new configuration version

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisAuth"
   replicas: 1
-  version: "8.2405.2"
+  version: "8.2411.3"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -45,7 +45,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-6c62b8946330d7c4f2ed7d6bb4e18322c0a85ad9"
+    tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf

@@ -3,6 +3,7 @@ RTENV_SECURITY_CHECK=no_shell
 JAVA_OPTS=(
     "-XX:+UseContainerSupport"
     "-Dfile.encoding=UTF-8"
+    "-Dotel.instrumentation.metro.enabled=false"
     "-XX:MaxRAMPercentage=80.0"
     "-Djava.net.preferIPv4Stack=true"
     "-Djava.net.connectionTimeout=10000"
@@ -12,7 +13,7 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
     "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-sts-default-tls-trust/truststore.p12"
     "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-sts-default-tls-trust/keypass}"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/logging.yml

@@ -12,6 +12,8 @@ Configuration:
         onMismatch: "ACCEPT"
   Loggers:
     Logger:
+    - name: "ProductAnalytics"
+      level: "INFO"
     - name: "EsAuthStart"
       level: "INFO"
     - name: "org.apache.catalina.loader.WebappClassLoader"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/nevisauth.yml

@@ -3,6 +3,7 @@ server:
   protocol: "https"
   port: "8991"
   host: "0.0.0.0"
+  max-threads: "200"
   tls:
     keystore: "/var/opt/keys/own/auth-sts-default-identity/keystore.p12"
     keystore-passphrase: "${exec:/var/opt/keys/own/auth-sts-default-identity/keypass}"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-internal-idp-auth-signer-trust-7022472ae407577ae604bbb8.yaml

@@ -1,7 +1,7 @@
 apiVersion: "operator.nevis-security.ch/v1"
 kind: "NevisTrustStore"
 metadata:
-  name: "auth-default-default-signer-trust"
+  name: "auth-internal-idp-auth-signer-trust"
   namespace: "adn-agov-nevisidm-01-uat"
   labels:
     deploymentTarget: "auth"
@@ -10,5 +10,7 @@ metadata:
     patternId: "7022472ae407577ae604bbb8"
 spec:
   keystores:
+  - name: "auth-sts-sh4r3d-internal-idp-auth-signer"
+    namespace: "adn-agov-nevisidm-01-uat"
   - name: "auth-sh4r3d-internal-idp-auth-signer"
     namespace: "adn-agov-nevisidm-01-uat"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-technical-trust-store-7022472ae407577ae604bbb8.yaml

@@ -12,6 +12,8 @@ spec:
   keystores:
   - name: "proxy-idp-notused-auth-realm-identity"
     namespace: "adn-agov-nevisidm-01-uat"
+  - name: "proxy-idp-auth-realm-main-idp-identity"
+    namespace: "adn-agov-nevisidm-01-uat"
   - name: "proxy-idp-auth-realm-mobile-fido-uaf-identity"
     namespace: "adn-agov-nevisidm-01-uat"
   - name: "proxy-idp-auth-realm-recovery-identity"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisAuth"
   replicas: 1
-  version: "8.2405.2"
+  version: "8.2411.3"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -45,7 +45,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-6c62b8946330d7c4f2ed7d6bb4e18322c0a85ad9"
+    tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
     credentials: "git-credentials"
   keystores:
@@ -55,7 +55,7 @@ spec:
   truststores:
   - "auth-default-tls-trust"
   - "auth-auth-realm-mobile-fido-uaf-tls-trust-nevisfido"
-  - "auth-default-default-signer-trust"
+  - "auth-internal-idp-auth-signer-trust"
   - "auth-technical-trust-store"
   podSecurity:
     policy: "baseline"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/key.pem

@@ -1,54 +1,54 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUbPUZn/3VpMbderej
+MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQU95KG57RacAYBmkeQ
-CK2+IC16nwwCAggAMB0GCWCGSAFlAwQBKgQQvPO51vuHnkHznERAJ+mJngSCCVDI
+DIe1bZS0sbkCAggAMB0GCWCGSAFlAwQBKgQQyxdAya9Sd4oHLO1pzVWcYASCCVDT
-JlL/aK5MTWYntg5qFJ2L3w4GNTaKeVXrCE1Q/UrXo4/OnNVQdHnyWiuzOt0FoGow
+ozdXT3vjyqMzza4QKaMD4ywSAzGhQRM/TnxU5JbRLNMpdtq76Mfet2pv++UUjcof
-H22nWxbehwlykBPhPNw4719QOiMWQJqggR/61IUh8xOBrchqjQ2irIDjiXnTgD1N
+16EsdOOpDQdxdzQWmwGUNwjkX5YyWTaAefV8l9n6Bp8LV0XabS9We3g5Jr1KjuzP
-ADmtLHZC6duXncdFOtpeooHKMW61P6+KGBck0n8jM96+DuIKZKF2VO0hEzrUCF3d
+O/xJgB2o6BcD/WRPeOaANSGoyWce4rCkpDwqxrp+tY9EK19SoCZG9Zy2hnPPH2Hc
-4ODXNX8EEc4l1UdGUU0l7r/SvxoDyprGnFW1Di+PZCRWwUkHbDrqOWEzs5UIzTRM
+QgtgCAzqaXIp49KIXHn/Uo532lIz3WqkkhzVakwgAKLKIvc/SwgP0eSXLvPjeJYS
-2Tyt5osJB7v+0XB3f2PeBEHkQQhd9mvPIiSO5EwQF4JNQx7LMcnV1eFYXGF30pVb
+L8DngPP0YD7IPgIs7WmMNNE7or69e7mO0miUOl7xStNHzHpLmtLNbYI7Pk6NLT7N
-g9nG3UFbI68uH+uuuEU66yug/h/0RzMSBp8Le6eIck5/jaXBPzDstrc3VW5f1f+n
+kWfh2+E21R7llsW57boMACXVr7N3CHOlZQhUNViyjPayo1njVnp6gGzuIxluhHJY
-I3LsVplUE5znK5okwcGNKr84Ppf6QJ0Hjmbx927j8/n5yMYAn8xa1X5XNeC0dmy8
+CL070oqBeEYVfvE07HQ4Qd0BL5c02pdrKjdzBYyLwzSNKn2RzgS2R/XtEqdmOUo+
-Fjbsz1YpiTx9uQ33thXWbpQXno3fJzXvTVJ258GciPwcwqUTiudkMz3eD/tk/Ehd
+iuRngv9D1UPSI2xlFhv84778ktEeSf8l1nLltqhPJAmJUjSAcu/zjN4Q+HXqMRaF
-SM2oxCKIFDjEUnTSJ89uj+vz9OlTAdaUr0uEfpM6vwq+610UviVRPrNpI2v/qiqJ
+IocDV4I7CaXDc2E0YdU8uHuzzUHLflJ2OZwU5N7tkoVOtAYHKUwCP4J/zpLSe2V2
-SCeCsce4cN4eIjdpgPIt89H/ISDaOlpeCNQ8yLkkM4P89zXjir7Mt7jt3Uh58xoO
+MIh40IVJK4gzb+iyBiOnsnKKQCKMPbS4lH8zC2S486MgjgbhlZeFg0nOF955c61l
-rOHwQW8xUp+92BvES17PS072ywPS2jO/+hVQv6lf1LPHOmIlEWUln8no6KUBupMM
+Sb4MBrexU4s1TUg/fDpYt6jPZoKivN72jzi60kV43gBFHmP3X4SRAUQ4Y3h5NFF8
-ukaW+AmBxxYA1nycC+7IyXDUGiX8MU8GhT45xBpj6t5gKr5QwvJpGcH5oJ0qqq+s
+h2p4wvYRsYEexjJU/+WJG4Yi1wSi3oEqD161a6vPOsKBLBdLRo1vgnQdGFx/k83X
-5B4bmIkaDUgbyAcnishANkHt8/wPvKLbefgRPkpRzaPFQqXu18nRr5GTa+dWfS1y
+vjPlI2eEUMPCntNBbrTy8eUSJz/0OH2phztZpHuh5cfy4ErUi19d9ywZUlhurGvX
-GJOVtKcGEyMCHTWfvT9NQZryP3uSsVvl4unEcScWqUL12rDfe31EuTr8JD79I7US
+dC7ouTEqRZLkkSCfGTQM0q0O4JQJTLb5N4gWdZxQd2UwGv3jCK7m5eWx3bTdhhXi
-ssJoDtOKSsP/fFcUatUDcfsb+hkBGN19CdDb4LvPY23FhUc1ApYbWmU5HlY16uQx
+179DoSpYBCJF3msn0ROO6PxsccH0w/I6KMi3QNmsDlXhDr6XIBya8CU0lx9lp0pl
-zjoVVZ3lCckJHojPlXpgv0y/CC6tOyEwKxC2u2voPunbR/D7rJ+5AIWDDc3pzzPZ
+5q62D26Ylr2fovd3qKKbwP6RaZarCzKLO6dWdyMqtUwVlX2FDCFd/SPGWc2TmuVS
-KH1jfJPL8KbM8lBc+hpyLBtSnQpj/osN/jLY7El3ciFcux/NFSffeWKn/QuYYC8p
+vLb981Zm13AfYtNUSfusroDp3TEuvl7cwozg7p33SQhuCmgKnxMd0iXd5QQZjrR0
-LtJzWZiURZ6SWFZ4llPKbDeXsKhSOuroMt0aRUfQu2zHw++Ss94X+wJ3Tg64uP/9
+t+y22dHrD1agkkoFMLz/+d+930J0sY4odG/HbL2Bv8ZelVUjA8XSFoGBEA+rfQCg
-Bw9B5LFdTogChz7ObmGr9OnyJuQaj9/riWP6kowjXSQhku30RMpf6MQnxg8KLhI/
+DGmLh5a+/yfzxCEKWVLqmwHWbSkub8bXdl6EKEyaO9qo1KCLAf3tArQx45sqw8bK
-99y4rGp+OLcxZcKbmENWIl9QcEVbyPfBq2yGSk/drT3xUJghCcPjObKToutHRs9r
+8AYq2mrNIiMDhHub+XEEC0Aw2lZkJOrwwMEsTcZWfBvj56MdRNXuZMvPdarTbnDx
-cN0IE6kzRiruRdm2bejgni+v5BhioiZRiSwr5om57G1N4e8BseTxY+zQrU2WwdJp
+zzxatqIwfvpOy/S2Poyrc6GuprbZCM6N+cDLdWQqAHVwAlx77NhiJ6s3vUnE3vB7
-ll1zqk5t2J+83uU/EQBmIkXpP+xqrod/uOUm84d5nYRXuO94DLUDwqU0KI7QKoHK
+aHgmXU+a8uPA64tKKaRNQJ31f7viCkWJXEbbEhVTzCvFcoqbKPPMm9w7nO8PMUTu
-W6XSU5TDzmynPrycl1IGW1l6ddb92h4FPYyYsppb+G78v2WfVFSsze2aBIDbDZUh
+BmwSFEKhd3BDKZavqTHKi66fF3A5ALFYAkMw/AlvinMitb9s+7WlWQrdvSFkqHsY
-QEaElJuNIOA+bOSctpTr0i70HXhGzVMXStXJMAIFgR9wKppxW+0IXdjYzhKVE8gx
+wNQ1ankleYd24/8ZllvsQpleLMepDSxP6zUMpXSHbTKp5MZeoCaaY1RCkg7aOduz
-uXiJfwJx5pSDBWFDZqLM8uTH3hGOuvRX06iSHIFCsxjds7VWXBh91iGw9Xef9D50
+brnD7lRAfLp0H72nxVgC7n6VjidOSruF7k9WIN9VVbP0ZVL/QtkKRWd/hEmtMNaH
-DVaIhF12dTRsrdi5AqYYkTb4AEzpUQXg7HPi678F6UnsOzCVYZqMWZaF3Ec1UHxu
+ELg2ekdm3zvdBuvtr0jNiCxbhTr3j5OWQkT/BjZxHpZfA14XEROJC2Slo3PxUwBH
-PZ9A27DvK1MsUm4QZ+7XrzWrRdkmRFXqhtfxCxHRpF+YlRPTyWSVmx0fEkGjLiAd
+0lE0cICWTeaeYcCX8ofawN+t1Qa6UD0sLl2670Kc7pozkJM4ul19rGA2KsHX89gE
-uHU0D14lcqNvmusWOWXVYePOS44R3DrQFULgzfsly09bKFqRZdKGQavVjUbokP1S
+CaB1CkhFCqZhPbqX9yonv9XZtLb8Of8rBNVd/2QKN4/tOXcMYshzakSfSSIsyxxt
-+MDQOca4I6KSxo2358rUGDhq3A0xI5U24wjinNWHktTPXkJbvcJubx/sHb8QMxST
+QgMPRfz0nJTtP7v8ZbwIO+ayGoUeH7aYKhQ6Ku3qW9XuYiy+oMTIOToCSddnEI5t
-qSXr5vYjJfms1sU3v2QYrORU42CBOvUAaZYTwLDq+PSN37IcyQoAhTU2ZgPSzSQe
+JNuPkT9kzA9stkRbFV5kBvrv5LWprWDXdA/wyAWG7txncWj6UzGlP8C3KhtMHLHv
-8aJvxgZWgWedsoeKpKK54yk7rG7b+Qhk6ZHrvFS6cI0YasYQ4GHZHfieG0dTGlVS
+CiOXrE8UJdNNeT52dYI9slg+tzcCfz3sqMr9zXratvT6JMzrQZqCSis8vIx18TIK
-FAAF+HF9/TI3vZPx5qzS6jhtpy6bI/MxjCachA1suShqHZNn4dGW13C6Kf6a6Ci8
+N5yDWHDFUOeNpo7aRqd5goW3qProwfZDjBXiqE4J+AJ5wc73PuftHt2l00zvLDWs
-fOMVK/3t4H5oU+2fqoo41jU/1MmLuNUFt7F08X+3eRw/dmhGuf6Mcd46L9SMPtXp
+SFIRvXbavNBA7GxpVtN8Qxmk6Lm0u0pBiastndowgAI5OIQVuwoA21vXyC5n9pMd
-quSmX/q8kG1YUfj0vXfxBox9rQWYY8kNjp6OUkvAwBYoy6a1j0h420ZQhyNS0vzy
+bPJsmiPyme62OkCWmAjBNDLNVViwKMH8BxmLKJxX+6ysNsn0YY1+9YfI/zC3j4jM
-w2d3UjTjoEdo3qOKCDKLGA9ILSJvK/jzDEoS0G23eiaQJ5DHDK6m++izm+2oCMwM
+OYsK1c0NvFIv5aUxRQZLTJJt9C299jGNvdAJsfdp4LHejzZUjnx3nguz/l6RI1Vb
-+5fcoRhn0SVzAgE63x80btbGuo52sMp57PcGZq50s8yeVYziyZEVPIb5I/vau8BH
+vjQ1qDRPhkgErGXSHsCoCt+z5Y6mq17JWEX/FiXBWQbfSGoG/ZvoOqiBybCQ3HNl
-CxZ++8ENtvKmYWX84hXApR+2rX6hWWi/b34YIG4jtCr+aeaNumv5NT19G+g84BsL
+o9QM1sNQ5fUZDh0TgwkJB91rZXPwi828RklMW8VZszZir5gziTnndhw0ADLCZZ6z
-akcBUtt3px2icLZtUv+ck/JCG/7pUvIqZ2HMKLZgsSZan1pfdfdl1Q28xG97X/dR
+nA0vZAI7sjoEeIgiJq3egrsSLq2ZQRQsh5QF+Xo2QktleGvPrtMv//ZyGz4l59yc
-gCzr15ZjlX8bwtRNQs+xhv6lDQtFOv0wgYYW6rolZS3SOaGhWU4/E1a+RT16NUvS
+wX/7DtABurFhVs3KdYohcqXk2v5jJCMs+j9YDn6540QR6yXcbifp9ySqhm/PeH91
-lajoYD1jFCk6Y2WWIB1tHxAlNC06EQB3oT+gPtzZ9upcM3Qv0X0RyXgPcLFcveiC
+UuL16YKxoV6QBZIGE0vjdUitGKNsS+H4ibD/0ZHYG+VcyL90eIrBq61CjfIO79O0
-aZZtBY6MElzXiRpRB8y6XNyvJz+1vB05DDlcCnx2ovztHAk74AiUp0VlSk6ylqDQ
+L9+G4gKB91stXwtpqZWXTrlzrnjloZOPhqyQN/bs/liWQ6qy0a6Cd6nbWc141An1
-DKOaXHz5ZzFT+Ptaj3m1xBYc3m4Iyw98RXX7IGs7hOY2roaqO3rI/lmgTVuA3hv7
+zEiOihbwLJ4ziCut+bq5lwyw6z/wWEhaVNnYspEEBr2URLMHbnBceS6zXoePT0ur
-m3CX8vbk3gqV1+Rt2ObuddnKtkrG07lP72HliZBLNRgEoaX1DSKdWq7A8G5uNWJj
+9mQQLitmtlANlJ93vBDPhCaEjkK1v5J7MmIHQzyLSQGuLdXwz50piJukWru3aNax
-xvwWUDIu/PESII1x8D52pmZ0QH1VQmas17Ezme/4BGvOR5/0vwKUEXPYWhHvtB31
+skloghJYeTMILEcGAszvyVtcvPqkrJnZXx4Qp7Luj5HK9THr78v3T4nWzirfqxPZ
-4q/HMWpCCH5wF5DF0JfWmOhDpR3EvtG8HnNMzP8cdHbCLaG4SUz5uNKgJ6pI5cjV
+x70xRyhsC2lLcIrJ+3jkXj44edIqdh3Wvi30L2x2iUFyZ0ojQJQDo/+5b+p9k36L
-E+HS+McIN1wp5mFodR3qwjMdLoH2uJ4YOqP05qri1b40xXM/j6+p9tXXYuV/8d6K
+Dk8ktpeIa/BE3NsfcFaWn9bvRkQ6UAQcNn1zmkavfw5TLI4C1PnD/WUpPHZdhzNV
-+L8sZxNvORwf6z8yys2cAHC5xPYBC8c0qKE9a1GtYJRPpjXona+iHoM5KooGFmYx
+K87CsUawxjEg0uCCaViShF6bD9mOWQxE3SM9yNizjTmotF6KrgkT16y/qZ17KGQM
-qZz2AvqbPYIwTHD5sV/K0wA3Zjlw6HOHBnZ6C7ZINAL/idY5uLOP6c3HCmVLRz3a
+hJ5PraGu9jvg+L/MrQpr91eyJaeh9JFl9dM/SPM0mXo5q813bdMmqD4cc3YWCLee
-KIZCBintlvOKVSlzfGh7MjAJpEkzqGBNQIFCkRflrJW13R4/fiRL2fqRm2UjbU7q
+dHtmaKJ08KD1cJqHBz0DRLVV+zH00BMoYt5HZ5DmHFU1zhDekWZLhilbyWt8+z1E
-QQo+ffs3emwCxkfxdOpubKUoANiFdXvQlKiC2BP/Yw==
+bzsoEAfZvyfvF7fJuxQ/HhYdR6TX5H+aNzZZivVc6g==
 -----END ENCRYPTED PRIVATE KEY-----

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.pem

@@ -1,56 +1,56 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUbPUZn/3VpMbderej
+MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQU95KG57RacAYBmkeQ
-CK2+IC16nwwCAggAMB0GCWCGSAFlAwQBKgQQvPO51vuHnkHznERAJ+mJngSCCVDI
+DIe1bZS0sbkCAggAMB0GCWCGSAFlAwQBKgQQyxdAya9Sd4oHLO1pzVWcYASCCVDT
-JlL/aK5MTWYntg5qFJ2L3w4GNTaKeVXrCE1Q/UrXo4/OnNVQdHnyWiuzOt0FoGow
+ozdXT3vjyqMzza4QKaMD4ywSAzGhQRM/TnxU5JbRLNMpdtq76Mfet2pv++UUjcof
-H22nWxbehwlykBPhPNw4719QOiMWQJqggR/61IUh8xOBrchqjQ2irIDjiXnTgD1N
+16EsdOOpDQdxdzQWmwGUNwjkX5YyWTaAefV8l9n6Bp8LV0XabS9We3g5Jr1KjuzP
-ADmtLHZC6duXncdFOtpeooHKMW61P6+KGBck0n8jM96+DuIKZKF2VO0hEzrUCF3d
+O/xJgB2o6BcD/WRPeOaANSGoyWce4rCkpDwqxrp+tY9EK19SoCZG9Zy2hnPPH2Hc
-4ODXNX8EEc4l1UdGUU0l7r/SvxoDyprGnFW1Di+PZCRWwUkHbDrqOWEzs5UIzTRM
+QgtgCAzqaXIp49KIXHn/Uo532lIz3WqkkhzVakwgAKLKIvc/SwgP0eSXLvPjeJYS
-2Tyt5osJB7v+0XB3f2PeBEHkQQhd9mvPIiSO5EwQF4JNQx7LMcnV1eFYXGF30pVb
+L8DngPP0YD7IPgIs7WmMNNE7or69e7mO0miUOl7xStNHzHpLmtLNbYI7Pk6NLT7N
-g9nG3UFbI68uH+uuuEU66yug/h/0RzMSBp8Le6eIck5/jaXBPzDstrc3VW5f1f+n
+kWfh2+E21R7llsW57boMACXVr7N3CHOlZQhUNViyjPayo1njVnp6gGzuIxluhHJY
-I3LsVplUE5znK5okwcGNKr84Ppf6QJ0Hjmbx927j8/n5yMYAn8xa1X5XNeC0dmy8
+CL070oqBeEYVfvE07HQ4Qd0BL5c02pdrKjdzBYyLwzSNKn2RzgS2R/XtEqdmOUo+
-Fjbsz1YpiTx9uQ33thXWbpQXno3fJzXvTVJ258GciPwcwqUTiudkMz3eD/tk/Ehd
+iuRngv9D1UPSI2xlFhv84778ktEeSf8l1nLltqhPJAmJUjSAcu/zjN4Q+HXqMRaF
-SM2oxCKIFDjEUnTSJ89uj+vz9OlTAdaUr0uEfpM6vwq+610UviVRPrNpI2v/qiqJ
+IocDV4I7CaXDc2E0YdU8uHuzzUHLflJ2OZwU5N7tkoVOtAYHKUwCP4J/zpLSe2V2
-SCeCsce4cN4eIjdpgPIt89H/ISDaOlpeCNQ8yLkkM4P89zXjir7Mt7jt3Uh58xoO
+MIh40IVJK4gzb+iyBiOnsnKKQCKMPbS4lH8zC2S486MgjgbhlZeFg0nOF955c61l
-rOHwQW8xUp+92BvES17PS072ywPS2jO/+hVQv6lf1LPHOmIlEWUln8no6KUBupMM
+Sb4MBrexU4s1TUg/fDpYt6jPZoKivN72jzi60kV43gBFHmP3X4SRAUQ4Y3h5NFF8
-ukaW+AmBxxYA1nycC+7IyXDUGiX8MU8GhT45xBpj6t5gKr5QwvJpGcH5oJ0qqq+s
+h2p4wvYRsYEexjJU/+WJG4Yi1wSi3oEqD161a6vPOsKBLBdLRo1vgnQdGFx/k83X
-5B4bmIkaDUgbyAcnishANkHt8/wPvKLbefgRPkpRzaPFQqXu18nRr5GTa+dWfS1y
+vjPlI2eEUMPCntNBbrTy8eUSJz/0OH2phztZpHuh5cfy4ErUi19d9ywZUlhurGvX
-GJOVtKcGEyMCHTWfvT9NQZryP3uSsVvl4unEcScWqUL12rDfe31EuTr8JD79I7US
+dC7ouTEqRZLkkSCfGTQM0q0O4JQJTLb5N4gWdZxQd2UwGv3jCK7m5eWx3bTdhhXi
-ssJoDtOKSsP/fFcUatUDcfsb+hkBGN19CdDb4LvPY23FhUc1ApYbWmU5HlY16uQx
+179DoSpYBCJF3msn0ROO6PxsccH0w/I6KMi3QNmsDlXhDr6XIBya8CU0lx9lp0pl
-zjoVVZ3lCckJHojPlXpgv0y/CC6tOyEwKxC2u2voPunbR/D7rJ+5AIWDDc3pzzPZ
+5q62D26Ylr2fovd3qKKbwP6RaZarCzKLO6dWdyMqtUwVlX2FDCFd/SPGWc2TmuVS
-KH1jfJPL8KbM8lBc+hpyLBtSnQpj/osN/jLY7El3ciFcux/NFSffeWKn/QuYYC8p
+vLb981Zm13AfYtNUSfusroDp3TEuvl7cwozg7p33SQhuCmgKnxMd0iXd5QQZjrR0
-LtJzWZiURZ6SWFZ4llPKbDeXsKhSOuroMt0aRUfQu2zHw++Ss94X+wJ3Tg64uP/9
+t+y22dHrD1agkkoFMLz/+d+930J0sY4odG/HbL2Bv8ZelVUjA8XSFoGBEA+rfQCg
-Bw9B5LFdTogChz7ObmGr9OnyJuQaj9/riWP6kowjXSQhku30RMpf6MQnxg8KLhI/
+DGmLh5a+/yfzxCEKWVLqmwHWbSkub8bXdl6EKEyaO9qo1KCLAf3tArQx45sqw8bK
-99y4rGp+OLcxZcKbmENWIl9QcEVbyPfBq2yGSk/drT3xUJghCcPjObKToutHRs9r
+8AYq2mrNIiMDhHub+XEEC0Aw2lZkJOrwwMEsTcZWfBvj56MdRNXuZMvPdarTbnDx
-cN0IE6kzRiruRdm2bejgni+v5BhioiZRiSwr5om57G1N4e8BseTxY+zQrU2WwdJp
+zzxatqIwfvpOy/S2Poyrc6GuprbZCM6N+cDLdWQqAHVwAlx77NhiJ6s3vUnE3vB7
-ll1zqk5t2J+83uU/EQBmIkXpP+xqrod/uOUm84d5nYRXuO94DLUDwqU0KI7QKoHK
+aHgmXU+a8uPA64tKKaRNQJ31f7viCkWJXEbbEhVTzCvFcoqbKPPMm9w7nO8PMUTu
-W6XSU5TDzmynPrycl1IGW1l6ddb92h4FPYyYsppb+G78v2WfVFSsze2aBIDbDZUh
+BmwSFEKhd3BDKZavqTHKi66fF3A5ALFYAkMw/AlvinMitb9s+7WlWQrdvSFkqHsY
-QEaElJuNIOA+bOSctpTr0i70HXhGzVMXStXJMAIFgR9wKppxW+0IXdjYzhKVE8gx
+wNQ1ankleYd24/8ZllvsQpleLMepDSxP6zUMpXSHbTKp5MZeoCaaY1RCkg7aOduz
-uXiJfwJx5pSDBWFDZqLM8uTH3hGOuvRX06iSHIFCsxjds7VWXBh91iGw9Xef9D50
+brnD7lRAfLp0H72nxVgC7n6VjidOSruF7k9WIN9VVbP0ZVL/QtkKRWd/hEmtMNaH
-DVaIhF12dTRsrdi5AqYYkTb4AEzpUQXg7HPi678F6UnsOzCVYZqMWZaF3Ec1UHxu
+ELg2ekdm3zvdBuvtr0jNiCxbhTr3j5OWQkT/BjZxHpZfA14XEROJC2Slo3PxUwBH
-PZ9A27DvK1MsUm4QZ+7XrzWrRdkmRFXqhtfxCxHRpF+YlRPTyWSVmx0fEkGjLiAd
+0lE0cICWTeaeYcCX8ofawN+t1Qa6UD0sLl2670Kc7pozkJM4ul19rGA2KsHX89gE
-uHU0D14lcqNvmusWOWXVYePOS44R3DrQFULgzfsly09bKFqRZdKGQavVjUbokP1S
+CaB1CkhFCqZhPbqX9yonv9XZtLb8Of8rBNVd/2QKN4/tOXcMYshzakSfSSIsyxxt
-+MDQOca4I6KSxo2358rUGDhq3A0xI5U24wjinNWHktTPXkJbvcJubx/sHb8QMxST
+QgMPRfz0nJTtP7v8ZbwIO+ayGoUeH7aYKhQ6Ku3qW9XuYiy+oMTIOToCSddnEI5t
-qSXr5vYjJfms1sU3v2QYrORU42CBOvUAaZYTwLDq+PSN37IcyQoAhTU2ZgPSzSQe
+JNuPkT9kzA9stkRbFV5kBvrv5LWprWDXdA/wyAWG7txncWj6UzGlP8C3KhtMHLHv
-8aJvxgZWgWedsoeKpKK54yk7rG7b+Qhk6ZHrvFS6cI0YasYQ4GHZHfieG0dTGlVS
+CiOXrE8UJdNNeT52dYI9slg+tzcCfz3sqMr9zXratvT6JMzrQZqCSis8vIx18TIK
-FAAF+HF9/TI3vZPx5qzS6jhtpy6bI/MxjCachA1suShqHZNn4dGW13C6Kf6a6Ci8
+N5yDWHDFUOeNpo7aRqd5goW3qProwfZDjBXiqE4J+AJ5wc73PuftHt2l00zvLDWs
-fOMVK/3t4H5oU+2fqoo41jU/1MmLuNUFt7F08X+3eRw/dmhGuf6Mcd46L9SMPtXp
+SFIRvXbavNBA7GxpVtN8Qxmk6Lm0u0pBiastndowgAI5OIQVuwoA21vXyC5n9pMd
-quSmX/q8kG1YUfj0vXfxBox9rQWYY8kNjp6OUkvAwBYoy6a1j0h420ZQhyNS0vzy
+bPJsmiPyme62OkCWmAjBNDLNVViwKMH8BxmLKJxX+6ysNsn0YY1+9YfI/zC3j4jM
-w2d3UjTjoEdo3qOKCDKLGA9ILSJvK/jzDEoS0G23eiaQJ5DHDK6m++izm+2oCMwM
+OYsK1c0NvFIv5aUxRQZLTJJt9C299jGNvdAJsfdp4LHejzZUjnx3nguz/l6RI1Vb
-+5fcoRhn0SVzAgE63x80btbGuo52sMp57PcGZq50s8yeVYziyZEVPIb5I/vau8BH
+vjQ1qDRPhkgErGXSHsCoCt+z5Y6mq17JWEX/FiXBWQbfSGoG/ZvoOqiBybCQ3HNl
-CxZ++8ENtvKmYWX84hXApR+2rX6hWWi/b34YIG4jtCr+aeaNumv5NT19G+g84BsL
+o9QM1sNQ5fUZDh0TgwkJB91rZXPwi828RklMW8VZszZir5gziTnndhw0ADLCZZ6z
-akcBUtt3px2icLZtUv+ck/JCG/7pUvIqZ2HMKLZgsSZan1pfdfdl1Q28xG97X/dR
+nA0vZAI7sjoEeIgiJq3egrsSLq2ZQRQsh5QF+Xo2QktleGvPrtMv//ZyGz4l59yc
-gCzr15ZjlX8bwtRNQs+xhv6lDQtFOv0wgYYW6rolZS3SOaGhWU4/E1a+RT16NUvS
+wX/7DtABurFhVs3KdYohcqXk2v5jJCMs+j9YDn6540QR6yXcbifp9ySqhm/PeH91
-lajoYD1jFCk6Y2WWIB1tHxAlNC06EQB3oT+gPtzZ9upcM3Qv0X0RyXgPcLFcveiC
+UuL16YKxoV6QBZIGE0vjdUitGKNsS+H4ibD/0ZHYG+VcyL90eIrBq61CjfIO79O0
-aZZtBY6MElzXiRpRB8y6XNyvJz+1vB05DDlcCnx2ovztHAk74AiUp0VlSk6ylqDQ
+L9+G4gKB91stXwtpqZWXTrlzrnjloZOPhqyQN/bs/liWQ6qy0a6Cd6nbWc141An1
-DKOaXHz5ZzFT+Ptaj3m1xBYc3m4Iyw98RXX7IGs7hOY2roaqO3rI/lmgTVuA3hv7
+zEiOihbwLJ4ziCut+bq5lwyw6z/wWEhaVNnYspEEBr2URLMHbnBceS6zXoePT0ur
-m3CX8vbk3gqV1+Rt2ObuddnKtkrG07lP72HliZBLNRgEoaX1DSKdWq7A8G5uNWJj
+9mQQLitmtlANlJ93vBDPhCaEjkK1v5J7MmIHQzyLSQGuLdXwz50piJukWru3aNax
-xvwWUDIu/PESII1x8D52pmZ0QH1VQmas17Ezme/4BGvOR5/0vwKUEXPYWhHvtB31
+skloghJYeTMILEcGAszvyVtcvPqkrJnZXx4Qp7Luj5HK9THr78v3T4nWzirfqxPZ
-4q/HMWpCCH5wF5DF0JfWmOhDpR3EvtG8HnNMzP8cdHbCLaG4SUz5uNKgJ6pI5cjV
+x70xRyhsC2lLcIrJ+3jkXj44edIqdh3Wvi30L2x2iUFyZ0ojQJQDo/+5b+p9k36L
-E+HS+McIN1wp5mFodR3qwjMdLoH2uJ4YOqP05qri1b40xXM/j6+p9tXXYuV/8d6K
+Dk8ktpeIa/BE3NsfcFaWn9bvRkQ6UAQcNn1zmkavfw5TLI4C1PnD/WUpPHZdhzNV
-+L8sZxNvORwf6z8yys2cAHC5xPYBC8c0qKE9a1GtYJRPpjXona+iHoM5KooGFmYx
+K87CsUawxjEg0uCCaViShF6bD9mOWQxE3SM9yNizjTmotF6KrgkT16y/qZ17KGQM
-qZz2AvqbPYIwTHD5sV/K0wA3Zjlw6HOHBnZ6C7ZINAL/idY5uLOP6c3HCmVLRz3a
+hJ5PraGu9jvg+L/MrQpr91eyJaeh9JFl9dM/SPM0mXo5q813bdMmqD4cc3YWCLee
-KIZCBintlvOKVSlzfGh7MjAJpEkzqGBNQIFCkRflrJW13R4/fiRL2fqRm2UjbU7q
+dHtmaKJ08KD1cJqHBz0DRLVV+zH00BMoYt5HZ5DmHFU1zhDekWZLhilbyWt8+z1E
-QQo+ffs3emwCxkfxdOpubKUoANiFdXvQlKiC2BP/Yw==
+bzsoEAfZvyfvF7fJuxQ/HhYdR6TX5H+aNzZZivVc6g==
 -----END ENCRYPTED PRIVATE KEY-----
 
