cannotLogin=Zugriff auf App / Sicherheitsschl&uuml;ssel verloren?
 mauth_usernameless.cannotLogin.accessApp=Zugriff auf App verloren?
 mauth_usernameless.cannotLogin.securityKey=Zugriff auf Sicherheitsschl&uuml;ssel verloren?
@@ -214,7 +214,7 @@ prompt.newpassword=Neues Passwort
 prompt.newpassword.confirm=Passwort best&auml;tigen
 prompt.password=Passwort
 prompt.userid=Benutzer-ID
-providePhoneNumber.banner=Die Mobilnummer muss f&uuml;r den Empfang von SMS geeignet sein.<br>Diese Mobilnummer wird nicht verwendet, um Sie zu kontaktieren.
+providePhoneNumber.banner=Die Mobilnummer muss f&uuml;r den Empfang von SMS geeignet sein. Sie wird nicht verwendet, um Sie zu kontaktieren.
 providePhoneNumber.description=AGOV erlaubt nun die Wiederherstellung mittels Mobilnummer. So k&ouml;nnen Sie w&auml;hrend der Wiederherstellung mit einer SMS fortfahren, wenn Sie Ihren Wiederherstellungscode verloren haben.
 providePhoneNumber.errorBanner=Die Mobilnummern stimmen nicht &uuml;berein. Bitte versuchen Sie es erneut.
 providePhoneNumber.inputLabel=Mobilnummer (optional)
@@ -222,7 +222,7 @@ providePhoneNumber.laterModal.description1=Ohne Mobilnummer kann die Wiederherst
 providePhoneNumber.laterModal.description2=Durch Hinzuf&uuml;gen einer Mobilnummer k&ouml;nnen Sie Ihr Konto in wenigen Minuten wiederherstellen.
 providePhoneNumber.laterModal.description3=Diese Mobilnummer wird nicht verwendet, um Sie zu kontaktieren.
 providePhoneNumber.laterModal.title=Ohne Mobilnummer weiterfahren?
-providePhoneNumber.modal.description=Eine falsch gespeicherte Mobilnummer kann die Wiederherstellung Ihres Kontos erschweren. Um sicherzustellen, dass Sie Ihre Mobilnummer richtig gespeichert haben, wiederholen Sie sie bitte unten.
+providePhoneNumber.modal.description=Um sicherzustellen, dass Sie Ihre Mobilnummer richtig gespeichert haben, wiederholen Sie sie bitte unten. Eine falsch gespeicherte Mobilnummer kann die Wiederherstellung Ihres Kontos erschweren.
 providePhoneNumber.modal.inputLabel=Mobilnummer
 providePhoneNumber.modal.title=Mobilnummer wiederholen
 providePhoneNumber.saveButtonText=Speichern
@@ -231,12 +231,14 @@ pwreset.done.info=Ihr Passwort wurde erfolgreich ge&auml;ndert. Bitte klicken Si
 pwreset.email.sent=Wenn Ihre Benutzer-ID existiert, haben Sie eine E-Mail erhalten, um Ihr Passwort zurückzusetzen..
 pwreset.info.linktext=Passwort vergessen
 pwreset.noticket=Ihr Link ist nicht mehr g&uuml;ltig. Bitte generieren Sie ein Neuen.
+qrCode.label=Klicken Sie, um den QR-Code in einem Fenster zu &ouml;ffnen.
 recovery_accessapp_auth.accessAppRegistered=AGOV access App schon registriert
 recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
 recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um sich zu identifizieren.
 recovery_check_code.banner.lockedError=Zu viele Fehlversuche. Bitte versuchen Sie es in ein paar Minuten noch einmal.
 recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut.
-recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben
+recovery_check_code.enterRecoveryCode=Wiederherstellungscode
+recovery_check_code.expired=Zu viele Versuche oder Ihr Wiederherstellungscode ist abgelaufen.
 recovery_check_code.instruction=Bitte geben Sie unten Ihren pers&ouml;nlichen 12-stelligen Wiederherstellungscode ein. Sie haben den Wiederherstellungscode in einer PDF-Datei bei der Registrierung oder in AGOV me erhalten.
 recovery_check_code.invalid.code=Code ist ung&uuml;ltig
 recovery_check_code.invalid.code.required=Code erforderlich
@@ -295,6 +297,8 @@ recovery_start_info.banner.warning=Sie k&ouml;nnen Ihr Konto nicht nutzen, bis d
 recovery_start_info.instruction=W&auml;hrend des Wiederherstellungsprozesses werden Sie einen neuen Login-Faktor registrieren. Wenn Ihr Konto verifizierte Informationen enth&auml;lt, m&uuml;ssen Sie zum Abschluss des Wiederherstellungsprozesses m&ouml;glicherweise auch einen Verifikationsprozess durchlaufen.
 recovery_start_info.title=Sie sind dabei, den Wiederherstellungsprozess zu starten
 reject.button.label=Ablehnen
+signup.button.label=Registrieren
+skip.button.label=&Uuml;berspringen
 submit.button.label=Senden
 tan.sent=Bitte erfassen Sie den Sicherheitscode, welcher an Ihr Mobiltelefon gesendet wurde.
 title.login=Login
@@ -305,6 +309,7 @@ title.oauth.consent=Client Authorisierung
 title.pwchange.label=Passwort &auml;ndern
 title.pwreset=Passwort Vergesssen
 title.saml.failed=Error
+title.signup=Konto erstellen
 title.timeout.page=Logout
 user_input.invalid.email=Bitte geben Sie eine g&uuml;ltige E-Mail ein
 user_input.invalid.email.required=Erforderliches Feld

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_en.properties

@@ -10,11 +10,11 @@ agov-ident.invalid-url.message=Link can't be processed
 agov-ident.invalid-url.title=Invalid Link
 agov-ident.onboarding=Registration & Verification
 agov-ident.retry=Try again
-button.submit=Submit
 cancel.button.label=Cancel
 continue.button.label=Continue
 darkModeSwitch.aria.label=Dark mode toggle
 deputy.profile.label=(Deputy Profile)
+error.account.exists=Account already exists. Continue to log in.
 error.policy.failed=The new password does not comply with the policy.
 error.saml.failed=Please close your browser and try again.
 error_1=Please check your input.
@@ -65,7 +65,7 @@ general.edit=Edit
 general.email=Email
 general.email.address=Email address
 general.entryCode=Code entry
-general.fieldRequired=Field required.
+general.fieldRequired=Field required
 general.getStarted=Get started
 general.goAGOVHelp=Go to AGOV help
 general.goAccessApp=Login with AGOV access
@@ -83,8 +83,8 @@ general.recovery=Recovery
 general.recovery.help.link=https://help.agov.ch/?c=100recovery
 general.recoveryCode.downloadPdf=Download as PDF
 general.recoveryCode.inputLabel=Recovery code
-general.recoveryCode.repeatCodeError=The code you entered was incorrect. Please ensure you have stored it correctly, then continue to resubmit.
+general.recoveryCode.repeatCodeError=The code you entered was incorrect. Please ensure you have stored it correctly and try again.
-general.recoveryCode.repeatCodeModal.description=A lost or incorrectly stored recovery code can make it more difficult to recover your account. To ensure you have recorded your code correctly, please repeat it below.
+general.recoveryCode.repeatCodeModal.description=To ensure you have recorded your code correctly, please repeat it below. A lost or incorrectly stored recovery code can make it more difficult to recover your account.
 general.recoveryCode.repeatCodeModal.title=Repeat recovery code
 general.recoveryCode.reveal=Reveal recovery code
 general.recoveryOngoing=Ongoing recovery
@@ -112,7 +112,7 @@ language.it=Italiano
 language.rm=Rumantsch
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2-3 days.
-loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
+loainfo.description.300=To access the application we need to verify your data. You can choose your preferred process in the next step.
 loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
@@ -124,8 +124,8 @@ logout.label=Logout
 logout.text=You have successfully logged out.
 mauth_usernameless.EID=Continue with CH E-ID
 mauth_usernameless.banner.error=Authentication interrupted.<br>Please try again when the page reloads.
-mauth_usernameless.banner.info=Scan successful.<br>Please continue in the AGOV access app.
+mauth_usernameless.banner.info=Scan successful. Please continue in the AGOV access app.
-mauth_usernameless.banner.success=Authentication successful!<br>Please wait to be logged in.
+mauth_usernameless.banner.success=Authentication successful.<br>Please wait to be logged in.
 mauth_usernameless.cannotLogin=Lost access to your app / security key?
 mauth_usernameless.cannotLogin.accessApp=Lost access to your app?
 mauth_usernameless.cannotLogin.securityKey=Lost access to your security key?
@@ -214,7 +214,7 @@ prompt.newpassword=New Password
 prompt.newpassword.confirm=Confirm Password
 prompt.password=Password
 prompt.userid=User-ID
-providePhoneNumber.banner=Phone number must be able to receive SMS.<br>This phone number will not be used to contact you.
+providePhoneNumber.banner=Phone number must be able to receive SMS. It will not be used to contact you.
 providePhoneNumber.description=AGOV now supports recovery with your phone number. This will allow you to continue with an SMS during recovery if you have lost access to your recovery code.
 providePhoneNumber.errorBanner=Phone numbers do not match. Please try again.
 providePhoneNumber.inputLabel=Phone number (optional)
@@ -222,7 +222,7 @@ providePhoneNumber.laterModal.description1=Without a phone number, a recovery of
 providePhoneNumber.laterModal.description2=Adding a phone number helps you to recover your account in a matter of minutes.
 providePhoneNumber.laterModal.description3=This phone number will not be used to contact you.
 providePhoneNumber.laterModal.title=Continue without a phone number?
-providePhoneNumber.modal.description=An incorrectly stored phone number can make it more difficult to recover your account. To ensure you have recorded your phone number correctly, please repeat it below.
+providePhoneNumber.modal.description=To ensure you have recorded your phone number correctly, please repeat it below. An incorrectly stored phone number can make it more difficult to recover your account.
 providePhoneNumber.modal.inputLabel=Phone number
 providePhoneNumber.modal.title=Repeat phone number
 providePhoneNumber.saveButtonText=Save
@@ -231,12 +231,14 @@ pwreset.done.info=Your password was successfully changed. Please click on contin
 pwreset.email.sent=If your user ID exists, an email to reset your password has been sent to you.
 pwreset.info.linktext=Password forgotten
 pwreset.noticket=Your password reset link is no longer valid. Please generate a new one.
+qrCode.label=Click to open QR code in pop-up window.
 recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered
 recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process.
 recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you.
 recovery_check_code.banner.lockedError=Too many invalid input attempts. Please try again in a few minutes.
 recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again.
-recovery_check_code.enterRecoveryCode=Enter recovery code
+recovery_check_code.enterRecoveryCode=Recovery code
+recovery_check_code.expired=Too many attempts or your recovery code has expired.
 recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me.
 recovery_check_code.invalid.code=The code is invalid
 recovery_check_code.invalid.code.required=Code required
@@ -249,9 +251,9 @@ recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order
 recovery_check_noCode.banner.error=Too many attempts.
 recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
 recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
-recovery_code.banner.error=Please reveal your new code to be able to continue.
+recovery_code.banner.error=Please reveal your recovery code to be able to continue.
 recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place.
-recovery_code.newRecoveryCode=Introducing Recovery Code
+recovery_code.newRecoveryCode=Introducing recovery code
 recovery_code.validUntil=Valid until:
 recovery_fidokey_auth.button=Start key authentication
 recovery_fidokey_auth.fidoInstruction=Click on "Start key authentication"
@@ -295,6 +297,8 @@ recovery_start_info.banner.warning=You will not be able to use your account unti
 recovery_start_info.instruction=During the recovery process you will register a new login factor. If  your account contains any verified information you might also have to go through a verification process to finish the recovery.
 recovery_start_info.title=You are about to start the recovery process
 reject.button.label=Deny
+signup.button.label=Signup
+skip.button.label=Skip
 submit.button.label=Submit
 tan.sent=Please enter the security code which has been sent to your mobile phone.
 title.login=Login
@@ -305,6 +309,7 @@ title.oauth.consent=Client Authorization
 title.pwchange.label=Password Change
 title.pwreset=Password Forgotten
 title.saml.failed=Error
+title.signup=Create account
 title.timeout.page=Logout
 user_input.invalid.email=Please enter a valid email address
 user_input.invalid.email.required=Field required

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_fr.properties

@@ -2,19 +2,19 @@
 accept.button.label=Accepter
 agov-ident.done.message=Votre compte AGOV est maintenant prêt à être utilisé. Veuillez fermer cette page.
 agov-ident.done.title=Terminé
-agov-ident.failed.instruction=Vous avez besoin d'un compte AGOV et de passer la vérification des données suggérée pour terminer avec succès l'enregistrement. Veuillez réessayer.
+agov-ident.failed.instruction=Vous devez disposer d'un compte AGOV et passer avec succès la vérification des données suggérée pour terminer l'inscription. Veuillez réessayer.
 agov-ident.failed.message=Enregistrement annulé ou vérification des données reportée
 agov-ident.failed.title=Vérification requise
-agov-ident.invalid-url.instruction=Le lien que vous avez utilisé pour accéder à cette page n'est pas valide. Veillez l'utiliser tel qu'il a été reçu, sans fautes de frappe, ou cliquez directement sur la page où il est publié.
+agov-ident.invalid-url.instruction=Le lien que vous avez utilisé pour accéder à cette page n'est pas valide. Veuillez vous assurer de l'utiliser tel qu'il a été reçu, sans fautes de frappe, ou cliquez directement sur la page où il est publié.
 agov-ident.invalid-url.message=Le lien ne peut pas être traité
 agov-ident.invalid-url.title=Lien non valide
 agov-ident.onboarding=Enregistrement et vérification
 agov-ident.retry=Essayez à nouveau
-button.submit=Envoyer
 cancel.button.label=Abandonner
 continue.button.label=Continuer
 darkModeSwitch.aria.label=Activer l'apparence sombre
 deputy.profile.label=(Profil du suppléant)
+error.account.exists=Le compte existe déjà. Continuez à vous connecter.
 error.policy.failed=Votre nouveau mot de passe ne conforme pas aux mesures de sécurité
 error.saml.failed=Fermez votre navigateur et r;eacute;essayez.
 error_1=Veuillez vérifier votre saisie.
@@ -65,7 +65,7 @@ general.edit=Editer
 general.email=E-mail
 general.email.address=Adresse e-mail
 general.entryCode=Entrer le code
-general.fieldRequired=Champ requis.
+general.fieldRequired=Champ requis
 general.getStarted=Démarrer
 general.goAGOVHelp=Rendez-vous sur AGOV help
 general.goAccessApp=Login avec AGOV access
@@ -83,15 +83,15 @@ general.recovery=Récupération
 general.recovery.help.link=https://help.agov.ch/?c=100recovery
 general.recoveryCode.downloadPdf=Télécharger en format PDF
 general.recoveryCode.inputLabel=Code de récupération
-general.recoveryCode.repeatCodeError=Le code que vous avez saisi est incorrect. Veuillez vous assurer que vous l'avez enregistré correctement, puis essayer de le soumettre à nouveau.
+general.recoveryCode.repeatCodeError=Le code que vous avez saisi est incorrect. Veuillez vous assurer que l'avez enregistré correctement et réessayer.
-general.recoveryCode.repeatCodeModal.description=Un code de récupération perdu ou mal enregistré peut rendre la récupération de votre compte plus difficile. Pour vous assurer que vous avez correctement enregistré votre code, veuillez le répéter ci-dessous.
+general.recoveryCode.repeatCodeModal.description=Pour vous assurer que vous avez correctement enregistré votre code, veillez le répéter ci-dessous. Un code de récupération perdu ou mal enregistré peut rendre la récupération de votre compte plus difficile.
 general.recoveryCode.repeatCodeModal.title=Répéter le code de récupération
 general.recoveryCode.reveal=Révéler le code de récupération
 general.recoveryOngoing=Récupération en cours
 general.register=Créer un compte
 general.registerNow=Enregistrez-vous dès maintenant!
 general.registration=Enregistrement
-general.registration.dontHaveAnAccountYet=Vous n'avez pas de compte AGOV ?
+general.registration.dontHaveAnAccountYet=Vous n'avez pas encore de compte AGOV ?
 general.registration.seeOptions=Voir les options d'enregistrement
 general.securityKey=Clé de sécurité
 general.skip.content=Passer au contenu principal
@@ -111,8 +111,8 @@ language.fr=Français
 language.it=Italiano
 language.rm=Rumantsch
 languageDropdown.aria.label=Sélectionner la langue
-loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours.
+loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2–3 jours.
-loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante.
+loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données. Vous pouvez choisir la procédure que vous préférez à l'étape suivante.
 loainfo.description.400=Veuillez saisir votre numéro AVS pour accéder à l'application.
 loainfo.helper=Vos données doivent être vérifiées!
 loainfo.later=Plus tard
@@ -124,14 +124,14 @@ logout.label=Logout
 logout.text=Au revoir
 mauth_usernameless.EID=Continuer avec l'e-ID suisse
 mauth_usernameless.banner.error=Authentification interrompue.<br>Veuillez r&eacute;essayer lorsque la page sera recharg&eacute;e.
-mauth_usernameless.banner.info=Scan r&eacute;ussi!<br> Veuillez continuer dans l'application AGOV access.
+mauth_usernameless.banner.info=Scan r&eacute;ussi. Veuillez continuer dans l'application AGOV access.
-mauth_usernameless.banner.success=Authentification r&eacute;ussie!<br>Veuillez attendre d'&ecirc;tre connect&eacute;.
+mauth_usernameless.banner.success=Authentification r&eacute;ussie.<br>Veuillez attendre d'&ecirc;tre connect&eacute;.
 mauth_usernameless.cannotLogin=Avez-vous perdu l'acc&egrave;s &agrave; votre application / votre cl&eacute; de s&eacute;curit&eacute; ?
 mauth_usernameless.cannotLogin.accessApp=Vous avez perdu l'acc&egrave;s &agrave; votre application AGOV access ?
 mauth_usernameless.cannotLogin.securityKey=Avez-vous perdu l'acc&egrave;s &agrave; votre cl&eacute; de s&eacute;curit&eacute; ?
 mauth_usernameless.hideQR=Cacher le code QR
 mauth_usernameless.instructions=Connectez-vous en scannant le code QR avec l'application AGOV access
-mauth_usernameless.noAccount=Vous n'avez pas de compte AGOV ?
+mauth_usernameless.noAccount=Vous n'avez pas encore de compte AGOV ?
 mauth_usernameless.selectLoginMethod=S&eacute;l&eacute;ctionner la m&eacute;thode de connexion
 mauth_usernameless.showQR=Afficher le code QR
 mauth_usernameless.startRecovery=Commencer la r&eacute;cup&eacute;ration du compte
@@ -214,7 +214,7 @@ prompt.newpassword=Nouveau mot de passe
 prompt.newpassword.confirm=Confirmez le mot de passe
 prompt.password=Mot de passe
 prompt.userid=ID de l&#39;utilisateur
-providePhoneNumber.banner=Ce num&eacute;ro de t&eacute;l&eacute;phone doit pouvoir recevoir des SMS.<br>Ce num&eacute;ro de t&eacute;l&eacute;phone ne sera pas utilis&eacute; pour vous contacter.
+providePhoneNumber.banner=Ce num&eacute;ro de t&eacute;l&eacute;phone doit pouvoir recevoir des SMS. Il ne sera pas utilis&eacute; pour vous contacter.
 providePhoneNumber.description=AGOV prend d&eacute;sormais en charge la r&eacute;cup&eacute;ration avec votre num&eacute;ro de t&eacute;l&eacute;phone. Cela vous permettra de vous envoyer un SMS pendant la r&eacute;cup&eacute;ration si vous avez perdu l'acc&egrave;s &agrave; votre code de r&eacute;cup&eacute;ration.
 providePhoneNumber.errorBanner=Les num&eacute;ros de t&eacute;l&eacute;phone fournies ne correspondent pas. Veuillez r&eacute;essayer.
 providePhoneNumber.inputLabel=Num&eacute;ro de t&eacute;l&eacute;phone (facultatif)
@@ -222,7 +222,7 @@ providePhoneNumber.laterModal.description1=Sans num&eacute;ro de t&eacute;l&eacu
 providePhoneNumber.laterModal.description2=Ajouter un num&eacute;ro de t&eacute;l&eacute;phone vous permet de r&eacute;cup&eacute;rer votre compte en quelques minutes.
 providePhoneNumber.laterModal.description3=Ce num&eacute;ro de t&eacute;l&eacute;phone ne sera pas utilis&eacute; pour vous contacter.
 providePhoneNumber.laterModal.title=Continuer sans num&eacute;ro de t&eacute;l&eacute;phone ?
-providePhoneNumber.modal.description=Un num&eacute;ro de t&eacute;l&eacute;phone mal enregistr&eacute; peut rendre plus difficile la r&eacute;cup&eacute;ration de votre compte. Pour vous assurer que vous avez correctement enregistr&eacute; votre num&eacute;ro de t&eacute;l&eacute;phone, veuillez le r&eacute;p&eacute;ter ci-dessous.
+providePhoneNumber.modal.description=Pour vous assurer que vous avez correctement enregistr&eacute; votre num&eacute;ro de t&eacute;l&eacute;phone, veillez le r&eacute;p&eacute;ter ci-dessous. Un num&eacute;ro de t&eacute;l&eacute;phone mal enregistr&eacute; peut rendre la r&eacute;cup&eacute;ration de votre compte plus difficile.
 providePhoneNumber.modal.inputLabel=Num&eacute;ro de t&eacute;l&eacute;phone
 providePhoneNumber.modal.title=R&eacute;p&eacute;ter votre num&eacute;ro de t&eacute;l&eacute;phone
 providePhoneNumber.saveButtonText=Sauvegarder
@@ -231,13 +231,15 @@ pwreset.done.info=Votre mot de passe a &eacute;t&eacute; chang&eacute avec succ&
 pwreset.email.sent=Si votre identifiant n'existe pas, vous avez reçu un courriel pour réinitialiser votre mot de passe.
 pwreset.info.linktext=Mot de passe oublié
 pwreset.noticket=Votre lien n&apos;est plus valide. Veuillez en g&eacute;n&eacute;rer un nouveau.
+qrCode.label=Cliquez pour ouvrir le code QR dans une fen&ecirc;tre.
 recovery_accessapp_auth.accessAppRegistered=L'application AGOV access est d&eacute;j&agrave; enregistr&eacute;e
 recovery_accessapp_auth.instruction1=Vous avez d&eacute;j&agrave; enregistr&eacute; une nouvelle application AGOV access !!!ACCESS_APP_NAME!!! dans le cadre du processus de r&eacute;cup&eacute;ration.
 recovery_accessapp_auth.instruction2=Veuillez utiliser !!!ACCESS_APP_NAME!!! pour vous identifier.
 recovery_check_code.banner.lockedError=Trop de saisies erron&eacute;es. Veuillez r&eacute;essayer dans quelques minutes.
 recovery_check_code.codeIncorrect=Le code saisi est incorrect. Veuillez r&eacute;essayer.
-recovery_check_code.enterRecoveryCode=Saisir le code de r&eacute;cup&eacute;ration
+recovery_check_code.enterRecoveryCode=Code de r&eacute;cup&eacute;ration
-recovery_check_code.instruction=Veuillez saisir votre code de r&eacute;cup&eacute;ration &agrave; douze chiffres. Lors de votre inscription, vous avez re&ccedil;u le code de r&eacute;cup&eacute;ration sous la forme d&rsquo;un fichier PDF ou dans &laquo; AGOV me &raquo;.
+recovery_check_code.expired=Trop de tentatives ou votre code de r&eacute;cup&eacute;ration a expir&eacute;.
+recovery_check_code.instruction=Veuillez saisir votre code de r&eacute;cup&eacute;ration &agrave; 12 chiffres. Lors de votre inscription, vous avez re&ccedil;u le code de r&eacute;cup&eacute;ration sous la forme d&rsquo;un fichier PDF ou dans &laquo; AGOV me &raquo;.
 recovery_check_code.invalid.code=Le code est invalide
 recovery_check_code.invalid.code.required=Code requis
 recovery_check_code.invalid.code.tooLong=Le code est trop long
@@ -249,7 +251,7 @@ recovery_check_code.too_many_tries.instruction2=Veuillez vous rendre sur AGOV he
 recovery_check_noCode.banner.error=Trop de tentatives.
 recovery_check_noCode.instruction1=Vous avez peut-&ecirc;tre essay&eacute; de saisir le code de r&eacute;cup&eacute;ration trop de fois.
 recovery_check_noCode.instruction2=Veuillez fermer le navigateur web et recommencer la r&eacute;cup&eacute;ration du compte dans dix minutes &agrave; partir de <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
-recovery_code.banner.error=Veuillez indiquer votre nouveau code pour pouvoir continuer.
+recovery_code.banner.error=Veuillez r&eacute;v&eacute;ler votre code de r&eacute;cup&eacute;ration pour pouvoir continuer.
 recovery_code.instruction=Les codes de r&eacute;cup&eacute;ration vous permettent d'acc&eacute;der &agrave; votre compte au cas o&ugrave; vous auriez perdu tous vos identifiants. Conservez le code de r&eacute;cup&eacute;ration en lieu s&ucirc;r.
 recovery_code.newRecoveryCode=Introduction du code de r&eacute;cup&eacute;ration
 recovery_code.validUntil=Valable jusqu'au:
@@ -295,6 +297,8 @@ recovery_start_info.banner.warning=Vous ne pourrez pas utiliser votre compte tan
 recovery_start_info.instruction=Le processus de r&eacute;cup&eacute;ration n&eacute;cessitera l&rsquo;enregistrement d&rsquo;un nouveau facteur d&rsquo;authentification. Si votre compte contient des informations ayant d&eacute;j&agrave; &eacute;t&eacute; v&eacute;rifi&eacute;es, il se peut que vous deviez les faire v&eacute;rifier &agrave; nouveau pour terminer la r&eacute;cup&eacute;ration.
 recovery_start_info.title=Vous &ecirc;tes sur le point de d&eacute;marrer le processus de r&eacute;cup&eacute;ration.
 reject.button.label=Refuser
+signup.button.label=Inscription
+skip.button.label=Passer
 submit.button.label=Envoyer
 tan.sent=Veuillez saisir le code de s&eacute;curit&eacute; que vous avez re&ccedil;u au votre t&eacute;l&eacute;phone mobile.
 title.login=Login
@@ -305,6 +309,7 @@ title.oauth.consent=Autorisation du client
 title.pwchange.label=Changer mot de passe
 title.pwreset=Mot de Passe Oubli&eacute;
 title.saml.failed=Error
+title.signup=Cr&#233;er un compte
 title.timeout.page=Logout
 user_input.invalid.email=Veuillez saisir un e-mail valable.
 user_input.invalid.email.required=Champ requis