 -----BEGIN CERTIFICATE-----

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict.properties

@@ -96,7 +96,7 @@ language.it=Italiano
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
 loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
-loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
+loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
 loainfo.startNow=Do you want to start the process now?
@@ -224,6 +224,8 @@ recovery_check_code.invalid.code.tooLong=The code is too long
 recovery_check_code.noAccess=I do not have access to my code
 recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
 recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
+recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
+recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
 recovery_check_noCode.banner.error=Too many attempts.
 recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
 recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -260,7 +262,7 @@ recovery_questionnaire_no_recovery.instruction2=If you have several login factor
 recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
 recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
 recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
-recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
+recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
 recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
 recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
 recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_de.properties

@@ -96,7 +96,7 @@ language.it=Italiano
 languageDropdown.aria.label=Sprache wählen
 loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
 loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen.
-loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben.
+loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
 loainfo.helper=Ihre persönlichen Daten müssen überprüft werden!
 loainfo.later=Später
 loainfo.startNow=Möchten Sie den Prozess jetzt starten?
@@ -213,7 +213,8 @@ pwreset.info.linktext=Passwort vergessen
 pwreset.noticket=Ihr Link ist nicht mehr gültig. Bitte generieren Sie ein Neuen.
 recovery_accessapp_auth.accessAppRegistered=AGOV access app schon registriert
 recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um Sie zu identifizieren.
+recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um sich zu identifizieren.
+recovery_check_code.banner.lockedError=Zu viele Fehlversuche. Bitte versuchen Sie es in ein paar Minuten noch einmal.
 recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut.
 recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben
 recovery_check_code.instruction=Bitte geben Sie unten Ihren persönlichen 12-stelligen Wiederherstellungscode ein. Sie haben den Wiederherstellungscode in einer PDF-Datei bei der Registrierung oder in AGOV me erhalten.
@@ -223,9 +224,11 @@ recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang
 recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen
 recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen können?
 recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen können, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
-recovery_check_noCode.banner.error=Zu viele Versuche oder Ihr Wiederherstellungscode ist abgelaufen.
+recovery_check_code.too_many_tries.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
-recovery_check_noCode.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
+recovery_check_code.too_many_tries.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
-recovery_check_noCode.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
+recovery_check_noCode.banner.error=Zu viele Versuche.
+recovery_check_noCode.instruction1=Möglicherweise haben Sie zu oft versucht, den Wiederherstellungscode einzugeben.
+recovery_check_noCode.instruction2=Bitte schliessen Sie den Webbrowser und starten Sie die Kontowiederherstellung in zehn Minuten erneut auf <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
 recovery_code.banner.error=Bitte enth&uuml;llen Sie den Code, um fortfahren zu k&ouml;nnen.
 recovery_code.instruction=Der Wiederherstellungscode hilft Ihnen, Zugriff auf Ihr AGOV-Login zu erhalten, falls Sie alle Ihre Login-Faktoren verloren haben. Bitte bewahren Sie den Wiederherstellungscode an einem sicheren Ort auf.
 recovery_code.newRecoveryCode=Einf&uuml;hrung von Wiederherstellungscode
@@ -233,7 +236,7 @@ recovery_code.validUntil=G&uuml;ltig bis:
 recovery_fidokey_auth.button=Schl&uuml;sselauthentifizierung starten
 recovery_fidokey_auth.fidoInstruction=Klicken Sie auf "Schl&uuml;sselauthentifizierung starten"
 recovery_fidokey_auth.instruction1=Sie haben bereits einen neuen Sicherheitsschl&uuml;ssel !!!SECURITY_KEY_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um Sie zu identifizieren.
+recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um sich zu identifizieren.
 recovery_fidokey_auth.keyRegistered=Sicherheitsschl&uuml;ssel schon registriert
 recovery_intro_email.banner.error=Der von Ihnen verwendete Link ist abgelaufen. Bitte geben Sie Ihre E-Mail-Adresse ein, um einen neuen Link zu erhalten.
 recovery_intro_email.banner.info=Bitte geben Sie Ihre E-Mail-Adresse ein, damit wir Ihnen einen Link schicken k&ouml;nnen, mit dem Sie den Wiederherstellungsprozess starten.
@@ -259,7 +262,7 @@ recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren r
 recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschl&uuml;ssel habe
 recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschl&uuml;ssel)
 recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen
-recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht oder zur&uuml;ckgesetzt
+recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht, neu installiert oder zur&uuml;ckgesetzt
 recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschl&uuml;ssel verloren
 recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu &uuml;bertragen
 recovery_questionnaire_reason_selection.answer6=Ich habe die PIN f&uuml;r meine AGOV access App vergessen

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_en.properties

@@ -96,7 +96,7 @@ language.it=Italiano
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
 loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
-loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
+loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
 loainfo.startNow=Do you want to start the process now?
@@ -224,6 +224,8 @@ recovery_check_code.invalid.code.tooLong=The code is too long
 recovery_check_code.noAccess=I do not have access to my code
 recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
 recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
+recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
+recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
 recovery_check_noCode.banner.error=Too many attempts.
 recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
 recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -260,7 +262,7 @@ recovery_questionnaire_no_recovery.instruction2=If you have several login factor
 recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
 recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
 recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
-recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
+recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
 recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
 recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
 recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_fr.properties

@@ -96,7 +96,7 @@ language.it=Italiano
 languageDropdown.aria.label=Sélectionner la langue
 loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours.
 loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante.
-loainfo.description.400=Pour accéder à l'application, vous devez ajouter votre numéro AVS.
+loainfo.description.400=Veuillez saisir votre numéro AVS pour accéder à l'application.
 loainfo.helper=Vos données doivent être vérifiées!
 loainfo.later=Plus tard
 loainfo.startNow=Voulez-vous commencer le processus maintenant?
@@ -214,6 +214,7 @@ pwreset.noticket=Votre lien n'est plus valide. Veuillez en gén&eacut
 recovery_accessapp_auth.accessAppRegistered=L'application AGOV access est déjà enregistrée
 recovery_accessapp_auth.instruction1=Vous avez déjà enregistré une nouvelle AGOV access app !!!ACCESS_APP_NAME!!! dans le cadre du processus de récupération.
 recovery_accessapp_auth.instruction2=Veuillez utiliser !!!ACCESS_APP_NAME!!! pour vous identifier.
+recovery_check_code.banner.lockedError=Trop de saisies erronées. Veuillez réessayer dans quelques minutes.
 recovery_check_code.codeIncorrect=Le code saisi est incorrect. Veuillez réessayer.
 recovery_check_code.enterRecoveryCode=Saisir le code de récupération
 recovery_check_code.instruction=Veuillez saisir votre code de récupération à douze chiffres. Lors de votre inscription, vous avez reçu le code de récupération sous la forme d’un fichier PDF ou dans AGOV me.
@@ -223,9 +224,11 @@ recovery_check_code.invalid.code.tooLong=Le code est trop long
 recovery_check_code.noAccess=Je n’ai pas accès à mon code de récupération
 recovery_check_code.noCodeAccess=Êtes-vous sûr de ne pas avoir accès à votre code de récupération ?
 recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de récupération, veuillez vous rendre sur AGOV help et contacter le service d’assistance AGOV. Un agent pourra vous aider dans le processus de récupération.
-recovery_check_noCode.banner.error=Trop de tentatives ou expiration de votre code de récupération.
+recovery_check_code.too_many_tries.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois.
-recovery_check_noCode.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois.
+recovery_check_code.too_many_tries.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération.
-recovery_check_noCode.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération.
+recovery_check_noCode.banner.error=Trop de tentatives.
+recovery_check_noCode.instruction1=Vous avez peut-être essayé de saisir le code de récupération trop de fois.
+recovery_check_noCode.instruction2=Veuillez fermer le navigateur web et recommencer la r&eacute;cup&eacute;ration du compte dans dix minutes &agrave; partir de <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
 recovery_code.banner.error=Veuillez indiquer votre nouveau code pour pouvoir continuer.
 recovery_code.instruction=Les codes de r&eacute;cup&eacute;ration vous permettent d'acc&eacute;der &agrave; votre compte au cas o&ugrave; vous auriez perdu tous vos identifiants. Conservez le code de r&eacute;cup&eacute;ration en lieu s&ucirc;r.
 recovery_code.newRecoveryCode=Introduction du code de r&eacute;cup&eacute;ration
@@ -259,7 +262,7 @@ recovery_questionnaire_no_recovery.instruction2=Si vous avez enregistr&eacute; p
 recovery_questionnaire_reason_selection.answer1=Je n'arrive pas &agrave; me connecter, m&ecirc;me si j'ai mon application / ma cl&eacute; de s&eacute;curit&eacute;
 recovery_questionnaire_reason_selection.answer10=J'ai perdu l'un de mes facteurs d'authentification (application AGOV access ou cl&eacute; de s&eacute;curit&eacute;)
 recovery_questionnaire_reason_selection.answer2=Je n'ai pas pu terminer mon inscription
-recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute; ou r&eacute;initialis&eacute; mon application AGOV access
+recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute;, r&eacute;install&eacute; ou r&eacute;initialis&eacute; mon application d'acc&egrave;s AGOV
 recovery_questionnaire_reason_selection.answer4=J'ai perdu mon t&eacute;l&eacute;phone / cl&eacute; de s&eacute;curit&eacute;
 recovery_questionnaire_reason_selection.answer5=J'ai un nouveau t&eacute;l&eacute;phone et j'ai oubli&eacute; de transf&eacute;rer mon application AGOV access
 recovery_questionnaire_reason_selection.answer6=J'ai oubli&eacute; mon PIN pour l'application AGOV access

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_it.properties

@@ -96,7 +96,7 @@ language.it=Italiano
 languageDropdown.aria.label=Selezionare la lingua
 loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi.
 loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata.
-loainfo.description.400=Per acceddere all'applicazione deve inserire il numero AVS.
+loainfo.description.400=Per accedere all'applicazione è necessario inserire il numero AVS.
 loainfo.helper=I dati devono essere verificati!
 loainfo.later=Più tardi
 loainfo.startNow=Iniziare la procedura?
@@ -214,6 +214,7 @@ pwreset.noticket=Il biglietto per la reimpostazione della password non è
 recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata
 recovery_accessapp_auth.instruction1=Ha già registrato una nuova app AGOV access !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
 recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
+recovery_check_code.banner.lockedError=Troppi tentativi di inserimento non validi. Riprovare tra qualche minuto.
 recovery_check_code.codeIncorrect=Il codice inserito non è corretto. Riprovare.
 recovery_check_code.enterRecoveryCode=Inserisca il codice di recupero
 recovery_check_code.instruction=Inserire qui sotto il codice di ripristino a 12 caratteri alfanumerici. Ha ricevuto questo codice in un file PDF al momento della registration o in AGOV me.
@@ -223,9 +224,11 @@ recovery_check_code.invalid.code.tooLong=Il codice è troppo lungo
 recovery_check_code.noAccess=Non ho il mio codice.
 recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino?
 recovery_check_code.noCodeAccessInstructions=Se non ha più il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assisterà nel processo di ripristino.
-recovery_check_noCode.banner.error=Troppi tentativi o codice di ripristino scaduto
+recovery_check_code.too_many_tries.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte.
-recovery_check_noCode.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte.
+recovery_check_code.too_many_tries.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
-recovery_check_noCode.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
+recovery_check_noCode.banner.error=Troppi tentativi.
+recovery_check_noCode.instruction1=Potresti aver tentato di inserire il codice di ripristino troppe volte.
+recovery_check_noCode.instruction2=Chiudi il browser web e inizia nuovamente il processo di ripristino dell'account tra dieci minuti da <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
 recovery_code.banner.error=Per procedere, inserire il nuovo codice.
 recovery_code.instruction=Il codice di ripristino le aiuta ad accedere al suo conto in caso in cui lei abbia perso le credentiali di accesso. Per favore, conservi il codice di ripristino in un luogo sicuro.
 recovery_code.newRecoveryCode=Introduzione del codice di ripristino
@@ -259,7 +262,7 @@ recovery_questionnaire_no_recovery.instruction2=Se ha registrato pi&ugrave; fatt
 recovery_questionnaire_reason_selection.answer1=Ho problemi ad accedere, anche se ho la mia app/chiave di sicurezza
 recovery_questionnaire_reason_selection.answer10=Ho perso uno dei miei fattori di accesso (app AGOV access o chiave di sicurezza)
 recovery_questionnaire_reason_selection.answer2=Non sono riuscito a completare la registrazione
-recovery_questionnaire_reason_selection.answer3=Ho eliminato o reimpostato la mia app AGOV access
+recovery_questionnaire_reason_selection.answer3=Ho eliminato, reinstallato o reimpostato la mia app AGOV access
 recovery_questionnaire_reason_selection.answer4=Ho perso il telefono/la chiave di sicurezza
 recovery_questionnaire_reason_selection.answer5=Ho un nuovo telefono e ho dimenticato di trasferire la mia app AGOV access
 recovery_questionnaire_reason_selection.answer6=Ho dimenticato il PIN dell'app AGOV access

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithAssertion.groovy

@@ -10,6 +10,20 @@ def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTi
 
 LOG.info("Event='AUTHENTICATION', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
 
+// BUNDBITBK-4824: Address was missing after bmid verification
+def session = request.getAuthSession(true)
+int loa = session.get('agov.actualRoleLevel') as int
+
+// Best Token Available only if account's AQlevel is high enough
+if ((session.getAttribute('agov.appAddressRequired') == 'true') && (loa < 200)) {
+    LOG.debug("Best Token: Address requested but account has to low AQ (${loa})")
+    session.setAttribute('agov.appAddressRequired', 'false')
+}
+if ((session.getAttribute('agov.appSvnrAllowed') == 'true') && (loa < 400)) {
+    LOG.debug("Best Token: SVNr requested but account has to low AQ (${loa})")
+    session.setAttribute('agov.appSvnrAllowed', 'false')
+}
+// BUNDBITBK-4824 END
 
 // delete the login cookie
 def agovLoginCookie = "agovLogin=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/askMobileNumber.groovy

@@ -60,16 +60,19 @@ if (!inargs['submit'] && (!inargs['mobile'] || !inargs['mobile'].isEmpty()) && i
     return
 }
 
-if (inargs['submit'] && (!inargs['mobile'] || inargs['mobile'].isEmpty()) && inargs['skip'] && inargs['skip'] == 'true') {
+if (inargs['submit'] && (!inargs['mobile'] || inargs['mobile'].isEmpty()) && inargs['skip']) {
     // no mobile, and user wants to skip it
 
-    LOG.info("Event='NOMOBILENUMBER', Requester='${requester}', RequestId='${requestId}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
+    LOG.info("Event='NOMOBILENUMBER', Requester='${requester}', RequestId='${requestId}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', Persistent='${ inargs['skip'] == 'persistent' ? true : false }'")
     
-    // persistent cookie for 30d;
+    if (inargs['skip'] == 'persistent') {
-    def agovSkipAskingMobileCookie = "agovSkipAskingMobile=true; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=2592000; SameSite=Strict; Secure; HttpOnly"
+        // persistent cookie for 30d;
-    // setHeader doesn't support multiple headers with the same name, so we use
+        def agovSkipAskingMobileCookie = "agovSkipAskingMobile=true; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=2592000; SameSite=Strict; Secure; HttpOnly"
-    // a different one, and rewrite it in the proxy with Lua
+        // setHeader doesn't support multiple headers with the same name, so we use
-    response.setHeader('Set-Cookie2', agovSkipAskingMobileCookie)
+        // a different one, and rewrite it in the proxy with Lua
+        response.setHeader('Set-Cookie2', agovSkipAskingMobileCookie)
+    }
+
     response.setResult('done')
     return
 }

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/authorization.groovy

@@ -167,7 +167,8 @@ def i2r = [:]
 
 // issuer to ResultCond name
 def i2e = [:]
-i2e.put('https://trustbroker.agov-d.azure.adnovum.net', 'forbidden_0')
+i2e.put('https://trustbroker.agov-epr-lab.azure.adnovum.net', 'forbidden_0')
+i2e.put('https://trustbroker-idp.agov-epr-lab.azure.adnovum.net', 'forbidden_1')
 
 
 if (!i2r.isEmpty() && !hasAnyRequiredRole(i2r, issuer)) {

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/checkloa.groovy

@@ -2,9 +2,8 @@ import org.codehaus.groovy.runtime.StackTraceUtils
 import groovy.xml.XmlSlurper
 
 def getUserAGOVLoiRoles() {
-  // set attibutes from DTO: -> AGOVaq
+  // we take the roles from actualRoles
-  def list = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto'))
+  return request.getActualRoles().findAll { role -> role.startsWith('AGOV-Loi.') }.collect({ role -> role.substring(9) })
-  return list.'**'.findAll { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-Loi' }.collect({ node -> node.name.text() })
 }
 
 def getUserAGOVRecoveryRoles() {
@@ -141,6 +140,11 @@ try {
     LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', errorMessage='Account without Profile', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
 
     session.setAttribute('contextClassRefToSet', 'urn:qa.agov.ch:names:tc:ac:classes:100')
+
+    // if the account has no profile, we must not return address or svnr
+    session.setAttribute('agov.appAddressRequired', 'false')
+    session.setAttribute('agov.appSvnrAllowed', 'false')
+
     response.setResult('ok')
     return
   }
@@ -161,16 +165,14 @@ try {
   if (role.startsWith('level')) {
     def roleLevel = role.substring(5)
     int roleLevelNumber = Integer.parseInt(roleLevel)
-    if (highestRoleLevelNumber == 0) {
+    
-      highestRoleLevelNumber = roleLevelNumber
-    }
     if (highestRoleLevelNumber< roleLevelNumber) { 
       highestRoleLevelNumber=roleLevelNumber 
     } 
   } 
   } 
-  LOG.debug('CheckLoa: Highest role Level' + highestRoleLevelNumber.toString() +' contextclassref' + requestedRoleLevelNumber.toString()) 
+  LOG.debug('CheckLoa: Highest role Level ' + highestRoleLevelNumber.toString() +' contextclassref ' + requestedRoleLevelNumber.toString()) 
-  LOG.debug('CheckLoa: Compare' + (highestRoleLevelNumber>=requestedRoleLevelNumber)) 
+  LOG.debug('CheckLoa: Compare ' + (highestRoleLevelNumber>=requestedRoleLevelNumber))  
 
   //set attribute Actual Role Level
   session.setAttribute('agov.actualRoleLevel', '' + highestRoleLevelNumber)
@@ -185,42 +187,46 @@ try {
   }
 
   // no login for users with a recovery role
-  for (String role : getUserAGOVRecoveryRoles()) {
+  def recoveryRoleList = getUserAGOVRecoveryRoles()
-    if (role == 'mustRecover') {
+  
-      session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:mustRecover')
+  if (recoveryRoleList.contains('mustRecover')) {
-      session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown' ) 
+    session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:mustRecover')
+    session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown' ) 
 
-      def origIdVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()) ?: 'None'
+    def origIdVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()) ?: 'None'
+    def idVerification = getUserIdVerificationForRecovery() ?: origIdVerification
+    session.setAttribute('agov.recovery.currentIdVerification', '' + idVerification )
 
-      def idVerification = getUserIdVerificationForRecovery() ?: origIdVerification
+    // align currentAgovAq with the method selected for idVerification
-      session.setAttribute('agov.recovery.currentIdVerification', '' + idVerification )
+    def currentAgovAqForRecovery = getAqLevelBasedOnIdVerificationForRecovery(idVerification, highestRoleLevelNumber)
+    session.setAttribute('agov.recovery.currentAgovAq', '' + currentAgovAqForRecovery)
 
-      // align currentAgovAq with the method selected for idVerification
+    def validFrom = getUserMustRecoverValidFrom() ?: ''
-      def currentAgovAqForRecovery = getAqLevelBasedOnIdVerificationForRecovery(idVerification, highestRoleLevelNumber)
+    session.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', '' + validFrom ) 
-      session.setAttribute('agov.recovery.currentAgovAq', '' + currentAgovAqForRecovery)
 
-      def validFrom = getUserMustRecoverValidFrom() ?: ''
+    LOG.debug("CheckLoa: mustRecover: origIdVerification=${origIdVerification}, idVerification=${idVerification}, currentAgovAqForRecovery=${currentAgovAqForRecovery}")
-      session.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', '' + validFrom ) 
 
-      LOG.debug("CheckLoa: mustRecover: origIdVerification=${origIdVerification}, idVerification=${idVerification}, currentAgovAqForRecovery=${currentAgovAqForRecovery}")
+    response.setResult('exit.2')
+    return
 
-      response.setResult('exit.2')
+  } else if (recoveryRoleList.contains('recovery')) {
-      return
+    if (recoveryRoleList.contains('recoveryCascade')) {
-
+      session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recoveryCascade')
-    } else if (role == 'recovery') {
+    } else {
       session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recovery')
-      session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown') 
+    }
-      session.setAttribute('agov.recovery.currentAgovAq', session.getAttribute('contextClassRefToSet') ?: 'urn:qa.agov.ch:names:tc:ac:classes:100' )
+    session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown') 
-      LOG.debug('CheckLoa: idVerification2= '+ getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()))
+    session.setAttribute('agov.recovery.currentAgovAq', session.getAttribute('contextClassRefToSet') ?: 'urn:qa.agov.ch:names:tc:ac:classes:100' )
-      def idVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString())
+    LOG.debug('CheckLoa: idVerification2= '+ getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()))
-      session.setAttribute('agov.recovery.currentIdVerification', (idVerification.isEmpty() ? 'None' : idVerification.first()))
+    def idVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString())
-      def validFrom = getUserAGOVLoiValidFrom('level'.concat(highestRoleLevelNumber.toString())) ?: ''
+    session.setAttribute('agov.recovery.currentIdVerification', (idVerification.isEmpty() ? 'None' : idVerification.first()))
-      session.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', validFrom) 
+    def validFrom = getUserAGOVLoiValidFrom('level'.concat(highestRoleLevelNumber.toString())) ?: ''
+    session.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', validFrom) 
+
+    response.setResult('exit.2')
+    return
+  } 
 