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_it.properties

@@ -1,5 +1,5 @@
 
-accept.button.label=Accettare
+accept.button.label=Accetta
 agov-ident.done.message=Il vostro conto AGOV è ora pronto per l'uso. Può chiudere questa pagina.
 agov-ident.done.title=Finito
 agov-ident.failed.instruction=Per completare la registrazione è necessario disporre di un account AGOV e superare la verifica dei dati suggerita. Riprova.
@@ -10,11 +10,11 @@ agov-ident.invalid-url.message=Il link non può essere elaborato
 agov-ident.invalid-url.title=Link non valido
 agov-ident.onboarding=Registrazione e verifica
 agov-ident.retry=Riprova
-button.submit=Continua
+cancel.button.label=Annulla
-cancel.button.label=Abortire
 continue.button.label=Continua
 darkModeSwitch.aria.label=Attivare la modalità scura
 deputy.profile.label=(profilo del delegato)
+error.account.exists=L'account esiste gi<67>. Prosegui col login.
 error.policy.failed=La nuova password non &egrave; stata accettata. Scegliere una password che sia conforme ai criteri di password.
 error.saml.failed=Chiudi il browser e riprova.
 error_1=Verificare i dati inseriti.
@@ -65,7 +65,7 @@ general.edit=Modificare
 general.email=e-mail
 general.email.address=Indirizzo e-mail
 general.entryCode=Codice
-general.fieldRequired=Campo obbligatorio.
+general.fieldRequired=Campo obbligatorio
 general.getStarted=Iniziare
 general.goAGOVHelp=Vai ad AGOV help
 general.goAccessApp=Login con AGOV access
@@ -75,7 +75,7 @@ general.help.link=https://agov.ch/help
 general.login=Accedere
 general.login.accessApp=Accesso con l'App AGOV access
 general.login.securityKey=Login con la chiave di sicurezza
-general.loginSecurityKey=Iniziare il login con la chiave di sicurezza
+general.loginSecurityKey=Inizi l'accesso con chiave di sicurezza
 general.moreOptions=ALTRE OPZIONI
 general.or=O
 general.otherLoginMethods=Altri metodi di login
@@ -83,8 +83,8 @@ general.recovery=Ripristino
 general.recovery.help.link=https://help.agov.ch/?c=100recovery
 general.recoveryCode.downloadPdf=Salva come PDF
 general.recoveryCode.inputLabel=Codice di ripristino
-general.recoveryCode.repeatCodeError=Il codice inserito non &egrave; corretto. Assicurati di averlo memorizzato correttamente, quindi riprova a inviarlo.
+general.recoveryCode.repeatCodeError=Il codice inserito non &egrave; corretto. Verifichi di averlo salvato correttamente e riprovi.
-general.recoveryCode.repeatCodeModal.description=Un codice di ripristino perso o memorizzato in modo errato pu&ograve; rendere pi&ugrave; difficile il recupero del tuo account. Per assicurarti di aver registrato correttamente il codice, inseriscilo di nuovo qui sotto.
+general.recoveryCode.repeatCodeModal.description=Per assicurarsi di aver registrato correttamente il suo codice, lo ripeta qui sotto. Un codice di ripristino perso o registrato in modo errato pu&ograve; rendere pi&ugrave; difficile il ripristino del suo account.
 general.recoveryCode.repeatCodeModal.title=Ripeti il codice di ripristino
 general.recoveryCode.reveal=Mostri il codice di ripristino
 general.recoveryOngoing=Ripristino in corso
@@ -111,21 +111,21 @@ language.fr=Fran&ccedil;ais
 language.it=Italiano
 language.rm=Rumantsch
 languageDropdown.aria.label=Selezionare la lingua
-loainfo.description.200=Per accedere all'app &egrave; necessaria una verifica dei dati. La procedura pu&ograve; richiedere fino a 2&ndash;3 giorni lavorativi.
+loainfo.description.200=Per accedere all'applicazione, dobbiamo verificare i suoi dati. Il processo pu&ograve; richiedere da 2&ndash;3 giorni.
-loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, pu&ograve; selezionare la procedura di verifica desiderata.
+loainfo.description.300=Per accedere all'applicazione, dobbiamo verificare i suoi dati. Potr&agrave; scegliere il processo preferito nel passaggio successivo.
 loainfo.description.400=Per accedere all'applicazione &egrave; necessario inserire il numero AVS.
 loainfo.helper=I dati devono essere verificati!
 loainfo.later=Pi&ugrave; tardi
-loainfo.startNow=Iniziare la procedura?
+loainfo.startNow=Vuole iniziare il processo ora?
-loainfo.startVerification=Iniziare la verifica
+loainfo.startVerification=Inizi la verificazione
 loainfo.title=Verificare i dati.
 login.button.label=Login
 logout.label=Logout
 logout.text=&Egrave; uscito con successo.
 mauth_usernameless.EID=Continuare con CH e-ID
 mauth_usernameless.banner.error=Autenticazione interrotta.<br>Riprovare dopo che la pagina si sar&agrave; ricaricata.
-mauth_usernameless.banner.info=La scansione &egrave; stata eseguita.<br>Continuare nell'app AGOV access.
+mauth_usernameless.banner.info=Scansione eseguita. Continuare nell'app AGOV access.
-mauth_usernameless.banner.success=Autenticazione riuscita!<br>Aspettare di essere connessi.
+mauth_usernameless.banner.success=Autenticazione riuscita.<br>Attenda l&rsquo;accesso.
 mauth_usernameless.cannotLogin=Ha perso l'accesso alla sua app/chiave di sicurezza?
 mauth_usernameless.cannotLogin.accessApp=Ha perso l'accesso al suo App AGOV access?
 mauth_usernameless.cannotLogin.securityKey=Ha perso l'accesso alla sua chiave di sicurezza?
@@ -134,7 +134,7 @@ mauth_usernameless.instructions=Per accedere, scansionare il codice QR con l'app
 mauth_usernameless.noAccount=Non ha ancora un AGOV account?
 mauth_usernameless.selectLoginMethod=Selezionare il metodo di login
 mauth_usernameless.showQR=Visualizza il codice QR
-mauth_usernameless.startRecovery=Inizia il recupero dell'account
+mauth_usernameless.startRecovery=Inizi il ripristino dell&rsquo;account
 mauth_usernameless.useSecurityKey=Accedere utilizzando una chiave di sicurezza.
 mauth_usernameless.useSecurityKeyInfo=Una chiave di sicurezza fisica permette di accedere in modo sicuro senza utilizzare un telefono.
 method.certificate.label=Certificato
@@ -214,7 +214,7 @@ prompt.newpassword=Nuova Password
 prompt.newpassword.confirm=Conferma password
 prompt.password=Password
 prompt.userid=Nome utente
-providePhoneNumber.banner=Il numero di telefono deve essere in grado di ricevere SMS.<br>Questo numero di telefono non sar&agrave; utilizzato per contattarti.
+providePhoneNumber.banner=Il numero di telefono deve poter ricevere SMS. Non sar&agrave; utilizzato per contattarla.
 providePhoneNumber.description=AGOV ora supporta il ripristino tramite il tuo numero di telefono. Questo ti permetter&agrave; di continuare con un SMS durante il ripristino se hai perso l'accesso al tuo codice di ripristino.
 providePhoneNumber.errorBanner=Il numero di telefono non corrispondono. Si prega di riprovare.
 providePhoneNumber.inputLabel=Numero di telefono (facoltativo)
@@ -222,7 +222,7 @@ providePhoneNumber.laterModal.description1=Senza un numero di telefono, il recup
 providePhoneNumber.laterModal.description2=Aggiungere un numero di telefono ti aiuta a recuperare il tuo account in pochi minuti.
 providePhoneNumber.laterModal.description3=Questo numero di telefono non sar&agrave; utilizzato per contattarti.
 providePhoneNumber.laterModal.title=Continuare senza un numero di telefono?
-providePhoneNumber.modal.description=Un numero di telefono memorizzato in modo errato pu&ograve; rendere pi&ugrave; difficile il recupero del tuo account. Per assicurarti di aver registrato correttamente il tuo numero di telefono, inseriscilo di nuovo qui sotto.
+providePhoneNumber.modal.description=Per assicurarsi di aver registrato correttamente il suo numero di telefono, lo ripeta qui sotto. Un numero registrato in modo errato pu&ograve; rendere pi&ugrave; difficile il ripristino del suo account.
 providePhoneNumber.modal.inputLabel=Numero di telefono
 providePhoneNumber.modal.title=Ripetere il numero di telefono
 providePhoneNumber.saveButtonText=Salva
@@ -231,12 +231,14 @@ pwreset.done.info=La password &egrave; stata modificata con successo. Fare clic
 pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password.
 pwreset.info.linktext=Password dimenticata
 pwreset.noticket=Il biglietto per la reimpostazione della password non &egrave; pi&ugrave; valido. Si prega di generarne uno nuovo.
+qrCode.label=Clicchi per aprire il codice QR in una finestra pop-up.
 recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV gi&agrave; registrata
 recovery_accessapp_auth.instruction1=Ha gi&agrave; registrato una nuova app AGOV access !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
 recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
 recovery_check_code.banner.lockedError=Troppi tentativi di inserimento non validi. Riprovare tra qualche minuto.
 recovery_check_code.codeIncorrect=Il codice inserito non &egrave; corretto. Riprovare.
-recovery_check_code.enterRecoveryCode=Inserisca il codice di recupero
+recovery_check_code.enterRecoveryCode=Codice di ripristino
+recovery_check_code.expired=Troppi tentativi o il codice di ripristino &egrave; scaduto.
 recovery_check_code.instruction=Inserire qui sotto il codice di ripristino a 12 caratteri alfanumerici. Ha ricevuto questo codice in un file PDF al momento della registration o in AGOV me.
 recovery_check_code.invalid.code=Il codice non &egrave; valido
 recovery_check_code.invalid.code.required=Codice richiesto
@@ -249,17 +251,17 @@ recovery_check_code.too_many_tries.instruction2=Si prega di andare alla guida di
 recovery_check_noCode.banner.error=Troppi tentativi.
 recovery_check_noCode.instruction1=Potresti aver tentato di inserire il codice di ripristino troppe volte.
 recovery_check_noCode.instruction2=Chiudi il browser web e inizia nuovamente il processo di ripristino dell'account tra dieci minuti da <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
-recovery_code.banner.error=La preghiamo di rivelare il suo nuovo codice per poter continuare.
+recovery_code.banner.error=Mostri il suo codice di ripristino per poter continuare.
 recovery_code.instruction=Il codice di ripristino le aiuta ad accedere al suo conto in caso in cui lei abbia perso le credentiali di accesso. Per favore, conservi il codice di ripristino in un luogo sicuro.
 recovery_code.newRecoveryCode=Introduzione del codice di ripristino
 recovery_code.validUntil=Valido fino a:
-recovery_fidokey_auth.button=Iniziare l'authenticazione della chiave
+recovery_fidokey_auth.button=Inizi l'authenticazione della chiave
-recovery_fidokey_auth.fidoInstruction=Cliccare su "Iniziare l'authenticazione della chiave"
+recovery_fidokey_auth.fidoInstruction=Clicchi su "Inizi l'authenticazione della chiave"
 recovery_fidokey_auth.instruction1=Ha gi&agrave; registrato una nuova chiave di sicurezza !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
 recovery_fidokey_auth.instruction2=Si prega di usare !!!SECURITY_KEY_NAME!!! per poter seguire i passaggi seguenti per identificarti.
 recovery_fidokey_auth.keyRegistered=Chiave di sicurezza gi&agrave; registrata
 recovery_intro_email.banner.error=Il link utilizzato &egrave; scaduto. Per ricevere un nuovo link, inserire l&rsquo;indirizzo e-mail.
-recovery_intro_email.banner.info=Per ricevere il link e avviare il processo di ripristino, inserire l&rsquo;indirizzo e-mail.
+recovery_intro_email.banner.info=Inserisca il suo indirizzo email, cos&igrave; potremo inviarle un link per iniziare il processo di ripristino.
 recovery_intro_email.important=Importante:
 recovery_intro_email.process=Il processo di ripristino deve essere utilizzato solo se ha perso l'accesso ai suoi fattori di accesso (app AGOV access eliminata, chiave di sicurezza persa, telefono smarrito, ecc.).
 recovery_intro_email_sent.banner.button=Non avete ricevuto l'e-mail?
@@ -269,7 +271,7 @@ recovery_on_going.instruction=&Egrave; in corso un processo di ripristino. Il pr
 recovery_on_going.title=Completare il processo di ripristino.
 recovery_questionnaire_instructions.banner.info=Tenga presente che in alcuni casi &egrave; necessario utilizzare il codice di ripristino per un ripristino riuscito.
 recovery_questionnaire_instructions.explanation=In base alle sue risposte sembra essere necessario un ripristino AGOV-Login. Fare clic su Continua e seguire le istruzioni visualizzate sullo schermo.
-recovery_questionnaire_instructions.instruction1=Si prega di fornire l'indirizzo email del suo account in modo di poter inviarle un link per iniziare il processo di recupero
+recovery_questionnaire_instructions.instruction1=Indichi l&rsquo;indirizzo e-mail associato al suo account, cos&igrave; potremo inviarle un link per iniziare il processo di ripristino
 recovery_questionnaire_instructions.instruction2=Si prega di seguire i passaggi per recuperare il suo account (i passaggi varieranno a seconda del livello di verifica dell'account)
 recovery_questionnaire_loginfactor.banner.error=Si prega di selezionare una risposta.
 recovery_questionnaire_loginfactor.no=No
@@ -290,11 +292,13 @@ recovery_questionnaire_reason_selection.answer7=Ho i miei token di sicurezza o l
 recovery_questionnaire_reason_selection.answer8=Ho perso l'accesso a tutte le mie chiavi di sicurezza e alle app AGOV access
 recovery_questionnaire_reason_selection.answer9=Ho problemi con uno dei miei fattori di accesso (PIN cancellato, reimpostato, dimenticato)
 recovery_questionnaire_reason_selection.banner.error=Si prega di selezionare il motivo.
-recovery_questionnaire_reason_selection.instruction=Si prega di selezionare il motivo per cui sta avviando il processo di recupero:
+recovery_questionnaire_reason_selection.instruction=Selezioni il motivo per cui sta iniziando il processo di ripristino:
 recovery_start_info.banner.warning=Non &egrave; possibile utilizzare l&rsquo;account finch&eacute; il processo di ripristino non sar&agrave; concluso.
-recovery_start_info.instruction=Durante il processo di ripristino sar&agrave; registrato un nuovo fattore di accesso. Se l&rsquo;account contiene informazioni verificate, potrebbe essere necessario avviare un processo di verifica per completare il ripristino.
+recovery_start_info.instruction=Durante il processo di ripristino registrer&agrave; un nuovo fattore di login. Se il suo account contiene informazioni verificate, potrebbe dover effettuare anche un processo di verificazione per completare il ripristino.
-recovery_start_info.title=Il processo di ripristino sta per iniziare.
+recovery_start_info.title=Sta per iniziare il processo di ripristino
-reject.button.label=Rifiuti
+reject.button.label=Rifiuta
+signup.button.label=Iscriviti
+skip.button.label=Salta
 submit.button.label=Continua
 tan.sent=Inserisci il codice di sicurezza che &egrave; stato inviato al tuo telefono cellulare.
 title.login=Login
@@ -305,6 +309,7 @@ title.oauth.consent=Autorizzazione del client
 title.pwchange.label=Cambiare Password
 title.pwreset=Password Dimenticata
 title.saml.failed=Error
+title.signup=Crea un account
 title.timeout.page=Logout
 user_input.invalid.email=Inserire un'e-mail valida.
 user_input.invalid.email.required=Campo obbligatorio

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/Recovery_mobile_nless_auth.groovy

@@ -50,3 +50,4 @@ if (inargs.containsKey('onReload')) {
     clearFidoUAFSession()
     response.setResult('default')
 }
+

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithAssertion.groovy

@@ -40,7 +40,7 @@ if(loa_str){
 
 // BUNDBITBK-5005: Set cookie to remember the last authentication method
 def agovAuthMethodCookie = "LOGINMETHOD=${AUTHENTICATON_URN_TO_COOKIE_MAPPER[session.getAttribute('authenticatedWith')]}; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=1800; SameSite=Strict; Secure; HttpOnly"
-response.setHeader('Set-Cookie2', agovAuthMethodCookie)
+response.setHeader('Set-Cookie3', agovAuthMethodCookie)
 
 // delete the login cookie
 def agovLoginCookie = "agovLogin=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/checkloa.groovy

@@ -140,7 +140,7 @@ try {
     s.setAttribute('ch.nevis.idm.User.gender', '2')
   }
   if(s.get('ch.nevis.idm.User.gender') == 'OTHER'){
-    session.setAttribute('ch.nevis.idm.User.gender', '3')
+    s.setAttribute('ch.nevis.idm.User.gender', '3')
   }
 
 
@@ -223,7 +223,7 @@ try {
 
     if (recoveryRoleList.contains('mustRecover')) {
       s.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:mustRecover')
-      s.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown' )
+      s.setAttribute('agov.recovery.authenticatedWith', session.get('authenticatedWith') ?: 'unknown' )
 
       def origIdVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()) ?: 'None'
       def idVerification = getUserIdVerificationForRecovery() ?: origIdVerification
@@ -247,8 +247,8 @@ try {
       } else {
         s.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recovery')
       }
-      s.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown')
+      s.setAttribute('agov.recovery.authenticatedWith', session.get('authenticatedWith') ?: 'unknown')
-      s.setAttribute('agov.recovery.currentAgovAq', session.getAttribute('contextClassRefToSet') ?: 'urn:qa.agov.ch:names:tc:ac:classes:100' )
+      s.setAttribute('agov.recovery.currentAgovAq', session.get('contextClassRefToSet') ?: 'urn:qa.agov.ch:names:tc:ac:classes:100' )
       LOG.debug('CheckLoa: idVerification2= '+ getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()))
       def idVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString())
       s.setAttribute('agov.recovery.currentIdVerification', (idVerification.isEmpty() ? 'None' : idVerification.first()))

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_account_linking_mobile_nless_auth.groovy

@@ -0,0 +1,100 @@
+import groovy.json.JsonBuilder
+import ch.nevis.esauth.auth.engine.AuthResponse
+
+
+def getHeader(String name) {
+    def inctx = request.getLoginContext()
+    // case-insensitive lookup of HTTP headers
+    def map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER)
+    map.putAll(inctx)
+    return map['connection.HttpHeader.' + name]
+}
+
+def clearFidoUAFSession() {
+    LOG.debug("start new FIDO UAF session (skipping ${session['ch.nevis.auth.fido.uaf.fidouafsessionid']}")
+    def s = request.getAuthSession(true)
+    s.removeAttribute('ch.nevis.auth.fido.uaf.fidouafsessionid')
+    inargs.remove('fallback')
+}
+
+
+def clearIdmSessionAttributes() {
+  def s = request.getAuthSession(true)
+  def sessionKeySet = new HashSet(session.keySet()) 
+  sessionKeySet.each { key -> 
+    if ( key ==~ /ch.nevis.idm.*/ || key ==~ /ch.adnovum.nevisidm.*/ ) {
+      s.removeAttribute(key)
+    }
+  }
+}
+
+
+def sess = request.getAuthSession(true)
+
+// dispatch AJAX calls and form POST when operation is done
+if (inargs['fidoUafDone'] == 'true' ||
+    inargs.containsKey('o.fidoUafSessionId.v') ||
+    getHeader('Content-Type') == 'application/json') {
+
+    if (inargs.containsKey('o.fidoUafSessionId.v') && (inargs['o.fidoUafSessionId.v'] != session['ch.nevis.auth.fido.uaf.fidouafsessionid'])) {
+        // received polling for wrong fido session; make sure, that stops
+        LOG.debug("received polling for wrong fido session ${inargs['o.fidoUafSessionId.v']} (correct: ${session['ch.nevis.auth.fido.uaf.fidouafsessionid']})")
+        def json = new JsonBuilder()
+        json {
+            "status" "unknown"
+            "timestamp" org.joda.time.DateTime.now().toString()
+        }
+        String body = json.toString()
+
+        response.setContent(body)
+        response.setContentType('application/json')
+        response.setHttpStatusCode(200)
+        response.setIsDirectResponse(true)
+        response.setStatus(AuthResponse.AUTH_CONTINUE)
+        return
+    }
+
+  if (inargs['fidoUafDone'] == 'true') {
+    // get clean state, before validating user in IDM
+    LOG.debug("clear IDM session attributes")
+    clearIdmSessionAttributes()
+  }
+
+    // continue with OutOfBandFidoUafAuthState
+    response.setResult('ok')
+}
+
+// dispatch form post with fallback input field : transition to FIDO Token authentication
+if (inargs['fallback'] == 'fallback') {
+    sess.setAttribute("eid.placeholder.text", "Fido2 login not implemented yet")
+    response.setResult('fido2')
+}
+
+// dispatch to recovery
+if (inargs['fallback'] == 'recovery') {
+    response.addOutArg('nevis.transfer.destination', parameters.get('recoveryurl'))
+    response.setStatus(ch.nevis.esauth.auth.engine.AuthResponse.AUTH_CONTINUE) 
+    response.setIsRedirectTransfer(true)
+    // Remove existing cookies before redirecting to RECOVERY
+    def agovRecoveryCookie = "agovRecovery=deleted; Path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure; HttpOnly"
+    response.setHeader('Set-Cookie', agovRecoveryCookie)
+    return
+}
+
+// dispatch form post with fallback input field : go to registration with right loa
+if (inargs['fallback'] == 'register') {
+    sess.setAttribute("eid.placeholder.text", "Registration should not be called here?")
+    response.setResult('registration')
+}
+
+// cancel and go back to login
+if (inargs['fallback'] == 'back') {
+    response.setResult('back')
+}
+
+
+// dispatch form post with onReload input field : refresh QR-code FIDO UAF
+if (inargs.containsKey('onReload')) {
+    clearFidoUAFSession()
+    response.setResult('default')
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_account_linking_redirect_to_agovme.groovy

@@ -0,0 +1,23 @@
+if(outargs.containsKey('saml.SAMLResponse')) {
+     // Accounting
+     def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown'
+     def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown'
+     def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown'
+     def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'
+     def credentialType = session['agov.authenticatedWith'] ?: 'unknown'
+     def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+     def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+
+     LOG.info("Event='GOTOEIDLINKING', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}'")     
+     
+     // Redirect
+     response.addOutArg('nevis.transfer.destination', parameters.get('agovmedirecturl'))
+     response.addOutArg('nevis.transfer.field.SAMLResponse', outargs.getProperty('saml.SAMLResponse').bytes.encodeBase64().toString())
+     response.setStatus(ch.nevis.esauth.auth.engine.AuthResponse.AUTH_CONTINUE) 
+     response.setIsRedirectTransfer(false)
+
+     response.removeOutArg('saml.SAMLResponse')
+}
+else {
+    response.setResult('ok')
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_compare_and_update_idm_attributes.groovy

@@ -156,3 +156,4 @@ if(auditedRequired){
 
 
 
+

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_fetch_linked_accounts.groovy

@@ -6,8 +6,6 @@ import ch.nevis.idm.client.HTTPRequestWrapper
 import groovy.json.JsonSlurper
 import groovy.json.JsonBuilder
 
-
-
 def getHeader(String name) {
 	def inctx = request.getLoginContext()
 	// case-insensitive lookup of HTTP headers
@@ -34,6 +32,7 @@ def clearEidSession(){
 }
 
 def getAccounts(json, String svnr) {
+    String svnrWithPrefix = "urn:ch-agov-eid:$svnr"
     def idm_users_dto = json["Resources"]
     def accounts = [:]
     def frontend_dto = []
@@ -50,8 +49,8 @@ def getAccounts(json, String svnr) {
             def extId = user["externalId"]
             //TODO/aca/2025/06/11: Can we have multiple email adresses? -> if yes search for primary
             String email = user["emails"][0]["value"]
-			if(cred["type"] == "SAMLFEDERATION" && cred["issuerNameId"] == svnr){
+			if(cred["type"] == "SAMLFEDERATION" && ( cred["issuerNameId"] == svnr || cred["issuerNameId"] == svnrWithPrefix )){
-                // we found a second federation credential in one AGOV account -> Throw data error
+                // we found more than one federation credential in one AGOV account -> Throw data error
                 if(foundCredential){
                     LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${extId}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Multiple EId linking credentials found in one AGOV account'")
                     return [null,null]
@@ -140,7 +139,7 @@ LOG.debug("search for accounts with SVNR: $svnr")
 
 // Pepare GET request
 String attributes = "externalId,emails,urn:nevis:idm:scim:schemas:v1:extension:User.credentials.type,urn:nevis:idm:scim:schemas:v1:extension:User.credentials.issuerNameId,urn:nevis:idm:scim:schemas:v1:extension:User.credentials.subjectNameId,urn:nevis:idm:scim:schemas:v1:extension:User.credentials.extId,urn:nevis:idm:scim:schemas:v1:extension:User.credentials.credentialLoginInfo.lastLogin"
-String filter = "urn:nevis:idm:scim:schemas:v1:extension:User.credentials.type=='SAMLFEDERATION'%20AND%20urn:nevis:idm:scim:schemas:v1:extension:User.credentials.issuerNameId=='$svnr'"
+String filter = "urn:nevis:idm:scim:schemas:v1:extension:User.credentials.type=='SAMLFEDERATION'%20AND%20%28%20urn:nevis:idm:scim:schemas:v1:extension:User.credentials.issuerNameId%20==%20'$svnr'%20OR%20urn:nevis:idm:scim:schemas:v1:extension:User.credentials.issuerNameId%20==%20'urn:ch-agov-eid:$svnr'%29"
 
 String requestUrl = "$endPoint?count=20&attributes=$attributes&filter=$filter"
 
@@ -157,7 +156,7 @@ try {
     def (accounts, frontend_dto) = getAccounts(json, svnr)
 
     // unrecoverable DATA ERROR happend
-    if(!accounts){
+    if(accounts == null){
         response.setResult('error')
         return
     }
@@ -167,9 +166,7 @@ try {
     LOG.debug("Linked accounts found: " + frontend_dto.toString())
 
     if(numAccounts == 0){
-        //TODO/aca/2025-06-10: Implement next step
+        // No account found => show account linking dialog options
-        // Redirect to an error page or linking page when that's ready and decided
-        sess.setAttribute("eid.placeholder.text", "EId: No AGOV Account found case not implemented yet")
         response.setResult('noAccount')
         return
     }else if(numAccounts == 1){
@@ -201,3 +198,4 @@ try {
     response.setResult('error')
     return
 }
+

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_start_account_linking.groovy

@@ -0,0 +1,27 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+
+def sess = request.getAuthSession(true)
+
+if(inargs['cancelEid']){
+    LOG.debug("Account registration canceled: Send response with error")
+    response.setResult('cancel')
+    return
+}
+
+if(inargs['continue'] == 'link_account'){
+    LOG.debug("AGOV account linking")
+    //sess.setAttribute("eid.placeholder.text", "EId: Implicit account linking not implemented yet")
+    response.setResult('link')
+    return
+}
+
+if(inargs['continue'] == 'register_account'){
+    LOG.debug("AGOV account registration was selected")
+    sess.setAttribute("eid.placeholder.text", "EId: Account registration with implicit linking not implemented yet")
+    response.setResult('register')
+    return
+}
+
+LOG.debug("Show GUI")
+response.setStatus(AuthResponse.AUTH_CONTINUE)
+return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_verification_auth.groovy

@@ -355,6 +355,7 @@ if (getHeader('Content-Type') == 'application/json' && inargs.containsKey('o.id.
 				sess.setAttribute('agov.eid.User.gender', claims.sex)
 				sess.setAttribute('agov.eid.User.svnr', claims.personal_administrative_number.replace('.',''))
 				sess.setAttribute('agov.eid.User.placeOfBirth', claims.birth_place)
+				sess.setAttribute('agov.eid.User.placeOfOrigin', claims.place_of_origin)
 				sess.setAttribute('agov.eid.User.eIdNumber', claims.document_number)
                 // Simpler for later comparison -> Is converted again to upper case in the saml assertion
 				sess.setAttribute('agov.eid.User.nationality', claims.nationality.toString().toLowerCase())
@@ -452,3 +453,4 @@ if (getHeader('Content-Type') == 'application/json' && inargs.containsKey('o.id.
 LOG.debug("Show GUI")
 response.setStatus(AuthResponse.AUTH_CONTINUE)
 return
+

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf

@@ -13,8 +13,9 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2505.5,service.instance.id=$HOSTNAME"
     "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-idp-extended-truststore/truststore.p12"
     "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-idp-extended-truststore/keypass}"
 )
 
+

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml

@@ -5,6 +5,8 @@
     <SessionCoordinator sessionInitialInactivityTimeout="600" sessionInactivityTimeout="28800" sessionMaxLifetime="28800" sessionIdPreGenerate="true">
         <!-- source: pattern://7022472ae407577ae604bbb8 -->
         <LocalSessionStore maxSessions="100000"/>
+        <!-- source: pattern://b7b59e97b3fd18bb60178573 -->
+        <RemoteSessionStore connectionUser="pipe:///var/opt/nevisauth/default/conf/credentials/dbUser" connectionPassword="pipe:///var/opt/nevisauth/default/conf/credentials/dbPassword" connectionUrl="jdbc:mariadb://mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat:3306/nevisauth?serverTimezone=UTC&amp;sslMode=disable&amp;autocommit=true" connectionMaxLifeTime="1800000" connectionMaxIdleTime="600000" connectionMinPoolSize="10" connectionMaxPoolSize="10" connectionAutomaticDbSchemaSetup="false" storeUnauthenticatedSessions="true"/>
         <!-- source: pattern://7022472ae407577ae604bbb8 -->
         <TokenAssembler name="DefaultTokenAssembler">
             <Selector default="true"/>
@@ -45,6 +47,8 @@
                 <!-- source: pattern://94e0b7b92ff2593f958c1eec -->
                 <field src="session" key="ch.adnovum.nevisidm.clientId" as="clientId"/>
                 <!-- source: pattern://94e0b7b92ff2593f958c1eec -->
+                <field src="session" key="ch.nevis.session.domain" as="domain"/>
+                <!-- source: pattern://94e0b7b92ff2593f958c1eec -->
                 <field src="request" key="ActualRoles" as="roles"/>
             </TokenSpec>
             <!-- source: pattern://94e0b7b92ff2593f958c1eec -->
@@ -65,6 +69,8 @@
                 <!-- source: pattern://94e0b7b92ff2593f958c1eec -->
                 <field src="session" key="ch.adnovum.nevisidm.clientId" as="clientId"/>
                 <!-- source: pattern://94e0b7b92ff2593f958c1eec -->
+                <field src="session" key="ch.nevis.session.domain" as="domain"/>
+                <!-- source: pattern://94e0b7b92ff2593f958c1eec -->
                 <field src="request" key="ActualRoles" as="roles"/>
             </TokenSpec>
             <!-- source: pattern://94e0b7b92ff2593f958c1eec -->
@@ -104,6 +110,11 @@
             <!-- source: pattern://947daa1313709b0f26a64432 -->
             <KeyObject name="EId_Rest_Client_Trust_Store" certificate="/var/opt/keys/trust/env-ca/truststore.jks"/>
         </KeyStore>
+        <!-- source: pattern://95220b3005deb118adeb01aa -->
+        <KeyStore name="EId_Account_Linking_Mobile_NLess_Auth">
+            <!-- source: pattern://95220b3005deb118adeb01aa -->
+            <KeyObject name="FIDO_UAF_Truststore" certificate="/var/opt/keys/trust/env-ca/truststore.jks"/>
+        </KeyStore>
         <!-- source: pattern://947daa1313709b0f26a64432 -->
         <KeyStore name="EId_Select_AGOV_Account">
             <!-- source: pattern://947daa1313709b0f26a64432 -->
@@ -123,6 +134,11 @@
             <!-- source: pattern://8dbec5bb024707d73fca93ef -->
             <KeyObject name="https://trustbroker-idp.agov-w.azure.adnovum.net" certificate="/var/opt/keys/trust/idp-pem-atb/truststore.jks"/>
         </KeyStore>
+        <!-- source: pattern://b09a3092a59797b317c06ae4 -->
+        <KeyStore name="EncryptionKeys">
+            <!-- source: pattern://b09a3092a59797b317c06ae4 -->
+            <KeyObject name="DefaultEncryptionKey" certificate="/var/opt/keys/trust/idp-pem-atb-enc/truststore.jks"/>
+        </KeyStore>
         <!-- source: pattern://cb8c63274fe346280de0ffd5 -->
         <KeyStore name="Auth_Realm_Mobile_FIDO_UAFKeyStore">
             <!-- source: pattern://cb8c63274fe346280de0ffd5 -->
@@ -141,8 +157,8 @@
             <KeyObject name="internal_tls_Truststore" certificate="/var/opt/keys/trust/env-ca/truststore.jks"/>
         </KeyStore>
     </SessionCoordinator>
-    <!-- source: pattern://7022472ae407577ae604bbb8 -->
+    <!-- source: pattern://b7b59e97b3fd18bb60178573 -->
-    <LocalOutOfContextDataStore reaperPeriod="60"/>
+    <RemoteOutOfContextDataStore connectionUser="pipe:///var/opt/nevisauth/default/conf/credentials/dbUser" connectionPassword="pipe:///var/opt/nevisauth/default/conf/credentials/dbPassword" connectionUrl="jdbc:mariadb://mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat:3306/nevisauth?serverTimezone=UTC&amp;sslMode=disable&amp;autocommit=true" connectionMaxLifeTime="1800000" connectionMaxIdleTime="600000" connectionMinPoolSize="10" connectionMaxPoolSize="10" connectionAutomaticDbSchemaSetup="false"/>
     <!-- source: pattern://204c22beaccdfd22727af378, pattern://06aeae2d799e492f5580d03b, pattern://7022472ae407577ae604bbb8, pattern://7022472ae407577ae604bbb8, pattern://9a8294b080ea769d22924af0, pattern://f393012a278e525956a362d3, pattern://c686c1bdd5355351f7f98cc8, pattern://7fb39bfd6c34685866a22180, pattern://b8bdab6e4634a1d81f20e5bb, pattern://cb8c63274fe346280de0ffd5, pattern://9a1d3c6052019748d3510261, pattern://ae023be7e097522c74e31d17, pattern://81ae3547acc02160f787a546, pattern://0327ca909dfcaf2d332da104, pattern://584964c837512845d7940809, pattern://e0fda9336be9c69dafc9b69e, pattern://7022472ae407577ae604bbb8, pattern://cb8c63274fe346280de0ffd5, pattern://204c22beaccdfd22727af378, pattern://06aeae2d799e492f5580d03b, pattern://7022472ae407577ae604bbb8 -->
     <AuthEngine useLiteralDictionary="true" literalDictionaryLanguages="en,de,fr,it" inputLanguageCookie="LANG" compatLevel="none" addAutheLevelToSecRoles="true" classPath="/var/opt/nevisauth/default/plugin:/opt/nevisidmcl/nevisauth/lib:/opt/nevisfidocl/nevisauth/lib:/opt/nevisauth/plugin" propagateSession="false">
         <!-- source: pattern://4fcfadb4a5c946ead7e6e995 -->
@@ -215,6 +231,8 @@
                     <!-- source: pattern://f63c475c35b616b7c6c1901c -->
                     <GuiElem name="agov.appDisplayNameEN" type="hidden" value="${sess:agov.appDisplayNameEN}" optional="true"/>
                     <!-- source: pattern://f63c475c35b616b7c6c1901c -->
+                    <GuiElem name="agov.appDisplayNameRM" type="hidden" value="${sess:agov.appDisplayNameRM}" optional="true"/>
+                    <!-- source: pattern://f63c475c35b616b7c6c1901c -->
                     <GuiElem name="agov.appSamlRpEntityId" type="hidden" value="https://auth.agov-w.azure.adnovum.net/app-info/app-icon?entity-id=${sess:ch.nevis.auth.saml.request.scoping.requesterId}" optional="true"/>
                     <!-- source: pattern://f63c475c35b616b7c6c1901c -->
                     <GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
@@ -413,6 +431,8 @@
             <!-- source: pattern://73efd00d67082ff1eb927922 -->
             <ResultCond name="main" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP"/>
             <!-- source: pattern://73efd00d67082ff1eb927922 -->
+            <ResultCond name="main_secure" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP_SEC"/>
+            <!-- source: pattern://73efd00d67082ff1eb927922 -->
             <Response value="AUTH_CONTINUE">
                 <!-- source: pattern://73efd00d67082ff1eb927922 -->
                 <Gui name="saml_dispatcher" label="title.saml.failed">
@@ -554,7 +574,7 @@
             <!-- source: pattern://4f15bae09cbda04a7a515158 -->
             <ResultCond name="firstLogin" next="Auth_Realm_Main_IDP_EId_Select_AGOV_Account_NotifyUser"/>
             <!-- source: pattern://4f15bae09cbda04a7a515158 -->
-            <ResultCond name="noAccount" next="Auth_Realm_Main_IDP_Eid_Placeholder"/>
+            <ResultCond name="noAccount" next="Auth_Realm_Main_IDP_EId_Start_AGOV_Account_Linking"/>
             <!-- source: pattern://4f15bae09cbda04a7a515158 -->
             <ResultCond name="ok" next="Auth_Realm_Main_IDP_EId_Fetch_IDM_Attributes"/>
             <!-- source: pattern://4f15bae09cbda04a7a515158 -->
@@ -699,6 +719,12 @@
             <property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/sex" value="${sess:ch.nevis.idm.User.gender}"/>
             <!-- source: pattern://1d81bd987455a8e1ee044ccf -->
             <property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/dateOfBirth" value="${sess:ch.nevis.idm.User.birthDate:^(\d\d\d\d-\d\d-\d\d).*$}"/>
+            <!-- source: pattern://1d81bd987455a8e1ee044ccf -->
+            <property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" value="${sess:ch.nevis.idm.User.email}"/>
+            <!-- source: pattern://1d81bd987455a8e1ee044ccf -->
+            <property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/socialSecurityNumber" value="#{ (sess['agov.appSvnrAllowed'] == 'true') ? sess['ch.nevis.idm.User.prop.svnr'] : ''}"/>
+            <!-- source: pattern://1d81bd987455a8e1ee044ccf -->
+            <property name="out.attribute.http://schemas.agov.ch/ws/2025/07/identity/claims/op/conversationId" value="${inctx:connection.HttpHeader.traceparent:^([0-9a-f]+)-([0-9a-f]+)-([0-9a-f]+)-([0-9a-f]+)$:$2}"/>
         </AuthState>
         <AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_EPD_Artifact_IDP" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="true">
             <!-- source: pattern://5a75ffc73b91b88cfab6168e -->
@@ -787,6 +813,12 @@
             <property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/sex" value="${sess:ch.nevis.idm.User.gender}"/>
             <!-- source: pattern://5a75ffc73b91b88cfab6168e -->
             <property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/dateOfBirth" value="${sess:ch.nevis.idm.User.birthDate:^(\d\d\d\d-\d\d-\d\d).*$}"/>
+            <!-- source: pattern://5a75ffc73b91b88cfab6168e -->
+            <property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" value="${sess:ch.nevis.idm.User.email}"/>
+            <!-- source: pattern://5a75ffc73b91b88cfab6168e -->
+            <property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/socialSecurityNumber" value="#{ (sess['agov.appSvnrAllowed'] == 'true') ? sess['ch.nevis.idm.User.prop.svnr'] : ''}"/>
+            <!-- source: pattern://5a75ffc73b91b88cfab6168e -->
+            <property name="out.attribute.http://schemas.agov.ch/ws/2025/07/identity/claims/op/conversationId" value="${inctx:connection.HttpHeader.traceparent:^([0-9a-f]+)-([0-9a-f]+)-([0-9a-f]+)-([0-9a-f]+)$:$2}"/>
         </AuthState>
         <AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="true">
             <!-- source: pattern://92cb6d5256008a32f12ceb93 -->
@@ -828,6 +860,10 @@
             <!-- source: pattern://92cb6d5256008a32f12ceb93 -->
             <property name="logoutTrigger" value="#{request['currentResource'].contains('logout') || inargs.containsKey('logout') || inargs.containsKey('SAMLLogout')}"/>
             <!-- source: pattern://92cb6d5256008a32f12ceb93 -->
+            <property name="in.verify" value="Assertion, AuthnRequest, ArtifactResolve, ArtifactResponse"/>
+            <!-- source: pattern://92cb6d5256008a32f12ceb93 -->
+            <property name="in.prospectVerification" value="ArtifactResolve"/>
+            <!-- source: pattern://92cb6d5256008a32f12ceb93 -->
             <property name="out.binding" value="http-post"/>
             <!-- source: pattern://92cb6d5256008a32f12ceb93 -->
             <property name="out.post.relayStateEncoding" value="HTML"/>
@@ -882,6 +918,8 @@
             <!-- source: pattern://92cb6d5256008a32f12ceb93 -->
             <property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/placeOfBirth" value="#{ (sess['agov.appSvnrAllowed'] == 'true') ? sess['ch.nevis.idm.User.prop.placeOfBirth'] : ''}"/>
             <!-- source: pattern://92cb6d5256008a32f12ceb93 -->
+            <property name="out.attribute.http://schemas.agov.ch/ws/2025/07/identity/claims/placeOfOrigin" value="#{ (sess['agov.appSvnrAllowed'] == 'true') ? sess['agov.eid.User.placeOfOrigin'] : ''}"/>
+            <!-- source: pattern://92cb6d5256008a32f12ceb93 -->
             <property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/eIdNumber" value="${sess:ch.nevis.idm.User.prop.eIdNumber}"/>
             <!-- source: pattern://92cb6d5256008a32f12ceb93 -->
             <property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/qa/dateOfVerification" value="${sess:ValidFrom}"/>
@@ -909,6 +947,21 @@
             <property name="out.attribute.http://schemas.agov.ch/ws/2024/02/identity/claims/address/qa/verificationMethod" value="#{ (sess['agov.appAddressRequired'] == 'true') ? ''.concat(sess.get('agov.adressVerification')).replace('Location', 'Domicile') : '' }"/>
             <!-- source: pattern://92cb6d5256008a32f12ceb93 -->
             <property name="out.attribute.http://schemas.agov.ch/ws/2024/02/identity/claims/address/countryName" value="#{ (sess['agov.appAddressRequired'] == 'true') ? sess['agov.countryName'] : ''}"/>
+            <!-- source: pattern://92cb6d5256008a32f12ceb93 -->
+            <property name="out.attribute.http://schemas.agov.ch/ws/2025/07/identity/claims/op/conversationId" value="${inctx:connection.HttpHeader.traceparent:^([0-9a-f]+)-([0-9a-f]+)-([0-9a-f]+)-([0-9a-f]+)$:$2}"/>
+        </AuthState>
+        <AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP_SEC" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false" resumeState="false">
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="default" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP_SEC_post"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="useArtifact" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP_SEC_artifact"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <Response value="AUTH_ERROR">
+                <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+                <Gui name="AuthErrorDialog"/>
+            </Response>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <property name="condition:useArtifact" value="${sess:agov.idp.use.artifact:^true$}"/>
         </AuthState>
         <AuthState name="Auth_Realm_Main_IDP_ReturnTimeoutButKeepSession" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
             <!-- source: pattern://826166d230a6a4849f2837ae -->
@@ -1012,15 +1065,29 @@
             <!-- source: pattern://4f15bae09cbda04a7a515158 -->
             <property name="parameter.idm.httpclient.tls.trustStoreRef" value="EId_Select_AGOV_Account"/>
         </AuthState>
-        <AuthState name="Auth_Realm_Main_IDP_Eid_Placeholder" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="false" resumeState="true">
+        <AuthState name="Auth_Realm_Main_IDP_EId_Start_AGOV_Account_Linking" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
-            <!-- source: pattern://47f8f6ef24f62431fbe1b530 -->
+            <!-- source: pattern://328e529ed345d17cacb4ec66 -->
+            <ResultCond name="cancel" next="Auth_Realm_Main_IDP_SendSamlResponseWithError"/>
+            <!-- source: pattern://328e529ed345d17cacb4ec66 -->
+            <ResultCond name="link" next="Auth_Realm_Main_IDP_EId_Account_Linking_Mobile_NLess_Auth"/>
+            <!-- source: pattern://328e529ed345d17cacb4ec66 -->
+            <ResultCond name="register" next="Auth_Realm_Main_IDP_Eid_Placeholder"/>
+            <!-- source: pattern://328e529ed345d17cacb4ec66 -->
             <Response value="AUTH_CONTINUE">
-                <!-- source: pattern://47f8f6ef24f62431fbe1b530 -->
+                <!-- source: pattern://328e529ed345d17cacb4ec66 -->
-                <Gui name="Eid_Placeholder" label="eID Placeholder">
+                <Gui name="eid_linking_account">
-                    <!-- source: pattern://47f8f6ef24f62431fbe1b530 -->
+                    <!-- source: pattern://328e529ed345d17cacb4ec66 -->
-                    <GuiElem name="infotext" type="info" label="${session:eid.placeholder.text}"/>
+                    <GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
+                    <!-- source: pattern://328e529ed345d17cacb4ec66 -->
+                    <GuiElem name="app_name" type="hidden" value="${sess:agov.appDisplayNameEN}" optional="true"/>
+                    <!-- source: pattern://328e529ed345d17cacb4ec66 -->
+                    <GuiElem name="firstname" type="hidden" value="${sess:agov.eid.User.firstName}" optional="true"/>
+                    <!-- source: pattern://328e529ed345d17cacb4ec66 -->
+                    <GuiElem name="lastname" type="hidden" value="${sess:agov.eid.User.lastName}" optional="true"/>
                 </Gui>
             </Response>
+            <!-- source: pattern://328e529ed345d17cacb4ec66 -->
+            <property name="script" value="file:///var/opt/nevisauth/default/conf/eid_start_account_linking.groovy"/>
         </AuthState>
         <AuthState name="Auth_Realm_Main_IDP_EId_Fetch_IDM_Attributes" class="ch.nevis.idm.authstate.IdmUserVerifyState" final="false" resumeState="false">
             <!-- source: pattern://b8bdab6e4634a1d81f20e5bb -->
@@ -1151,6 +1218,100 @@
                 <Arg name="ch.nevis.isiweb4.response.status" value="403"/>
             </Response>
         </AuthState>
+        <AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP_SEC_post" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="true">
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="IDP-initiated-ConcurrentLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Concurrent_Logout"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="IDP-initiated-SingleLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="LogoutCompleted" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Logout_Done"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="LogoutFailed" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Logout_Fail"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="SP-initiated-ConcurrentLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Concurrent_Logout"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="SP-initiated-SingleLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="authenticate:IDP-initiated-SSO" next="Auth_Realm_Main_IDP_RequestedRoleLevel"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="authenticate:SP-initiated-SSO" next="Auth_Realm_Main_IDP_RequestedRoleLevel"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="invalidAssertionConsumerUrl" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP_SEC"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="ok" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="stepup:IDP-initiated-SSO" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Selector"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="stepup:SP-initiated-SSO" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Selector"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <Response value="AUTH_ERROR">
+                <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+                <Gui name="saml_idp" label="title.saml.failed">
+                    <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+                    <GuiElem name="lasterror" type="error" label="error.saml.failed"/>
+                </Gui>
+            </Response>
+            <propertyRef name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <property name="out.issuer" value="https://auth.agov-w.azure.adnovum.net/SAML2SEC/"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <property name="out.binding" value="http-post"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <property name="out.post.relayStateEncoding" value="HTML"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <property name="out.encrypt" value="none"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <property name="out.encrypt.keystoreref" value="EncryptionKeys"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <property name="out.encrypt.keyobjectref" value="DefaultEncryptionKey"/>
+        </AuthState>
+        <AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP_SEC_artifact" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="true">
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="IDP-initiated-ConcurrentLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Concurrent_Logout"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="IDP-initiated-SingleLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="LogoutCompleted" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Logout_Done"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="LogoutFailed" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Logout_Fail"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="SP-initiated-ConcurrentLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Concurrent_Logout"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="SP-initiated-SingleLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="authenticate:IDP-initiated-SSO" next="Auth_Realm_Main_IDP_RequestedRoleLevel"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="authenticate:SP-initiated-SSO" next="Auth_Realm_Main_IDP_RequestedRoleLevel"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="invalidAssertionConsumerUrl" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP_SEC"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="ok" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="stepup:IDP-initiated-SSO" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Selector"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <ResultCond name="stepup:SP-initiated-SSO" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Selector"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <Response value="AUTH_ERROR">
+                <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+                <Gui name="saml_idp" label="title.saml.failed">
+                    <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+                    <GuiElem name="lasterror" type="error" label="error.saml.failed"/>
+                </Gui>
+            </Response>
+            <propertyRef name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <property name="out.issuer" value="https://auth.agov-w.azure.adnovum.net/SAML2SEC/"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <property name="out.binding" value="http-artifact"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <property name="out.post.relayStateEncoding" value="HTML"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <property name="out.encrypt" value="none"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <property name="out.encrypt.keystoreref" value="EncryptionKeys"/>
+            <!-- source: pattern://bb9e7806a04578e0ad468829 -->
+            <property name="out.encrypt.keyobjectref" value="DefaultEncryptionKey"/>
+        </AuthState>
         <AuthState name="Auth_Realm_Main_IDP_Fido_Email_Verify" class="ch.nevis.idm.authstate.IdmUserVerifyState" final="false" resumeState="false">
             <!-- source: pattern://7fb39bfd6c34685866a22180 -->
             <ResultCond name="clientNotFound" next="Auth_Realm_Main_IDP_AuthnFailed_Client_NotFound"/>
@@ -1264,6 +1425,48 @@
             <!-- source: pattern://e0fda9336be9c69dafc9b69e -->
             <property name="admin.service.connection.0" value="https://idm.adn-agov-nevisidm-admin-01-uat:8989/nevisidm/services/v1/AdminService"/>
         </AuthState>
+        <AuthState name="Auth_Realm_Main_IDP_EId_Account_Linking_Mobile_NLess_Auth" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <ResultCond name="back" next="Auth_Realm_Main_IDP_SendSamlResponseWithError"/>
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <ResultCond name="default" next="Auth_Realm_Main_IDP_EId_Account_Linking_Mobile_NLess_Auth"/>
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <ResultCond name="fido2" next="Auth_Realm_Main_IDP_Eid_Placeholder"/>
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <ResultCond name="ok" next="Auth_Realm_Main_IDP_EId_Account_Linking_Mobile_NLess_Auth_Processing"/>
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <ResultCond name="registration" next="Auth_Realm_Main_IDP_Eid_Placeholder"/>
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <Response value="AUTH_CONTINUE">
+                <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+                <Gui name="eid_linking_mauth_usernameless">
+                    <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+                    <GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
+                    <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+                    <GuiElem name="fallback" type="button" label="mobile_auth.cancel.button.label" value="true" optional="true"/>
+                    <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+                    <GuiElem name="accessApp" type="hidden" value="${sess:agov.recovery.accessapp}" optional="true"/>
+                </Gui>
+            </Response>
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <property name="scriptTraceGroup" value="AGOV-ACCT"/>
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <property name="script" value="file:///var/opt/nevisauth/default/conf/eid_account_linking_mobile_nless_auth.groovy"/>
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <property name="parameter.agovmeregistrationurl" value="https://ob.agov-w.azure.adnovum.net/mock-me/registration"/>
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <property name="parameter.recoveryurl" value="https://auth.agov-w.azure.adnovum.net/AUTH/RECOVERY/"/>
+        </AuthState>
+        <AuthState name="Auth_Realm_Main_IDP_Eid_Placeholder" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="false" resumeState="true">
+            <!-- source: pattern://47f8f6ef24f62431fbe1b530 -->
+            <Response value="AUTH_CONTINUE">
+                <!-- source: pattern://47f8f6ef24f62431fbe1b530 -->
+                <Gui name="Eid_Placeholder" label="eID Placeholder">
+                    <!-- source: pattern://47f8f6ef24f62431fbe1b530 -->
+                    <GuiElem name="infotext" type="info" label="${session:eid.placeholder.text}"/>
+                </Gui>
+            </Response>
+        </AuthState>
         <AuthState name="Auth_Realm_Main_IDP_EId_Fetch_IDM_Attributes_getProperties" class="ch.nevis.idm.authstate.IdmGetPropertiesState" final="false" resumeState="false">
             <!-- source: pattern://b8bdab6e4634a1d81f20e5bb -->
             <ResultCond name="clientNotFound" next="Auth_Realm_Main_IDP_Authentication_Failed"/>
@@ -1312,14 +1515,14 @@
             <property name="detaillevel.default" value="EXCLUDE"/>
         </AuthState>
         <AuthState name="Auth_Realm_Main_IDP_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
-            <!-- source: pattern://6061abea33a234fad73897b7, pattern://4fcfadb4a5c946ead7e6e995 -->
+            <!-- source: pattern://6061abea33a234fad73897b7, pattern://359792ce61c28c723ab7d354, pattern://4fcfadb4a5c946ead7e6e995 -->
             <ResultCond name="default" next="Auth_Realm_Main_IDP_Auth_Done"/>
-            <!-- source: pattern://6061abea33a234fad73897b7, pattern://4fcfadb4a5c946ead7e6e995 -->
+            <!-- source: pattern://6061abea33a234fad73897b7, pattern://359792ce61c28c723ab7d354, pattern://4fcfadb4a5c946ead7e6e995 -->
             <Response value="AUTH_DONE">
-                <!-- source: pattern://6061abea33a234fad73897b7, pattern://4fcfadb4a5c946ead7e6e995 -->
+                <!-- source: pattern://6061abea33a234fad73897b7, pattern://359792ce61c28c723ab7d354, pattern://4fcfadb4a5c946ead7e6e995 -->
                 <Gui name="ContinueResponse"/>
             </Response>
-            <!-- source: pattern://6061abea33a234fad73897b7, pattern://4fcfadb4a5c946ead7e6e995 -->
+            <!-- source: pattern://6061abea33a234fad73897b7, pattern://359792ce61c28c723ab7d354, pattern://4fcfadb4a5c946ead7e6e995 -->
             <property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
         </AuthState>
         <AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Authorization" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
@@ -1424,6 +1627,27 @@
             <!-- source: pattern://f393012a278e525956a362d3 -->
             <property name="parameter.idm.httpclient.tls.trustStoreRef" value="Ensure_Account_State"/>
         </AuthState>
+        <AuthState name="Auth_Realm_Main_IDP_EId_Account_Linking_Mobile_NLess_Auth_Processing" class="ch.nevis.auth.fido.uaf.authstate.OutOfBandFidoUafAuthState" final="false" resumeState="false">
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <ResultCond name="dispatchFailed" next="Auth_Realm_Main_IDP_EId_Account_Linking_Mobile_NLess_Auth_Processing"/>
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <ResultCond name="error" next="Auth_Realm_Main_IDP_EId_Account_Linking_Mobile_NLess_Auth_Processing"/>
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <ResultCond name="failed" next="Auth_Realm_Main_IDP_EId_Account_Linking_Mobile_NLess_Auth"/>
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <ResultCond name="ok" next="Auth_Realm_Main_IDP_EId_Account_Linking_Mobile_NLess_Auth_PostProcessing" authLevel="2"/>
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <Response value="AUTH_ERROR">
+                <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+                <Arg name="ch.nevis.isiweb4.response.status" value="403"/>
+            </Response>
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <property name="fidoUafServerUrl" value="https://fido-uaf:9443/nevisfido"/>
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <property name="dispatcher" value="link"/>
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <property name="httpclient.tls.trustStoreRef" value="EId_Account_Linking_Mobile_NLess_Auth"/>
+        </AuthState>
         <AuthState name="Auth_Realm_Main_IDP_EId_Compare_And_Update_IDM_Attributes" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
             <!-- source: pattern://306ce091fd87bad6174d9e8b -->
             <ResultCond name="audited" next="Auth_Realm_Main_IDP_EId_Compare_And_Update_IDM_Attributes_NotifyUser"/>
@@ -1441,9 +1665,9 @@
             <property name="parameter.idm.httpclient.tls.trustStoreRef" value="EId_Compare_And_Update_IDM_Attributes"/>
         </AuthState>
         <AuthState name="Auth_Realm_Main_IDP_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
-            <!-- source: pattern://6061abea33a234fad73897b7, pattern://4fcfadb4a5c946ead7e6e995 -->
+            <!-- source: pattern://6061abea33a234fad73897b7, pattern://359792ce61c28c723ab7d354, pattern://4fcfadb4a5c946ead7e6e995 -->
             <Response value="AUTH_DONE">
-                <!-- source: pattern://6061abea33a234fad73897b7, pattern://4fcfadb4a5c946ead7e6e995 -->
+                <!-- source: pattern://6061abea33a234fad73897b7, pattern://359792ce61c28c723ab7d354, pattern://4fcfadb4a5c946ead7e6e995 -->
                 <Gui name="ContinueResponse"/>
             </Response>
         </AuthState>
@@ -1548,6 +1772,14 @@
             <!-- source: pattern://f393012a278e525956a362d3 -->
             <property name="detaillevel.default" value="EXCLUDE"/>
         </AuthState>
+        <AuthState name="Auth_Realm_Main_IDP_EId_Account_Linking_Mobile_NLess_Auth_PostProcessing" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="false">
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <ResultCond name="default" next="Auth_Realm_Main_IDP_EId_Account_Linking_Redirect_To_Agovme"/>
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <Response value="AUTH_CONTINUE"/>
+            <!-- source: pattern://da38e049a1ff97663fb30a45 -->
+            <property name="sess:eid.placeholder.text" value="EId: Redirection to AGOV me not implemented yet"/>
+        </AuthState>
         <AuthState name="Auth_Realm_Main_IDP_EId_Compare_And_Update_IDM_Attributes_NotifyUser" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
             <!-- source: pattern://306ce091fd87bad6174d9e8b -->
             <ResultCond name="error" next="Auth_Realm_Main_IDP_SendSamlResponseWithError"/>
@@ -1616,6 +1848,82 @@
             <!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
             <property name="${sess:agov.new.recovery.code.cipher}?notes:agov.new.recovery.code:decrypt-b64" value="${sess:agov.new.recovery.code.cipher}"/>
         </AuthState>
+        <AuthState name="Auth_Realm_Main_IDP_EId_Account_Linking_Redirect_To_Agovme" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="false">
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <ResultCond name="ok" next="Auth_Realm_Main_IDP_EId_Account_Linking_Redirect_To_Agovme_Handle_Redirect"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <Response value="AUTH_ERROR">
+                <!-- source: pattern://359792ce61c28c723ab7d354 -->
+                <Gui name="internal_error">
+                    <!-- source: pattern://359792ce61c28c723ab7d354 -->
+                    <GuiElem name="transferId" type="hidden" value="${request:traceId}" optional="true"/>
+                </Gui>
+            </Response>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="in.binding" value="none"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.binding" value="internal"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.sign" value="Response Assertion"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.signatureKeyInfo" value="Certificate"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.ttl" value="20"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.extension.Bearer" value="ch.nevis.esauth.auth.states.saml.extensions.SubjectConfirmationExtender"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="Bearer.ttl" value="20"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.keystoreref" value="Store_IDP_AGOV"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.keyobjectref" value="Signer_IDP_AGOV"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="spURL" value="https://ob.agov-w.azure.adnovum.net/mock-me/process"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="acsUrlWhitelist.uris" value="not used"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/authenticatedWith" value="${sess:agov.authenticatedWith}"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/requestedRoleLevel" value="${sess:agov.requestedRoleLevel}"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.attribute.http://schemas.agov.ch/ws/2023/09/identity/claim/rpEntityId" value="${sess:agov.rpEntityId}"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" value="${sess:agov.eid.User.firstName}"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" value="${sess:agov.eid.User.lastName}"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/socialSecurityNumber" value="${sess:agov.eid.User.svnr}"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/placeOfBirth" value="${sess:agov.eid.User.placeOfBirth}"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.attribute.http://schemas.agov.ch/ws/2025/07/identity/claims/placeOfOrigin" value="${sess:agov.eid.User.placeOfOrigin}"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/dateOfBirth" value="${sess:agov.eid.User.birthDate}"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/nationality" value="${sess:agov.eid.User.nationality}"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/eIdNumber" value="${sess:agov.eid.User.eIdNumber}"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/sex" value="${sess:agov.eid.User.gender}"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/qa/dateOfVerification" value="${sess:ValidFrom}"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/qa/validTillDate" value="${sess:ValidTo}"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.attribute.http://schemas.agov.ch/ws/2025/07/identity/claims/op/conversationId" value="${inctx:connection.HttpHeader.traceparent:^([0-9a-f]+)-([0-9a-f]+)-([0-9a-f]+)-([0-9a-f]+)$:$2}"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.authnContextClassRef" value="${sess:agov.authnContextClassRef}"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.subject" value="${sess:ch.adnovum.nevisidm.user.extId}"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.subject.format" value="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.issuer" value="https://auth.agov-w.azure.adnovum.net/SAML2/"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.attributeDelimiter" value=",\s*"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="out.audienceRestriction" value="https://ob.agov-w.azure.adnovum.net/mock-me/process"/>
+        </AuthState>
         <AuthState name="Auth_Realm_Main_IDP_CheckLoa" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
             <!-- source: pattern://2cdd910036aa06b102863a4f -->
             <ResultCond name="error" next="Auth_Realm_Main_IDP_AuthnFailed_Zero_RoleLvl"/>
@@ -1688,6 +1996,21 @@
             <!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
             <property name="parameter.cookie.domain" value="auth.agov-w.azure.adnovum.net"/>
         </AuthState>
+        <AuthState name="Auth_Realm_Main_IDP_EId_Account_Linking_Redirect_To_Agovme_Handle_Redirect" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <ResultCond name="ok" next="Auth_Realm_Main_IDP_Prepare_Done"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <Response value="AUTH_CONTINUE">
+                <!-- source: pattern://359792ce61c28c723ab7d354 -->
+                <Gui name="not_used"/>
+            </Response>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="scriptTraceGroup" value="AGOV-ACCT"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="parameter.agovmedirecturl" value="https://ob.agov-w.azure.adnovum.net/mock-me/process"/>
+            <!-- source: pattern://359792ce61c28c723ab7d354 -->
+            <property name="script" value="file:///var/opt/nevisauth/default/conf/eid_account_linking_redirect_to_agovme.groovy"/>
+        </AuthState>
         <AuthState name="Auth_Realm_Main_IDP_AuthnFailed_Zero_RoleLvl" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
             <!-- source: pattern://50b861438e79c2332862d3ca -->
             <ResultCond name="ok" next="Auth_Realm_Main_IDP_SendSamlResponseWithError"/>
@@ -3083,8 +3406,6 @@
             <!-- source: pattern://e0fda9336be9c69dafc9b69e -->
             <ResultCond name="SOAP:showGui" next="NotUsed_Auth_Realm_Prepare_Done"/>
             <!-- source: pattern://e0fda9336be9c69dafc9b69e -->
-            <ResultCond name="default" next="NotUsed_Auth_Realm_Prepare_Done"/>
-            <!-- source: pattern://e0fda9336be9c69dafc9b69e -->
             <ResultCond name="ok" next="NotUsed_Auth_Realm_Prepare_Done" startOver="true"/>
             <!-- source: pattern://e0fda9336be9c69dafc9b69e -->
             <ResultCond name="showGui" next="NotUsed_Auth_Realm_NotUsed_Pwd_Login-IdmPostProcessing"/>
@@ -3103,6 +3424,12 @@
             <property name="detaillevel.default" value="EXCLUDE"/>
             <!-- source: pattern://e0fda9336be9c69dafc9b69e -->
             <property name="detaillevel.user" value="MEDIUM"/>
+            <!-- source: pattern://e0fda9336be9c69dafc9b69e -->
+            <property name="detaillevel.profile" value="MEDIUM"/>
+            <!-- source: pattern://e0fda9336be9c69dafc9b69e -->
+            <property name="detaillevel.role" value="LOW"/>
+            <!-- source: pattern://e0fda9336be9c69dafc9b69e -->
+            <property name="forceDataReload" value="true"/>
         </AuthState>
         <AuthState name="NotUsed_Auth_Realm_NotUsed_Pwd_Login-IdmPasswordChange" class="ch.nevis.idm.authstate.IdmChangePasswordState" final="false">
             <!-- source: pattern://e0fda9336be9c69dafc9b69e -->
@@ -3180,7 +3507,7 @@
                     <!-- source: pattern://e0fda9336be9c69dafc9b69e -->
                     <GuiElem name="isiwebnewpw2" type="pw-text" label="prompt.newpassword.confirm"/>
                     <!-- source: pattern://e0fda9336be9c69dafc9b69e -->
-                    <GuiElem name="submit" type="submit" label="button.submit"/>
+                    <GuiElem name="submit" type="submit" label="submit.button.label"/>
                 </Gui>
             </Response>
             <propertyRef name="nevisIDM_Connector"/>
@@ -3243,4 +3570,21 @@
         <!-- source: pattern://ab5a82719993921822e95751 -->
         <property name="out.keyobjectref" value="Signer_IDP_AGOV"/>
     </WebService>
+    <!-- source: pattern://14efdcb489f3f295fcbdf811 -->
+    <WebService name="IDP_AGOV_SEC_ARS" class="ch.nevis.esauth.auth.adapter.saml.ArtifactResolutionService" uri="/nevisauth/services/ars/sec" SSODomain="Auth_Realm_Main_IDP">
+        <!-- source: pattern://14efdcb489f3f295fcbdf811 -->
+        <property name="issuer" value="https://auth.agov-w.azure.adnovum.net/SAML2SEC/"/>
+        <!-- source: pattern://14efdcb489f3f295fcbdf811 -->
+        <property name="out.keystoreref" value="Store_IDP_AGOV"/>
+        <!-- source: pattern://14efdcb489f3f295fcbdf811 -->
+        <property name="out.keyobjectref" value="Signer_IDP_AGOV"/>
+        <!-- source: pattern://14efdcb489f3f295fcbdf811 -->
+        <property name="in.keystoreref" value="Store_IDP_AGOV"/>
+        <!-- source: pattern://14efdcb489f3f295fcbdf811 -->
+        <property name="in.verify" value="ArtifactResolve"/>
+        <!-- source: pattern://14efdcb489f3f295fcbdf811 -->
+        <property name="in.prospectVerification" value=""/>
+    </WebService>
+    <!-- source: pattern://7022472ae407577ae604bbb8 -->
+    <RESTService name="ManagementService" class="ch.nevis.esauth.rest.service.session.ManagementService"/>
 </esauth-server>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/handleRedirect.groovy