-      response.setResult('exit.2')
-      return
-    } 
-  }
 
   if (highestRoleLevelNumber>=requestedRoleLevelNumber) { 
 

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_verification_auth.groovy

@@ -0,0 +1,326 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+import ch.nevis.esauth.util.httpclient.api.HttpClient
+import groovy.json.JsonSlurper
+import io.opentelemetry.api.trace.Span
+
+def getHeader(String name) {
+	def inctx = request.getLoginContext()
+	// case-insensitive lookup of HTTP headers
+	def map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER)
+	map.putAll(inctx)
+	return map['connection.HttpHeader.' + name]
+}
+
+def verification_request_template = '''
+{ "presentation_definition": {
+    "id": "{{UUID}}",
+    "name": "AGOV Verification",
+    "purpose": "AGOV Login",
+    "format": {
+      "vc+sd-jwt": {
+        "sd-jwt_alg_values": [
+          "ES256"
+        ],
+        "kb-jwt_alg_values": [
+          "ES256"
+        ]
+      }
+    },
+    "input_descriptors": [
+      {
+        "id": "agov-all-attributes",
+        "name": "AGOV Identity Verification",
+        "purpose": "verification and authentication",
+        "format": {
+          "vc+sd-jwt": {
+            "sd-jwt_alg_values": [
+              "ES256"
+            ],
+            "kb-jwt_alg_values": [
+              "ES256"
+            ]
+          }
+        },
+        "constraints": {
+          "fields": [
+            {
+              "path": [
+                "$.family_name"
+              ]
+            },
+            {
+              "path": [
+                "$.given_name"
+              ]
+            },
+            {
+              "path": [
+                "$.birth_date"
+              ]
+            },
+            {
+              "path": [
+                "$.sex"
+              ]
+            },
+            {
+              "path": [
+                "$.place_of_origin"
+              ]
+            },
+            {
+              "path": [
+                "$.birth_place"
+              ]
+            },
+            {
+              "path": [
+                "$.nationality"
+              ]
+            },
+            {
+              "path": [
+                "$.personal_administrative_number"
+              ]
+            },
+            {
+              "path": [
+                "$.document_number"
+              ]
+            },
+            {
+              "path": [
+                "$.issuance_date"
+              ]
+            },
+            {
+              "path": [
+                "$.expiry_date"
+              ]
+            },
+            {
+              "path": [
+                "$.issuing_authority"
+              ]
+            },
+            {
+              "path": [
+                "$.issuing_country"
+              ]
+            }
+          ]
+        }
+      }
+    ]
+  }
+}
+'''
+
+def ERROR_CODE_TO_STATUS_MAPPER = [
+		'CREDENTIAL_INVALID'               : 'FAILED',
+		'JWT_EXPIRED'                      : 'ERROR',
+		'INVALID_FORMAT'                   : 'ERROR',
+		'CREDENTIAL_EXPIRED'               : 'FAILED',
+		'MISSING_NONCE'                    : 'ERROR',
+		'UNSUPPORTED_FORMAT'               : 'ERROR',
+		'CREDENTIAL_REVOKED'               : 'FAILED',
+		'CREDENTIAL_SUSPENDED'             : 'FAILED',
+		'HOLDER_BINDING_MISMATCH'          : 'ERROR',
+		'CREDENTIAL_MISSING_DATA'          : 'FAILED',
+		'UNRESOLVABLE_STATUS_LIST'         : 'ERROR',
+		'PUBLIC_KEY_OF_ISSUER_UNRESOLVABLE': 'ERROR',
+		'CLIENT_REJECTED'                  : 'CANCELED',
+		'ISSUER_NOT_ACCEPTED'              : 'ERROR'
+]
+
+// ---------------
+// check, whether we are still processing the correct AuthnRequest
+if (inargs.containsKey('authRequestId') && (inargs['authRequestId'] != session['ch.nevis.auth.saml.request.id'])) {
+	// wrong request, "force" a timeout
+	LOG.debug('authentication timeout enforced, due to concurrent requests -> return a 408')
+
+	response.setIsDirectResponse(true)
+	response.setContentType('text/html; charset=UTF-8')
+	response.setContent('Timeout')
+	response.setHttpStatusCode(205)
+	response.setHeader('IDP-AUTH', 'Timeout')
+
+	// CONTINUE to keep the other request beeing processed
+	response.setStatus(AuthResponse.AUTH_CONTINUE)
+	return
+}
+
+if (inargs['oid4vp'] == 'ERROR') {
+	response.setResult('error')
+	return
+}
+
+if (inargs['oid4vp'] == 'SUCCEEDED') {
+	response.setResult('ok')
+	return
+}
+
+
+def sess = request.getAuthSession(true)
+
+HttpClient httpClient = HttpClients.create(parameters)
+def spanCtxt = Span.current().getSpanContext()
+def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
+
+if (!session['agov.eid.verification']) {
+	// Initialize the verification session on the verifier
+	def endPoint = "${parameters.get('eidVerifierBaseUrl')}/api/v1/verifications"
+
+	try {
+		def httpResponse = Http.post()
+				.url(endPoint)
+				.header("Accept", "application/json")
+				.header("traceparent", traceparent)
+				.entity(Http.entity()
+						.content(verification_request_template.replaceAll("\\{\\{UUID}}", UUID.randomUUID().toString()))
+						.contentType("application/json")
+						.build())
+				.build()
+				.send(httpClient)
+
+
+		if (httpResponse.code() != 200) {
+			LOG.debug("Result: ${httpResponse}")
+			response.setResult('error')
+			return
+		}
+
+		def json = new JsonSlurper().parseText(httpResponse.bodyAsString())
+		LOG.debug("Result: ${json}")
+
+		sess.setAttribute('agov.eid.verification', 'true')
+		sess.setAttribute('agov.eid.verification.id', json.id)
+		sess.setAttribute('agov.eid.verification.link', json.verification_url)
+
+		if (json.state != 'PENDING') {
+			response.setResult('error')
+			return
+		}
+	}
+	catch (Exception e) {
+		LOG.error("Eid verification failed: $e")
+		response.setResult('error')
+		return
+	}
+}
+
+if (getHeader('Content-Type') == 'application/json' && inargs.containsKey('o.id.v')) {
+	// request for a status update from the verifier
+	def result
+
+	// TODO/haburger/2025-03-24: we should make sure, that we have an actual session on the verifier with id.v
+	// and that authRequestId is correct
+	def idvalue = (!inargs['o.id.v'] || inargs['o.id.v'] == 'NEW') ? session['agov.eid.verification.id'] : inargs['o.id.v']
+
+	try {
+		def endPoint = "${parameters.get('eidVerifierBaseUrl')}/api/v1/verifications/${idvalue}"
+
+		def httpResponse = Http.get()
+				.url(endPoint)
+				.header("Accept", "application/json")
+				.header("traceparent", traceparent)
+				.build()
+				.send(httpClient)
+
+		if (httpResponse.code() != 200) {
+			// TODO/haburger/2025-03-25: 404 we should create a new verification request
+			LOG.debug("Result: ${httpResponse}")
+			result = """{
+				"oid4vp": {
+					"status": "ERROR",
+					"verification_url": "${session['agov.eid.verification.link']}",
+					"id": "${idvalue}",
+					"error_code": "HTTP-ERROR",
+					"error_message": "failed to verify status of verification ${idvalue}, http status: ${httpResponse.code()}"
+				}}"""
+			LOG.warn("<== Response: ${responseCode}")
+		}
+		else {
+
+			def json = new JsonSlurper().parseText(httpResponse.bodyAsString())
+
+			if (json.state == 'SUCCESS') {
+				def claims = json.wallet_response.credential_subject_data
+
+				// TODO/haburger/2025-03-25: format changes to align with IDM read data
+				sess.setAttribute('ch.nevis.idm.User.firstName', claims.given_name)
+				sess.setAttribute('ch.nevis.idm.User.lastName', claims.family_name)
+				sess.setAttribute('ch.nevis.idm.User.birthDate', claims.birth_date)
+				sess.setAttribute('ch.nevis.idm.User.gender', claims.sex)
+				sess.setAttribute('ch.nevis.idm.User.prop.svnr', claims.personal_administrative_number)
+				sess.setAttribute('ch.nevis.idm.User.prop.placeOfBirth', claims.birth_place)
+				sess.setAttribute('ch.nevis.idm.User.prop.eIdNumber', claims.personal_administrative_number)
+				sess.setAttribute('ch.nevis.idm.User.prop.nationality', claims.nationality.toString())
+				sess.setAttribute('ValidFrom', claims.issuance_date)
+				sess.setAttribute('ValidTo', claims.expiry_date)
+				sess.setAttribute('authenticatedWith', "urn:qa.agov.ch:names:tc:authfactor:eid")
+				sess.setAttribute('idVerification', "Eid")
+				sess.setAttribute('contextClassRefToSet', "urn:qa.agov.ch:names:tc:ac:classes:600")
+
+				response.setUserId(claims.personal_administrative_number)
+				response.setLoginId(claims.document_number)
+				response.setAuthLevel("EID")
+
+				result = """{
+				"oid4vp": {
+					"status": "SUCCEEDED",
+					"verification_url": "${session['agov.eid.verification.link']}",
+					"id": "${idvalue}",
+					"error_code": "NONE"
+				}}"""
+			}
+			else if (json.state == 'FAILED') {
+				// TODO/haburger/2025-03-25: ERROR_CODE_TO_STATUS_MAPPER[json.wallet_response.error_code] == 'FAILED' we should
+				//  initiate a new verification and return the new id, url together with the message
+
+				LOG
+						.error("Eid verification failed: ${json.wallet_response.error_code} (${json.wallet_response.error_description})")
+				result = """{
+				"oid4vp": {
+					"status": "${ERROR_CODE_TO_STATUS_MAPPER[json.wallet_response.error_code] ?: 'ERROR'}",
+					"verification_url": "${session['agov.eid.verification.link']}",
+					"id": "${idvalue}",
+					"error_code": "${json.wallet_response.error_code}",
+					"error_message": "${json.wallet_response.error_description}"
+				}}"""
+			}
+			else {
+				result = """{
+				"oid4vp": {
+					"status": "${inargs['o.id.v'] == 'NEW' ? 'INITIATED' : 'PENDING'}",
+					"verification_url": "${session['agov.eid.verification.link']}",
+					"id": "${idvalue}",
+					"error_code": "NONE"
+				}}"""
+			}
+		}
+
+	}
+	catch (Exception e) {
+		LOG.error("Eid verification failed: ${e}")
+		result = """{
+				"oid4vp": {
+					"status": "ERROR",
+					"verification_url": "${session['agov.eid.verification.link']}",
+					"id": "${idvalue}",
+					"error_code": "HTTP-ERROR",
+					"error_message": "failed to verify status of verification ${idvalue}, http exception"
+				}}"""
+	}
+
+	response.setContent(result.toString())
+	response.setContentType('application/json')
+	response.setHttpStatusCode(200)
+	response.setIsDirectResponse(true)
+	response.setStatus(AuthResponse.AUTH_CONTINUE)
+	return
+}
+
+// if we reach this place, display GUI
+response.setStatus(AuthResponse.AUTH_CONTINUE)
+return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureRecoveryCode.groovy

@@ -1,7 +1,7 @@
 import ch.nevis.esauth.auth.engine.AuthResponse
-import ch.nevis.idm.client.IdmRestClient
+import ch.nevis.esauth.util.httpclient.api.HttpClient
-import ch.nevis.idm.client.IdmRestClientFactory
+
-import ch.nevis.idm.client.HTTPRequestWrapper
+import io.opentelemetry.api.trace.Span
 
 import groovy.json.JsonSlurper
 import groovy.xml.XmlSlurper
@@ -19,7 +19,9 @@ def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?:
 
 
 
-IdmRestClient idmRestClient = IdmRestClientFactory.get(parameters)
+HttpClient httpClient = HttpClients.create(parameters)
+def spanCtxt = Span.current().getSpanContext()
+def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
 
 String clientExtId = session.get('ch.adnovum.nevisidm.user.clientExtId')
 String userExtId = session.get('ch.adnovum.nevisidm.user.extId')
@@ -37,21 +39,26 @@ if (Arrays.stream(response.getActualRoles()).filter( r -> r.matches('^.*AGOV-Loi
 	return
 }
 
-
+// 1a) check if user has a credential
-// 1b) check if user has a credential
 if ( recoveryCredential != null ) {
 	LOG.debug("Account '${user}' has an active recovery code, no need to create new code")
 	response.setResult('done')
 	return
 }
 
-// 1c) check if a recovery is ongoing (nothing to do)
+// 1b) check if a recovery is ongoing (nothing to do)
 if (Arrays.stream(response.getActualRoles()).filter( r -> r.contains('AGOV-AccountStatus.recovery')).findAny().isPresent()) {
 	LOG.debug("Account '${user}' is in recovery, no need to create new code")
 	response.setResult('done')
 	return
 }
 
+// 1c) don't do it for mobile phones (BUNDBITBK-4445)
+if (userAgent =~ /(iPhone|Android)/ ) {
+	LOG.debug("User '${user}' used a mobile phone, recovery code creation skipped")
+	response.setResult('done')
+	return
+}
 
 // 2) set cookie for recoveryCode
 if (outargs.containsKey('out.JWTToken')) {
@@ -65,21 +72,26 @@ if (outargs.containsKey('out.JWTToken')) {
 if (!session['agov.new.recovery.code.generated']) {
 	inargs.remove('submit')
 	try {
-		def postRequest = new HTTPRequestWrapper()
+		def httpResponse = Http.post()
-		postRequest.addToHeaders('Content-Type',  ['application/json'])
+			.url(endPoint)
+			.header("Accept", "application/json")
+			.header("traceparent", traceparent)
+			.entity(Http.entity()
+				.content("{\"userExtId\":\"$userExtId\",\"userSessionId\": \"$sessionId\"}")
+				.contentType("application/json")
+				.build())
+			.build()
+			.send(httpClient)
 
-		postRequest.setPayLoad("{\"userExtId\":\"$userExtId\",\"userSessionId\": \"$sessionId\"}".getBytes('UTF-8'))
+
-		
+		if (httpResponse.code() != 200) {
-        def result = idmRestClient.postWithResponse(endPoint, postRequest)
+            LOG.debug("Result: ${httpResponse}")
-		if (result.getStatusCode() != 200) {
+			LOG.warn("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create code (http status code ${httpResponse.code()})")
-            LOG.debug("Payload: ${new String(postRequest.getPayLoad())}")
-            LOG.debug("Result: ${result}")
-			LOG.warn("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create code (http status code ${result.getStatusCode()})")
 			response.setResult('failed')
 			return
 		}
 
-		def json = new JsonSlurper().parseText(new String(result.getPayLoad(), 'UTF-8'))
+		def json = new JsonSlurper().parseText(httpResponse.bodyAsString())
 
 		notes.setProperty('agov.new.recovery.code', json['recoveryCode']['code'].replaceAll('^(....)(....)(.*)$', '$1-$2-$3'))
 		LOG.debug("agov.new.recovery.code: ${notes['agov.new.recovery.code']}")

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf

@@ -3,6 +3,7 @@ RTENV_SECURITY_CHECK=no_shell
 JAVA_OPTS=(
     "-XX:+UseContainerSupport"
     "-Dfile.encoding=UTF-8"
+    "-Dotel.instrumentation.metro.enabled=false"
     "-XX:MaxRAMPercentage=80.0"
     "-Djava.net.preferIPv4Stack=true"
     "-Djava.net.connectionTimeout=10000"
@@ -12,7 +13,7 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
     "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-default-tls-trust/truststore.p12"
     "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-default-tls-trust/keypass}"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_auth.groovy

@@ -98,9 +98,12 @@ if (path == '/nevisfido/fido2/attestation/options') {
     }
     post(connection, json)
     def responseCode = connection.responseCode
+    def responseText = responseCode == 200 ? connection.inputStream.text : '{"allowCredentials":[]}'
+    def jsonResponse = new JsonSlurper().parseText(responseText)
+    def numOfKeys = jsonResponse.allowCredentials ? jsonResponse.allowCredentials.size() : 0
 
-    // non existing account, or account without FIDO2 key case
+    // non existing account, account without FIDO2 key , or account with disabled FIDO2 key case
-    if (responseCode == 404 || responseCode == 400) {
+    if (responseCode == 404 || responseCode == 400 || numOfKeys == 0) {
 
       LOG.debug("Fido2Auth: <== Response: ${responseCode}")
 
@@ -113,36 +116,36 @@ if (path == '/nevisfido/fido2/attestation/options') {
       def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
       def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
       def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTime().getEpochSecond() * 1000)
+      def details = "no account (404)"
+      if (responseCode == 400 ) {
+        details = "no fido2 keys for account (400)"    
+      } else if (responseCode == 200) {
+        details = "no active fido2 key for account (200, empty allowCredentials array)"    
+      }
       
-      LOG.info("Event='NOACCOUNT', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${session['ch.nevis.idm.User.email']}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
+      LOG.info("Event='NOACCOUNT', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${session['ch.nevis.idm.User.email']}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}', Details='${details}'")
+
       // returning a fake options structure, which shouldn't leak whether the user account exists or not
       // keyId is unique per environment and email, fido2SessionId and challenge are renewed each time
       def keyId = UUID.nameUUIDFromBytes("${parameters['rpId']}.${session['ch.nevis.idm.User.email']}".getBytes())
-      def responseText = """{"status": "ok",
+      responseText = """{"status": "ok",
-                             "errorMessage": "",
+                         "errorMessage": "",
-                             "fido2SessionId": "${UUID.randomUUID()}",
+                         "fido2SessionId": "${UUID.randomUUID()}",
-                             "challenge": "${base64url(UUID.randomUUID())}",
+                         "challenge": "${base64url(UUID.randomUUID())}",
-                             "timeout": 300000,
+                         "timeout": 300000,
-                             "rpId": "${parameters['rpId']}",
+                         "rpId": "${parameters['rpId']}",
-                             "allowCredentials": [
+                         "allowCredentials": [
-                             {
+                           {
-                                "type": "public-key",
+                              "type": "public-key",
-                                "id": "${base64url(keyId)}",
+                              "id": "${base64url(keyId)}",
-                                "transports": []
+                              "transports": []
-                             }
+                           }
-                                                 ],
+                         ],
-                             "userVerification": "required"}"""
+                         "userVerification": "required"}"""
-
-      response.setContent(responseText) // return response from nevisFIDO "as-is"
-      response.setContentType('application/json')
-      response.setHttpStatusCode(200)
-      response.setIsDirectResponse(true)
-      return
     }
 
-    def responseText = connection.inputStream.text
     LOG.debug("Fido2Auth: <== Response: ${responseCode} : ${responseText}")
-    response.setContent(responseText) // return response from nevisFIDO "as-is"
+    response.setContent(responseText)
     response.setContentType('application/json')
     response.setHttpStatusCode(200)
     response.setIsDirectResponse(true)

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/idp_dispatcher.groovy

@@ -75,9 +75,18 @@ def dispatchIssuer(i2s, String issuer) {
     if (result == null) {
         LOG.info("No SP found for issuer '$issuer'. Hint: check SAML SP Connector patterns.")
     }
+    
+    // dispatch different idp if artifact binding is enabled
+    if(parameters.get('epdMode') == 'artifact' && result == 'epd'){
+        LOG.debug("EPD: Artifact mode")
+        result = result + "_artifact"
+    }else{
+        LOG.debug("EPD: POST mode")
+    }
     response.setResult(result)
     session.put("saml.inbound.issuer", issuer)
     session.put('saml.idp.result', result) // remember decision for sub-sequent requests without a SAML message
+    
 }
 
 def dispatchMessage(i2s, String message) {
@@ -108,7 +117,8 @@ if (request.getSession(false) == null) {
 def i2s = new TreeMap<String, String>(String.CASE_INSENSITIVE_ORDER)
 
 
-i2s.put('https://trustbroker.agov-d.azure.adnovum.net', 'state0')
+i2s.put(parameters.get('atb'), 'main')
+i2s.put(parameters.get('epd_atb'), 'epd')
 
 if (parameters.get('spInitiated') == 'true' && inargs.containsKey('SAMLRequest')) { // SP-initiated authentication
     LOG.debug("found SAMLRequest parameter for SP-initiated authentication")

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/logging.yml

@@ -12,6 +12,8 @@ Configuration:
         onMismatch: "ACCEPT"
   Loggers:
     Logger:
+    - name: "ProductAnalytics"
+      level: "INFO"
     - name: "EsAuthStart"
       level: "INFO"
     - name: "org.apache.catalina.loader.WebappClassLoader"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/mobile_nless_auth.groovy

@@ -82,8 +82,9 @@ if (inargs['fidoUafDone'] == 'true' ||
 if (inargs['fallback'] == 'fallback') {
     response.setResult('fido2')
 }
-    // dispatch to recovery
+
-    if (inargs['fallback'] == 'recovery') {
+// dispatch to recovery
+if (inargs['fallback'] == 'recovery') {
     response.addOutArg('nevis.transfer.destination', parameters.get('recoveryurl'))
     response.setStatus(ch.nevis.esauth.auth.engine.AuthResponse.AUTH_CONTINUE) 
     response.setIsRedirectTransfer(true)

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/nevisauth.yml

@@ -3,6 +3,7 @@ server:
   protocol: "https"
   port: "8991"
   host: "0.0.0.0"
+  max-threads: "200"
   tls:
     keystore: "/var/opt/keys/own/auth-default-identity/keystore.p12"
     keystore-passphrase: "${exec:/var/opt/keys/own/auth-default-identity/keypass}"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/questionnaireLfProcessing.groovy

@@ -0,0 +1,25 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+
+if (inargs['cancel'] && inargs['cancel'] == 'cancel') {
+  def s = request.getAuthSession(true)
+  s.removeAttribute('agov.recovery.moreThanOneLf')
+
+  response.setResult('doCancel')
+  return
+}
+
+if (inargs['continue'] && inargs['continue'] == 'yes') {
+  response.setSessionAttribute('agov.recovery.moreThanOneLf', 'yes')
+  response.setResult('loginFactorYes')
+  return
+}
+
+if (inargs['continue'] && inargs['continue'] == 'no') {
+  response.setSessionAttribute('agov.recovery.moreThanOneLf', 'no')
+  response.setResult('loginFactorNo')
+  return
+}
+
+// if we reach this, display the GUI again
+response.setStatus(AuthResponse.AUTH_CONTINUE)
+return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/questionnaireReasonProcessing.groovy

@@ -0,0 +1,28 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+
+if (inargs['reason']) {
+  response.setSessionAttribute('agov.recovery.reason', '' + inargs['reason'])
+}
+
+if (inargs['cancel'] && inargs['cancel'] == 'cancel') {
+  def s = request.getAuthSession(true)
+  s.removeAttribute('agov.recovery.moreThanOneLf')
+  s.removeAttribute('agov.recovery.reason')
+
+  response.setResult('doCancel')
+  return
+}
+
+if (inargs['continue'] && inargs['continue'] == 'yes') {
+  response.setResult('validReasons')
+  return
+}
+
+if (inargs['continue'] && inargs['continue'] == 'no') {
+  response.setResult('invalidReasons')
+  return
+}
+
+// if we reach this, display the GUI again
+response.setStatus(AuthResponse.AUTH_CONTINUE)
+return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery-prepareRedirect.groovy

@@ -0,0 +1,22 @@
+if (session['agov.recovery.redirectDone']) {
+  // user navigated back from AGOV.me, go again for the code
+
+  // clean up SAML state first, 
+  // IdentityProviderState sets session attributes as follows
+  //   <IDP-State-Name>-session-participants.<SAML-RP-ISSUER> = <ACS-URL>
+  // State name contains the name of the pattern 'Recovery_redirectAgovMe'
+  def s = request.getAuthSession(true)
+  def sessionKeySet = new HashSet(session.keySet()) 
+  sessionKeySet.each { key -> 
+    if ( key ==~ /.*Recovery_redirectAgovMe-session-participants.*/ ) {
+      LOG.debug("Deleted session attribute '${key}'")
+      s.removeAttribute(key)
+    }
+  }
+  s.removeAttribute('agov.recovery.redirectDone')
+  response.setResult('back')
+} else {
+  // redirect
+  response.setSessionAttribute('agov.recovery.redirectDone', 'true')
+  response.setResult('redirect')
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery-processing.groovy

@@ -16,7 +16,7 @@ def maxLoiRoleToCtxClssConvertorMap = [
 ]
 
 // https://docs.nevis.net/nevisidm/Developer-Guide/SOAP-Interface/Interface-specification/Value-types#enum-value-types
-def blockingCredentialStates = ['DISABLED', 'EXPIRED', 'LOCKED_TEMPORARY', 'LOCKED', 'ARCHIVED', 'RESET_CODE']
+def blockingCredentialStates = ['DISABLED', 'EXPIRED', 'LOCKED', 'ARCHIVED', 'RESET_CODE']
 
 def getUserIdVerificationForRecovery(currentLoaRole) {
   // application is AGOV-AccountStatus
@@ -89,7 +89,6 @@ def userHasNewLoginFactor() {
   String userExtId = session.get('ch.adnovum.nevisidm.user.extId')
   String baseEndPoint = "$baseUrl/api/core/v1/$clientExtId/users/$userExtId"
 
-  def result = false
   response.setSessionAttribute('agov.recovery.newLoginFactor', 'NONE')
 
   try {
@@ -97,27 +96,25 @@ def userHasNewLoginFactor() {
 
      def accessApp = credInfoArray['items'].find( it -> it.stateName == "active")
      if (accessApp) {
-       result = true;
        response.setSessionAttribute('agov.recovery.accessapp', accessApp.properties.fidouaf_name)
        response.setSessionAttribute('agov.recovery.accessapp.dispatchTargetId', accessApp.identification.replaceAll('dispatch_target_', ''))
        response.setSessionAttribute('agov.recovery.newLoginFactor', 'ACCESS_APP')
-       return
+       return true
      }
 
      credInfoArray = new JsonSlurper().parseText(idmRestClient.get("$baseEndPoint/fido2"))
 
      def fido2Key = credInfoArray['items'].find( it -> it.stateName == "active")
      if (fido2Key) {
-       result = true;
        response.setSessionAttribute('agov.recovery.securityKey', fido2Key.userFriendlyName)
        response.setSessionAttribute('agov.recovery.newLoginFactor', 'FIDO2')
-       return
+       return true
      }
 
   } catch(Exception e) {
     LOG.error(e.toString())
   }
-  return result
+  return false
 }
 
 
@@ -167,6 +164,8 @@ if (session['ch.adnovum.nevisidm.userDto'] != null && notes['lasterror'] == null
 
       def hasRecoveryRole = userDto.'**'.find { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-AccountStatus' && node.name.text() == 'recovery' }
 
+      def hasRecoveryCascadeRole = userDto.'**'.find { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-AccountStatus' && node.name.text() == 'recoveryCascade' }
+
       def hasNewLoginFactor = hasRecoveryRole && userHasNewLoginFactor()
 
       if (mustRecover) {
@@ -179,6 +178,8 @@ if (session['ch.adnovum.nevisidm.userDto'] != null && notes['lasterror'] == null
         agovAqValidFrom = getUserMustRecoverValidFrom()
 
         maxLoi = getAqLevelBasedOnIdVerificationForRecovery(idVerification, maxLoi)
+      } else if (hasRecoveryCascadeRole && hasNewLoginFactor) {
+        response.setSessionAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recoveryCascade')
       }
 
       LOG.debug("Recovery: MaxLoi is '${maxLoi}'")

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_ongoing.groovy

@@ -1,4 +1,22 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+
 if (inargs['recovery'] != null && inargs['recovery'] == 'recovery' ) {
-   response.setResult('ok')
+  // clean up SAML state, to make sure the redirect will really be processed 
-   return
+  // IdentityProviderState sets session attributes as follows
-}
+  //   <IDP-State-Name>-session-participants.<SAML-RP-ISSUER> = <ACS-URL>
+  // State name contains the name of the pattern 'Recovery_redirectAgovMe'
+  def s = request.getAuthSession(true)
+  def sessionKeySet = new HashSet(session.keySet()) 
+  sessionKeySet.each { key -> 
+    if ( key ==~ /.*Recovery_redirectAgovMe-session-participants.*/ ) {
+      LOG.debug("Deleted session attribute '${key}'")
+      s.removeAttribute(key)
+    }
+  }
+  response.setResult('ok')
+  return
+}
+
+// if we reach this, display the GUI again
+response.setStatus(AuthResponse.AUTH_CONTINUE)
+return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/requestedrolelevel.groovy

@@ -26,7 +26,7 @@ int getRequestedLevel(String authnContextClassRef, def roleList){
 
 def session = request.getAuthSession(true)
 def context = session.get('ch.nevis.auth.saml.request.authnContextClassRef')
-def roleLevels = [100,200,300,400]
+def roleLevels = [100,200,300,400,500,600]
 def requestedRoleLevelNumber = getRequestedLevel(context, roleLevels)
 
 //set attribute Requested Role Level
@@ -44,17 +44,27 @@ def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown'
 def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
 def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
 
-LOG.info("Event='AUTHREQUEST', Requester='${requester}', RequestId='${requestId}', ReplacedRequestId='${replacedRequestId}', RequestedAq=${requestedAq}, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
+def bestTokenAddressWhitelist = ',' + (parameters.get('bestTokenAddressWhitelist') ?: '').replaceAll('\\s','') + ','
+def appRequiresBestTokenWithAddress = bestTokenAddressWhitelist.contains(','+requester+',')
 
+def bestTokenSvnrWhitelist = ',' + (parameters.get('bestTokenSvnrWhitelist') ?: '').replaceAll('\\s','') + ','
+def appRequiresBestTokenWithSvnr = bestTokenSvnrWhitelist.contains(','+requester+',')
+
+LOG.info("Event='AUTHREQUEST', Requester='${requester}', RequestId='${requestId}', ReplacedRequestId='${replacedRequestId}', RequestedAq=${requestedAq}, BestTokenRequired='svnr: ${appRequiresBestTokenWithSvnr}; address: ${appRequiresBestTokenWithAddress}', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
 
-def appAddressRequiredWhitelist = ',' + (parameters.get('appAddressRequired.whitelist') ?: '').replaceAll('\\s','') + ','
-def appIsOnappAddressRequiredWhitelist = appAddressRequiredWhitelist.contains(','+requester+',')
 
 if (requestedRoleLevelNumber == 0 || session.get('ch.nevis.auth.saml.request.scoping.requesterId') == null) {
   response.setResult('error');
   return
 }
 
+// TODO/haburger/2024-03-21: move this later, now here for a simple start
+if (requestedRoleLevelNumber == 600 || session.get('ch.nevis.auth.saml.request.scoping.requesterId') == 'OidcPlaygroundWork') {
+  session.setAttribute('agov.appSvnrAllowed', 'true')
+  response.setResult('exit.1');
+  return
+}
+
 try {
       def spanCtxt = Span.current().getSpanContext()
       def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
@@ -71,16 +81,18 @@ try {
         def json = jsonSlurper.parseText(httpResponse.bodyAsString())
         LOG.debug('AdressRequired: ' + json.addrRequired)
         LOG.debug('SvnrAllowed: ' + json.svnrAllowed)
-        LOG.debug('appAddressRequiredWhitelist applies: ' + appIsOnappAddressRequiredWhitelist)
+        LOG.debug('appRequiresBestTokenWithAddress: ' + appRequiresBestTokenWithAddress)
+        LOG.debug('appRequiresBestTokenWithSvnr: ' + appRequiresBestTokenWithSvnr)
 
         // address will be returned to the application if allowed by connect (json.addrRequired) 
         // and the authRequest was done with at least AGOVaq 200
-        // BITBKAGOVSUP-362: or whitelisted to receive the address
+        // BUNDBITBK-4307: or best token for address is enabled
-        session.setAttribute('agov.appAddressRequired', '' + (json.addrRequired && ((requestedRoleLevelNumber >= 200) || appIsOnappAddressRequiredWhitelist)))
+        session.setAttribute('agov.appAddressRequired', '' + (json.addrRequired && ((requestedRoleLevelNumber >= 200) || appRequiresBestTokenWithAddress)))
 
         // address will be returned to the application if allowed by connect (json.svnrAllowed) 
         // and the authRequest was done with at least AGOVaq 300
-        session.setAttribute('agov.appSvnrAllowed', '' + (json.svnrAllowed && requestedRoleLevelNumber >= 300))
+        // BUNDBITBK-4307: or best token for svnr is enabled
+        session.setAttribute('agov.appSvnrAllowed', '' + (json.svnrAllowed && ((requestedRoleLevelNumber >= 300) || appRequiresBestTokenWithSvnr)))
 
         session.setAttribute('agov.appDisplayNameDE', '' + json.displayNameDe)
         session.setAttribute('agov.appDisplayNameFR', '' + json.displayNameFr)
@@ -93,7 +105,7 @@ try {
         LOG.warn('Unexcpected HTTP response code: ' + httpResponse.code())
 
         if ( requestedRoleLevelNumber == 100) {
-           session.setAttribute('agov.appAddressRequired', '' + appIsOnappAddressRequiredWhitelist)
+           session.setAttribute('agov.appAddressRequired', '' + appRequiresBestTokenWithAddress)
            session.setAttribute('agov.appSvnrAllowed', 'false')
            response.setResult('ok')
         }
@@ -112,7 +124,7 @@ try {
 } catch (Exception e) {
   LOG.error("Failed to fetch connect meta data for relying party '${session.get('ch.nevis.auth.saml.request.scoping.requesterId')}'", e)
   if ( requestedRoleLevelNumber == 100) {
-     session.setAttribute('agov.appAddressRequired', '' + appIsOnappAddressRequiredWhitelist)
+     session.setAttribute('agov.appAddressRequired', '' + appRequiresBestTokenWithAddress)
      session.setAttribute('agov.appSvnrAllowed', 'false')
      response.setResult('ok')
   }

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisFIDO"
   replicas: 1
-  version: "8.2405.2"
+  version: "8.2411.2"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -46,12 +46,12 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-3a33cc8960643d6afc30bade3f2d225bea96681a"
+    tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf"
     credentials: "git-credentials"
   database:
     name: "fido-uaf"
-    requiredVersion: "8.2405.0"
+    requiredVersion: "8.2411.1"
   keystores:
   - "fido-uaf-default-server-identity"
   - "fido-uaf-default-client-identity"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-nevisfido-uaf-database-9385d1b33aefe975fb1c5914.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisFIDO"
   databaseType: "MariaDB"
-  version: "8.2405.2"
+  version: "8.2411.1"
   url: "mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat"
   port: 3306
   database: "nevisfido_uaf"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf

@@ -7,5 +7,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/logging.yml

@@ -12,6 +12,8 @@ Configuration:
         onMismatch: "ACCEPT"
   Loggers:
     Logger:
+    - name: "ProductAnalytics"
+      level: "INFO"
     - name: "ch.nevis.auth.fido.application.Application"
       level: "INFO"
     - name: "ch.nevis.auth.fido.api.uaf"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json

@@ -3,8 +3,16 @@
     "aaid" : "F1D0#0001",
     "description" : "Android NEVIS Mobile Authentication PIN Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [],
+    "attestationRootCertificates" : [
-    "attestationTypes" : [ 15880 ],
+      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
+      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
+      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
+      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
+    ],
+    "attestationTypes" : [ 15879, 15880 ],
     "upv" : [ {
       "major" : 1,
       "minor" : 1
@@ -13,12 +21,12 @@
       "userVerification" : 4
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithm" : 9,
+    "authenticationAlgorithms" : [ 2, 9 ],
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 1,
     "matcherProtection" : 1,
-    "publicKeyAlgAndEncoding" : 256,
+    "publicKeyAlgAndEncodings" : [ 257, 259 ],
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -26,8 +34,16 @@
     "aaid" : "F1D0#0002",
     "description" : "Android NEVIS Mobile Authentication Fingerprint Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [],
+    "attestationRootCertificates" : [
-    "attestationTypes" : [ 15880 ],
+      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
+      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
+      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
+      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
+    ],
+    "attestationTypes" : [ 15879, 15880 ],
     "upv" : [ {
       "major" : 1,
       "minor" : 1
@@ -36,12 +52,12 @@
       "userVerification" : 2
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithm" : 9,
+    "authenticationAlgorithms" : [ 2, 9 ],
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 4,
     "matcherProtection" : 2,
-    "publicKeyAlgAndEncoding" : 256,
+    "publicKeyAlgAndEncodings" : [ 257, 259 ],
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -49,8 +65,16 @@
     "aaid" : "F1D0#0003",
     "description" : "Android NEVIS Mobile Authentication Biometric Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [],
+    "attestationRootCertificates" : [
-    "attestationTypes" : [ 15880 ],
+      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
+      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
+      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
+      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
+    ],
+    "attestationTypes" : [ 15879, 15880 ],
     "upv" : [ {
       "major" : 1,
       "minor" : 1
@@ -59,12 +83,12 @@
       "userVerification" : 346
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithm" : 9,
+    "authenticationAlgorithms" : [ 2, 9 ],
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 4,
     "matcherProtection" : 2,
-    "publicKeyAlgAndEncoding" : 256,
+    "publicKeyAlgAndEncodings" : [ 257, 259 ],
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -72,8 +96,16 @@
     "aaid" : "F1D0#0004",
     "description" : "Android NEVIS Mobile Authentication Device Passcode Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [],
+    "attestationRootCertificates" : [
-    "attestationTypes" : [ 15880 ],
+      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
+      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
+      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
+      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
+    ],
+    "attestationTypes" : [ 15879, 15880 ],
     "upv" : [ {
       "major" : 1,
       "minor" : 1
@@ -82,12 +114,12 @@
       "userVerification" : 132
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithm" : 9,
+    "authenticationAlgorithms" : [ 2, 9 ],
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 4,
     "matcherProtection" : 2,
-    "publicKeyAlgAndEncoding" : 259,
+    "publicKeyAlgAndEncodings" : [ 257, 259 ],
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -95,8 +127,16 @@
     "aaid" : "F1D0#0005",
     "description" : "Android NEVIS Mobile Authentication Password Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [],
+    "attestationRootCertificates" : [
-    "attestationTypes" : [ 15880 ],
+      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
+      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
+      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
+      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
+    ],
+    "attestationTypes" : [ 15879, 15880 ],
     "upv" : [ {
       "major" : 1,
       "minor" : 1
@@ -105,12 +145,12 @@
       "userVerification" : 4
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithm" : 9,
+    "authenticationAlgorithms" : [ 2, 9 ],
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 1,
     "matcherProtection" : 1,
-    "publicKeyAlgAndEncoding" : 256,
+    "publicKeyAlgAndEncodings" : [ 257, 259 ],
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -128,12 +168,12 @@
       "userVerification" : 4
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithm" : 2,
+    "authenticationAlgorithms" : [ 2 ],
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 1,
     "matcherProtection" : 1,
-    "publicKeyAlgAndEncoding" : 257,
+    "publicKeyAlgAndEncodings" : [ 257 ],
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -151,12 +191,12 @@
       "userVerification" : 2
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithm" : 2,
+    "authenticationAlgorithms" : [ 2 ],
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 6,
     "matcherProtection" : 2,
-    "publicKeyAlgAndEncoding" : 257,
+    "publicKeyAlgAndEncodings" : [ 257 ],
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -174,12 +214,12 @@
       "userVerification" : 16
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithm" : 2,
+    "authenticationAlgorithms" : [ 2 ],
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 6,
     "matcherProtection" : 2,
-    "publicKeyAlgAndEncoding" : 257,
+    "publicKeyAlgAndEncodings" : [ 257 ],
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -197,12 +237,12 @@
       "userVerification" : 4
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithm" : 2,
+    "authenticationAlgorithms" : [ 2 ],
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 6,
     "matcherProtection" : 2,
-    "publicKeyAlgAndEncoding" : 257,
+    "publicKeyAlgAndEncodings" : [ 257 ],
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -220,12 +260,12 @@
       "userVerification" : 4
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithm" : 2,
+    "authenticationAlgorithms" : [ 2 ],
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 1,
     "matcherProtection" : 1,
-    "publicKeyAlgAndEncoding" : 257,
+    "publicKeyAlgAndEncodings" : [ 257 ],
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   }]

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/nevisfido.yml

@@ -1,116 +1,116 @@
 server:
   port: 9443
-  host: 0.0.0.0
+  host: "0.0.0.0"
-  protocol: https
+  protocol: "https"
   tls:
-    keystore: /var/opt/keys/own/fido-uaf-default-server-identity/keystore.p12
+    keystore: "/var/opt/keys/own/fido-uaf-default-server-identity/keystore.p12"
-    keystore-passphrase: ${exec:/var/opt/keys/own/fido-uaf-default-server-identity/keypass}
+    keystore-type: "pkcs12"
-    keystore-type: pkcs12
+    keystore-passphrase: "${exec:/var/opt/keys/own/fido-uaf-default-server-identity/keypass}"
-    truststore: /var/opt/keys/trust/fido-uaf-fido-uaf-extended-frontent-truststore/truststore.p12
+    truststore: "/var/opt/keys/trust/fido-uaf-fido-uaf-extended-frontent-truststore/truststore.p12"
-    truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-fido-uaf-extended-frontent-truststore/keypass}
+    truststore-type: "pkcs12"
-    truststore-type: pkcs12
+    truststore-passphrase: "${exec:/var/opt/keys/trust/fido-uaf-fido-uaf-extended-frontent-truststore/keypass}"
-
 management:
   server:
     port: 9089
   healthchecks:
     enabled: true
-
-credential-repository:
-  type: nevisidm
-  rest-url: https://idm:8989/nevisidm
-  administration-url: https://idm:8989/nevisidm/services/v1_46/AdminService
-  keystore: /var/opt/keys/own/fido-uaf-default-client-identity/keystore.p12
-  keystore-passphrase: ${exec:/var/opt/keys/own/fido-uaf-default-client-identity/keypass}
-  keystore-type: pkcs12
-  truststore: /var/opt/keys/trust/fido-uaf-default-server-trust/truststore.p12
-  truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-default-server-trust/keypass}
-  truststore-type: pkcs12
-  admin-service-version: v1_46
-  client-id: cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720
-  user-attribute: extId
-
-session-repository:
-  type: sql
-  jdbc-url: jdbc:mariadb://mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat:3306/nevisfido_uaf?sslMode=disable&autocommit=true
-  max-connection-lifetime: 10m
-  user: ${exec:/var/opt/nevisfido/default/conf/credentials/dbUser}
-  password: ${exec:/var/opt/nevisfido/default/conf/credentials/dbPassword}
-  schema-user: 
-  schema-user-password: 
-  automatic-db-schema-setup: false
-
 fido-uaf:
   enabled: true
-  app-id: https://auth.agov-w.azure.adnovum.net/nevisfido/uaf/1.1/facets
+  app-id: "https://auth.agov-w.azure.adnovum.net/nevisfido/uaf/1.1/facets"
   facets:
-    - android:apk-key-hash:kb0yJ345nFUmt4nOYK5Li7KvwDDobMKPosY48Uwb0QI
+  - "android:apk-key-hash:kb0yJ345nFUmt4nOYK5Li7KvwDDobMKPosY48Uwb0QI"
-    - ios:bundle-id:ch.agov.accessapp.t
+  - "ios:bundle-id:ch.agov.accessapp.t"
-    - android:apk-key-hash:msmxrDDoIcxmazyIf9aj8uIvRXdH/wX668OQYaYdXpE
+  - "android:apk-key-hash:msmxrDDoIcxmazyIf9aj8uIvRXdH/wX668OQYaYdXpE"
-    - ios:bundle-id:ch.agov.accessapp
+  - "ios:bundle-id:ch.agov.accessapp"
-    - android:apk-key-hash:BFZz7gpBpUUk8rLis19LKpR6ZcIZkdxxFPYOwBSKKQk
+  - "android:apk-key-hash:BFZz7gpBpUUk8rLis19LKpR6ZcIZkdxxFPYOwBSKKQk"
-    - android:apk-key-hash:xoRd0kamp4TSJcvzfWzNoivuNldp+GKI7fjnwX+VEFg
+  - "android:apk-key-hash:xoRd0kamp4TSJcvzfWzNoivuNldp+GKI7fjnwX+VEFg"
-  metadata:
-    path: conf/metadata/metadata.json
   policy:
-    path: conf/policy/
+    path: "conf/policy/"
   timeout:
-    registration: 600s
+    registration: "300s"
-    authentication: 600s
+    authentication: "300s"
-    token-registration: 180s
+    token-registration: "180s"
-    token-authentication: 180s
+    token-deregistration: "180s"
-    token-deregistration: 600s
+    token-authentication: "180s"
+    device-request: "600s"
   transaction-confirmation:
     max-text-length: 2000
+  metadata:
+    path: "conf/metadata/metadata.json"
+  idm-connection-type: "soap"
+  dispatchers:
+  - type: "firebase-cloud-messaging"
+    dry-run: false
+    service-account-json: "inv-res-secret://a78926e06a159811ee15c224-bdd107d2"
+    registration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/registration"
+    authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
+    deregistration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/deregistration"
+  - type: "png-qr-code"
+    registration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/registration"
+    authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
+    deregistration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/deregistration"
+  - type: "link"
+    registration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/registration"
+    authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
+    deregistration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/deregistration"
+    base-url: "ch.agov.access-t://x-callback-url/authenticate"
+  basic-full-attestation:
+    android-verification-level: "default"
   authorization:
     registration:
-      type: sectoken
+      type: "sectoken"
-      truststore: /var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12
+      truststore: "/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12"
-      truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}
+      truststore-type: "pkcs12"
-      truststore-type: pkcs12
+      truststore-passphrase: "${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}"
       username-attribute-names:
-        - loginId
+      - "loginId"
-        - userid
+      - "userid"
     authentication:
-      type: none
+      type: "none"
     deregistration:
-      type: sectoken
+      type: "sectoken"
-      truststore: /var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12
+      truststore: "/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12"
-      truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}
+      truststore-type: "pkcs12"
-      truststore-type: pkcs12
+      truststore-passphrase: "${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}"
       username-attribute-names:
-        - loginId
+      - "loginId"
-        - userid
+      - "userid"
     create-dispatch-target:
-      type: sectoken
+      type: "sectoken"
-      truststore: /var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12
+      truststore: "/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12"
-      truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}
+      truststore-type: "pkcs12"
-      truststore-type: pkcs12
+      truststore-passphrase: "${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}"
       username-attribute-names:
-        - loginId
+      - "loginId"
-        - userid
+      - "userid"
     query-dispatch-target:
-      type: none
+      type: "none"
     delete-dispatch-target:
-      type: sectoken
+      type: "sectoken"
-      truststore: /var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12
+      truststore: "/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12"
-      truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}
+      truststore-type: "pkcs12"
-      truststore-type: pkcs12
+      truststore-passphrase: "${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}"
       username-attribute-names:
-        - userid
+      - "userid"
-  dispatchers:
+session-repository:
-    - type: "firebase-cloud-messaging"
+  type: "sql"
-      dry-run: false
+  jdbc-url: "jdbc:mariadb://mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat:3306/nevisfido_uaf?sslMode=disable&autocommit=true"
-      service-account-json: "inv-res-secret://a78926e06a159811ee15c224-bdd107d2"
+  max-connection-lifetime: "10m"
-      registration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/registration"
+  user: "${exec:/var/opt/nevisfido/default/conf/credentials/dbUser}"
-      authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
+  password: "${exec:/var/opt/nevisfido/default/conf/credentials/dbPassword}"
-      deregistration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/deregistration"
+  schema-user: ""
-    - type: "png-qr-code"
+  schema-user-password: ""
-      registration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/registration"
+  automatic-db-schema-setup: false
-      authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
+credential-repository:
-      deregistration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/deregistration"
+  type: "nevisidm"
-    - type: "link"
+  client-id: "cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720"
-      registration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/registration"
+  user-attribute: "extId"
-      authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
+  administration-url: "https://idm:8989/nevisidm/services/v1_46/AdminService"
-      deregistration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/deregistration"
+  admin-service-version: "v1_46"
-      base-url: "ch.agov.access-t://x-callback-url/authenticate"
+  rest-url: "https://idm:8989/nevisidm"
+  keystore: "/var/opt/keys/own/fido-uaf-default-client-identity/keystore.p12"
+  keystore-type: "pkcs12"
+  keystore-passphrase: "${exec:/var/opt/keys/own/fido-uaf-default-client-identity/keypass}"
+  truststore: "/var/opt/keys/trust/fido-uaf-default-server-trust/truststore.p12"
+  truststore-type: "pkcs12"
+  truststore-passphrase: "${exec:/var/opt/keys/trust/fido-uaf-default-server-trust/keypass}"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-signer-trust-087f275433f3973a1421318f.yaml

@@ -1,12 +0,0 @@
-apiVersion: "operator.nevis-security.ch/v1"
-kind: "NevisTrustStore"
-metadata:
-  name: "fido2-default-signer-trust"
-  namespace: "adn-agov-nevisidm-01-uat"
-  labels:
-    deploymentTarget: "fido2"
-  annotations:
-    projectKey: "DEFAULT-ADN-AGOV-PROJECT"
-    patternId: "087f275433f3973a1421318f"
-spec:
-  keystores: []

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisFIDO"
   replicas: 1
-  version: "8.2405.2"
+  version: "8.2411.2"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -46,7 +46,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-2f8a215769d731c34e6278cbfb370e06e976f51f"
+    tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2"
     credentials: "git-credentials"
   keystores:
@@ -54,7 +54,6 @@ spec:
   - "fido2-default-client-identity"
   truststores:
   - "fido2-default-tls-client-trust"
-  - "fido2-default-signer-trust"
   - "fido2-default-server-trust"
   podSecurity:
     policy: "baseline"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf

@@ -6,5 +6,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/logging.yml

@@ -12,6 +12,8 @@ Configuration:
         onMismatch: "ACCEPT"
   Loggers:
     Logger:
+    - name: "ProductAnalytics"
+      level: "INFO"
     - name: "ch.nevis.auth.fido.application.Application"
       level: "INFO"
     Root:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/nevisfido.yml

@@ -1,51 +1,50 @@
 server:
   port: 9443
-  protocol: https
+  protocol: "https"
   tls:
-    keystore: /var/opt/keys/own/fido2-default-identity/keystore.p12
+    keystore: "/var/opt/keys/own/fido2-default-identity/keystore.p12"
-    keystore-passphrase: ${exec:/var/opt/keys/own/fido2-default-identity/keypass}
+    keystore-passphrase: "${exec:/var/opt/keys/own/fido2-default-identity/keypass}"
-    keystore-type: pkcs12
+    keystore-type: "pkcs12"
-
+    truststore: "/var/opt/keys/trust/fido2-default-tls-client-trust/truststore.p12"
+    truststore-passphrase: "${exec:/var/opt/keys/trust/fido2-default-tls-client-trust/keypass}"
+    truststore-type: "pkcs12"
 management:
   server:
     port: 9089
   healthchecks:
     enabled: true
-
 credential-repository:
-  type: nevisidm
+  type: "nevisidm"
-  client-id: cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720
+  client-id: "cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720"
-  rest-url: https://idm:8989/nevisidm
+  rest-url: "https://idm:8989/nevisidm"
-  keystore: /var/opt/keys/own/fido2-default-client-identity/keystore.p12
+  keystore: "/var/opt/keys/own/fido2-default-client-identity/keystore.p12"
-  keystore-passphrase: ${exec:/var/opt/keys/own/fido2-default-client-identity/keypass}
+  keystore-passphrase: "${exec:/var/opt/keys/own/fido2-default-client-identity/keypass}"
-  truststore: /var/opt/keys/trust/fido2-default-server-trust/truststore.p12
+  keystore-type: "pkcs12"
-  truststore-passphrase: ${exec:/var/opt/keys/trust/fido2-default-server-trust/keypass}
+  truststore: "/var/opt/keys/trust/fido2-default-server-trust/truststore.p12"
-  user-attribute: extId
+  truststore-passphrase: "${exec:/var/opt/keys/trust/fido2-default-server-trust/keypass}"
-
+  truststore-type: "pkcs12"
-session-repository:
+  user-attribute: "extId"
-  type: in-memory
-  jdbc-url: 
-  max-connection-lifetime: 
-  user: 
-  password: 
-  schema-user: 
-  schema-user-password: 
-  automatic-db-schema-setup: true
-
 fido2:
   enabled: true
-  rp-name: AGOV-RelPartName
+  rp-name: "AGOV-RelPartName"
-  rp-id: adnovum.net
+  rp-id: "adnovum.net"
   origins:
-    - https://me.agov-w.azure.adnovum.net
+  - "https://ob.agov-w.azure.adnovum.net"
-    - https://nevisidm.agov-w.azure.adnovum.net
+  - "https://nevisidm.agov-w.azure.adnovum.net"
-    - https://auth.agov-w.azure.adnovum.net
+  - "https://auth.agov-w.azure.adnovum.net"
   signature-algorithms:
-    - RS1
+  - "RS1"
-    - RS256
+  - "RS256"
-    - RS384
+  - "RS384"
-    - RS512
+  - "RS512"
-    - ES256
+  - "ES256"
-    - ES384
+  - "ES384"
-    - ES512
+  - "ES512"
-  display-name-source: email
+  display-name-source: "email"
+  metadata:
+    allow-listing-enabled: false
+  timeout:
+    user-verification: "300s"
+    no-user-verification: "120s"
+session-repository:
+  type: "in-memory"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-idm-db-2951ead44a7a9362a4545094.yaml

@@ -0,0 +1,28 @@
+apiVersion: "operator.nevis-security.ch/v1"
+kind: "NevisDatabase"
+metadata:
+  name: "idm"
+  namespace: "adn-agov-nevisidm-01-uat"
+  labels:
+    deploymentTarget: "idm"
+    trustImport: "idm-technical-trust-store-1058498828"
+  annotations:
+    projectKey: "DEFAULT-ADN-AGOV-PROJECT"
+    patternId: "2951ead44a7a9362a4545094"
+spec:
+  type: "NevisIDM"
+  databaseType: "MariaDB"
+  version: "8.2411.1"
+  url: "mariadb-agov-uat.mariadb.database.azure.com"
+  port: 3306
+  ssl: true
+  database: "nevisidm_uat"
+  bootstrap: true
+  migrate: true
+  rootCredentials:
+    name: "root-adn-agov-nevisidm-admin-01-uat-idm"
+    namespace: "adn-agov-nevisidm-admin-01-uat"
+  podSecurity:
+    policy: "baseline"
+    automountServiceAccountToken: false
+  timeZone: "Europe/Zurich"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisIDM"
   replicas: 1
-  version: "8.2405.2"
+  version: "8.2411.2"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -28,27 +28,30 @@ spec:
     management:
       httpGet:
         path: "/liveness"
-      periodSeconds: 30
+      periodSeconds: 5
       timeoutSeconds: 6
   readinessProbe:
     management:
       httpGet:
         path: "/health"
-      periodSeconds: 30
+      periodSeconds: 5
       timeoutSeconds: 6
   startupProbe:
     management:
       httpGet:
         path: "/health"
-      periodSeconds: 30
+      periodSeconds: 5
       timeoutSeconds: 6
-      failureThreshold: 10
+      failureThreshold: 50
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-3a33cc8960643d6afc30bade3f2d225bea96681a"
+    tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm"
     credentials: "git-credentials"
+  database:
+    name: "idm"
+    requiredVersion: "8.2411.1"
   keystores:
   - "idm-default-identity"
   truststores:
@@ -61,4 +64,3 @@ spec:
   secrets:
     secret:
     - "0eb37a5f44023ef0ad1013b6-89ec31e5"
-    - "a2068eb83a60702322c13949-27ed70d3"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/env.conf

@@ -4,5 +4,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/logging.yml

@@ -20,6 +20,8 @@ Configuration:
         onMismatch: "ACCEPT"
   Loggers:
     Logger:
+    - name: "ProductAnalytics"
+      level: "INFO"
     - name: "ch.nevis.idm.batch.jobs"
       level: "INFO"
       additivity: "false"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/nevisidm-prod.properties

@@ -3,9 +3,9 @@ web.gui.languages.default=de
 # source: pattern://2951ead44a7a9362a4545094
 database.connection.url=jdbc:mariadb://mariadb-agov-uat.mariadb.database.azure.com:3306/nevisidm_uat?pinGlobalTxToPhysicalConnection=1&useMysqlMetadata=true&cachePrepStmts=true&prepStmtCacheSize=1000&useSSL=true&trustStore=/var/opt/keys/trust/idm-db-tls-truststore/truststore.jks
 # source: pattern://2951ead44a7a9362a4545094
-database.connection.username=adndbadmin
+database.connection.username=${exec:/var/opt/nevisidm/default/conf/credentials/dbUser}
 # source: pattern://2951ead44a7a9362a4545094
-database.connection.password=secret://a2068eb83a60702322c13949-27ed70d3
+database.connection.password=${exec:/var/opt/nevisidm/default/conf/credentials/dbPassword}
 # source: pattern://b8a36646f81c3247cdb5d90b
 application.mail.smtp.host=greenmail.adn-agov-mail-01-uat.svc
 # source: pattern://b8a36646f81c3247cdb5d90b
@@ -13,6 +13,8 @@ application.mail.smtp.port=3025
 # source: pattern://b8a36646f81c3247cdb5d90b
 application.mail.sender=noreply-agov-uat@adnovum.ch
 # source: pattern://71411a755a625f9b850c6cf5
+application.config.credentialTypesToBeLockedInDatabase=URLTICKET,SAMLFEDERATION,CONTEXTPASSWORD
+# source: pattern://71411a755a625f9b850c6cf5
 application.feature.email.validation.enabled=false
 # source: pattern://71411a755a625f9b850c6cf5, pattern://b8a36646f81c3247cdb5d90b
 application.feature.multiclientmode.enabled=true