@@ -24,3 +24,4 @@ else {
 
 
 
+

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/handleRedirectRegistration.groovy

@@ -32,3 +32,4 @@ else {
 
 
 
+

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/idp_dispatcher.groovy

@@ -23,54 +23,72 @@ def redirect(String url) {
     outargs.put('nevis.transfer.destination', url)
 }
 
-/**
+String getNormalisedSamlMessage(String parameter) {
- * Extracts the content of the Issuer element from a parsed SAML message.
+    if (parameter == null) {
- * The Issuer is optional according to SAML specification but we need it for dispatching.
- *
- * @param xml - as parsed by Groovy XmlSlurper
- * @return text content of Issuer element converted or null
- */
-String getIssuer(GPathResult xml) {
-    return xml.depthFirst().find { GPathResult node -> {
-        node.name().endsWith(":Issuer") || node.name().equalsIgnoreCase("Issuer")
-      }
-    }?.text()
-}
-
-String getIssuer(String value) {
-    if (value == null) {
         return
     }
     String text
     byte[] decoded
-    def parser = new XmlSlurper()
+
-    // if value is raw xml then continue otherwise try to parse the base64 encoding
+    // if parameter is raw xml then continue otherwise try to parse the base64 encoding
-    if (value.startsWith("<")) {
+    if (parameter.startsWith("<")) {
-        text = new String(value)
+        text = new String(parameter)
     }
     else {
-        decoded = value.decodeBase64()
+        decoded = parameter.decodeBase64()
         text = new String(decoded)
-        LOG.info("received SAML request $value")
+    }
+    return text
 }
 
-    // after decoded, if redirect binding, we need to parse string to xml
+
-    if (text.startsWith("<")) {
+String getNodeText(GPathResult xml, String nodeName) {
-        LOG.debug("assuming POST/SOAP binding")
+    return xml.depthFirst().find { GPathResult node -> {
-        // plain String (POST/SOAP parameter)
+        node.name().endsWith(":${nodeName}") || node.name().equalsIgnoreCase(nodeName)
-        def xml = parser.parseText(text)
-        return getIssuer(xml)
-    }
-    else {
-        LOG.debug("assuming redirect binding")
-        // should be deflate encoded (query parameter)
-        def is = new InflaterInputStream(new ByteArrayInputStream(decoded), new Inflater(true))
-        def xml = parser.parse(is)
-        return getIssuer(xml)
       }
+    }?.text()?.trim()
 }
 
-def dispatchIssuer(i2s, String issuer) {
+String getAttribute(GPathResult xml, String attributeName) {
+    return xml.depthFirst().find { GPathResult node -> {
+        node.attributes().containsKey(attributeName)
+      }
+    }?.attributes()?.get(attributeName)
+}
+
+String getNodeText(String parameter, String nodeName) {
+    String samlMessage = getNormalisedSamlMessage(parameter)
+    if (samlMessage == null) {
+        return
+    }
+    def parser = new XmlSlurper()
+    def xml = parser.parseText(samlMessage)
+    return getNodeText(xml, nodeName)
+}
+
+String getAttribute(String parameter, String attributeName) {
+    String samlMessage = getNormalisedSamlMessage(parameter)
+    if (samlMessage == null) {
+        return
+    }
+    def parser = new XmlSlurper()
+    def xml = parser.parseText(samlMessage)
+    return getAttribute(xml, attributeName)
+}
+
+String getIssuer(String value) {
+  return getNodeText(value, 'Issuer')
+}
+
+String getAttributeConsumingServiceIndex(String value) {
+  return getAttribute(value, 'AttributeConsumingServiceIndex')
+}
+
+String getProtocolBinding(String value) {
+  return getAttribute(value, 'ProtocolBinding')
+}
+
+def dispatchIssuer(i2s, String issuer, boolean secureMode) {
     def result = i2s.get(issuer)
     if (result == null) {
         LOG.info("No SP found for issuer '$issuer'. Hint: check SAML SP Connector patterns.")
@@ -80,22 +98,33 @@ def dispatchIssuer(i2s, String issuer) {
     if(parameters.get('epdMode') == 'artifact' && result == 'epd'){
         LOG.debug("EPD: Artifact mode")
         result = result + "_artifact"
-    }else{
+    } else if (result == 'main' && secureMode) {
-        LOG.debug("EPD: POST mode")
+        LOG.debug("AGOV: Secure mode requested")
+        result =  result + "_secure"
     } 
     response.setResult(result)
-    session.put("saml.inbound.issuer", issuer)
+    session.put('saml.inbound.issuer', issuer)
     session.put('saml.idp.result', result) // remember decision for sub-sequent requests without a SAML message
     
 }
 
+def dispatchIssuer(i2s, String issuer) {
+  dispatchIssuer(i2s, issuer, false)
+}
+
 def dispatchMessage(i2s, String message) {
     def issuer = getIssuer(message)
+    def secureMode = (getAttributeConsumingServiceIndex(message) == '10101')
+    def useArtifact = ('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' == getProtocolBinding(message))
+
+    LOG.info("secureMode requested: ${secureMode}")
+
     if (issuer == null) {
         LOG.info("No issuer found in incoming SAML message. Giving up.")
     }
-    session.put("saml.inbound.issuer", issuer)
+    session.put('saml.inbound.issuer', issuer)
-    dispatchIssuer(i2s, issuer)
+    session.put('agov.idp.use.artifact', '' + useArtifact)
+    dispatchIssuer(i2s, issuer, secureMode)
 }
 
 if (parameters.get('logoutConfirmation') == 'true' && "stepup" == request.getMethod()) {

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/logging.yml

@@ -16,16 +16,12 @@ Configuration:
       level: "INFO"
     - name: "EsAuthStart"
       level: "INFO"
-    - name: "org.apache.catalina.loader.WebappClassLoader"
-      level: "FATAL"
-    - name: "org.apache.catalina.startup.HostConfig"
-      level: "ERROR"
-    - name: "ch.nevis.esauth.events"
-      level: "FATAL"
     - name: "AGOV-ACCT"
       level: "DEBUG"
     - name: "AgovCaptcha"
       level: "DEBUG"
+    - name: "ArtifactResolutionService"
+      level: "DEBUG"
     - name: "AuthEngine"
       level: "INFO"
     - name: "AuthPerf"
@@ -33,9 +29,11 @@ Configuration:
     - name: "IdmAuth"
       level: "DEBUG"
     - name: "OpTrace"
-      level: "DEBUG"
+      level: "INFO"
     - name: "Recovery"
       level: "DEBUG"
+    - name: "Saml"
+      level: "DEBUG"
     - name: "Script"
       level: "DEBUG"
     - name: "SessCoord"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/otel.properties

@@ -1,4 +1,5 @@
 otel.service.name = auth
+otel.traces.sampler = always_on
 otel.traces.exporter = none
 otel.metrics.exporter = none
 otel.logs.exporter = none

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/requestedrolelevel.groovy

@@ -105,7 +105,8 @@ try {
         session.setAttribute('agov.appDisplayNameFR', '' + json.displayNameFr)
         session.setAttribute('agov.appDisplayNameIT', '' + json.displayNameIt)
         session.setAttribute('agov.appDisplayNameEN', '' + json.displayNameEn)
-        session.setAttribute('agov.appDisplayNameRM', '' + ((json.appDisplayNameRM) ? json.appDisplayNameRM : json.appDisplayNameDE))
+        session.setAttribute('agov.appDisplayNameRM', '' + json.displayNameRm)
+        //session.setAttribute('agov.appDisplayNameRM', '' + ( (json.displayNameRm) ? json.displayNameDe : json.displayNameRm))
 
         // if aq500 or 600 is requested -> the only available login method is eid -> continue directly there
         // if eid is disabled -> show an error page

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/sanitizeAndDispatchEmailInput.groovy

@@ -29,3 +29,4 @@ if ( inargs['submit'] && inargs['submit'] == 'submit' ) {
 
 response.setResult('stay')
 return
+

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml

@@ -11,8 +11,8 @@ metadata:
 spec:
   type: "NevisFIDO"
   replicas: 1
-  version: "8.2411.2"
+  version: "8.2505.5"
-  gitInitVersion: "1.3.0"
+  gitInitVersion: "1.4.0"
   runAsNonRoot: true
   ports:
     rest: 9443
@@ -40,18 +40,19 @@ spec:
     management:
       httpGet:
         path: "/nevisfido/health"
+      initialDelaySeconds: 30
       periodSeconds: 5
       timeoutSeconds: 6
-      failureThreshold: 50
+      failureThreshold: 30
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-0a95034444af9c2e5b4a8c12cc3a0f444f6b0447"
+    tag: "r-484395a405f9f7123da379fa8df82e197d2dbd71"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf"
     credentials: "git-credentials"
   database:
     name: "fido-uaf"
-    requiredVersion: "8.2411.1"
+    requiredVersion: "8.2505.5"
   keystores:
   - "fido-uaf-default-server-identity"
   - "fido-uaf-default-client-identity"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-internal-idp-auth-signer-trust-ca92034f995b39fde562293c.yaml

@@ -10,7 +10,7 @@ metadata:
     patternId: "ca92034f995b39fde562293c"
 spec:
   keystores:
-  - name: "auth-sh4r3d-internal-idp-auth-signer"
-    namespace: "adn-agov-nevisidm-01-uat"
   - name: "auth-sts-sh4r3d-internal-idp-auth-signer"
     namespace: "adn-agov-nevisidm-01-uat"
+  - name: "auth-sh4r3d-internal-idp-auth-signer"
+    namespace: "adn-agov-nevisidm-01-uat"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-nevisfido-uaf-database-9385d1b33aefe975fb1c5914.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisFIDO"
   databaseType: "MariaDB"
-  version: "8.2411.2"
+  version: "8.2505.5"
   url: "mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat"
   port: 3306
   database: "nevisfido_uaf"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf

@@ -7,5 +7,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2505.5,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json

@@ -3,14 +3,13 @@
     "aaid" : "F1D0#0001",
     "description" : "Android NEVIS Mobile Authentication PIN Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [
+    "attestationRootCertificates" : [],
-      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
+    "supportedExtensions" : [
-      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
+      {
-      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
+        "id" : "ch.nevis.auth.fido.uaf.google-attestation-root-keys",
-      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
+        "fail_if_unknown" : false,
-      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
+        "data" : "[ \"MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAQ==\" ]"
-      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
+      }
-      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
     ],
     "attestationTypes" : [ 15879, 15880 ],
     "upv" : [ {
@@ -34,14 +33,13 @@
     "aaid" : "F1D0#0002",
     "description" : "Android NEVIS Mobile Authentication Fingerprint Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [
+    "attestationRootCertificates" : [],
-      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
+    "supportedExtensions" : [
-      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
+      {
-      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
+        "id" : "ch.nevis.auth.fido.uaf.google-attestation-root-keys",
-      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
+        "fail_if_unknown" : false,
-      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
+        "data" : "[ \"MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAQ==\" ]"
-      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
+      }
-      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
     ],
     "attestationTypes" : [ 15879, 15880 ],
     "upv" : [ {
@@ -65,14 +63,13 @@
     "aaid" : "F1D0#0003",
     "description" : "Android NEVIS Mobile Authentication Biometric Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [
+    "attestationRootCertificates" : [],
-      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
+    "supportedExtensions" : [
-      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
+      {
-      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
+        "id" : "ch.nevis.auth.fido.uaf.google-attestation-root-keys",
-      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
+        "fail_if_unknown" : false,
-      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
+        "data" : "[ \"MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAQ==\" ]"
-      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
+      }
-      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
     ],
     "attestationTypes" : [ 15879, 15880 ],
     "upv" : [ {
@@ -96,14 +93,13 @@
     "aaid" : "F1D0#0004",
     "description" : "Android NEVIS Mobile Authentication Device Passcode Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [
+    "attestationRootCertificates" : [],
-      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
+    "supportedExtensions" : [
-      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
+      {
-      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
+        "id" : "ch.nevis.auth.fido.uaf.google-attestation-root-keys",
-      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
+        "fail_if_unknown" : false,
-      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
+        "data" : "[ \"MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAQ==\" ]"
-      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
+      }
-      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
     ],
     "attestationTypes" : [ 15879, 15880 ],
     "upv" : [ {
@@ -127,14 +123,13 @@
     "aaid" : "F1D0#0005",
     "description" : "Android NEVIS Mobile Authentication Password Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [
+    "attestationRootCertificates" : [],
-      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
+    "supportedExtensions" : [
-      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
+      {
-      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
+        "id" : "ch.nevis.auth.fido.uaf.google-attestation-root-keys",
-      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
+        "fail_if_unknown" : false,
-      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
+        "data" : "[ \"MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAQ==\" ]"
-      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
+      }
-      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
     ],
     "attestationTypes" : [ 15879, 15880 ],
     "upv" : [ {
@@ -268,4 +263,5 @@
     "publicKeyAlgAndEncodings" : [ 257 ],
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
-  }]
+  }
+]

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/nevisfido.yml

@@ -37,7 +37,7 @@ fido-uaf:
     max-text-length: 2000
   metadata:
     path: "conf/metadata/metadata.json"
-  idm-connection-type: "soap"
+  idm-connection-type: "rest"
   dispatchers:
   - type: "firebase-cloud-messaging"
     dry-run: false
@@ -45,6 +45,7 @@ fido-uaf:
     registration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/registration"
     authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
     deregistration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/deregistration"
+    message-ttl: "180s"
   - type: "png-qr-code"
     registration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/registration"
     authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
@@ -54,8 +55,11 @@ fido-uaf:
     authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
     deregistration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/deregistration"
     base-url: "ch.agov.access-t://x-callback-url/authenticate"
-  basic-full-attestation:
+  full-basic-attestation:
-    android-verification-level: "strict"
+    android-verification-level: "default"
+    android-permissive-mode-enabled: true
+    android-attestation-key-revocation:
+      reload-interval: "21600s"
   authorization:
     registration:
       type: "sectoken"
@@ -95,18 +99,18 @@ fido-uaf:
 session-repository:
   type: "sql"
   jdbc-url: "jdbc:mariadb://mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat:3306/nevisfido_uaf?sslMode=disable&autocommit=true"
-  max-connection-lifetime: "10m"
   user: "${exec:/var/opt/nevisfido/default/conf/credentials/dbUser}"
   password: "${exec:/var/opt/nevisfido/default/conf/credentials/dbPassword}"
-  schema-user: ""
-  schema-user-password: ""
   automatic-db-schema-setup: false
+  max-connection-lifetime: "1800s"
+  connection-timeout: "30s"
+  min-connection-pool-size: 10
+  max-connection-pool-size: 10
+  max-connection-idle-time: "600s"
 credential-repository:
   type: "nevisidm"
   client-id: "cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720"
   user-attribute: "extId"
-  administration-url: "https://idm.adn-agov-nevisidm-admin-01-uat:8989/nevisidm/services/v1_46/AdminService"
-  admin-service-version: "v1_46"
   rest-url: "https://idm.adn-agov-nevisidm-admin-01-uat:8989/nevisidm"
   keystore: "/var/opt/keys/own/fido-uaf-default-client-identity/keystore.p12"
   keystore-type: "pkcs12"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/otel.properties

@@ -1,4 +1,5 @@
 otel.service.name = fido-uaf
+otel.traces.sampler = always_on
 otel.traces.exporter = none
 otel.metrics.exporter = none
 otel.logs.exporter = none

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml

@@ -11,8 +11,8 @@ metadata:
 spec:
   type: "NevisFIDO"
   replicas: 1
-  version: "8.2411.2"
+  version: "8.2505.5"
-  gitInitVersion: "1.3.0"
+  gitInitVersion: "1.4.0"
   runAsNonRoot: true
   ports:
     management: 9089
@@ -40,13 +40,14 @@ spec:
     management:
       httpGet:
         path: "/nevisfido/health"
+      initialDelaySeconds: 30
       periodSeconds: 5
       timeoutSeconds: 6
-      failureThreshold: 50
+      failureThreshold: 30
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-317ed268556b37656f27fb58fcffd4797cea27e4"
+    tag: "r-484395a405f9f7123da379fa8df82e197d2dbd71"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf

@@ -6,5 +6,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2505.5,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/nevisfido.yml

@@ -1,3 +1,21 @@
+fido2:
+  enabled: true
+  user-presence-requirement: "always"
+  rp-name: "AGOV-RelPartName"
+  rp-id: "adnovum.net"
+  origins:
+  - "https://ob.agov-w.azure.adnovum.net"
+  - "https://auth.agov-w.azure.adnovum.net"
+  - "https://nevisidm.agov-w.azure.adnovum.net"
+  signature-algorithms:
+  - "ES256"
+  - "EdDSA"
+  display-name-source: "email"
+  metadata:
+    allow-listing-enabled: false
+  timeout:
+    user-verification: "300s"
+    no-user-verification: "120s"
 server:
   port: 9443
   protocol: "https"
@@ -24,27 +42,5 @@ credential-repository:
   truststore-passphrase: "${exec:/var/opt/keys/trust/fido2-idp-extended-truststore/keypass}"
   truststore-type: "pkcs12"
   user-attribute: "extId"
-fido2:
-  enabled: true
-  rp-name: "AGOV-RelPartName"
-  rp-id: "adnovum.net"
-  origins:
-  - "https://ob.agov-w.azure.adnovum.net"
-  - "https://auth.agov-w.azure.adnovum.net"
-  - "https://nevisidm.agov-w.azure.adnovum.net"
-  signature-algorithms:
-  - "RS1"
-  - "RS256"
-  - "RS384"
-  - "RS512"
-  - "ES256"
-  - "ES384"
-  - "ES512"
-  display-name-source: "email"
-  metadata:
-    allow-listing-enabled: false
-  timeout:
-    user-verification: "300s"
-    no-user-verification: "120s"
 session-repository:
   type: "in-memory"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/otel.properties

@@ -1,4 +1,5 @@
 otel.service.name = fido2
+otel.traces.sampler = always_on
 otel.traces.exporter = none
 otel.metrics.exporter = none
 otel.logs.exporter = none

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml

@@ -11,8 +11,8 @@ metadata:
 spec:
   type: "NevisLogrend"
   replicas: 1
-  version: "8.2411.2"
+  version: "8.2505.5"
-  gitInitVersion: "1.3.0"
+  gitInitVersion: "1.4.0"
   runAsNonRoot: true
   ports:
     server: 8988
@@ -38,13 +38,14 @@ spec:
   startupProbe:
     server:
       tcpSocket: true
+      initialDelaySeconds: 30
       periodSeconds: 5
       timeoutSeconds: 4
-      failureThreshold: 50
+      failureThreshold: 30
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-0a95034444af9c2e5b4a8c12cc3a0f444f6b0447"
+    tag: "r-5e17b7ae74eadb8800587a4f4db74406a7e21e95"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend"
     credentials: "git-credentials"
   podSecurity:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/env.conf

@@ -10,5 +10,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevislogrend/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2505.5,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/mimetype.properties

@@ -1,3 +1,5 @@
+
 ico=image/x-icon
+json=application/json
 woff=font/woff
 woff2=font/woff2

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/otel.properties

@@ -1,4 +1,5 @@
 otel.service.name = logrend
+otel.traces.sampler = always_on
 otel.traces.exporter = none
 otel.metrics.exporter = none
 otel.logs.exporter = none

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text.properties

@@ -9,7 +9,6 @@ agov-ident.invalid-url.message=Link kann nicht verarbeitet werden
 agov-ident.invalid-url.title=Ungültiger Link
 agov-ident.onboarding=Registrierung & Verifikation
 agov-ident.retry=Versuchen Sie es erneut
-button.submit=Senden
 darkModeSwitch.aria.label=Dark-Mode-Schalter
 error.policy.failed=Das neue Passwort stimmt nicht mit der Richtlinie überein.
 error_1=Bitte überprüfen Sie Ihre Eingaben.
@@ -60,7 +59,7 @@ general.edit=Ändern
 general.email=E-Mail
 general.email.address=E-Mail-Adresse
 general.entryCode=Code-Eingabe
-general.fieldRequired=Erforderliches Feld.
+general.fieldRequired=Erforderliches Feld
 general.getStarted=Los geht's
 general.goAGOVHelp=Weiter zur AGOV help
 general.goAccessApp=Login mit AGOV access
@@ -78,8 +77,8 @@ general.recovery=Wiederherstellung
 general.recovery.help.link=https://help.agov.ch/?c=100recovery
 general.recoveryCode.downloadPdf=Als PDF herunterladen
 general.recoveryCode.inputLabel=Wiederherstellungscode
-general.recoveryCode.repeatCodeError=Der von Ihnen eingegebene Code war nicht korrekt. Bitte vergewissern Sie sich, dass Sie ihn richtig abgespeichert haben, und fahren Sie dann mit der erneuten Eingabe fort.
+general.recoveryCode.repeatCodeError=Der von Ihnen eingegebene Code war nicht korrekt. Bitte vergewissern Sie sich, dass Sie ihn richtig abgespeichert haben, und versuchen Sie es erneut.
-general.recoveryCode.repeatCodeModal.description=Ein verlorener oder falsch gespeicherter Wiederherstellungscode kann die Wiederherstellung Ihres Kontos erschweren. Um sicherzustellen, dass Sie Ihren Code richtig gespeichert haben, wiederholen Sie ihn bitte unten.
+general.recoveryCode.repeatCodeModal.description=Um sicherzustellen, dass Sie Ihren Code richtig gespeichert haben, wiederholen Sie ihn bitte unten. Ein verlorener oder falsch gespeicherter Wiederherstellungscode kann die Wiederherstellung Ihres Kontos erschweren.
 general.recoveryCode.repeatCodeModal.title=Wiederherstellungscode wiederholen
 general.recoveryCode.reveal=Wiederherstellungscode enthüllen
 general.recoveryOngoing=Wiederherstellung nicht abgeschlossen
@@ -102,8 +101,8 @@ language.fr=Français
 language.it=Italiano
 language.rm=Rumantsch
 languageDropdown.aria.label=Sprache wählen
-loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
+loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2–3 Tage dauern.
-loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen.
+loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Sie können Ihre bevorzugte Methode im nächsten Schritt auswählen.
 loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
 loainfo.helper=Ihre persönlichen Daten müssen überprüft werden!
 loainfo.later=Später
@@ -112,8 +111,8 @@ loainfo.startVerification=Verifikation starten
 loainfo.title=Verifizieren Sie Ihre Daten
 mauth_usernameless.EID=Mit Schweizer E-ID fortfahren
 mauth_usernameless.banner.error=Authentifizierung unterbrochen.<br>Bitte versuchen Sie es erneut, nachdem die Seite neu geladen wurde.
-mauth_usernameless.banner.info=Scan erfolgreich.<br>Bitte fahren Sie in der AGOV access App fort.
+mauth_usernameless.banner.info=Scan erfolgreich. Bitte fahren Sie in der AGOV access App fort.
-mauth_usernameless.banner.success=Authentifizierung erfolgreich!<br>Bitte warten Sie, bis Sie eingeloggt werden.
+mauth_usernameless.banner.success=Authentifizierung erfolgreich.<br>Bitte warten Sie, bis Sie eingeloggt werden.
 mauth_usernameless.cannotLogin=Zugriff auf App / Sicherheitsschl&uuml;ssel verloren?
 mauth_usernameless.cannotLogin.accessApp=Zugriff auf App verloren?
 mauth_usernameless.cannotLogin.securityKey=Zugriff auf Sicherheitsschl&uuml;ssel verloren?
@@ -164,7 +163,7 @@ prompt.newpassword=Neues Passwort
 prompt.newpassword.confirm=Passwort best&auml;tigen
 prompt.password=Passwort
 prompt.userid=Benutzer-ID
-providePhoneNumber.banner=Die Mobilnummer muss f&uuml;r den Empfang von SMS geeignet sein.<br>Diese Mobilnummer wird nicht verwendet, um Sie zu kontaktieren.
+providePhoneNumber.banner=Die Mobilnummer muss f&uuml;r den Empfang von SMS geeignet sein. Sie wird nicht verwendet, um Sie zu kontaktieren.
 providePhoneNumber.description=AGOV erlaubt nun die Wiederherstellung mittels Mobilnummer. So k&ouml;nnen Sie w&auml;hrend der Wiederherstellung mit einer SMS fortfahren, wenn Sie Ihren Wiederherstellungscode verloren haben.
 providePhoneNumber.errorBanner=Die Mobilnummern stimmen nicht &uuml;berein. Bitte versuchen Sie es erneut.
 providePhoneNumber.inputLabel=Mobilnummer (optional)
@@ -172,7 +171,7 @@ providePhoneNumber.laterModal.description1=Ohne Mobilnummer kann die Wiederherst
 providePhoneNumber.laterModal.description2=Durch Hinzuf&uuml;gen einer Mobilnummer k&ouml;nnen Sie Ihr Konto in wenigen Minuten wiederherstellen.
 providePhoneNumber.laterModal.description3=Diese Mobilnummer wird nicht verwendet, um Sie zu kontaktieren.
 providePhoneNumber.laterModal.title=Ohne Mobilnummer weiterfahren?
-providePhoneNumber.modal.description=Eine falsch gespeicherte Mobilnummer kann die Wiederherstellung Ihres Kontos erschweren. Um sicherzustellen, dass Sie Ihre Mobilnummer richtig gespeichert haben, wiederholen Sie sie bitte unten.
+providePhoneNumber.modal.description=Um sicherzustellen, dass Sie Ihre Mobilnummer richtig gespeichert haben, wiederholen Sie sie bitte unten. Eine falsch gespeicherte Mobilnummer kann die Wiederherstellung Ihres Kontos erschweren.
 providePhoneNumber.modal.inputLabel=Mobilnummer
 providePhoneNumber.modal.title=Mobilnummer wiederholen
 providePhoneNumber.saveButtonText=Speichern
@@ -181,12 +180,14 @@ pwreset.done.info=Ihr Passwort wurde erfolgreich ge&auml;ndert. Bitte klicken Si
 pwreset.email.sent=Wenn Ihre Benutzer-ID existiert, haben Sie eine E-Mail erhalten, um Ihr Passwort zurückzusetzen..
 pwreset.info.linktext=Passwort vergessen
 pwreset.noticket=Ihr Link ist nicht mehr g&uuml;ltig. Bitte generieren Sie ein Neuen.
+qrCode.label=Klicken Sie, um den QR-Code in einem Fenster zu &ouml;ffnen.
 recovery_accessapp_auth.accessAppRegistered=AGOV access App schon registriert
 recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
 recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um sich zu identifizieren.
 recovery_check_code.banner.lockedError=Zu viele Fehlversuche. Bitte versuchen Sie es in ein paar Minuten noch einmal.
 recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut.
-recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben
+recovery_check_code.enterRecoveryCode=Wiederherstellungscode
+recovery_check_code.expired=Zu viele Versuche oder Ihr Wiederherstellungscode ist abgelaufen.
 recovery_check_code.instruction=Bitte geben Sie unten Ihren pers&ouml;nlichen 12-stelligen Wiederherstellungscode ein. Sie haben den Wiederherstellungscode in einer PDF-Datei bei der Registrierung oder in AGOV me erhalten.
 recovery_check_code.invalid.code=Code ist ung&uuml;ltig
 recovery_check_code.invalid.code.required=Code erforderlich
@@ -244,6 +245,7 @@ recovery_questionnaire_reason_selection.instruction=Bitte w&auml;hlen Sie einen
 recovery_start_info.banner.warning=Sie k&ouml;nnen Ihr Konto nicht nutzen, bis der Wiederherstellungsprozess abgeschlossen ist.
 recovery_start_info.instruction=W&auml;hrend des Wiederherstellungsprozesses werden Sie einen neuen Login-Faktor registrieren. Wenn Ihr Konto verifizierte Informationen enth&auml;lt, m&uuml;ssen Sie zum Abschluss des Wiederherstellungsprozesses m&ouml;glicherweise auch einen Verifikationsprozess durchlaufen.
 recovery_start_info.title=Sie sind dabei, den Wiederherstellungsprozess zu starten
+submit.button.label=Senden
 title=NEVIS SSO Portal
 title.login=Login
 title.pwchange.label=Passwort &auml;ndern