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisLogrend"
   replicas: 1
-  version: "8.2405.0"
+  version: "8.2411.2"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -44,7 +44,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-9f6d84e979285818b66af10c90377f35c4518538"
+    tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend"
     credentials: "git-credentials"
   podSecurity:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/env.conf

@@ -10,5 +10,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevislogrend/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=8.2405.0,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/logging.yml

@@ -11,7 +11,9 @@ Configuration:
         onMatch: "DENY"
         onMismatch: "ACCEPT"
   Loggers:
-    Logger: []
+    Logger:
+    - name: "ProductAnalytics"
+      level: "INFO"
     Root:
       level: "WARN"
       additivity: "false"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
 loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
-loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
+loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
 loainfo.startNow=Do you want to start the process now?
@@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=The code is too long
 recovery_check_code.noAccess=I do not have access to my code
 recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
 recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
+recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
+recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
 recovery_check_noCode.banner.error=Too many attempts.
 recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
 recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -210,7 +212,7 @@ recovery_questionnaire_no_recovery.instruction2=If you have several login factor
 recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
 recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
 recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
-recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
+recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
 recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
 recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
 recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_de.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Sprache wählen
 loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
 loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen.
-loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben.
+loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
 loainfo.helper=Ihre persönlichen Daten müssen überprüft werden!
 loainfo.later=Später
 loainfo.startNow=Möchten Sie den Prozess jetzt starten?
@@ -163,7 +163,8 @@ pwreset.info.linktext=Passwort vergessen
 pwreset.noticket=Ihr Link ist nicht mehr gültig. Bitte generieren Sie ein Neuen.
 recovery_accessapp_auth.accessAppRegistered=AGOV access app schon registriert
 recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um Sie zu identifizieren.
+recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um sich zu identifizieren.
+recovery_check_code.banner.lockedError=Zu viele Fehlversuche. Bitte versuchen Sie es in ein paar Minuten noch einmal.
 recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut.
 recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben
 recovery_check_code.instruction=Bitte geben Sie unten Ihren persönlichen 12-stelligen Wiederherstellungscode ein. Sie haben den Wiederherstellungscode in einer PDF-Datei bei der Registrierung oder in AGOV me erhalten.
@@ -173,9 +174,11 @@ recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang
 recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen
 recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen können?
 recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen können, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
-recovery_check_noCode.banner.error=Zu viele Versuche oder Ihr Wiederherstellungscode ist abgelaufen.
+recovery_check_code.too_many_tries.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
-recovery_check_noCode.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
+recovery_check_code.too_many_tries.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
-recovery_check_noCode.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
+recovery_check_noCode.banner.error=Zu viele Versuche.
+recovery_check_noCode.instruction1=Möglicherweise haben Sie zu oft versucht, den Wiederherstellungscode einzugeben.
+recovery_check_noCode.instruction2=Bitte schliessen Sie den Webbrowser und starten Sie die Kontowiederherstellung in zehn Minuten erneut auf <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
 recovery_code.banner.error=Bitte enth&uuml;llen Sie den Code, um fortfahren zu k&ouml;nnen.
 recovery_code.instruction=Der Wiederherstellungscode hilft Ihnen, Zugriff auf Ihr AGOV-Login zu erhalten, falls Sie alle Ihre Login-Faktoren verloren haben. Bitte bewahren Sie den Wiederherstellungscode an einem sicheren Ort auf.
 recovery_code.newRecoveryCode=Einf&uuml;hrung von Wiederherstellungscode
@@ -183,7 +186,7 @@ recovery_code.validUntil=G&uuml;ltig bis:
 recovery_fidokey_auth.button=Schl&uuml;sselauthentifizierung starten
 recovery_fidokey_auth.fidoInstruction=Klicken Sie auf "Schl&uuml;sselauthentifizierung starten"
 recovery_fidokey_auth.instruction1=Sie haben bereits einen neuen Sicherheitsschl&uuml;ssel !!!SECURITY_KEY_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um Sie zu identifizieren.
+recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um sich zu identifizieren.
 recovery_fidokey_auth.keyRegistered=Sicherheitsschl&uuml;ssel schon registriert
 recovery_intro_email.banner.error=Der von Ihnen verwendete Link ist abgelaufen. Bitte geben Sie Ihre E-Mail-Adresse ein, um einen neuen Link zu erhalten.
 recovery_intro_email.banner.info=Bitte geben Sie Ihre E-Mail-Adresse ein, damit wir Ihnen einen Link schicken k&ouml;nnen, mit dem Sie den Wiederherstellungsprozess starten.
@@ -209,7 +212,7 @@ recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren r
 recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschl&uuml;ssel habe
 recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschl&uuml;ssel)
 recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen
-recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht oder zur&uuml;ckgesetzt
+recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht, neu installiert oder zur&uuml;ckgesetzt
 recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschl&uuml;ssel verloren
 recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu &uuml;bertragen
 recovery_questionnaire_reason_selection.answer6=Ich habe die PIN f&uuml;r meine AGOV access App vergessen

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_en.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
 loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
-loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
+loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
 loainfo.startNow=Do you want to start the process now?
@@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=The code is too long
 recovery_check_code.noAccess=I do not have access to my code
 recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
 recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
+recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
+recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
 recovery_check_noCode.banner.error=Too many attempts.
 recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
 recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -210,7 +212,7 @@ recovery_questionnaire_no_recovery.instruction2=If you have several login factor
 recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
 recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
 recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
-recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
+recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
 recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
 recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
 recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_fr.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Sélectionner la langue
 loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours.
 loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante.
-loainfo.description.400=Pour accéder à l'application, vous devez ajouter votre numéro AVS.
+loainfo.description.400=Veuillez saisir votre numéro AVS pour accéder à l'application.
 loainfo.helper=Vos données doivent être vérifiées!
 loainfo.later=Plus tard
 loainfo.startNow=Voulez-vous commencer le processus maintenant?
@@ -164,6 +164,7 @@ pwreset.noticket=Votre lien n'est plus valide. Veuillez en gén&eacut
 recovery_accessapp_auth.accessAppRegistered=L'application AGOV access est déjà enregistrée
 recovery_accessapp_auth.instruction1=Vous avez déjà enregistré une nouvelle AGOV access app !!!ACCESS_APP_NAME!!! dans le cadre du processus de récupération.
 recovery_accessapp_auth.instruction2=Veuillez utiliser !!!ACCESS_APP_NAME!!! pour vous identifier.
+recovery_check_code.banner.lockedError=Trop de saisies erronées. Veuillez réessayer dans quelques minutes.
 recovery_check_code.codeIncorrect=Le code saisi est incorrect. Veuillez réessayer.
 recovery_check_code.enterRecoveryCode=Saisir le code de récupération
 recovery_check_code.instruction=Veuillez saisir votre code de récupération à douze chiffres. Lors de votre inscription, vous avez reçu le code de récupération sous la forme d’un fichier PDF ou dans AGOV me.
@@ -173,9 +174,11 @@ recovery_check_code.invalid.code.tooLong=Le code est trop long
 recovery_check_code.noAccess=Je n’ai pas accès à mon code de récupération
 recovery_check_code.noCodeAccess=Êtes-vous sûr de ne pas avoir accès à votre code de récupération ?
 recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de récupération, veuillez vous rendre sur AGOV help et contacter le service d’assistance AGOV. Un agent pourra vous aider dans le processus de récupération.
-recovery_check_noCode.banner.error=Trop de tentatives ou expiration de votre code de récupération.
+recovery_check_code.too_many_tries.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois.
-recovery_check_noCode.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois.
+recovery_check_code.too_many_tries.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération.
-recovery_check_noCode.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération.
+recovery_check_noCode.banner.error=Trop de tentatives.
+recovery_check_noCode.instruction1=Vous avez peut-être essayé de saisir le code de récupération trop de fois.
+recovery_check_noCode.instruction2=Veuillez fermer le navigateur web et recommencer la r&eacute;cup&eacute;ration du compte dans dix minutes &agrave; partir de <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
 recovery_code.banner.error=Veuillez indiquer votre nouveau code pour pouvoir continuer.
 recovery_code.instruction=Les codes de r&eacute;cup&eacute;ration vous permettent d'acc&eacute;der &agrave; votre compte au cas o&ugrave; vous auriez perdu tous vos identifiants. Conservez le code de r&eacute;cup&eacute;ration en lieu s&ucirc;r.
 recovery_code.newRecoveryCode=Introduction du code de r&eacute;cup&eacute;ration
@@ -209,7 +212,7 @@ recovery_questionnaire_no_recovery.instruction2=Si vous avez enregistr&eacute; p
 recovery_questionnaire_reason_selection.answer1=Je n'arrive pas &agrave; me connecter, m&ecirc;me si j'ai mon application / ma cl&eacute; de s&eacute;curit&eacute;
 recovery_questionnaire_reason_selection.answer10=J'ai perdu l'un de mes facteurs d'authentification (application AGOV access ou cl&eacute; de s&eacute;curit&eacute;)
 recovery_questionnaire_reason_selection.answer2=Je n'ai pas pu terminer mon inscription
-recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute; ou r&eacute;initialis&eacute; mon application AGOV access
+recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute;, r&eacute;install&eacute; ou r&eacute;initialis&eacute; mon application d'acc&egrave;s AGOV
 recovery_questionnaire_reason_selection.answer4=J'ai perdu mon t&eacute;l&eacute;phone / cl&eacute; de s&eacute;curit&eacute;
 recovery_questionnaire_reason_selection.answer5=J'ai un nouveau t&eacute;l&eacute;phone et j'ai oubli&eacute; de transf&eacute;rer mon application AGOV access
 recovery_questionnaire_reason_selection.answer6=J'ai oubli&eacute; mon PIN pour l'application AGOV access

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_it.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Selezionare la lingua
 loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi.
 loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata.
-loainfo.description.400=Per acceddere all'applicazione deve inserire il numero AVS.
+loainfo.description.400=Per accedere all'applicazione è necessario inserire il numero AVS.
 loainfo.helper=I dati devono essere verificati!
 loainfo.later=Più tardi
 loainfo.startNow=Iniziare la procedura?
@@ -164,6 +164,7 @@ pwreset.noticket=Il biglietto per la reimpostazione della password non è
 recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata
 recovery_accessapp_auth.instruction1=Ha già registrato una nuova app AGOV access !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
 recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
+recovery_check_code.banner.lockedError=Troppi tentativi di inserimento non validi. Riprovare tra qualche minuto.
 recovery_check_code.codeIncorrect=Il codice inserito non è corretto. Riprovare.
 recovery_check_code.enterRecoveryCode=Inserisca il codice di recupero
 recovery_check_code.instruction=Inserire qui sotto il codice di ripristino a 12 caratteri alfanumerici. Ha ricevuto questo codice in un file PDF al momento della registration o in AGOV me.
@@ -173,9 +174,11 @@ recovery_check_code.invalid.code.tooLong=Il codice è troppo lungo
 recovery_check_code.noAccess=Non ho il mio codice.
 recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino?
 recovery_check_code.noCodeAccessInstructions=Se non ha più il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assisterà nel processo di ripristino.
-recovery_check_noCode.banner.error=Troppi tentativi o codice di ripristino scaduto
+recovery_check_code.too_many_tries.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte.
-recovery_check_noCode.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte.
+recovery_check_code.too_many_tries.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
-recovery_check_noCode.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
+recovery_check_noCode.banner.error=Troppi tentativi.
+recovery_check_noCode.instruction1=Potresti aver tentato di inserire il codice di ripristino troppe volte.
+recovery_check_noCode.instruction2=Chiudi il browser web e inizia nuovamente il processo di ripristino dell'account tra dieci minuti da <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
 recovery_code.banner.error=Per procedere, inserire il nuovo codice.
 recovery_code.instruction=Il codice di ripristino le aiuta ad accedere al suo conto in caso in cui lei abbia perso le credentiali di accesso. Per favore, conservi il codice di ripristino in un luogo sicuro.
 recovery_code.newRecoveryCode=Introduzione del codice di ripristino
@@ -209,7 +212,7 @@ recovery_questionnaire_no_recovery.instruction2=Se ha registrato pi&ugrave; fatt
 recovery_questionnaire_reason_selection.answer1=Ho problemi ad accedere, anche se ho la mia app/chiave di sicurezza
 recovery_questionnaire_reason_selection.answer10=Ho perso uno dei miei fattori di accesso (app AGOV access o chiave di sicurezza)
 recovery_questionnaire_reason_selection.answer2=Non sono riuscito a completare la registrazione
-recovery_questionnaire_reason_selection.answer3=Ho eliminato o reimpostato la mia app AGOV access
+recovery_questionnaire_reason_selection.answer3=Ho eliminato, reinstallato o reimpostato la mia app AGOV access
 recovery_questionnaire_reason_selection.answer4=Ho perso il telefono/la chiave di sicurezza
 recovery_questionnaire_reason_selection.answer5=Ho un nuovo telefono e ho dimenticato di trasferire la mia app AGOV access
 recovery_questionnaire_reason_selection.answer6=Ho dimenticato il PIN dell'app AGOV access

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/mauth_link_qr.js

@@ -16,6 +16,12 @@
 
     let statusPolling;
 
+    let isPolling = false;
+    let pollingTimeout = null;
+
+    const POLLING_INTERVAL = 2000;
+    const REQUEST_TIMEOUT = 3000;
+
     function dispatchLink() {
 
         document.getElementById("mauth_started").style.display = "block"; // show
@@ -55,9 +61,7 @@
                     });
                     var sessionId = o.sessionId;
                     console.log("started polling for session ID: " + sessionId);
-                    statusPolling = window.setInterval(function () {
+                    poll(sessionId);
-                        poll(sessionId);
-                    }, 2000);
                 }
                 else {
                     console.log("authentication failed: " + o.dispatchResult);
@@ -70,21 +74,36 @@
     }
 
     function poll(sessionId) {
+        if (isPolling) {
+            return; // Exit if a polling request is already ongoing
+        }
 
-        const request = {};
+        isPolling = true;
-        request.fidoUafSessionId = sessionId;
 
-        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        const request = { fidoUafSessionId: sessionId };
-        fetch("", {
+
+        const fetchRequest = fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        }).then(res => {
+        });
-            res.json().then(o => {
+
+        // Set up the timeout for the fetch request
+        const timeoutPromise = new Promise((_, reject) => {
+            pollingTimeout = setTimeout(() => {
+                reject(new Error('Request timed out'));
+            }, REQUEST_TIMEOUT);
+        });
+
+        Promise.race([fetchRequest, timeoutPromise])
+            .then(res => res.json())
+            .then(o => {
+                clearTimeout(pollingTimeout);
                 var status = o.status;
                 console.log("status: " + status);
+
                 if (status == 'clientAuthenticating') {
                     // show process icon
                     document.getElementById("mauth_loading").style.display = 'block';
@@ -99,20 +118,24 @@
                     addInput(form, "continue", "true"); // required for custom dispatching in usernameless
                     document.body.appendChild(form);
                     form.submit();
-                }
+                } else if (status == 'failed' || status == 'unknown') {
-                else if (status == 'failed' || status == 'unknown') {
-
                     clearInterval(statusPolling);
                     console.error("authentication failed with status: " + status);
-
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     addInput(form, "fidoUafSessionId", sessionId);
                     document.body.appendChild(form);
                     form.submit();
                 }
+            })
+            .catch((err) => {
+                console.error("error:", err);
+            })
+            .finally(() => {
+                isPolling = false;
+                // Schedule the next poll if needed
+                setTimeout(() => poll(sessionId), POLLING_INTERVAL);
             });
-        }).catch((err) => console.error("error: ", err));
     }
 
     dispatchLink();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/mauth_onboard.js

@@ -16,6 +16,12 @@
 
     let statusPolling;
 
+    let isPolling = false;
+    let pollingTimeout = null;
+
+    const POLLING_INTERVAL = 2000;
+    const REQUEST_TIMEOUT = 3000;
+
     function renderEnrollment() {
 
         // link is provided by a hidden GuiElem
@@ -52,44 +58,53 @@
     }
 
     function poll() {
+        if (isPolling) {
+            return; // Exit if a polling request is already ongoing
+        }
+
+        isPolling = true;
 
         // state is held on backend side
         const request = {};
 
-        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        const fetchRequest = fetch("", {
-        fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        }).then(res => {
+        });
-            res.json().then(o => {
 
+        // Set up the timeout for the fetch request
+        const timeoutPromise = new Promise((_, reject) => {
+            pollingTimeout = setTimeout(() => {
+                reject(new Error('Request timed out'));
+            }, REQUEST_TIMEOUT);
+        });
+
+        Promise.race([fetchRequest, timeoutPromise])
+            .then(res => res.json())
+            .then(o => {
+                clearTimeout(pollingTimeout);
                 var status = o.status;
                 console.log("status: " + status);
 
                 if (status == 'clientRegistering') {
-
                     // show process icon
                     document.getElementById("mauth_loading").style.display = 'block';
 
                     // hide QR-code and information
                     document.getElementById("mauth_qrcode").style.display = 'none';
                     document.getElementById("mauth_qrcode_info").style.display = 'none';
-                }
+                } else if (status == 'succeeded') {
-                else if (status == 'succeeded') {
-
                     clearInterval(statusPolling);
-                    console.error("onboarding successful");
+                    console.log("onboarding successful");
 
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     document.body.appendChild(form);
                     form.submit();
-                }
+                } else if (status == 'failed' || status == 'unknown') {
-                else if (status == 'failed' || status == 'unknown') {
-
                     clearInterval(statusPolling);
                     console.error("onboarding failed with status: " + status);
 
@@ -98,8 +113,15 @@
                     document.body.appendChild(form);
                     form.submit();
                 }
+            })
+            .catch((err) => {
+                console.error("error:", err);
+            })
+            .finally(() => {
+                isPolling = false;
+                // Schedule the next poll if needed
+                setTimeout(() => poll(), POLLING_INTERVAL);
             });
-        }).catch((err) => console.error("error: ", err));
     }
 
     renderEnrollment();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/mauth_push_qr.js

@@ -16,6 +16,12 @@
 
     let statusPolling;
 
+    let isPolling = false;
+    let pollingTimeout = null;
+
+    const POLLING_INTERVAL = 2000;
+    const REQUEST_TIMEOUT = 3000;
+
     function dispatch(id) {
 
         document.getElementById("mauth_devices").style.display = "none"; // hide selection menu
@@ -70,9 +76,7 @@
                     });
                     var sessionId = o.sessionId;
                     console.log("started polling for session ID: " + sessionId);
-                    statusPolling = window.setInterval(function () {
+                    poll(sessionId);
-                        poll(sessionId);
-                    }, 2000);
                 }
                 else {
                     console.log("authentication failed: " + o.dispatchResult);
@@ -125,47 +129,64 @@
     }
 
     function poll(sessionId) {
+        if (isPolling) {
+            return; // Exit if a polling request is already ongoing
+        }
+        isPolling = true;
 
-        const request = {};
+        const request = { fidoUafSessionId: sessionId };
-        request.fidoUafSessionId = sessionId;
 
-        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        const fetchRequest = fetch("", {
-        fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        }).then(res => {
+        });
-            res.json().then(o => {
+
+        // Set up the timeout for the fetch request
+        const timeoutPromise = new Promise((_, reject) => {
+            pollingTimeout = setTimeout(() => {
+                reject(new Error('Request timed out'));
+            }, REQUEST_TIMEOUT);
+        });
+
+        Promise.race([fetchRequest, timeoutPromise])
+            .then(res => res.json())
+            .then(o => {
+                clearTimeout(pollingTimeout);
                 var status = o.status;
                 console.log("status: " + status);
+
                 if (status == 'clientAuthenticating') {
                     document.getElementById("mauth_qrcode").style.display = 'none';
                     document.getElementById("mauth_qrcode_info").style.display = 'none';
                     document.getElementById("mauth_match_numbers").style.display = 'block';
                     document.getElementById("mauth_loading").style.display = 'block';
                 }
+
                 if (status == 'succeeded') {
                     clearInterval(statusPolling);
-                    // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     document.body.appendChild(form);
                     form.submit();
-                }
+                } else if (status == 'failed' || status == 'unknown') {
-                else if (status == 'failed' || status == 'unknown') {
-
                     clearInterval(statusPolling);
                     console.error("authentication failed with status: " + status);
-
-                    // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     addInput(form, "fidoUafSessionId", sessionId);
                     document.body.appendChild(form);
                     form.submit();
                 }
+            })
+            .catch((err) => {
+                console.error("error:", err);
+            })
+            .finally(() => {
+                isPolling = false;
+                // Schedule the next poll if needed
+                setTimeout(() => poll(sessionId), POLLING_INTERVAL);
             });
-        }).catch((err) => console.error("error: ", err));
     }
 
     renderDeviceList();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/mauth_usernameless.js

@@ -16,6 +16,12 @@
 
     let statusPolling;
 
+    let isPolling = false;
+    let pollingTimeout = null;
+
+    const POLLING_INTERVAL = 2000;
+    const REQUEST_TIMEOUT = 3000;
+
     function dispatch() {
 
         console.log("initiating usernameless mobile authentication...");
@@ -58,9 +64,7 @@
                     });
                     var sessionId = o.sessionId;
                     console.log("started polling for session ID: " + sessionId);
-                    statusPolling = window.setInterval(function () {
+                    poll(sessionId);
-                        poll(sessionId);
-                    }, 2000);
                 }
                 else {
                     console.log("authentication failed: " + o.dispatchResult);
@@ -73,46 +77,66 @@
     }
 
     function poll(sessionId) {
+        if (isPolling) {
+            return; // Exit if a polling request is already ongoing
+        }
 
-        const request = {};
+        isPolling = true;
-        request.fidoUafSessionId = sessionId;
 
-        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        const request = { fidoUafSessionId: sessionId };
-        fetch("", {
+
+        const fetchRequest = fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        }).then(res => {
+        });
-            res.json().then(o => {
+
+        // Set up the timeout for the fetch request
+        const timeoutPromise = new Promise((_, reject) => {
+            pollingTimeout = setTimeout(() => {
+                reject(new Error('Request timed out'));
+            }, REQUEST_TIMEOUT);
+        });
+
+        Promise.race([fetchRequest, timeoutPromise])
+            .then(res => res.json())
+            .then(o => {
+                clearTimeout(pollingTimeout);
                 var status = o.status;
                 console.log("status: " + status);
+
                 if (status == 'clientAuthenticating') {
-                    document.getElementById("mauth_qrcode").style.display = 'none';
+                    // show process icon
                     document.getElementById("mauth_loading").style.display = 'block';
+                    document.getElementById("mauth_qrcode").style.display = 'none';
                 }
                 if (status == 'succeeded') {
                     clearInterval(statusPolling);
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
-                    addInput(form, "fidoUafDone", "true"); // checked by Groovy script
+                    addInput(form, "continue", "true"); // required for custom dispatching in usernameless
                     document.body.appendChild(form);
                     form.submit();
-                }
+                } else if (status == 'failed' || status == 'unknown') {
-                else if (status == 'failed' || status == 'unknown') {
-
                     clearInterval(statusPolling);
                     console.error("authentication failed with status: " + status);
-
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
-                    addInput(form, "fidoUafSessionId", sessionId); // checked by Groovy script
+                    addInput(form, "fidoUafSessionId", sessionId);
                     document.body.appendChild(form);
                     form.submit();
                 }
+            })
+            .catch((err) => {
+                console.error("error:", err);
+            })
+            .finally(() => {
+                isPolling = false;
+                // Schedule the next poll if needed
+                setTimeout(() => poll(sessionId), POLLING_INTERVAL);
             });
-        }).catch((err) => console.error("error: ", err));
     }
 
     dispatch();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/js-code/ask_mobile.js

@@ -1,6 +1,6 @@
 class ProvidePhoneNumber {
 	modal;
-	laterModal;
+	declineModal;
 	providePhoneNumberLaterButton;
 	phoneNumberInput;
 	agovInputPhoneNumberInput;
@@ -9,24 +9,20 @@ class ProvidePhoneNumber {
 
 	constructor() {
 		this.modal = document.querySelector('#modal');
-		this.laterModal = document.querySelector('#laterModal');
+		this.declineModal = document.querySelector('#declineModal');
 		this.providePhoneNumberLaterButton = document.querySelector('#providePhoneNumberLaterButton');
 		this.phoneNumberInput = document.querySelector('#phoneNumberInput');
 		this.agovInputPhoneNumberInput = document.querySelector('#agovInputPhoneNumberInput');
 		this.agovInputRepeatPhoneNumberInput = document.querySelector('#agovInputRepeatPhoneNumberInput');
 		this.repeatPhoneNumberInput = document.querySelector('#repeatPhoneNumberInput');
 
-		document.querySelector('#laterCheckbox').checked = true;
 		this.initializePhoneInput(this.phoneNumberInput);
 		this.addPhoneInputEventHandlers(this.phoneNumberInput);
 		this.addPhoneInputEventHandlers(this.repeatPhoneNumberInput);
 
-		this.providePhoneNumberLaterButton.addEventListener('click', () => {
+		document.querySelector('#declineModalBack').addEventListener('click', () => {
-			this.setVisible(this.laterModal);
-		});
-		document.querySelector('#laterModalBack').addEventListener('click', () => {
 			this.resetValidation(this.agovInputPhoneNumberInput);
-			this.setInvisible(this.laterModal);
+			this.setInvisible(this.declineModal);
 		});
 		document.querySelector('#repeatPhoneNumberModalBack').addEventListener('click', () => {
 			this.initializePhoneInput(this.phoneNumberInput);
@@ -39,6 +35,7 @@ class ProvidePhoneNumber {
 			}
 		});
 		document.querySelector('#providePhoneNumberContinueButton').addEventListener('click', () => {
+			const dialCode = `+${window.phoneNumberUtils.getDialCode()}`;
 			if (this.validateInput(this.agovInputPhoneNumberInput)) {
 				this.repeatPhoneNumberInput.value = '';
 				this.initializePhoneInput(this.repeatPhoneNumberInput);
@@ -46,6 +43,10 @@ class ProvidePhoneNumber {
 				this.showErrorBanner(false);
 				this.setVisible(this.modal);
 			}
+			else if (this.phoneNumberInput.value.trim() === '' ||
+				this.phoneNumberInput.value.trim() === dialCode) {
+				this.setVisible(this.declineModal);
+			}
 		});
 	}
 
@@ -118,7 +119,12 @@ class ProvidePhoneNumber {
 	evaluatePhoneNumbersAndSubmit() {
 		if (this.arePhoneNumbersEqual()) {
 			document.querySelector('#mobile').value = this.repeatPhoneNumberInput.value.trim().replaceAll(' ', '');
-			document.querySelector('#submit').click();
+			// Some other 'click' listeners from gsap (used in drawer.js) seem to interfere with the trigger click on
+			// submitPhoneNumber button. It happens only on mobile devices, where the drawer is used. setTimeout seems to help
+			// to avoid the issue (although it is just a workaround).
+			setTimeout(() => {
+				document.querySelector('#submitPhoneNumber').click();
+			}, 100);
 		}
 		else {
 			this.setInvisible(this.modal);

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/js-code/eid_verification.js

@@ -0,0 +1,4 @@
+document.addEventListener('DOMContentLoaded', function() {
+	document.dispatchEvent(new Event('initEidVerification'));
+	document.dispatchEvent(new Event('initCantonalBranding'));
+});