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_de.properties

@@ -9,7 +9,6 @@ agov-ident.invalid-url.message=Link kann nicht verarbeitet werden
 agov-ident.invalid-url.title=Ungültiger Link
 agov-ident.onboarding=Registrierung & Verifikation
 agov-ident.retry=Versuchen Sie es erneut
-button.submit=Senden
 darkModeSwitch.aria.label=Dark-Mode-Schalter
 error.policy.failed=Das neue Passwort stimmt nicht mit der Richtlinie überein.
 error_1=Bitte überprüfen Sie Ihre Eingaben.
@@ -60,7 +59,7 @@ general.edit=Ändern
 general.email=E-Mail
 general.email.address=E-Mail-Adresse
 general.entryCode=Code-Eingabe
-general.fieldRequired=Erforderliches Feld.
+general.fieldRequired=Erforderliches Feld
 general.getStarted=Los geht's
 general.goAGOVHelp=Weiter zur AGOV help
 general.goAccessApp=Login mit AGOV access
@@ -78,8 +77,8 @@ general.recovery=Wiederherstellung
 general.recovery.help.link=https://help.agov.ch/?c=100recovery
 general.recoveryCode.downloadPdf=Als PDF herunterladen
 general.recoveryCode.inputLabel=Wiederherstellungscode
-general.recoveryCode.repeatCodeError=Der von Ihnen eingegebene Code war nicht korrekt. Bitte vergewissern Sie sich, dass Sie ihn richtig abgespeichert haben, und fahren Sie dann mit der erneuten Eingabe fort.
+general.recoveryCode.repeatCodeError=Der von Ihnen eingegebene Code war nicht korrekt. Bitte vergewissern Sie sich, dass Sie ihn richtig abgespeichert haben, und versuchen Sie es erneut.
-general.recoveryCode.repeatCodeModal.description=Ein verlorener oder falsch gespeicherter Wiederherstellungscode kann die Wiederherstellung Ihres Kontos erschweren. Um sicherzustellen, dass Sie Ihren Code richtig gespeichert haben, wiederholen Sie ihn bitte unten.
+general.recoveryCode.repeatCodeModal.description=Um sicherzustellen, dass Sie Ihren Code richtig gespeichert haben, wiederholen Sie ihn bitte unten. Ein verlorener oder falsch gespeicherter Wiederherstellungscode kann die Wiederherstellung Ihres Kontos erschweren.
 general.recoveryCode.repeatCodeModal.title=Wiederherstellungscode wiederholen
 general.recoveryCode.reveal=Wiederherstellungscode enthüllen
 general.recoveryOngoing=Wiederherstellung nicht abgeschlossen
@@ -102,8 +101,8 @@ language.fr=Français
 language.it=Italiano
 language.rm=Rumantsch
 languageDropdown.aria.label=Sprache wählen
-loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
+loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2–3 Tage dauern.
-loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen.
+loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Sie können Ihre bevorzugte Methode im nächsten Schritt auswählen.
 loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
 loainfo.helper=Ihre persönlichen Daten müssen überprüft werden!
 loainfo.later=Später
@@ -112,8 +111,8 @@ loainfo.startVerification=Verifikation starten
 loainfo.title=Verifizieren Sie Ihre Daten
 mauth_usernameless.EID=Mit Schweizer E-ID fortfahren
 mauth_usernameless.banner.error=Authentifizierung unterbrochen.<br>Bitte versuchen Sie es erneut, nachdem die Seite neu geladen wurde.
-mauth_usernameless.banner.info=Scan erfolgreich.<br>Bitte fahren Sie in der AGOV access App fort.
+mauth_usernameless.banner.info=Scan erfolgreich. Bitte fahren Sie in der AGOV access App fort.
-mauth_usernameless.banner.success=Authentifizierung erfolgreich!<br>Bitte warten Sie, bis Sie eingeloggt werden.
+mauth_usernameless.banner.success=Authentifizierung erfolgreich.<br>Bitte warten Sie, bis Sie eingeloggt werden.
 mauth_usernameless.cannotLogin=Zugriff auf App / Sicherheitsschl&uuml;ssel verloren?
 mauth_usernameless.cannotLogin.accessApp=Zugriff auf App verloren?
 mauth_usernameless.cannotLogin.securityKey=Zugriff auf Sicherheitsschl&uuml;ssel verloren?
@@ -164,7 +163,7 @@ prompt.newpassword=Neues Passwort
 prompt.newpassword.confirm=Passwort best&auml;tigen
 prompt.password=Passwort
 prompt.userid=Benutzer-ID
-providePhoneNumber.banner=Die Mobilnummer muss f&uuml;r den Empfang von SMS geeignet sein.<br>Diese Mobilnummer wird nicht verwendet, um Sie zu kontaktieren.
+providePhoneNumber.banner=Die Mobilnummer muss f&uuml;r den Empfang von SMS geeignet sein. Sie wird nicht verwendet, um Sie zu kontaktieren.
 providePhoneNumber.description=AGOV erlaubt nun die Wiederherstellung mittels Mobilnummer. So k&ouml;nnen Sie w&auml;hrend der Wiederherstellung mit einer SMS fortfahren, wenn Sie Ihren Wiederherstellungscode verloren haben.
 providePhoneNumber.errorBanner=Die Mobilnummern stimmen nicht &uuml;berein. Bitte versuchen Sie es erneut.
 providePhoneNumber.inputLabel=Mobilnummer (optional)
@@ -172,7 +171,7 @@ providePhoneNumber.laterModal.description1=Ohne Mobilnummer kann die Wiederherst
 providePhoneNumber.laterModal.description2=Durch Hinzuf&uuml;gen einer Mobilnummer k&ouml;nnen Sie Ihr Konto in wenigen Minuten wiederherstellen.
 providePhoneNumber.laterModal.description3=Diese Mobilnummer wird nicht verwendet, um Sie zu kontaktieren.
 providePhoneNumber.laterModal.title=Ohne Mobilnummer weiterfahren?
-providePhoneNumber.modal.description=Eine falsch gespeicherte Mobilnummer kann die Wiederherstellung Ihres Kontos erschweren. Um sicherzustellen, dass Sie Ihre Mobilnummer richtig gespeichert haben, wiederholen Sie sie bitte unten.
+providePhoneNumber.modal.description=Um sicherzustellen, dass Sie Ihre Mobilnummer richtig gespeichert haben, wiederholen Sie sie bitte unten. Eine falsch gespeicherte Mobilnummer kann die Wiederherstellung Ihres Kontos erschweren.
 providePhoneNumber.modal.inputLabel=Mobilnummer
 providePhoneNumber.modal.title=Mobilnummer wiederholen
 providePhoneNumber.saveButtonText=Speichern
@@ -181,12 +180,14 @@ pwreset.done.info=Ihr Passwort wurde erfolgreich ge&auml;ndert. Bitte klicken Si
 pwreset.email.sent=Wenn Ihre Benutzer-ID existiert, haben Sie eine E-Mail erhalten, um Ihr Passwort zurückzusetzen..
 pwreset.info.linktext=Passwort vergessen
 pwreset.noticket=Ihr Link ist nicht mehr g&uuml;ltig. Bitte generieren Sie ein Neuen.
+qrCode.label=Klicken Sie, um den QR-Code in einem Fenster zu &ouml;ffnen.
 recovery_accessapp_auth.accessAppRegistered=AGOV access App schon registriert
 recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
 recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um sich zu identifizieren.
 recovery_check_code.banner.lockedError=Zu viele Fehlversuche. Bitte versuchen Sie es in ein paar Minuten noch einmal.
 recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut.
-recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben
+recovery_check_code.enterRecoveryCode=Wiederherstellungscode
+recovery_check_code.expired=Zu viele Versuche oder Ihr Wiederherstellungscode ist abgelaufen.
 recovery_check_code.instruction=Bitte geben Sie unten Ihren pers&ouml;nlichen 12-stelligen Wiederherstellungscode ein. Sie haben den Wiederherstellungscode in einer PDF-Datei bei der Registrierung oder in AGOV me erhalten.
 recovery_check_code.invalid.code=Code ist ung&uuml;ltig
 recovery_check_code.invalid.code.required=Code erforderlich
@@ -244,6 +245,7 @@ recovery_questionnaire_reason_selection.instruction=Bitte w&auml;hlen Sie einen
 recovery_start_info.banner.warning=Sie k&ouml;nnen Ihr Konto nicht nutzen, bis der Wiederherstellungsprozess abgeschlossen ist.
 recovery_start_info.instruction=W&auml;hrend des Wiederherstellungsprozesses werden Sie einen neuen Login-Faktor registrieren. Wenn Ihr Konto verifizierte Informationen enth&auml;lt, m&uuml;ssen Sie zum Abschluss des Wiederherstellungsprozesses m&ouml;glicherweise auch einen Verifikationsprozess durchlaufen.
 recovery_start_info.title=Sie sind dabei, den Wiederherstellungsprozess zu starten
+submit.button.label=Senden
 title=NEVIS SSO Portal
 title.login=Login
 title.pwchange.label=Passwort &auml;ndern

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_en.properties

@@ -9,7 +9,6 @@ agov-ident.invalid-url.message=Link can't be processed
 agov-ident.invalid-url.title=Invalid Link
 agov-ident.onboarding=Registration & Verification
 agov-ident.retry=Try again
-button.submit=Submit
 darkModeSwitch.aria.label=Dark mode toggle
 error.policy.failed=The new password does not comply with the policy.
 error_1=Please check your input.
@@ -60,7 +59,7 @@ general.edit=Edit
 general.email=Email
 general.email.address=Email address
 general.entryCode=Code entry
-general.fieldRequired=Field required.
+general.fieldRequired=Field required
 general.getStarted=Get started
 general.goAGOVHelp=Go to AGOV help
 general.goAccessApp=Login with AGOV access
@@ -78,8 +77,8 @@ general.recovery=Recovery
 general.recovery.help.link=https://help.agov.ch/?c=100recovery
 general.recoveryCode.downloadPdf=Download as PDF
 general.recoveryCode.inputLabel=Recovery code
-general.recoveryCode.repeatCodeError=The code you entered was incorrect. Please ensure you have stored it correctly, then continue to resubmit.
+general.recoveryCode.repeatCodeError=The code you entered was incorrect. Please ensure you have stored it correctly and try again.
-general.recoveryCode.repeatCodeModal.description=A lost or incorrectly stored recovery code can make it more difficult to recover your account. To ensure you have recorded your code correctly, please repeat it below.
+general.recoveryCode.repeatCodeModal.description=To ensure you have recorded your code correctly, please repeat it below. A lost or incorrectly stored recovery code can make it more difficult to recover your account.
 general.recoveryCode.repeatCodeModal.title=Repeat recovery code
 general.recoveryCode.reveal=Reveal recovery code
 general.recoveryOngoing=Ongoing recovery
@@ -103,7 +102,7 @@ language.it=Italiano
 language.rm=Rumantsch
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2-3 days.
-loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
+loainfo.description.300=To access the application we need to verify your data. You can choose your preferred process in the next step.
 loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
@@ -112,8 +111,8 @@ loainfo.startVerification=Start verification
 loainfo.title=Verify your data
 mauth_usernameless.EID=Continue with CH E-ID
 mauth_usernameless.banner.error=Authentication interrupted.<br>Please try again when the page reloads.
-mauth_usernameless.banner.info=Scan successful.<br>Please continue in the AGOV access app.
+mauth_usernameless.banner.info=Scan successful. Please continue in the AGOV access app.
-mauth_usernameless.banner.success=Authentication successful!<br>Please wait to be logged in.
+mauth_usernameless.banner.success=Authentication successful.<br>Please wait to be logged in.
 mauth_usernameless.cannotLogin=Lost access to your app / security key?
 mauth_usernameless.cannotLogin.accessApp=Lost access to your app?
 mauth_usernameless.cannotLogin.securityKey=Lost access to your security key?
@@ -164,7 +163,7 @@ prompt.newpassword=New Password
 prompt.newpassword.confirm=Confirm Password
 prompt.password=Password
 prompt.userid=User-ID
-providePhoneNumber.banner=Phone number must be able to receive SMS.<br>This phone number will not be used to contact you.
+providePhoneNumber.banner=Phone number must be able to receive SMS. It will not be used to contact you.
 providePhoneNumber.description=AGOV now supports recovery with your phone number. This will allow you to continue with an SMS during recovery if you have lost access to your recovery code.
 providePhoneNumber.errorBanner=Phone numbers do not match. Please try again.
 providePhoneNumber.inputLabel=Phone number (optional)
@@ -172,7 +171,7 @@ providePhoneNumber.laterModal.description1=Without a phone number, a recovery of
 providePhoneNumber.laterModal.description2=Adding a phone number helps you to recover your account in a matter of minutes.
 providePhoneNumber.laterModal.description3=This phone number will not be used to contact you.
 providePhoneNumber.laterModal.title=Continue without a phone number?
-providePhoneNumber.modal.description=An incorrectly stored phone number can make it more difficult to recover your account. To ensure you have recorded your phone number correctly, please repeat it below.
+providePhoneNumber.modal.description=To ensure you have recorded your phone number correctly, please repeat it below. An incorrectly stored phone number can make it more difficult to recover your account.
 providePhoneNumber.modal.inputLabel=Phone number
 providePhoneNumber.modal.title=Repeat phone number
 providePhoneNumber.saveButtonText=Save
@@ -181,12 +180,14 @@ pwreset.done.info=Your password was successfully changed. Please click on contin
 pwreset.email.sent=If your user ID exists, an email to reset your password has been sent to you.
 pwreset.info.linktext=Password forgotten
 pwreset.noticket=Your password reset link is no longer valid. Please generate a new one.
+qrCode.label=Click to open QR code in pop-up window.
 recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered
 recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process.
 recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you.
 recovery_check_code.banner.lockedError=Too many invalid input attempts. Please try again in a few minutes.
 recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again.
-recovery_check_code.enterRecoveryCode=Enter recovery code
+recovery_check_code.enterRecoveryCode=Recovery code
+recovery_check_code.expired=Too many attempts or your recovery code has expired.
 recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me.
 recovery_check_code.invalid.code=The code is invalid
 recovery_check_code.invalid.code.required=Code required
@@ -199,9 +200,9 @@ recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order
 recovery_check_noCode.banner.error=Too many attempts.
 recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
 recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
-recovery_code.banner.error=Please reveal your new code to be able to continue.
+recovery_code.banner.error=Please reveal your recovery code to be able to continue.
 recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place.
-recovery_code.newRecoveryCode=Introducing Recovery Code
+recovery_code.newRecoveryCode=Introducing recovery code
 recovery_code.validUntil=Valid until:
 recovery_fidokey_auth.button=Start key authentication
 recovery_fidokey_auth.fidoInstruction=Click on "Start key authentication"
@@ -244,6 +245,7 @@ recovery_questionnaire_reason_selection.instruction=Please select the reason you
 recovery_start_info.banner.warning=You will not be able to use your account until the recovery process has been concluded.
 recovery_start_info.instruction=During the recovery process you will register a new login factor. If  your account contains any verified information you might also have to go through a verification process to finish the recovery.
 recovery_start_info.title=You are about to start the recovery process
+submit.button.label=Submit
 title=NEVIS SSO Portal
 title.login=Login
 title.pwchange.label=Password Change

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_fr.properties

@@ -1,15 +1,14 @@
 
 agov-ident.done.message=Votre compte AGOV est maintenant prêt à être utilisé. Veuillez fermer cette page.
 agov-ident.done.title=Terminé
-agov-ident.failed.instruction=Vous avez besoin d'un compte AGOV et de passer la vérification des données suggérée pour terminer avec succès l'enregistrement. Veuillez réessayer.
+agov-ident.failed.instruction=Vous devez disposer d'un compte AGOV et passer avec succès la vérification des données suggérée pour terminer l'inscription. Veuillez réessayer.
 agov-ident.failed.message=Enregistrement annulé ou vérification des données reportée
 agov-ident.failed.title=Vérification requise
-agov-ident.invalid-url.instruction=Le lien que vous avez utilisé pour accéder à cette page n'est pas valide. Veillez l'utiliser tel qu'il a été reçu, sans fautes de frappe, ou cliquez directement sur la page où il est publié.
+agov-ident.invalid-url.instruction=Le lien que vous avez utilisé pour accéder à cette page n'est pas valide. Veuillez vous assurer de l'utiliser tel qu'il a été reçu, sans fautes de frappe, ou cliquez directement sur la page où il est publié.
 agov-ident.invalid-url.message=Le lien ne peut pas être traité
 agov-ident.invalid-url.title=Lien non valide
 agov-ident.onboarding=Enregistrement et vérification
 agov-ident.retry=Essayez à nouveau
-button.submit=Envoyer
 darkModeSwitch.aria.label=Activer l'apparence sombre
 error.policy.failed=Votre nouveau mot de passe ne conforme pas aux mesures de sécurité
 error_1=Veuillez vérifier votre saisie.
@@ -60,7 +59,7 @@ general.edit=Editer
 general.email=E-mail
 general.email.address=Adresse e-mail
 general.entryCode=Entrer le code
-general.fieldRequired=Champ requis.
+general.fieldRequired=Champ requis
 general.getStarted=Démarrer
 general.goAGOVHelp=Rendez-vous sur AGOV help
 general.goAccessApp=Login avec AGOV access
@@ -78,15 +77,15 @@ general.recovery=Récupération
 general.recovery.help.link=https://help.agov.ch/?c=100recovery
 general.recoveryCode.downloadPdf=Télécharger en format PDF
 general.recoveryCode.inputLabel=Code de récupération
-general.recoveryCode.repeatCodeError=Le code que vous avez saisi est incorrect. Veuillez vous assurer que vous l'avez enregistré correctement, puis essayer de le soumettre à nouveau.
+general.recoveryCode.repeatCodeError=Le code que vous avez saisi est incorrect. Veuillez vous assurer que l'avez enregistré correctement et réessayer.
-general.recoveryCode.repeatCodeModal.description=Un code de récupération perdu ou mal enregistré peut rendre la récupération de votre compte plus difficile. Pour vous assurer que vous avez correctement enregistré votre code, veuillez le répéter ci-dessous.
+general.recoveryCode.repeatCodeModal.description=Pour vous assurer que vous avez correctement enregistré votre code, veillez le répéter ci-dessous. Un code de récupération perdu ou mal enregistré peut rendre la récupération de votre compte plus difficile.
 general.recoveryCode.repeatCodeModal.title=Répéter le code de récupération
 general.recoveryCode.reveal=Révéler le code de récupération
 general.recoveryOngoing=Récupération en cours
 general.register=Créer un compte
 general.registerNow=Enregistrez-vous dès maintenant!
 general.registration=Enregistrement
-general.registration.dontHaveAnAccountYet=Vous n'avez pas de compte AGOV ?
+general.registration.dontHaveAnAccountYet=Vous n'avez pas encore de compte AGOV ?
 general.registration.seeOptions=Voir les options d'enregistrement
 general.securityKey=Clé de sécurité
 general.skip.content=Passer au contenu principal
@@ -102,8 +101,8 @@ language.fr=Français
 language.it=Italiano
 language.rm=Rumantsch
 languageDropdown.aria.label=Sélectionner la langue
-loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours.
+loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2–3 jours.
-loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante.
+loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données. Vous pouvez choisir la procédure que vous préférez à l'étape suivante.
 loainfo.description.400=Veuillez saisir votre numéro AVS pour accéder à l'application.
 loainfo.helper=Vos données doivent être vérifiées!
 loainfo.later=Plus tard
@@ -112,14 +111,14 @@ loainfo.startVerification=Démarrer la vérification
 loainfo.title=Vérifiez vos données
 mauth_usernameless.EID=Continuer avec l'e-ID suisse
 mauth_usernameless.banner.error=Authentification interrompue.<br>Veuillez r&eacute;essayer lorsque la page sera recharg&eacute;e.
-mauth_usernameless.banner.info=Scan r&eacute;ussi!<br> Veuillez continuer dans l'application AGOV access.
+mauth_usernameless.banner.info=Scan r&eacute;ussi. Veuillez continuer dans l'application AGOV access.
-mauth_usernameless.banner.success=Authentification r&eacute;ussie!<br>Veuillez attendre d'&ecirc;tre connect&eacute;.
+mauth_usernameless.banner.success=Authentification r&eacute;ussie.<br>Veuillez attendre d'&ecirc;tre connect&eacute;.
 mauth_usernameless.cannotLogin=Avez-vous perdu l'acc&egrave;s &agrave; votre application / votre cl&eacute; de s&eacute;curit&eacute; ?
 mauth_usernameless.cannotLogin.accessApp=Vous avez perdu l'acc&egrave;s &agrave; votre application AGOV access ?
 mauth_usernameless.cannotLogin.securityKey=Avez-vous perdu l'acc&egrave;s &agrave; votre cl&eacute; de s&eacute;curit&eacute; ?
 mauth_usernameless.hideQR=Cacher le code QR
 mauth_usernameless.instructions=Connectez-vous en scannant le code QR avec l'application AGOV access
-mauth_usernameless.noAccount=Vous n'avez pas de compte AGOV ?
+mauth_usernameless.noAccount=Vous n'avez pas encore de compte AGOV ?
 mauth_usernameless.selectLoginMethod=S&eacute;l&eacute;ctionner la m&eacute;thode de connexion
 mauth_usernameless.showQR=Afficher le code QR
 mauth_usernameless.startRecovery=Commencer la r&eacute;cup&eacute;ration du compte
@@ -164,7 +163,7 @@ prompt.newpassword=Nouveau mot de passe
 prompt.newpassword.confirm=Confirmez le mot de passe
 prompt.password=Mot de passe
 prompt.userid=ID de l&#39;utilisateur
-providePhoneNumber.banner=Ce num&eacute;ro de t&eacute;l&eacute;phone doit pouvoir recevoir des SMS.<br>Ce num&eacute;ro de t&eacute;l&eacute;phone ne sera pas utilis&eacute; pour vous contacter.
+providePhoneNumber.banner=Ce num&eacute;ro de t&eacute;l&eacute;phone doit pouvoir recevoir des SMS. Il ne sera pas utilis&eacute; pour vous contacter.
 providePhoneNumber.description=AGOV prend d&eacute;sormais en charge la r&eacute;cup&eacute;ration avec votre num&eacute;ro de t&eacute;l&eacute;phone. Cela vous permettra de vous envoyer un SMS pendant la r&eacute;cup&eacute;ration si vous avez perdu l'acc&egrave;s &agrave; votre code de r&eacute;cup&eacute;ration.
 providePhoneNumber.errorBanner=Les num&eacute;ros de t&eacute;l&eacute;phone fournies ne correspondent pas. Veuillez r&eacute;essayer.
 providePhoneNumber.inputLabel=Num&eacute;ro de t&eacute;l&eacute;phone (facultatif)
@@ -172,7 +171,7 @@ providePhoneNumber.laterModal.description1=Sans num&eacute;ro de t&eacute;l&eacu
 providePhoneNumber.laterModal.description2=Ajouter un num&eacute;ro de t&eacute;l&eacute;phone vous permet de r&eacute;cup&eacute;rer votre compte en quelques minutes.
 providePhoneNumber.laterModal.description3=Ce num&eacute;ro de t&eacute;l&eacute;phone ne sera pas utilis&eacute; pour vous contacter.
 providePhoneNumber.laterModal.title=Continuer sans num&eacute;ro de t&eacute;l&eacute;phone ?
-providePhoneNumber.modal.description=Un num&eacute;ro de t&eacute;l&eacute;phone mal enregistr&eacute; peut rendre plus difficile la r&eacute;cup&eacute;ration de votre compte. Pour vous assurer que vous avez correctement enregistr&eacute; votre num&eacute;ro de t&eacute;l&eacute;phone, veuillez le r&eacute;p&eacute;ter ci-dessous.
+providePhoneNumber.modal.description=Pour vous assurer que vous avez correctement enregistr&eacute; votre num&eacute;ro de t&eacute;l&eacute;phone, veillez le r&eacute;p&eacute;ter ci-dessous. Un num&eacute;ro de t&eacute;l&eacute;phone mal enregistr&eacute; peut rendre la r&eacute;cup&eacute;ration de votre compte plus difficile.
 providePhoneNumber.modal.inputLabel=Num&eacute;ro de t&eacute;l&eacute;phone
 providePhoneNumber.modal.title=R&eacute;p&eacute;ter votre num&eacute;ro de t&eacute;l&eacute;phone
 providePhoneNumber.saveButtonText=Sauvegarder
@@ -181,13 +180,15 @@ pwreset.done.info=Votre mot de passe a &eacute;t&eacute; chang&eacute avec succ&
 pwreset.email.sent=Si votre identifiant n'existe pas, vous avez reçu un courriel pour réinitialiser votre mot de passe.
 pwreset.info.linktext=Mot de passe oublié
 pwreset.noticket=Votre lien n&apos;est plus valide. Veuillez en g&eacute;n&eacute;rer un nouveau.
+qrCode.label=Cliquez pour ouvrir le code QR dans une fen&ecirc;tre.
 recovery_accessapp_auth.accessAppRegistered=L'application AGOV access est d&eacute;j&agrave; enregistr&eacute;e
 recovery_accessapp_auth.instruction1=Vous avez d&eacute;j&agrave; enregistr&eacute; une nouvelle application AGOV access !!!ACCESS_APP_NAME!!! dans le cadre du processus de r&eacute;cup&eacute;ration.
 recovery_accessapp_auth.instruction2=Veuillez utiliser !!!ACCESS_APP_NAME!!! pour vous identifier.
 recovery_check_code.banner.lockedError=Trop de saisies erron&eacute;es. Veuillez r&eacute;essayer dans quelques minutes.
 recovery_check_code.codeIncorrect=Le code saisi est incorrect. Veuillez r&eacute;essayer.
-recovery_check_code.enterRecoveryCode=Saisir le code de r&eacute;cup&eacute;ration
+recovery_check_code.enterRecoveryCode=Code de r&eacute;cup&eacute;ration
-recovery_check_code.instruction=Veuillez saisir votre code de r&eacute;cup&eacute;ration &agrave; douze chiffres. Lors de votre inscription, vous avez re&ccedil;u le code de r&eacute;cup&eacute;ration sous la forme d&rsquo;un fichier PDF ou dans &laquo; AGOV me &raquo;.
+recovery_check_code.expired=Trop de tentatives ou votre code de r&eacute;cup&eacute;ration a expir&eacute;.
+recovery_check_code.instruction=Veuillez saisir votre code de r&eacute;cup&eacute;ration &agrave; 12 chiffres. Lors de votre inscription, vous avez re&ccedil;u le code de r&eacute;cup&eacute;ration sous la forme d&rsquo;un fichier PDF ou dans &laquo; AGOV me &raquo;.
 recovery_check_code.invalid.code=Le code est invalide
 recovery_check_code.invalid.code.required=Code requis
 recovery_check_code.invalid.code.tooLong=Le code est trop long
@@ -199,7 +200,7 @@ recovery_check_code.too_many_tries.instruction2=Veuillez vous rendre sur AGOV he
 recovery_check_noCode.banner.error=Trop de tentatives.
 recovery_check_noCode.instruction1=Vous avez peut-&ecirc;tre essay&eacute; de saisir le code de r&eacute;cup&eacute;ration trop de fois.
 recovery_check_noCode.instruction2=Veuillez fermer le navigateur web et recommencer la r&eacute;cup&eacute;ration du compte dans dix minutes &agrave; partir de <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
-recovery_code.banner.error=Veuillez indiquer votre nouveau code pour pouvoir continuer.
+recovery_code.banner.error=Veuillez r&eacute;v&eacute;ler votre code de r&eacute;cup&eacute;ration pour pouvoir continuer.
 recovery_code.instruction=Les codes de r&eacute;cup&eacute;ration vous permettent d'acc&eacute;der &agrave; votre compte au cas o&ugrave; vous auriez perdu tous vos identifiants. Conservez le code de r&eacute;cup&eacute;ration en lieu s&ucirc;r.
 recovery_code.newRecoveryCode=Introduction du code de r&eacute;cup&eacute;ration
 recovery_code.validUntil=Valable jusqu'au:
@@ -244,6 +245,7 @@ recovery_questionnaire_reason_selection.instruction=Veuillez s&eacute;lectionner
 recovery_start_info.banner.warning=Vous ne pourrez pas utiliser votre compte tant que le processus de r&eacute;cup&eacute;ration n'aura pas &eacute;t&eacute; termin&eacute;.
 recovery_start_info.instruction=Le processus de r&eacute;cup&eacute;ration n&eacute;cessitera l&rsquo;enregistrement d&rsquo;un nouveau facteur d&rsquo;authentification. Si votre compte contient des informations ayant d&eacute;j&agrave; &eacute;t&eacute; v&eacute;rifi&eacute;es, il se peut que vous deviez les faire v&eacute;rifier &agrave; nouveau pour terminer la r&eacute;cup&eacute;ration.
 recovery_start_info.title=Vous &ecirc;tes sur le point de d&eacute;marrer le processus de r&eacute;cup&eacute;ration.
+submit.button.label=Envoyer
 title=NEVIS SSO Portal
 title.login=Login
 title.pwchange.label=Changer mot de passe

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_it.properties

@@ -9,7 +9,6 @@ agov-ident.invalid-url.message=Il link non può essere elaborato
 agov-ident.invalid-url.title=Link non valido
 agov-ident.onboarding=Registrazione e verifica
 agov-ident.retry=Riprova
-button.submit=Continua
 darkModeSwitch.aria.label=Attivare la modalità scura
 error.policy.failed=La nuova password non è stata accettata. Scegliere una password che sia conforme ai criteri di password.
 error_1=Verificare i dati inseriti.
@@ -60,7 +59,7 @@ general.edit=Modificare
 general.email=e-mail
 general.email.address=Indirizzo e-mail
 general.entryCode=Codice
-general.fieldRequired=Campo obbligatorio.
+general.fieldRequired=Campo obbligatorio
 general.getStarted=Iniziare
 general.goAGOVHelp=Vai ad AGOV help
 general.goAccessApp=Login con AGOV access
@@ -70,7 +69,7 @@ general.help.link=https://agov.ch/help
 general.login=Accedere
 general.login.accessApp=Accesso con l'App AGOV access
 general.login.securityKey=Login con la chiave di sicurezza
-general.loginSecurityKey=Iniziare il login con la chiave di sicurezza
+general.loginSecurityKey=Inizi l'accesso con chiave di sicurezza
 general.moreOptions=ALTRE OPZIONI
 general.or=O
 general.otherLoginMethods=Altri metodi di login
@@ -78,8 +77,8 @@ general.recovery=Ripristino
 general.recovery.help.link=https://help.agov.ch/?c=100recovery
 general.recoveryCode.downloadPdf=Salva come PDF
 general.recoveryCode.inputLabel=Codice di ripristino
-general.recoveryCode.repeatCodeError=Il codice inserito non è corretto. Assicurati di averlo memorizzato correttamente, quindi riprova a inviarlo.
+general.recoveryCode.repeatCodeError=Il codice inserito non è corretto. Verifichi di averlo salvato correttamente e riprovi.
-general.recoveryCode.repeatCodeModal.description=Un codice di ripristino perso o memorizzato in modo errato può rendere più difficile il recupero del tuo account. Per assicurarti di aver registrato correttamente il codice, inseriscilo di nuovo qui sotto.
+general.recoveryCode.repeatCodeModal.description=Per assicurarsi di aver registrato correttamente il suo codice, lo ripeta qui sotto. Un codice di ripristino perso o registrato in modo errato può rendere più difficile il ripristino del suo account.
 general.recoveryCode.repeatCodeModal.title=Ripeti il codice di ripristino
 general.recoveryCode.reveal=Mostri il codice di ripristino
 general.recoveryOngoing=Ripristino in corso
@@ -102,18 +101,18 @@ language.fr=Français
 language.it=Italiano
 language.rm=Rumantsch
 languageDropdown.aria.label=Selezionare la lingua
-loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi.
+loainfo.description.200=Per accedere all'applicazione, dobbiamo verificare i suoi dati. Il processo può richiedere da 2–3 giorni.
-loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata.
+loainfo.description.300=Per accedere all'applicazione, dobbiamo verificare i suoi dati. Potrà scegliere il processo preferito nel passaggio successivo.
 loainfo.description.400=Per accedere all'applicazione è necessario inserire il numero AVS.
 loainfo.helper=I dati devono essere verificati!
 loainfo.later=Più tardi
-loainfo.startNow=Iniziare la procedura?
+loainfo.startNow=Vuole iniziare il processo ora?
-loainfo.startVerification=Iniziare la verifica
+loainfo.startVerification=Inizi la verificazione
 loainfo.title=Verificare i dati.
 mauth_usernameless.EID=Continuare con CH e-ID
 mauth_usernameless.banner.error=Autenticazione interrotta.<br>Riprovare dopo che la pagina si sar&agrave; ricaricata.
-mauth_usernameless.banner.info=La scansione &egrave; stata eseguita.<br>Continuare nell'app AGOV access.
+mauth_usernameless.banner.info=Scansione eseguita. Continuare nell'app AGOV access.
-mauth_usernameless.banner.success=Autenticazione riuscita!<br>Aspettare di essere connessi.
+mauth_usernameless.banner.success=Autenticazione riuscita.<br>Attenda l&rsquo;accesso.
 mauth_usernameless.cannotLogin=Ha perso l'accesso alla sua app/chiave di sicurezza?
 mauth_usernameless.cannotLogin.accessApp=Ha perso l'accesso al suo App AGOV access?
 mauth_usernameless.cannotLogin.securityKey=Ha perso l'accesso alla sua chiave di sicurezza?
@@ -122,7 +121,7 @@ mauth_usernameless.instructions=Per accedere, scansionare il codice QR con l'app
 mauth_usernameless.noAccount=Non ha ancora un AGOV account?
 mauth_usernameless.selectLoginMethod=Selezionare il metodo di login
 mauth_usernameless.showQR=Visualizza il codice QR
-mauth_usernameless.startRecovery=Inizia il recupero dell'account
+mauth_usernameless.startRecovery=Inizi il ripristino dell&rsquo;account
 mauth_usernameless.useSecurityKey=Accedere utilizzando una chiave di sicurezza.
 mauth_usernameless.useSecurityKeyInfo=Una chiave di sicurezza fisica permette di accedere in modo sicuro senza utilizzare un telefono.
 op-admin.login=AGOV op admin
@@ -164,7 +163,7 @@ prompt.newpassword=Nuova Password
 prompt.newpassword.confirm=Conferma password
 prompt.password=Password
 prompt.userid=Nome utente
-providePhoneNumber.banner=Il numero di telefono deve essere in grado di ricevere SMS.<br>Questo numero di telefono non sar&agrave; utilizzato per contattarti.
+providePhoneNumber.banner=Il numero di telefono deve poter ricevere SMS. Non sar&agrave; utilizzato per contattarla.
 providePhoneNumber.description=AGOV ora supporta il ripristino tramite il tuo numero di telefono. Questo ti permetter&agrave; di continuare con un SMS durante il ripristino se hai perso l'accesso al tuo codice di ripristino.
 providePhoneNumber.errorBanner=Il numero di telefono non corrispondono. Si prega di riprovare.
 providePhoneNumber.inputLabel=Numero di telefono (facoltativo)
@@ -172,7 +171,7 @@ providePhoneNumber.laterModal.description1=Senza un numero di telefono, il recup
 providePhoneNumber.laterModal.description2=Aggiungere un numero di telefono ti aiuta a recuperare il tuo account in pochi minuti.
 providePhoneNumber.laterModal.description3=Questo numero di telefono non sar&agrave; utilizzato per contattarti.
 providePhoneNumber.laterModal.title=Continuare senza un numero di telefono?
-providePhoneNumber.modal.description=Un numero di telefono memorizzato in modo errato pu&ograve; rendere pi&ugrave; difficile il recupero del tuo account. Per assicurarti di aver registrato correttamente il tuo numero di telefono, inseriscilo di nuovo qui sotto.
+providePhoneNumber.modal.description=Per assicurarsi di aver registrato correttamente il suo numero di telefono, lo ripeta qui sotto. Un numero registrato in modo errato pu&ograve; rendere pi&ugrave; difficile il ripristino del suo account.
 providePhoneNumber.modal.inputLabel=Numero di telefono
 providePhoneNumber.modal.title=Ripetere il numero di telefono
 providePhoneNumber.saveButtonText=Salva
@@ -181,12 +180,14 @@ pwreset.done.info=La password &egrave; stata modificata con successo. Fare clic
 pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password.
 pwreset.info.linktext=Password dimenticata
 pwreset.noticket=Il biglietto per la reimpostazione della password non &egrave; pi&ugrave; valido. Si prega di generarne uno nuovo.
+qrCode.label=Clicchi per aprire il codice QR in una finestra pop-up.
 recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV gi&agrave; registrata
 recovery_accessapp_auth.instruction1=Ha gi&agrave; registrato una nuova app AGOV access !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
 recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
 recovery_check_code.banner.lockedError=Troppi tentativi di inserimento non validi. Riprovare tra qualche minuto.
 recovery_check_code.codeIncorrect=Il codice inserito non &egrave; corretto. Riprovare.
-recovery_check_code.enterRecoveryCode=Inserisca il codice di recupero
+recovery_check_code.enterRecoveryCode=Codice di ripristino
+recovery_check_code.expired=Troppi tentativi o il codice di ripristino &egrave; scaduto.
 recovery_check_code.instruction=Inserire qui sotto il codice di ripristino a 12 caratteri alfanumerici. Ha ricevuto questo codice in un file PDF al momento della registration o in AGOV me.
 recovery_check_code.invalid.code=Il codice non &egrave; valido
 recovery_check_code.invalid.code.required=Codice richiesto
@@ -199,17 +200,17 @@ recovery_check_code.too_many_tries.instruction2=Si prega di andare alla guida di
 recovery_check_noCode.banner.error=Troppi tentativi.
 recovery_check_noCode.instruction1=Potresti aver tentato di inserire il codice di ripristino troppe volte.
 recovery_check_noCode.instruction2=Chiudi il browser web e inizia nuovamente il processo di ripristino dell'account tra dieci minuti da <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
-recovery_code.banner.error=La preghiamo di rivelare il suo nuovo codice per poter continuare.
+recovery_code.banner.error=Mostri il suo codice di ripristino per poter continuare.
 recovery_code.instruction=Il codice di ripristino le aiuta ad accedere al suo conto in caso in cui lei abbia perso le credentiali di accesso. Per favore, conservi il codice di ripristino in un luogo sicuro.
 recovery_code.newRecoveryCode=Introduzione del codice di ripristino
 recovery_code.validUntil=Valido fino a:
-recovery_fidokey_auth.button=Iniziare l'authenticazione della chiave
+recovery_fidokey_auth.button=Inizi l'authenticazione della chiave
-recovery_fidokey_auth.fidoInstruction=Cliccare su "Iniziare l'authenticazione della chiave"
+recovery_fidokey_auth.fidoInstruction=Clicchi su "Inizi l'authenticazione della chiave"
 recovery_fidokey_auth.instruction1=Ha gi&agrave; registrato una nuova chiave di sicurezza !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
 recovery_fidokey_auth.instruction2=Si prega di usare !!!SECURITY_KEY_NAME!!! per poter seguire i passaggi seguenti per identificarti.
 recovery_fidokey_auth.keyRegistered=Chiave di sicurezza gi&agrave; registrata
 recovery_intro_email.banner.error=Il link utilizzato &egrave; scaduto. Per ricevere un nuovo link, inserire l&rsquo;indirizzo e-mail.
-recovery_intro_email.banner.info=Per ricevere il link e avviare il processo di ripristino, inserire l&rsquo;indirizzo e-mail.
+recovery_intro_email.banner.info=Inserisca il suo indirizzo email, cos&igrave; potremo inviarle un link per iniziare il processo di ripristino.
 recovery_intro_email.important=Importante:
 recovery_intro_email.process=Il processo di ripristino deve essere utilizzato solo se ha perso l'accesso ai suoi fattori di accesso (app AGOV access eliminata, chiave di sicurezza persa, telefono smarrito, ecc.).
 recovery_intro_email_sent.banner.button=Non avete ricevuto l'e-mail?
@@ -219,7 +220,7 @@ recovery_on_going.instruction=&Egrave; in corso un processo di ripristino. Il pr
 recovery_on_going.title=Completare il processo di ripristino.
 recovery_questionnaire_instructions.banner.info=Tenga presente che in alcuni casi &egrave; necessario utilizzare il codice di ripristino per un ripristino riuscito.
 recovery_questionnaire_instructions.explanation=In base alle sue risposte sembra essere necessario un ripristino AGOV-Login. Fare clic su Continua e seguire le istruzioni visualizzate sullo schermo.
-recovery_questionnaire_instructions.instruction1=Si prega di fornire l'indirizzo email del suo account in modo di poter inviarle un link per iniziare il processo di recupero
+recovery_questionnaire_instructions.instruction1=Indichi l&rsquo;indirizzo e-mail associato al suo account, cos&igrave; potremo inviarle un link per iniziare il processo di ripristino
 recovery_questionnaire_instructions.instruction2=Si prega di seguire i passaggi per recuperare il suo account (i passaggi varieranno a seconda del livello di verifica dell'account)
 recovery_questionnaire_loginfactor.banner.error=Si prega di selezionare una risposta.
 recovery_questionnaire_loginfactor.no=No
@@ -240,10 +241,11 @@ recovery_questionnaire_reason_selection.answer7=Ho i miei token di sicurezza o l
 recovery_questionnaire_reason_selection.answer8=Ho perso l'accesso a tutte le mie chiavi di sicurezza e alle app AGOV access
 recovery_questionnaire_reason_selection.answer9=Ho problemi con uno dei miei fattori di accesso (PIN cancellato, reimpostato, dimenticato)
 recovery_questionnaire_reason_selection.banner.error=Si prega di selezionare il motivo.
-recovery_questionnaire_reason_selection.instruction=Si prega di selezionare il motivo per cui sta avviando il processo di recupero:
+recovery_questionnaire_reason_selection.instruction=Selezioni il motivo per cui sta iniziando il processo di ripristino:
 recovery_start_info.banner.warning=Non &egrave; possibile utilizzare l&rsquo;account finch&eacute; il processo di ripristino non sar&agrave; concluso.
-recovery_start_info.instruction=Durante il processo di ripristino sar&agrave; registrato un nuovo fattore di accesso. Se l&rsquo;account contiene informazioni verificate, potrebbe essere necessario avviare un processo di verifica per completare il ripristino.
+recovery_start_info.instruction=Durante il processo di ripristino registrer&agrave; un nuovo fattore di login. Se il suo account contiene informazioni verificate, potrebbe dover effettuare anche un processo di verificazione per completare il ripristino.
-recovery_start_info.title=Il processo di ripristino sta per iniziare.
+recovery_start_info.title=Sta per iniziare il processo di ripristino
+submit.button.label=Continua
 title=NEVIS SSO Portal
 title.login=Login
 title.pwchange.label=Cambiare Password

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_rm.properties

@@ -10,42 +10,42 @@ agov-ident.invalid-url.title=Invalid Link
 agov-ident.onboarding=Registration & Verification
 agov-ident.retry=Try again
 darkModeSwitch.aria.label=Activar l'apparientscha stgira
-error_1=Please check your input.
+error_1=Controllai Vossas indicaziuns per plaschair.
-error_10=Please select the correct user account.
+error_10=Selecziunai il conto d'utilisader correct.
-error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk.
+error_100=I n'è betg pussaivel da chargiar si il certificat. Quest certificat exista gia. Contactai il helpdesk.
-error_101=The entered email address is not valid.
+error_101=L'adressa d'e-mail endatada n'è betg valaivla.
-error_11=Please use another certficate or login with another credential type.
+error_11=Duvrai in auter certificat u As annunziai cun in auter factur da login.
-error_2=Please select another login name.
+error_2=Selecziunai in auter num d'utilisader.
-error_3=Your account will be locked if next authentication fails.
+error_3=Sche la proxima autentificaziun na reussescha betg vegn Voss conto bloccà.
-error_4=Your new password does not comply with the security policy. Please choose a different password.
+error_4=Voss nov pled-clav n'è betg confurm a las directivas da segirezza. Selecziunai in auter pled-clav per plaschair.
-error_5=Error in password confirmation.
+error_5=Sbagl da confermar il pled-clav.
-error_50=The new password is too short.
+error_50=Il nov pled-clav è memia curt.
-error_55=The new password has to differ from old passwords.
+error_55=Il nov pled-clav sto esser different da pled-clavs vegls.
-error_6=Password change required.
+error_6=Midada d'il pled-clav è necessaria.
-error_7=Change of login ID required.
+error_7=Midada da la login ID è necessaria.
-error_8=Your account has been locked due to repeated authentication failures.
+error_8=Voss conto è vegnì bloccà pervia da memia bleras emprovas d'autentificaziun che n'èn betg reussidas.
-error_81=No access card found, access from internet denied.
+error_81=Chattà nagina carta d'access, l'access sur l'internet è vegni refusà.
-error_83=Your access card is no longer valid. Please contact your advisor to get a new access card.
+error_83=Vossa carta d'access n'è betg pli valaivla. Contactai Voss consulent per survegnir ina nova carta d'access.
-error_9=Session take over failed.
+error_9=I n'ha betg funcziunà da surpigliar la sessiun.
-error_97=You are not authorized to access this resource.
+error_97=Vus n'essas betg autorisà d'acceder a questa resursa.
-error_98=Your account has been locked.
+error_98=Voss conto è vegnì bloccà.
-error_99=System problems. Please try later.
+error_99=Problems da sistem: Empruvai anc ina giada pli tard.
-error_9901=You need a valid on-boarding link to access this page.
+error_9901=Vus duvrais in link da onboarding valaivel per pudair acceder a questa pagina.
-error_9902=The email used for authentication doesn't match the expected one in operations. Please ask for a new on-boarding link.
+error_9902=L'adressa d'e-mail che vegn duvrada per l'autentificaziun na correspunda betg a l'adressa dad e-mail da AGOV operations. Dumandai per in nov link da onboarding.
-error_9903=The used IdP didn't send us a valid assertion. Please make sure, you use the correct IdP. Ask the support for a new on-boarding link.
+error_9903=L'IdP n'ans ha betg tramess ina assertion valaivla. Controllai che Vus dovrias la correcta IdP. Dumandai il support per in nov link da onboarding.
-error_9904=Your link is not valid anymore. Please make sure, that you are using the latest Link received from operations. Ask for a new link, if the problem persists.
+error_9904=Voss link n'è betg pli valaivel. Controllai che Vus dovrias il link il pli actual che Vus avais survegnì d'AGOV operations. Dumandai per in nov link en cass che il problem persista vinavant.
-error_9905=There is a problem with your operations account. Please contact the support.
+error_9905=I dat in problem cun Voss conto AGOV operations. Contactai per plaschair il support.
-error_9909=An internal error occured. Please ask the support for a new on-boarding link.
+error_9909=Igl è capità in sbagl intern. Dumandai il support per in nov link da onboarding.
-errors.duplicateValue=Your account is already linked with another operations access.
+errors.duplicateValue=Voss conto è gia collià cun in auter access d'operaziun.
 fido2_auth.cancel.fido=L'autentificaziun cun la clav da segirezza è vegnida interrutta. Controllai che Vossa clav FIDO saja registrada e che Voss e-mail saja correct.
 fido2_auth.instruction1=Cliccai sin "Vinavant"
-fido2_auth.instruction2=En curt ina fanestra d'autentificaziun vegn ad aviar
+fido2_auth.instruction2=En curt vegn ina fanestra d'autentificaziun ad aviar
 fido2_auth.instruction3=Suandai las instrucziuns
 fido2_auth.skipInstructions=Sursiglir las instrucziuns la proxima giada
-fido2_auth.switchLogin=AS ANNUNZIAR CUN
+fido2_auth.switchLogin=ANNUNZIAR CUN
 footer.link=https://agov.ch
 footer.link.label=Contact
-footer.text=Authentication service of Swiss authorities AGOV - a collaboration between cantons, their municipalities, and the federal administration. -
+footer.text=Servetsch d’autentificaziun da las autoritads svizras AGOV – Ina collavuraziun dals chantuns, lur vischnancas e l’administraziun federala. -
 general.AGOVAccessApp=App AGOV access
 general.accessApp=App AGOV access
 general.authenticate=Autentifitgar
@@ -53,12 +53,12 @@ general.back=Enavos
 general.cancel=Interrumper
 general.confirm=Confermar
 general.contactSupport=Contactar il support
-general.continue=Cuntinuar
+general.continue=Vinavant
 general.edit=Modifitgar
 general.email=E-mail
-general.email.address=Adressa dad e-mail
+general.email.address=Adressa d'e-mail
-general.entryCode=Endatai il code
+general.entryCode=Endatar il code
-general.fieldRequired=Champ obligatoric.
+general.fieldRequired=Champ obligatoric
 general.getStarted=Cumenzar
 general.goAGOVHelp=Vinavant a AGOV help
 general.goAccessApp=Login cun AGOV access
@@ -66,51 +66,51 @@ general.goToAccessApp=Cuntinuai a Vossa app AGOV access
 general.help=Agid
 general.help.link=https://agov.ch/help
 general.login=Login
-general.login.accessApp=As Annunziar cun la App Access
+general.login.accessApp=Annunziar cun la App Access
-general.login.securityKey=As Annunziar cun la clav da segirezza
+general.login.securityKey=Annunziar cun la clav da segirezza
 general.loginSecurityKey=Iniziar il login cun la clav da segirezza
 general.moreOptions=DAPLI OPTIONS
 general.or=U
-general.otherLoginMethods=Ulteriuras methodas da registraziun
+general.otherLoginMethods=Ulteriuras metodas da login
 general.recovery=Recuperaziun
 general.recovery.help.link=https://help.agov.ch/?c=100recovery
 general.recoveryCode.downloadPdf=Telechargiar en furma da PDF
 general.recoveryCode.inputLabel=Code da recuperaziun
-general.recoveryCode.repeatCodeError=Il code che Vus avais endatà n'è betg correct. Controllai che Vus l'hajas arcunà correctamain ed endatai anc ina giada il code.
+general.recoveryCode.repeatCodeError=Il code che Vus avais endatà n'è betg correct. Controllai che Vus l'hajas arcunà correctamain ed endatai el anc ina giada.
-general.recoveryCode.repeatCodeModal.description=In code da restabiliment pers u betg arcunà correctamain po difficultar la recuperaziun da Voss conto. Per verifitgar che Vus hajas arcunà correctamain Voss code, al repeti qua sutvart per plaschair.
+general.recoveryCode.repeatCodeModal.description=Per verifitgar che Vus hajas arcunà correctamain Voss code, al repeti qua sutvart per plaschair. In code da recuperaziun pers u betg arcunà correctamain po difficultar la recuperaziun da Voss conto.
-general.recoveryCode.repeatCodeModal.title=Repeti il code da recuperaziun
+general.recoveryCode.repeatCodeModal.title=Repeter il code da recuperaziun
-general.recoveryCode.reveal=Revelar il code da recuperaziun
+general.recoveryCode.reveal=Scuvrir il code da recuperaziun
 general.recoveryOngoing=Recuperaziun betg terminada
 general.register=Registrar
 general.registerNow=As registrai ussa!
 general.registration=Registraziun
 general.registration.dontHaveAnAccountYet=N'avais Vus anc nagin account AGOV?
-general.registration.seeOptions=Mussar las methodas da registraziun
+general.registration.seeOptions=Mussar las metodas da registraziun
 general.securityKey=Clav da segirezza
 general.skip.content=Avanzar a la part principala
 general.wrongPhoneNumber=Endatai in numer da telefonin valid
-generic.auth.error.message=There was a service interruption. We are working on it.
+generic.auth.error.message=Igl ha dà ina interrupziun dal servetsch. Nus lavurain vidlonder.
-generic.auth.error.next.steps=Please try again later. Please consult AGOV help if the problem persists.
+generic.auth.error.next.steps=Empruvai pli tard anc ina giada per plaschair. Visitai AGOV help en cass che il problem persista vinavant.
-generic.auth.error.subtitle=Something went wrong
+generic.auth.error.subtitle=Insatge n'ha betg funcziunà
-generic.auth.error.title=Error
+generic.auth.error.title=Errur
 language.de=Deutsch
 language.en=English
 language.fr=Français
 language.it=Italiano
 language.rm=Rumantsch
 languageDropdown.aria.label=Selecziunar la lingua
-loainfo.description.200=Ina verificaziun da Vossas datas è necessaria per acceder a questa applicaziun. Quest process po durar fin 2 u 3 dis.
+loainfo.description.200=Per acceder a questa applicaziun, stuain nus verifitgar Vossas datas. Quest process po durar fin 2–3 dis.
-loainfo.description.300=Per acceder a questa applicaziun, stuain nus verifitgar Vossas indicaziuns cun in da dus process. Vus pudais selecziunar la metoda preferida en il proxim pass.
+loainfo.description.300=Per acceder a questa applicaziun, stuain nus verifitgar Vossas datas. Vus pudais selecziunar vossa metoda preferida en il proxim pass.
 loainfo.description.400=Per acceder a questa applicaziun stuais Vus inditgar Voss numer AVS.
 loainfo.helper=Vossas datas persunalas ston vegnir verifitgadas!
 loainfo.later=Pli tard
 loainfo.startNow=Vulais Vus ussa cumenzar cun il process?
-loainfo.startVerification=Cumenzar cun la verificaziun
+loainfo.startVerification=Cumenzar
 loainfo.title=Verifitgai Vossas datas
-mauth_usernameless.EID=Cuntinuar cun la e-ID svizra
+mauth_usernameless.EID=Vinavant cun la e-ID svizra
-mauth_usernameless.banner.error=Autentificaziun interrutta. <br>Empruvai anc ina giada per plaschair, suenter che la pagina &egrave; rechargiada.
+mauth_usernameless.banner.error=Autentificaziun interrutta. <br>Empruvai anc ina giada suenter che la pagina &egrave; rechargiada per plaschair.
-mauth_usernameless.banner.info=Scan reuss&igrave; <br>Cuntinuai per plaschair en l'app AGOV access.
+mauth_usernameless.banner.info=Scan reuss&igrave;. Cuntinuai per plaschair en l'app AGOV access.
-mauth_usernameless.banner.success=Autentificaziun reussida! <br>Spetgai fin che Vus essas annunziads.
+mauth_usernameless.banner.success=Autentificaziun reussida <br>Spetgai fin che Vus essas annunziads per plaschair.
 mauth_usernameless.cannotLogin=Avais Vus pers l'access a l'app / la clav da segirezza?
 mauth_usernameless.cannotLogin.accessApp=Avais Vus pers l'access a Vossa app?
 mauth_usernameless.cannotLogin.securityKey=Avais Vus pers l'access a Vossa clav da segirezza?
@@ -123,40 +123,40 @@ mauth_usernameless.startRecovery=Cumenzar cun la recuperaziun dal conto
 mauth_usernameless.useSecurityKey=Duvrai ina clav da segirezza per As annunziar
 mauth_usernameless.useSecurityKeyInfo=Ina clav da segirezza fisica pussibilitescha ina annunzia segira senza telefonin.
 op-admin.login=AGOV op admin
-op-admin.login.intro.message=Login with your username and password
+op-admin.login.intro.message=Login cun Voss num d'utilisader e cun Voss pled-clav
 op-admin.login.loginid=LoginId
-op-admin.login.password=Passwort
+op-admin.login.password=Pled-clav
 op-admin.login.title=Login
 op-admin.logout=AGOV op admin
-op-admin.logout.message=You have successfully logged out.
+op-admin.logout.message=Voss logout &egrave; reuss&igrave;.
-op-admin.logout.title=Logout
+op-admin.logout.title=Deconnectar
-op-admin.pwchange.intro.message=Password change required
+op-admin.pwchange.intro.message=Midada d'il pled-clav &egrave; necessaria
-op-admin.pwchange.newpassword=New password
+op-admin.pwchange.newpassword=Nov pled-clav
-op-admin.pwchange.newpassword2=Repeat new password
+op-admin.pwchange.newpassword2=Repeter il nov pled-clav
-op-admin.pwchange.password=Current password
+op-admin.pwchange.password=Pled-clav actual
-op-admin.pwchange.title=Password Change
+op-admin.pwchange.title=Midada d'il pled-clav
-op-idmlogin.role.accs-mgmt-idm=IDM accessrights management
+op-idmlogin.role.accs-mgmt-idm=Management dals dretgs d'access IDM
-op-idmlogin.role.accs-mgmt-nonidm=Accessrights management
+op-idmlogin.role.accs-mgmt-nonidm=Management dals dretgs d'access
 op-idmlogin.role.idmcfg-mgmt=IDM set-up
-op-idmlogin.role.readonly-access=Default access (readonly)
+op-idmlogin.role.readonly-access=Access da standard (mo dretgs da leger)
-op-idmlogin.role.support-basic=Support cases (recovery, ...)
+op-idmlogin.role.support-basic=Cas da support (recuperaziun, …)
-op-idmlogin.role.support-priv=3rd level support (archiving, off-boarding)
+op-idmlogin.role.support-priv=Support dal 3. nivel (archivaziun, deconnecziuns)
-op-idmlogin.role.usr-mgmt=User management (operations)
+op-idmlogin.role.usr-mgmt=Administraziun dals utilisaders (operations)
-op-idmlogin.role.usr-unit-mgmt=User and organization management (operations)
+op-idmlogin.role.usr-unit-mgmt=Administraziun dals utilisaders e da l'organisaziun (operations)
 op-idmlogin.select=AGOV idm
-op-idmlogin.select.intro=Please select one of the profiles below...
+op-idmlogin.select.intro=Selecziunai in d'ils profils suandants per plaschair...
-op-idmlogin.select.note=Profiles marked with a * should only be used if required for a specific support or release tasks.
+op-idmlogin.select.note=Ils profils marcads cun * duessan mo vegnir duvrads per tschertas incumbensas da support u da release.
-op-idmlogin.select.title=Profile selection
+op-idmlogin.select.title=Selecziun dal profil
-op-onboarding.done.message=On-boarding was successfull. You can now use your AGOV operations access. Please close the browser, before accessing on of the operations application.
+op-onboarding.done.message=Il onboarding &egrave; reuss&igrave;. Vus pudais ussa duvrar Voss access AGOV operations. Serrai il browser per plaschair avant che acceder ad AGOV operations.
-op-onboarding.done.title=DONE
+op-onboarding.done.title=FIN&Igrave;
-op-onboarding.failed.title=ERROR
+op-onboarding.failed.title=ERRUR
-op-onboarding.intro.message1=To complete your on-boarding for your AGOV operations access, you need either an AGOV or a FED-LOGIN account.
+op-onboarding.intro.message1=Per concluder la registraziun da Voss access AGOV operations duvrais Vus in conto AGOV u in conto FED-LOGIN.
-op-onboarding.intro.message2=After clicking on "Continue", you will be redirected for authentication.
+op-onboarding.intro.message2=Suenter avair clicc&agrave; sin &laquo;Vinavant&raquo; vegnis Vus dirig&igrave; a l'autentificaziun.
-op-onboarding.intro.message3=If you are using AGOV, and your account doesn't meet yet the required AGOVaq level, you will be given the possibility to start the required ID verification.
+op-onboarding.intro.message3=Sche Vus utilisais AGOV ed il conto na correspunda anc betg al nivel dad AGOVaq necessari, survegnis Vus la pussaivladad da cumenzar la verificaziun d'identitad che &egrave; necessaria.
 op-onboarding.intro.title=START
-op-onboarding.onboarding=AGOV op on-boarding
+op-onboarding.onboarding=AGOV op onboarding
-op-onboarding.process.message=During the processing something went wrong. Please contact AGOV support if necessary and ask also for a new on-boarding link.
+op-onboarding.process.message=Igl ha d&agrave; in sbagl. Contactai il support dad AGOV e dumandai per in nov link da registraziun, sche necessari.
-providePhoneNumber.banner=Il numer da telefonin sto esser capabla da retschaiver SMS. <br>Quest numer da telefonin na vegn betg duvr&agrave; per As contactar.
+providePhoneNumber.banner=Il numer da telefonin sto esser capabel da retschaiver SMS. El na vegn betg duvr&agrave; per As contactar.
 providePhoneNumber.description=AGOV pussibilitescha ussa la recuperaziun cun agid dal numer da telefonin. Durant la recuperaziun pudais Vus ussa cuntinuar cun in SMS, en cas che Vus avais pers Voss code da recuperaziun.
 providePhoneNumber.errorBanner=Ils numers da telefonin na correspundan betg in a l'auter. Empruvai danovamain per plaschair.
 providePhoneNumber.inputLabel=Numer da telefonin (opziunal)
@@ -164,56 +164,58 @@ providePhoneNumber.laterModal.description1=Senza numer da telefonin po la recupe
 providePhoneNumber.laterModal.description2=Agiuntar in numer da telefonin pussibilitescha ina recuperaziun da Voss conto en paucas minutas.
 providePhoneNumber.laterModal.description3=Quest numer da telefonin na vegn betg duvr&agrave; per As contactar.
 providePhoneNumber.laterModal.title=Cuntinuar senza numer da telefonin?
-providePhoneNumber.modal.description=In numer da telefonin che n'&egrave; betg vegn&igrave; arcun&agrave; correctamain, po difficultar la recuperaziun da Voss conto. Per verifitgar che Vus hajas arcun&agrave; correctamain Voss numer da telefonin, al repeti qua sutvart per plaschair.
+providePhoneNumber.modal.description=Per verifitgar che Vus hajas arcun&agrave; correctamain Voss numer da telefonin, al repeti qua sutvart per plaschair. In numer da telefonin betg arcun&agrave; correctamain po difficultar la recuperaziun da Voss conto.
 providePhoneNumber.modal.inputLabel=Numer da telefonin
-providePhoneNumber.modal.title=Repeti il numer da telefonin
+providePhoneNumber.modal.title=Reper il numer da telefonin
 providePhoneNumber.saveButtonText=Arcunar
 providePhoneNumber.title=Inditgar in numer da telefonin
-recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered
+qrCode.label=Cliccai per avrir il code QR en ina fanestra separada.
-recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process.
+recovery_accessapp_auth.accessAppRegistered=App AGOV access gia registrada
-recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you.
+recovery_accessapp_auth.instruction1=Vus avais gia registr&agrave; ina nova app AGOV access !!!ACCESS_APP_NAME!!! durant il process da recuperaziun.
-recovery_check_code.banner.lockedError=Too many invalid input attempts. Please try again in a few minutes.
+recovery_accessapp_auth.instruction2=Utilisai per plaschair !!!ACCESS_APP_NAME!!! per As identifitgar.
-recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again.
+recovery_check_code.banner.lockedError=Memia bleras emprovas d'endataziun nunvalaivlas. Empruvai anc ina giada en intginas minutas.
-recovery_check_code.enterRecoveryCode=Enter recovery code
+recovery_check_code.codeIncorrect=Il code endat&agrave; n'&egrave; betg correct. Empruvai anc ina giada.
-recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me.
+recovery_check_code.enterRecoveryCode=Code da recuperaziun
-recovery_check_code.invalid.code=The code is invalid
+recovery_check_code.expired=Memia bleras emprovas u Voss code da recuperaziun &egrave; scad&igrave;.
-recovery_check_code.invalid.code.required=Code required
+recovery_check_code.instruction=Endatai qua sutvart Voss code da recuperaziun persunal cun 12 cifras. Vus avais survegn&igrave; il code da recuperaziun en ina datoteca PDF a chaschun da la registraziun u en AGOV me.
-recovery_check_code.invalid.code.tooLong=The code is too long
+recovery_check_code.invalid.code=Il code &egrave; nunvalaivel
-recovery_check_code.noAccess=I do not have access to my code
+recovery_check_code.invalid.code.required=Code necessari
-recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
+recovery_check_code.invalid.code.tooLong=Il code &egrave; memia lung
-recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
+recovery_check_code.noAccess=Jau n'hai betg access a mes code
-recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
+recovery_check_code.noCodeAccess=Essas Vus segirs che Vus n'avais betg access a Voss code da recuperaziun?
-recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
+recovery_check_code.noCodeAccessInstructions=Sche Vus avais pers access a Voss code da recuperaziun giai ad AGOV help per contactar insatgi d'il support dad AGOV. Questa Persuna As vegn a sustegnair cun il process da recuperaziun.
-recovery_check_noCode.banner.error=Too many attempts.
+recovery_check_code.too_many_tries.instruction1=Il code da recuperaziun che Vus avais endat&agrave; &egrave; eventualmain scad&igrave; u Vuss avais empruv&agrave; da l'endatar memia bleras giadas.
-recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
+recovery_check_code.too_many_tries.instruction2=Giai per plaschair ad AGOV help per contactar insatgi d'il support. Questa Persuna As vegn a sustegnair cun il process da recuperaziun.
-recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
+recovery_check_noCode.banner.error=Memia bleras emprovas.
-recovery_code.banner.error=Please reveal your new code to be able to continue.
+recovery_check_noCode.instruction1=Vuss avais eventualmain empruv&agrave; da endatar il code da recuperaziun memia bleras giadas.
-recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place.
+recovery_check_noCode.instruction2=Serrai per plaschair il browser da web e cumenzai anc ina giada cun la recuperaziun da Voss conto en 10 minutas a <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
-recovery_code.newRecoveryCode=Introducing Recovery Code
+recovery_code.banner.error=Scuvrir Voss code da recuperaziun per pudair cuntinuar.
-recovery_code.validUntil=Valid until:
+recovery_code.instruction=Il code da recuperaziun As permetta d'acceder a Voss conto en cas che Vus avais pers tut Voss facturs da login. Tegnai en salv quest code da recuperaziun en in lieu segir per plaschair.
-recovery_fidokey_auth.button=Start key authentication
+recovery_code.newRecoveryCode=Introducziun dal code da recuperaziun
-recovery_fidokey_auth.fidoInstruction=Click on "Start key authentication"
+recovery_code.validUntil=Valaivel enfin:
-recovery_fidokey_auth.instruction1=You have already registered a new security key !!!SECURITY_KEY_NAME!!! as part of the recovery process.
+recovery_fidokey_auth.button=Cumenzar la autentificaziun da clav
-recovery_fidokey_auth.instruction2=Please use !!!SECURITY_KEY_NAME!!! to follow the steps below to identify you.
+recovery_fidokey_auth.fidoInstruction=Cliccai sin &laquo;Cumenzar la autentificaziun da clav&raquo;
-recovery_fidokey_auth.keyRegistered=Security key already registered
+recovery_fidokey_auth.instruction1=Vus avais gia registr&agrave; ina nova clav da segirezza !!!SECURITY_KEY_NAME!!! durant il process da recuperaziun.
-recovery_intro_email.banner.error=Il link che Vus avais duvr&agrave; &egrave; scad&igrave;. Endatai Vossa adressa dad e-mail per survegnir in nov link.
+recovery_fidokey_auth.instruction2=Utilisai per plaschair !!!SECURITY_KEY_NAME!!! e suandai ils pass qua sutvart per As identifitgar.
-recovery_intro_email.banner.info=Inditgai Vossa adressa dad e-mail. Nus As tramettain in link, cun il qual Vus pudais cumenzar cun il process da recuperaziun.
+recovery_fidokey_auth.keyRegistered=Clav da sgirezza gia registrada
+recovery_intro_email.banner.error=Il link che Vus avais duvr&agrave; &egrave; scad&igrave;. Endatai Vossa adressa d'e-mail per survegnir in nov link.
+recovery_intro_email.banner.info=Inditgai Vossa adressa d'e-mail. Nus As tramettain in link cun il qual Vus pudais cumenzar cun il process da recuperaziun.
 recovery_intro_email.important=Impurtant:
-recovery_intro_email.process=Il process da restabiliment duess mo vegnir duvr&agrave; en cas che Vus avais pers l'access a Voss facturs da login (stizz&agrave; l'app AGOV access, pers la clav da segirezza, pers il telefonin etc.).
+recovery_intro_email.process=Il process da recuperaziun duess mo vegnir duvr&agrave; en cas che Vus avais pers l'access a Voss facturs da login (stizz&agrave; l'app AGOV access, pers la clav da segirezza, pers il telefonin etc.).
 recovery_intro_email_sent.banner.button=N'avais betg retschav&igrave; il e-mail?
 recovery_intro_email_sent.banner.success=Grazia fitg! Proximamain vegnis Vus a retschaiver in e-mail cun in link da recupraziun ed instrucziuns.
-recovery_on_going.finishRecovery=Finish recovery
+recovery_on_going.finishRecovery=Concluder la recuperaziun
-recovery_on_going.instruction=You have an ongoing recovery process. Part of the recovery process can include an identity verification. To access applications with your AGOV-Login you need to finish the identity verification as well.
+recovery_on_going.instruction=In process da recuperaziun &egrave; en curs. Il process da recuperaziun po cumpigliar ina verificaziun d'identitad. Per avair access ad applicaziuns cun Voss AGOV-Login, stuais Vus terminar la verificaziun d'identitad.
-recovery_on_going.title=Please finish your recovery process.
+recovery_on_going.title=Concludai Voss process da recuperaziun per plaschair.
 recovery_questionnaire_instructions.banner.info=Resguardai che en tscherts cas stuais Vus avair access a Voss code da recuperaziun per che la recupraziun po reussir.
 recovery_questionnaire_instructions.explanation=Sin basa da Vossas respostas pari d'esser necessari da recuperar Voss login AGOV. Cliccai sin Vinavant e suandai las instrucziuns sin il monitur.
-recovery_questionnaire_instructions.instruction1=Inditgai l'adressa dad e-mail da Voss login AGOV. Nus As tramettain in link, cun il qual Vus pudais cumenzar il process da recuperaziun
+recovery_questionnaire_instructions.instruction1=Inditgai l'adressa d'e-mail da Voss login AGOV. Nus As tramettain in link cun il qual Vus pudais cumenzar il process da recuperaziun
 recovery_questionnaire_instructions.instruction2=Suandai ils pass per recuperar Voss conto (ils pass varieschan tenor il nivel da verificaziun da Voss conto)
-recovery_questionnaire_loginfactor.banner.error=Per plaschair selecziunai ina resposta.
+recovery_questionnaire_loginfactor.banner.error=Selecziunai ina resposta per plaschair.
 recovery_questionnaire_loginfactor.no=Na
 recovery_questionnaire_loginfactor.question=Avais Vus registr&agrave; pli che in factur da login (app AGOV access u clav da segirezza) per Voss login AGOV?
 recovery_questionnaire_loginfactor.yes=Gea
-recovery_questionnaire_no_recovery.explanation1=Sin basa da Vossas respostas na pari per il mument betg d'esser necessari da recuperar Voss login AGOV.
+recovery_questionnaire_no_recovery.explanation1=Sin basa da Vossas respostas na pari betg d'esser necessari da recuperar Voss login AGOV per il mument.
 recovery_questionnaire_no_recovery.explanation2=Sche Vus duvrais ulteriuras infurmaziuns, consultai <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> per artitgels da support.
 recovery_questionnaire_no_recovery.instruction1=Sche Vus avais difficultads d'As annunziar per in'applicaziun, visitai <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> e verifitgai sche Vus As pudais annunziar cun success.
 recovery_questionnaire_no_recovery.instruction2=Sche Vus avais registr&agrave; plirs facturs da login, ma avais pers l'access ad in dad els, consultai <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> per stizzar il factur da login pers.
@@ -227,11 +229,11 @@ recovery_questionnaire_reason_selection.answer6=Jau hai emblid&agrave; il PIN pe
 recovery_questionnaire_reason_selection.answer7=Jau hai mias clavs da segirezza u mias apps, hai dentant g&igrave; problems da m'annunziar
 recovery_questionnaire_reason_selection.answer8=Jau hai pers l'access a tut mias clavs da segirezza ed apps AGOV
 recovery_questionnaire_reason_selection.answer9=Jau hai problems cun in da mes facturs da login (stizz&agrave;, mess enavos, PIN emblid&agrave;)
-recovery_questionnaire_reason_selection.banner.error=Per plaschair selecziunai in motiv.
+recovery_questionnaire_reason_selection.banner.error=Selecziunai in motiv per plaschair.
-recovery_questionnaire_reason_selection.instruction=Selecziunai per plaschair il motiv, pertge che Vus cumenzais il process da recuperaziun:
+recovery_questionnaire_reason_selection.instruction=Selecziunai per plaschair il motiv pertge che Vus cumenzais il process da recuperaziun:
 recovery_start_info.banner.warning=Vus na pudais betg utilisar Voss conto, fin ch'il process da recuperaziun &egrave; termin&agrave;.
-recovery_start_info.instruction=Durant il process da recuperaziun vegnis Vus a registrar in nov factur da login. Sche Voss conto cuntegna infurmaziuns verifitgadas, stuais Vus eventualmain er far in process da verificaziun per pudair terminar il process da restabiliment.
+recovery_start_info.instruction=Durant il process da recuperaziun vegnis Vus a registrar in nov factur da login. Sche Voss conto cuntegna infurmaziuns verifitgadas, stuais Vus eventualmain er far in process da verificaziun per pudair terminar il process da recuperaziun.
 recovery_start_info.title=Vus essas vidlonder da cumenzar cun il process da recuperaziun
-user_input.invalid.email=Endatai in'adressa dad e-mail valida
+user_input.invalid.email=Endatai in'adressa d'e-mail valida
 user_input.invalid.email.required=Champ obligatoric
 user_input.invalid.email.tooLong=Il text endat&agrave; e memia lung