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/ask_mobile_number.vm

@@ -47,14 +47,20 @@
                 </div>
                 <div class="w-full sm:static mt-auto">
                     <div class="flex flex-col-reverse sm:flex-row gap-4">
-                        <agov-button
+                        <form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
-                                id="providePhoneNumberLaterButton"
+                              class="w-full"
-                                class="w-full"
+                              accept-charset="UTF-8">
-                                data-style="secondary"
+                            <agov-button
-                                data-label="$text.get("loainfo.later")"
+                                    data-name="submit"
-                                data-type="button"
+                                    data-value="submit"
-                                data-fullwidth="true">
+                                    data-style="secondary"
-                        </agov-button>
+                                    data-label="$text.get("loainfo.later")"
+                                    data-type="submit"
+                                    data-fullwidth="true">
+                            </agov-button>
+                            <input class="hidden" name="skip" value="later">
+                            <input class="hidden" name="authRequestId" type="hidden" value="$gui.getGuiElem('authRequestId').value"/>
+                        </form>
                         <agov-button
                                 id="providePhoneNumberContinueButton"
                                 class="w-full"
@@ -122,7 +128,7 @@
                     <agov-button
                             class="basis-full"
                             data-name="submit"
-                            data-id="submit"
+                            data-id="submitPhoneNumber"
                             data-value="submit"
                             data-type="submit"
                             data-label="$text.get("general.continue")"
@@ -155,7 +161,7 @@
     </div>
 </div>
 
-<div id="laterModal" class="fixed top-0 bottom-0 left-0 right-0 pb-20 z-50 hidden">
+<div id="declineModal" class="fixed top-0 bottom-0 left-0 right-0 pb-20 z-50 hidden">
     <div class="fixed top-0 bottom-0 left-0 right-0 backdrop-blur-[10px]" id="modal_light"></div>
     <div class="fixed top-0 bottom-0 left-0 right-0 bg-[#E2E2E2E5]/80 dark:bg-[#111111]/90" id="modal_dark"></div>
     <div id="drawer"
@@ -181,7 +187,7 @@
             <div class="w-full sm:static mt-auto sm:justify-items-end">
                 <div class="flex justify-end flex-col-reverse sm:flex-row gap-4">
                     <agov-button
-                            id="laterModalBack"
+                            id="declineModalBack"
                             data-style="secondary"
                             data-label="$text.get("general.back")"
                             data-type="button"
@@ -189,17 +195,15 @@
                     </agov-button>
                     <form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
                           accept-charset="UTF-8"
-                          class="flex flex-col flex-auto block ">
+                          class="flex flex-col flex-auto block">
                         <agov-button
-                                id="ask_mobile_continue"
                                 data-name="submit"
                                 data-value="submit"
-                                data-id="submit"
                                 data-label="$text.get("general.continue")"
                                 data-type="submit"
                                 data-fullwidth="true">
                         </agov-button>
-                        <input id="laterCheckbox" class="hidden" type="checkbox" name="skip" value="true">
+                        <input class="hidden" name="skip" value="persistent">
                         <input class="hidden" name="authRequestId" type="hidden" value="$gui.getGuiElem('authRequestId').value"/>
                     </form>
                 </div>
@@ -211,5 +215,4 @@
 <script src="${login.appDataPath}/static/js-code/ask_mobile.js">
 </script>
 
-
 #parse("${templatePath}/footer.vm")

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/eid_verification.mock.js

@@ -0,0 +1,3 @@
+module.exports = {
+	...require('./mock-defaults')
+};

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/eid_verification.vm

@@ -0,0 +1,224 @@
+#parse("${templatePath}/header.vm")
+#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
+
+<agov-backdrop></agov-backdrop>
+<div id="mainContent" class="container mx-auto sm:mt-2 sm:max-w-full flex h-full sm:h-auto">
+	<div class="flex flex-col items-start gap-4 w-full rounded-[36px] sm:p-6 mx-auto
+	 max-w-[600px] md:max-w-[1200px] sm:bg-lily-blue dark:sm:bg-purple-black">
+
+		<div id="cantonalBranding"
+			 class="flex items-center rounded-xl gap-5 p-2 sm:p-0 sm:w-auto w-full hidden bg-pale-blue dark:bg-purple-black sm:bg-transparent">
+			<div class="flex items-center p-2 bg-white rounded sm:rounded-xl w-16 h-16" id="logo"></div>
+			<h1 class="font-header text-h6 sm:text-h4 text-space-blue dark:text-white">
+                #if ($login.language =="en")
+						$utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameEN').value)
+				#elseif ($login.language =="de")
+                    $utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameDE').value)
+                #elseif ($login.language =="fr")
+                    $utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameFR').value)
+                #else
+                    $utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameIT').value)
+                #end
+			</h1>
+		</div>
+
+		<div class="flex flex-col md:flex-row w-full gap-6">
+			<div id="registerCard" class="w-full md:min-h-[689px] flex flex-col justify-between">
+				<div id="swiyuLoginImage"
+					 class="relative md:max-w-[520px] max-w-[350px] sm:max-w-[300px] mb-10 w-full mx-auto hidden md:block">
+					<img alt="" src="${login.appDataPath}/static/images/login.svg"
+						 class="hidden md:block dark:hidden w-full">
+					<img alt="" src="${login.appDataPath}/static/images/login-dark.svg"
+						 class="hidden md:hidden dark:md:block w-full">
+				</div>
+			</div>
+
+			<div id="loginModal"
+				 class="flex flex-col bg-white dark:bg-surface-black rounded-[20px] sm:min-h-[700px] p-6 sm:pb-8 sm:pt-10 sm:px-10
+				 max-w-[550px] w-full">
+
+				<div class="flex mb-4 sm:mb-6 items-baseline">
+					<h1 class="font-header text-h4 text-space-blue dark:text-white mr-3">$text.get("eid_verification.login")</h1>
+				</div>
+
+				<div id="cantonalBrandingMobile"
+					 class="flex items-center rounded-xl gap-5 mb-4 p-2 sm:p-0 sm:w-auto w-full hidden bg-pale-blue dark:bg-purple-black sm:bg-transparent">
+					<div class="flex items-center p-2 bg-white dark:bg-black rounded sm:rounded-xl w-16 h-16"
+						 id="logoMobile"></div>
+					<h1 class="font-header text-h6 sm:text-h4 text-space-blue dark:text-white">
+                        #if ($login.language =="en")
+							$utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameEN').value)
+						#elseif ($login.language =="de")
+                            $utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameDE').value)
+                        #elseif ($login.language =="fr")
+                            $utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameFR').value)
+                        #else
+                            $utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameIT').value)
+                        #end
+					</h1>
+				</div>
+
+				<div id="swiyuWalletAppModal" class="h-full">
+
+					<div class="desktopBanner" aria-live="assertive">
+						<div class="hidden info flex rounded-xl bg-info-background dark:bg-dark-info-background items-center p-4
+						mb-4">
+							<i class="fa-regular fa-info-circle rounded-full p-3 text-info dark:text-dark-info bg-info/10 dark:bg-dark-info-icon mr-4 text-xl leading-none"></i>
+							<p class="font-body text-body-l text-space-blue dark:text-white">
+                                $text.get("eid_verification.banner.info")
+							</p>
+						</div>
+
+						<div class="hidden success flex rounded-xl bg-success-background dark:bg-dark-success-background
+						items-center p-4 mb-4">
+							<i class="fa-regular fa-check-circle rounded-full p-3 text-success dark:text-dark-success bg-success/10 dark:bg-dark-success-icon mr-4 text-xl leading-none"></i>
+							<div>
+								<p class="font-body text-body-l text-space-blue dark:text-white">
+                                    $text.get("eid_verification.banner.success")
+								</p>
+							</div>
+						</div>
+
+						<div class="hidden error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center
+						p-4 mb-4">
+							<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
+							<p class="font-body text-body-l text-space-blue dark:text-white">
+                                $text.get("eid_verification.banner.error")
+							</p>
+						</div>
+					</div>
+
+					<div class="relative flex flex-col h-full">
+						<div id="blurBackdrop" class="hidden absolute backdrop-blur-sm -top-1 -bottom-8 -left-4 -right-4
+						z-10"></div>
+						<div class="mobileBanner relative z-20" aria-live="assertive">
+							<div class="hidden info flex rounded-xl bg-info-background dark:bg-dark-info-background items-center
+							p-4 mb-4">
+								<i class="fa-regular fa-info-circle rounded-full p-3 text-info dark:text-dark-info bg-info/10 dark:bg-dark-info-icon mr-4 text-xl leading-none"></i>
+								<p class="font-body text-body-l text-space-blue dark:text-white">
+                                    $text.get("eid_verification.banner.info")
+								</p>
+							</div>
+
+							<div class="hidden success flex rounded-xl bg-success-background dark:bg-dark-success-background
+								 items-center p-4 mb-4">
+								<i class="fa-regular fa-check-circle rounded-full p-3 text-success dark:text-dark-success bg-success/10 dark:bg-dark-success-icon mr-4 text-xl leading-none"></i>
+								<div>
+									<p class="font-body text-body-l text-space-blue dark:text-white">
+                                        $text.get("eid_verification.banner.success")
+									</p>
+								</div>
+							</div>
+
+							<div class="hidden error flex rounded-xl bg-error-background dark:bg-dark-error-background
+							items-center p-4 mb-4">
+								<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
+								<p class="font-body text-body-l text-space-blue dark:text-white">
+                                    $text.get("eid_verification.banner.error")
+								</p>
+							</div>
+						</div>
+						<div id="swiyuLoginImageMobile"
+							 class="hidden max-w-[200px] sm:max-w-full sm:w-full basis-1/2 mx-auto mb-6">
+							<img alt=""
+								 src="${login.appDataPath}/static/images/login.svg"
+								 class="block dark:hidden w-full">
+
+							<img alt=""
+								 src="${login.appDataPath}/static/images/login-dark.svg"
+								 class="hidden dark:block w-full">
+						</div>
+						<div id="QRCodeHolder">
+							<div class="relative">
+								<canvas role="img" aria-labelledby="labelQRCodeInstructions" id="swiyu_qrcode"
+										class="mb-6 mx-auto"></canvas>
+								<div class="hidden" id="QRcodeHiddenLink"></div>
+								<span id="spinner" class="hidden absolute left-1/2 top-1/2 -translate-x-1/2 -translate-y-1/2
+								z-20">
+								<img src="${login.appDataPath}/static/images/spinner.svg" class="animate-spin block dark:hidden">
+								<img src="${login.appDataPath}/static/images/spinner-dark.svg"
+									 class="animate-spin hidden dark:block">
+								</span>
+							</div>
+
+							<a id="swiyuWalletAppLinkIpad" href="" class="hidden">
+								<agov-button
+										class="block basis-full mb-6"
+										data-name="swiyuWalletApp"
+										data-value="swiyuWalletApp"
+										data-id="swiyuWalletAppIpad"
+										data-label="$text.get("general.goSwiyuWalletApp")"
+										data-type="button"
+										data-fullwidth="true">
+								</agov-button>
+							</a>
+
+							<div class="swiyuWalletAppInstructions flex bg-indigo-light rounded-xl p-4 mb-2 items-center
+							dark:bg-purple-black">
+								<img alt="" src="${login.appDataPath}/static/images/access-app.svg" class="h-12 mr-4">
+								<p id="labelQRCodeInstructions" class="font-header text-h5 text-space-blue dark:text-white">
+                                    $text.get("eid_verification.instructions")
+								</p>
+							</div>
+						</div>
+
+						<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
+							  accept-charset="UTF-8" class="w-full sm:static mt-auto mb-20 sm:mb-0">
+
+							<div id="mobileButtons" class="hidden w-full">
+								<div class="flex flex-col">
+									<a id="swiyuWalletAppLink" href="">
+										<agov-button
+												class="block basis-full mb-4"
+												data-name="swiyuWalletApp"
+												data-value="swiyuWalletApp"
+												data-id="swiyuWalletApp"
+												data-label="$text.get("general.goSwiyuWalletApp")"
+												data-type="button"
+												data-fullwidth="true">
+										</agov-button>
+									</a>
+									<agov-button
+											id="showQR"
+											class="block basis-full"
+											data-style="frameless"
+											data-name="EID"
+											data-value="EID"
+											data-id="EID"
+											data-label="<i class='fa-regular fa-eye align-middle text-xl text-indigo dark:text-lilac mr-2'></i>$text.get(
+                                                "eid_verification.showQR")"
+											data-type="button"
+											data-fullwidth="true">
+									</agov-button>
+
+									<agov-button
+											id="hideQR"
+											class="hidden basis-full"
+											data-style="frameless"
+											data-name="EID"
+											data-value="EID"
+											data-id="EID"
+											data-label="<i class='fa-regular fa-eye-slash align-middle text-xl text-indigo dark:text-lilac mr-2'></i>$text.get(
+                                                "eid_verification.hideQR")"
+											data-type="button"
+											data-fullwidth="true">
+									</agov-button>
+								</div>
+							</div>
+							<input class="hidden" name="authRequestId" type="hidden"
+								   value="$gui.getGuiElem('authRequestId').value"/>
+						</form>
+					</div>
+				</div>
+			</div>
+		</div>
+	</div>
+</div>
+
+<script src="${login.appDataPath}/static/js-code/eid_verification.js" defer>
+</script>
+<div id="appSamlRpEntityId" class="hidden" data-value="$gui.getGuiElem('agov.appSamlRpEntityId').value"
+	data-language="$login.language">
+</div>
+
+#parse("${templatePath}/footer.vm")

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/footer.vm

@@ -3,7 +3,7 @@
 			$text.get("footer.text")
 			<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
 		</div>
-		<p>1.8.x.2506-20250108T151954Z</p>
+		<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
 	</footer>
 	<script src="${login.appDataPath}/static/bundle.js"></script>
 </body>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/mauth_usernameless.vm

@@ -150,15 +150,15 @@
 								</p>
 							</div>
 						</div>
-						<div id="agovLoginImageMobile" class="hidden md:max-w-[520px] max-w-[350px] sm:max-w-[300px] w-full
+						<div id="agovLoginImageMobile"
-						mx-auto mb-6">
+							 class="hidden max-w-[200px] sm:max-w-full sm:w-full basis-1/2 mx-auto mb-6">
 							<img alt=""
 								 src="${login.appDataPath}/static/images/login.svg"
-								 class="block sm:hidden md:block dark:hidden w-full">
+								 class="block dark:hidden w-full">
 
 							<img alt=""
 								 src="${login.appDataPath}/static/images/login-dark.svg"
-								 class="dark:sm:hidden dark:md:block hidden dark:block w-full">
+								 class="hidden dark:block w-full">
 						</div>
 						<div id="QRCodeHolder">
 							<div class="relative">
@@ -242,7 +242,7 @@
 						</form>
 					</div>
 				</div>
-				<div id="securityKeyModal" class="hidden mt-16">
+				<div id="securityKeyModal" class="hidden sm:mt-16">
 
 					<h2 class="font-header text-h5 text-space-blue dark:text-white mt-4 text-center">
                         $text.get("mauth_usernameless.useSecurityKey")
@@ -253,7 +253,7 @@
 					</p>
 
 					<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
-						  accept-charset="UTF-8">
+						  accept-charset="UTF-8" class="mb-20 sm:mb-0">
 						<agov-button
 								class="mb-4 block"
 								data-name="fallback"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_accessapp_auth.vm

@@ -82,14 +82,14 @@
 						</div>
 					</div>
 					<div id="agovLoginImageMobile"
-						 class="hidden md:max-w-[520px] max-w-[350px] sm:max-w-[300px] w-full basis-1/2 mx-auto mb-4">
+						 class="hidden max-w-[200px] sm:max-w-full sm:w-full basis-1/2 mx-auto mb-4">
 						<img alt=""
 							 src="${login.appDataPath}/static/images/recovery.svg"
-							 class="block sm:hidden md:block dark:hidden w-full">
+							 class="block w-full">
 
 						<img alt=""
 							 src="${login.appDataPath}/static/images/recovery_dark.svg"
-							 class="dark:sm:hidden dark:md:block hidden dark:block w-full">
+							 class="hidden dark:block w-full">
 					</div>
 					<div id="QRCodeHolder">
 						<div class="relative">

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_check_code.vm

@@ -2,116 +2,151 @@
 
 <agov-backdrop></agov-backdrop>
 <div id="mainContent" class="container mx-auto sm:mt-32 sm:max-w-full flex flex-auto sm:block">
-    <div class="flex flex-col-reverse sm:flex-row justify-evenly items-center gap-5 w-full">
+	<div class="flex flex-col-reverse sm:flex-row justify-evenly items-center gap-5 w-full">
-        <div class="flex flex-col sm:bg-white sm:dark:bg-surface-black rounded-[20px] sm:px-10 sm:py-10 max-w-[550px] w-full
+		<div class="flex flex-col sm:bg-white sm:dark:bg-surface-black rounded-[20px] sm:px-10 sm:py-10 max-w-[550px] w-full
 		basis-full md:basis-1/2 min-h-[535px]">
-			<span id="spinner" class="hidden absolute left-1/2 top-1/2 -translate-x-1/2 -translate-y-1/2 z-30">
+	<span id="spinner" class="hidden absolute left-1/2 top-1/2 -translate-x-1/2 -translate-y-1/2 z-30">
 				<img src="${login.appDataPath}/static/images/spinner.svg" class="animate-spin block dark:hidden">
 				<img src="${login.appDataPath}/static/images/spinner-dark.svg" class="animate-spin hidden dark:block">
 			</span>
-            <div id="blurBackdrop" class="hidden absolute backdrop-blur-sm -top-1 -bottom-96 -left-4 -right-4 z-20"></div>
+			<div id="blurBackdrop" class="hidden absolute backdrop-blur-sm -top-1 -bottom-96 -left-4 -right-4 z-20"></div>
-            <div class="flex flex-col gap-8">
+			<div class="flex flex-col gap-8">
-                <div class="flex items-baseline">
+				<div class="flex items-baseline">
 					#set($error = $gui.getGuiElem("lasterror"))
-                    <h3 class="font-header text-h3 text-space-blue dark:text-white mr-3">
+					<h3 class="font-header text-h3 text-space-blue dark:text-white mr-3">
 						$text.get("general.recovery")
-                    </h3>
+					</h3>
-                    <h4 class="font-header text-h4 text-disabled-grey dark:text-silver">
+					<h4 class="font-header text-h4 text-disabled-grey dark:text-silver">
 						$text.get("general.entryCode")
-                    </h4>
+					</h4>
-                </div>
+				</div>
 				#if (($error.value && $error.value != ""))
 					#if (($error.value == "locked"))
-                        <div class="error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4">
+						<div class="error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4">
-                            <i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
+							<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
-                            <p class="font-body text-body-l text-space-blue dark:text-white">
+							<p class="font-body text-body-l text-space-blue dark:text-white">
 								$text.get("recovery_check_code.banner.lockedError")
-                            </p>
+							</p>
-                        </div>
+						</div>
+						<p class="font-body text-body-l text-space-blue dark:text-white">
+							$text.get("recovery_check_code.too_many_tries.instruction1")
+						</p>
+						<p class="font-body text-body-l text-space-blue dark:text-white">
+							$text.get("recovery_check_code.too_many_tries.instruction2")
+						</p>
 					#else
-                        <div class="error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4">
+						<div class="error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4">
-                            <i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
+							<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
-                            <p class="font-body text-body-l text-space-blue dark:text-white">
+							<p class="font-body text-body-l text-space-blue dark:text-white">
 								$text.get("recovery_check_code.codeIncorrect")
-                            </p>
+							</p>
-                        </div>
+						</div>
+						<p class="font-body text-body-l text-space-blue dark:text-white">
+							$text.get("recovery_check_code.instruction")
+						</p>
 					#end
+				#else
+					<p class="font-body text-body-l text-space-blue dark:text-white">
+						$text.get("recovery_check_code.instruction")
+					</p>
 				#end
-                <p class="font-body text-body-l text-space-blue dark:text-white">
+			</div>
-					$text.get("recovery_check_code.instruction")
-                </p>
-            </div>
 			#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
-            <form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
+			#if (($error.value && $error.value != "locked") || !($error.value))
-                  accept-charset="UTF-8"
+				<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
-                  class="flex flex-col flex-auto block">
+					  accept-charset="UTF-8"
-                <agov-input
+					  class="flex flex-col flex-auto block">
-                        id="recovery_code_input"
+					<agov-input
-                        class="py-16"
+							id="recovery_code_input"
-                        data-label="$text.get("recovery_check_code.enterRecoveryCode")"
+							class="py-16"
-                        data-isLabelHidden="true"
+							data-label="$text.get("recovery_check_code.enterRecoveryCode")"
-                        data-placeholder=""
+							data-isLabelHidden="true"
-                        data-id="code"
+							data-placeholder=""
-                        data-name="code"
+							data-id="code"
-                        data-value=""
+							data-name="code"
-                        data-type="text"
+							data-value=""
-                        data-autofocus="true"
+							data-type="text"
-                        data-email_invalid="$text.get("recovery_check_code.invalid.code")"
+							data-autofocus="true"
-                        data-email_too_long="$text.get("recovery_check_code.invalid.code.tooLong")"
+							data-email_invalid="$text.get("recovery_check_code.invalid.code")"
-                        data-email_required="$text.get("recovery_check_code.invalid.code.required")">
+							data-email_too_long="$text.get("recovery_check_code.invalid.code.tooLong")"
-                </agov-input>
+							data-email_required="$text.get("recovery_check_code.invalid.code.required")">
-                <div class="w-full sm:static mt-auto mb-6 sm:mb-0">
+					</agov-input>
-                    <div class="flex flex-col flex-row-reverse gap-4">
+					<div class="w-full sm:static mt-auto mb-6 sm:mb-0">
-                        <agov-button
+						<div class="flex flex-col flex-row-reverse gap-4">
-                                id="recovery_code_btn"
+							<agov-button
-                                class="block basis-full"
+									id="recovery_code_btn"
-                                data-name="confirm"
+									class="block basis-full"
-                                data-value="confirm"
+									data-name="confirm"
-                                data-id="confirm"
+									data-value="confirm"
-                                data-label="$text.get("general.confirm")"
+									data-id="confirm"
-                                data-type="submit"
+									data-label="$text.get("general.confirm")"
-                                data-fullwidth="true">
+									data-type="submit"
-                        </agov-button>
+									data-fullwidth="true">
-                        <agov-button
+							</agov-button>
-                                id="recovery_code_btn_cancel"
+							<agov-button
-                                class="block basis-full"
+									id="recovery_code_btn_cancel"
-                                data-style="frameless"
+									class="block basis-full"
-                                data-name="cancelFido2"
+									data-style="frameless"
-                                data-value="cancelFido2"
+									data-name="cancelFido2"
-                                data-id="cancelFido2"
+									data-value="cancelFido2"
-                                data-label="$text.get("recovery_check_code.noAccess")"
+									data-id="cancelFido2"
-                                data-type="button"
+									data-label="$text.get("recovery_check_code.noAccess")"
-                                data-fullwidth="true"
+									data-type="button"
-                                data-validate="false">
+									data-fullwidth="true"
-                        </agov-button>
+									data-validate="false">
-                    </div>
+							</agov-button>
-                </div>
+							<input class="hidden" name="authRequestId" type="hidden"
-                <input class="hidden" name="authRequestId" type="hidden" value="$gui.getGuiElem('authRequestId').value"/>
+								   value="$gui.getGuiElem('authRequestId').value"/>
-            </form>
+						</div>
-        </div>
+					</div>
-        <form class="hidden"
+				</form>
-              id="$gui.name"
+			#else
-              name="$gui.name"
+				<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
-              method="POST"
+					  accept-charset="UTF-8"
-              target="_self"
+					  class="flex flex-col flex-auto block">
-              action="$formTarget"
+					<div class="w-full sm:static mt-auto mb-6 sm:mb-0">
-              autocomplete="off"
+						<div class="flex flex-col flex-row-reverse gap-4">
-              accept-charset="UTF-8">
+							<agov-button
-            <agov-button
+									id="recovery_code_btn_cancel"
-                    data-name="submit"
+									class="block basis-full"
-                    data-id="submitFormButton"
+									data-name="cancelFido2"
-                    data-value="submit"
+									data-value="cancelFido2"
-                    data-type="submit"
+									data-id="cancelFido2"
-                    data-fullwidth="true">
+									data-label="$text.get("recovery_check_code.noAccess")"
-            </agov-button>
+									data-type="button"
-            <input class="hidden" name="no_code" id="noCodeCheckbox" type="checkbox" value="true">
+									data-fullwidth="true"
-            <input class="hidden" name="authRequestId" type="hidden" value="$gui.getGuiElem('authRequestId').value"/>
+									data-validate="false">
-        </form>
+							</agov-button>
-        <img alt="" src="${login.appDataPath}/static/images/recovery.svg"
+							<input class="hidden" name="authRequestId" type="hidden"
-             class="md:max-w-[520px] max-w-[350px] sm:max-w-[300px] w-full md:basis-1/2 dark:hidden hidden md:block">
+								   value="$gui.getGuiElem('authRequestId').value"/>
-        <img alt="" src="${login.appDataPath}/static/images/recovery_dark.svg"
+						</div>
-             class="md:max-w-[520px] max-w-[350px] sm:max-w-[300px] w-full md:basis-1/2 hidden dark:md:block">
+					</div>
-    </div>
+				</form>
+			#end
+		</div>
+		<form class="hidden"
+			  id="$gui.name"
+			  name="$gui.name"
+			  method="POST"
+			  target="_self"
+			  action="$formTarget"
+			  autocomplete="off"
+			  accept-charset="UTF-8">
+			<agov-button
+					data-name="submit"
+					data-id="submitFormButton"
+					data-value="submit"
+					data-type="submit"
+					data-fullwidth="true">
+			</agov-button>
+			<input class="hidden" name="no_code" id="noCodeCheckbox" type="checkbox" value="true">
+			<input class="hidden" name="authRequestId" type="hidden" value="$gui.getGuiElem('authRequestId').value"/>
+		</form>
+		<img alt="" src="${login.appDataPath}/static/images/recovery.svg"
+			 class="md:max-w-[520px] max-w-[350px] sm:max-w-[300px] w-full md:basis-1/2 dark:hidden hidden md:block">
+		<img alt="" src="${login.appDataPath}/static/images/recovery_dark.svg"
+			 class="md:max-w-[520px] max-w-[350px] sm:max-w-[300px] w-full md:basis-1/2 hidden dark:md:block">
+	</div>
 </div>
 
 <script src="${login.appDataPath}/static/js-code/recovery_check_code.js">

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_loginfactor.vm

@@ -26,18 +26,18 @@
 			<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
 				  accept-charset="UTF-8"
 				  class="flex flex-col flex-auto block ">
-				<agov-radio-button data-text="$text.get("recovery_questionnaire_loginfactor.yes")"
+				<agov-questionnaire-radio-button data-text="$text.get("recovery_questionnaire_loginfactor.yes")"
 								   data-groupName="radio-buttons"
 								   data-value="yes"
 								   data-id="yes"
 								   data-name="continue">
-				</agov-radio-button>
+				</agov-questionnaire-radio-button>
-				<agov-radio-button data-text="$text.get("recovery_questionnaire_loginfactor.no")"
+				<agov-questionnaire-radio-button data-text="$text.get("recovery_questionnaire_loginfactor.no")"
 								   data-groupName="radio-buttons"
 								   data-value="no"
 								   data-id="no"
 								   data-name="continue">
-				</agov-radio-button>
+				</agov-questionnaire-radio-button>
 
 				<div id="buttons" class="w-full sm:static mt-auto mb-6 sm:mb-0 mt-24 sm:mt-24">
 					<div class="flex sm:flex-row-reverse flex-col gap-2">

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_reason_selection.vm

@@ -1,91 +1,91 @@
 #parse("${templatePath}/header.vm")
-
 <agov-backdrop></agov-backdrop>
 <div id="mainContent" class="container mx-auto sm:mt-32 sm:max-w-full flex flex-auto sm:block">
-	<div class="flex flex-col-reverse sm:flex-row justify-evenly items-center gap-5 w-full">
+    <div class="flex flex-col-reverse sm:flex-row justify-evenly items-center gap-5 w-full">
-		<div class="flex flex-col sm:bg-white sm:dark:bg-surface-black rounded-[20px] sm:px-10 sm:py-10 max-w-[550px] w-full
+        <div class="flex flex-col sm:bg-white sm:dark:bg-surface-black rounded-[20px] sm:px-10 sm:py-10 max-w-[550px] w-full
 		basis-full md:basis-1/2">
 