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/apple.svg

@@ -0,0 +1,10 @@
+<svg width="19" height="18" viewBox="0 0 19 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0)">
+<path d="M13.9697 17.2808C12.9941 18.2276 11.9177 18.08 10.8917 17.6336C9.80091 17.1782 8.80371 17.1494 7.65171 17.6336C6.21711 18.2528 5.45571 18.0728 4.59171 17.2808C-0.28628 12.2588 0.433719 4.60879 5.97771 4.32079C7.32231 4.39279 8.26371 5.06419 9.05571 5.11999C10.2329 4.88059 11.3597 4.19479 12.6197 4.28479C14.1335 4.40719 15.2657 5.00479 16.0217 6.07938C12.9077 7.95138 13.6457 12.0554 16.5059 13.2074C15.9335 14.7104 15.1991 16.1954 13.9679 17.2934L13.9697 17.2808ZM8.94771 4.26679C8.80191 2.03479 10.6109 0.198798 12.6917 0.0187988C12.9779 2.59279 10.3517 4.51879 8.94771 4.26679Z" fill="#1F2F33"/>
+</g>
+<defs>
+<clipPath id="clip0">
+<rect width="15.156" height="18" fill="white" transform="translate(1.3335)"/>
+</clipPath>
+</defs>
+</svg>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/authcloud_login.js

@@ -66,7 +66,7 @@ const Status = {
 };
 
 function setDeepLinkLabel(button) {
-    const text = document.getElementsByName('info.deeplink')[0].value;
+    const text = document.getElementById('info.login.access_app').innerText;
     button.innerHTML = text;
 }
 
@@ -80,7 +80,13 @@ function messageCheckPhone() {
     infoElement.innerHTML = text;
 }
 
-const Element = {
+function showError() {
+    const text = document.getElementsByName('error.authcloud.login')[0].value;
+    errorElement.innerHTML = text;
+    infoElement.style.display = "none";
+}
+
+const AccessAppElement = {
 
     _elem: null, // QR code or deep link depending on device
 
@@ -91,8 +97,11 @@ const Element = {
         if (isAndroid || isIphone) {
             this._elem = document.createElement('a');
             this._elem.setAttribute('href', appLink);
-            this._elem.setAttribute('class', 'btn btn-primary');
+            this._elem.setAttribute('class', 'btn btn-primary w-100 mt-4');
             this._elem.setAttribute('target', '_blank');
+            // distinguishes style for platforms
+            dispatcherElement.classList.add('mobile-platform');
+
             dispatcherElement.appendChild(this._elem);
             setDeepLinkLabel(this._elem);
         }
@@ -103,13 +112,23 @@ const Element = {
             }
             else {
                 messageScanQR();
+                const qrSize = 280;
+                // Element to render the QR code
                 this._elem = document.createElement('canvas');
-                dispatcherElement.appendChild(this._elem);
+                // Wrapper div to render corners
-                var qrcode = new QRious({
+                const qrCodeWrapper = document.createElement('div');
+                qrCodeWrapper.setAttribute('id','qr-code-wrapper');
+                qrCodeWrapper.style.width = `${qrSize}px`;
+                qrCodeWrapper.style.height = `${qrSize}px`;
+                qrCodeWrapper.appendChild(this._elem)
+                dispatcherElement.style.height = `${qrSize}px`;
+                dispatcherElement.appendChild(qrCodeWrapper);
+                const qrcode = new QRious({
                   element: this._elem,
-                  foreground: "#168CA9",
+                  // use --nevis-gray-900 CSS variable value
+                  foreground: getComputedStyle(document.body).getPropertyValue('--nevis-gray-900'),
                   level: "M",
-                  size: 280,
+                  size: qrSize,
                   value: appLink
                 });
             }
@@ -125,20 +144,31 @@ const Element = {
 };
 
 function authenticateUser(appLink) {
-    Element.show(appLink);
+
-    console.log('Starting Authentication Cloud status polling...');
+    AccessAppElement.show(appLink);
+
+    console.log('Starting Auth Cloud status polling...');
+
     Status.startPolling(statusToken, (st, done) => {
+
         if (st.status === 'succeeded') {
-            console.log('Authentication Cloud login done.');
+
+            console.log('Auth Cloud success.');
+
+            // auto submit form with outcome
             submitStatus('succeeded')
         }
         else if (st.status === 'failed') {
+
             // failed: The transaction failed, either by timeout or because the user did not accept.
-            console.warn('Authentication Cloud login failed. User abort or timeout.');
+            console.warn('Auth Cloud login failed. User abort or timeout.');
+
             submitStatus('failed')
         }
         else if (st.status === 'unknown') {
-            console.error('Authentication Cloud login failed. Unknown status.');
+
+            console.error('Auth Cloud login failed. Unknown status.');
+
             submitStatus('unknown')
         }
     });

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/authcloud_onboard.js

@@ -75,7 +75,12 @@ function messageScanQR() {
     infoElement.innerHTML = text;
 }
 
-const Element = {
+function messageInstalledAccessApp() {
+  const text = document.getElementById('info.access_app.installed').innerText;
+  infoElement.innerHTML = text;
+}
+
+const AccessAppElement = {
 
     _elem: null, // QR code or deep link depending on device
 
@@ -84,22 +89,47 @@ const Element = {
         const isIphone = 'iPhone' === navigator.platform;
         const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent);
         if (isAndroid || isIphone) {
+            if (isAndroid) {
+                document.getElementById('install_apple').style.display = 'none';
+            }
+            if (isIphone) {
+                document.getElementById('install_google').style.display = 'none';
+            }
             this._elem = document.createElement('a');
             this._elem.setAttribute('href', appLink);
-            this._elem.setAttribute('class', 'btn btn-primary');
+            this._elem.setAttribute('class', 'btn btn-primary w-100');
             this._elem.setAttribute('target', '_blank');
+            // distinguishes style for platforms
+            dispatcherElement.classList.add('mobile-platform');
+            const accessApplinks = document.getElementById('access-app-download-link');
+            accessApplinks.classList.add('access-app-download-link-mobile-spacing');
+
             dispatcherElement.appendChild(this._elem);
             setDeepLinkLabel(this._elem);
+
+            // info text is displayed before access app links
+            accessApplinks.parentNode.insertBefore(infoElement.parentNode, accessApplinks);
+            messageInstalledAccessApp();
         }
         else {
             messageScanQR();
+            const qrSize = 280;
+            // Element to render the QR code
             this._elem = document.createElement('canvas');
-            dispatcherElement.appendChild(this._elem);
+            // Wrapper div to render corners
-            var qrcode = new QRious({
+            const qrCodeWrapper = document.createElement('div');
+            qrCodeWrapper.setAttribute('id','qr-code-wrapper');
+            qrCodeWrapper.style.width = `${qrSize}px`;
+            qrCodeWrapper.style.height = `${qrSize}px`;
+            qrCodeWrapper.appendChild(this._elem)
+            dispatcherElement.style.height = `${qrSize}px`;
+            dispatcherElement.appendChild(qrCodeWrapper);
+            const qrcode = new QRious({
               element: this._elem,
-              foreground: "#168CA9",
+              // use --nevis-gray-900 CSS variable value
+              foreground: getComputedStyle(document.body).getPropertyValue('--nevis-gray-900'),
               level: "M",
-              size: 280,
+              size: qrSize,
               value: appLink
             });
         }
@@ -114,25 +144,47 @@ const Element = {
 };
 
 function onboardUser(appLink) {
-    Element.show(appLink);
+
-    console.log('Starting Authentication Cloud status polling...');
+    AccessAppElement.show(appLink);
+
+    console.log('Starting Auth Cloud status polling...');
+
     Status.startPolling(statusToken, (st, done) => {
+
         if (st.status === 'succeeded') {
-            console.log('Authentication Cloud onboarding done.');
+
+            console.log('Auth Cloud success.');
+
+            // auto submit form with outcome
             submitStatus('succeeded')
         }
         else if (st.status === 'failed') {
+
             // failed: The transaction failed, either by timeout or because the user did not accept.
             console.warn('Authentication Cloud onboarding failed. User abort or timeout.');
+
             submitStatus('failed')
         }
         else if (st.status === 'unknown') {
+
             console.error('Authentication Cloud onboarding failed. Unknown status.');
+
             submitStatus('unknown')
         }
     });
 }
 
+const swap = function (nodeA, nodeB) {
+    const parentA = nodeA.parentNode;
+    const siblingA = nodeA.nextSibling === nodeB ? nodeA : nodeA.nextSibling;
+
+    // Move `nodeA` to before the `nodeB`
+    nodeB.parentNode.insertBefore(nodeA, nodeB);
+
+    // Move `nodeB` to before the sibling of `nodeA`
+    parentA.insertBefore(nodeB, siblingA);
+};
+
 function init() {
 
     const form = document.getElementById('authcloud_onboard');
@@ -145,6 +197,9 @@ function init() {
 
     dispatcherElement = document.getElementById('authcloud_dispatch');
 
+    // info texts are displayed underneath QR code
+    swap(infoElement.parentNode, dispatcherElement.parentNode);
+
     const appLink = form.appLink.value;
     onboardUser(appLink);
 }

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/chevron-down.svg

@@ -0,0 +1,3 @@
+<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M12.6667 6L8 10.6667L3.33333 6" stroke="#1F2F33" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/chevron-right.svg

@@ -0,0 +1,3 @@
+<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path d="M6 3.33332L10.6667 7.99999L6 12.6667" stroke="#1F2F33" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/copy-to-clipboard.js

@@ -0,0 +1,27 @@
+function copyToClipboard(containerid) {
+  if (document.selection) {
+    var range = document.body.createTextRange();
+    range.moveToElementText(document.getElementById(containerid));
+    range.select().createTextRange();
+    document.execCommand("copy");
+  } else if (window.getSelection) {
+    var range = document.createRange();
+    range.selectNode(document.getElementById(containerid));
+    window.getSelection().addRange(range);
+    document.execCommand("copy");
+  }
+
+  // clear selection
+  if (window.getSelection) {
+    if (window.getSelection().empty) {
+      // Chrome
+      window.getSelection().empty();
+    } else if (window.getSelection().removeAllRanges) {
+      // Firefox
+      window.getSelection().removeAllRanges();
+    }
+  } else if (document.selection) {
+    // IE
+    document.selection.empty();
+  }
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/customized-bootstrap.css

@@ -0,0 +1,755 @@
+/*!
+ * Bootstrap v5.1.3 (https://getbootstrap.com/)
+ * Copyright 2011-2021 The Bootstrap Authors
+ * Copyright 2011-2021 Twitter, Inc.
+ * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE)
+*/
+
+/*
+ * This file contains customized bootstrap classes which are in the same name, however differ in the implementation.
+ * Classes use CSS custom properties from :root to be runtime modifiable.
+ * Used a portion of bootstrap classes which satisfy the requirements without to include the whole bootstrap bundle.
+ * If you would like to add new classes as "override" or extension please use the bootstrap naming convention.
+*/
+
+/* Form controls */
+.form-label {
+  margin-bottom: 0.25rem;
+}
+
+.form-check:has(.form-check-label) {
+  padding: 1em 1em 1em 1.6em;
+  border-top: solid 1px lightgray;
+  margin: 0 1em 0 1em;
+}
+
+.form-check-label {
+  font-size: 0.875rem !important;
+}
+
+.form-group {}
+
+.form-control {
+  display: block;
+  width: 100%;
+  padding: 0.5625rem 0.75rem;
+  font-size: 1rem;
+  font-weight: 400;
+  line-height: 1.25rem;
+  color: var(--nevis-black);
+  background-color: var(--nevis-white);
+  background-clip: padding-box;
+  border: 0.0625rem solid var(--nevis-form-control-border-color);
+  border-radius: var(--nevis-border-radius);
+  -webkit-appearance: none;
+  -moz-appearance: none;
+  appearance: none;
+  transition: border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
+}
+
+@media (prefers-reduced-motion: reduce) {
+  .form-control {
+    transition: none;
+  }
+}
+
+.form-control:focus {
+  color: var(--nevis-black);
+  background-color: var(--nevis-white);
+  border-color: var(--nevis-primary);
+  outline: 0;
+  box-shadow: 0 0 0 0.0625rem var(--nevis-primary);
+}
+
+.form-control::-webkit-date-and-time-value {
+  height: 1.5em;
+}
+
+.form-control::-moz-placeholder {
+  color: var(--nevis-secondary);
+  opacity: 1;
+}
+
+.form-control::placeholder {
+  color: var(--nevis-secondary);
+  opacity: 1;
+}
+
+.form-control:disabled {
+  font-size: 0.875rem;
+  background-color: #e9ecef;
+  opacity: 1;
+}
+
+.form-control[readonly] {
+  background: var(--nevis-readonly-bg-color);
+  border-color: var(--nevis-readonly-border-color);
+  border-radius: var(--nevis-border-radius);
+  color: var(--nevis-gray-900);
+  font-size: 0.875rem;
+}
+
+.form-control[readonly]:focus {
+  box-shadow: 0 0 0 0.0625rem var(--nevis-readonly-box-shadow-color);
+}
+
+/* Valdiation */
+.invalid-feedback {
+  display: none;
+  width: 100%;
+  margin-top: 0.25rem;
+  font-size: 0.875em;
+  color: var(--nevis-danger);
+}
+
+.was-validated :invalid~.invalid-feedback,
+.was-validated :invalid~.invalid-tooltip,
+.is-invalid~.invalid-feedback,
+.is-invalid~.invalid-tooltip {
+  display: block;
+}
+
+/* Added for 3rd party International Telephone Input */
+.was-validated .iti~.invalid-feedback.invalid-feedback-ready,
+.was-validated .iti~.invalid-tooltip.invalid-feedback-ready {
+  display: block;
+}
+
+.was-validated .form-control:invalid,
+.form-control.is-invalid {
+  border-color: var(--nevis-danger);
+  border-width: 0.125rem;
+  padding-right: inherit;
+  background-image: none;
+  background-repeat: no-repeat;
+  background-position: inherit;
+  background-size: inherit;
+}
+
+.was-validated .form-control:invalid:focus,
+.form-control.is-invalid:focus {
+  border-color: var(--nevis-danger);
+  box-shadow: none;
+}
+
+.form-control:valid,
+.form-control.is-valid {
+  background-image: none;
+}
+
+/* remove valid feedback classes */
+.was-validated .form-control:valid,
+.form-control.is-valid {
+  border-color: var(--nevis-gray-400);
+  padding-right: inherit;
+  background-image: inherit;
+  background-repeat: no-repeat;
+  background-position: inherit;
+  background-size: inherit;
+}
+
+.was-validated .form-control:valid:focus,
+.form-control.is-valid:focus {
+  border-color: var(--nevis-gray-400);
+  box-shadow: unset;
+}
+
+.was-validated textarea.form-control:valid,
+textarea.form-control.is-valid {
+  padding-right: inherit;
+  background-position: inherit;
+}
+
+.was-validated .form-select:valid,
+.form-select.is-valid {
+  border-color: var(--nevis-gray-400);
+}
+
+.was-validated .form-select:valid:not([multiple]):not([size]),
+.was-validated .form-select:valid:not([multiple])[size="1"],
+.form-select.is-valid:not([multiple]):not([size]),
+.form-select.is-valid:not([multiple])[size="1"] {
+  padding-right: inherit;
+  background-image: none;
+  background-position: inherit;
+  background-size: inherit;
+}
+
+.was-validated .form-select:valid:focus,
+.form-select.is-valid:focus {
+  border-color: var(--nevis-gray-400);
+  box-shadow: unset;
+}
+
+.was-validated .form-check-input:valid,
+.form-check-input.is-valid {
+  border-color: var(--nevis-gray-400);
+}
+
+.was-validated .form-check-input:valid:checked,
+.form-check-input.is-valid:checked {
+  background-color: inherit;
+}
+
+.was-validated .form-check-input:valid:focus,
+.form-check-input.is-valid:focus {
+  box-shadow: unset;
+}
+
+.was-validated .form-check-input:valid~.form-check-label,
+.form-check-input.is-valid~.form-check-label {
+  color: inherit;
+}
+
+/* Buttons */
+.btn {
+  display: inline-block;
+  font-weight: 500;
+  line-height: 1.5rem;
+  color: var(--nevis-black);
+  text-align: center;
+  text-decoration: none;
+  vertical-align: middle;
+  cursor: pointer;
+  -webkit-user-select: none;
+  -moz-user-select: none;
+  user-select: none;
+  background-color: transparent;
+  border: 0.0625rem solid transparent;
+  padding: 0.75rem 1.25rem;
+  font-size: 1rem;
+  border-radius: var(--nevis-border-radius);
+  transition: color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
+}
+
+@media (prefers-reduced-motion: reduce) {
+  .btn {
+    transition: none;
+  }
+}
+
+.btn:hover {
+  color: var(--nevis-black);
+}
+
+.btn:disabled,
+.btn.disabled,
+fieldset:disabled .btn {
+  pointer-events: none;
+  opacity: 0.65;
+}
+
+/* remove box-shadows by default, enable later by colors */
+.btn:focus {
+  box-shadow: unset;
+}
+
+.btn-check:checked+.btn-primary:focus,
+.btn-check:active+.btn-primary:focus,
+.btn-primary:active:focus,
+.btn-primary.active:focus,
+.show>.btn-primary.dropdown-toggle:focus {
+  box-shadow: unset;
+}
+
+/* Primary Button */
+.btn-primary {
+  color: var(--nevis-white);
+  background-color: var(--nevis-primary);
+  border-color: var(--nevis-primary);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-primary);
+}
+
+.btn-primary:hover {
+  color: var(--nevis-white);
+  filter: brightness(110%);
+  background-color: var(--nevis-primary);
+  border-color: var(--nevis-primary);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-primary);
+}
+
+.btn-primary:focus {
+  color: var(--nevis-white);
+  background-color: var(--nevis-primary);
+  border-color: var(--nevis-primary);
+  filter: brightness(110%);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-primary);
+}
+
+.btn-primary:active,
+.btn-primary.active {
+  color: var(--nevis-white);
+  background-color: var(--nevis-primary);
+  border-color: var(--nevis-primary);
+  filter: brightness(90%);
+}
+
+.btn-primary:active:focus,
+.btn-primary.active:focus {
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-primary);
+}
+
+.btn-primary:disabled,
+.btn-primary.disabled {
+  color: var(--nevis-secondary);
+  background-color: var(--nevis-gray-100);
+  border-color: var(--nevis-gray-100);
+  box-shadow: none;
+  filter: brightness(1);
+}
+
+/* Secondary Button */
+.btn-secondary {
+  color: var(--nevis-gray-900);
+  background-color: var(--nevis-gray-200);
+  border-color: var(--nevis-gray-200);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-gray-200);
+}
+
+.btn-secondary:hover {
+  color: var(--nevis-gray-900);
+  filter: brightness(110%);
+  background-color: var(--nevis-gray-200);
+  border-color: var(--nevis-gray-200);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-gray-200);
+}
+
+.btn-secondary:focus {
+  color: var(--nevis-gray-900);
+  background-color: var(--nevis-gray-200);
+  border-color: var(--nevis-gray-200);
+  filter: brightness(110%);
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-gray-200);
+}
+
+.btn-secondary:active,
+.btn-secondary.active {
+  color: var(--nevis-gray-900);
+  background-color: var(--nevis-gray-200);
+  border-color: var(--nevis-gray-200);
+  filter: brightness(90%);
+}
+
+.btn-secondary:active:focus,
+.btn-secondary.active:focus {
+  box-shadow: 0rem 0.25rem 1.875rem -0.625rem var(--nevis-gray-200);
+}
+
+.btn-secondary:disabled,
+.btn-secondary.disabled {
+  color: var(--nevis-secondary);
+  background-color: var(--nevis-gray-100);
+  border-color: var(--nevis-gray-100);
+  box-shadow: none;
+  filter: brightness(1);
+}
+
+.btn-link {
+  font-size: 0.875rem !important;
+  vertical-align: baseline;
+  border: none;
+  color: var(--nevis-primary);
+  background: none;
+  text-decoration: none;
+  padding: 0;
+}
+
+/* Componentes */
+.dropdown-toggle::after {
+  display: none !important;
+}
+
+/* Utilities */
+h6,
+.h6,
+h5,
+.h5,
+h4,
+.h4,
+h3,
+.h3,
+h2,
+.h2,
+h1,
+.h1 {
+  margin-top: 0;
+  font-weight: 500;
+  line-height: 1.2;
+}
+
+h1,
+.h1 {
+  font-size: calc(1.375rem + 1.5vw);
+}
+
+@media (min-width: 1200px) {
+
+  h1,
+  .h1 {
+    font-size: 2.5rem;
+  }
+}
+
+h2,
+.h2 {
+  font-size: calc(1.325rem + 0.9vw);
+}
+
+@media (min-width: 1200px) {
+
+  h2,
+  .h2 {
+    font-size: 2rem;
+  }
+}
+
+h3,
+.h3 {
+  font-size: calc(1.3rem + 0.6vw);
+}
+
+@media (min-width: 1200px) {
+
+  h3,
+  .h3 {
+    font-size: 1.75rem;
+  }
+}
+
+h4,
+.h4 {
+  font-size: calc(1.275rem + 0.3vw);
+}
+
+@media (min-width: 1200px) {
+
+  h4,
+  .h4 {
+    font-size: 1.5rem;
+  }
+}
+
+h5,
+.h5 {
+  font-size: 1.25rem;
+}
+
+h6,
+.h6 {
+  font-size: 1rem;
+}
+
+small,
+.small {
+  font-size: 0.875rem !important;
+}
+
+.text-primary {
+  color: var(--nevis-primary) !important;
+}
+
+.text-secondary {
+  color: var(--nevis-secondary) !important;
+}
+
+.text-success {
+  color: var(--nevis-success) !important;
+}
+
+.text-info {
+  color: var(--nevis-info) !important;
+}
+
+.text-warning {
+  color: var(--nevis-warning) !important;
+}
+
+.text-danger {
+  color: var(--nevis-danger) !important;
+}
+
+.text-light {
+  color: var(--nevis-light) !important;
+}
+
+.text-dark {
+  color: var(--nevis-dark) !important;
+}
+
+.text-white {
+  color: var(--nevis-white) !important;
+}
+
+.bg-primary {
+  background-color: var(--nevis-primary) !important;
+}
+
+.bg-secondary {
+  background-color: var(--nevis-secondary) !important;
+}
+
+.bg-success {
+  background-color: var(--nevis-success) !important;
+}
+
+.bg-info {
+  background-color: var(--nevis-info) !important;
+}
+
+.bg-warning {
+  background-color: var(--nevis-warning) !important;
+}
+
+.bg-danger {
+  background-color: var(--nevis-danger) !important;
+}
+
+.bg-light {
+  background-color: var(--nevis-light) !important;
+}
+
+.bg-dark {
+  background-color: var(--nevis-dark) !important;
+}
+
+.bg-body {
+  background-color: var(--nevis-white) !important;
+}
+
+.bg-white {
+  background-color: var(--nevis-white) !important;
+}
+
+.link-primary {
+  color: var(--nevis-primary);
+}
+
+.link-primary:hover,
+.link-primary:focus {
+  color: var(--nevis-primary);
+  filter: brightness(80%);
+}
+
+.link-secondary {
+  color: var(--nevis-secondary);
+}
+
+.link-secondary:hover,
+.link-secondary:focus {
+  color: var(--nevis-secondary);
+  filter: brightness(80%);
+}
+
+.link-success {
+  color: var(--nevis-success);
+}
+
+.link-success:hover,
+.link-success:focus {
+  color: var(--nevis-success);
+  filter: brightness(80%);
+}
+
+.link-info {
+  color: var(--nevis-info);
+}
+
+.link-info:hover,
+.link-info:focus {
+  color: var(--nevis-info);
+  filter: brightness(80%);
+}
+
+.link-warning {
+  color: var(--nevis-warning);
+}
+
+.link-warning:hover,
+.link-warning:focus {
+  color: var(--nevis-warning);
+  filter: brightness(80%);
+}
+
+.link-danger {
+  color: var(--nevis-danger);
+}
+
+.link-danger:hover,
+.link-danger:focus {
+  color: var(--nevis-danger);
+  filter: brightness(80%);
+}
+
+.link-light {
+  color: var(--nevis-light);
+}
+
+.link-light:hover,
+.link-light:focus {
+  color: var(--nevis-light);
+  filter: brightness(80%);
+}
+
+.link-dark {
+  color: var(--nevis-dark);
+}
+
+.link-dark:hover,
+.link-dark:focus {
+  color: var(--nevis-dark);
+  filter: brightness(80%);
+}
+
+.border-primary {
+  border-color: var(--nevis-primary) !important;
+}
+
+.border-secondary {
+  border-color: var(--nevis-secondary) !important;
+}
+
+.border-success {
+  border-color: var(--nevis-success) !important;
+}
+
+.border-info {
+  border-color: var(--nevis-info) !important;
+}
+
+.border-warning {
+  border-color: var(--nevis-warning) !important;
+}
+
+.border-danger {
+  border-color: var(--nevis-danger) !important;
+  border-width: 0.125rem;
+}
+
+.border-light {
+  border-color: var(--nevis-light) !important;
+}
+
+.border-dark {
+  border-color: var(--nevis-dark) !important;
+}
+
+.border-white {
+  border-color: var(--nevis-white) !important;
+}
+
+
+/* EXTENSION PART */
+
+/* Spacing */
+.mt-20 {
+  margin-top: 1.25rem;
+}
+
+.me-5px {
+  margin-right: 0.3125rem;
+}
+
+.my-40 {
+  margin: 2.5rem 0;
+}
+
+.mb-40 {
+  margin-bottom: 2.5rem;
+}
+
+/* Colors */
+
+.text-nevis-blue {
+  color: var(--nevis-blue-600) !important;
+}
+
+.bg-nevis-blue {
+  background-color: var(--nevis-blue-600) !important;
+}
+
+.border-nevis-blue {
+  border-color: var(--nevis-blue-600) !important;
+}
+
+.link-nevis-blue {
+  color: var(--nevis-blue-600);
+}
+
+.link-nevis-blue:hover,
+.link-nevis-blue:focus {
+  color: var(--nevis-blue-600);
+  filter: brightness(80%);
+}
+
+.btn-language-selector {
+  display: inline-flex;
+  justify-content: center;
+  align-items: center;
+  flex-shrink: 0;
+  padding: 0;
+  min-width: 0;
+  box-sizing: border-box;
+  box-shadow: none;
+  font-size: 0.875rem !important;
+  line-height: 1.25rem;
+  font-weight: normal;
+  outline: none;
+  border: none;
+  vertical-align: baseline;
+  text-align: center;
+  background-color: initial;
+  color: var(--nevis-gray-900);
+}
+
+.btn-language-selector:hover {
+  background: initial;
+}
+
+.btn-language-selector:active {
+  background: initial;
+}
+
+.btn-language-selector:focus {
+  box-shadow: none;
+}
+
+.btn-language-selector+.dropdown-menu {
+  min-width: 0;
+  width: 10rem;
+  padding: 0.25rem 0;
+  /* centering the dropdown */
+  margin-left: -0.5rem !important;
+  margin-top: 0.5rem !important;
+  overflow: hidden;
+  box-shadow: 0rem 0rem 0rem 0.0625rem var(--nevis-gray-200),
+    0rem 0.1875rem 1.25rem -0.625rem var(--nevis-gray-900);
+  border-radius: var(--nevis-border-radius);
+  border: 0;
+}
+
+.btn-language-selector+.dropdown-menu>li {
+  overflow: hidden;
+}
+
+.btn-language-selector+.dropdown-menu .dropdown-item {
+  font-style: normal;
+  font-weight: normal;
+  font-size: 0.875rem;
+  line-height: 1.25rem;
+  padding: 0.5rem 1rem;
+  color: var(--nevis-gray-900);
+}
+
+.btn-language-selector+.dropdown-menu .dropdown-item:hover {
+  background: var(--nevis-blue-100);
+}
+
+.btn-language-selector+.dropdown-menu .dropdown-item:focus {
+  background: none;
+}
+
+.btn-language-selector+.dropdown-menu .dropdown-item:active,
+.btn-language-selector+.dropdown-menu .dropdown-item.active {
+  background: var(--nevis-blue-100);
+  filter: brightness(90%);
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/default.css