-			<div class="flex mb-8 items-baseline">
+            <div class="flex mb-8 items-baseline">
-				<h3 class="font-header text-h3 text-space-blue dark:text-white mr-3">$text.get("general.recovery")</h3>
+                <h3 class="font-header text-h3 text-space-blue dark:text-white mr-3">$text.get("general.recovery")</h3>
-			</div>
+            </div>
 
-			<p class="font-body text-body-l text-space-blue dark:text-white mb-8">
+            <p class="font-body text-body-l text-space-blue dark:text-white mb-8">
-                $text.get("recovery_questionnaire_reason_selection.instruction")
+				$text.get("recovery_questionnaire_reason_selection.instruction")
-			</p>
+            </p>
 
-			<div class="error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4 mb-4 hidden"
+            <div class="error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4 mb-4 hidden"
-				 id="errorBanner">
+                 id="errorBanner">
-				<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
+                <i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
-				<p class="font-body text-body-l text-space-blue dark:text-white">
+                <p class="font-body text-body-l text-space-blue dark:text-white">
-                    $text.get("recovery_questionnaire_reason_selection.banner.error")
+					$text.get("recovery_questionnaire_reason_selection.banner.error")
-				</p>
+                </p>
-			</div>
+            </div>
 
-            #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
+			#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
-			<form id="answersForm" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
+            <form id="answersForm" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
-				  accept-charset="UTF-8"
+                  accept-charset="UTF-8"
-				  class="flex flex-col flex-auto block ">
+                  class="flex flex-col flex-auto block ">
 
-                #set ($previousAnswer = $gui.getGuiElem("question"))
+				#set ($previousAnswer = $gui.getGuiElem("question"))
-                #if ($previousAnswer.value == "yes")
+				#if ($previousAnswer.value == "yes")
-                    #set ($answers = ["answer7", "answer8", "answer9", "answer10"])
+					#set ($answers = ["answer7", "answer8", "answer9", "answer10"])
-                #elseif ($previousAnswer.value == "no")
+				#elseif ($previousAnswer.value == "no")
-                    #set ($answers = ["answer1", "answer2", "answer3", "answer4", "answer5", "answer6"])
+					#set ($answers = ["answer1", "answer2", "answer3", "answer4", "answer5", "answer6"])
-                #else
+				#else
-                    #set ($answers = [])
+					#set ($answers = [])
-                #end
+				#end
 
-                #if ($answers.size() > 0)
+				#if ($answers.size() > 0)
-                    #foreach ($answer in $answers)
+					#foreach ($answer in $answers)
-                        #set ($isYes = "yes")
+						#set ($isYes = "yes")
-                        #set ($isNo = "no")
+						#set ($isNo = "no")
-                        #set ($dataValue = "")
+						#set ($dataValue = "")
 
-                        #if ($answer == "answer2" || $answer == "answer3" || $answer ==
+						#if ($answer == "answer2" || $answer == "answer3" || $answer ==
-                            "answer4" || $answer == "answer5" || $answer == "answer6" || $answer == "answer8")
+							"answer4" || $answer == "answer5" || $answer == "answer6" || $answer == "answer8")
-                            #set ($dataValue = $isYes)
+							#set ($dataValue = $isYes)
-                        #elseif ($answer == "answer1" || $answer == "answer7" || $answer == "answer9" || $answer == "answer10")
+						#elseif ($answer == "answer1" || $answer == "answer7" || $answer == "answer9" || $answer == "answer10")
-                            #set ($dataValue = $isNo)
+							#set ($dataValue = $isNo)
-                        #end
+						#end
-						<agov-radio-button data-text="$text.get("recovery_questionnaire_reason_selection.$answer")"
+                        <agov-questionnaire-radio-button data-text="$text.get("recovery_questionnaire_reason_selection.$answer")"
-										   data-value="$dataValue"
+                                           data-value="$dataValue"
-										   data-id="$answer"
+                                           data-reason="$answer"
-										   data-name="continue"
+                                           data-id="$answer"
-										   data-groupName="button-answers">
+                                           data-name="continue"
-						</agov-radio-button>
+                                           data-groupName="button-answers">
-                    #end
+                        </agov-questionnaire-radio-button>
-                #end
+					#end
+				#end
 
-				<div class="w-full sm:static mt-8 mb-6 sm:mb-0 ">
+                <div class="w-full sm:static mt-8 mb-6 sm:mb-0 ">
-					<div class="flex sm:flex-row-reverse flex-col gap-2">
+                    <div class="flex sm:flex-row-reverse flex-col gap-2">
-						<agov-button
+                        <agov-button
-								id="questionnaire_continue_btn_reason"
+                                id="questionnaire_continue_btn_reason"
-								class="block basis-full"
+                                class="block basis-full"
-								data-label="$text.get("general.continue")"
+                                data-label="$text.get("general.continue")"
-								data-type="submit"
+                                data-type="submit"
-								data-fullwidth="true">
+                                data-fullwidth="true">
-						</agov-button>
+                        </agov-button>
-
+                        <agov-button
-						<agov-button
+                                class="block basis-full"
-								class="block basis-full"
+                                data-style="secondary"
-								data-style="secondary"
+                                data-name="cancel"
-								data-name="cancel"
+                                data-value="cancel"
-								data-value="cancel"
+                                data-label="$text.get("general.back")"
-								data-label="$text.get("general.back")"
+                                data-type="submit"
-								data-type="submit"
+                                data-fullwidth="true">
-								data-fullwidth="true">
+                        </agov-button>
-						</agov-button>
+                    </div>
-					</div>
+                </div>
-				</div>
+                <input class="hidden" name="authRequestId" type="hidden" value="$gui.getGuiElem('authRequestId').value"/>
-				<input class="hidden" name="authRequestId" type="hidden" value="$gui.getGuiElem('authRequestId').value"/>
+                <input id="reasonInput" class="hidden" name="reason" type="hidden" value=""/>
-			</form>
+            </form>
-		</div>
+        </div>
-		<img alt="" src="${login.appDataPath}/static/images/recovery.svg"
+        <img alt="" src="${login.appDataPath}/static/images/recovery.svg"
-			 class="md:max-w-[520px] max-w-[350px] sm:max-w-[300px] w-full md:basis-1/2 dark:hidden hidden md:block">
+             class="md:max-w-[520px] max-w-[350px] sm:max-w-[300px] w-full md:basis-1/2 dark:hidden hidden md:block">
-		<img alt="" src="${login.appDataPath}/static/images/recovery_dark.svg"
+        <img alt="" src="${login.appDataPath}/static/images/recovery_dark.svg"
-			 class="md:max-w-[520px] max-w-[350px] sm:max-w-[300px] w-full md:basis-1/2 hidden dark:md:block">
+             class="md:max-w-[520px] max-w-[350px] sm:max-w-[300px] w-full md:basis-1/2 hidden dark:md:block">
-	</div>
+    </div>
 </div>
 
 <script src="${login.appDataPath}/static/js-code/recovery_questionnaire_reason_selection.js">

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
 loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
-loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
+loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
 loainfo.startNow=Do you want to start the process now?
@@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=The code is too long
 recovery_check_code.noAccess=I do not have access to my code
 recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
 recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
+recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
+recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
 recovery_check_noCode.banner.error=Too many attempts.
 recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
 recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -210,7 +212,7 @@ recovery_questionnaire_no_recovery.instruction2=If you have several login factor
 recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
 recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
 recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
-recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
+recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
 recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
 recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
 recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_de.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Sprache wählen
 loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
 loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen.
-loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben.
+loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
 loainfo.helper=Ihre persönlichen Daten müssen überprüft werden!
 loainfo.later=Später
 loainfo.startNow=Möchten Sie den Prozess jetzt starten?
@@ -163,7 +163,8 @@ pwreset.info.linktext=Passwort vergessen
 pwreset.noticket=Ihr Link ist nicht mehr gültig. Bitte generieren Sie ein Neuen.
 recovery_accessapp_auth.accessAppRegistered=AGOV access app schon registriert
 recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um Sie zu identifizieren.
+recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um sich zu identifizieren.
+recovery_check_code.banner.lockedError=Zu viele Fehlversuche. Bitte versuchen Sie es in ein paar Minuten noch einmal.
 recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut.
 recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben
 recovery_check_code.instruction=Bitte geben Sie unten Ihren persönlichen 12-stelligen Wiederherstellungscode ein. Sie haben den Wiederherstellungscode in einer PDF-Datei bei der Registrierung oder in AGOV me erhalten.
@@ -173,9 +174,11 @@ recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang
 recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen
 recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen können?
 recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen können, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
-recovery_check_noCode.banner.error=Zu viele Versuche oder Ihr Wiederherstellungscode ist abgelaufen.
+recovery_check_code.too_many_tries.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
-recovery_check_noCode.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
+recovery_check_code.too_many_tries.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
-recovery_check_noCode.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
+recovery_check_noCode.banner.error=Zu viele Versuche.
+recovery_check_noCode.instruction1=Möglicherweise haben Sie zu oft versucht, den Wiederherstellungscode einzugeben.
+recovery_check_noCode.instruction2=Bitte schliessen Sie den Webbrowser und starten Sie die Kontowiederherstellung in zehn Minuten erneut auf <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
 recovery_code.banner.error=Bitte enth&uuml;llen Sie den Code, um fortfahren zu k&ouml;nnen.
 recovery_code.instruction=Der Wiederherstellungscode hilft Ihnen, Zugriff auf Ihr AGOV-Login zu erhalten, falls Sie alle Ihre Login-Faktoren verloren haben. Bitte bewahren Sie den Wiederherstellungscode an einem sicheren Ort auf.
 recovery_code.newRecoveryCode=Einf&uuml;hrung von Wiederherstellungscode
@@ -183,7 +186,7 @@ recovery_code.validUntil=G&uuml;ltig bis:
 recovery_fidokey_auth.button=Schl&uuml;sselauthentifizierung starten
 recovery_fidokey_auth.fidoInstruction=Klicken Sie auf "Schl&uuml;sselauthentifizierung starten"
 recovery_fidokey_auth.instruction1=Sie haben bereits einen neuen Sicherheitsschl&uuml;ssel !!!SECURITY_KEY_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um Sie zu identifizieren.
+recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um sich zu identifizieren.
 recovery_fidokey_auth.keyRegistered=Sicherheitsschl&uuml;ssel schon registriert
 recovery_intro_email.banner.error=Der von Ihnen verwendete Link ist abgelaufen. Bitte geben Sie Ihre E-Mail-Adresse ein, um einen neuen Link zu erhalten.
 recovery_intro_email.banner.info=Bitte geben Sie Ihre E-Mail-Adresse ein, damit wir Ihnen einen Link schicken k&ouml;nnen, mit dem Sie den Wiederherstellungsprozess starten.
@@ -209,7 +212,7 @@ recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren r
 recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschl&uuml;ssel habe
 recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschl&uuml;ssel)
 recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen
-recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht oder zur&uuml;ckgesetzt
+recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht, neu installiert oder zur&uuml;ckgesetzt
 recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschl&uuml;ssel verloren
 recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu &uuml;bertragen
 recovery_questionnaire_reason_selection.answer6=Ich habe die PIN f&uuml;r meine AGOV access App vergessen

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_en.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
 loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
-loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
+loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
 loainfo.startNow=Do you want to start the process now?
@@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=The code is too long
 recovery_check_code.noAccess=I do not have access to my code
 recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
 recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
+recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
+recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
 recovery_check_noCode.banner.error=Too many attempts.
 recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
 recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -210,7 +212,7 @@ recovery_questionnaire_no_recovery.instruction2=If you have several login factor
 recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
 recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
 recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
-recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
+recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
 recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
 recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
 recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_fr.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Sélectionner la langue
 loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours.
 loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante.
-loainfo.description.400=Pour accéder à l'application, vous devez ajouter votre numéro AVS.
+loainfo.description.400=Veuillez saisir votre numéro AVS pour accéder à l'application.
 loainfo.helper=Vos données doivent être vérifiées!
 loainfo.later=Plus tard
 loainfo.startNow=Voulez-vous commencer le processus maintenant?
@@ -164,6 +164,7 @@ pwreset.noticket=Votre lien n'est plus valide. Veuillez en gén&eacut
 recovery_accessapp_auth.accessAppRegistered=L'application AGOV access est déjà enregistrée
 recovery_accessapp_auth.instruction1=Vous avez déjà enregistré une nouvelle AGOV access app !!!ACCESS_APP_NAME!!! dans le cadre du processus de récupération.
 recovery_accessapp_auth.instruction2=Veuillez utiliser !!!ACCESS_APP_NAME!!! pour vous identifier.
+recovery_check_code.banner.lockedError=Trop de saisies erronées. Veuillez réessayer dans quelques minutes.
 recovery_check_code.codeIncorrect=Le code saisi est incorrect. Veuillez réessayer.
 recovery_check_code.enterRecoveryCode=Saisir le code de récupération
 recovery_check_code.instruction=Veuillez saisir votre code de récupération à douze chiffres. Lors de votre inscription, vous avez reçu le code de récupération sous la forme d’un fichier PDF ou dans AGOV me.
@@ -173,9 +174,11 @@ recovery_check_code.invalid.code.tooLong=Le code est trop long
 recovery_check_code.noAccess=Je n’ai pas accès à mon code de récupération
 recovery_check_code.noCodeAccess=Êtes-vous sûr de ne pas avoir accès à votre code de récupération ?
 recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de récupération, veuillez vous rendre sur AGOV help et contacter le service d’assistance AGOV. Un agent pourra vous aider dans le processus de récupération.
-recovery_check_noCode.banner.error=Trop de tentatives ou expiration de votre code de récupération.
+recovery_check_code.too_many_tries.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois.
-recovery_check_noCode.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois.
+recovery_check_code.too_many_tries.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération.
-recovery_check_noCode.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération.
+recovery_check_noCode.banner.error=Trop de tentatives.
+recovery_check_noCode.instruction1=Vous avez peut-être essayé de saisir le code de récupération trop de fois.
+recovery_check_noCode.instruction2=Veuillez fermer le navigateur web et recommencer la r&eacute;cup&eacute;ration du compte dans dix minutes &agrave; partir de <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
 recovery_code.banner.error=Veuillez indiquer votre nouveau code pour pouvoir continuer.
 recovery_code.instruction=Les codes de r&eacute;cup&eacute;ration vous permettent d'acc&eacute;der &agrave; votre compte au cas o&ugrave; vous auriez perdu tous vos identifiants. Conservez le code de r&eacute;cup&eacute;ration en lieu s&ucirc;r.
 recovery_code.newRecoveryCode=Introduction du code de r&eacute;cup&eacute;ration
@@ -209,7 +212,7 @@ recovery_questionnaire_no_recovery.instruction2=Si vous avez enregistr&eacute; p
 recovery_questionnaire_reason_selection.answer1=Je n'arrive pas &agrave; me connecter, m&ecirc;me si j'ai mon application / ma cl&eacute; de s&eacute;curit&eacute;
 recovery_questionnaire_reason_selection.answer10=J'ai perdu l'un de mes facteurs d'authentification (application AGOV access ou cl&eacute; de s&eacute;curit&eacute;)
 recovery_questionnaire_reason_selection.answer2=Je n'ai pas pu terminer mon inscription
-recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute; ou r&eacute;initialis&eacute; mon application AGOV access
+recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute;, r&eacute;install&eacute; ou r&eacute;initialis&eacute; mon application d'acc&egrave;s AGOV
 recovery_questionnaire_reason_selection.answer4=J'ai perdu mon t&eacute;l&eacute;phone / cl&eacute; de s&eacute;curit&eacute;
 recovery_questionnaire_reason_selection.answer5=J'ai un nouveau t&eacute;l&eacute;phone et j'ai oubli&eacute; de transf&eacute;rer mon application AGOV access
 recovery_questionnaire_reason_selection.answer6=J'ai oubli&eacute; mon PIN pour l'application AGOV access

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_it.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Selezionare la lingua
 loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi.
 loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata.
-loainfo.description.400=Per acceddere all'applicazione deve inserire il numero AVS.
+loainfo.description.400=Per accedere all'applicazione è necessario inserire il numero AVS.
 loainfo.helper=I dati devono essere verificati!
 loainfo.later=Più tardi
 loainfo.startNow=Iniziare la procedura?
@@ -164,6 +164,7 @@ pwreset.noticket=Il biglietto per la reimpostazione della password non è
 recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata
 recovery_accessapp_auth.instruction1=Ha già registrato una nuova app AGOV access !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
 recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
+recovery_check_code.banner.lockedError=Troppi tentativi di inserimento non validi. Riprovare tra qualche minuto.
 recovery_check_code.codeIncorrect=Il codice inserito non è corretto. Riprovare.
 recovery_check_code.enterRecoveryCode=Inserisca il codice di recupero
 recovery_check_code.instruction=Inserire qui sotto il codice di ripristino a 12 caratteri alfanumerici. Ha ricevuto questo codice in un file PDF al momento della registration o in AGOV me.
@@ -173,9 +174,11 @@ recovery_check_code.invalid.code.tooLong=Il codice è troppo lungo
 recovery_check_code.noAccess=Non ho il mio codice.
 recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino?
 recovery_check_code.noCodeAccessInstructions=Se non ha più il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assisterà nel processo di ripristino.
-recovery_check_noCode.banner.error=Troppi tentativi o codice di ripristino scaduto
+recovery_check_code.too_many_tries.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte.
-recovery_check_noCode.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte.
+recovery_check_code.too_many_tries.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
-recovery_check_noCode.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
+recovery_check_noCode.banner.error=Troppi tentativi.
+recovery_check_noCode.instruction1=Potresti aver tentato di inserire il codice di ripristino troppe volte.
+recovery_check_noCode.instruction2=Chiudi il browser web e inizia nuovamente il processo di ripristino dell'account tra dieci minuti da <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
 recovery_code.banner.error=Per procedere, inserire il nuovo codice.
 recovery_code.instruction=Il codice di ripristino le aiuta ad accedere al suo conto in caso in cui lei abbia perso le credentiali di accesso. Per favore, conservi il codice di ripristino in un luogo sicuro.
 recovery_code.newRecoveryCode=Introduzione del codice di ripristino
@@ -209,7 +212,7 @@ recovery_questionnaire_no_recovery.instruction2=Se ha registrato pi&ugrave; fatt
 recovery_questionnaire_reason_selection.answer1=Ho problemi ad accedere, anche se ho la mia app/chiave di sicurezza
 recovery_questionnaire_reason_selection.answer10=Ho perso uno dei miei fattori di accesso (app AGOV access o chiave di sicurezza)
 recovery_questionnaire_reason_selection.answer2=Non sono riuscito a completare la registrazione
-recovery_questionnaire_reason_selection.answer3=Ho eliminato o reimpostato la mia app AGOV access
+recovery_questionnaire_reason_selection.answer3=Ho eliminato, reinstallato o reimpostato la mia app AGOV access
 recovery_questionnaire_reason_selection.answer4=Ho perso il telefono/la chiave di sicurezza
 recovery_questionnaire_reason_selection.answer5=Ho un nuovo telefono e ho dimenticato di trasferire la mia app AGOV access
 recovery_questionnaire_reason_selection.answer6=Ho dimenticato il PIN dell'app AGOV access

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/mauth_link_qr.js

@@ -16,6 +16,12 @@
 
     let statusPolling;
 
+    let isPolling = false;
+    let pollingTimeout = null;
+
+    const POLLING_INTERVAL = 2000;
+    const REQUEST_TIMEOUT = 3000;
+
     function dispatchLink() {
 
         document.getElementById("mauth_started").style.display = "block"; // show
@@ -55,9 +61,7 @@
                     });
                     var sessionId = o.sessionId;
                     console.log("started polling for session ID: " + sessionId);
-                    statusPolling = window.setInterval(function () {
+                    poll(sessionId);
-                        poll(sessionId);
-                    }, 2000);
                 }
                 else {
                     console.log("authentication failed: " + o.dispatchResult);
@@ -70,21 +74,36 @@
     }
 
     function poll(sessionId) {
+        if (isPolling) {
+            return; // Exit if a polling request is already ongoing
+        }
 
-        const request = {};
+        isPolling = true;
-        request.fidoUafSessionId = sessionId;
 
-        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        const request = { fidoUafSessionId: sessionId };
-        fetch("", {
+
+        const fetchRequest = fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        }).then(res => {
+        });
-            res.json().then(o => {
+
+        // Set up the timeout for the fetch request
+        const timeoutPromise = new Promise((_, reject) => {
+            pollingTimeout = setTimeout(() => {
+                reject(new Error('Request timed out'));
+            }, REQUEST_TIMEOUT);
+        });
+
+        Promise.race([fetchRequest, timeoutPromise])
+            .then(res => res.json())
+            .then(o => {
+                clearTimeout(pollingTimeout);
                 var status = o.status;
                 console.log("status: " + status);
+
                 if (status == 'clientAuthenticating') {
                     // show process icon
                     document.getElementById("mauth_loading").style.display = 'block';
@@ -99,20 +118,24 @@
                     addInput(form, "continue", "true"); // required for custom dispatching in usernameless
                     document.body.appendChild(form);
                     form.submit();
-                }
+                } else if (status == 'failed' || status == 'unknown') {
-                else if (status == 'failed' || status == 'unknown') {
-
                     clearInterval(statusPolling);
                     console.error("authentication failed with status: " + status);
-
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     addInput(form, "fidoUafSessionId", sessionId);
                     document.body.appendChild(form);
                     form.submit();
                 }
+            })
+            .catch((err) => {
+                console.error("error:", err);
+            })
+            .finally(() => {
+                isPolling = false;
+                // Schedule the next poll if needed
+                setTimeout(() => poll(sessionId), POLLING_INTERVAL);
             });
-        }).catch((err) => console.error("error: ", err));
     }
 
     dispatchLink();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/mauth_onboard.js

@@ -16,6 +16,12 @@
 
     let statusPolling;
 
+    let isPolling = false;
+    let pollingTimeout = null;
+
+    const POLLING_INTERVAL = 2000;
+    const REQUEST_TIMEOUT = 3000;
+
     function renderEnrollment() {
 
         // link is provided by a hidden GuiElem
@@ -52,44 +58,53 @@
     }
 
     function poll() {
+        if (isPolling) {
+            return; // Exit if a polling request is already ongoing
+        }
+
+        isPolling = true;
 
         // state is held on backend side
         const request = {};
 
-        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        const fetchRequest = fetch("", {
-        fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        }).then(res => {
+        });
-            res.json().then(o => {
 
+        // Set up the timeout for the fetch request
+        const timeoutPromise = new Promise((_, reject) => {
+            pollingTimeout = setTimeout(() => {
+                reject(new Error('Request timed out'));
+            }, REQUEST_TIMEOUT);
+        });
+
+        Promise.race([fetchRequest, timeoutPromise])
+            .then(res => res.json())
+            .then(o => {
+                clearTimeout(pollingTimeout);
                 var status = o.status;
                 console.log("status: " + status);
 
                 if (status == 'clientRegistering') {
-
                     // show process icon
                     document.getElementById("mauth_loading").style.display = 'block';
 
                     // hide QR-code and information
                     document.getElementById("mauth_qrcode").style.display = 'none';
                     document.getElementById("mauth_qrcode_info").style.display = 'none';
-                }
+                } else if (status == 'succeeded') {
-                else if (status == 'succeeded') {
-
                     clearInterval(statusPolling);
-                    console.error("onboarding successful");
+                    console.log("onboarding successful");
 
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     document.body.appendChild(form);
                     form.submit();
-                }
+                } else if (status == 'failed' || status == 'unknown') {
-                else if (status == 'failed' || status == 'unknown') {
-
                     clearInterval(statusPolling);
                     console.error("onboarding failed with status: " + status);
 
@@ -98,8 +113,15 @@
                     document.body.appendChild(form);
                     form.submit();
                 }
+            })
+            .catch((err) => {
+                console.error("error:", err);
+            })
+            .finally(() => {
+                isPolling = false;
+                // Schedule the next poll if needed
+                setTimeout(() => poll(), POLLING_INTERVAL);
             });
-        }).catch((err) => console.error("error: ", err));
     }
 
     renderEnrollment();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/mauth_push_qr.js

@@ -16,6 +16,12 @@
 
     let statusPolling;
 
+    let isPolling = false;
+    let pollingTimeout = null;
+
+    const POLLING_INTERVAL = 2000;
+    const REQUEST_TIMEOUT = 3000;
+
     function dispatch(id) {
 
         document.getElementById("mauth_devices").style.display = "none"; // hide selection menu
@@ -70,9 +76,7 @@
                     });
                     var sessionId = o.sessionId;
                     console.log("started polling for session ID: " + sessionId);
-                    statusPolling = window.setInterval(function () {
+                    poll(sessionId);
-                        poll(sessionId);
-                    }, 2000);
                 }
                 else {
                     console.log("authentication failed: " + o.dispatchResult);
@@ -125,47 +129,64 @@
     }
 
     function poll(sessionId) {
+        if (isPolling) {
+            return; // Exit if a polling request is already ongoing
+        }
+        isPolling = true;
 
-        const request = {};
+        const request = { fidoUafSessionId: sessionId };
-        request.fidoUafSessionId = sessionId;
 
-        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        const fetchRequest = fetch("", {
-        fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        }).then(res => {
+        });
-            res.json().then(o => {
+
+        // Set up the timeout for the fetch request
+        const timeoutPromise = new Promise((_, reject) => {
+            pollingTimeout = setTimeout(() => {
+                reject(new Error('Request timed out'));
+            }, REQUEST_TIMEOUT);
+        });
+
+        Promise.race([fetchRequest, timeoutPromise])
+            .then(res => res.json())
+            .then(o => {
+                clearTimeout(pollingTimeout);
                 var status = o.status;
                 console.log("status: " + status);
+
                 if (status == 'clientAuthenticating') {
                     document.getElementById("mauth_qrcode").style.display = 'none';
                     document.getElementById("mauth_qrcode_info").style.display = 'none';
                     document.getElementById("mauth_match_numbers").style.display = 'block';
                     document.getElementById("mauth_loading").style.display = 'block';
                 }
+
                 if (status == 'succeeded') {
                     clearInterval(statusPolling);
-                    // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     document.body.appendChild(form);
                     form.submit();
-                }
+                } else if (status == 'failed' || status == 'unknown') {
-                else if (status == 'failed' || status == 'unknown') {
-
                     clearInterval(statusPolling);
                     console.error("authentication failed with status: " + status);
-
-                    // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     addInput(form, "fidoUafSessionId", sessionId);
                     document.body.appendChild(form);
                     form.submit();
                 }
+            })
+            .catch((err) => {
+                console.error("error:", err);
+            })
+            .finally(() => {
+                isPolling = false;
+                // Schedule the next poll if needed
+                setTimeout(() => poll(sessionId), POLLING_INTERVAL);
             });
-        }).catch((err) => console.error("error: ", err));
     }
 
     renderDeviceList();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/mauth_usernameless.js

@@ -16,6 +16,12 @@
 
     let statusPolling;
 
+    let isPolling = false;
+    let pollingTimeout = null;
+
+    const POLLING_INTERVAL = 2000;
+    const REQUEST_TIMEOUT = 3000;
+
     function dispatch() {
 
         console.log("initiating usernameless mobile authentication...");
@@ -58,9 +64,7 @@
                     });
                     var sessionId = o.sessionId;
                     console.log("started polling for session ID: " + sessionId);
-                    statusPolling = window.setInterval(function () {
+                    poll(sessionId);
-                        poll(sessionId);
-                    }, 2000);
                 }
                 else {
                     console.log("authentication failed: " + o.dispatchResult);
@@ -73,46 +77,66 @@
     }
 
     function poll(sessionId) {
+        if (isPolling) {
+            return; // Exit if a polling request is already ongoing
+        }
 
-        const request = {};
+        isPolling = true;
-        request.fidoUafSessionId = sessionId;
 