@@ -1,222 +0,0 @@
-/********************************************************
- * Layout
- ********************************************************/
-
-html { /* magic to position footer */
-	position: relative;
-	min-height: 100%;
-}
-
-body {
-	margin-bottom: 76px; /* == footer height */
-}
-
-.container, .container-fluid {
- 	padding-left: 36px;
-	padding-right: 36px;
-}
-
-nav {
-	min-height: 100px;
-	padding: 36px;
-}
-
-header {
-	margin-bottom: 16px; /* h1.logintitle adds 20px => 36px */
-}
-
-.container {
- 	min-width: 260px;
- 	max-width: 700px;
-}
-
-h1 {
-	margin-bottom: 50px;
-}
-
-footer {
-	width: 100%;
-	position: absolute;
-	bottom: 0;
-	padding: 0 36px;
-}
-
-img {
-	width: 100%;
-}
-
-/********************************************************
- * Header
- ********************************************************/
-
-header .logo {
-	/* width: 20%;*/
-	/*max-width: 600px;*/
-	max-height: 150px;
-	width: auto;
-}
-
-/********************************************************
- * Dropdown
- ********************************************************/
-a.dropdown-toggle {
-	text-decoration: none;
-}
-
-a.dropdown-toggle:hover {
-	color: #168CA9;
-	border-bottom: 3px solid #168CA9;
-}
-
-.dropdown-menu {
-	padding: 5px 0;
-}
-
-.dropdown-menu li > a {
-	padding: 6px 28px;
-}
-
-.dropdown-menu a > .prefix {
-	display: inline-block;
-	min-width: 22px;
-	margin-right: 28px;
-	text-align: right;
-}
-
-/********************************************************
- * Form
- ********************************************************/
-
-/* Labels should not be bold */
-label {
-	font-weight: normal;
-}
-
-/* Make error messages bold */
-.has-error .help-block {
-	font-weight: bold;
-}
-
-/* Change button size, by default 116px in width */
-.btn {
-	min-width: 116px;
-	padding: 3px 12px;
-}
-
-/* Disable gradient in buttons, ughhhh */
-.btn.btn-primary {
-	border-color: transparent;
-	background-image: none;
-	text-shadow: none;
-	box-shadow: none;
-	-webkit-box-shadow: none;
-}
-
-.help-block a, .help-block a:visited {
-	color: #168CA9;
-  font-weight: bold;
-  text-decoration: none;
-}
-
-.help-block a:hover {
-	color: #168CA9;
-  text-decoration: underline;
-}
-
-/********************************************************
- * Footer
- ********************************************************/
-footer .row {
-	margin: 36px 0 0 0;
-	height: 40px;
-	padding-top: 14px;
-	line-height: 26px; /* to center text: height - padding-top = 26px */
-	border-top: 1px solid #168CA9;
-}
-
-footer .row > div { /* Fix alignment between border + text on Bootstrap grid */
-	padding: 0;
-}
-
-footer .logo-round-container {
-	position: relative;
-}
-
-footer .logo-round {
-	position: absolute;
-	left: 0;
-	right: 0;
-	top: -33px; /* found visually with Chrome Dev Tools */
-	height: 36px;
-	width: 36px;
-	border: 1px solid #00868c;
-	border-radius: 18px;
-	background: #fff;
-	padding: 8px;
-}
-
-footer .logo-round > img {
-	display: block;
-}
-
-#dispatchTargets {
-	margin-top: 20px;
-}
-
-/********************************************************
- * Social login
- ********************************************************/
-.btn.line {
-    background-color: transparent;
-    display: block;
-    width: 100%;
-    padding: 0;
-    margin: 1.5em 0 1em;
-    border: 0.5px solid #ccc;
-    pointer-events: none;
-}
-
-.btn.socialLogin {
-    background-color: #fff;
-    border: thin solid #ccc;
-    color: #000;
-    font-weight: 600;
-    position: relative;
-    margin: 5px;
-    min-width: 140px;
-    width: 210px;
-    border-radius: 8px;
-    padding: 8px 12px;
-    text-align: left;
-}
-
-.socialLogin img {
-    width: 1.5em;
-    height: 108%;
-    margin-right: 0.5em;
-}
-
-.btn.apple img {
-    width: 1.2em;
-}
-
-/********************************************************
- * Show password
- ********************************************************/
-.icon-inside {
-  position: relative;
-}
-
-.icon-inside input {
-  padding-right: calc(0.75rem + 1.25rem + 0.75rem);
-}
-
-.icon-inside button {
-  position: absolute;
-  right: 0;
-  top: 0;
-  margin-top: 0.45rem;
-  margin-right: 0.45rem;
-  background: #FFFFFF;
-  border: #FFFFFF;
-}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/display-recovery-codes.js

@@ -0,0 +1,23 @@
+function displayRecoveryCodes() {
+  const recoverCodes = document.getElementById("recovery-codes-raw");
+  // early return if recoverCodes not found
+  if (!recoverCodes) {
+    return;
+  }
+
+  var recoveryCodesContent = recoverCodes.innerHTML;
+  recoveryCodesContent = recoveryCodesContent.replace("[", "");
+  recoveryCodesContent = recoveryCodesContent.replace("]", "");
+  recoveryCodesContent = recoveryCodesContent.split(",");
+  for (let i = 0; i < recoveryCodesContent.length; i++) {
+    if (i % 2 == 0) {
+      document.getElementById("recovery-codes").innerHTML += "<div class=\"recovery-code-gray printable\">" + recoveryCodesContent[i] + "</div>";
+    }
+    else {
+      document.getElementById("recovery-codes").innerHTML += "<div class=\"recovery-code-white printable\">" + recoveryCodesContent[i] + "</div>";
+    }
+  }
+  recoverCodes.remove();
+}
+
+displayRecoveryCodes();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/download-recovery-codes.js

@@ -0,0 +1,26 @@
+function downloadRecoveryCodes(contentContainerId) {
+  const textToDownload = document.getElementById(contentContainerId).innerText;
+  // It is necessary to create a new blob object with mime-type explicitly set
+  // otherwise only Chrome works like it should
+  const newBlob = new Blob([textToDownload], { type: "text/plain" });
+
+  // IE doesn't allow using a blob object directly as link href
+  // instead it is necessary to use msSaveOrOpenBlob
+  if (window.navigator && window.navigator.msSaveOrOpenBlob) {
+    window.navigator.msSaveOrOpenBlob(newBlob, "recovery-codes.txt");
+    return;
+  }
+
+  // For other browsers:
+  // Create a link pointing to the ObjectURL containing the blob.
+  const data = window.URL.createObjectURL(newBlob);
+  const link = document.createElement("a");
+  link.href = data;
+  link.download = "recovery-codes.txt";
+  link.click();
+  setTimeout(() => {
+    // For Firefox it is necessary to delay revoking the ObjectURL
+    window.URL.revokeObjectURL(data);
+  }, 400);
+  link.remove();
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/dropdown.js

@@ -1,36 +0,0 @@
-(function() {
-  var closeDropdownTimeout;
-
-  function closeDropdown(event) {
-    var dropdowns = document.querySelectorAll('.dropdown');
-    for (var i = 0; i < dropdowns.length; i++) {
-      var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu');
-      if (dropdownMenu.style.display !== 'none' && !dropdowns[i].contains(event.target)) {
-        dropdownMenu.style.display = 'none';
-      }
-    }
-
-    // remove event listener till we have a new dropdown menu open
-    if (document.querySelector('.dropdown-menu:not([style*="display: none"])') === null) {
-      document.removeEventListener('click', closeDropdown);
-    }
-  }
-
-  var dropdowns = document.querySelectorAll('.dropdown');
-  for (var i = 0; i < dropdowns.length; i++) {
-    var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu');
-    dropdownMenu.style.display = 'none'; // ensure menu is initially hidden
-
-    dropdowns[i].addEventListener('click', function(e) {
-      // show dropdown menu
-      var dropdownMenu = this.querySelector('.dropdown-menu');
-      dropdownMenu.style.display = 'block';
-
-      // handle clicking away
-      clearTimeout(closeDropdownTimeout);
-      closeDropdownTimeout = setTimeout(function() {
-        document.addEventListener('click', closeDropdown);
-      }, 10);
-    });
-  }
-}());

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/e2eenc.js

@@ -1,98 +0,0 @@
-var e2eenc = function() {
-
-	this.encryptForm = function(algoString, formId) {
-		// TODO: in case of an error we should return false, to prevent the for to be submitted
-		//       or replace the fields with dummy values, just to prevent the the transmission
-		//       of unencrypted values
-		
-
-		// create the array of input fields to encrypt (needs to be done before setting the form
-		// invisible
-		var fieldsToEncrypt = new Array();
-		$.each($("form input:visible"), function(index, _inputField) { fieldsToEncrypt.push($(_inputField));});
-
-		// hide the form, and display the splash screen
-		$('#loginform').css('display','none');
-		$('#e2eeSplashScreen').css('display','block');
-
-		// encryption logic
-		var pubKey = $("input[name='e2eenc.publicKey']").val();
-
-		var kemSessionKey = readPublicKeyAndGenerateSessionKey(pubKey)
-		var iv = forge.random.getBytesSync(16);
-		keyB64 = forge.util.encode64(kemSessionKey.key);
-		encapsulationB64 = forge.util.encode64(kemSessionKey.encapsulation);
-		ivB64 = forge.util.encode64(iv);
-
-		//console.log("Encrypting form " + formId + " (" + algoString + ")");
-		var fields = "";
-		$.each(fieldsToEncrypt, function(index, _inputField) {
-			var inputField = $(_inputField);
-			if (inputField.attr("type") == "text" || inputField.attr("type") == "password") {
-				//console.log("Encrypting field " + JSON.stringify(inputField));
-				var plainValue = inputField.val();
-
-				var encryptedValueB64 = encrypt(kemSessionKey, iv, plainValue);
-				//console.log("Setting encrypted value in b64: " + encryptedValueB64);
-				inputField.val(encryptedValueB64);
-				if (fields.length > 0) {
-					fields = fields + ","
-				}
-				fields = fields + inputField.attr("name");
-			}
-		});
-		$("input[name='e2eenc.iv']").val(ivB64);
-		$("input[name='e2eenc.encapsulation']").val(encapsulationB64);
-		$("input[name='e2eenc.fields']").val(fields);
-	}
-
-	function getRSApublicKey(pem) {
-	    //console.log("PEM: " + pem);
-
-	    var msg = forge.pem.decode(pem)[0];
-
-	    //console.log("msg type: " + msg.type);
-
-	    if(msg.procType && msg.procType.type === 'ENCRYPTED') {
-		throw new Error('Could not retrieve RSA public key from PEM; PEM is encrypted.');
-	    }
-
-	    // convert DER to ASN.1 object
-	    var asn1obj = forge.asn1.fromDer(msg.body);
-	    //console.log("ASN.1 obj: " + JSON.stringify(asn1obj))
-
-	    var pubKey = forge.pki.publicKeyFromAsn1(asn1obj)
-	    //console.log("PubKey: " + JSON.stringify(pubKey))
-	    return pubKey;
-	}
-
-	function generateKEMSessionKey(rsaPublicKey) {
-	    // generate key-derivation-function and initializes it with sha1
-	    var kdf1 = new forge.kem.kdf1(forge.md.sha1.create());
-	    // creates a KEM function based on the key-derivation-function created above
-	    var kem = forge.kem.rsa.create(kdf1);
-	    // generate and encapsulate a 16-byte secret key. 
-	    // The secret key is generated using the kdf defined above.
-	    var kemSessionKey = kem.encrypt(rsaPublicKey, 16);
-	    // kemSessionKey has 'encapsulation' (= pub key) and 'key' (= generated secret key)
-	    return kemSessionKey;
-	}
-
-	function readPublicKeyAndGenerateSessionKey(pem) {
-	    var rsaPublicKey = getRSApublicKey(pem);
-	    //console.log("PubKey: " + JSON.stringify(rsaPublicKey))
-	    var kemSessionKey = generateKEMSessionKey(rsaPublicKey);
-	    //console.log("KEM session key: " + JSON.stringify(kemSessionKey))
-	    return kemSessionKey;
-	}
-
-	function encrypt(kemSessionKey, iv, msg) {
-		var cipher = forge.cipher.createCipher('AES-CBC', kemSessionKey.key);
-		cipher.start({iv: iv});
-		cipher.update(forge.util.createBuffer(msg, 'utf-8'));
-		cipher.finish();
-		var encrypted = cipher.output.getBytes();
-		encryptedB64 = forge.util.encode64(encrypted);
-		return encryptedB64;
-	}
-};

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/exclamation.svg

@@ -0,0 +1,3 @@
+<svg width="10" height="9" viewBox="0 0 10 9" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M3.95423 0.859245C4.413 0.0436633 5.58725 0.0436629 6.04602 0.859245L9.3942 6.81157C9.84416 7.61149 9.2661 8.59988 8.34831 8.59988H1.65194C0.734151 8.59988 0.156094 7.61149 0.606052 6.81157L3.95423 0.859245ZM5.60007 6.79995C5.60007 7.13132 5.33144 7.39995 5.00007 7.39995C4.6687 7.39995 4.40007 7.13132 4.40007 6.79995C4.40007 6.46858 4.6687 6.19995 5.00007 6.19995C5.33144 6.19995 5.60007 6.46858 5.60007 6.79995ZM5.00007 1.99995C4.6687 1.99995 4.40007 2.26858 4.40007 2.59995V4.39995C4.40007 4.73132 4.6687 4.99995 5.00007 4.99995C5.33144 4.99995 5.60007 4.73132 5.60007 4.39995V2.59995C5.60007 2.26858 5.33144 1.99995 5.00007 1.99995Z" fill="#F25562"/>
+</svg>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/face.svg

@@ -0,0 +1,10 @@
+<svg width="80" height="80" viewBox="0 0 80 80" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M54 10H62C66.4183 10 70 13.5817 70 18V26" stroke="#168CA9" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M10 26L10 18C10 13.5817 13.5817 10 18 10L26 10" stroke="#168CA9" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M26 70L18 70C13.5817 70 10 66.4183 10 62L10 54" stroke="#168CA9" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M70 54L70 62C70 66.4183 66.4183 70 62 70L54 70" stroke="#168CA9" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<circle cx="40" cy="40" r="22" stroke="#168CA9" stroke-width="4"/>
+<path d="M48 48.5C43.5817 53.8333 36.4183 53.8333 32 48.5" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<rect x="49" y="35" width="1" height="4" rx="0.5" stroke="#168CA9" stroke-width="4"/>
+<rect x="30" y="35" width="1" height="4" rx="0.5" stroke="#168CA9" stroke-width="4"/>
+</svg>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/facebook.svg

@@ -0,0 +1,4 @@
+<svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M18 9.00002C18 4.02945 13.9706 2.09808e-05 9 2.09808e-05C4.02943 2.09808e-05 0 4.02945 0 9.00002C0 13.4922 3.29117 17.2155 7.59375 17.8907V11.6016H5.30859V9.00002H7.59375V7.01721C7.59375 4.76158 8.93739 3.51565 10.9932 3.51565C11.9779 3.51565 13.0078 3.69143 13.0078 3.69143V5.90627H11.8729C10.7549 5.90627 10.4062 6.60003 10.4062 7.31176V9.00002H12.9023L12.5033 11.6016H10.4062V17.8907C14.7088 17.2155 18 13.4922 18 9.00002Z" fill="#1877F2"/>
+<path d="M12.5033 11.6016L12.9024 9.00006H10.4063V7.3118C10.4063 6.60007 10.7549 5.90631 11.873 5.90631H13.0078V3.69147C13.0078 3.69147 11.9779 3.51569 10.9932 3.51569C8.9374 3.51569 7.59376 4.76162 7.59376 7.01725V9.00006H5.30859V11.6016H7.59376V17.8907C8.05197 17.9626 8.52161 18.0001 9.00001 18.0001C9.47842 18.0001 9.94806 17.9626 10.4063 17.8907V11.6016H12.5033Z" fill="white"/>
+</svg>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/fido2_auth.js

@@ -2,13 +2,13 @@
   'use strict'
 
   async function assertion(options) {
-    let credential;
+    let assertion;
     try {
-      credential = await navigator.credentials.get({ "publicKey": options });
+      assertion = await navigator.credentials.get({ "publicKey": options });
     } 
     // Cancel and timeout can occur besides error
     catch (error) {
-      console.error(`Failed to get WebAuthn credential: ${error}`);
+      console.error(`Error while trying to collect WebAuthn credential. ${error}`);
       throw error;
     }
     // as this is the last call we have to do a top-level request instead of AJAX
@@ -16,11 +16,11 @@
     form.method = "POST";
     form.style.display = "none";
     addInput(form, "path", "/nevisfido/fido2/assertion/result")
-    addInput(form, "id", credential.id);
+    addInput(form, "id", assertion.id);
-    addInput(form, "type", credential.type);
+    addInput(form, "type", assertion.type);
-    addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON));
+    addInput(form, "response.clientDataJSON", base64url.encode(assertion.response.clientDataJSON));
-    addInput(form, "response.authenticatorData", base64url.encode(credential.response.authenticatorData));
+    addInput(form, "response.authenticatorData", base64url.encode(assertion.response.authenticatorData));
-    addInput(form, "response.signature", base64url.encode(credential.response.signature));
+    addInput(form, "response.signature", base64url.encode(assertion.response.signature));
     document.body.appendChild(form);
     form.submit();
   }
@@ -28,6 +28,7 @@
   function authenticate() {
     // WebAuthn feature detection
     if(!isWebAuthnSupportedByTheBrowser()) {
+      // Trigger `Login Passwordless Fallback` pattern
       cancelFido2();
       return;
     };
@@ -50,9 +51,11 @@
         c.id = base64url.decode(c.id);
         return c;
       });
+        
       return assertion(options);
     }).catch((error) => {
-      console.error(`Error during FIDO2 authentication: ${error}`);
+      console.error(`Error at fido2 authentication: ${error}`);
+      // Trigger `Login Passwordless Fallback` pattern
       cancelFido2();
     });
   }

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/fido2_check.js

@@ -0,0 +1,25 @@
+function submit(result) {
+    // we have to do a top-level request instead of AJAX
+    const form = document.createElement("form");
+    form.method = "POST";
+    form.style.display = "none";
+
+    addInput(form, "result", result)
+
+    document.body.appendChild(form);
+
+    form.submit();
+}
+
+function check() {
+  if (isWebAuthnSupportedByTheBrowser()) {
+    submit("ok");
+  }
+  else {
+    submit("error");
+  }
+}
+
+window.onload = () => {
+  check();
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/fido2_onboard.js

@@ -31,7 +31,7 @@ async function attestation(options) {
   form.submit();
 }
 
-function start() {
+function startFido2() {
 
   if (!isWebAuthnSupportedByTheBrowser()) {
     dispatch("unsupported");

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/fido2_utils.js

@@ -1,10 +1,3 @@
-function addInput(form, name, value) {
-    const input = document.createElement("input");
-    input.name = name;
-    input.value = value;
-    form.appendChild(input);
-}
-
 /**
  * Checks whether WebAuthn is supported by the browser or not.
  * @return true if supported, false if it is not supported or not in secure context
@@ -23,7 +16,7 @@ function isWebAuthnSupportedByTheBrowser() {
 }
 
 /**
- * Trigger on cancel pattern of the FIDO2 authentication step.
+ * Trigger on cancel pattern at the FIDO2 authentication flow.
  * 
  * Provides an alternative when the user decides to 
  * cancel the fido2 credential operation(create or fetch) or
@@ -34,7 +27,10 @@ function cancelFido2() {
   const form = document.createElement("form");
   form.method = "POST";
   form.style.display = "none";
+
   addInput(form, "cancel_fido2", "true");
+
   document.body.appendChild(form);
+
   form.submit();
 }

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/finger.svg

@@ -0,0 +1,9 @@
+<svg width="80" height="80" viewBox="0 0 80 80" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M56.2789 49.5761C56.2789 40.4331 48.8671 33.0213 39.7242 33.0213C30.5813 33.0213 23.1694 40.4331 23.1694 49.5761C23.1694 62.2356 32.2583 70.0261 32.2583 70.0261" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<path d="M47.8393 49.5763C47.8393 45.0945 44.206 41.4612 39.7242 41.4612C35.2424 41.4612 31.6091 45.0945 31.6091 49.5763C31.6091 62.5604 41.6718 68.7279 48.8131 71.0001" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<path d="M64.7191 49.5748C64.7191 35.7707 53.5287 24.5803 39.7247 24.5803C25.9206 24.5803 14.7302 35.7707 14.7302 49.5748C14.7302 55.093 17.0024 60.6113 17.0024 60.6113" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<path d="M66.4485 31.0739C60.6836 22.4617 50.8661 16.7914 39.7242 16.7914C28.5824 16.7914 18.7649 22.4617 13 31.0739" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<path d="M58.1132 13.5444C52.623 10.6428 46.3652 9 39.724 9C33.0827 9 26.825 10.6428 21.3347 13.5444" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<path d="M64.7185 49.2502C64.7185 53.5527 60.9399 57.0407 56.2788 57.0407C51.6177 57.0407 47.8391 53.5527 47.8391 49.2502" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+<path d="M58.8764 63.8706C57.8276 64.075 56.7421 64.1823 55.6304 64.1823C47.1222 64.1823 40.1431 57.8973 39.4558 49.8997" stroke="#168CA9" stroke-width="4" stroke-linecap="round"/>
+</svg>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/icons/apple/black.svg

@@ -1 +0,0 @@
-<svg width="842" height="1e3" xmlns="http://www.w3.org/2000/svg"><path d="M702 960c-54.2 52.6-114 44.4-171 19.6-60.6-25.3-116-26.9-180 0-79.7 34.4-122 24.4-170-19.6-271-279-231-704 77-720 74.7 4 127 41.3 171 44.4 65.4-13.3 128-51.4 198-46.4 84.1 6.8 147 40 189 99.7-173 104-132 332 26.9 396-31.8 83.5-72.6 166-141 227zM423 237C414.9 113 515.4 11 631 1c15.9 143-130 250-208 236z"/></svg>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/icons/microsoft/microsoft.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" aria-label="Microsoft" role="img" viewBox="0 0 512 512"><rect width="512" height="512" rx="15%" fill="#fff"/><path d="M75 75v171h171v-171z" fill="#f25022"/><path d="M266 75v171h171v-171z" fill="#7fba00"/><path d="M75 266v171h171v-171z" fill="#00a4ef"/><path d="M266 266v171h171v-171z" fill="#ffb900"/></svg>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/info.svg

@@ -0,0 +1,3 @@
+<svg width="64" height="64" viewBox="0 0 64 64" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M32 18.6667V32M32 45.3333H32.0333M62 32C62 48.5685 48.5685 62 32 62C15.4315 62 2 48.5685 2 32C2 15.4315 15.4315 2 32 2C48.5685 2 62 15.4315 62 32Z" stroke="#EFBA00" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/link.svg

@@ -0,0 +1,3 @@
+<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+    <path d="M6.3335 2.99992H3.00016C2.07969 2.99992 1.3335 3.74611 1.3335 4.66659V12.9999C1.3335 13.9204 2.07969 14.6666 3.00016 14.6666H11.3335C12.254 14.6666 13.0002 13.9204 13.0002 12.9999V9.66659M9.66683 1.33325H14.6668M14.6668 1.33325V6.33325M14.6668 1.33325L6.3335 9.66659" stroke="#168CA9" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>