-        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        const request = { fidoUafSessionId: sessionId };
-        fetch("", {
+
+        const fetchRequest = fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        }).then(res => {
+        });
-            res.json().then(o => {
+
+        // Set up the timeout for the fetch request
+        const timeoutPromise = new Promise((_, reject) => {
+            pollingTimeout = setTimeout(() => {
+                reject(new Error('Request timed out'));
+            }, REQUEST_TIMEOUT);
+        });
+
+        Promise.race([fetchRequest, timeoutPromise])
+            .then(res => res.json())
+            .then(o => {
+                clearTimeout(pollingTimeout);
                 var status = o.status;
                 console.log("status: " + status);
+
                 if (status == 'clientAuthenticating') {
-                    document.getElementById("mauth_qrcode").style.display = 'none';
+                    // show process icon
                     document.getElementById("mauth_loading").style.display = 'block';
+                    document.getElementById("mauth_qrcode").style.display = 'none';
                 }
                 if (status == 'succeeded') {
                     clearInterval(statusPolling);
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
-                    addInput(form, "fidoUafDone", "true"); // checked by Groovy script
+                    addInput(form, "continue", "true"); // required for custom dispatching in usernameless
                     document.body.appendChild(form);
                     form.submit();
-                }
+                } else if (status == 'failed' || status == 'unknown') {
-                else if (status == 'failed' || status == 'unknown') {
-
                     clearInterval(statusPolling);
                     console.error("authentication failed with status: " + status);
-
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
-                    addInput(form, "fidoUafSessionId", sessionId); // checked by Groovy script
+                    addInput(form, "fidoUafSessionId", sessionId);
                     document.body.appendChild(form);
                     form.submit();
                 }
+            })
+            .catch((err) => {
+                console.error("error:", err);
+            })
+            .finally(() => {
+                isPolling = false;
+                // Schedule the next poll if needed
+                setTimeout(() => poll(sessionId), POLLING_INTERVAL);
             });
-        }).catch((err) => console.error("error: ", err));
     }
 
     dispatch();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
 loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
-loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
+loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
 loainfo.startNow=Do you want to start the process now?
@@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=The code is too long
 recovery_check_code.noAccess=I do not have access to my code
 recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
 recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
+recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
+recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
 recovery_check_noCode.banner.error=Too many attempts.
 recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
 recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -210,7 +212,7 @@ recovery_questionnaire_no_recovery.instruction2=If you have several login factor
 recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
 recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
 recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
-recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
+recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
 recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
 recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
 recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_de.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Sprache wählen
 loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
 loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen.
-loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben.
+loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
 loainfo.helper=Ihre persönlichen Daten müssen überprüft werden!
 loainfo.later=Später
 loainfo.startNow=Möchten Sie den Prozess jetzt starten?
@@ -163,7 +163,8 @@ pwreset.info.linktext=Passwort vergessen
 pwreset.noticket=Ihr Link ist nicht mehr gültig. Bitte generieren Sie ein Neuen.
 recovery_accessapp_auth.accessAppRegistered=AGOV access app schon registriert
 recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um Sie zu identifizieren.
+recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um sich zu identifizieren.
+recovery_check_code.banner.lockedError=Zu viele Fehlversuche. Bitte versuchen Sie es in ein paar Minuten noch einmal.
 recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut.
 recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben
 recovery_check_code.instruction=Bitte geben Sie unten Ihren persönlichen 12-stelligen Wiederherstellungscode ein. Sie haben den Wiederherstellungscode in einer PDF-Datei bei der Registrierung oder in AGOV me erhalten.
@@ -173,9 +174,11 @@ recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang
 recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen
 recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen können?
 recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen können, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
-recovery_check_noCode.banner.error=Zu viele Versuche oder Ihr Wiederherstellungscode ist abgelaufen.
+recovery_check_code.too_many_tries.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
-recovery_check_noCode.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
+recovery_check_code.too_many_tries.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
-recovery_check_noCode.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
+recovery_check_noCode.banner.error=Zu viele Versuche.
+recovery_check_noCode.instruction1=Möglicherweise haben Sie zu oft versucht, den Wiederherstellungscode einzugeben.
+recovery_check_noCode.instruction2=Bitte schliessen Sie den Webbrowser und starten Sie die Kontowiederherstellung in zehn Minuten erneut auf <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
 recovery_code.banner.error=Bitte enth&uuml;llen Sie den Code, um fortfahren zu k&ouml;nnen.
 recovery_code.instruction=Der Wiederherstellungscode hilft Ihnen, Zugriff auf Ihr AGOV-Login zu erhalten, falls Sie alle Ihre Login-Faktoren verloren haben. Bitte bewahren Sie den Wiederherstellungscode an einem sicheren Ort auf.
 recovery_code.newRecoveryCode=Einf&uuml;hrung von Wiederherstellungscode
@@ -183,7 +186,7 @@ recovery_code.validUntil=G&uuml;ltig bis:
 recovery_fidokey_auth.button=Schl&uuml;sselauthentifizierung starten
 recovery_fidokey_auth.fidoInstruction=Klicken Sie auf "Schl&uuml;sselauthentifizierung starten"
 recovery_fidokey_auth.instruction1=Sie haben bereits einen neuen Sicherheitsschl&uuml;ssel !!!SECURITY_KEY_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um Sie zu identifizieren.
+recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um sich zu identifizieren.
 recovery_fidokey_auth.keyRegistered=Sicherheitsschl&uuml;ssel schon registriert
 recovery_intro_email.banner.error=Der von Ihnen verwendete Link ist abgelaufen. Bitte geben Sie Ihre E-Mail-Adresse ein, um einen neuen Link zu erhalten.
 recovery_intro_email.banner.info=Bitte geben Sie Ihre E-Mail-Adresse ein, damit wir Ihnen einen Link schicken k&ouml;nnen, mit dem Sie den Wiederherstellungsprozess starten.
@@ -209,7 +212,7 @@ recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren r
 recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschl&uuml;ssel habe
 recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschl&uuml;ssel)
 recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen
-recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht oder zur&uuml;ckgesetzt
+recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht, neu installiert oder zur&uuml;ckgesetzt
 recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschl&uuml;ssel verloren
 recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu &uuml;bertragen
 recovery_questionnaire_reason_selection.answer6=Ich habe die PIN f&uuml;r meine AGOV access App vergessen

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_en.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
 loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
-loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
+loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
 loainfo.startNow=Do you want to start the process now?
@@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=The code is too long
 recovery_check_code.noAccess=I do not have access to my code
 recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
 recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
+recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
+recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
 recovery_check_noCode.banner.error=Too many attempts.
 recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
 recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
@@ -210,7 +212,7 @@ recovery_questionnaire_no_recovery.instruction2=If you have several login factor
 recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
 recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
 recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
-recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
+recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
 recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
 recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
 recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_fr.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Sélectionner la langue
 loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours.
 loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante.
-loainfo.description.400=Pour accéder à l'application, vous devez ajouter votre numéro AVS.
+loainfo.description.400=Veuillez saisir votre numéro AVS pour accéder à l'application.
 loainfo.helper=Vos données doivent être vérifiées!
 loainfo.later=Plus tard
 loainfo.startNow=Voulez-vous commencer le processus maintenant?
@@ -164,6 +164,7 @@ pwreset.noticket=Votre lien n'est plus valide. Veuillez en gén&eacut
 recovery_accessapp_auth.accessAppRegistered=L'application AGOV access est déjà enregistrée
 recovery_accessapp_auth.instruction1=Vous avez déjà enregistré une nouvelle AGOV access app !!!ACCESS_APP_NAME!!! dans le cadre du processus de récupération.
 recovery_accessapp_auth.instruction2=Veuillez utiliser !!!ACCESS_APP_NAME!!! pour vous identifier.
+recovery_check_code.banner.lockedError=Trop de saisies erronées. Veuillez réessayer dans quelques minutes.
 recovery_check_code.codeIncorrect=Le code saisi est incorrect. Veuillez réessayer.
 recovery_check_code.enterRecoveryCode=Saisir le code de récupération
 recovery_check_code.instruction=Veuillez saisir votre code de récupération à douze chiffres. Lors de votre inscription, vous avez reçu le code de récupération sous la forme d’un fichier PDF ou dans AGOV me.
@@ -173,9 +174,11 @@ recovery_check_code.invalid.code.tooLong=Le code est trop long
 recovery_check_code.noAccess=Je n’ai pas accès à mon code de récupération
 recovery_check_code.noCodeAccess=Êtes-vous sûr de ne pas avoir accès à votre code de récupération ?
 recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de récupération, veuillez vous rendre sur AGOV help et contacter le service d’assistance AGOV. Un agent pourra vous aider dans le processus de récupération.
-recovery_check_noCode.banner.error=Trop de tentatives ou expiration de votre code de récupération.
+recovery_check_code.too_many_tries.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois.
-recovery_check_noCode.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois.
+recovery_check_code.too_many_tries.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération.
-recovery_check_noCode.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération.
+recovery_check_noCode.banner.error=Trop de tentatives.
+recovery_check_noCode.instruction1=Vous avez peut-être essayé de saisir le code de récupération trop de fois.
+recovery_check_noCode.instruction2=Veuillez fermer le navigateur web et recommencer la r&eacute;cup&eacute;ration du compte dans dix minutes &agrave; partir de <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
 recovery_code.banner.error=Veuillez indiquer votre nouveau code pour pouvoir continuer.
 recovery_code.instruction=Les codes de r&eacute;cup&eacute;ration vous permettent d'acc&eacute;der &agrave; votre compte au cas o&ugrave; vous auriez perdu tous vos identifiants. Conservez le code de r&eacute;cup&eacute;ration en lieu s&ucirc;r.
 recovery_code.newRecoveryCode=Introduction du code de r&eacute;cup&eacute;ration
@@ -209,7 +212,7 @@ recovery_questionnaire_no_recovery.instruction2=Si vous avez enregistr&eacute; p
 recovery_questionnaire_reason_selection.answer1=Je n'arrive pas &agrave; me connecter, m&ecirc;me si j'ai mon application / ma cl&eacute; de s&eacute;curit&eacute;
 recovery_questionnaire_reason_selection.answer10=J'ai perdu l'un de mes facteurs d'authentification (application AGOV access ou cl&eacute; de s&eacute;curit&eacute;)
 recovery_questionnaire_reason_selection.answer2=Je n'ai pas pu terminer mon inscription
-recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute; ou r&eacute;initialis&eacute; mon application AGOV access
+recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute;, r&eacute;install&eacute; ou r&eacute;initialis&eacute; mon application d'acc&egrave;s AGOV
 recovery_questionnaire_reason_selection.answer4=J'ai perdu mon t&eacute;l&eacute;phone / cl&eacute; de s&eacute;curit&eacute;
 recovery_questionnaire_reason_selection.answer5=J'ai un nouveau t&eacute;l&eacute;phone et j'ai oubli&eacute; de transf&eacute;rer mon application AGOV access
 recovery_questionnaire_reason_selection.answer6=J'ai oubli&eacute; mon PIN pour l'application AGOV access

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_it.properties

@@ -87,7 +87,7 @@ language.it=Italiano
 languageDropdown.aria.label=Selezionare la lingua
 loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi.
 loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata.
-loainfo.description.400=Per acceddere all'applicazione deve inserire il numero AVS.
+loainfo.description.400=Per accedere all'applicazione è necessario inserire il numero AVS.
 loainfo.helper=I dati devono essere verificati!
 loainfo.later=Più tardi
 loainfo.startNow=Iniziare la procedura?
@@ -164,6 +164,7 @@ pwreset.noticket=Il biglietto per la reimpostazione della password non è
 recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata
 recovery_accessapp_auth.instruction1=Ha già registrato una nuova app AGOV access !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
 recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
+recovery_check_code.banner.lockedError=Troppi tentativi di inserimento non validi. Riprovare tra qualche minuto.
 recovery_check_code.codeIncorrect=Il codice inserito non è corretto. Riprovare.
 recovery_check_code.enterRecoveryCode=Inserisca il codice di recupero
 recovery_check_code.instruction=Inserire qui sotto il codice di ripristino a 12 caratteri alfanumerici. Ha ricevuto questo codice in un file PDF al momento della registration o in AGOV me.
@@ -173,9 +174,11 @@ recovery_check_code.invalid.code.tooLong=Il codice è troppo lungo
 recovery_check_code.noAccess=Non ho il mio codice.
 recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino?
 recovery_check_code.noCodeAccessInstructions=Se non ha più il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assisterà nel processo di ripristino.
-recovery_check_noCode.banner.error=Troppi tentativi o codice di ripristino scaduto
+recovery_check_code.too_many_tries.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte.
-recovery_check_noCode.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte.
+recovery_check_code.too_many_tries.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
-recovery_check_noCode.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
+recovery_check_noCode.banner.error=Troppi tentativi.
+recovery_check_noCode.instruction1=Potresti aver tentato di inserire il codice di ripristino troppe volte.
+recovery_check_noCode.instruction2=Chiudi il browser web e inizia nuovamente il processo di ripristino dell'account tra dieci minuti da <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
 recovery_code.banner.error=Per procedere, inserire il nuovo codice.
 recovery_code.instruction=Il codice di ripristino le aiuta ad accedere al suo conto in caso in cui lei abbia perso le credentiali di accesso. Per favore, conservi il codice di ripristino in un luogo sicuro.
 recovery_code.newRecoveryCode=Introduzione del codice di ripristino
@@ -209,7 +212,7 @@ recovery_questionnaire_no_recovery.instruction2=Se ha registrato pi&ugrave; fatt
 recovery_questionnaire_reason_selection.answer1=Ho problemi ad accedere, anche se ho la mia app/chiave di sicurezza
 recovery_questionnaire_reason_selection.answer10=Ho perso uno dei miei fattori di accesso (app AGOV access o chiave di sicurezza)
 recovery_questionnaire_reason_selection.answer2=Non sono riuscito a completare la registrazione
-recovery_questionnaire_reason_selection.answer3=Ho eliminato o reimpostato la mia app AGOV access
+recovery_questionnaire_reason_selection.answer3=Ho eliminato, reinstallato o reimpostato la mia app AGOV access
 recovery_questionnaire_reason_selection.answer4=Ho perso il telefono/la chiave di sicurezza
 recovery_questionnaire_reason_selection.answer5=Ho un nuovo telefono e ho dimenticato di trasferire la mia app AGOV access
 recovery_questionnaire_reason_selection.answer6=Ho dimenticato il PIN dell'app AGOV access

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/mauth_link_qr.js

@@ -16,6 +16,12 @@
 
     let statusPolling;
 
+    let isPolling = false;
+    let pollingTimeout = null;
+
+    const POLLING_INTERVAL = 2000;
+    const REQUEST_TIMEOUT = 3000;
+
     function dispatchLink() {
 
         document.getElementById("mauth_started").style.display = "block"; // show
@@ -55,9 +61,7 @@
                     });
                     var sessionId = o.sessionId;
                     console.log("started polling for session ID: " + sessionId);
-                    statusPolling = window.setInterval(function () {
+                    poll(sessionId);
-                        poll(sessionId);
-                    }, 2000);
                 }
                 else {
                     console.log("authentication failed: " + o.dispatchResult);
@@ -70,21 +74,36 @@
     }
 
     function poll(sessionId) {
+        if (isPolling) {
+            return; // Exit if a polling request is already ongoing
+        }
 
-        const request = {};
+        isPolling = true;
-        request.fidoUafSessionId = sessionId;
 
-        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        const request = { fidoUafSessionId: sessionId };
-        fetch("", {
+
+        const fetchRequest = fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        }).then(res => {
+        });
-            res.json().then(o => {
+
+        // Set up the timeout for the fetch request
+        const timeoutPromise = new Promise((_, reject) => {
+            pollingTimeout = setTimeout(() => {
+                reject(new Error('Request timed out'));
+            }, REQUEST_TIMEOUT);
+        });
+
+        Promise.race([fetchRequest, timeoutPromise])
+            .then(res => res.json())
+            .then(o => {
+                clearTimeout(pollingTimeout);
                 var status = o.status;
                 console.log("status: " + status);
+
                 if (status == 'clientAuthenticating') {
                     // show process icon
                     document.getElementById("mauth_loading").style.display = 'block';
@@ -99,20 +118,24 @@
                     addInput(form, "continue", "true"); // required for custom dispatching in usernameless
                     document.body.appendChild(form);
                     form.submit();
-                }
+                } else if (status == 'failed' || status == 'unknown') {
-                else if (status == 'failed' || status == 'unknown') {
-
                     clearInterval(statusPolling);
                     console.error("authentication failed with status: " + status);
-
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     addInput(form, "fidoUafSessionId", sessionId);
                     document.body.appendChild(form);
                     form.submit();
                 }
+            })
+            .catch((err) => {
+                console.error("error:", err);
+            })
+            .finally(() => {
+                isPolling = false;
+                // Schedule the next poll if needed
+                setTimeout(() => poll(sessionId), POLLING_INTERVAL);
             });
-        }).catch((err) => console.error("error: ", err));
     }
 
     dispatchLink();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/mauth_onboard.js

@@ -16,6 +16,12 @@
 
     let statusPolling;
 
+    let isPolling = false;
+    let pollingTimeout = null;
+
+    const POLLING_INTERVAL = 2000;
+    const REQUEST_TIMEOUT = 3000;
+
     function renderEnrollment() {
 
         // link is provided by a hidden GuiElem
@@ -52,44 +58,53 @@
     }
 
     function poll() {
+        if (isPolling) {
+            return; // Exit if a polling request is already ongoing
+        }
+
+        isPolling = true;
 
         // state is held on backend side
         const request = {};
 
-        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        const fetchRequest = fetch("", {
-        fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        }).then(res => {
+        });
-            res.json().then(o => {
 
+        // Set up the timeout for the fetch request
+        const timeoutPromise = new Promise((_, reject) => {
+            pollingTimeout = setTimeout(() => {
+                reject(new Error('Request timed out'));
+            }, REQUEST_TIMEOUT);
+        });
+
+        Promise.race([fetchRequest, timeoutPromise])
+            .then(res => res.json())
+            .then(o => {
+                clearTimeout(pollingTimeout);
                 var status = o.status;
                 console.log("status: " + status);
 
                 if (status == 'clientRegistering') {
-
                     // show process icon
                     document.getElementById("mauth_loading").style.display = 'block';
 
                     // hide QR-code and information
                     document.getElementById("mauth_qrcode").style.display = 'none';
                     document.getElementById("mauth_qrcode_info").style.display = 'none';
-                }
+                } else if (status == 'succeeded') {
-                else if (status == 'succeeded') {
-
                     clearInterval(statusPolling);
-                    console.error("onboarding successful");
+                    console.log("onboarding successful");
 
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     document.body.appendChild(form);
                     form.submit();
-                }
+                } else if (status == 'failed' || status == 'unknown') {
-                else if (status == 'failed' || status == 'unknown') {
-
                     clearInterval(statusPolling);
                     console.error("onboarding failed with status: " + status);
 
@@ -98,8 +113,15 @@
                     document.body.appendChild(form);
                     form.submit();
                 }
+            })
+            .catch((err) => {
+                console.error("error:", err);
+            })
+            .finally(() => {
+                isPolling = false;
+                // Schedule the next poll if needed
+                setTimeout(() => poll(), POLLING_INTERVAL);
             });
-        }).catch((err) => console.error("error: ", err));
     }
 
     renderEnrollment();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/mauth_push_qr.js

@@ -16,6 +16,12 @@
 
     let statusPolling;
 
+    let isPolling = false;
+    let pollingTimeout = null;
+
+    const POLLING_INTERVAL = 2000;
+    const REQUEST_TIMEOUT = 3000;
+
     function dispatch(id) {
 
         document.getElementById("mauth_devices").style.display = "none"; // hide selection menu
@@ -70,9 +76,7 @@
                     });
                     var sessionId = o.sessionId;
                     console.log("started polling for session ID: " + sessionId);
-                    statusPolling = window.setInterval(function () {
+                    poll(sessionId);
-                        poll(sessionId);
-                    }, 2000);
                 }
                 else {
                     console.log("authentication failed: " + o.dispatchResult);
@@ -125,47 +129,64 @@
     }
 
     function poll(sessionId) {
+        if (isPolling) {
+            return; // Exit if a polling request is already ongoing
+        }
+        isPolling = true;
 
-        const request = {};
+        const request = { fidoUafSessionId: sessionId };
-        request.fidoUafSessionId = sessionId;
 
-        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        const fetchRequest = fetch("", {
-        fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        }).then(res => {
+        });
-            res.json().then(o => {
+
+        // Set up the timeout for the fetch request
+        const timeoutPromise = new Promise((_, reject) => {
+            pollingTimeout = setTimeout(() => {
+                reject(new Error('Request timed out'));
+            }, REQUEST_TIMEOUT);
+        });
+
+        Promise.race([fetchRequest, timeoutPromise])
+            .then(res => res.json())
+            .then(o => {
+                clearTimeout(pollingTimeout);
                 var status = o.status;
                 console.log("status: " + status);
+
                 if (status == 'clientAuthenticating') {
                     document.getElementById("mauth_qrcode").style.display = 'none';
                     document.getElementById("mauth_qrcode_info").style.display = 'none';
                     document.getElementById("mauth_match_numbers").style.display = 'block';
                     document.getElementById("mauth_loading").style.display = 'block';
                 }
+
                 if (status == 'succeeded') {
                     clearInterval(statusPolling);
-                    // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     document.body.appendChild(form);
                     form.submit();
-                }
+                } else if (status == 'failed' || status == 'unknown') {
-                else if (status == 'failed' || status == 'unknown') {
-
                     clearInterval(statusPolling);
                     console.error("authentication failed with status: " + status);
-
-                    // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
                     addInput(form, "fidoUafSessionId", sessionId);
                     document.body.appendChild(form);
                     form.submit();
                 }
+            })
+            .catch((err) => {
+                console.error("error:", err);
+            })
+            .finally(() => {
+                isPolling = false;
+                // Schedule the next poll if needed
+                setTimeout(() => poll(sessionId), POLLING_INTERVAL);
             });
-        }).catch((err) => console.error("error: ", err));
     }
 
     renderDeviceList();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/mauth_usernameless.js

@@ -16,6 +16,12 @@
 
     let statusPolling;
 
+    let isPolling = false;
+    let pollingTimeout = null;
+
+    const POLLING_INTERVAL = 2000;
+    const REQUEST_TIMEOUT = 3000;
+
     function dispatch() {
 
         console.log("initiating usernameless mobile authentication...");
@@ -58,9 +64,7 @@
                     });
                     var sessionId = o.sessionId;
                     console.log("started polling for session ID: " + sessionId);
-                    statusPolling = window.setInterval(function () {
+                    poll(sessionId);
-                        poll(sessionId);
-                    }, 2000);
                 }
                 else {
                     console.log("authentication failed: " + o.dispatchResult);
@@ -73,46 +77,66 @@
     }
 
     function poll(sessionId) {
+        if (isPolling) {
+            return; // Exit if a polling request is already ongoing
+        }
 
-        const request = {};
+        isPolling = true;
-        request.fidoUafSessionId = sessionId;
 
-        // calling nevisFIDO through nevisAuth on current URL using AJAX
+        const request = { fidoUafSessionId: sessionId };
-        fetch("", {
+
+        const fetchRequest = fetch("", {
             method: "POST",
             headers: {
                 'Content-Type': 'application/json'
             },
             body: JSON.stringify(request)
-        }).then(res => {
+        });
-            res.json().then(o => {
+
+        // Set up the timeout for the fetch request
+        const timeoutPromise = new Promise((_, reject) => {
+            pollingTimeout = setTimeout(() => {
+                reject(new Error('Request timed out'));
+            }, REQUEST_TIMEOUT);
+        });
+
+        Promise.race([fetchRequest, timeoutPromise])
+            .then(res => res.json())
+            .then(o => {
+                clearTimeout(pollingTimeout);
                 var status = o.status;
                 console.log("status: " + status);
+
                 if (status == 'clientAuthenticating') {
-                    document.getElementById("mauth_qrcode").style.display = 'none';
+                    // show process icon
                     document.getElementById("mauth_loading").style.display = 'block';
+                    document.getElementById("mauth_qrcode").style.display = 'none';
                 }
                 if (status == 'succeeded') {
                     clearInterval(statusPolling);
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
-                    addInput(form, "fidoUafDone", "true"); // checked by Groovy script
+                    addInput(form, "continue", "true"); // required for custom dispatching in usernameless
                     document.body.appendChild(form);
                     form.submit();
-                }
+                } else if (status == 'failed' || status == 'unknown') {
-                else if (status == 'failed' || status == 'unknown') {
-
                     clearInterval(statusPolling);
                     console.error("authentication failed with status: " + status);
-
                     // as this is the last call we have to do a top-level request instead of AJAX
                     const form = createForm();
-                    addInput(form, "fidoUafSessionId", sessionId); // checked by Groovy script
+                    addInput(form, "fidoUafSessionId", sessionId);
                     document.body.appendChild(form);
                     form.submit();
                 }
+            })
+            .catch((err) => {
+                console.error("error:", err);
+            })
+            .finally(() => {
+                isPolling = false;
+                // Schedule the next poll if needed
+                setTimeout(() => poll(sessionId), POLLING_INTERVAL);
             });
-        }).catch((err) => console.error("error: ", err));
     }
 
     dispatch();

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/js-code/ask_mobile.js

@@ -1,6 +1,6 @@
 class ProvidePhoneNumber {
 	modal;
-	laterModal;
+	declineModal;
 	providePhoneNumberLaterButton;
 	phoneNumberInput;
 	agovInputPhoneNumberInput;
@@ -9,24 +9,20 @@ class ProvidePhoneNumber {
 
 	constructor() {
 		this.modal = document.querySelector('#modal');
-		this.laterModal = document.querySelector('#laterModal');
+		this.declineModal = document.querySelector('#declineModal');
 		this.providePhoneNumberLaterButton = document.querySelector('#providePhoneNumberLaterButton');
 		this.phoneNumberInput = document.querySelector('#phoneNumberInput');
 		this.agovInputPhoneNumberInput = document.querySelector('#agovInputPhoneNumberInput');
 		this.agovInputRepeatPhoneNumberInput = document.querySelector('#agovInputRepeatPhoneNumberInput');
 		this.repeatPhoneNumberInput = document.querySelector('#repeatPhoneNumberInput');
 
-		document.querySelector('#laterCheckbox').checked = true;
 		this.initializePhoneInput(this.phoneNumberInput);
 		this.addPhoneInputEventHandlers(this.phoneNumberInput);
 		this.addPhoneInputEventHandlers(this.repeatPhoneNumberInput);
 
-		this.providePhoneNumberLaterButton.addEventListener('click', () => {
+		document.querySelector('#declineModalBack').addEventListener('click', () => {
-			this.setVisible(this.laterModal);
-		});
-		document.querySelector('#laterModalBack').addEventListener('click', () => {
 			this.resetValidation(this.agovInputPhoneNumberInput);
-			this.setInvisible(this.laterModal);
+			this.setInvisible(this.declineModal);
 		});
 		document.querySelector('#repeatPhoneNumberModalBack').addEventListener('click', () => {
 			this.initializePhoneInput(this.phoneNumberInput);
@@ -39,6 +35,7 @@ class ProvidePhoneNumber {
 			}
 		});
 		document.querySelector('#providePhoneNumberContinueButton').addEventListener('click', () => {
+			const dialCode = `+${window.phoneNumberUtils.getDialCode()}`;
 			if (this.validateInput(this.agovInputPhoneNumberInput)) {
 				this.repeatPhoneNumberInput.value = '';
 				this.initializePhoneInput(this.repeatPhoneNumberInput);
@@ -46,6 +43,10 @@ class ProvidePhoneNumber {
 				this.showErrorBanner(false);
 				this.setVisible(this.modal);
 			}
+			else if (this.phoneNumberInput.value.trim() === '' ||
+				this.phoneNumberInput.value.trim() === dialCode) {
+				this.setVisible(this.declineModal);
+			}
 		});
 	}
 
@@ -118,7 +119,12 @@ class ProvidePhoneNumber {
 	evaluatePhoneNumbersAndSubmit() {
 		if (this.arePhoneNumbersEqual()) {
 			document.querySelector('#mobile').value = this.repeatPhoneNumberInput.value.trim().replaceAll(' ', '');
-			document.querySelector('#submit').click();
+			// Some other 'click' listeners from gsap (used in drawer.js) seem to interfere with the trigger click on
+			// submitPhoneNumber button. It happens only on mobile devices, where the drawer is used. setTimeout seems to help
+			// to avoid the issue (although it is just a workaround).
+			setTimeout(() => {
+				document.querySelector('#submitPhoneNumber').click();
+			}, 100);
 		}
 		else {
 			this.setInvisible(this.modal);

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/js-code/eid_verification.js

@@ -0,0 +1,4 @@
+document.addEventListener('DOMContentLoaded', function() {
+	document.dispatchEvent(new Event('initEidVerification'));
+	document.dispatchEvent(new Event('initCantonalBranding'));
+});